From aa7f7d98df018f09d7a4ba8f83c9be42da15c50e Mon Sep 17 00:00:00 2001 From: Aris van Ommeren Date: Thu, 9 Feb 2023 16:26:24 +0100 Subject: [PATCH 01/12] `azurerm_api_management`: introduction of the `delegation` block --- .../apimanagement/api_management_resource.go | 118 ++++++++++++++++++ .../api_management_resource_test.go | 47 +++++++ .../services/apimanagement/client/client.go | 5 + 3 files changed, 170 insertions(+) diff --git a/internal/services/apimanagement/api_management_resource.go b/internal/services/apimanagement/api_management_resource.go index ab7e6130e726..dde04df5eb4d 100644 --- a/internal/services/apimanagement/api_management_resource.go +++ b/internal/services/apimanagement/api_management_resource.go @@ -493,6 +493,33 @@ func resourceApiManagementSchema() map[string]*pluginsdk.Schema { }, }, + "delegation": { + Type: pluginsdk.TypeList, + Optional: true, + Computed: true, + MaxItems: 1, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "subscriptions_enabled": { + Type: pluginsdk.TypeBool, + Required: true, + }, + "user_registration_enabled": { + Type: pluginsdk.TypeBool, + Required: true, + }, + "url": { + Type: pluginsdk.TypeString, + Required: true, + }, + "validation_key": { + Type: pluginsdk.TypeString, + Optional: true, + }, + }, + }, + }, + "sign_up": { Type: pluginsdk.TypeList, Optional: true, @@ -908,6 +935,18 @@ func resourceApiManagementServiceCreateUpdate(d *pluginsdk.ResourceData, meta in } } + delegationSettingsRaw := d.Get("delegation").([]interface{}) + if sku.Name == apimanagement.SkuTypeConsumption && len(delegationSettingsRaw) > 0 { + return fmt.Errorf("`delegation` is not support for sku tier `Consumption`") + } + if sku.Name != apimanagement.SkuTypeConsumption { + delegationSettings := expandApiManagementDelegationSettings(delegationSettingsRaw) + delegationClient := meta.(*clients.Client).ApiManagement.DelegationSettingsClient + if _, err := delegationClient.CreateOrUpdate(ctx, id.ResourceGroup, id.ServiceName, delegationSettings, ""); err != nil { + return fmt.Errorf(" setting Delegation settings for %s: %+v", id, err) + } + } + policyClient := meta.(*clients.Client).ApiManagement.PolicyClient policiesRaw := d.Get("policy").([]interface{}) policy, err := expandApiManagementPolicies(policiesRaw) @@ -951,6 +990,7 @@ func resourceApiManagementServiceRead(d *pluginsdk.ResourceData, meta interface{ client := meta.(*clients.Client).ApiManagement.ServiceClient signInClient := meta.(*clients.Client).ApiManagement.SignInClient signUpClient := meta.(*clients.Client).ApiManagement.SignUpClient + delegationClient := meta.(*clients.Client).ApiManagement.DelegationSettingsClient tenantAccessClient := meta.(*clients.Client).ApiManagement.TenantAccessClient ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() @@ -1078,9 +1118,19 @@ func resourceApiManagementServiceRead(d *pluginsdk.ResourceData, meta interface{ if err := d.Set("sign_up", flattenApiManagementSignUpSettings(signUpSettings)); err != nil { return fmt.Errorf("setting `sign_up`: %+v", err) } + + delegationSettings, err := delegationClient.Get(ctx, id.ResourceGroup, id.ServiceName) + if err != nil { + return fmt.Errorf("retrieving Delegation Settings for %s: %+v", *id, err) + } + + if err := d.Set("delegation", flattenApiManagementDelegationSettings(delegationSettings)); err != nil { + return fmt.Errorf("setting `delegation`: %+v", err) + } } else { d.Set("sign_in", []interface{}{}) d.Set("sign_up", []interface{}{}) + d.Set("delegation", []interface{}{}) } if resp.Sku.Name != apimanagement.SkuTypeConsumption { @@ -1808,6 +1858,74 @@ func flattenApiManagementSignInSettings(input apimanagement.PortalSigninSettings } } +func expandApiManagementDelegationSettings(input []interface{}) apimanagement.PortalDelegationSettings { + if len(input) == 0 { + return apimanagement.PortalDelegationSettings{ + PortalDelegationSettingsProperties: &apimanagement.PortalDelegationSettingsProperties{ + URL: utils.String(""), + ValidationKey: utils.String(""), + Subscriptions: &apimanagement.SubscriptionsDelegationSettingsProperties{ + Enabled: utils.Bool(false), + }, + UserRegistration: &apimanagement.RegistrationDelegationSettingsProperties{ + Enabled: utils.Bool(false), + }, + }, + } + } + + vs := input[0].