Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

data.azurerm_api_management - Support property tenant_access #19422

Merged
merged 2 commits into from
Nov 28, 2022
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 38 additions & 0 deletions internal/services/apimanagement/api_management_data_source.go
Original file line number Diff line number Diff line change
Expand Up @@ -194,13 +194,41 @@ func dataSourceApiManagementService() *pluginsdk.Resource {
},
},

"tenant_access": {
Type: pluginsdk.TypeList,
Computed: true,
Elem: &pluginsdk.Resource{
Schema: map[string]*pluginsdk.Schema{
"enabled": {
Type: pluginsdk.TypeBool,
Computed: true,
},
"tenant_id": {
Type: pluginsdk.TypeString,
Computed: true,
},
"primary_key": {
Type: pluginsdk.TypeString,
Computed: true,
Sensitive: true,
},
"secondary_key": {
Type: pluginsdk.TypeString,
Computed: true,
Sensitive: true,
},
},
},
},

"tags": tags.SchemaDataSource(),
},
}
}

func dataSourceApiManagementRead(d *pluginsdk.ResourceData, meta interface{}) error {
client := meta.(*clients.Client).ApiManagement.ServiceClient
tenantAccessClient := meta.(*clients.Client).ApiManagement.TenantAccessClient
ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
defer cancel()

Expand Down Expand Up @@ -263,6 +291,16 @@ func dataSourceApiManagementRead(d *pluginsdk.ResourceData, meta interface{}) er

d.Set("sku_name", flattenApiManagementServiceSkuName(resp.Sku))

if resp.Sku.Name != apimanagement.SkuTypeConsumption {
tenantAccessInformationContract, err := tenantAccessClient.ListSecrets(ctx, id.ResourceGroup, id.ServiceName, "access")
if err != nil {
return fmt.Errorf("retrieving tenant access properties for %s: %+v", *id, err)
}
if err := d.Set("tenant_access", flattenApiManagementTenantAccessSettings(tenantAccessInformationContract)); err != nil {
return fmt.Errorf("setting `tenant_access`: %+v", err)
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we need to ensure the tenant_access block is always set into the state:

Suggested change
if resp.Sku.Name != apimanagement.SkuTypeConsumption {
tenantAccessInformationContract, err := tenantAccessClient.ListSecrets(ctx, id.ResourceGroup, id.ServiceName, "access")
if err != nil {
return fmt.Errorf("retrieving tenant access properties for %s: %+v", *id, err)
}
if err := d.Set("tenant_access", flattenApiManagementTenantAccessSettings(tenantAccessInformationContract)); err != nil {
return fmt.Errorf("setting `tenant_access`: %+v", err)
}
}
tenantAccess := make([]interface{}, 0)
if resp.Sku.Name != apimanagement.SkuTypeConsumption {
tenantAccessInformationContract, err := tenantAccessClient.ListSecrets(ctx, id.ResourceGroup, id.ServiceName, "access")
if err != nil {
return fmt.Errorf("retrieving tenant access properties for %s: %+v", *id, err)
}
tenantAccess = flattenApiManagementTenantAccessSettings(tenantAccessInformationContract)
}
if err := d.Set("tenant_access", tenantAccess); err != nil {
return fmt.Errorf("setting `tenant_access`: %+v", err)
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for you feedback. Fixed.


return tags.FlattenAndSet(d, resp.Tags)
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,18 @@ func TestAccDataSourceApiManagement_basic(t *testing.T) {
})
}

func TestAccDataSourceApiManagement_tenantAccess(t *testing.T) {
data := acceptance.BuildTestData(t, "data.azurerm_api_management", "test")
r := ApiManagementDataSource{}

data.DataSourceTest(t, []acceptance.TestStep{
{
Config: r.tenantAccess(data),
Check: acceptance.ComposeTestCheckFunc(),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this isn't checking anything, let's check that we have some values here:

Suggested change
Check: acceptance.ComposeTestCheckFunc(),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).Key("tenant_access.0.enabled").Exists(),
),

we should also update the basic test above to ensure there's no items if this isn't consumption:

  	check.That(data.ResourceName).Key("tenant_access.#").HasValue("0"),

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for you feedback. For the basic test, In fact the sku name is not consumption should have tenant_access. So I added check.That(data.ResourceName).Key("tenant_access.#").HasValue("1") for it. Please let me know if I missed something. Thank you.

