New Resource: azurerm_key_vault_managed_hardware_security_module_key (

#25935)
hashicorp · May 16, 2024 · 02b4634 · 02b4634
1 parent b039d17
commit 02b4634
Show file tree

Hide file tree

Showing 16 changed files with 1,410 additions and 49 deletions.
diff --git a/internal/features/defaults.go b/internal/features/defaults.go
@@ -25,11 +25,15 @@ func Default() UserFeatures {
 			PurgeSoftDeletedKeysOnDestroy:    true,
 			PurgeSoftDeletedCertsOnDestroy:   true,
 			PurgeSoftDeletedSecretsOnDestroy: true,
-			PurgeSoftDeletedHSMsOnDestroy:    true,
 			RecoverSoftDeletedKeyVaults:      true,
 			RecoverSoftDeletedKeys:           true,
 			RecoverSoftDeletedCerts:          true,
 			RecoverSoftDeletedSecrets:        true,
+
+			// todo 4.0 move all HSM flags into their own features HSMFeatures block
+			PurgeSoftDeletedHSMsOnDestroy:    true,
+			PurgeSoftDeletedHSMKeysOnDestroy: true,
+			RecoverSoftDeletedHSMKeys:        true,
 		},
 		LogAnalyticsWorkspace: LogAnalyticsWorkspaceFeatures{
 			PermanentlyDeleteOnDestroy: true,

diff --git a/internal/features/user_flags.go b/internal/features/user_flags.go
@@ -45,10 +45,12 @@ type KeyVaultFeatures struct {
 	PurgeSoftDeletedCertsOnDestroy   bool
 	PurgeSoftDeletedSecretsOnDestroy bool
 	PurgeSoftDeletedHSMsOnDestroy    bool
+	PurgeSoftDeletedHSMKeysOnDestroy bool
 	RecoverSoftDeletedKeyVaults      bool
 	RecoverSoftDeletedKeys           bool
 	RecoverSoftDeletedCerts          bool
 	RecoverSoftDeletedSecrets        bool
+	RecoverSoftDeletedHSMKeys        bool
 }
 
 type TemplateDeploymentFeatures struct {

diff --git a/internal/provider/features.go b/internal/provider/features.go
@@ -129,6 +129,13 @@ func schemaFeatures(supportLegacyTestSuite bool) *pluginsdk.Schema {
 						Default:     true,
 					},
 
+					"purge_soft_deleted_hardware_security_module_keys_on_destroy": {
+						Description: "When enabled soft-deleted `azurerm_key_vault_managed_hardware_security_module_key` resources will be permanently deleted (e.g purged), when destroyed",
+						Type:        pluginsdk.TypeBool,
+						Optional:    true,
+						Default:     true,
+					},
+
 					"recover_soft_deleted_certificates": {
 						Description: "When enabled soft-deleted `azurerm_key_vault_certificate` resources will be restored, instead of creating new ones",
 						Type:        pluginsdk.TypeBool,
@@ -156,6 +163,13 @@ func schemaFeatures(supportLegacyTestSuite bool) *pluginsdk.Schema {
 						Optional:    true,
 						Default:     true,
 					},
+
+					"recover_soft_deleted_hardware_security_module_keys": {
+						Description: "When enabled soft-deleted `azurerm_key_vault_managed_hardware_security_module_key` resources will be restored, instead of creating new ones",
+						Type:        pluginsdk.TypeBool,
+						Optional:    true,
+						Default:     true,
+					},
 				},
 			},
 		},
@@ -453,6 +467,9 @@ func expandFeatures(input []interface{}) features.UserFeatures {
 			if v, ok := keyVaultRaw["purge_soft_deleted_hardware_security_modules_on_destroy"]; ok {
 				featuresMap.KeyVault.PurgeSoftDeletedHSMsOnDestroy = v.(bool)
 			}
+			if v, ok := keyVaultRaw["purge_soft_deleted_hardware_security_module_keys_on_destroy"]; ok {
+				featuresMap.KeyVault.PurgeSoftDeletedHSMKeysOnDestroy = v.(bool)
+			}
 			if v, ok := keyVaultRaw["recover_soft_deleted_certificates"]; ok {
 				featuresMap.KeyVault.RecoverSoftDeletedCerts = v.(bool)
 			}
@@ -465,6 +482,9 @@ func expandFeatures(input []interface{}) features.UserFeatures {
 			if v, ok := keyVaultRaw["recover_soft_deleted_secrets"]; ok {
 				featuresMap.KeyVault.RecoverSoftDeletedSecrets = v.(bool)
 			}
+			if v, ok := keyVaultRaw["recover_soft_deleted_hardware_security_module_keys"]; ok {
+				featuresMap.KeyVault.RecoverSoftDeletedHSMKeys = v.(bool)
+			}
 		}
 	}
 

