From 9d9cd7a60b0e2bfa3995c4787b1016f8a0397fe9 Mon Sep 17 00:00:00 2001 From: chilledornaments Date: Fri, 11 Oct 2024 11:01:11 -0600 Subject: [PATCH 1/4] add credential to azurerm_data_factory_linked_service_azure_sql_database --- internal/services/datafactory/data_factory.go | 41 ++++++++++++ ...ked_service_azure_sql_database_resource.go | 30 +++++++++ ...ervice_azure_sql_database_resource_test.go | 65 +++++++++++++++++++ ...d_service_azure_sql_database.html.markdown | 9 +++ 4 files changed, 145 insertions(+) diff --git a/internal/services/datafactory/data_factory.go b/internal/services/datafactory/data_factory.go index 1f5d5b1b5863..34afa7ece85b 100644 --- a/internal/services/datafactory/data_factory.go +++ b/internal/services/datafactory/data_factory.go @@ -605,3 +605,44 @@ func expandDataFactoryDatasetCompression(d *pluginsdk.ResourceData) *datafactory Level: props["level"].(string), } } + +func expandAzureCredentialReference(input []interface{}) *datafactory.CredentialReference { + if len(input) == 0 || input[0] == nil { + return nil + } + + config := input[0].(map[string]interface{}) + + var referenceName *string + if v, ok := config["reference_name"].(string); ok { + referenceName = &v + } + + var credType *string + if v, ok := config["type"].(string); ok { + credType = &v + } + + return &datafactory.CredentialReference{ + ReferenceName: referenceName, + Type: credType, + } +} + +func flattenAzureCredentialReference(input *datafactory.CredentialReference) []map[string]string { + if input == nil { + return nil + } + + parameters := map[string]string{} + + if input.ReferenceName != nil { + parameters["reference_name"] = *input.ReferenceName + } + + if input.Type != nil { + parameters["type"] = *input.Type + } + + return []map[string]string{parameters} +} diff --git a/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource.go b/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource.go index 2da06ecf58aa..4f9e0b18eb56 100644 --- a/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource.go +++ b/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource.go @@ -171,6 +171,27 @@ func resourceDataFactoryLinkedServiceAzureSQLDatabase() *pluginsdk.Resource { Type: pluginsdk.TypeString, }, }, + + "credential": { + Type: pluginsdk.TypeList, + Optional: true, + MaxItems: 1, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "reference_name": { + Type: pluginsdk.TypeString, + Required: true, + ValidateFunc: validation.StringIsNotEmpty, + }, + + "type": { + Type: pluginsdk.TypeString, + Required: true, + ValidateFunc: validation.StringIsNotEmpty, + }, + }, + }, + }, }, } } @@ -259,6 +280,11 @@ func resourceDataFactoryLinkedServiceAzureSQLDatabaseCreateUpdate(d *pluginsdk.R azureSQLDatabaseLinkedService.Annotations = &annotations } + if v, ok := d.GetOk("credential"); ok { + credential := v.([]interface{}) + azureSQLDatabaseLinkedService.Credential = expandAzureCredentialReference(credential) + } + linkedService := datafactory.LinkedServiceResource{ Properties: azureSQLDatabaseLinkedService, } @@ -352,6 +378,10 @@ func resourceDataFactoryLinkedServiceAzureSQLDatabaseRead(d *pluginsdk.ResourceD } } + if credential := sql.Credential; credential != nil { + d.Set("credential", flattenAzureCredentialReference(credential)) + } + return nil } diff --git a/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource_test.go b/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource_test.go index 5bd1a5a6a6e9..12ccbea22331 100644 --- a/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource_test.go +++ b/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource_test.go @@ -115,6 +115,23 @@ func TestAccDataFactoryLinkedServiceAzureSQLDatabase_ConnectionStringKeyVaultRef }) } +func TestAccDataFactoryLinkedServiceAzureSQLDatabase_Credential(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_data_factory_linked_service_azure_sql_database", "test") + r := LinkedServiceAzureSQLDatabaseResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.credential(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("credential.0.reference_name").HasValue(fmt.Sprintf("test%d", data.RandomInteger)), + check.That(data.ResourceName).Key("credential.0.type").HasValue("CredentialReference"), + ), + }, + data.ImportStep("connection_string"), + }) +} + func (t LinkedServiceAzureSQLDatabaseResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) { id, err := parse.LinkedServiceID(state.ID) if err != nil { @@ -355,3 +372,51 @@ resource "azurerm_data_factory_linked_service_azure_sql_database" "test" { } `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger) } + +func (LinkedServiceAzureSQLDatabaseResource) credential(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-df-%d" + location = "%s" +} + +resource "azurerm_user_assigned_identity" "test" { + name = "test%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name +} + +resource "azurerm_data_factory" "test" { + name = "acctestdf%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + + identity { + type = "SystemAssigned, UserAssigned" + identity_ids = [azurerm_user_assigned_identity.test.id] + } +} + +resource "azurerm_data_factory_credential_user_managed_identity" "test" { + name = azurerm_user_assigned_identity.test.name + description = "Test ADF SQL DB UMI" + data_factory_id = azurerm_data_factory.test.id + identity_id = azurerm_user_assigned_identity.test.id +} + +resource "azurerm_data_factory_linked_service_azure_sql_database" "test" { + name = "acctestlssql%d" + data_factory_id = azurerm_data_factory.test.id + connection_string = "data source=serverhostname;initial catalog=master;user id=testUser;Password=test;integrated security=False;encrypt=True;connection timeout=30" + + credential { + reference_name = azurerm_data_factory_credential_user_managed_identity.test.name + type = "CredentialReference" + } +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger) +} diff --git a/website/docs/r/data_factory_linked_service_azure_sql_database.html.markdown b/website/docs/r/data_factory_linked_service_azure_sql_database.html.markdown index 50191cc54d48..4284bf638d13 100644 --- a/website/docs/r/data_factory_linked_service_azure_sql_database.html.markdown +++ b/website/docs/r/data_factory_linked_service_azure_sql_database.html.markdown @@ -65,6 +65,8 @@ The following arguments are supported: * `key_vault_password` - (Optional) A `key_vault_password` block as defined below. Use this argument to store SQL Server password in an existing Key Vault. It needs an existing Key Vault Data Factory Linked Service. +* `credential` - (Optional) A `credential` block as defined below. Use this argument to authenticate against the linked resource using a User Managed Identity. + --- A `key_vault_connection_string` block supports the following: @@ -83,6 +85,13 @@ A `key_vault_password` block supports the following: --- +A `credential` block supports the following: + +* `reference_name` - (Required) Name of the User Managed Identity. + +* `type` - (Required) Sets the credential type. The only valid value is `CredentialReference`. +--- + ## Attributes Reference In addition to the Arguments listed above - the following Attributes are exported: From e84205484fab0c3f3865969b457024cab81de16b Mon Sep 17 00:00:00 2001 From: chilledornaments Date: Fri, 11 Oct 2024 11:07:30 -0600 Subject: [PATCH 2/4] align with msft docs --- ...ta_factory_linked_service_azure_sql_database.html.markdown | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/docs/r/data_factory_linked_service_azure_sql_database.html.markdown b/website/docs/r/data_factory_linked_service_azure_sql_database.html.markdown index 4284bf638d13..2d241b9e1cd5 100644 --- a/website/docs/r/data_factory_linked_service_azure_sql_database.html.markdown +++ b/website/docs/r/data_factory_linked_service_azure_sql_database.html.markdown @@ -65,7 +65,7 @@ The following arguments are supported: * `key_vault_password` - (Optional) A `key_vault_password` block as defined below. Use this argument to store SQL Server password in an existing Key Vault. It needs an existing Key Vault Data Factory Linked Service. -* `credential` - (Optional) A `credential` block as defined below. Use this argument to authenticate against the