(map[string]interface{}) + + props := apimanagement.PortalDelegationSettingsProperties{ + UserRegistration: &apimanagement.RegistrationDelegationSettingsProperties{ + Enabled: utils.Bool(vs["user_registration_enabled"].(bool)), + }, + Subscriptions: &apimanagement.SubscriptionsDelegationSettingsProperties{ + Enabled: utils.Bool(vs["subscriptions_enabled"].(bool)), + }, + URL: utils.String(vs["url"].(string)), + ValidationKey: utils.String(vs["validation_key"].(string)), + } + + return apimanagement.PortalDelegationSettings{ + PortalDelegationSettingsProperties: &props, + } +} + +func flattenApiManagementDelegationSettings(input apimanagement.PortalDelegationSettings) []interface{} { + url := "" + validationKey := "" + subscriptionsEnabled := false + userRegistrationEnabled := false + + if props := input.PortalDelegationSettingsProperties; props != nil { + if props.URL != nil { + url = *props.URL + } + + if props.ValidationKey != nil { + validationKey = *props.ValidationKey + } + + if props.Subscriptions != nil && props.Subscriptions.Enabled != nil { + subscriptionsEnabled = *props.Subscriptions.Enabled + } + + if props.UserRegistration != nil && props.UserRegistration.Enabled != nil { + userRegistrationEnabled = *props.UserRegistration.Enabled + } + } + + return []interface{}{ + map[string]interface{}{ + "url": url, + "validation_key": validationKey, + "subscriptions_enabled": subscriptionsEnabled, + "user_registration_enabled": userRegistrationEnabled, + }, + } +} + func expandApiManagementSignUpSettings(input []interface{}) apimanagement.PortalSignupSettings { if len(input) == 0 { return apimanagement.PortalSignupSettings{ diff --git a/internal/services/apimanagement/api_management_resource_test.go b/internal/services/apimanagement/api_management_resource_test.go index 6afaefddd7fb..335d983542f7 100644 --- a/internal/services/apimanagement/api_management_resource_test.go +++ b/internal/services/apimanagement/api_management_resource_test.go @@ -200,6 +200,21 @@ func TestAccApiManagement_signInSignUpSettings(t *testing.T) { }) } +func TestAccApiManagement_delegationSettings(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_api_management", "test") + r := ApiManagementResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.delegationSettings(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + }) +} + func TestAccApiManagement_policy(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_api_management", "test") r := ApiManagementResource{} @@ -1117,6 +1132,38 @@ resource "azurerm_api_management" "test" { `, data.RandomInteger, data.Locations.Primary, data.RandomInteger) } +func (ApiManagementResource) delegationSettings(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +resource "azurerm_api_management" "test" { + name = "acctestAM-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + publisher_name = "pub1" + publisher_email = "pub1@email.com" + + sku_name = "Developer_1" + + delegation { + url = "https://google.com" + validation_key = "test123themostsecretone" + subscriptions_enabled = true + user_registration_enabled = true + } + + +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger) +} + func (ApiManagementResource) complete(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { diff --git a/internal/services/apimanagement/client/client.go b/internal/services/apimanagement/client/client.go index dfa91a58207a..9389252d9597 100644 --- a/internal/services/apimanagement/client/client.go +++ b/internal/services/apimanagement/client/client.go @@ -20,6 +20,7 @@ type Client struct { BackendClient *apimanagement.BackendClient CacheClient *apimanagement.CacheClient CertificatesClient *apimanagement.CertificateClient + DelegationSettingsClient *apimanagement.DelegationSettingsClient DeletedServicesClient *apimanagement.DeletedServicesClient DiagnosticClient *apimanagement.DiagnosticClient EmailTemplateClient *apimanagement.EmailTemplateClient @@ -93,6 +94,9 @@ func NewClient(o *common.ClientOptions) *Client { diagnosticClient := apimanagement.NewDiagnosticClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId) o.ConfigureClient(&diagnosticClient.Client, o.ResourceManagerAuthorizer) + delegationSettingsClient := apimanagement.NewDelegationSettingsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId) + o.ConfigureClient(&delegationSettingsClient.Client, o.ResourceManagerAuthorizer) + deletedServicesClient := apimanagement.NewDeletedServicesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId) o.ConfigureClient(&deletedServicesClient.Client, o.ResourceManagerAuthorizer) @@ -188,6 +192,7 @@ func NewClient(o *common.ClientOptions) *Client { BackendClient: &backendClient, CacheClient: &cacheClient, CertificatesClient: &certificatesClient, + DelegationSettingsClient: &delegationSettingsClient, DeletedServicesClient: &deletedServicesClient, DiagnosticClient: &diagnosticClient, EmailTemplateClient: &emailTemplateClient, From 21b271ac662fe6bf2bc949b84978495e0c245d29 Mon Sep 17 00:00:00 2001 From: Aris van Ommeren Date: Thu, 9 Feb 2023 19:32:00 +0100 Subject: [PATCH 02/12] fix: base64 validation key --- internal/services/apimanagement/api_management_resource_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/services/apimanagement/api_management_resource_test.go b/internal/services/apimanagement/api_management_resource_test.go index 335d983542f7..f5f2ac2c75c5 100644 --- a/internal/services/apimanagement/api_management_resource_test.go +++ b/internal/services/apimanagement/api_management_resource_test.go @@ -1154,7 +1154,7 @@ resource "azurerm_api_management" "test" { delegation { url = "https://google.com" - validation_key = "test123themostsecretone" + validation_key = "aW50ZWdyYXRpb24mMjAyMzAzMTAxODMwJkxRaUxzcUVsaUpEaHJRK01YZkJYV3paUi9qdzZDSWMrazhjUXB0bVdyTGxKcVYrd0R4OXRqMGRzTWZXU3hmeGQ0a2V0WjcrcE44U0dJdDNsYUQ3Rk5BPT0=" subscriptions_enabled = true user_registration_enabled = true } From b52fa936a1be76007787ef197809b4e8653ba7fb Mon Sep 17 00:00:00 2001 From: Aris van Ommeren Date: Thu, 9 Feb 2023 21:19:11 +0100 Subject: [PATCH 03/12] fix: validation key things --- .../apimanagement/api_management_resource.go | 25 +++++++++++-------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/internal/services/apimanagement/api_management_resource.go b/internal/services/apimanagement/api_management_resource.go index dde04df5eb4d..7c1f4a889cf1 100644 --- a/internal/services/apimanagement/api_management_resource.go +++ b/internal/services/apimanagement/api_management_resource.go @@ -513,8 +513,9 @@ func resourceApiManagementSchema() map[string]*pluginsdk.Schema { Required: true, }, "validation_key": { - Type: pluginsdk.TypeString, - Optional: true, + Type: pluginsdk.TypeString, + Optional: true, + Sensitive: true, }, }, }, @@ -1124,7 +1125,12 @@ func resourceApiManagementServiceRead(d *pluginsdk.ResourceData, meta interface{ return fmt.Errorf("retrieving Delegation Settings for %s: %+v", *id, err) } - if err := d.Set("delegation", flattenApiManagementDelegationSettings(delegationSettings)); err != nil { + delegationValidationKeyContract, err := delegationClient.ListSecrets(ctx, id.ResourceGroup, id.ServiceName) + if err != nil { + return fmt.Errorf("retrieving Delegation Validation Key for %s: %+v", *id, err) + } + + if err := d.Set("delegation", flattenApiManagementDelegationSettings(delegationSettings, delegationValidationKeyContract)); err != nil { return fmt.Errorf("setting `delegation`: %+v", err) } } else { @@ -1892,9 +1898,8 @@ func expandApiManagementDelegationSettings(input []interface{}) apimanagement.Po } } -func flattenApiManagementDelegationSettings(input apimanagement.PortalDelegationSettings) []interface{} { +func flattenApiManagementDelegationSettings(input apimanagement.PortalDelegationSettings, keyContract apimanagement.PortalSettingValidationKeyContract) []interface{} { url := "" - validationKey := "" subscriptionsEnabled := false userRegistrationEnabled := false @@ -1903,10 +1908,6 @@ func flattenApiManagementDelegationSettings(input apimanagement.PortalDelegation url = *props.URL } - if props.ValidationKey != nil { - validationKey = *props.ValidationKey - } - if props.Subscriptions != nil && props.Subscriptions.Enabled != nil { subscriptionsEnabled = *props.Subscriptions.Enabled } @@ -1915,13 +1916,17 @@ func flattenApiManagementDelegationSettings(input apimanagement.PortalDelegation userRegistrationEnabled = *props.UserRegistration.Enabled } } + validationKey := "" + if keyContract.ValidationKey != nil { + validationKey = *keyContract.ValidationKey + } return []interface{}{ map[string]interface{}{ "url": url, - "validation_key": validationKey, "subscriptions_enabled": subscriptionsEnabled, "user_registration_enabled": userRegistrationEnabled, + "validation_key": validationKey, }, } } From 3c85d37c757200a0723679cc199376e02c701882 Mon Sep 17 00:00:00 2001 From: Aris van Ommeren Date: Thu, 9 Feb 2023 22:28:58 +0100 Subject: [PATCH 04/12] Extra tests + docs --- .../api_management_resource_test.go | 46 ++++++++++++++++++- website/docs/r/api_management.html.markdown | 14 ++++++ 2 files changed, 58 insertions(+), 2 deletions(-) diff --git a/internal/services/apimanagement/api_management_resource_test.go b/internal/services/apimanagement/api_management_resource_test.go index f5f2ac2c75c5..4bd2f8462547 100644 --- a/internal/services/apimanagement/api_management_resource_test.go +++ b/internal/services/apimanagement/api_management_resource_test.go @@ -215,6 +215,21 @@ func TestAccApiManagement_delegationSettings(t *testing.T) { }) } +func TestAccApiManagement_delegationSettingsComplete(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_api_management", "test") + r := ApiManagementResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.delegationSettingsComplete(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + }) +} + func TestAccApiManagement_policy(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_api_management", "test") r := ApiManagementResource{} @@ -1143,6 +1158,35 @@ resource "azurerm_resource_group" "test" { location = "%s" } +resource "azurerm_api_management" "test" { + name = "acctestAM-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + publisher_name = "pub1" + publisher_email = "pub1@email.com" + + sku_name = "Developer_1" + + delegation { + url = "https://google.com" + subscriptions_enabled = false + user_registration_enabled = true + } +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger) +} + +func (ApiManagementResource) delegationSettingsComplete(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + resource "azurerm_api_management" "test" { name = "acctestAM-%d" location = azurerm_resource_group.test.location @@ -1158,8 +1202,6 @@ resource "azurerm_api_management" "test" { subscriptions_enabled = true user_registration_enabled = true } - - } `, data.RandomInteger, data.Locations.Primary, data.RandomInteger) } diff --git a/website/docs/r/api_management.html.markdown b/website/docs/r/api_management.html.markdown index b7fde3816632..231ac4f1f9d2 100644 --- a/website/docs/r/api_management.html.markdown +++ b/website/docs/r/api_management.html.markdown @@ -65,6 +65,8 @@ The following arguments are supported: * `client_certificate_enabled` - (Optional) Enforce a client certificate to be presented on each request to the gateway? This is only supported when SKU type is `Consumption`. +* `delegation` - (Optional) A `delegation` block as defined below. + * `gateway_disabled` - (Optional) Disable the gateway in main region? This is only supported when `additional_location` is set. * `min_api_version` - (Optional) The version which the control plane API calls to API Management service are limited with version equal to or newer than. @@ -135,6 +137,18 @@ A `certificate` block supports the following: --- +A `delegation` block supports the following: + +* `subscriptions_enabled` - (Required) Should subscription requests be delegated to an external url? + +* `user_registration_enabled` - (Required) Should user registration requests be delegated to an external url? + +* `url` - (Required) The delegation URL. + +* `validation_key` - (Optional) A base64-encoded validation key to validate, that a request is coming from Azure API Management. + +--- + A `hostname_configuration` block supports the following: * `management` - (Optional) One or more `management` blocks as documented below. From a57d1869277320d4de353438bc43ce3ea84fba4f Mon Sep 17 00:00:00 2001 From: Aris van Ommeren Date: Thu, 9 Feb 2023 22:30:50 +0100 Subject: [PATCH 05/12] fmt --- .../apimanagement/api_management_resource_test.