},
})
}

func TestAccDataSourceApiManagement_identitySystemAssigned(t *testing.T) {
data := acceptance.BuildTestData(t, "data.azurerm_api_management", "test")
r := ApiManagementDataSource{}
Expand Down Expand Up @@ -89,6 +101,66 @@ func TestAccDataSourceApiManagement_virtualNetwork(t *testing.T) {
})
}

func (ApiManagementDataSource) tenantAccess(data acceptance.TestData) string {
return fmt.Sprintf(`
provider "azurerm" {
features {}
}

resource "azurerm_resource_group" "test" {
name = "amtestRG-%[1]d"
location = "%[2]s"
}

resource "azurerm_api_management" "test" {
name = "acctestAM-%[1]d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
publisher_name = "pub1"
publisher_email = "[email protected]"

sku_name = "Developer_1"
}

resource "azurerm_api_management_product" "test" {
product_id = "test-product"
api_management_name = azurerm_api_management.test.name
resource_group_name = azurerm_resource_group.test.name
display_name = "Test Product"
subscription_required = true
approval_required = false
published = true
}

resource "azurerm_api_management_user" "test" {
user_id = "acctestuser%[1]d"
api_management_name = azurerm_api_management.test.name
resource_group_name = azurerm_resource_group.test.name
first_name = "Acceptance"
last_name = "Test"
email = "azure-acctest%[1][email protected]"
}

data "azurerm_api_management" "test" {
name = azurerm_api_management.test.name
resource_group_name = azurerm_api_management.test.resource_group_name
}

resource "azurerm_api_management_subscription" "test" {
subscription_id = "This-Is-A-Valid-Subscription-ID"
resource_group_name = azurerm_api_management.test.resource_group_name
api_management_name = azurerm_api_management.test.name
user_id = azurerm_api_management_user.test.id
product_id = azurerm_api_management_product.test.id
display_name = "Butter Parser API Enterprise Edition"
state = "active"
allow_tracing = false
primary_key = data.azurerm_api_management.test.tenant_access[0].primary_key
secondary_key = data.azurerm_api_management.test.tenant_access[0].secondary_key
}
`, data.RandomInteger, data.Locations.Primary)
}

func (ApiManagementDataSource) basic(data acceptance.TestData) string {
return fmt.Sprintf(`
provider "azurerm" {
Expand Down
14 changes: 14 additions & 0 deletions website/docs/d/api_management.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,8 @@ output "api_management_id" {

* `sku` - A `sku` block as documented below.

* `tenant_access` - A `tenant_access` block as defined below.

* `tags` - A mapping of tags assigned to the resource.

---
Expand Down Expand Up @@ -177,6 +179,18 @@ A `sku` block exports the following:

---

A `tenant_access` block supports the following:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is read-only:

Suggested change
A `tenant_access` block supports the following:
A `tenant_access` block exports the following:

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for you feedback. Fixed.


* `enabled` - Should the access to the management API be enabled?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is read-only:

Suggested change
* `enabled` - Should the access to the management API be enabled?
* `enabled` - Is access to the Management API enabled (presumably "for this Tenant")?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for you feedback. Fixed.


* `tenant_id` - The identifier for the tenant access information contract.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

presumably:

Suggested change
* `tenant_id` - The identifier for the tenant access information contract.
* `tenant_id` - The ID of the Tenant which has access to this API Management instance.

?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for you feedback. Fixed.


* `primary_key` - Primary access key for the tenant access information contract.

* `secondary_key` - Secondary access key for the tenant access information contract.

---

## Timeouts

The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/language/resources/syntax#operation-timeouts) for certain actions:
Expand Down