linked resource using a User Managed Identity. +* `credential` - (Optional) A `credential` block as defined below. Use this argument to authenticate against the linked resource using a User-assigned Managed Identity. --- @@ -87,7 +87,7 @@ A `key_vault_password` block supports the following: A `credential` block supports the following: -* `reference_name` - (Required) Name of the User Managed Identity. +* `reference_name` - (Required) Name of the User-assigned Managed Identity. * `type` - (Required) Sets the credential type. The only valid value is `CredentialReference`. --- From 12becb88152b6010c8acbd06391ca301452ab1b5 Mon Sep 17 00:00:00 2001 From: chilledornaments Date: Thu, 24 Oct 2024 09:02:47 -0600 Subject: [PATCH 3/4] change credential block to credential_name string --- internal/services/datafactory/data_factory.go | 41 ------------------- ...ked_service_azure_sql_database_resource.go | 33 +++++---------- ...ervice_azure_sql_database_resource_test.go | 8 +--- ...d_service_azure_sql_database.html.markdown | 9 +--- 4 files changed, 13 insertions(+), 78 deletions(-) diff --git a/internal/services/datafactory/data_factory.go b/internal/services/datafactory/data_factory.go index 34afa7ece85b..1f5d5b1b5863 100644 --- a/internal/services/datafactory/data_factory.go +++ b/internal/services/datafactory/data_factory.go @@ -605,44 +605,3 @@ func expandDataFactoryDatasetCompression(d *pluginsdk.ResourceData) *datafactory Level: props["level"].(string), } } - -func expandAzureCredentialReference(input []interface{}) *datafactory.CredentialReference { - if len(input) == 0 || input[0] == nil { - return nil - } - - config := input[0].(map[string]interface{}) - - var referenceName *string - if v, ok := config["reference_name"].(string); ok { - referenceName = &v - } - - var credType *string - if v, ok := config["type"].(string); ok { - credType = &v - } - - return &datafactory.CredentialReference{ - ReferenceName: referenceName, - Type: credType, - } -} - -func flattenAzureCredentialReference(input *datafactory.CredentialReference) []map[string]string { - if input == nil { - return nil - } - - parameters := map[string]string{} - - if input.ReferenceName != nil { - parameters["reference_name"] = *input.ReferenceName - } - - if input.Type != nil { - parameters["type"] = *input.Type - } - - return []map[string]string{parameters} -} diff --git a/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource.go b/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource.go index 4f9e0b18eb56..d7808380240a 100644 --- a/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource.go +++ b/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource.go @@ -7,6 +7,7 @@ import ( "fmt" "time" + "github.com/hashicorp/go-azure-helpers/lang/pointer" "github.com/hashicorp/go-azure-sdk/resource-manager/datafactory/2018-06-01/factories" "github.com/hashicorp/terraform-provider-azurerm/helpers/tf" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" @@ -172,25 +173,10 @@ func resourceDataFactoryLinkedServiceAzureSQLDatabase() *pluginsdk.Resource { }, }, - "credential": { - Type: pluginsdk.TypeList, - Optional: true, - MaxItems: 1, - Elem: &pluginsdk.Resource{ - Schema: map[string]*pluginsdk.Schema{ - "reference_name": { - Type: pluginsdk.TypeString, - Required: true, - ValidateFunc: validation.StringIsNotEmpty, - }, - - "type": { - Type: pluginsdk.TypeString, - Required: true, - ValidateFunc: validation.StringIsNotEmpty, - }, - }, - }, + "credential_name": { + Type: pluginsdk.TypeString, + Optional: true, + ValidateFunc: validation.StringIsNotEmpty, }, }, } @@ -280,9 +266,10 @@ func resourceDataFactoryLinkedServiceAzureSQLDatabaseCreateUpdate(d *pluginsdk.R azureSQLDatabaseLinkedService.Annotations = &annotations } - if v, ok := d.GetOk("credential"); ok { - credential := v.([]interface{}) - azureSQLDatabaseLinkedService.Credential = expandAzureCredentialReference(credential) + if credentialName := d.Get("credential_name").