diff --git a/internal/provider/features_test.go b/internal/provider/features_test.go
@@ -41,10 +41,12 @@ func TestExpandFeatures(t *testing.T) {
 					PurgeSoftDeletedSecretsOnDestroy: true,
 					PurgeSoftDeleteOnDestroy:         true,
 					PurgeSoftDeletedHSMsOnDestroy:    true,
+					PurgeSoftDeletedHSMKeysOnDestroy: true,
 					RecoverSoftDeletedCerts:          true,
 					RecoverSoftDeletedKeys:           true,
 					RecoverSoftDeletedKeyVaults:      true,
 					RecoverSoftDeletedSecrets:        true,
+					RecoverSoftDeletedHSMKeys:        true,
 				},
 				LogAnalyticsWorkspace: features.LogAnalyticsWorkspaceFeatures{
 					PermanentlyDeleteOnDestroy: true,
@@ -115,15 +117,17 @@ func TestExpandFeatures(t *testing.T) {
 					},
 					"key_vault": []interface{}{
 						map[string]interface{}{
-							"purge_soft_deleted_certificates_on_destroy":              true,
-							"purge_soft_deleted_keys_on_destroy":                      true,
-							"purge_soft_deleted_secrets_on_destroy":                   true,
-							"purge_soft_deleted_hardware_security_modules_on_destroy": true,
-							"purge_soft_delete_on_destroy":                            true,
-							"recover_soft_deleted_certificates":                       true,
-							"recover_soft_deleted_keys":                               true,
-							"recover_soft_deleted_key_vaults":                         true,
-							"recover_soft_deleted_secrets":                            true,
+							"purge_soft_deleted_certificates_on_destroy":                  true,
+							"purge_soft_deleted_keys_on_destroy":                          true,
+							"purge_soft_deleted_secrets_on_destroy":                       true,
+							"purge_soft_deleted_hardware_security_modules_on_destroy":     true,
+							"purge_soft_deleted_hardware_security_module_keys_on_destroy": true,
+							"purge_soft_delete_on_destroy":                                true,
+							"recover_soft_deleted_certificates":                           true,
+							"recover_soft_deleted_keys":                                   true,
+							"recover_soft_deleted_key_vaults":                             true,
+							"recover_soft_deleted_secrets":                                true,
+							"recover_soft_deleted_hardware_security_module_keys":          true,
 						},
 					},
 					"log_analytics_workspace": []interface{}{
@@ -210,10 +214,12 @@ func TestExpandFeatures(t *testing.T) {
 					PurgeSoftDeletedSecretsOnDestroy: true,
 					PurgeSoftDeleteOnDestroy:         true,
 					PurgeSoftDeletedHSMsOnDestroy:    true,
+					PurgeSoftDeletedHSMKeysOnDestroy: true,
 					RecoverSoftDeletedCerts:          true,
 					RecoverSoftDeletedKeys:           true,
 					RecoverSoftDeletedKeyVaults:      true,
 					RecoverSoftDeletedSecrets:        true,
+					RecoverSoftDeletedHSMKeys:        true,
 				},
 				LogAnalyticsWorkspace: features.LogAnalyticsWorkspaceFeatures{
 					PermanentlyDeleteOnDestroy: true,
@@ -284,15 +290,17 @@ func TestExpandFeatures(t *testing.T) {
 					},
 					"key_vault": []interface{}{
 						map[string]interface{}{
-							"purge_soft_deleted_certificates_on_destroy":              false,
-							"purge_soft_deleted_keys_on_destroy":                      false,
-							"purge_soft_deleted_secrets_on_destroy":                   false,
-							"purge_soft_deleted_hardware_security_modules_on_destroy": false,
-							"purge_soft_delete_on_destroy":                            false,
-							"recover_soft_deleted_certificates":                       false,
-							"recover_soft_deleted_keys":                               false,
-							"recover_soft_deleted_key_vaults":                         false,
-							"recover_soft_deleted_secrets":                            false,
+							"purge_soft_deleted_certificates_on_destroy":                  false,
