diff --git a/.github/labeler-issue-triage.yml b/.github/labeler-issue-triage.yml index 0e2f9cb77139..f9c94d69c3c1 100644 --- a/.github/labeler-issue-triage.yml +++ b/.github/labeler-issue-triage.yml @@ -34,7 +34,7 @@ service/attestation: - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_attestation_provider((.|\n)*)###' service/authorization: - - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_(client_config|federated_identity_credential|pim_|role_|user_assigned_identity)((.|\n)*)###' + - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_(client_config|federated_identity_credential|marketplace_role_assignment|pim_|role_|user_assigned_identity)((.|\n)*)###' service/automanage: - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_automanage_configuration((.|\n)*)###' diff --git a/internal/provider/services.go b/internal/provider/services.go index a15f0e5c0553..e6fa73427c26 100644 --- a/internal/provider/services.go +++ b/internal/provider/services.go @@ -135,9 +135,9 @@ func SupportedTypedServices() []sdk.TypedServiceRegistration { applicationinsights.Registration{}, appservice.Registration{}, arckubernetes.Registration{}, + authorization.Registration{}, automanage.Registration{}, automation.Registration{}, - authorization.Registration{}, batch.Registration{}, bot.Registration{}, cognitive.Registration{}, diff --git a/internal/services/authorization/client/client.go b/internal/services/authorization/client/client.go index 07cb5b8cc988..457bab92b906 100644 --- a/internal/services/authorization/client/client.go +++ b/internal/services/authorization/client/client.go @@ -11,6 +11,8 @@ import ( "github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2020-10-01/roleassignmentschedulerequests" "github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2020-10-01/roleeligibilityscheduleinstances" "github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2020-10-01/roleeligibilityschedulerequests" + "github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments" + "github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions" "github.com/hashicorp/terraform-provider-azurerm/internal/common" ) @@ -21,6 +23,8 @@ type Client struct { RoleAssignmentScheduleInstancesClient *roleassignmentscheduleinstances.RoleAssignmentScheduleInstancesClient RoleEligibilityScheduleRequestClient *roleeligibilityschedulerequests.RoleEligibilityScheduleRequestsClient RoleEligibilityScheduleInstancesClient *roleeligibilityscheduleinstances.RoleEligibilityScheduleInstancesClient + ScopedRoleAssignmentsClient *roleassignments.RoleAssignmentsClient + ScopedRoleDefinitionsClient *roledefinitions.RoleDefinitionsClient } func NewClient(o *common.ClientOptions) (*Client, error) { @@ -55,6 +59,18 @@ func NewClient(o *common.ClientOptions) (*Client, error) { } o.Configure(roleEligibilityScheduleInstancesClient.Client, o.Authorizers.ResourceManager) + scopedRoleAssignmentsClient, err := roleassignments.NewRoleAssignmentsClientWithBaseURI(o.Environment.ResourceManager) + if err != nil { + return nil, fmt.Errorf("building Role Assignment Client: %+v", err) + } + o.Configure(scopedRoleAssignmentsClient.Client, o.Authorizers.ResourceManager) + + scopedRoleDefinitionsClient, err := roledefinitions.NewRoleDefinitionsClientWithBaseURI(o.Environment.ResourceManager) + if err != nil { + return nil, fmt.Errorf("building Role Definition Client: %+v", err) + } + o.Configure(scopedRoleDefinitionsClient.Client, o.Authorizers.ResourceManager) + return &Client{ RoleAssignmentsClient: &roleAssignmentsClient, RoleDefinitionsClient: &roleDefinitionsClient, @@ -62,5 +78,7 @@ func NewClient(o *common.ClientOptions) (*Client, error) { RoleAssignmentScheduleInstancesClient: roleAssignmentScheduleInstancesClient, RoleEligibilityScheduleRequestClient: roleEligibilityScheduleRequestClient, RoleEligibilityScheduleInstancesClient: roleEligibilityScheduleInstancesClient, + ScopedRoleAssignmentsClient: scopedRoleAssignmentsClient, + ScopedRoleDefinitionsClient: scopedRoleDefinitionsClient, }, nil } diff --git a/internal/services/authorization/parse/id_scopedroleassignment.go b/internal/services/authorization/parse/id_scopedroleassignment.go new file mode 100644 index 000000000000..a6c9df597258 --- /dev/null +++ b/internal/services/authorization/parse/id_scopedroleassignment.go @@ -0,0 +1,60 @@ +package parse + +import ( + "fmt" + "strings" + + "github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments" +) + +type ScopedRoleAssignmentId struct { + ScopedId roleassignments.ScopedRoleAssignmentId + TenantId string +} + +func NewScopedRoleAssignmentID(scope string, roleAssignmentName string, tenantId string) ScopedRoleAssignmentId { + return ScopedRoleAssignmentId{ + ScopedId: roleassignments.NewScopedRoleAssignmentID(scope, roleAssignmentName), + TenantId: tenantId, + } +} + +func ScopedRoleAssignmentID(input string) (*ScopedRoleAssignmentId, error) { + azureResourceId, tenantId := DestructRoleAssignmentId(input) + scopedId, err := roleassignments.ParseScopedRoleAssignmentID(azureResourceId) + if err != nil { + return nil, err + } + + return &ScopedRoleAssignmentId{ScopedId: *scopedId, TenantId: tenantId}, nil +} + +func ValidateScopedRoleAssignmentID(input interface{}, key string) (warnings []string, errors []error) { + v, ok := input.(string) + if !ok { + errors = append(errors, fmt.Errorf("expected %q to be a string", key)) + return + } + + if _, err := ScopedRoleAssignmentID(v); err != nil { + errors = append(errors, err) + } + + return +} + +func (id ScopedRoleAssignmentId) ID() string { + return ConstructRoleAssignmentId(id.ScopedId.ID(), id.TenantId) +} + +func (id ScopedRoleAssignmentId) String() string { + components := []string{ + id.ScopedId.String(), + } + + if id.TenantId != "" { + components = append(components, fmt.Sprintf("Tenant ID: %s", id.TenantId)) + } + + return fmt.Sprintf("Scoped Role Assignment (%s)", strings.Join(components, "\n")) +} diff --git a/internal/services/authorization/parse/id_scopedroleassignment_test.go b/internal/services/authorization/parse/id_scopedroleassignment_test.go new file mode 100644 index 000000000000..15db35d75761 --- /dev/null +++ b/internal/services/authorization/parse/id_scopedroleassignment_test.go @@ -0,0 +1,124 @@ +package parse + +import ( + "testing" + + "github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments" +) + +func TestScopedRoleAssignmentID(t *testing.T) { + testData := []struct { + Input string + Error bool + Expected *ScopedRoleAssignmentId + }{ + { + Input: "", + Error: true, + }, + + { + Input: "/", + Error: true, + }, + + { + Input: "/providers/Microsoft.Marketplace/providers/Microsoft.Authorization/roleAssignments/", + Error: true, + }, + + { + Input: "/providers/Microsoft.Subscription/providers/Microsoft.Authorization/roleAssignments/23456781-2349-8764-5631-234567890121", + Expected: &ScopedRoleAssignmentId{ + ScopedId: roleassignments.NewScopedRoleAssignmentID("/providers/Microsoft.Subscription", "23456781-2349-8764-5631-234567890121"), + }, + }, + + { + Input: "/providers/Microsoft.Marketplace/providers/Microsoft.Authorization/roleAssignments/23456781-2349-8764-5631-234567890121", + Expected: &ScopedRoleAssignmentId{ + ScopedId: roleassignments.NewScopedRoleAssignmentID("/providers/Microsoft.Marketplace", "23456781-2349-8764-5631-234567890121"), + }, + }, + + { + Input: "/providers/Microsoft.Marketplace/providers/Microsoft.Authorization/roleAssignments/23456781-2349-8764-5631-234567890121|12345678-1234-5678-1234-567890123456", + Expected: &ScopedRoleAssignmentId{ + ScopedId: roleassignments.NewScopedRoleAssignmentID("/providers/Microsoft.Marketplace", "23456781-2349-8764-5631-234567890121"), + TenantId: "12345678-1234-5678-1234-567890123456", + }, + }, + } + + for _, v := range testData { + t.Logf("[DEBUG] Testing %q", v.Input) + + actual, err := ScopedRoleAssignmentID(v.Input) + if err != nil { + if v.Error { + continue + } + + t.Fatalf("expected a value but got an error: %+v", err) + } + + if v.Error { + t.Fatal("Expect an error but didn't get one") + } + + if actual.ScopedId.RoleAssignmentName != v.Expected.ScopedId.RoleAssignmentName { + t.Fatalf("Expected %q but got %q for Role Assignment Name", v.Expected.ScopedId.RoleAssignmentName, actual.ScopedId.RoleAssignmentName) + } + + if actual.TenantId != v.Expected.TenantId { + t.Fatalf("Expected %q but got %q for Tenant ID", v.Expected.TenantId, actual.TenantId) + } + } +} + +func TestValidateScopedRoleAssignmentID(t *testing.T) { + cases := []struct { + Input string + Valid bool + }{ + + { + Input: "", + Valid: false, + }, + + { + Input: "/", + Valid: false, + }, + + { + Input: "/providers/Microsoft.Marketplace/providers/Microsoft.Authorization/roleAssignments/", + Valid: false, + }, + + { + Input: "/providers/Microsoft.Subscription/providers/Microsoft.Authorization/roleAssignments/23456781-2349-8764-5631-234567890121", + Valid: true, + }, + + { + Input: "/providers/Microsoft.Marketplace/providers/Microsoft.Authorization/roleAssignments/23456781-2349-8764-5631-234567890121", + Valid: true, + }, + + { + Input: "/providers/Microsoft.Marketplace/providers/Microsoft.Authorization/roleAssignments/23456781-2349-8764-5631-234567890121|12345678-1234-5678-1234-567890123456", + Valid: true, + }, + } + for _, tc := range cases { + t.Logf("[DEBUG] Testing Value %s", tc.Input) + _, errors := ValidateScopedRoleAssignmentID(tc.Input, "test") + valid := len(errors) == 0 + + if tc.Valid != valid { + t.Fatalf("Expected %t but got %t", tc.Valid, valid) + } + } +} diff --git a/internal/services/authorization/parse/role_assignment.go b/internal/services/authorization/parse/role_assignment.go index 1109a1f5d42c..17f0d973c2cb 100644 --- a/internal/services/authorization/parse/role_assignment.go +++ b/internal/services/authorization/parse/role_assignment.go @@ -111,6 +111,14 @@ func ConstructRoleAssignmentId(azureResourceId, tenantId string) string { return fmt.Sprintf("%s|%s", azureResourceId, tenantId) } +func DestructRoleAssignmentId(id string) (string, string) { + parts := strings.Split(id, "|") + if len(parts) == 2 { + return parts[0], parts[1] + } + return id, "" +} + func RoleAssignmentID(input string) (*RoleAssignmentId, error) { if len(input) == 0 { return nil, fmt.Errorf("Role Assignment ID is empty string") diff --git a/internal/services/authorization/registration.go b/internal/services/authorization/registration.go index a73d37191207..00c694b6a520 100644 --- a/internal/services/authorization/registration.go +++ b/internal/services/authorization/registration.go @@ -54,6 +54,7 @@ func (r Registration) Resources() []sdk.Resource { resources := []sdk.Resource{ PimActiveRoleAssignmentResource{}, PimEligibleRoleAssignmentResource{}, + RoleAssignmentMarketplaceResource{}, } return resources } diff --git a/internal/services/authorization/role_assignment_marketplace_resource.go b/internal/services/authorization/role_assignment_marketplace_resource.go new file mode 100644 index 000000000000..ca3b17e4f9d9 --- /dev/null +++ b/internal/services/authorization/role_assignment_marketplace_resource.go @@ -0,0 +1,49 @@ +package authorization + +import ( + "github.com/hashicorp/terraform-provider-azurerm/internal/sdk" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/authorization/parse" + "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" +) + +const ( + MarketplaceScope = "/providers/Microsoft.Marketplace" +) + +var _ sdk.Resource = RoleAssignmentMarketplaceResource{} + +type RoleAssignmentMarketplaceResource struct { + base roleAssignmentBaseResource +} + +func (r RoleAssignmentMarketplaceResource) Arguments() map[string]*pluginsdk.Schema { + return r.base.arguments() +} + +func (r RoleAssignmentMarketplaceResource) Attributes() map[string]*pluginsdk.Schema { + return r.base.attributes() +} + +func (r RoleAssignmentMarketplaceResource) Create() sdk.ResourceFunc { + return r.base.createFunc(r.ResourceType(), MarketplaceScope) +} + +func (r RoleAssignmentMarketplaceResource) Delete() sdk.ResourceFunc { + return r.base.deleteFunc() +} + +func (r RoleAssignmentMarketplaceResource) Read() sdk.ResourceFunc { + return r.base.readFunc(MarketplaceScope, true) +} + +func (r RoleAssignmentMarketplaceResource) ResourceType() string { + return "azurerm_marketplace_role_assignment" +} + +func (r RoleAssignmentMarketplaceResource) ModelObject() interface{} { + return nil +} + +func (r RoleAssignmentMarketplaceResource) IDValidationFunc() pluginsdk.SchemaValidateFunc { + return parse.ValidateScopedRoleAssignmentID +} diff --git a/internal/services/authorization/role_assignment_marketplace_resource_test.go b/internal/services/authorization/role_assignment_marketplace_resource_test.go new file mode 100644 index 000000000000..74bbb7c1f329 --- /dev/null +++ b/internal/services/authorization/role_assignment_marketplace_resource_test.go @@ -0,0 +1,328 @@ +package authorization_test + +import ( + "context" + "fmt" + "testing" + + "github.com/google/uuid" + "github.com/hashicorp/go-azure-helpers/lang/response" + "github.com/hashicorp/go-azure-helpers/resourcemanager/commonids" + "github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments" + "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance" + "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check" + "github.com/hashicorp/terraform-provider-azurerm/internal/clients" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/authorization/parse" + "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" + "github.com/hashicorp/terraform-provider-azurerm/utils" +) + +type