Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_log_analytics_workspace - support for the identity property #23864

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
"github.com/hashicorp/go-azure-helpers/lang/pointer"
"github.com/hashicorp/go-azure-helpers/lang/response"
"github.com/hashicorp/go-azure-helpers/resourcemanager/commonschema"
"github.com/hashicorp/go-azure-helpers/resourcemanager/identity"
"github.com/hashicorp/go-azure-sdk/resource-manager/insights/2022-06-01/datacollectionrules"
sharedKeyWorkspaces "github.com/hashicorp/go-azure-sdk/resource-manager/operationalinsights/2020-08-01/workspaces"
"github.com/hashicorp/go-azure-sdk/resource-manager/operationalinsights/2022-10-01/workspaces"
Expand Down Expand Up @@ -86,6 +87,8 @@ func resourceLogAnalyticsWorkspace() *pluginsdk.Resource {
Optional: true,
},

"identity": commonschema.SystemOrUserAssignedIdentityOptional(),

"internet_ingestion_enabled": {
Type: pluginsdk.TypeBool,
Optional: true,
Expand Down Expand Up @@ -313,6 +316,14 @@ func resourceLogAnalyticsWorkspaceCreateUpdate(d *pluginsdk.ResourceData, meta i
}
}

if v, ok := d.GetOk("identity"); ok {
expanded, err := identity.ExpandSystemOrUserAssignedMap(v.([]interface{}))
if err != nil {
return fmt.Errorf("expanding identity: %+v", err)
}
parameters.Identity = expanded
}

err := client.CreateOrUpdateThenPoll(ctx, id, parameters)
if err != nil {
return err
Expand Down Expand Up @@ -381,6 +392,14 @@ func resourceLogAnalyticsWorkspaceRead(d *pluginsdk.ResourceData, meta interface
d.Set("resource_group_name", id.ResourceGroupName)

if model := resp.Model; model != nil {
if model.Identity != nil {
flattenIdentity, err := identity.FlattenSystemOrUserAssignedMap(model.Identity)
if err != nil {
return fmt.Errorf("flattening identity: %+v", err)
}
d.Set("identity", flattenIdentity)
}

if props := model.Properties; props != nil {
internetIngestionEnabled := true
if props.PublicNetworkAccessForIngestion != nil {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -379,6 +379,65 @@ func TestAccLogAnalyticsWorkspace_withDefaultDataCollectionRule(t *testing.T) {
})
}

func TestAccLogAnalyticsWorkspace_withSystemAssignedIdentity(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_log_analytics_workspace", "test")
r := LogAnalyticsWorkspaceResource{}

data.ResourceTest(t, r, []acceptance.TestStep{
{
Config: r.withSystemAssignedIdentity(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
),
},
data.ImportStep(),
})
}

func TestAccLogAnalyticsWorkspace_withUserAssignedIdentity(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_log_analytics_workspace", "test")
r := LogAnalyticsWorkspaceResource{}

data.ResourceTest(t, r, []acceptance.TestStep{
{
Config: r.withUserAssignedIdentity(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
),
},
data.ImportStep(),
})
}

func TestAccLogAnalyticsWorkspace_toggleIdentity(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_log_analytics_workspace", "test")
r := LogAnalyticsWorkspaceResource{}

data.ResourceTest(t, r, []acceptance.TestStep{
{
Config: r.basic(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
),
},
data.ImportStep(),
{
Config: r.withSystemAssignedIdentity(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
),
},
data.ImportStep(),
{
Config: r.withUserAssignedIdentity(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
),
},
data.ImportStep(),
})
}

func (t LogAnalyticsWorkspaceResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
id, err := workspaces.ParseWorkspaceID(state.ID)
if err != nil {
Expand Down Expand Up @@ -414,6 +473,66 @@ resource "azurerm_log_analytics_workspace" "test" {
`, data.RandomInteger, data.Locations.Primary, data.RandomInteger)
}

func (LogAnalyticsWorkspaceResource) withSystemAssignedIdentity(data acceptance.TestData) string {
return fmt.Sprintf(`
provider "azurerm" {
features {}
}

resource "azurerm_resource_group" "test" {
name = "acctestRG-%[1]d"
location = "%[2]s"
}

resource "azurerm_log_analytics_workspace" "test" {
name = "acctestLAW-%[1]d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
sku = "PerGB2018"
retention_in_days = 30

identity {
type = "SystemAssigned"
}

}
`, data.RandomInteger, data.Locations.Primary)
}

func (LogAnalyticsWorkspaceResource) withUserAssignedIdentity(data acceptance.TestData) string {
return fmt.Sprintf(`
provider "azurerm" {
features {}
}

resource "azurerm_resource_group" "test" {
name = "acctestRG-%[1]d"
location = "%[2]s"
}

resource "azurerm_user_assigned_identity" "test" {
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location

name = "acctest-%[1]d"
}

resource "azurerm_log_analytics_workspace" "test" {
name = "acctestLAW-%[1]d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
sku = "PerGB2018"
retention_in_days = 30

identity {
type = "UserAssigned"
identity_ids = [azurerm_user_assigned_identity.test.id]
}

}
`, data.RandomInteger, data.Locations.Primary)
}

func (r LogAnalyticsWorkspaceResource) requiresImport(data acceptance.TestData) string {
return fmt.Sprintf(`
%s
Expand Down
12 changes: 12 additions & 0 deletions website/docs/r/log_analytics_workspace.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,8 @@ The following arguments are supported:

* `cmk_for_query_forced` - (Optional) Is Customer Managed Storage mandatory for query management?

* `identity` - (Optional) An `identity` block as defined below.

* `internet_ingestion_enabled` - (Optional) Should the Log Analytics Workspace support ingestion over the Public Internet? Defaults to `true`.

* `internet_query_enabled` - (Optional) Should the Log Analytics Workspace support querying over the Public Internet? Defaults to `true`.
Expand All @@ -71,6 +73,16 @@ The following arguments are supported:

~> **NOTE:** If a `azurerm_log_analytics_workspace` is connected to a `azurerm_log_analytics_cluster` via a `azurerm_log_analytics_linked_service` you will not be able to modify the workspaces `sku` field until the link between the workspace and the cluster has been broken by deleting the `azurerm_log_analytics_linked_service` resource. All other fields are modifiable while the workspace is linked to a cluster.

---

An `identity` block supports the following:

* `type` - (Required) Specifies the identity type of the Log Analytics Workspace. Possible values are `SystemAssigned` (where Azure will generate a Service Principal for you) and `UserAssigned` where you can specify the Service Principal IDs in the `identity_ids` field.

~> **NOTE:** When `type` is set to `SystemAssigned`, The assigned `principal_id` and `tenant_id` can be retrieved after the Log Analytics Workspace has been created.

* `identity_ids` - (Optional) Specifies a list of user managed identity ids to be assigned. Required if `type` is `UserAssigned`.

## Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:
Expand Down
Loading