diff --git a/azurerm/data_source_data_lake_store.go b/azurerm/data_source_data_lake_store.go index e3578b50c967..4c49094ca2a9 100644 --- a/azurerm/data_source_data_lake_store.go +++ b/azurerm/data_source_data_lake_store.go @@ -27,6 +27,26 @@ func dataSourceArmDataLakeStoreAccount() *schema.Resource { Computed: true, }, + "encryption_state": { + Type: schema.TypeString, + Computed: true, + }, + + "encryption_type": { + Type: schema.TypeString, + Computed: true, + }, + + "firewall_state": { + Type: schema.TypeString, + Computed: true, + }, + + "firewall_allow_azure_ips": { + Type: schema.TypeString, + Computed: true, + }, + "tags": tagsForDataSourceSchema(), }, } @@ -42,7 +62,7 @@ func dataSourceArmDateLakeStoreAccountRead(d *schema.ResourceData, meta interfac resp, err := client.Get(ctx, resourceGroup, name) if err != nil { if utils.ResponseWasNotFound(resp.Response) { - log.Printf("[WARN] DataLakeStoreAccount '%s' was not found (resource group '%s')", name, resourceGroup) + log.Printf("[WARN] DataLakeStoreAccount %q was not found (Resource Group %q)", name, resourceGroup) d.SetId("") return nil } @@ -59,6 +79,14 @@ func dataSourceArmDateLakeStoreAccountRead(d *schema.ResourceData, meta interfac if properties := resp.DataLakeStoreAccountProperties; properties != nil { d.Set("tier", string(properties.CurrentTier)) + + d.Set("encryption_state", string(properties.EncryptionState)) + d.Set("firewall_allow_azure_ips", string(properties.FirewallAllowAzureIps)) + d.Set("firewall_state", string(properties.FirewallState)) + + if config := properties.EncryptionConfig; config != nil { + d.Set("encryption_type", string(config.Type)) + } } flattenAndSetTags(d, resp.Tags) diff --git a/azurerm/resource_arm_data_lake_store.go b/azurerm/resource_arm_data_lake_store.go index 4c413672f763..c07a21664773 100644 --- a/azurerm/resource_arm_data_lake_store.go +++ b/azurerm/resource_arm_data_lake_store.go @@ -5,13 +5,12 @@ import ( "log" "github.com/Azure/azure-sdk-for-go/services/datalake/store/mgmt/2016-11-01/account" - + "github.com/hashicorp/terraform/helper/schema" + "github.com/hashicorp/terraform/helper/validation" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/response" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/suppress" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" - - "github.com/hashicorp/terraform/helper/schema" - "github.com/hashicorp/terraform/helper/validation" ) func resourceArmDataLakeStore() *schema.Resource { @@ -20,6 +19,7 @@ func resourceArmDataLakeStore() *schema.Resource { Read: resourceArmDateLakeStoreRead, Update: resourceArmDateLakeStoreUpdate, Delete: resourceArmDateLakeStoreDelete, + Importer: &schema.ResourceImporter{ State: schema.ImportStatePassthrough, }, @@ -40,7 +40,7 @@ func resourceArmDataLakeStore() *schema.Resource { Type: schema.TypeString, Optional: true, Default: string(account.Consumption), - DiffSuppressFunc: ignoreCaseDiffSuppressFunc, + DiffSuppressFunc: suppress.CaseDifference, ValidateFunc: validation.StringInSlice([]string{ string(account.Consumption), string(account.Commitment1TB), @@ -52,6 +52,51 @@ func resourceArmDataLakeStore() *schema.Resource { }, true), }, + "encryption_state": { + Type: schema.TypeString, + Optional: true, + Default: string(account.Enabled), + ForceNew: true, + ValidateFunc: validation.StringInSlice([]string{ + string(account.Enabled), + string(account.Disabled), + }, true), + DiffSuppressFunc: suppress.CaseDifference, + }, + + "encryption_type": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + ValidateFunc: validation.StringInSlice([]string{ + string(account.ServiceManaged), + }, true), + DiffSuppressFunc: suppress.CaseDifference, + }, + + "firewall_state": { + Type: schema.TypeString, + Optional: true, + Default: string(account.FirewallStateEnabled), + ValidateFunc: validation.StringInSlice([]string{ + string(account.FirewallStateEnabled), + string(account.FirewallStateDisabled), + }, true), + DiffSuppressFunc: suppress.CaseDifference, + }, + + "firewall_allow_azure_ips": { + Type: schema.TypeString, + Optional: true, + Default: string(account.FirewallAllowAzureIpsStateEnabled), + ValidateFunc: validation.StringInSlice([]string{ + string(account.FirewallAllowAzureIpsStateEnabled), + string(account.FirewallAllowAzureIpsStateDisabled), + }, true), + DiffSuppressFunc: suppress.CaseDifference, + }, + "tags": tagsSchema(), }, } @@ -65,15 +110,26 @@ func resourceArmDateLakeStoreCreate(d *schema.ResourceData, meta interface{}) er location := azureRMNormalizeLocation(d.Get("location").