RoleAssignmentMarketplaceResource struct{} + +func TestAccRoleAssignmentMarketplace_emptyName(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_marketplace_role_assignment", "test") + r := RoleAssignmentMarketplaceResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.emptyNameConfig(), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("name").Exists(), + ), + }, + data.ImportStep("skip_service_principal_aad_check"), + }) +} + +func TestAccRoleAssignmentMarketplace_roleName(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_marketplace_role_assignment", "test") + id := uuid.New().String() + + r := RoleAssignmentMarketplaceResource{} + + data.ResourceSequentialTest(t, r, []acceptance.TestStep{ + { + Config: r.roleNameConfig(id), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("role_definition_id").Exists(), + check.That(data.ResourceName).Key("role_definition_name").HasValue("Log Analytics Reader"), + ), + }, + data.ImportStep("skip_service_principal_aad_check"), + }) +} + +func TestAccRoleAssignmentMarketplace_requiresImport(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_marketplace_role_assignment", "test") + id := uuid.New().String() + + r := RoleAssignmentMarketplaceResource{} + + data.ResourceSequentialTest(t, r, []acceptance.TestStep{ + { + Config: r.roleNameConfig(id), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("role_definition_id").Exists(), + check.That(data.ResourceName).Key("role_definition_name").HasValue("Log Analytics Reader"), + ), + }, + { + Config: r.requiresImportConfig(id), + ExpectError: acceptance.RequiresImportError("azurerm_marketplace_role_assignment"), + }, + }) +} + +func TestAccRoleAssignmentMarketplace_builtin(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_marketplace_role_assignment", "test") + id := uuid.New().String() + + r := RoleAssignmentMarketplaceResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.builtinConfig(id), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("skip_service_principal_aad_check"), + }) +} + +func TestAccRoleAssignmentMarketplace_ServicePrincipal(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_marketplace_role_assignment", "test") + ri := acceptance.RandTimeInt() + id := uuid.New().String() + + r := RoleAssignmentMarketplaceResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.servicePrincipal(ri, id), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + acceptance.TestCheckResourceAttr(data.ResourceName, "principal_type", "ServicePrincipal"), + ), + }, + }) +} + +func TestAccRoleAssignmentMarketplace_ServicePrincipalWithType(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_marketplace_role_assignment", "test") + ri := acceptance.RandTimeInt() + id := uuid.New().String() + + r := RoleAssignmentMarketplaceResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.servicePrincipalWithType(ri, id), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + }) +} + +func TestAccRoleAssignmentMarketplace_ServicePrincipalGroup(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_marketplace_role_assignment", "test") + ri := acceptance.RandTimeInt() + id := uuid.New().String() + + r := RoleAssignmentMarketplaceResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.group(ri, id), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + }) +} + +func (r RoleAssignmentMarketplaceResource) Exists(ctx context.Context, client *clients.Client, state *pluginsdk.InstanceState) (*bool, error) { + id, err := parse.ScopedRoleAssignmentID(state.ID) + if err != nil { + return nil, err + } + + options := roleassignments.DefaultGetByIdOperationOptions() + if id.TenantId != "" { + options.TenantId = &id.TenantId + } + + resp, err := client.Authorization.ScopedRoleAssignmentsClient.GetById(ctx, commonids.NewScopeID(id.ID()), options) + if err != nil { + if response.WasNotFound(resp.HttpResponse) { + return utils.Bool(false), nil + } + + return nil, fmt.Errorf("retrieving %s: %+v", id, err) + } + + return utils.Bool(true), nil +} + +func (RoleAssignmentMarketplaceResource) emptyNameConfig() string { + return ` +data "azurerm_client_config" "test" {} + +data "azurerm_role_definition" "test" { + name = "Monitoring Reader" +} + +resource "azurerm_marketplace_role_assignment" "test" { + role_definition_id = "${data.azurerm_role_definition.test.id}" + principal_id = "${data.azurerm_client_config.test.object_id}" + description = "Test Role Assignment" + + lifecycle { + ignore_changes = [ + name, + role_definition_name, + ] + } +} +` +} + +func (RoleAssignmentMarketplaceResource) roleNameConfig(id string) string { + return fmt.Sprintf(` +data "azurerm_client_config" "test" { +} + +resource "azurerm_marketplace_role_assignment" "test" { + name = "%s" + role_definition_name = "Log Analytics Reader" + principal_id = data.azurerm_client_config.test.object_id + + lifecycle { + ignore_changes = [ + role_definition_id, + ] + } +} +`, id) +} + +func (RoleAssignmentMarketplaceResource) requiresImportConfig(id string) string { + return fmt.Sprintf(` +%s + +resource "azurerm_marketplace_role_assignment" "import" { + name = azurerm_marketplace_role_assignment.test.name + role_definition_name = azurerm_marketplace_role_assignment.test.role_definition_name + principal_id = azurerm_marketplace_role_assignment.test.principal_id + + lifecycle { + ignore_changes = [ + role_definition_id, + ] + } +} +`, RoleAssignmentMarketplaceResource{}.roleNameConfig(id)) +} + +func (RoleAssignmentMarketplaceResource) builtinConfig(id string) string { + return fmt.Sprintf(` +data "azurerm_client_config" "test" { +} + +data "azurerm_role_definition" "test" { + name = "Log Analytics Reader" +} + +resource "azurerm_marketplace_role_assignment" "test" { + name = "%s" + role_definition_id = "${data.azurerm_role_definition.test.id}" + principal_id = data.azurerm_client_config.test.object_id + + lifecycle { + ignore_changes = [ + role_definition_name, + ] + } +} +`, id) +} + +func (RoleAssignmentMarketplaceResource) servicePrincipal(rInt int, roleAssignmentID string) string { + return fmt.Sprintf(` +provider "azuread" {} + +resource "azuread_application" "test" { + display_name = "acctestspa-%d" +} + +resource "azuread_service_principal" "test" { + application_id = azuread_application.test.application_id +} + +resource "azurerm_marketplace_role_assignment" "test" { + name = "%s" + role_definition_name = "Reader" + principal_id = azuread_service_principal.test.id + + lifecycle { + ignore_changes = [ + role_definition_id, + ] + } +} +`, rInt, roleAssignmentID) +} + +func (RoleAssignmentMarketplaceResource) servicePrincipalWithType(rInt int, roleAssignmentID string) string { + return fmt.Sprintf(` +provider "azuread" {} + +resource "azuread_application" "test" { + display_name = "acctestspa-%d" +} + +resource "azuread_service_principal" "test" { + application_id = azuread_application.test.application_id +} + +resource "azurerm_marketplace_role_assignment" "test" { + name = "%s" + role_definition_name = "Reader" + principal_id = azuread_service_principal.test.id + skip_service_principal_aad_check = true + + lifecycle { + ignore_changes = [ + role_definition_id, + ] + } +} +`, rInt, roleAssignmentID) +} + +func (RoleAssignmentMarketplaceResource) group(rInt int, roleAssignmentID string) string { + return fmt.Sprintf(` +provider "azuread" {} + +resource "azuread_group" "test" { + display_name = "acctestspa-%d" + security_enabled = true +} + +resource "azurerm_marketplace_role_assignment" "test" { + name = "%s" + role_definition_name = "Reader" + principal_id = azuread_group.test.id + + lifecycle { + ignore_changes = [ + role_definition_id, + ] + } +} +`, rInt, roleAssignmentID) +} diff --git a/internal/services/authorization/role_assignment_resource_base.go b/internal/services/authorization/role_assignment_resource_base.go new file mode 100644 index 000000000000..afb7ed708a15 --- /dev/null +++ b/internal/services/authorization/role_assignment_resource_base.go @@ -0,0 +1,383 @@ +package authorization + +import ( + "context" + "fmt" + "log" + "strings" + "time" + + "github.com/hashicorp/go-azure-helpers/lang/pointer" + "github.com/hashicorp/go-azure-helpers/lang/response" + "github.com/hashicorp/go-azure-helpers/resourcemanager/commonids" + "github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments" + "github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions" + "github.com/hashicorp/go-uuid" + "github.com/hashicorp/terraform-provider-azurerm/helpers/azure" + "github.com/hashicorp/terraform-provider-azurerm/helpers/tf" + "github.com/hashicorp/terraform-provider-azurerm/internal/sdk" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/authorization/parse" + "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" + "github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation" + "github.com/hashicorp/terraform-provider-azurerm/utils" +) + +type roleAssignmentBaseResource struct{} + +func (br roleAssignmentBaseResource) arguments() map[string]*pluginsdk.Schema { + return map[string]*pluginsdk.Schema{ + "principal_id": { + Type: pluginsdk.TypeString, + Required: true, + ForceNew: true, + }, + + "name": { + Type: pluginsdk.TypeString, + Optional: true, + ForceNew: true, + ValidateFunc: validation.IsUUID, + }, + + "role_definition_id": { + Type: pluginsdk.TypeString, + Optional: true, + ForceNew: true, + ConflictsWith: []string{"role_definition_name"}, + ValidateFunc: validation.StringIsNotEmpty, + }, + + "role_definition_name": { + Type: pluginsdk.TypeString, + Optional: true, + ForceNew: true, + ConflictsWith: []string{"role_definition_id"}, + ValidateFunc: validation.StringIsNotEmpty, + }, + + "skip_service_principal_aad_check": { + Type: pluginsdk.TypeBool, + Optional: true, + ForceNew: true, + Default: false, + }, + + "delegated_managed_identity_resource_id": { + Type: pluginsdk.TypeString, + Optional: true, + ForceNew: true, + ValidateFunc: azure.ValidateResourceID, + }, + + "description": { + Type: pluginsdk.TypeString, + Optional: true, + ForceNew: true, + ValidateFunc: validation.StringIsNotEmpty, + }, + + "condition": { + Type: pluginsdk.TypeString, + Optional: true, + ForceNew: true, + RequiredWith: []string{"condition_version"}, + ValidateFunc: validation.StringIsNotEmpty, + }, + + "condition_version": { + Type: pluginsdk.TypeString, + Optional: true, + ForceNew: true, + RequiredWith: []string{"condition"}, + ValidateFunc: validation.StringInSlice([]string{ + "1.0", + "2.0", + }, false), + }, + } +} + +func (br roleAssignmentBaseResource) attributes() map[string]*pluginsdk.Schema { + return map[string]*pluginsdk.Schema{ + "principal_type": { + Type: pluginsdk.TypeString, + Computed: true, + }, + } +} + +func (br roleAssignmentBaseResource) createFunc(resourceName, scope string) sdk.ResourceFunc { + return sdk.ResourceFunc{ + Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error { + roleAssignmentsClient := metadata.Client.Authorization.ScopedRoleAssignmentsClient + roleDefinitionsClient := metadata.Client.Authorization.ScopedRoleDefinitionsClient + subscriptionClient := metadata.Client.Subscription.Client + subscriptionId := metadata.Client.Account.SubscriptionId + name := metadata.ResourceData.Get("name").(string) + + var roleDefinitionId string + if v, ok := metadata.ResourceData.GetOk("role_definition_id"); ok { + roleDefinitionId = v.(string) + } + + if v, ok := metadata.ResourceData.GetOk("role_definition_name"); ok { + roleName := v.(string) + roleDefinitions, err := roleDefinitionsClient.List(ctx, commonids.NewScopeID(scope), roledefinitions.ListOperationOptions{Filter: pointer.To(fmt.Sprintf("roleName eq '%s'", roleName))}) + if err != nil { + return fmt.Errorf("loading Role Definition List: %+v", err) + } + + if roleDefinitions.Model == nil || len(*roleDefinitions.Model) != 1 || (*roleDefinitions.Model)[0].Id == nil { + return fmt.Errorf("loading Role Definition List: failed to find role '%s'", roleName) + } + + roleDefinitionId = *(*roleDefinitions.Model)[0].Id + } + + if roleDefinitionId == "" { + return fmt.Errorf("either 'role_definition_id' or 'role_definition_name' needs to be set") + } + + metadata.ResourceData.Set("role_definition_id", roleDefinitionId) + + principalId := metadata.ResourceData.Get("principal_id").(string) + + var err error + if name == "" { + name, err = uuid.GenerateUUID() + if err != nil { + return fmt.Errorf("generating UUID for Role Assignment: %+v", err) + } + } + + tenantId := "" + delegatedManagedIdentityResourceID := metadata.ResourceData.Get("delegated_managed_identity_resource_id").(string) + if len(delegatedManagedIdentityResourceID) > 0 { + tenantId, err = getTenantIdBySubscriptionId(ctx, subscriptionClient, subscriptionId) + if err != nil { + return err + } + } + + id := parse.NewScopedRoleAssignmentID(scope, name, tenantId) + options := roleassignments.DefaultGetOperationOptions() + if tenantId != "" { + options.TenantId = &tenantId + } + + existing, err := roleAssignmentsClient.Get(ctx, id.ScopedId, options) + if err != nil { + if !response.WasNotFound(existing.HttpResponse) { + return fmt.Errorf("checking for presence of existing %s: %s", id, err) + } + } + + if !response.WasNotFound(existing.HttpResponse) { + return tf.ImportAsExistsError(resourceName, id.ID()) + } + + properties := roleassignments.RoleAssignmentCreateParameters{ + Properties: roleassignments.RoleAssignmentProperties{ + RoleDefinitionId: roleDefinitionId, + PrincipalId: principalId, + Description: pointer.To(metadata.ResourceData.Get("description").