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/internal/services/apimanagement/api_management_resource_test.go b/internal/services/apimanagement/api_management_resource_test.go index 4bd2f8462547..69a783181747 100644 --- a/internal/services/apimanagement/api_management_resource_test.go +++ b/internal/services/apimanagement/api_management_resource_test.go @@ -1169,8 +1169,8 @@ resource "azurerm_api_management" "test" { delegation { url = "https://google.com" - subscriptions_enabled = false - user_registration_enabled = true + subscriptions_enabled = false + user_registration_enabled = true } } `, data.RandomInteger, data.Locations.Primary, data.RandomInteger) @@ -1198,9 +1198,9 @@ resource "azurerm_api_management" "test" { delegation { url = "https://google.com" - validation_key = "aW50ZWdyYXRpb24mMjAyMzAzMTAxODMwJkxRaUxzcUVsaUpEaHJRK01YZkJYV3paUi9qdzZDSWMrazhjUXB0bVdyTGxKcVYrd0R4OXRqMGRzTWZXU3hmeGQ0a2V0WjcrcE44U0dJdDNsYUQ3Rk5BPT0=" - subscriptions_enabled = true - user_registration_enabled = true + validation_key = "aW50ZWdyYXRpb24mMjAyMzAzMTAxODMwJkxRaUxzcUVsaUpEaHJRK01YZkJYV3paUi9qdzZDSWMrazhjUXB0bVdyTGxKcVYrd0R4OXRqMGRzTWZXU3hmeGQ0a2V0WjcrcE44U0dJdDNsYUQ3Rk5BPT0=" + subscriptions_enabled = true + user_registration_enabled = true } } `, data.RandomInteger, data.Locations.Primary, data.RandomInteger) From 3880f2e4cb232ad13cd31a7ddfc5b88edcc5fbd5 Mon Sep 17 00:00:00 2001 From: Aris van Ommeren Date: Thu, 9 Feb 2023 23:51:11 +0100 Subject: [PATCH 06/12] fix: validation_key never as empty string --- .../services/apimanagement/api_management_resource.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/internal/services/apimanagement/api_management_resource.go b/internal/services/apimanagement/api_management_resource.go index 7c1f4a889cf1..cce3ef919d18 100644 --- a/internal/services/apimanagement/api_management_resource.go +++ b/internal/services/apimanagement/api_management_resource.go @@ -1868,8 +1868,6 @@ func expandApiManagementDelegationSettings(input []interface{}) apimanagement.Po if len(input) == 0 { return apimanagement.PortalDelegationSettings{ PortalDelegationSettingsProperties: &apimanagement.PortalDelegationSettingsProperties{ - URL: utils.String(""), - ValidationKey: utils.String(""), Subscriptions: &apimanagement.SubscriptionsDelegationSettingsProperties{ Enabled: utils.Bool(false), }, @@ -1889,8 +1887,12 @@ func expandApiManagementDelegationSettings(input []interface{}) apimanagement.Po Subscriptions: &apimanagement.SubscriptionsDelegationSettingsProperties{ Enabled: utils.Bool(vs["subscriptions_enabled"].(bool)), }, - URL: utils.String(vs["url"].(string)), - ValidationKey: utils.String(vs["validation_key"].(string)), + URL: utils.String(vs["url"].(string)), + } + + validationKey := vs["validation_key"].(string) + if validationKey != "" { + props.ValidationKey = utils.String(validationKey) } return apimanagement.PortalDelegationSettings{ From 65982d9b319f9c3d19b0b67bdd872d54ae148845 Mon Sep 17 00:00:00 2001 From: Aris van Ommeren Date: Fri, 10 Feb 2023 12:01:09 +0100 Subject: [PATCH 07/12] fix: validation_key mandatory --- .../apimanagement/api_management_resource.go | 15 ++----- .../api_management_resource_test.go | 45 ------------------- 2 files changed, 3 insertions(+), 57 deletions(-) diff --git a/internal/services/apimanagement/api_management_resource.go b/internal/services/apimanagement/api_management_resource.go index cce3ef919d18..5f070bb348f3 100644 --- a/internal/services/apimanagement/api_management_resource.go +++ b/internal/services/apimanagement/api_management_resource.go @@ -514,7 +514,7 @@ func resourceApiManagementSchema() map[string]*pluginsdk.Schema { }, "validation_key": { Type: pluginsdk.TypeString, - Optional: true, + Required: true, Sensitive: true, }, }, @@ -940,7 +940,7 @@ func resourceApiManagementServiceCreateUpdate(d *pluginsdk.ResourceData, meta in if sku.Name == apimanagement.SkuTypeConsumption && len(delegationSettingsRaw) > 0 { return fmt.Errorf("`delegation` is not support for sku tier `Consumption`") } - if sku.Name != apimanagement.SkuTypeConsumption { + if sku.Name != apimanagement.SkuTypeConsumption && len(delegationSettingsRaw) > 0 { delegationSettings := expandApiManagementDelegationSettings(delegationSettingsRaw) delegationClient := meta.