Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_container_app - Add key_vault_id and identity for secret nested block. #24773

Merged
merged 11 commits into from
Apr 2, 2024
Merged

azurerm_container_app - Add key_vault_id and identity for secret nested block. #24773

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
4675747
adding keyvault secret reference support for container apps
x-delfino Sep 5, 2023
e848760
removing erroneous newline
x-delfino Sep 5, 2023
1d0a76b
updating primitive behaviours, secrets to list, renaming key_vault_se…
x-delfino Nov 22, 2023
5faa1d8
adding docs, updating tests, fixing secret data schemas
x-delfino Nov 23, 2023
908bac5
fixing dapr secrets schema
x-delfino Nov 23, 2023
511fedc
Update container app secret identity 'System' case sensitivity
x-delfino Dec 19, 2023
bddecb3
reverting to set. dont store kv secret value
x-delfino Jan 4, 2024
737d373
fix test
lonegunmanb Feb 6, 2024
5000196
fix format issue
lonegunmanb Feb 6, 2024
902df54
adjust document as review suggested
lonegunmanb Mar 13, 2024
1007c8a
update as code review suggested
lonegunmanb Mar 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion internal/services/containerapps/container_app_environment_dapr_component_resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ type ContainerAppEnvironmentDaprComponentModel struct {
Version string `tfschema:"version"`
IgnoreErrors bool `tfschema:"ignore_errors"`
InitTimeout string `tfschema:"init_timeout"`
Secrets []helpers.Secret `tfschema:"secret"`
Secrets []helpers.DaprSecret `tfschema:"secret"`
Scopes []string `tfschema:"scopes"`
Metadata []helpers.DaprMetadata `tfschema:"metadata"`
}
Expand Down
12 changes: 12 additions & 0 deletions internal/services/containerapps/container_app_environment_resource_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -194,6 +194,18 @@ resource "azurerm_container_app_environment" "test" {
`, r.template(data), data.RandomInteger)
}

func (r ContainerAppEnvironmentResource) basicNoProvider(data acceptance.TestData) string {
return fmt.Sprintf(`
%[1]s

resource "azurerm_container_app_environment" "test" {
name = "acctest-CAEnv%[2]d"
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location
}
`, r.template(data), data.RandomInteger)
}

func (r ContainerAppEnvironmentResource) requiresImport(data acceptance.TestData) string {
return fmt.Sprintf(`

Expand Down
21 changes: 19 additions & 2 deletions internal/services/containerapps/container_app_resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,13 +191,18 @@ func (r ContainerAppResource) Create() sdk.ResourceFunc {
return fmt.Errorf("invalid registry config for %s: %+v", id, err)
}

secrets, err := helpers.ExpandContainerSecrets(app.Secrets)
if err != nil {
return fmt.Errorf("invalid secrets config for %s: %+v", id, err)
}

containerApp := containerapps.ContainerApp{
Location: location.Normalize(env.Model.Location),
Properties: &containerapps.ContainerAppProperties{
Configuration: &containerapps.Configuration{
Ingress: helpers.ExpandContainerAppIngress(app.Ingress, id.ContainerAppName),
Dapr: helpers.ExpandContainerAppDapr(app.Dapr),
Secrets: helpers.ExpandContainerSecrets(app.Secrets),
Secrets: secrets,
Registries: registries,
},
ManagedEnvironmentId: pointer.To(app.ManagedEnvironmentId),
Expand Down Expand Up @@ -387,7 +392,10 @@ func (r ContainerAppResource) Update() sdk.ResourceFunc {
}

if metadata.ResourceData.HasChange("secret") {
model.Properties.Configuration.Secrets = helpers.ExpandContainerSecrets(state.Secrets)
model.Properties.Configuration.Secrets, err = helpers.ExpandContainerSecrets(state.Secrets)
if err != nil {
return fmt.Errorf("invalid secrets config for %s: %+v", id, err)
}
}

if metadata.ResourceData.HasChange("identity") {
Expand Down Expand Up @@ -489,6 +497,15 @@ func (r ContainerAppResource) CustomizeDiff() sdk.ResourceFunc {
}
}
}

for _, s := range app.Secrets {
if s.KeyVaultSecretId != "" && s.Identity == "" {
return fmt.Errorf("secret %s must supply identity for key vault secret id", s.Name)
}
if s.KeyVaultSecretId == "" && s.Identity != "" {
return fmt.Errorf("secret %s must supply key vault secret id when specifying identity", s.Name)
}
}
return nil
},
}
Expand Down
Loading
Loading