(string)), + }, + } + + if len(delegatedManagedIdentityResourceID) > 0 { + properties.Properties.DelegatedManagedIdentityResourceId = &delegatedManagedIdentityResourceID + } + + condition := metadata.ResourceData.Get("condition").(string) + conditionVersion := metadata.ResourceData.Get("condition_version").(string) + + if condition != "" { + properties.Properties.Condition = &condition + properties.Properties.ConditionVersion = &conditionVersion + } + + skipPrincipalCheck := metadata.ResourceData.Get("skip_service_principal_aad_check").(bool) + if skipPrincipalCheck { + properties.Properties.PrincipalType = pointer.To(roleassignments.PrincipalTypeServicePrincipal) + } + + deadline, ok := ctx.Deadline() + if !ok { + return fmt.Errorf("could not retrieve context deadline for %s", id) + } + + if err = pluginsdk.Retry(time.Until(deadline), br.retryRoleAssignmentsClient(ctx, metadata, id, &properties)); err != nil { + return err + } + + metadata.SetID(id) + return nil + }, + + Timeout: 30 * time.Minute, + } +} + +func (br roleAssignmentBaseResource) readFunc(scope string, isTenantLevel bool) sdk.ResourceFunc { + return sdk.ResourceFunc{ + Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error { + client := metadata.Client.Authorization.ScopedRoleAssignmentsClient + roleDefinitionsClient := metadata.Client.Authorization.ScopedRoleDefinitionsClient + + id, err := parse.ScopedRoleAssignmentID(metadata.ResourceData.Id()) + if err != nil { + return err + } + + options := roleassignments.DefaultGetByIdOperationOptions() + if id.TenantId != "" { + options.TenantId = &id.TenantId + } + + resp, err := client.GetById(ctx, commonids.NewScopeID(id.ScopedId.ID()), options) + if err != nil { + if response.WasNotFound(resp.HttpResponse) { + log.Printf("[DEBUG] %s was not found - removing from state", id) + metadata.ResourceData.SetId("") + return nil + } + + return fmt.Errorf("retrieving %s: %+v", id, err) + } + + if model := resp.Model; model != nil { + metadata.ResourceData.Set("name", model.Name) + if props := model.Properties; props != nil { + metadata.ResourceData.Set("role_definition_id", props.RoleDefinitionId) + metadata.ResourceData.Set("principal_id", props.PrincipalId) + metadata.ResourceData.Set("delegated_managed_identity_resource_id", props.DelegatedManagedIdentityResourceId) + metadata.ResourceData.Set("description", props.Description) + metadata.ResourceData.Set("condition", props.Condition) + metadata.ResourceData.Set("condition_version", props.ConditionVersion) + + if props.PrincipalType != nil { + metadata.ResourceData.Set("principal_type", pointer.From(props.PrincipalType)) + } + + // allows for import when role name is used (also if the role name changes a plan will show a diff) + roleId := props.RoleDefinitionId + // The tenant level role definitions do not have a scope + if isTenantLevel { + roleId = fmt.Sprintf("%s%s", scope, props.RoleDefinitionId) + } + + roleDefinitionId, err := roledefinitions.ParseScopedRoleDefinitionID(roleId) + if err != nil { + return err + } + + roleResp, err := roleDefinitionsClient.Get(ctx, *roleDefinitionId) + if err != nil { + return fmt.Errorf("retrieving %s: %s", roleDefinitionId, err) + } + + if roleModel := roleResp.Model; roleModel != nil { + if roleProps := roleModel.Properties; roleProps != nil { + metadata.ResourceData.Set("role_definition_name", roleProps.RoleName) + } + } + } + } + + return nil + }, + Timeout: 5 * time.Minute, + } +} + +func (br roleAssignmentBaseResource) deleteFunc() sdk.ResourceFunc { + return sdk.ResourceFunc{ + Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error { + client := metadata.Client.Authorization.ScopedRoleAssignmentsClient + + id, err := parse.ScopedRoleAssignmentID(metadata.ResourceData.Id()) + if err != nil { + return err + } + + options := roleassignments.DefaultDeleteOperationOptions() + if id.TenantId != "" { + options.TenantId = &id.TenantId + } + + resp, err := client.Delete(ctx, id.ScopedId, options) + if err != nil { + if !response.WasNotFound(resp.HttpResponse) { + return err + } + } + + return nil + }, + + Timeout: 30 * time.Minute, + } +} + +func (br roleAssignmentBaseResource) retryRoleAssignmentsClient(ctx context.Context, metadata sdk.ResourceMetaData, id parse.ScopedRoleAssignmentId, properties *roleassignments.RoleAssignmentCreateParameters) func() *pluginsdk.RetryError { + return func() *pluginsdk.RetryError { + roleAssignmentsClient := metadata.Client.Authorization.ScopedRoleAssignmentsClient + resp, err := roleAssignmentsClient.Create(ctx, id.ScopedId, *properties) + if err != nil { + if utils.ResponseErrorIsRetryable(err) { + return pluginsdk.RetryableError(err) + } else if response.WasStatusCode(resp.HttpResponse, 400) && strings.Contains(err.Error(), "PrincipalNotFound") { + // When waiting for service principal to become available + return pluginsdk.RetryableError(err) + } + + return pluginsdk.NonRetryableError(err) + } + + if resp.Model == nil || resp.Model.Id == nil { + return pluginsdk.NonRetryableError(fmt.Errorf("creation of Role Assignment %s did not return an id value", id)) + } + + deadline, ok := ctx.Deadline() + if !ok { + return pluginsdk.NonRetryableError(fmt.Errorf("could not retrieve context deadline for %s", metadata.ResourceData.Id())) + } + + stateConf := &pluginsdk.StateChangeConf{ + Pending: []string{ + "pending", + }, + Target: []string{ + "ready", + }, + Refresh: br.roleAssignmentCreateStateRefreshFunc(ctx, roleAssignmentsClient, id), + MinTimeout: 5 * time.Second, + ContinuousTargetOccurence: 5, + Timeout: time.Until(deadline), + } + + if _, err := stateConf.WaitForStateContext(ctx); err != nil { + return pluginsdk.NonRetryableError(fmt.Errorf("failed waiting for Role Assignment %s to finish replicating: %+v", id, err)) + } + + return nil + } +} + +func (br roleAssignmentBaseResource) roleAssignmentCreateStateRefreshFunc(ctx context.Context, client *roleassignments.RoleAssignmentsClient, id parse.ScopedRoleAssignmentId) pluginsdk.StateRefreshFunc { + return func() (interface{}, string, error) { + options := roleassignments.DefaultGetByIdOperationOptions() + if id.TenantId != "" { + options.TenantId = &id.TenantId + } + + resp, err := client.GetById(ctx, commonids.NewScopeID(id.ScopedId.ID()), options) + if err != nil { + if response.WasNotFound(resp.HttpResponse) { + return resp, "pending", nil + } + return resp, "failed", err + } + return resp, "ready", nil + } +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/README.md b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/README.md new file mode 100644 index 000000000000..7ea3133cbafb --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/README.md @@ -0,0 +1,194 @@ + +## `github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments` Documentation + +The `roleassignments` SDK allows for interaction with the Azure Resource Manager Service `authorization` (API Version `2022-04-01`). + +This readme covers example usages, but further information on [using this SDK can be found in the project root](https://github.com/hashicorp/go-azure-sdk/tree/main/docs). + +### Import Path + +```go +import "github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments" +``` + + +### Client Initialization + +```go +client := roleassignments.NewRoleAssignmentsClientWithBaseURI("https://management.azure.com") +client.Client.Authorizer = authorizer +``` + + +### Example Usage: `RoleAssignmentsClient.Create` + +```go +ctx := context.TODO() +id := roleassignments.NewScopedRoleAssignmentID("/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/some-resource-group", "roleAssignmentValue") + +payload := roleassignments.RoleAssignmentCreateParameters{ + // ... +} + + +read, err := client.Create(ctx, id, payload) +if err != nil { + // handle the error +} +if model := read.Model; model != nil { + // do something with the model/response object +} +``` + + +### Example Usage: `RoleAssignmentsClient.CreateById` + +```go +ctx := context.TODO() +id := roleassignments.NewScopeID("/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/some-resource-group") + +payload := roleassignments.RoleAssignmentCreateParameters{ + // ... +} + + +read, err := client.CreateById(ctx, id, payload) +if err != nil { + // handle the error +} +if model := read.Model; model != nil { + // do something with the model/response object +} +``` + + +### Example Usage: `RoleAssignmentsClient.Delete` + +```go +ctx := context.TODO() +id := roleassignments.NewScopedRoleAssignmentID("/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/some-resource-group", "roleAssignmentValue") + +read, err := client.Delete(ctx, id, roleassignments.DefaultDeleteOperationOptions()) +if err != nil { + // handle the error +} +if model := read.Model; model != nil { + // do something with the model/response object +} +``` + + +### Example Usage: `RoleAssignmentsClient.DeleteById` + +```go +ctx := context.TODO() +id := roleassignments.NewScopeID("/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/some-resource-group") + +read, err := client.DeleteById(ctx, id, roleassignments.DefaultDeleteByIdOperationOptions()) +if err != nil { + // handle the error +} +if model := read.Model; model != nil { + // do something with the model/response object +} +``` + + +### Example Usage: `RoleAssignmentsClient.Get` + +```go +ctx := context.TODO() +id := roleassignments.NewScopedRoleAssignmentID("/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/some-resource-group", "roleAssignmentValue") + +read, err := client.Get(ctx, id, roleassignments.DefaultGetOperationOptions()) +if err != nil { + // handle the error +} +if model := read.Model; model != nil { + // do something with the model/response object +} +``` + + +### Example Usage: `RoleAssignmentsClient.GetById` + +```go +ctx := context.TODO() +id := roleassignments.NewScopeID("/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/some-resource-group") + +read, err := client.GetById(ctx, id, roleassignments.DefaultGetByIdOperationOptions()) +if err != nil { + // handle the error +} +if model := read.Model; model != nil { + // do something with the model/response object +} +``` + + +### Example Usage: `RoleAssignmentsClient.ListForResource` + +```go +ctx := context.TODO() +id := roleassignments.NewProviderID("12345678-1234-9876-4563-123456789012", "example-resource-group", "providerValue", "resourceTypeValue", "resourceValue") + +// alternatively `client.ListForResource(ctx, id, roleassignments.DefaultListForResourceOperationOptions())` can be used to do batched pagination +items, err := client.ListForResourceComplete(ctx, id, roleassignments.DefaultListForResourceOperationOptions()) +if err != nil { + // handle the error +} +for _, item := range items { + // do something +} +``` + + +### Example Usage: `RoleAssignmentsClient.ListForResourceGroup` + +```go +ctx := context.TODO() +id := roleassignments.NewResourceGroupID("12345678-1234-9876-4563-123456789012", "example-resource-group") + +// alternatively `client.ListForResourceGroup(ctx, id, roleassignments.DefaultListForResourceGroupOperationOptions())` can be used to do batched pagination +items, err := client.ListForResourceGroupComplete(ctx, id, roleassignments.DefaultListForResourceGroupOperationOptions()) +if err != nil { + // handle the error +} +for _, item := range items { + // do something +} +``` + + +### Example Usage: `RoleAssignmentsClient.ListForScope` + +```go +ctx := context.TODO() +id := roleassignments.NewScopeID("/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/some-resource-group") + +// alternatively `client.ListForScope(ctx, id, roleassignments.DefaultListForScopeOperationOptions())` can be used to do batched pagination +items, err := client.ListForScopeComplete(ctx, id, roleassignments.DefaultListForScopeOperationOptions()) +if err != nil { + // handle the error +} +for _, item := range items { + // do something +} +``` + + +### Example Usage: `RoleAssignmentsClient.ListForSubscription` + +```go +ctx := context.TODO() +id := roleassignments.NewSubscriptionID("12345678-1234-9876-4563-123456789012") + +// alternatively `client.ListForSubscription(ctx, id, roleassignments.DefaultListForSubscriptionOperationOptions())` can be used to do batched pagination +items, err := client.ListForSubscriptionComplete(ctx, id, roleassignments.DefaultListForSubscriptionOperationOptions()) +if err != nil { + // handle the error +} +for _, item := range items { + // do something +} +``` diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/client.