azurerm_nginx_deployment: Update code and docs to allow System Assign…

…ed Identity (#24382) - NGINXaaS for Azure supports system managed identity. - Added a test to exercise system MI.
hashicorp · Jan 4, 2024 · ef05a00 · ef05a00
1 parent dafac44
commit ef05a00
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 9 deletions.
diff --git a/internal/services/nginx/nginx_deployment_resource.go b/internal/services/nginx/nginx_deployment_resource.go
@@ -83,8 +83,7 @@ func (m DeploymentResource) Arguments() map[string]*pluginsdk.Schema {
 				}, false),
 		},
 
-		// only UserIdentity supported, but api defined as SystemAndUserAssigned
-		// issue link: https://github.com/Azure/azure-rest-api-specs/issues/20914
+		// only one type of identity is supported.
 		"identity": commonschema.SystemAssignedUserAssignedIdentityOptional(),
 
 		"managed_resource_group": {
@@ -313,7 +312,7 @@ func (m DeploymentResource) Create() sdk.ResourceFunc {
 
 			req.Identity, err = identity.ExpandSystemAndUserAssignedMapFromModel(model.Identity)
 			if err != nil {
-				return fmt.Errorf("expanding user identities: %+v", err)
+				return fmt.Errorf("expanding identities: %+v", err)
 			}
 
 			err = client.DeploymentsCreateOrUpdateThenPoll(ctx, id, req)
@@ -451,7 +450,7 @@ func (m DeploymentResource) Update() sdk.ResourceFunc {
 
 			if meta.ResourceData.HasChange("identity") {
 				if req.Identity, err = identity.ExpandSystemAndUserAssignedMapFromModel(model.Identity); err != nil {
-					return fmt.Errorf("expanding user identities: %+v", err)
+					return fmt.Errorf("expanding identities: %+v", err)
 				}
 			}
 

diff --git a/internal/services/nginx/nginx_deployment_resource_test.go b/internal/services/nginx/nginx_deployment_resource_test.go
@@ -68,12 +68,26 @@ func TestAccNginxDeployment_update(t *testing.T) {
 	})
 }
 
-func TestAccNginxDeployment_identity(t *testing.T) {
+func TestAccNginxDeployment_systemAssignedIdentity(t *testing.T) {
 	data := acceptance.BuildTestData(t, nginx.DeploymentResource{}.ResourceType(), "test")
 	r := DeploymentResource{}
 	data.ResourceTest(t, r, []acceptance.TestStep{
 		{
-			Config: r.identityUser(data),
+			Config: r.systemAssignedIdentity(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
+func TestAccNginxDeployment_userAssignedIdentity(t *testing.T) {
+	data := acceptance.BuildTestData(t, nginx.DeploymentResource{}.ResourceType(), "test")
+	r := DeploymentResource{}
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.userAssignedIdentity(data),
 			Check: acceptance.ComposeTestCheckFunc(
 				check.That(data.ResourceName).ExistsInAzure(r),
 			),
@@ -148,7 +162,38 @@ resource "azurerm_nginx_deployment" "test" {
 `, a.template(data), data.RandomInteger)
 }
 
-func (a DeploymentResource) identityUser(data acceptance.TestData) string {
+func (a DeploymentResource) systemAssignedIdentity(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+
+
+%s
+
+resource "azurerm_nginx_deployment" "test" {
+  name                = "acctest-%[2]d"
+  resource_group_name = azurerm_resource_group.test.name
+  sku                 = "standard_Monthly"
+  location            = azurerm_resource_group.test.location
+
+  identity {
+    type = "SystemAssigned"
+  }
+
+  frontend_public {
+    ip_address = [azurerm_public_ip.test.id]
+  }
+
+  network_interface {
+    subnet_id = azurerm_subnet.test.id
+  }
+
+  capacity = 10
+
+  email = "[email protected]"
+}
+`, a.template(data), data.RandomInteger)
+}
+
+func (a DeploymentResource) userAssignedIdentity(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 
 

diff --git a/website/docs/r/nginx_deployment.html.markdown b/website/docs/r/nginx_deployment.html.markdown
@@ -115,9 +115,11 @@ The following arguments are supported:
 
 A `identity` block supports the following:
 
-* `type` - (Required) Specifies the identity type of the Nginx Deployment. Possible values is `UserAssigned` where you can specify the Service Principal IDs in the `identity_ids` field.
+* `type` - (Required) Specifies the identity type of the Nginx Deployment. Possible values are `UserAssigned`, `SystemAssigned`.
 
-* `identity_ids` - (Optional) Specifies a list of user managed identity ids to be assigned. Required if `type` is `UserAssigned`.
+* `identity_ids` - (Optional) Specifies a list of user managed identity ids to be assigned.
+
+~> **NOTE:** This is required when `type` is set to `UserAssigned`.
 
 ---