(*clients.Client).ApiManagement.DelegationSettingsClient if _, err := delegationClient.CreateOrUpdate(ctx, id.ResourceGroup, id.ServiceName, delegationSettings, ""); err != nil { @@ -1866,16 +1866,7 @@ func flattenApiManagementSignInSettings(input apimanagement.PortalSigninSettings func expandApiManagementDelegationSettings(input []interface{}) apimanagement.PortalDelegationSettings { if len(input) == 0 { - return apimanagement.PortalDelegationSettings{ - PortalDelegationSettingsProperties: &apimanagement.PortalDelegationSettingsProperties{ - Subscriptions: &apimanagement.SubscriptionsDelegationSettingsProperties{ - Enabled: utils.Bool(false), - }, - UserRegistration: &apimanagement.RegistrationDelegationSettingsProperties{ - Enabled: utils.Bool(false), - }, - }, - } + return apimanagement.PortalDelegationSettings{} } vs := input[0].(map[string]interface{}) diff --git a/internal/services/apimanagement/api_management_resource_test.go b/internal/services/apimanagement/api_management_resource_test.go index 69a783181747..a6298d006f1f 100644 --- a/internal/services/apimanagement/api_management_resource_test.go +++ b/internal/services/apimanagement/api_management_resource_test.go @@ -215,21 +215,6 @@ func TestAccApiManagement_delegationSettings(t *testing.T) { }) } -func TestAccApiManagement_delegationSettingsComplete(t *testing.T) { - data := acceptance.BuildTestData(t, "azurerm_api_management", "test") - r := ApiManagementResource{} - - data.ResourceTest(t, r, []acceptance.TestStep{ - { - Config: r.delegationSettingsComplete(data), - Check: acceptance.ComposeTestCheckFunc( - check.That(data.ResourceName).ExistsInAzure(r), - ), - }, - data.ImportStep(), - }) -} - func TestAccApiManagement_policy(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_api_management", "test") r := ApiManagementResource{} @@ -1176,36 +1161,6 @@ resource "azurerm_api_management" "test" { `, data.RandomInteger, data.Locations.Primary, data.RandomInteger) } -func (ApiManagementResource) delegationSettingsComplete(data acceptance.TestData) string { - return fmt.Sprintf(` -provider "azurerm" { - features {} -} - -resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" -} - -resource "azurerm_api_management" "test" { - name = "acctestAM-%d" - location = azurerm_resource_group.test.location - resource_group_name = azurerm_resource_group.test.name - publisher_name = "pub1" - publisher_email = "pub1@email.com" - - sku_name = "Developer_1" - - delegation { - url = "https://google.com" - validation_key = "aW50ZWdyYXRpb24mMjAyMzAzMTAxODMwJkxRaUxzcUVsaUpEaHJRK01YZkJYV3paUi9qdzZDSWMrazhjUXB0bVdyTGxKcVYrd0R4OXRqMGRzTWZXU3hmeGQ0a2V0WjcrcE44U0dJdDNsYUQ3Rk5BPT0=" - subscriptions_enabled = true - user_registration_enabled = true - } -} -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger) -} - func (ApiManagementResource) complete(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { From 633892b3dab4fa3bae5b32e70fd6a305b7ac45de Mon Sep 17 00:00:00 2001 From: Aris van Ommeren Date: Fri, 10 Feb 2023 12:12:05 +0100 Subject: [PATCH 08/12] fix: add validation_key in test --- internal/services/apimanagement/api_management_resource_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/services/apimanagement/api_management_resource_test.go b/internal/services/apimanagement/api_management_resource_test.go index a6298d006f1f..72e3b274cab6 100644 --- a/internal/services/apimanagement/api_management_resource_test.go +++ b/internal/services/apimanagement/api_management_resource_test.go @@ -1155,6 +1155,7 @@ resource "azurerm_api_management" "test" { delegation { url = "https://google.com" subscriptions_enabled = false + validation_key = "aW50ZWdyYXRpb24mMjAyMzAzMTAxODMwJkxRaUxzcUVsaUpEaHJRK01YZkJYV3paUi9qdzZDSWMrazhjUXB0bVdyTGxKcVYrd0R4OXRqMGRzTWZXU3hmeGQ0a2V0WjcrcE44U0dJdDNsYUQ3Rk5BPT0=" user_registration_enabled = true } } From d3be7bd0c392f7ebc12814a2acd01b45967961e0 Mon Sep 17 00:00:00 2001 From: Aris van Ommeren Date: Fri, 10 Feb 2023 13:34:26 +0100 Subject: [PATCH 09/12] feat: Update AccTest to manage complete life-cycle --- .../api_management_resource_test.go | 60 ++++++++++++++++++- 1 file changed, 59 insertions(+), 1 deletion(-) diff --git a/internal/services/apimanagement/api_management_resource_test.go b/internal/services/apimanagement/api_management_resource_test.go index 72e3b274cab6..df90bcbfbf0c 100644 --- a/internal/services/apimanagement/api_management_resource_test.go +++ b/internal/services/apimanagement/api_management_resource_test.go @@ -212,6 +212,34 @@ func TestAccApiManagement_delegationSettings(t *testing.T) { ), }, data.ImportStep(), + { + Config: r.delegationSettingsDisabled(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + { + Config: r.basic(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + { + Config: r.delegationSettings(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + { + Config: r.basic(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), }) } @@ -1154,7 +1182,7 @@ resource "azurerm_api_management" "test" { delegation { url = "https://google.com" - subscriptions_enabled = false + subscriptions_enabled = true validation_key = "aW50ZWdyYXRpb24mMjAyMzAzMTAxODMwJkxRaUxzcUVsaUpEaHJRK01YZkJYV3paUi9qdzZDSWMrazhjUXB0bVdyTGxKcVYrd0R4OXRqMGRzTWZXU3hmeGQ0a2V0WjcrcE44U0dJdDNsYUQ3Rk5BPT0=" user_registration_enabled = true } @@ -1162,6 +1190,36 @@ resource "azurerm_api_management" "test" { `, data.RandomInteger, data.Locations.Primary, data.RandomInteger) } +func (ApiManagementResource) delegationSettingsDisabled(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +resource "azurerm_api_management" "test" { + name = "acctestAM-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + publisher_name = "pub1" + publisher_email = "pub1@email.com" + + sku_name = "Developer_1" + + delegation { + url = "https://google.com" + subscriptions_enabled = false + validation_key = "aW50ZWdyYXRpb24mMjAyMzAzMTAxODMwJkxRaUxzcUVsaUpEaHJRK01YZkJYV3paUi9qdzZDSWMrazhjUXB0bVdyTGxKcVYrd0R4OXRqMGRzTWZXU3hmeGQ0a2V0WjcrcE44U0dJdDNsYUQ3Rk5BPT0=" + user_registration_enabled = false + } +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger) +} + func (ApiManagementResource) complete(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { From bc74a8e440d35552b223f9bbcd8cbf1e5a816b7a Mon Sep 17 00:00:00 2001 From: Aris van Ommeren Date: Fri, 10 Feb 2023 17:08:41 +0100 Subject: [PATCH 10/12] fix: placeholders + validation --- .../apimanagement/api_management_resource.go | 33 ++++++++++++++----- .../api_management_resource_test.go | 2 -- 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/internal/services/apimanagement/api_management_resource.go b/internal/services/apimanagement/api_management_resource.go index 5f070bb348f3..6be3fe076661 100644 --- a/internal/services/apimanagement/api_management_resource.go +++ b/internal/services/apimanagement/api_management_resource.go @@ -18,6 +18,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-azurerm/helpers/azure" "github.com/hashicorp/terraform-provider-azurerm/helpers/tf" + "github.com/hashicorp/terraform-provider-azurerm/helpers/validate" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" "github.com/hashicorp/terraform-provider-azurerm/internal/services/apimanagement/parse" "github.com/hashicorp/terraform-provider-azurerm/internal/services/apimanagement/schemaz" @@ -502,20 +503,24 @@ func resourceApiManagementSchema() map[string]*pluginsdk.Schema { Schema: map[string]*pluginsdk.Schema{ "subscriptions_enabled": { Type: pluginsdk.TypeBool, - Required: true, + Optional: true, + Default: false, }, "user_registration_enabled": { Type: pluginsdk.TypeBool, - Required: true, + Optional: true, + Default: false, }, "url": { - Type: pluginsdk.TypeString, - Required: true, + Type: pluginsdk.TypeString, + Optional: true, + ValidateFunc: validation.IsURLWithHTTPorHTTPS, }, "validation_key": { - Type: pluginsdk.TypeString, - Required: true, - Sensitive: true, + Type: pluginsdk.TypeString, + Optional: true, + ValidationFunc: validate.Base64EncodedString, + Sensitive: true, }, }, }, @@ -1878,14 +1883,26 @@ func expandApiManagementDelegationSettings(input []interface{}) apimanagement.Po Subscriptions: &apimanagement.SubscriptionsDelegationSettingsProperties{ Enabled: utils.Bool(vs["subscriptions_enabled"].