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/client.go new file mode 100644 index 000000000000..275b6f0fd543 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/client.go @@ -0,0 +1,26 @@ +package roleassignments + +import ( + "fmt" + + "github.com/hashicorp/go-azure-sdk/sdk/client/resourcemanager" + "github.com/hashicorp/go-azure-sdk/sdk/environments" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type RoleAssignmentsClient struct { + Client *resourcemanager.Client +} + +func NewRoleAssignmentsClientWithBaseURI(api environments.Api) (*RoleAssignmentsClient, error) { + client, err := resourcemanager.NewResourceManagerClient(api, "roleassignments", defaultApiVersion) + if err != nil { + return nil, fmt.Errorf("instantiating RoleAssignmentsClient: %+v", err) + } + + return &RoleAssignmentsClient{ + Client: client, + }, nil +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/constants.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/constants.go new file mode 100644 index 000000000000..1fde147907a2 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/constants.go @@ -0,0 +1,60 @@ +package roleassignments + +import ( + "encoding/json" + "fmt" + "strings" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type PrincipalType string + +const ( + PrincipalTypeDevice PrincipalType = "Device" + PrincipalTypeForeignGroup PrincipalType = "ForeignGroup" + PrincipalTypeGroup PrincipalType = "Group" + PrincipalTypeServicePrincipal PrincipalType = "ServicePrincipal" + PrincipalTypeUser PrincipalType = "User" +) + +func PossibleValuesForPrincipalType() []string { + return []string{ + string(PrincipalTypeDevice), + string(PrincipalTypeForeignGroup), + string(PrincipalTypeGroup), + string(PrincipalTypeServicePrincipal), + string(PrincipalTypeUser), + } +} + +func (s *PrincipalType) UnmarshalJSON(bytes []byte) error { + var decoded string + if err := json.Unmarshal(bytes, &decoded); err != nil { + return fmt.Errorf("unmarshaling: %+v", err) + } + out, err := parsePrincipalType(decoded) + if err != nil { + return fmt.Errorf("parsing %q: %+v", decoded, err) + } + *s = *out + return nil +} + +func parsePrincipalType(input string) (*PrincipalType, error) { + vals := map[string]PrincipalType{ + "device": PrincipalTypeDevice, + "foreigngroup": PrincipalTypeForeignGroup, + "group": PrincipalTypeGroup, + "serviceprincipal": PrincipalTypeServicePrincipal, + "user": PrincipalTypeUser, + } + if v, ok := vals[strings.ToLower(input)]; ok { + return &v, nil + } + + // otherwise presume it's an undefined value and best-effort it + out := PrincipalType(input) + return &out, nil +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/id_provider.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/id_provider.go new file mode 100644 index 000000000000..d753b1364aec --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/id_provider.go @@ -0,0 +1,149 @@ +package roleassignments + +import ( + "fmt" + "strings" + + "github.com/hashicorp/go-azure-helpers/resourcemanager/resourceids" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +var _ resourceids.ResourceId = ProviderId{} + +// ProviderId is a struct representing the Resource ID for a Provider +type ProviderId struct { + SubscriptionId string + ResourceGroupName string + ProviderName string + ResourceType string + ResourceName string +} + +// NewProviderID returns a new ProviderId struct +func NewProviderID(subscriptionId string, resourceGroupName string, providerName string, resourceType string, resourceName string) ProviderId { + return ProviderId{ + SubscriptionId: subscriptionId, + ResourceGroupName: resourceGroupName, + ProviderName: providerName, + ResourceType: resourceType, + ResourceName: resourceName, + } +} + +// ParseProviderID parses 'input' into a ProviderId +func ParseProviderID(input string) (*ProviderId, error) { + parser := resourceids.NewParserFromResourceIdType(ProviderId{}) + parsed, err := parser.Parse(input, false) + if err != nil { + return nil, fmt.Errorf("parsing %q: %+v", input, err) + } + + var ok bool + id := ProviderId{} + + if id.SubscriptionId, ok = parsed.Parsed["subscriptionId"]; !ok { + return nil, resourceids.NewSegmentNotSpecifiedError(id, "subscriptionId", *parsed) + } + + if id.ResourceGroupName, ok = parsed.Parsed["resourceGroupName"]; !ok { + return nil, resourceids.NewSegmentNotSpecifiedError(id, "resourceGroupName", *parsed) + } + + if id.ProviderName, ok = parsed.Parsed["providerName"]; !ok { + return nil, resourceids.NewSegmentNotSpecifiedError(id, "providerName", *parsed) + } + + if id.ResourceType, ok = parsed.Parsed["resourceType"]; !ok { + return nil, resourceids.NewSegmentNotSpecifiedError(id, "resourceType", *parsed) + } + + if id.ResourceName, ok = parsed.Parsed["resourceName"]; !ok { + return nil, resourceids.NewSegmentNotSpecifiedError(id, "resourceName", *parsed) + } + + return &id, nil +} + +// ParseProviderIDInsensitively parses 'input' case-insensitively into a ProviderId +// note: this method should only be used for API response data and not user input +func ParseProviderIDInsensitively(input string) (*ProviderId, error) { + parser := resourceids.NewParserFromResourceIdType(ProviderId{}) + parsed, err := parser.Parse(input, true) + if err != nil { + return nil, fmt.Errorf("parsing %q: %+v", input, err) + } + + var ok bool + id := ProviderId{} + + if id.SubscriptionId, ok = parsed.Parsed["subscriptionId"]; !ok { + return nil, resourceids.NewSegmentNotSpecifiedError(id, "subscriptionId", *parsed) + } + + if id.ResourceGroupName, ok = parsed.Parsed["resourceGroupName"]; !ok { + return nil, resourceids.NewSegmentNotSpecifiedError(id, "resourceGroupName", *parsed) + } + + if id.ProviderName, ok = parsed.Parsed["providerName"]; !ok { + return nil, resourceids.NewSegmentNotSpecifiedError(id, "providerName", *parsed) + } + + if id.ResourceType, ok = parsed.Parsed["resourceType"]; !ok { + return nil, resourceids.NewSegmentNotSpecifiedError(id, "resourceType", *parsed) + } + + if id.ResourceName, ok = parsed.Parsed["resourceName"]; !ok { + return nil, resourceids.NewSegmentNotSpecifiedError(id, "resourceName", *parsed) + } + + return &id, nil +} + +// ValidateProviderID checks that 'input' can be parsed as a Provider ID +func ValidateProviderID(input interface{}, key string) (warnings []string, errors []error) { + v, ok := input.(string) + if !ok { + errors = append(errors, fmt.Errorf("expected %q to be a string", key)) + return + } + + if _, err := ParseProviderID(v); err != nil { + errors = append(errors, err) + } + + return +} + +// ID returns the formatted Provider ID +func (id ProviderId) ID() string { + fmtString := "/subscriptions/%s/resourceGroups/%s/providers/%s/%s/%s" + return fmt.Sprintf(fmtString, id.SubscriptionId, id.ResourceGroupName, id.ProviderName, id.ResourceType, id.ResourceName) +} + +// Segments returns a slice of Resource ID Segments which comprise this Provider ID +func (id ProviderId) Segments() []resourceids.Segment { + return []resourceids.Segment{ + resourceids.StaticSegment("staticSubscriptions", "subscriptions", "subscriptions"), + resourceids.SubscriptionIdSegment("subscriptionId", "12345678-1234-9876-4563-123456789012"), + resourceids.StaticSegment("staticResourceGroups", "resourceGroups", "resourceGroups"), + resourceids.ResourceGroupSegment("resourceGroupName", "example-resource-group"), + resourceids.StaticSegment("staticProviders", "providers", "providers"), + resourceids.UserSpecifiedSegment("providerName", "providerValue"), + resourceids.UserSpecifiedSegment("resourceType", "resourceTypeValue"), + resourceids.UserSpecifiedSegment("resourceName", "resourceValue"), + } +} + +// String returns a human-readable description of this Provider ID +func (id ProviderId) String() string { + components := []string{ + fmt.Sprintf("Subscription: %q", id.SubscriptionId), + fmt.Sprintf("Resource Group Name: %q", id.ResourceGroupName), + fmt.Sprintf("Provider Name: %q", id.ProviderName), + fmt.Sprintf("Resource Type: %q", id.ResourceType), + fmt.Sprintf("Resource Name: %q", id.ResourceName), + } + return fmt.Sprintf("Provider (%s)", strings.Join(components, "\n")) +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/id_scopedroleassignment.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/id_scopedroleassignment.go new file mode 100644 index 000000000000..4605be879f76 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/id_scopedroleassignment.go @@ -0,0 +1,113 @@ +package roleassignments + +import ( + "fmt" + "strings" + + "github.com/hashicorp/go-azure-helpers/resourcemanager/resourceids" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +var _ resourceids.ResourceId = ScopedRoleAssignmentId{} + +// ScopedRoleAssignmentId is a struct representing the Resource ID for a Scoped Role Assignment +type ScopedRoleAssignmentId struct { + Scope string + RoleAssignmentName string +} + +// NewScopedRoleAssignmentID returns a new ScopedRoleAssignmentId struct +func NewScopedRoleAssignmentID(scope string, roleAssignmentName string) ScopedRoleAssignmentId { + return ScopedRoleAssignmentId{ + Scope: scope, + RoleAssignmentName: roleAssignmentName, + } +} + +// ParseScopedRoleAssignmentID parses 'input' into a ScopedRoleAssignmentId +func ParseScopedRoleAssignmentID(input string) (*ScopedRoleAssignmentId, error) { + parser := resourceids.NewParserFromResourceIdType(ScopedRoleAssignmentId{}) + parsed, err := parser.Parse(input, false) + if err != nil { + return nil, fmt.Errorf("parsing %q: %+v", input, err) + } + + var ok bool + id := ScopedRoleAssignmentId{} + + if id.Scope, ok = parsed.Parsed["scope"]; !ok { + return nil, resourceids.NewSegmentNotSpecifiedError(id, "scope", *parsed) + } + + if id.RoleAssignmentName, ok = parsed.Parsed["roleAssignmentName"]; !ok { + return nil, resourceids.NewSegmentNotSpecifiedError(id, "roleAssignmentName", *parsed) + } + + return &id, nil +} + +// ParseScopedRoleAssignmentIDInsensitively parses 'input' case-insensitively into a ScopedRoleAssignmentId +// note: this method should only be used for API response data and not user input +func ParseScopedRoleAssignmentIDInsensitively(input string) (*ScopedRoleAssignmentId, error) { + parser := resourceids.NewParserFromResourceIdType(ScopedRoleAssignmentId{}) + parsed, err := parser.Parse(input, true) + if err != nil { + return nil, fmt.Errorf("parsing %q: %+v", input, err) + } + + var ok bool + id := ScopedRoleAssignmentId{} + + if id.Scope, ok = parsed.Parsed["scope"]; !ok { + return nil, resourceids.NewSegmentNotSpecifiedError(id, "scope", *parsed) + } + + if id.RoleAssignmentName, ok = parsed.Parsed["roleAssignmentName"]; !ok { + return nil, resourceids.NewSegmentNotSpecifiedError(id, "roleAssignmentName", *parsed) + } + + return &id, nil +} + +// ValidateScopedRoleAssignmentID checks that 'input' can be parsed as a Scoped Role Assignment ID +func ValidateScopedRoleAssignmentID(input interface{}, key string) (warnings []string, errors []error) { + v, ok := input.(string) + if !ok { + errors = append(errors, fmt.Errorf("expected %q to be a string", key)) + return + } + + if _, err := ParseScopedRoleAssignmentID(v); err != nil { + errors = append(errors, err) + } + + return +} + +// ID returns the formatted Scoped Role Assignment ID +func (id ScopedRoleAssignmentId) ID() string { + fmtString := "/%s/providers/Microsoft.Authorization/roleAssignments/%s" + return fmt.Sprintf(fmtString, strings.TrimPrefix(id.Scope, "/"), id.RoleAssignmentName) +} + +// Segments returns a slice of Resource ID Segments which comprise this Scoped Role Assignment ID +func (id ScopedRoleAssignmentId) Segments() []resourceids.Segment { + return []resourceids.Segment{ + resourceids.ScopeSegment("scope", "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/some-resource-group"), + resourceids.StaticSegment("staticProviders", "providers", "providers"), + resourceids.ResourceProviderSegment("staticMicrosoftAuthorization", "Microsoft.Authorization", "Microsoft.Authorization"), + resourceids.StaticSegment("staticRoleAssignments", "roleAssignments", "roleAssignments"), + resourceids.UserSpecifiedSegment("roleAssignmentName", "roleAssignmentValue"), + } +} + +// String returns a human-readable description of this Scoped Role Assignment ID +func (id ScopedRoleAssignmentId) String() string { + components := []string{ + fmt.Sprintf("Scope: %q", id.Scope), + fmt.Sprintf("Role Assignment Name: %q", id.RoleAssignmentName), + } + return fmt.Sprintf("Scoped Role Assignment (%s)", strings.Join(components, "\n")) +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_create.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_create.go new file mode 100644 index 000000000000..b3b502e3e4c6 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_create.go @@ -0,0 +1,56 @@ +package roleassignments + +import ( + "context" + "net/http" + + "github.com/hashicorp/go-azure-sdk/sdk/client" + "github.com/hashicorp/go-azure-sdk/sdk/odata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type CreateOperationResponse struct { + HttpResponse *http.Response + OData *odata.OData + Model *RoleAssignment +} + +// Create ... +func (c RoleAssignmentsClient) Create(ctx context.Context, id ScopedRoleAssignmentId, input RoleAssignmentCreateParameters) (result CreateOperationResponse, err error) { + opts := client.RequestOptions{ + ContentType: "application/json", + ExpectedStatusCodes: []int{ + http.StatusCreated, + http.StatusOK, + }, + HttpMethod: http.MethodPut, + Path: id.ID(), + } + + req, err := c.Client.NewRequest(ctx, opts) + if err != nil { + return + } + + if err = req.Marshal(input); err != nil { + return + } + + var resp *client.Response + resp, err = req.Execute(ctx) + if resp != nil { + result.OData = resp.OData + result.HttpResponse = resp.Response + } + if err != nil { + return + } + + if err = resp.Unmarshal(&result.Model); err != nil { + return + } + + return +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_createbyid.