Support for Azure Active Directory for Azure Service fabric

[DenheenJ]

This PR adds support for Azure Active Directory (azure_active_directory) for Azure Service fabric (azurerm_service_fabric_cluster)

Addresses issue #2539

Terraform will perform the following actions:

-/+ azurerm_service_fabric_cluster.test (new resource required)
      id:                                                        "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/test-rg/providers/Microsoft.ServiceFabric/clusters/test" => <computed> (forces new resource)
      add_on_features.#:                                         "2" => "2"
      add_on_features.1911128025:                                "DnsService" => "DnsService"
      add_on_features.2685698132:                                "RepairManager" => "RepairManager"
      azure_active_directory.#:                                  "0" => "1"
      azure_active_directory.0.client_application_id:            "" => "00000000-0000-0000-0000-000000000000" (forces new resource)
      azure_active_directory.0.cluster_application_id:           "" => "00000000-0000-0000-0000-000000000000" (forces new resource)
      azure_active_directory.0.tenant_id:                        "" => "00000000-0000-0000-0000-000000000000" (forces new resource)
      certificate.#:                                             "1" => "1"
      certificate.0.thumbprint:                                  "0000000000000000000000000000000000000000" => "0000000000000000000000000000000000000000"
      certificate.0.x509_store_name:                             "My" => "My"
      client_certificate_thumbprint.#:                           "1" => "1"
      client_certificate_thumbprint.0.is_admin:                  "true" => "true"
      client_certificate_thumbprint.0.thumbprint:                "0000000000000000000000000000000000000000" => "0000000000000000000000000000000000000000"
      cluster_code_version:                                      "6.4.617.9590" => <computed>
      cluster_endpoint:                                          "https://northeurope.servicefabric.azure.com/runtime/clusters/00000000-0000-0000-0000-000000000000" => <computed>
      diagnostics_config.#:                                      "1" => "1"
      diagnostics_config.0.blob_endpoint:                        "https://test.blob.core.windows.net/" => "https://test.blob.core.windows.net/"
      diagnostics_config.0.protected_account_key_name:           "StorageAccountKey1" => "StorageAccountKey1"
      diagnostics_config.0.queue_endpoint:                       "https://test.queue.core.windows.net/" => "https://test.queue.core.windows.net/"
      diagnostics_config.0.storage_account_name:                 "test" => "test"
      diagnostics_config.0.table_endpoint:                       "https://test.table.core.windows.net/" => "https://test.table.core.windows.net/"
      fabric_settings.#:                                         "2" => "2"
      fabric_settings.0.name:                                    "Security" => "Security"
      fabric_settings.0.parameters.%:                            "1" => "1"
      fabric_settings.0.parameters.ClusterProtectionLevel:       "EncryptAndSign" => "EncryptAndSign"
      fabric_settings.1.name:                                    "ClusterManager" => "ClusterManager"
      fabric_settings.1.parameters.%:                            "1" => "1"
      fabric_settings.1.parameters.EnableDefaultServicesUpgrade: "true" => "true"
      location:                                                  "northeurope" => "northeurope"
      management_endpoint:                                       "https://10.0.0.20:19080" => "https://10.0.0.20:19080"
      name:                                                      "test" => "test"
      node_type.#:                                               "1" => "1"
      node_type.0.application_ports.#:                           "1" => <computed>
      node_type.0.client_endpoint_port:                          "19000" => "19000"
      node_type.0.durability_level:                              "Bronze" => "Bronze"
      node_type.0.ephemeral_ports.#:                             "1" => <computed>
      node_type.0.http_endpoint_port:                            "19080" => "19080"
      node_type.0.instance_count:                                "3" => "3"
      node_type.0.is_primary:                                    "true" => "true"
      node_type.0.name:                                          "jdssvm1" => "jdssvm1"
      reliability_level:                                         "Bronze" => "Bronze"
      resource_group_name:                                       "test-rg" => "test-rg"
      tags.%:                                                    "0" => <computed>
      upgrade_mode:                                              "Automatic" => "Automatic"
      vm_image:                                                  "Windows" => "Windows"