(string)) resourceGroup := d.Get("resource_group_name").(string) tier := d.Get("tier").(string) + + encryptionState := account.EncryptionState(d.Get("encryption_state").(string)) + encryptionType := account.EncryptionConfigType(d.Get("encryption_type").(string)) + firewallState := account.FirewallState(d.Get("firewall_state").(string)) + firewallAllowAzureIPs := account.FirewallAllowAzureIpsState(d.Get("firewall_allow_azure_ips").(string)) tags := d.Get("tags").(map[string]interface{}) - log.Printf("[INFO] preparing arguments for Azure ARM Date Lake Store creation %q (Resource Group %q)", name, resourceGroup) + log.Printf("[INFO] preparing arguments for Data Lake Store creation %q (Resource Group %q)", name, resourceGroup) dateLakeStore := account.CreateDataLakeStoreAccountParameters{ Location: &location, Tags: expandTags(tags), CreateDataLakeStoreAccountProperties: &account.CreateDataLakeStoreAccountProperties{ - NewTier: account.TierType(tier), + NewTier: account.TierType(tier), + FirewallState: firewallState, + FirewallAllowAzureIps: firewallAllowAzureIPs, + EncryptionState: encryptionState, + EncryptionConfig: &account.EncryptionConfig{ + Type: encryptionType, + }, }, } @@ -82,7 +138,7 @@ func resourceArmDateLakeStoreCreate(d *schema.ResourceData, meta interface{}) er return fmt.Errorf("Error issuing create request for Data Lake Store %q (Resource Group %q): %+v", name, resourceGroup, err) } - err = future.WaitForCompletion(ctx, client.Client) + err = future.WaitForCompletionRef(ctx, client.Client) if err != nil { return fmt.Errorf("Error creating Data Lake Store %q (Resource Group %q): %+v", name, resourceGroup, err) } @@ -106,14 +162,18 @@ func resourceArmDateLakeStoreUpdate(d *schema.ResourceData, meta interface{}) er name := d.Get("name").(string) resourceGroup := d.Get("resource_group_name").(string) - newTags := d.Get("tags").(map[string]interface{}) - newTier := d.Get("tier").(string) + tier := d.Get("tier").(string) + firewallState := account.FirewallState(d.Get("firewall_state").(string)) + firewallAllowAzureIPs := account.FirewallAllowAzureIpsState(d.Get("firewall_allow_azure_ips").(string)) + tags := d.Get("tags").(map[string]interface{}) props := account.UpdateDataLakeStoreAccountParameters{ - Tags: expandTags(newTags), UpdateDataLakeStoreAccountProperties: &account.UpdateDataLakeStoreAccountProperties{ - NewTier: account.TierType(newTier), + NewTier: account.TierType(tier), + FirewallState: firewallState, + FirewallAllowAzureIps: firewallAllowAzureIPs, }, + Tags: expandTags(tags), } future, err := client.Update(ctx, resourceGroup, name, props) @@ -121,7 +181,7 @@ func resourceArmDateLakeStoreUpdate(d *schema.ResourceData, meta interface{}) er return fmt.Errorf("Error issuing update request for Data Lake Store %q (Resource Group %q): %+v", name, resourceGroup, err) } - err = future.WaitForCompletion(ctx, client.Client) + err = future.WaitForCompletionRef(ctx, client.Client) if err != nil { return fmt.Errorf("Error waiting for the update of Data Lake Store %q (Resource Group %q) to commplete: %+v", name, resourceGroup, err) } @@ -143,10 +203,11 @@ func resourceArmDateLakeStoreRead(d *schema.ResourceData, meta interface{}) erro resp, err := client.Get(ctx, resourceGroup, name) if err != nil { if utils.ResponseWasNotFound(resp.Response) { - log.Printf("[WARN] DataLakeStoreAccount '%s' was not found (resource group '%s')", name, resourceGroup) + log.Printf("[WARN] Data Lake Store Account %q was not found (Resource Group %q)", name, resourceGroup) d.SetId("") return nil } + return fmt.Errorf("Error making Read request on Azure Data Lake Store %q (Resource Group %q): %+v", name, resourceGroup, err) } @@ -156,8 +217,16 @@ func resourceArmDateLakeStoreRead(d *schema.ResourceData, meta interface{}) erro d.Set("location", azureRMNormalizeLocation(*location)) } - if tier := resp.DataLakeStoreAccountProperties; tier != nil { - d.Set("tier", string(tier.CurrentTier)) + if properties := resp.DataLakeStoreAccountProperties; properties != nil { + d.Set("tier", string(properties.CurrentTier)) + + d.Set("encryption_state", string(properties.EncryptionState)) + d.Set("firewall_state", string(properties.FirewallState)) + d.Set("firewall_allow_azure_ips", string(properties.FirewallAllowAzureIps)) + + if config := properties.EncryptionConfig; config != nil { + d.Set("encryption_type", string(config.Type)) + } } flattenAndSetTags(d, resp.Tags) diff --git a/azurerm/resource_arm_data_lake_store_test.go b/azurerm/resource_arm_data_lake_store_test.go index 9ef5d65b9978..0304cd7c4b92 100644 --- a/azurerm/resource_arm_data_lake_store_test.go +++ b/azurerm/resource_arm_data_lake_store_test.go @@ -25,6 +25,8 @@ func TestAccAzureRMDataLakeStore_basic(t *testing.T) { Check: resource.ComposeTestCheckFunc( testCheckAzureRMDataLakeStoreExists(resourceName), resource.TestCheckResourceAttr(resourceName, "tier", "Consumption"), + resource.TestCheckResourceAttr(resourceName, "encryption_state", "Enabled"), + resource.TestCheckResourceAttr(resourceName, "encryption_type", "ServiceManaged"), ), }, { @@ -61,6 +63,78 @@ func TestAccAzureRMDataLakeStore_tier(t *testing.T) { }) } +func TestAccAzureRMDataLakeStore_encryptionDisabled(t *testing.T) { + resourceName := "azurerm_data_lake_store.test" + ri := acctest.RandInt() + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMDataLakeStoreDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMDataLakeStore_encryptionDisabled(ri, testLocation()), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMDataLakeStoreExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "encryption_state", "Disabled"), + resource.TestCheckResourceAttr(resourceName, "encryption_type", ""), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccAzureRMDataLakeStore_firewallUpdate(t *testing.T) { + resourceName := "azurerm_data_lake_store.test" + ri := acctest.RandInt() + location := testLocation() + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMDataLakeStoreDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMDataLakeStore_firewall(ri, location, "Enabled", "Enabled"), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMDataLakeStoreExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "firewall_state", "Enabled"), + resource.TestCheckResourceAttr(resourceName, "firewall_allow_azure_ips", "Enabled"), + ), + }, + { + Config: testAccAzureRMDataLakeStore_firewall(ri, location, "Enabled", "Disabled"), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMDataLakeStoreExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "firewall_state", "Enabled"), + resource.TestCheckResourceAttr(resourceName, "firewall_allow_azure_ips", "Disabled"), + ), + }, + { + Config: testAccAzureRMDataLakeStore_firewall(ri, location, "Disabled", "Enabled"), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMDataLakeStoreExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "firewall_state", "Disabled"), + resource.TestCheckResourceAttr(resourceName, "firewall_allow_azure_ips", "Enabled"), + ), + }, + { + Config: testAccAzureRMDataLakeStore_firewall(ri, location, "Disabled", "Disabled"), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMDataLakeStoreExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "firewall_state", "Disabled"), + resource.TestCheckResourceAttr(resourceName, "firewall_allow_azure_ips", "Disabled"), + ), + }, + }, + }) +} + func TestAccAzureRMDataLakeStore_withTags(t *testing.T) { resourceName := "azurerm_data_lake_store.test" ri := acctest.RandInt() @@ -168,7 +242,7 @@ resource "azurerm_data_lake_store" "test" { func testAccAzureRMDataLakeStore_tier(rInt int, location string) string { return fmt.Sprintf(` resource "azurerm_resource_group" "test" { -name = "acctestRG-%d" + name = "acctestRG-%d" location = "%s" } @@ -176,12 +250,44 @@ resource "azurerm_data_lake_store" "test" { name = "acctest%s" resource_group_name = "${azurerm_resource_group.test.name}" location = "${azurerm_resource_group.test.location}" - tier = "Commitment_1TB" } `, rInt, location, strconv.Itoa(rInt)[0:15]) } +func testAccAzureRMDataLakeStore_encryptionDisabled(rInt int, location string) string { + return fmt.Sprintf(` +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +resource "azurerm_data_lake_store" "test" { + name = "acctest%s" + resource_group_name = "${azurerm_resource_group.test.name}" + location = "${azurerm_resource_group.test.location}" + encryption_state = "Disabled" +} +`, rInt, location, strconv.Itoa(rInt)[0:15]) +} + +func testAccAzureRMDataLakeStore_firewall(rInt int, location string, firewallState string, firewallAllowAzureIPs string) string { + return fmt.Sprintf(` +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +resource "azurerm_data_lake_store" "test" { + name = "acctest%s" + resource_group_name = "${azurerm_resource_group.test.name}" + location = "${azurerm_resource_group.test.location}" + firewall_state = "%s" + firewall_allow_azure_ips = "%s" +} +`, rInt, location, strconv.Itoa(rInt)[0:15], firewallState, firewallAllowAzureIPs) +} + func testAccAzureRMDataLakeStore_withTags(rInt int, location string) string { return fmt.Sprintf(` resource "azurerm_resource_group" "test" { @@ -193,7 +299,7 @@ resource "azurerm_data_lake_store" "test" { name = "acctest%s" resource_group_name = "${azurerm_resource_group.test.name}" location = "${azurerm_resource_group.test.location}" - + tags { environment = "Production" cost_center = "MSFT" @@ -213,7 +319,7 @@ resource "azurerm_data_lake_store" "test" { name = "acctest%s" resource_group_name = "${azurerm_resource_group.test.name}" location = "${azurerm_resource_group.test.location}" - + tags { environment = "staging" } diff --git a/website/docs/d/data_lake_store.html.markdown b/website/docs/d/data_lake_store.html.markdown index b13258e105c2..05d6b5999d5b 100644 --- a/website/docs/d/data_lake_store.html.markdown +++ b/website/docs/d/data_lake_store.html.markdown @@ -27,10 +27,21 @@ output "data_lake_store_id" { ## Argument Reference * `name` - (Required) The name of the Data Lake Store. + * `resource_group_name` - (Required) The Name of the Resource Group where the Data Lake Store exists. ## Attributes Reference * `id` - The ID of the Data Lake Store. + +* `encryption_state` - the Encryption State of this Data Lake Store Account, such as `Enabled` or `Disabled`. + +* `encryption_type` - the Encryption Type used for this Data Lake Store Account. + +* `firewall_allow_azure_ips` - are Azure Service IP's allowed through the firewall? + +* `firewall_state` - the state of the firewall, such as `Enabled` or `Disabled`. + * `tier` - Current monthly commitment tier for the account. + * `tags` - A mapping of tags to assign to the Data Lake Store. diff --git a/website/docs/r/data_lake_store.html.markdown b/website/docs/r/data_lake_store.html.markdown index 3a421467c774..fb981e4b8256 100644 --- a/website/docs/r/data_lake_store.html.markdown +++ b/website/docs/r/data_lake_store.html.markdown @@ -1,3 +1,4 @@ + --- layout: "azurerm" page_title: "Azure Resource Manager: azurerm_data_lake_store" @@ -22,6 +23,13 @@ resource "azurerm_data_lake_store" "example" { name = "consumptiondatalake" resource_group_name = "${azurerm_resource_group.example.name}" location = "${azurerm_resource_group.example.location}" + + encrytpion { + type = "UserManaged" + key_vault_id = "${azurerm_key_vault.example.id}" + key_name = "${azurerm_key_vault_key.example.name}" + key_version = "${azurerm_key_vault_key.example.version}" + } } ``` @@ -37,6 +45,16 @@ The following arguments are supported: * `tier` - (Optional) The monthly commitment tier for Data Lake Store. Accepted values are `Consumption`, `Commitment_1TB`, `Commitment_10TB`, `Commitment_100TB`, `Commitment_500TB`, `Commitment_1PB` or `Commitment_5PB`. +* `encryption_state` - (Optional) Is Encryption enabled on this Data Lake Store Account? Possible values are `Enabled` or `Disabled`. Defaults to `Enabled`. + +* `encryption_type` - (Optional) The Encryption Type used for this Data Lake Store Account. Currently can be set to `SystemManaged` when `encryption_state` is `Enabled` - and must be a blank string when it's Disabled. + +-> **NOTE:** Support for User Managed encryption will be supported in the future once a bug in the API is fixed. + +* `firewall_allow_azure_ips` - are Azure Service IP's allowed through the firewall? Possible values are `Enabled` and `Disabled`. Defaults to `Enabled.` + +* `firewall_state` - the state of the Firewall. Possible values are `Enabled` and `Disabled`. Defaults to `Enabled.` + * `tags` - (Optional) A mapping of tags to assign to the resource. ## Attributes Reference