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_createbyid.go new file mode 100644 index 000000000000..b60334b62c82 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_createbyid.go @@ -0,0 +1,57 @@ +package roleassignments + +import ( + "context" + "net/http" + + "github.com/hashicorp/go-azure-helpers/resourcemanager/commonids" + "github.com/hashicorp/go-azure-sdk/sdk/client" + "github.com/hashicorp/go-azure-sdk/sdk/odata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type CreateByIdOperationResponse struct { + HttpResponse *http.Response + OData *odata.OData + Model *RoleAssignment +} + +// CreateById ... +func (c RoleAssignmentsClient) CreateById(ctx context.Context, id commonids.ScopeId, input RoleAssignmentCreateParameters) (result CreateByIdOperationResponse, err error) { + opts := client.RequestOptions{ + ContentType: "application/json", + ExpectedStatusCodes: []int{ + http.StatusCreated, + http.StatusOK, + }, + HttpMethod: http.MethodPut, + Path: id.ID(), + } + + req, err := c.Client.NewRequest(ctx, opts) + if err != nil { + return + } + + if err = req.Marshal(input); err != nil { + return + } + + var resp *client.Response + resp, err = req.Execute(ctx) + if resp != nil { + result.OData = resp.OData + result.HttpResponse = resp.Response + } + if err != nil { + return + } + + if err = resp.Unmarshal(&result.Model); err != nil { + return + } + + return +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_delete.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_delete.go new file mode 100644 index 000000000000..3aa1ba1413d0 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_delete.go @@ -0,0 +1,81 @@ +package roleassignments + +import ( + "context" + "fmt" + "net/http" + + "github.com/hashicorp/go-azure-sdk/sdk/client" + "github.com/hashicorp/go-azure-sdk/sdk/odata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type DeleteOperationResponse struct { + HttpResponse *http.Response + OData *odata.OData + Model *RoleAssignment +} + +type DeleteOperationOptions struct { + TenantId *string +} + +func DefaultDeleteOperationOptions() DeleteOperationOptions { + return DeleteOperationOptions{} +} + +func (o DeleteOperationOptions) ToHeaders() *client.Headers { + out := client.Headers{} + + return &out +} + +func (o DeleteOperationOptions) ToOData() *odata.Query { + out := odata.Query{} + return &out +} + +func (o DeleteOperationOptions) ToQuery() *client.QueryParams { + out := client.QueryParams{} + if o.TenantId != nil { + out.Append("tenantId", fmt.Sprintf("%v", *o.TenantId)) + } + return &out +} + +// Delete ... +func (c RoleAssignmentsClient) Delete(ctx context.Context, id ScopedRoleAssignmentId, options DeleteOperationOptions) (result DeleteOperationResponse, err error) { + opts := client.RequestOptions{ + ContentType: "application/json", + ExpectedStatusCodes: []int{ + http.StatusNoContent, + http.StatusOK, + }, + HttpMethod: http.MethodDelete, + Path: id.ID(), + OptionsObject: options, + } + + req, err := c.Client.NewRequest(ctx, opts) + if err != nil { + return + } + + var resp *client.Response + resp, err = req.Execute(ctx) + if resp != nil { + result.OData = resp.OData + result.HttpResponse = resp.Response + } + if err != nil { + return + } + + if err = resp.Unmarshal(&result.Model); err != nil { + return + } + + return +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_deletebyid.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_deletebyid.go new file mode 100644 index 000000000000..33375fe20229 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_deletebyid.go @@ -0,0 +1,82 @@ +package roleassignments + +import ( + "context" + "fmt" + "net/http" + + "github.com/hashicorp/go-azure-helpers/resourcemanager/commonids" + "github.com/hashicorp/go-azure-sdk/sdk/client" + "github.com/hashicorp/go-azure-sdk/sdk/odata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type DeleteByIdOperationResponse struct { + HttpResponse *http.Response + OData *odata.OData + Model *RoleAssignment +} + +type DeleteByIdOperationOptions struct { + TenantId *string +} + +func DefaultDeleteByIdOperationOptions() DeleteByIdOperationOptions { + return DeleteByIdOperationOptions{} +} + +func (o DeleteByIdOperationOptions) ToHeaders() *client.Headers { + out := client.Headers{} + + return &out +} + +func (o DeleteByIdOperationOptions) ToOData() *odata.Query { + out := odata.Query{} + return &out +} + +func (o DeleteByIdOperationOptions) ToQuery() *client.QueryParams { + out := client.QueryParams{} + if o.TenantId != nil { + out.Append("tenantId", fmt.Sprintf("%v", *o.TenantId)) + } + return &out +} + +// DeleteById ... +func (c RoleAssignmentsClient) DeleteById(ctx context.Context, id commonids.ScopeId, options DeleteByIdOperationOptions) (result DeleteByIdOperationResponse, err error) { + opts := client.RequestOptions{ + ContentType: "application/json", + ExpectedStatusCodes: []int{ + http.StatusNoContent, + http.StatusOK, + }, + HttpMethod: http.MethodDelete, + Path: id.ID(), + OptionsObject: options, + } + + req, err := c.Client.NewRequest(ctx, opts) + if err != nil { + return + } + + var resp *client.Response + resp, err = req.Execute(ctx) + if resp != nil { + result.OData = resp.OData + result.HttpResponse = resp.Response + } + if err != nil { + return + } + + if err = resp.Unmarshal(&result.Model); err != nil { + return + } + + return +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_get.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_get.go new file mode 100644 index 000000000000..78fab24baea8 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_get.go @@ -0,0 +1,80 @@ +package roleassignments + +import ( + "context" + "fmt" + "net/http" + + "github.com/hashicorp/go-azure-sdk/sdk/client" + "github.com/hashicorp/go-azure-sdk/sdk/odata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type GetOperationResponse struct { + HttpResponse *http.Response + OData *odata.OData + Model *RoleAssignment +} + +type GetOperationOptions struct { + TenantId *string +} + +func DefaultGetOperationOptions() GetOperationOptions { + return GetOperationOptions{} +} + +func (o GetOperationOptions) ToHeaders() *client.Headers { + out := client.Headers{} + + return &out +} + +func (o GetOperationOptions) ToOData() *odata.Query { + out := odata.Query{} + return &out +} + +func (o GetOperationOptions) ToQuery() *client.QueryParams { + out := client.QueryParams{} + if o.TenantId != nil { + out.Append("tenantId", fmt.Sprintf("%v", *o.TenantId)) + } + return &out +} + +// Get ... +func (c RoleAssignmentsClient) Get(ctx context.Context, id ScopedRoleAssignmentId, options GetOperationOptions) (result GetOperationResponse, err error) { + opts := client.RequestOptions{ + ContentType: "application/json", + ExpectedStatusCodes: []int{ + http.StatusOK, + }, + HttpMethod: http.MethodGet, + Path: id.ID(), + OptionsObject: options, + } + + req, err := c.Client.NewRequest(ctx, opts) + if err != nil { + return + } + + var resp *client.Response + resp, err = req.Execute(ctx) + if resp != nil { + result.OData = resp.OData + result.HttpResponse = resp.Response + } + if err != nil { + return + } + + if err = resp.Unmarshal(&result.Model); err != nil { + return + } + + return +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_getbyid.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_getbyid.go new file mode 100644 index 000000000000..3610bd6ad549 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_getbyid.go @@ -0,0 +1,81 @@ +package roleassignments + +import ( + "context" + "fmt" + "net/http" + + "github.com/hashicorp/go-azure-helpers/resourcemanager/commonids" + "github.com/hashicorp/go-azure-sdk/sdk/client" + "github.com/hashicorp/go-azure-sdk/sdk/odata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type GetByIdOperationResponse struct { + HttpResponse *http.Response + OData *odata.OData + Model *RoleAssignment +} + +type GetByIdOperationOptions struct { + TenantId *string +} + +func DefaultGetByIdOperationOptions() GetByIdOperationOptions { + return GetByIdOperationOptions{} +} + +func (o GetByIdOperationOptions) ToHeaders() *client.Headers { + out := client.Headers{} + + return &out +} + +func (o GetByIdOperationOptions) ToOData() *odata.Query { + out := odata.Query{} + return &out +} + +func (o GetByIdOperationOptions) ToQuery() *client.QueryParams { + out := client.QueryParams{} + if o.TenantId != nil { + out.Append("tenantId", fmt.Sprintf("%v", *o.TenantId)) + } + return &out +} + +// GetById ... +func (c RoleAssignmentsClient) GetById(ctx context.Context, id commonids.ScopeId, options GetByIdOperationOptions) (result GetByIdOperationResponse, err error) { + opts := client.RequestOptions{ + ContentType: "application/json", + ExpectedStatusCodes: []int{ + http.StatusOK, + }, + HttpMethod: http.MethodGet, + Path: id.ID(), + OptionsObject: options, + } + + req, err := c.Client.NewRequest(ctx, opts) + if err != nil { + return + } + + var resp *client.Response + resp, err = req.Execute(ctx) + if resp != nil { + result.OData = resp.OData + result.HttpResponse = resp.Response + } + if err != nil { + return + } + + if err = resp.Unmarshal(&result.Model); err != nil { + return + } + + return +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_listforresource.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_listforresource.go new file mode 100644 index 000000000000..9d9d42062d56 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_listforresource.go @@ -0,0 +1,121 @@ +package roleassignments + +import ( + "context" + "fmt" + "net/http" + + "github.com/hashicorp/go-azure-sdk/sdk/client" + "github.com/hashicorp/go-azure-sdk/sdk/odata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type ListForResourceOperationResponse struct { + HttpResponse *http.Response + OData *odata.OData + Model *[]RoleAssignment +} + +type ListForResourceCompleteResult struct { + Items []RoleAssignment +} + +type ListForResourceOperationOptions struct { + Filter *string + TenantId *string +} + +func DefaultListForResourceOperationOptions() ListForResourceOperationOptions { + return ListForResourceOperationOptions{} +} + +func (o ListForResourceOperationOptions) ToHeaders() *client.Headers { + out := client.Headers{} + + return &out +} + +func (o ListForResourceOperationOptions) ToOData() *odata.Query { + out := odata.Query{} + return &out +} + +func (o ListForResourceOperationOptions) ToQuery() *client.QueryParams { + out := client.QueryParams{} + if o.Filter != nil { + out.Append("$filter", fmt.Sprintf("%v", *o.Filter)) + } + if o.TenantId != nil { + out.Append("tenantId", fmt.Sprintf("%v", *o.TenantId)) + } + return &out +} + +// ListForResource ... +func (c RoleAssignmentsClient) ListForResource(ctx context.Context, id ProviderId, options ListForResourceOperationOptions) (result ListForResourceOperationResponse, err error) { + opts := client.RequestOptions{ + ContentType: "application/json", + ExpectedStatusCodes: []int{ + http.StatusOK, + }, + HttpMethod: http.MethodGet, + Path: fmt.Sprintf("%s/providers/Microsoft.Authorization/roleAssignments", id.ID()), + OptionsObject: options, + } + + req, err := c.Client.NewRequest(ctx, opts) + if err != nil { + return + } + + var resp *client.Response + resp, err = req.ExecutePaged(ctx) + if resp != nil { + result.OData = resp.OData + result.HttpResponse = resp.Response + } + if err != nil { + return + } + + var values struct { + Values *[]RoleAssignment `json:"value"` + } + if err = resp.Unmarshal(&values); err != nil { + return + } + + result.Model = values.Values + + return +} + +// ListForResourceComplete retrieves all the results into a single object +func (c RoleAssignmentsClient) ListForResourceComplete(ctx context.Context, id ProviderId, options ListForResourceOperationOptions) (ListForResourceCompleteResult, error) { + return c.ListForResourceCompleteMatchingPredicate(ctx, id, options, RoleAssignmentOperationPredicate{}) +} + +// ListForResourceCompleteMatchingPredicate retrieves all the results and then applies the predicate +func (c RoleAssignmentsClient) ListForResourceCompleteMatchingPredicate(ctx context.Context, id ProviderId, options ListForResourceOperationOptions, predicate RoleAssignmentOperationPredicate) (result ListForResourceCompleteResult, err error) { + items := make([]RoleAssignment, 0) + + resp, err := c.ListForResource(ctx, id, options) + if err != nil { + err = fmt.Errorf("loading results: %+v", err) + return + } + if resp.Model != nil { + for _, v := range *resp.Model { + if predicate.Matches(v) { + items = append(items, v) + } + } + } + + result = ListForResourceCompleteResult{ + Items: items, + } + return +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_listforresourcegroup.