  ~ azurerm_virtual_machine_scale_set.scale-set
      extension.1288337054.auto_upgrade_minor_version:           "false" => "false"
      extension.1288337054.name:                                 "ServiceFabricNodeVmExt" => ""
      extension.1288337054.protected_settings:                   "" => ""
      extension.1288337054.publisher:                            "Microsoft.Azure.ServiceFabric" => ""
      extension.1288337054.settings:                             "{\"NicPrefixOverride\":\"10.0.0\",\"certificate\":{\"thumbprint\":\"0000000000000000000000000000000000000000\",\"x509StoreName\":\"My\"},\"clusterEndpoint\":\"https://northeurope.servicefabric.azure.com/runtime/clusters/00000000-0000-0000-0000-000000000000\",\"dataPath\":\"D:\\\\\\\\SvcFab\",\"durabilityLevel\":\"Bronze\",\"nodeTypeRef\":\"jdssvm1\"}" => ""
      extension.1288337054.type:                                 "ServiceFabricNode" => ""
      extension.1288337054.type_handler_version:                 "1.0" => ""
      extension.~2201358812.auto_upgrade_minor_version:          "" => ""
      extension.~2201358812.name:                                "" => "ServiceFabricNodeVmExt"
      extension.~2201358812.protected_settings:                  <sensitive> => <sensitive> (attribute changed)
      extension.~2201358812.publisher:                           "" => "Microsoft.Azure.ServiceFabric"
      extension.~2201358812.settings:                            "" => "      {\n        \"clusterEndpoint\": \"${azurerm_service_fabric_cluster.test.cluster_endpoint}\",\n      \"nodeTypeRef\": \"jdssvm1\",\n        \"dataPath\": \"D:\\\\\\\\SvcFab\",\n        \"durabilityLevel\": \"Bronze\",\n        \"NicPrefixOverride\": \"10.0.0\",\n\"certificate\": {\n          \"thumbprint\": \"0000000000000000000000000000000000000000\",\n          \"x509StoreName\": \"My\"\n        }\n      }\n"
      extension.~2201358812.type:                                "" => "ServiceFabricNode"
      extension.~2201358812.type_handler_version:                "" => "1.0"


Plan: 1 to add, 1 to change, 1 to destroy.

(fixes #2539 )

[tombuildsstuff]

hey @DenheenJ

Thanks for this PR :)

Taking a look through this mostly LGTM - if we can fix up the minor issues (and the tests pass 😄) then this should be good to merge 👍

Thanks!

[tombuildsstuff]

hey @DenheenJ

Thanks for making those changes - this now LGTM 👍

Thanks!

[tombuildsstuff]

hey @DenheenJ

I've run the tests for this and whilst the existing tests pass the new one doesn't, from what appears to be a configuration failure - out of interest do we need another configuration option set in the tests for this?

------- Stdout: -------
=== RUN   TestAccAzureRMServiceFabricCluster_azureActiveDirectory
=== PAUSE TestAccAzureRMServiceFabricCluster_azureActiveDirectory
=== CONT  TestAccAzureRMServiceFabricCluster_azureActiveDirectory
--- FAIL: TestAccAzureRMServiceFabricCluster_azureActiveDirectory (63.65s)
	testing.go:538: Step 0 error: Error applying: 1 error(s) occurred:
		
		* azurerm_service_fabric_cluster.test: 1 error(s) occurred:
		
		* azurerm_service_fabric_cluster.test: Error creating Service Fabric Cluster "acctest-7992678191032686551" (Resource Group "acctestRG-7992678191032686551"): servicefabric.ClustersClient#Create: Failure sending request: StatusCode=0 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="PropertyAllowedInSecureClustersOnly" Message="'AzureActiveDirectory' is allowed in secure clusters only." Details=[]
FAIL

Thanks!

[DenheenJ]

@tombuildsstuff i managed to reproduce the same failure when a certificate is not included. I have added the certificate to the test file.

[katbyte]

@DenheenJ,

I have re-run the test and we are now getting this failure on our CI system:

------- Stdout: -------
=== RUN   TestAccAzureRMServiceFabricCluster_azureActiveDirectory
=== PAUSE TestAccAzureRMServiceFabricCluster_azureActiveDirectory
=== CONT  TestAccAzureRMServiceFabricCluster_azureActiveDirectory
--- FAIL: TestAccAzureRMServiceFabricCluster_azureActiveDirectory (63.68s)
	testing.go:538: Step 0 error: Error applying: 1 error(s) occurred:
		
		* azurerm_service_fabric_cluster.test: 1 error(s) occurred:
		
		* azurerm_service_fabric_cluster.test: Error creating Service Fabric Cluster "acctest-1837755086307828162" (Resource Group "acctestRG-1837755086307828162"): servicefabric.ClustersClient#Create: Failure sending request: StatusCode=0 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="ClientCertDefinedWithoutServerCert" Message="Client certificates cannot be defined when cluster certificate is not defined." Details=[]
FAIL

[DenheenJ]

sorry i added a holiday typo! should pass the test now.

[katbyte]

@DenheenJ,

Thanks for the fix, however i believe the test checks need a slight change:

------- Stdout: -------
=== RUN   TestAccAzureRMServiceFabricCluster_azureActiveDirectory
=== PAUSE TestAccAzureRMServiceFabricCluster_azureActiveDirectory
=== CONT  TestAccAzureRMServiceFabricCluster_azureActiveDirectory
--- FAIL: TestAccAzureRMServiceFabricCluster_azureActiveDirectory (72.87s)
	testing.go:538: Step 0 error: Check failed: Check 6/11 error: azurerm_service_fabric_cluster.test: Attribute 'azure_active_directory.tenant_id' not found
FAIL

[DenheenJ]

I've added additional resources to the test to use real resources however the client app still needs to be added manually as i don't think there is a way to do that in Terraform with this provider yet.

[tombuildsstuff]

hey @DenheenJ

I hope you don't mind but I've pushed a commit to fix the failing test I mentioned above and the tests now pass:

Thanks for this @DenheenJ!

[DenheenJ]

@tombuildsstuff no that's fantastic thank you.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!