Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_container_app add support for key vault secret references as secret #23958

Closed
wants to merge 10 commits into from
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ type ContainerAppEnvironmentDaprComponentModel struct {
Version string `tfschema:"version"`
IgnoreErrors bool `tfschema:"ignore_errors"`
InitTimeout string `tfschema:"init_timeout"`
Secrets []helpers.Secret `tfschema:"secret"`
Secrets []helpers.DaprSecret `tfschema:"secret"`
Scopes []string `tfschema:"scopes"`
Metadata []helpers.DaprMetadata `tfschema:"metadata"`
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,18 @@ resource "azurerm_container_app_environment" "test" {
`, r.template(data), data.RandomInteger)
}

func (r ContainerAppEnvironmentResource) basicNoProvider(data acceptance.TestData) string {
return fmt.Sprintf(`
%[1]s

resource "azurerm_container_app_environment" "test" {
name = "acctest-CAEnv%[2]d"
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location
}
`, r.template(data), data.RandomInteger)
}

func (r ContainerAppEnvironmentResource) requiresImport(data acceptance.TestData) string {
return fmt.Sprintf(`

Expand Down
17 changes: 12 additions & 5 deletions internal/services/containerapps/container_app_resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ import (
"github.com/hashicorp/go-azure-helpers/resourcemanager/tags"
"github.com/hashicorp/go-azure-sdk/resource-manager/containerapps/2023-05-01/containerapps"
"github.com/hashicorp/go-azure-sdk/resource-manager/containerapps/2023-05-01/managedenvironments"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-provider-azurerm/internal/sdk"
"github.com/hashicorp/terraform-provider-azurerm/internal/services/containerapps/helpers"
"github.com/hashicorp/terraform-provider-azurerm/internal/services/containerapps/validate"
Expand Down Expand Up @@ -185,13 +184,18 @@ func (r ContainerAppResource) Create() sdk.ResourceFunc {
return fmt.Errorf("invalid registry config for %s: %+v", id, err)
}

secrets, err := helpers.ExpandContainerSecrets(app.Secrets)
if err != nil {
return fmt.Errorf("invalid secrets config for %s: %+v", id, err)
}

containerApp := containerapps.ContainerApp{
Location: location.Normalize(env.Model.Location),
Properties: &containerapps.ContainerAppProperties{
Configuration: &containerapps.Configuration{
Ingress: helpers.ExpandContainerAppIngress(app.Ingress, id.ContainerAppName),
Dapr: helpers.ExpandContainerAppDapr(app.Dapr),
Secrets: helpers.ExpandContainerSecrets(app.Secrets),
Secrets: secrets,
Registries: registries,
},
ManagedEnvironmentId: pointer.To(app.ManagedEnvironmentId),
Expand Down Expand Up @@ -379,7 +383,10 @@ func (r ContainerAppResource) Update() sdk.ResourceFunc {
}

if metadata.ResourceData.HasChange("secret") {
model.Properties.Configuration.Secrets = helpers.ExpandContainerSecrets(state.Secrets)
model.Properties.Configuration.Secrets, err = helpers.ExpandContainerSecrets(state.Secrets)
if err != nil {
return fmt.Errorf("invalid secrets config for %s: %+v", id, err)
}
}

if metadata.ResourceData.HasChange("identity") {
Expand Down Expand Up @@ -411,8 +418,8 @@ func (r ContainerAppResource) CustomizeDiff() sdk.ResourceFunc {
Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error {
if metadata.ResourceDiff != nil && metadata.ResourceDiff.HasChange("secret") {
stateSecretsRaw, configSecretsRaw := metadata.ResourceDiff.GetChange("secret")
stateSecrets := stateSecretsRaw.(*schema.Set).List()
configSecrets := configSecretsRaw.(*schema.Set).List()
stateSecrets := stateSecretsRaw.([]interface{})
configSecrets := configSecretsRaw.([]interface{})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See below, this needs to remain a TypeSet unfortunately.

// Check there's not less
if len(configSecrets) < len(stateSecrets) {
return fmt.Errorf("cannot remove secrets from Container Apps at this time due to a limitation in the Container Apps Service. Please see `https://github.com/microsoft/azure-container-apps/issues/395` for more details")
Expand Down
Loading
Loading