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_listforresourcegroup.go new file mode 100644 index 000000000000..7a1662929864 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_listforresourcegroup.go @@ -0,0 +1,122 @@ +package roleassignments + +import ( + "context" + "fmt" + "net/http" + + "github.com/hashicorp/go-azure-helpers/resourcemanager/commonids" + "github.com/hashicorp/go-azure-sdk/sdk/client" + "github.com/hashicorp/go-azure-sdk/sdk/odata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type ListForResourceGroupOperationResponse struct { + HttpResponse *http.Response + OData *odata.OData + Model *[]RoleAssignment +} + +type ListForResourceGroupCompleteResult struct { + Items []RoleAssignment +} + +type ListForResourceGroupOperationOptions struct { + Filter *string + TenantId *string +} + +func DefaultListForResourceGroupOperationOptions() ListForResourceGroupOperationOptions { + return ListForResourceGroupOperationOptions{} +} + +func (o ListForResourceGroupOperationOptions) ToHeaders() *client.Headers { + out := client.Headers{} + + return &out +} + +func (o ListForResourceGroupOperationOptions) ToOData() *odata.Query { + out := odata.Query{} + return &out +} + +func (o ListForResourceGroupOperationOptions) ToQuery() *client.QueryParams { + out := client.QueryParams{} + if o.Filter != nil { + out.Append("$filter", fmt.Sprintf("%v", *o.Filter)) + } + if o.TenantId != nil { + out.Append("tenantId", fmt.Sprintf("%v", *o.TenantId)) + } + return &out +} + +// ListForResourceGroup ... +func (c RoleAssignmentsClient) ListForResourceGroup(ctx context.Context, id commonids.ResourceGroupId, options ListForResourceGroupOperationOptions) (result ListForResourceGroupOperationResponse, err error) { + opts := client.RequestOptions{ + ContentType: "application/json", + ExpectedStatusCodes: []int{ + http.StatusOK, + }, + HttpMethod: http.MethodGet, + Path: fmt.Sprintf("%s/providers/Microsoft.Authorization/roleAssignments", id.ID()), + OptionsObject: options, + } + + req, err := c.Client.NewRequest(ctx, opts) + if err != nil { + return + } + + var resp *client.Response + resp, err = req.ExecutePaged(ctx) + if resp != nil { + result.OData = resp.OData + result.HttpResponse = resp.Response + } + if err != nil { + return + } + + var values struct { + Values *[]RoleAssignment `json:"value"` + } + if err = resp.Unmarshal(&values); err != nil { + return + } + + result.Model = values.Values + + return +} + +// ListForResourceGroupComplete retrieves all the results into a single object +func (c RoleAssignmentsClient) ListForResourceGroupComplete(ctx context.Context, id commonids.ResourceGroupId, options ListForResourceGroupOperationOptions) (ListForResourceGroupCompleteResult, error) { + return c.ListForResourceGroupCompleteMatchingPredicate(ctx, id, options, RoleAssignmentOperationPredicate{}) +} + +// ListForResourceGroupCompleteMatchingPredicate retrieves all the results and then applies the predicate +func (c RoleAssignmentsClient) ListForResourceGroupCompleteMatchingPredicate(ctx context.Context, id commonids.ResourceGroupId, options ListForResourceGroupOperationOptions, predicate RoleAssignmentOperationPredicate) (result ListForResourceGroupCompleteResult, err error) { + items := make([]RoleAssignment, 0) + + resp, err := c.ListForResourceGroup(ctx, id, options) + if err != nil { + err = fmt.Errorf("loading results: %+v", err) + return + } + if resp.Model != nil { + for _, v := range *resp.Model { + if predicate.Matches(v) { + items = append(items, v) + } + } + } + + result = ListForResourceGroupCompleteResult{ + Items: items, + } + return +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_listforscope.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_listforscope.go new file mode 100644 index 000000000000..6db72bc65b75 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_listforscope.go @@ -0,0 +1,122 @@ +package roleassignments + +import ( + "context" + "fmt" + "net/http" + + "github.com/hashicorp/go-azure-helpers/resourcemanager/commonids" + "github.com/hashicorp/go-azure-sdk/sdk/client" + "github.com/hashicorp/go-azure-sdk/sdk/odata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type ListForScopeOperationResponse struct { + HttpResponse *http.Response + OData *odata.OData + Model *[]RoleAssignment +} + +type ListForScopeCompleteResult struct { + Items []RoleAssignment +} + +type ListForScopeOperationOptions struct { + Filter *string + TenantId *string +} + +func DefaultListForScopeOperationOptions() ListForScopeOperationOptions { + return ListForScopeOperationOptions{} +} + +func (o ListForScopeOperationOptions) ToHeaders() *client.Headers { + out := client.Headers{} + + return &out +} + +func (o ListForScopeOperationOptions) ToOData() *odata.Query { + out := odata.Query{} + return &out +} + +func (o ListForScopeOperationOptions) ToQuery() *client.QueryParams { + out := client.QueryParams{} + if o.Filter != nil { + out.Append("$filter", fmt.Sprintf("%v", *o.Filter)) + } + if o.TenantId != nil { + out.Append("tenantId", fmt.Sprintf("%v", *o.TenantId)) + } + return &out +} + +// ListForScope ... +func (c RoleAssignmentsClient) ListForScope(ctx context.Context, id commonids.ScopeId, options ListForScopeOperationOptions) (result ListForScopeOperationResponse, err error) { + opts := client.RequestOptions{ + ContentType: "application/json", + ExpectedStatusCodes: []int{ + http.StatusOK, + }, + HttpMethod: http.MethodGet, + Path: fmt.Sprintf("%s/providers/Microsoft.Authorization/roleAssignments", id.ID()), + OptionsObject: options, + } + + req, err := c.Client.NewRequest(ctx, opts) + if err != nil { + return + } + + var resp *client.Response + resp, err = req.ExecutePaged(ctx) + if resp != nil { + result.OData = resp.OData + result.HttpResponse = resp.Response + } + if err != nil { + return + } + + var values struct { + Values *[]RoleAssignment `json:"value"` + } + if err = resp.Unmarshal(&values); err != nil { + return + } + + result.Model = values.Values + + return +} + +// ListForScopeComplete retrieves all the results into a single object +func (c RoleAssignmentsClient) ListForScopeComplete(ctx context.Context, id commonids.ScopeId, options ListForScopeOperationOptions) (ListForScopeCompleteResult, error) { + return c.ListForScopeCompleteMatchingPredicate(ctx, id, options, RoleAssignmentOperationPredicate{}) +} + +// ListForScopeCompleteMatchingPredicate retrieves all the results and then applies the predicate +func (c RoleAssignmentsClient) ListForScopeCompleteMatchingPredicate(ctx context.Context, id commonids.ScopeId, options ListForScopeOperationOptions, predicate RoleAssignmentOperationPredicate) (result ListForScopeCompleteResult, err error) { + items := make([]RoleAssignment, 0) + + resp, err := c.ListForScope(ctx, id, options) + if err != nil { + err = fmt.Errorf("loading results: %+v", err) + return + } + if resp.Model != nil { + for _, v := range *resp.Model { + if predicate.Matches(v) { + items = append(items, v) + } + } + } + + result = ListForScopeCompleteResult{ + Items: items, + } + return +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_listforsubscription.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_listforsubscription.go new file mode 100644 index 000000000000..bd3d1e014075 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/method_listforsubscription.go @@ -0,0 +1,122 @@ +package roleassignments + +import ( + "context" + "fmt" + "net/http" + + "github.com/hashicorp/go-azure-helpers/resourcemanager/commonids" + "github.com/hashicorp/go-azure-sdk/sdk/client" + "github.com/hashicorp/go-azure-sdk/sdk/odata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type ListForSubscriptionOperationResponse struct { + HttpResponse *http.Response + OData *odata.OData + Model *[]RoleAssignment +} + +type ListForSubscriptionCompleteResult struct { + Items []RoleAssignment +} + +type ListForSubscriptionOperationOptions struct { + Filter *string + TenantId *string +} + +func DefaultListForSubscriptionOperationOptions() ListForSubscriptionOperationOptions { + return ListForSubscriptionOperationOptions{} +} + +func (o ListForSubscriptionOperationOptions) ToHeaders() *client.Headers { + out := client.Headers{} + + return &out +} + +func (o ListForSubscriptionOperationOptions) ToOData() *odata.Query { + out := odata.Query{} + return &out +} + +func (o ListForSubscriptionOperationOptions) ToQuery() *client.QueryParams { + out := client.QueryParams{} + if o.Filter != nil { + out.Append("$filter", fmt.Sprintf("%v", *o.Filter)) + } + if o.TenantId != nil { + out.Append("tenantId", fmt.Sprintf("%v", *o.TenantId)) + } + return &out +} + +// ListForSubscription ... +func (c RoleAssignmentsClient) ListForSubscription(ctx context.Context, id commonids.SubscriptionId, options ListForSubscriptionOperationOptions) (result ListForSubscriptionOperationResponse, err error) { + opts := client.RequestOptions{ + ContentType: "application/json", + ExpectedStatusCodes: []int{ + http.StatusOK, + }, + HttpMethod: http.MethodGet, + Path: fmt.Sprintf("%s/providers/Microsoft.Authorization/roleAssignments", id.ID()), + OptionsObject: options, + } + + req, err := c.Client.NewRequest(ctx, opts) + if err != nil { + return + } + + var resp *client.Response + resp, err = req.ExecutePaged(ctx) + if resp != nil { + result.OData = resp.OData + result.HttpResponse = resp.Response + } + if err != nil { + return + } + + var values struct { + Values *[]RoleAssignment `json:"value"` + } + if err = resp.Unmarshal(&values); err != nil { + return + } + + result.Model = values.Values + + return +} + +// ListForSubscriptionComplete retrieves all the results into a single object +func (c RoleAssignmentsClient) ListForSubscriptionComplete(ctx context.Context, id commonids.SubscriptionId, options ListForSubscriptionOperationOptions) (ListForSubscriptionCompleteResult, error) { + return c.ListForSubscriptionCompleteMatchingPredicate(ctx, id, options, RoleAssignmentOperationPredicate{}) +} + +// ListForSubscriptionCompleteMatchingPredicate retrieves all the results and then applies the predicate +func (c RoleAssignmentsClient) ListForSubscriptionCompleteMatchingPredicate(ctx context.Context, id commonids.SubscriptionId, options ListForSubscriptionOperationOptions, predicate RoleAssignmentOperationPredicate) (result ListForSubscriptionCompleteResult, err error) { + items := make([]RoleAssignment, 0) + + resp, err := c.ListForSubscription(ctx, id, options) + if err != nil { + err = fmt.Errorf("loading results: %+v", err) + return + } + if resp.Model != nil { + for _, v := range *resp.Model { + if predicate.Matches(v) { + items = append(items, v) + } + } + } + + result = ListForSubscriptionCompleteResult{ + Items: items, + } + return +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/model_roleassignment.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/model_roleassignment.go new file mode 100644 index 000000000000..c55c3f24b042 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/model_roleassignment.go @@ -0,0 +1,11 @@ +package roleassignments + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type RoleAssignment struct { + Id *string `json:"id,omitempty"` + Name *string `json:"name,omitempty"` + Properties *RoleAssignmentProperties `json:"properties,omitempty"` + Type *string `json:"type,omitempty"` +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/model_roleassignmentcreateparameters.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/model_roleassignmentcreateparameters.go new file mode 100644 index 000000000000..f47251b218aa --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/model_roleassignmentcreateparameters.go @@ -0,0 +1,8 @@ +package roleassignments + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type RoleAssignmentCreateParameters struct { + Properties RoleAssignmentProperties `json:"properties"` +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/model_roleassignmentproperties.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/model_roleassignmentproperties.go new file mode 100644 index 000000000000..d2e7949110bd --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/model_roleassignmentproperties.go @@ -0,0 +1,49 @@ +package roleassignments + +import ( + "time" + + "github.com/hashicorp/go-azure-helpers/lang/dates" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type RoleAssignmentProperties struct { + Condition *string `json:"condition,omitempty"` + ConditionVersion *string `json:"conditionVersion,omitempty"` + CreatedBy *string `json:"createdBy,omitempty"` + CreatedOn *string `json:"createdOn,omitempty"` + DelegatedManagedIdentityResourceId *string `json:"delegatedManagedIdentityResourceId,omitempty"` + Description *string `json:"description,omitempty"` + PrincipalId string `json:"principalId"` + PrincipalType *PrincipalType `json:"principalType,omitempty"` + RoleDefinitionId string `json:"roleDefinitionId"` + Scope *string `json:"scope,omitempty"` + UpdatedBy *string `json:"updatedBy,omitempty"` + UpdatedOn *string `json:"updatedOn,omitempty"` +} + +func (o *RoleAssignmentProperties) GetCreatedOnAsTime() (*time.Time, error) { + if o.CreatedOn == nil { + return nil, nil + } + return dates.ParseAsFormat(o.CreatedOn, "2006-01-02T15:04:05Z07:00") +} + +func (o *RoleAssignmentProperties) SetCreatedOnAsTime(input time.Time) { + formatted := input.Format("2006-01-02T15:04:05Z07:00") + o.CreatedOn = &formatted +} + +func (o *RoleAssignmentProperties) GetUpdatedOnAsTime() (*time.Time, error) { + if o.UpdatedOn == nil { + return nil, nil + } + return dates.ParseAsFormat(o.UpdatedOn, "2006-01-02T15:04:05Z07:00") +} + +func (o *RoleAssignmentProperties) SetUpdatedOnAsTime(input time.Time) { + formatted := input.Format("2006-01-02T15:04:05Z07:00") + o.UpdatedOn = &formatted +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/predicates.