(bool)), }, - URL: utils.String(vs["url"].(string)), } validationKey := vs["validation_key"].(string) + if !vs["user_registration_enabled"].(bool) && !vs["subscriptions_enabled"].(bool) && validationKey == "" { + // for some reason we cannot leave this empty + props.ValidationKey = utils.String("cGxhY2Vob2xkZXIxCg==") + } if validationKey != "" { props.ValidationKey = utils.String(validationKey) } + url := vs["url"].(string) + if !vs["user_registration_enabled"].(bool) && !vs["subscriptions_enabled"].(bool) && url == "" { + // for some reason we cannot leave this empty + props.URL = utils.String("https://www.placeholder.com") + } + if url != "" { + props.URL = utils.String(url) + } + return apimanagement.PortalDelegationSettings{ PortalDelegationSettingsProperties: &props, } diff --git a/internal/services/apimanagement/api_management_resource_test.go b/internal/services/apimanagement/api_management_resource_test.go index df90bcbfbf0c..57455e56c3f8 100644 --- a/internal/services/apimanagement/api_management_resource_test.go +++ b/internal/services/apimanagement/api_management_resource_test.go @@ -1211,9 +1211,7 @@ resource "azurerm_api_management" "test" { sku_name = "Developer_1" delegation { - url = "https://google.com" subscriptions_enabled = false - validation_key = "aW50ZWdyYXRpb24mMjAyMzAzMTAxODMwJkxRaUxzcUVsaUpEaHJRK01YZkJYV3paUi9qdzZDSWMrazhjUXB0bVdyTGxKcVYrd0R4OXRqMGRzTWZXU3hmeGQ0a2V0WjcrcE44U0dJdDNsYUQ3Rk5BPT0=" user_registration_enabled = false } } From 7eff480f576597454d07ce9e3db4e453ebb77b2e Mon Sep 17 00:00:00 2001 From: Aris van Ommeren Date: Fri, 10 Feb 2023 17:10:28 +0100 Subject: [PATCH 11/12] fix: update docs --- website/docs/r/api_management.html.markdown | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/website/docs/r/api_management.html.markdown b/website/docs/r/api_management.html.markdown index 231ac4f1f9d2..0f75467ddf7c 100644 --- a/website/docs/r/api_management.html.markdown +++ b/website/docs/r/api_management.html.markdown @@ -139,11 +139,11 @@ A `certificate` block supports the following: A `delegation` block supports the following: -* `subscriptions_enabled` - (Required) Should subscription requests be delegated to an external url? +* `subscriptions_enabled` - (Optional) Should subscription requests be delegated to an external url? Defaults to `false`. -* `user_registration_enabled` - (Required) Should user registration requests be delegated to an external url? +* `user_registration_enabled` - (Optional) Should user registration requests be delegated to an external url? Defaults to `false`. -* `url` - (Required) The delegation URL. +* `url` - (Optional) The delegation URL. * `validation_key` - (Optional) A base64-encoded validation key to validate, that a request is coming from Azure API Management. From 06f53acfa18b0a772f496d4ba41a2f982bf8a445 Mon Sep 17 00:00:00 2001 From: Aris van Ommeren Date: Fri, 10 Feb 2023 21:42:02 +0100 Subject: [PATCH 12/12] ValidateFunc --- .../services/apimanagement/api_management_resource.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/services/apimanagement/api_management_resource.go b/internal/services/apimanagement/api_management_resource.go index 6be3fe076661..cb5548318267 100644 --- a/internal/services/apimanagement/api_management_resource.go +++ b/internal/services/apimanagement/api_management_resource.go @@ -517,10 +517,10 @@ func resourceApiManagementSchema() map[string]*pluginsdk.Schema { ValidateFunc: validation.IsURLWithHTTPorHTTPS, }, "validation_key": { - Type: pluginsdk.TypeString, - Optional: true, - ValidationFunc: validate.Base64EncodedString, - Sensitive: true, + Type: pluginsdk.TypeString, + Optional: true, + ValidateFunc: validate.Base64EncodedString, + Sensitive: true, }, }, },