-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
azurerm_redis_cache - support access_keys_authentication_disabled property #27039
Changes from 13 commits
6ebbc0e
9dcb9a3
0055fb8
bf232ce
e7605cb
c71024a
bc869cc
c04488b
983a600
7e4a511
882fecd
b384de3
a68b456
50de57e
5341f2f
4d2e758
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
@@ -365,6 +365,12 @@ func resourceRedisCache() *pluginsdk.Resource { | |||||||||||||
}, | ||||||||||||||
}, | ||||||||||||||
|
||||||||||||||
"access_keys_authentication_enabled": { | ||||||||||||||
Type: pluginsdk.TypeBool, | ||||||||||||||
Optional: true, | ||||||||||||||
Default: true, | ||||||||||||||
}, | ||||||||||||||
|
||||||||||||||
"tags": commonschema.Tags(), | ||||||||||||||
}, | ||||||||||||||
|
||||||||||||||
|
@@ -376,6 +382,21 @@ func resourceRedisCache() *pluginsdk.Resource { | |||||||||||||
} | ||||||||||||||
return false | ||||||||||||||
}), | ||||||||||||||
pluginsdk.CustomizeDiffShim(func(ctx context.Context, diff *pluginsdk.ResourceDiff, v interface{}) error { | ||||||||||||||
// Entra (AD) auth has to be set to disable access keys auth | ||||||||||||||
// https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-azure-active-directory-for-authentication | ||||||||||||||
|
||||||||||||||
accessKeysAuthenticationEnabled := diff.Get("access_keys_authentication_enabled").(bool) | ||||||||||||||
activeDirectoryAuthenticationEnabled := diff.Get("redis_configuration.0.active_directory_authentication_enabled").(bool) | ||||||||||||||
|
||||||||||||||
log.Printf("[DEBUG] CustomizeDiff: access_keys_authentication_enabled: %v, active_directory_authentication_enabled: %v", accessKeysAuthenticationEnabled, activeDirectoryAuthenticationEnabled) | ||||||||||||||
|
||||||||||||||
if !accessKeysAuthenticationEnabled && !activeDirectoryAuthenticationEnabled { | ||||||||||||||
return fmt.Errorf("`active_directory_authentication_enabled` must be enabled in order to disable `access_keys_authentication_enabled`") | ||||||||||||||
} | ||||||||||||||
|
||||||||||||||
return nil | ||||||||||||||
}), | ||||||||||||||
), | ||||||||||||||
} | ||||||||||||||
|
||||||||||||||
|
@@ -499,7 +520,8 @@ func resourceRedisCacheCreate(d *pluginsdk.ResourceData, meta interface{}) error | |||||||||||||
parameters := redis.RedisCreateParameters{ | ||||||||||||||
Location: location.Normalize(d.Get("location").(string)), | ||||||||||||||
Properties: redis.RedisCreateProperties{ | ||||||||||||||
EnableNonSslPort: pointer.To(enableNonSslPort.(bool)), | ||||||||||||||
DisableAccessKeyAuthentication: pointer.To(!(d.Get("access_keys_authentication_enabled").(bool))), | ||||||||||||||
EnableNonSslPort: pointer.To(enableNonSslPort.(bool)), | ||||||||||||||
Sku: redis.Sku{ | ||||||||||||||
Capacity: int64(d.Get("capacity").(int)), | ||||||||||||||
Family: redis.SkuFamily(d.Get("family").(string)), | ||||||||||||||
|
@@ -613,8 +635,9 @@ func resourceRedisCacheUpdate(d *pluginsdk.ResourceData, meta interface{}) error | |||||||||||||
|
||||||||||||||
parameters := redis.RedisUpdateParameters{ | ||||||||||||||
Properties: &redis.RedisUpdateProperties{ | ||||||||||||||
MinimumTlsVersion: pointer.To(redis.TlsVersion(d.Get("minimum_tls_version").(string))), | ||||||||||||||
EnableNonSslPort: pointer.To(enableNonSslPort.(bool)), | ||||||||||||||
DisableAccessKeyAuthentication: pointer.To(!(d.Get("access_keys_authentication_enabled").(bool))), | ||||||||||||||
MinimumTlsVersion: pointer.To(redis.TlsVersion(d.Get("minimum_tls_version").(string))), | ||||||||||||||
EnableNonSslPort: pointer.To(enableNonSslPort.(bool)), | ||||||||||||||
Sku: &redis.Sku{ | ||||||||||||||
Capacity: int64(d.Get("capacity").(int)), | ||||||||||||||
Family: redis.SkuFamily(d.Get("family").(string)), | ||||||||||||||
|
@@ -837,6 +860,12 @@ func resourceRedisCacheRead(d *pluginsdk.ResourceData, meta interface{}) error { | |||||||||||||
d.Set("primary_access_key", keysResp.Model.PrimaryKey) | ||||||||||||||
d.Set("secondary_access_key", keysResp.Model.SecondaryKey) | ||||||||||||||
|
||||||||||||||
accessKeyAuthEnabled := true | ||||||||||||||
if props.DisableAccessKeyAuthentication != nil { | ||||||||||||||
accessKeyAuthEnabled = !(*props.DisableAccessKeyAuthentication) | ||||||||||||||
} | ||||||||||||||
d.Set("access_keys_authentication_enabled", accessKeyAuthEnabled) | ||||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Addressed in 50de57e There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same here There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Fixed in 5341f2f |
||||||||||||||
|
||||||||||||||
if err := tags.FlattenAndSet(d, model.Tags); err != nil { | ||||||||||||||
return fmt.Errorf("setting `tags`: %+v", err) | ||||||||||||||
} | ||||||||||||||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a common pattern in the provider to make use of
pointer.From
when setting properties that are pointers into state.pointer.From
will nil check the input and if the pointer is nil will return the zero value for the type that was passed in, so this would be condensed down to:There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@stephybun is right, I definitely missed this out.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah nice idea, thx @stephybun . I will alter the suggested code a bit: we want to make the expression defaults to
true
if we get nil value onDisableAccessKeyAuthentication
.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Addressed in 50de57e
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gerrytan that is the outcome of my suggestion above.
If
props.DisableAccessKeyAuthentication
isnil
,pointer.From
will returnfalse
(the zero value for bools) which will result intrue
since it's being inverted. The variable initialization and nil check on lines 357-361 are redundant. Can you please apply the suggestion as made?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@stephybun ah I get it now. Fixed in 5341f2f.