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/predicates.go new file mode 100644 index 000000000000..794a1b40bfd5 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/predicates.go @@ -0,0 +1,27 @@ +package roleassignments + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type RoleAssignmentOperationPredicate struct { + Id *string + Name *string + Type *string +} + +func (p RoleAssignmentOperationPredicate) Matches(input RoleAssignment) bool { + + if p.Id != nil && (input.Id == nil && *p.Id != *input.Id) { + return false + } + + if p.Name != nil && (input.Name == nil && *p.Name != *input.Name) { + return false + } + + if p.Type != nil && (input.Type == nil && *p.Type != *input.Type) { + return false + } + + return true +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/version.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/version.go new file mode 100644 index 000000000000..685241b33c01 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments/version.go @@ -0,0 +1,12 @@ +package roleassignments + +import "fmt" + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +const defaultApiVersion = "2022-04-01" + +func userAgent() string { + return fmt.Sprintf("hashicorp/go-azure-sdk/roleassignments/%s", defaultApiVersion) +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/README.md b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/README.md new file mode 100644 index 000000000000..944f61e3b29e --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/README.md @@ -0,0 +1,90 @@ + +## `github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions` Documentation + +The `roledefinitions` SDK allows for interaction with the Azure Resource Manager Service `authorization` (API Version `2022-04-01`). + +This readme covers example usages, but further information on [using this SDK can be found in the project root](https://github.com/hashicorp/go-azure-sdk/tree/main/docs). + +### Import Path + +```go +import "github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions" +``` + + +### Client Initialization + +```go +client := roledefinitions.NewRoleDefinitionsClientWithBaseURI("https://management.azure.com") +client.Client.Authorizer = authorizer +``` + + +### Example Usage: `RoleDefinitionsClient.CreateOrUpdate` + +```go +ctx := context.TODO() +id := roledefinitions.NewScopedRoleDefinitionID("/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/some-resource-group", "roleDefinitionIdValue") + +payload := roledefinitions.RoleDefinition{ + // ... +} + + +read, err := client.CreateOrUpdate(ctx, id, payload) +if err != nil { + // handle the error +} +if model := read.Model; model != nil { + // do something with the model/response object +} +``` + + +### Example Usage: `RoleDefinitionsClient.Delete` + +```go +ctx := context.TODO() +id := roledefinitions.NewScopedRoleDefinitionID("/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/some-resource-group", "roleDefinitionIdValue") + +read, err := client.Delete(ctx, id) +if err != nil { + // handle the error +} +if model := read.Model; model != nil { + // do something with the model/response object +} +``` + + +### Example Usage: `RoleDefinitionsClient.Get` + +```go +ctx := context.TODO() +id := roledefinitions.NewScopedRoleDefinitionID("/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/some-resource-group", "roleDefinitionIdValue") + +read, err := client.Get(ctx, id) +if err != nil { + // handle the error +} +if model := read.Model; model != nil { + // do something with the model/response object +} +``` + + +### Example Usage: `RoleDefinitionsClient.List` + +```go +ctx := context.TODO() +id := roledefinitions.NewScopeID("/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/some-resource-group") + +// alternatively `client.List(ctx, id, roledefinitions.DefaultListOperationOptions())` can be used to do batched pagination +items, err := client.ListComplete(ctx, id, roledefinitions.DefaultListOperationOptions()) +if err != nil { + // handle the error +} +for _, item := range items { + // do something +} +``` diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/client.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/client.go new file mode 100644 index 000000000000..f931183e275e --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/client.go @@ -0,0 +1,26 @@ +package roledefinitions + +import ( + "fmt" + + "github.com/hashicorp/go-azure-sdk/sdk/client/resourcemanager" + "github.com/hashicorp/go-azure-sdk/sdk/environments" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type RoleDefinitionsClient struct { + Client *resourcemanager.Client +} + +func NewRoleDefinitionsClientWithBaseURI(api environments.Api) (*RoleDefinitionsClient, error) { + client, err := resourcemanager.NewResourceManagerClient(api, "roledefinitions", defaultApiVersion) + if err != nil { + return nil, fmt.Errorf("instantiating RoleDefinitionsClient: %+v", err) + } + + return &RoleDefinitionsClient{ + Client: client, + }, nil +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/id_scopedroledefinition.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/id_scopedroledefinition.go new file mode 100644 index 000000000000..50a72b320ed7 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/id_scopedroledefinition.go @@ -0,0 +1,113 @@ +package roledefinitions + +import ( + "fmt" + "strings" + + "github.com/hashicorp/go-azure-helpers/resourcemanager/resourceids" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +var _ resourceids.ResourceId = ScopedRoleDefinitionId{} + +// ScopedRoleDefinitionId is a struct representing the Resource ID for a Scoped Role Definition +type ScopedRoleDefinitionId struct { + Scope string + RoleDefinitionId string +} + +// NewScopedRoleDefinitionID returns a new ScopedRoleDefinitionId struct +func NewScopedRoleDefinitionID(scope string, roleDefinitionId string) ScopedRoleDefinitionId { + return ScopedRoleDefinitionId{ + Scope: scope, + RoleDefinitionId: roleDefinitionId, + } +} + +// ParseScopedRoleDefinitionID parses 'input' into a ScopedRoleDefinitionId +func ParseScopedRoleDefinitionID(input string) (*ScopedRoleDefinitionId, error) { + parser := resourceids.NewParserFromResourceIdType(ScopedRoleDefinitionId{}) + parsed, err := parser.Parse(input, false) + if err != nil { + return nil, fmt.Errorf("parsing %q: %+v", input, err) + } + + var ok bool + id := ScopedRoleDefinitionId{} + + if id.Scope, ok = parsed.Parsed["scope"]; !ok { + return nil, resourceids.NewSegmentNotSpecifiedError(id, "scope", *parsed) + } + + if id.RoleDefinitionId, ok = parsed.Parsed["roleDefinitionId"]; !ok { + return nil, resourceids.NewSegmentNotSpecifiedError(id, "roleDefinitionId", *parsed) + } + + return &id, nil +} + +// ParseScopedRoleDefinitionIDInsensitively parses 'input' case-insensitively into a ScopedRoleDefinitionId +// note: this method should only be used for API response data and not user input +func ParseScopedRoleDefinitionIDInsensitively(input string) (*ScopedRoleDefinitionId, error) { + parser := resourceids.NewParserFromResourceIdType(ScopedRoleDefinitionId{}) + parsed, err := parser.Parse(input, true) + if err != nil { + return nil, fmt.Errorf("parsing %q: %+v", input, err) + } + + var ok bool + id := ScopedRoleDefinitionId{} + + if id.Scope, ok = parsed.Parsed["scope"]; !ok { + return nil, resourceids.NewSegmentNotSpecifiedError(id, "scope", *parsed) + } + + if id.RoleDefinitionId, ok = parsed.Parsed["roleDefinitionId"]; !ok { + return nil, resourceids.NewSegmentNotSpecifiedError(id, "roleDefinitionId", *parsed) + } + + return &id, nil +} + +// ValidateScopedRoleDefinitionID checks that 'input' can be parsed as a Scoped Role Definition ID +func ValidateScopedRoleDefinitionID(input interface{}, key string) (warnings []string, errors []error) { + v, ok := input.(string) + if !ok { + errors = append(errors, fmt.Errorf("expected %q to be a string", key)) + return + } + + if _, err := ParseScopedRoleDefinitionID(v); err != nil { + errors = append(errors, err) + } + + return +} + +// ID returns the formatted Scoped Role Definition ID +func (id ScopedRoleDefinitionId) ID() string { + fmtString := "/%s/providers/Microsoft.Authorization/roleDefinitions/%s" + return fmt.Sprintf(fmtString, strings.TrimPrefix(id.Scope, "/"), id.RoleDefinitionId) +} + +// Segments returns a slice of Resource ID Segments which comprise this Scoped Role Definition ID +func (id ScopedRoleDefinitionId) Segments() []resourceids.Segment { + return []resourceids.Segment{ + resourceids.ScopeSegment("scope", "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/some-resource-group"), + resourceids.StaticSegment("staticProviders", "providers", "providers"), + resourceids.ResourceProviderSegment("staticMicrosoftAuthorization", "Microsoft.Authorization", "Microsoft.Authorization"), + resourceids.StaticSegment("staticRoleDefinitions", "roleDefinitions", "roleDefinitions"), + resourceids.UserSpecifiedSegment("roleDefinitionId", "roleDefinitionIdValue"), + } +} + +// String returns a human-readable description of this Scoped Role Definition ID +func (id ScopedRoleDefinitionId) String() string { + components := []string{ + fmt.Sprintf("Scope: %q", id.Scope), + fmt.Sprintf("Role Definition: %q", id.RoleDefinitionId), + } + return fmt.Sprintf("Scoped Role Definition (%s)", strings.Join(components, "\n")) +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/method_createorupdate.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/method_createorupdate.go new file mode 100644 index 000000000000..b65cc1649da6 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/method_createorupdate.go @@ -0,0 +1,55 @@ +package roledefinitions + +import ( + "context" + "net/http" + + "github.com/hashicorp/go-azure-sdk/sdk/client" + "github.com/hashicorp/go-azure-sdk/sdk/odata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type CreateOrUpdateOperationResponse struct { + HttpResponse *http.Response + OData *odata.OData + Model *RoleDefinition +} + +// CreateOrUpdate ... +func (c RoleDefinitionsClient) CreateOrUpdate(ctx context.Context, id ScopedRoleDefinitionId, input RoleDefinition) (result CreateOrUpdateOperationResponse, err error) { + opts := client.RequestOptions{ + ContentType: "application/json", + ExpectedStatusCodes: []int{ + http.StatusCreated, + }, + HttpMethod: http.MethodPut, + Path: id.ID(), + } + + req, err := c.Client.NewRequest(ctx, opts) + if err != nil { + return + } + + if err = req.Marshal(input); err != nil { + return + } + + var resp *client.Response + resp, err = req.Execute(ctx) + if resp != nil { + result.OData = resp.OData + result.HttpResponse = resp.Response + } + if err != nil { + return + } + + if err = resp.Unmarshal(&result.Model); err != nil { + return + } + + return +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/method_delete.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/method_delete.go new file mode 100644 index 000000000000..a5c3cb2a534d --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/method_delete.go @@ -0,0 +1,52 @@ +package roledefinitions + +import ( + "context" + "net/http" + + "github.com/hashicorp/go-azure-sdk/sdk/client" + "github.com/hashicorp/go-azure-sdk/sdk/odata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type DeleteOperationResponse struct { + HttpResponse *http.Response + OData *odata.OData + Model *RoleDefinition +} + +// Delete ... +func (c RoleDefinitionsClient) Delete(ctx context.Context, id ScopedRoleDefinitionId) (result DeleteOperationResponse, err error) { + opts := client.RequestOptions{ + ContentType: "application/json", + ExpectedStatusCodes: []int{ + http.StatusNoContent, + http.StatusOK, + }, + HttpMethod: http.MethodDelete, + Path: id.ID(), + } + + req, err := c.Client.NewRequest(ctx, opts) + if err != nil { + return + } + + var resp *client.Response + resp, err = req.Execute(ctx) + if resp != nil { + result.OData = resp.OData + result.HttpResponse = resp.Response + } + if err != nil { + return + } + + if err = resp.Unmarshal(&result.Model); err != nil { + return + } + + return +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/method_get.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/method_get.go new file mode 100644 index 000000000000..9bec08ea371a --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/method_get.go @@ -0,0 +1,51 @@ +package roledefinitions + +import ( + "context" + "net/http" + + "github.com/hashicorp/go-azure-sdk/sdk/client" + "github.com/hashicorp/go-azure-sdk/sdk/odata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type GetOperationResponse struct { + HttpResponse *http.Response + OData *odata.OData + Model *RoleDefinition +} + +// Get ... +func (c RoleDefinitionsClient) Get(ctx context.Context, id ScopedRoleDefinitionId) (result GetOperationResponse, err error) { + opts := client.RequestOptions{ + ContentType: "application/json", + ExpectedStatusCodes: []int{ + http.StatusOK, + }, + HttpMethod: http.MethodGet, + Path: id.ID(), + } + + req, err := c.Client.NewRequest(ctx, opts) + if err != nil { + return + } + + var resp *client.Response + resp, err = req.Execute(ctx) + if resp != nil { + result.OData = resp.OData + result.HttpResponse = resp.Response + } + if err != nil { + return + } + + if err = resp.Unmarshal(&result.Model); err != nil { + return + } + + return +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/method_list.