(string); credentialName != "" { + azureSQLDatabaseLinkedService.Credential = &datafactory.CredentialReference{ + ReferenceName: pointer.To(credentialName), + } } linkedService := datafactory.LinkedServiceResource{ @@ -379,7 +366,7 @@ func resourceDataFactoryLinkedServiceAzureSQLDatabaseRead(d *pluginsdk.ResourceD } if credential := sql.Credential; credential != nil { - d.Set("credential", flattenAzureCredentialReference(credential)) + d.Set("credential_name", pointer.From(sql.Credential.ReferenceName)) } return nil diff --git a/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource_test.go b/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource_test.go index 12ccbea22331..73652133aecd 100644 --- a/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource_test.go +++ b/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource_test.go @@ -124,8 +124,7 @@ func TestAccDataFactoryLinkedServiceAzureSQLDatabase_Credential(t *testing.T) { Config: r.credential(data), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), - check.That(data.ResourceName).Key("credential.0.reference_name").HasValue(fmt.Sprintf("test%d", data.RandomInteger)), - check.That(data.ResourceName).Key("credential.0.type").HasValue("CredentialReference"), + check.That(data.ResourceName).Key("credential_name").HasValue(fmt.Sprintf("test%d", data.RandomInteger)), ), }, data.ImportStep("connection_string"), @@ -413,10 +412,7 @@ resource "azurerm_data_factory_linked_service_azure_sql_database" "test" { data_factory_id = azurerm_data_factory.test.id connection_string = "data source=serverhostname;initial catalog=master;user id=testUser;Password=test;integrated security=False;encrypt=True;connection timeout=30" - credential { - reference_name = azurerm_data_factory_credential_user_managed_identity.test.name - type = "CredentialReference" - } + credential_name = azurerm_data_factory_credential_user_managed_identity.test.name } `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger) } diff --git a/website/docs/r/data_factory_linked_service_azure_sql_database.html.markdown b/website/docs/r/data_factory_linked_service_azure_sql_database.html.markdown index 2d241b9e1cd5..10bf80eccfb2 100644 --- a/website/docs/r/data_factory_linked_service_azure_sql_database.html.markdown +++ b/website/docs/r/data_factory_linked_service_azure_sql_database.html.markdown @@ -65,7 +65,7 @@ The following arguments are supported: * `key_vault_password` - (Optional) A `key_vault_password` block as defined below. Use this argument to store SQL Server password in an existing Key Vault. It needs an existing Key Vault Data Factory Linked Service. -* `credential` - (Optional) A `credential` block as defined below. Use this argument to authenticate against the linked resource using a User-assigned Managed Identity. +* `credential_name` - (Optional) The name of a User-assigned Managed Identity. Use this argument to authenticate against the linked resource using a User-assigned Managed Identity. --- @@ -85,13 +85,6 @@ A `key_vault_password` block supports the following: --- -A `credential` block supports the following: - -* `reference_name` - (Required) Name of the User-assigned Managed Identity. - -* `type` - (Required) Sets the credential type. The only valid value is `CredentialReference`. ---- - ## Attributes Reference In addition to the Arguments listed above - the following Attributes are exported: From a7fb1838ddf637885e8daa9765bf13993a5022ec Mon Sep 17 00:00:00 2001 From: chilledornaments Date: Thu, 24 Oct 2024 09:39:12 -0600 Subject: [PATCH 4/4] fix reference --- .../data_factory_linked_service_azure_sql_database_resource.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource.go b/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource.go index d7808380240a..d4b01bf60228 100644 --- a/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource.go +++ b/internal/services/datafactory/data_factory_linked_service_azure_sql_database_resource.go @@ -366,7 +366,7 @@ func resourceDataFactoryLinkedServiceAzureSQLDatabaseRead(d *pluginsdk.ResourceD } if credential := sql.Credential; credential != nil { - d.Set("credential_name", pointer.From(sql.Credential.ReferenceName)) + d.Set("credential_name", pointer.From(credential.ReferenceName)) } return nil