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/method_list.go new file mode 100644 index 000000000000..c3fa16ea4e37 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/method_list.go @@ -0,0 +1,118 @@ +package roledefinitions + +import ( + "context" + "fmt" + "net/http" + + "github.com/hashicorp/go-azure-helpers/resourcemanager/commonids" + "github.com/hashicorp/go-azure-sdk/sdk/client" + "github.com/hashicorp/go-azure-sdk/sdk/odata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type ListOperationResponse struct { + HttpResponse *http.Response + OData *odata.OData + Model *[]RoleDefinition +} + +type ListCompleteResult struct { + Items []RoleDefinition +} + +type ListOperationOptions struct { + Filter *string +} + +func DefaultListOperationOptions() ListOperationOptions { + return ListOperationOptions{} +} + +func (o ListOperationOptions) ToHeaders() *client.Headers { + out := client.Headers{} + + return &out +} + +func (o ListOperationOptions) ToOData() *odata.Query { + out := odata.Query{} + return &out +} + +func (o ListOperationOptions) ToQuery() *client.QueryParams { + out := client.QueryParams{} + if o.Filter != nil { + out.Append("$filter", fmt.Sprintf("%v", *o.Filter)) + } + return &out +} + +// List ... +func (c RoleDefinitionsClient) List(ctx context.Context, id commonids.ScopeId, options ListOperationOptions) (result ListOperationResponse, err error) { + opts := client.RequestOptions{ + ContentType: "application/json", + ExpectedStatusCodes: []int{ + http.StatusOK, + }, + HttpMethod: http.MethodGet, + Path: fmt.Sprintf("%s/providers/Microsoft.Authorization/roleDefinitions", id.ID()), + OptionsObject: options, + } + + req, err := c.Client.NewRequest(ctx, opts) + if err != nil { + return + } + + var resp *client.Response + resp, err = req.ExecutePaged(ctx) + if resp != nil { + result.OData = resp.OData + result.HttpResponse = resp.Response + } + if err != nil { + return + } + + var values struct { + Values *[]RoleDefinition `json:"value"` + } + if err = resp.Unmarshal(&values); err != nil { + return + } + + result.Model = values.Values + + return +} + +// ListComplete retrieves all the results into a single object +func (c RoleDefinitionsClient) ListComplete(ctx context.Context, id commonids.ScopeId, options ListOperationOptions) (ListCompleteResult, error) { + return c.ListCompleteMatchingPredicate(ctx, id, options, RoleDefinitionOperationPredicate{}) +} + +// ListCompleteMatchingPredicate retrieves all the results and then applies the predicate +func (c RoleDefinitionsClient) ListCompleteMatchingPredicate(ctx context.Context, id commonids.ScopeId, options ListOperationOptions, predicate RoleDefinitionOperationPredicate) (result ListCompleteResult, err error) { + items := make([]RoleDefinition, 0) + + resp, err := c.List(ctx, id, options) + if err != nil { + err = fmt.Errorf("loading results: %+v", err) + return + } + if resp.Model != nil { + for _, v := range *resp.Model { + if predicate.Matches(v) { + items = append(items, v) + } + } + } + + result = ListCompleteResult{ + Items: items, + } + return +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/model_permission.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/model_permission.go new file mode 100644 index 000000000000..b8e01a191420 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/model_permission.go @@ -0,0 +1,11 @@ +package roledefinitions + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type Permission struct { + Actions *[]string `json:"actions,omitempty"` + DataActions *[]string `json:"dataActions,omitempty"` + NotActions *[]string `json:"notActions,omitempty"` + NotDataActions *[]string `json:"notDataActions,omitempty"` +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/model_roledefinition.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/model_roledefinition.go new file mode 100644 index 000000000000..6f08f38cbc71 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/model_roledefinition.go @@ -0,0 +1,11 @@ +package roledefinitions + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type RoleDefinition struct { + Id *string `json:"id,omitempty"` + Name *string `json:"name,omitempty"` + Properties *RoleDefinitionProperties `json:"properties,omitempty"` + Type *string `json:"type,omitempty"` +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/model_roledefinitionproperties.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/model_roledefinitionproperties.go new file mode 100644 index 000000000000..886c2c6c75da --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/model_roledefinitionproperties.go @@ -0,0 +1,46 @@ +package roledefinitions + +import ( + "time" + + "github.com/hashicorp/go-azure-helpers/lang/dates" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type RoleDefinitionProperties struct { + AssignableScopes *[]string `json:"assignableScopes,omitempty"` + CreatedBy *string `json:"createdBy,omitempty"` + CreatedOn *string `json:"createdOn,omitempty"` + Description *string `json:"description,omitempty"` + Permissions *[]Permission `json:"permissions,omitempty"` + RoleName *string `json:"roleName,omitempty"` + Type *string `json:"type,omitempty"` + UpdatedBy *string `json:"updatedBy,omitempty"` + UpdatedOn *string `json:"updatedOn,omitempty"` +} + +func (o *RoleDefinitionProperties) GetCreatedOnAsTime() (*time.Time, error) { + if o.CreatedOn == nil { + return nil, nil + } + return dates.ParseAsFormat(o.CreatedOn, "2006-01-02T15:04:05Z07:00") +} + +func (o *RoleDefinitionProperties) SetCreatedOnAsTime(input time.Time) { + formatted := input.Format("2006-01-02T15:04:05Z07:00") + o.CreatedOn = &formatted +} + +func (o *RoleDefinitionProperties) GetUpdatedOnAsTime() (*time.Time, error) { + if o.UpdatedOn == nil { + return nil, nil + } + return dates.ParseAsFormat(o.UpdatedOn, "2006-01-02T15:04:05Z07:00") +} + +func (o *RoleDefinitionProperties) SetUpdatedOnAsTime(input time.Time) { + formatted := input.Format("2006-01-02T15:04:05Z07:00") + o.UpdatedOn = &formatted +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/predicates.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/predicates.go new file mode 100644 index 000000000000..904eadb64cf5 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/predicates.go @@ -0,0 +1,27 @@ +package roledefinitions + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type RoleDefinitionOperationPredicate struct { + Id *string + Name *string + Type *string +} + +func (p RoleDefinitionOperationPredicate) Matches(input RoleDefinition) bool { + + if p.Id != nil && (input.Id == nil && *p.Id != *input.Id) { + return false + } + + if p.Name != nil && (input.Name == nil && *p.Name != *input.Name) { + return false + } + + if p.Type != nil && (input.Type == nil && *p.Type != *input.Type) { + return false + } + + return true +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/version.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/version.go new file mode 100644 index 000000000000..46a58c1faa60 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions/version.go @@ -0,0 +1,12 @@ +package roledefinitions + +import "fmt" + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +const defaultApiVersion = "2022-04-01" + +func userAgent() string { + return fmt.Sprintf("hashicorp/go-azure-sdk/roledefinitions/%s", defaultApiVersion) +} diff --git a/vendor/modules.txt b/vendor/modules.txt index dea2e05aaa99..d86bc037035b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -155,6 +155,8 @@ github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2020-10-01/role github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2020-10-01/roleassignmentschedulerequests github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2020-10-01/roleeligibilityscheduleinstances github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2020-10-01/roleeligibilityschedulerequests +github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments +github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions github.com/hashicorp/go-azure-sdk/resource-manager/automation/2015-10-31/webhook github.com/hashicorp/go-azure-sdk/resource-manager/automation/2019-06-01/runbook github.com/hashicorp/go-azure-sdk/resource-manager/automation/2019-06-01/softwareupdateconfiguration diff --git a/website/docs/r/role_assignment_marketplace.html.markdown b/website/docs/r/role_assignment_marketplace.html.markdown new file mode 100644 index 000000000000..abbba836d4df --- /dev/null +++ b/website/docs/r/role_assignment_marketplace.html.markdown @@ -0,0 +1,113 @@ +--- +subcategory: "Authorization" +layout: "azurerm" +page_title: "Azure Resource Manager: azurerm_marketplace_role_assignment" +description: |- + Assigns a given Principal (User or Group) to a given Role in a Private Azure Marketplace. +--- + +# azurerm_marketplace_role_assignment + +Assigns a given Principal (User or Group) to a given Role in a Private Azure Marketplace. + +## Example Usage (using a role definition name) + +```hcl +data "azurerm_client_config" "example" { +} + +resource "azurerm_marketplace_role_assignment" "example" { + role_definition_name = "Marketplace Admin" + principal_id = data.azurerm_client_config.example.object_id + + lifecycle { + ignore_changes = [ + name, + role_definition_id, + ] + } +} +``` + +## Example Usage (using a role definition ID) + +```hcl +data "azurerm_client_config" "example" { +} + +data "azurerm_role_definition" "example" { + name = "Log Analytics Reader" +} + +resource "azurerm_marketplace_role_assignment" "example" { + role_definition_id = "${data.azurerm_role_definition.example.id}" + principal_id = data.azurerm_client_config.example.object_id + + lifecycle { + ignore_changes = [ + role_definition_name, + ] + } +} +``` + +## Argument Reference + +The following arguments are supported: + +* `principal_id` - (Required) The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created. + +~> **NOTE:** The Principal ID is also known as the Object ID (i.e. not the "Application ID" for applications). To assign Azure roles, the Principal must have `Microsoft.Authorization/roleAssignments/write` permissions. See [documentation](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal) for more information. + +* `name` - (Optional) A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created. + +* `role_definition_id` - (Optional) The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `role_definition_name`. + +* `role_definition_name` - (Optional) The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `role_definition_id`. + +~> **NOTE:** To assign `Marketplace Admin` role, the calling Principal must first be assigned Privileged Role Administrator (like `Owner` role) or Global Administrator. See [documentation](https://learn.microsoft.com/en-us/marketplace/create-manage-private-azure-marketplace-new#prerequisites) for more information. + +* `condition` - (Optional) The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created. + +* `condition_version` - (Optional) The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created. + +* `delegated_managed_identity_resource_id` - (Optional) The delegated Azure Resource ID which contains a Managed Identity. Changing this forces a new resource to be created. + +~> **NOTE:** This field is only used in cross tenant scenarios. + +* `description` - (Optional) The description for this Role Assignment. Changing this forces a new resource to be created. + +* `skip_service_principal_aad_check` - (Optional) If the `principal_id` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principal_id` is a `Service Principal` identity. Defaults to `false`. Changing this forces a new resource to be created. + +~> **NOTE:** This field takes effect only when `principal_id` is a `Service Principal` identity. + +## Attributes Reference + +In addition to the Arguments listed above - the following Attributes are exported: + +* `id` - The Role Assignment ID. + +* `principal_type` - The type of the `principal_id`, e.g. User, Group, Service Principal, Application, etc. + +## Timeouts + +The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/language/resources/syntax#operation-timeouts) for certain actions: + +* `create` - (Defaults to 30 minutes) Used when creating the Role Assignment. +* `update` - (Defaults to 30 minutes) Used when updating the Role Assignment. +* `read` - (Defaults to 5 minutes) Used when retrieving the Role Assignment. +* `delete` - (Defaults to 30 minutes) Used when deleting the Role Assignment. + +## Import + +Role Assignments can be imported using the `resource id`, e.g. + +```shell +terraform import azurerm_marketplace_role_assignment.example /providers/Microsoft.Marketplace/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000 +``` + +~> **NOTE:** For cross tenant scenarios, the format of the `resource id` consists of the Azure resource ID and the tenant ID, for example: + +```text +/providers/Microsoft.Marketplace/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000|00000000-0000-0000-0000-000000000000 +```