+							"purge_soft_deleted_keys_on_destroy":                          false,
+							"purge_soft_deleted_secrets_on_destroy":                       false,
+							"purge_soft_deleted_hardware_security_modules_on_destroy":     false,
+							"purge_soft_deleted_hardware_security_module_keys_on_destroy": false,
+							"purge_soft_delete_on_destroy":                                false,
+							"recover_soft_deleted_certificates":                           false,
+							"recover_soft_deleted_keys":                                   false,
+							"recover_soft_deleted_key_vaults":                             false,
+							"recover_soft_deleted_secrets":                                false,
+							"recover_soft_deleted_hardware_security_module_keys":          false,
 						},
 					},
 					"log_analytics_workspace": []interface{}{
@@ -378,11 +386,13 @@ func TestExpandFeatures(t *testing.T) {
 					PurgeSoftDeletedKeysOnDestroy:    false,
 					PurgeSoftDeletedSecretsOnDestroy: false,
 					PurgeSoftDeletedHSMsOnDestroy:    false,
+					PurgeSoftDeletedHSMKeysOnDestroy: false,
 					PurgeSoftDeleteOnDestroy:         false,
 					RecoverSoftDeletedCerts:          false,
 					RecoverSoftDeletedKeys:           false,
 					RecoverSoftDeletedKeyVaults:      false,
 					RecoverSoftDeletedSecrets:        false,
+					RecoverSoftDeletedHSMKeys:        false,
 				},
 				LogAnalyticsWorkspace: features.LogAnalyticsWorkspaceFeatures{
 					PermanentlyDeleteOnDestroy: false,
@@ -727,10 +737,12 @@ func TestExpandFeaturesKeyVault(t *testing.T) {
 					PurgeSoftDeletedSecretsOnDestroy: true,
 					PurgeSoftDeleteOnDestroy:         true,
 					PurgeSoftDeletedHSMsOnDestroy:    true,
+					PurgeSoftDeletedHSMKeysOnDestroy: true,
 					RecoverSoftDeletedCerts:          true,
 					RecoverSoftDeletedKeys:           true,
 					RecoverSoftDeletedKeyVaults:      true,
 					RecoverSoftDeletedSecrets:        true,
+					RecoverSoftDeletedHSMKeys:        true,
 				},
 			},
 		},
@@ -740,15 +752,17 @@ func TestExpandFeaturesKeyVault(t *testing.T) {
 				map[string]interface{}{
 					"key_vault": []interface{}{
 						map[string]interface{}{
-							"purge_soft_deleted_certificates_on_destroy":              true,
-							"purge_soft_deleted_keys_on_destroy":                      true,
-							"purge_soft_deleted_secrets_on_destroy":                   true,
-							"purge_soft_deleted_hardware_security_modules_on_destroy": true,
-							"purge_soft_delete_on_destroy":                            true,
-							"recover_soft_deleted_certificates":                       true,
-							"recover_soft_deleted_keys":                               true,
-							"recover_soft_deleted_key_vaults":                         true,
-							"recover_soft_deleted_secrets":                            true,
+							"purge_soft_deleted_certificates_on_destroy":                  true,
+							"purge_soft_deleted_keys_on_destroy":                          true,
+							"purge_soft_deleted_secrets_on_destroy":                       true,
+							"purge_soft_deleted_hardware_security_modules_on_destroy":     true,
+							"purge_soft_deleted_hardware_security_module_keys_on_destroy": true,
+							"purge_soft_delete_on_destroy":                                true,
+							"recover_soft_deleted_certificates":                           true,
+							"recover_soft_deleted_keys":                                   true,
+							"recover_soft_deleted_key_vaults":                             true,
+							"recover_soft_deleted_secrets":                                true,
+							"recover_soft_deleted_hardware_security_module_keys":          true,
 						},
 					},
 				},
@@ -759,11 +773,13 @@ func TestExpandFeaturesKeyVault(t *testing.T) {
 					PurgeSoftDeletedKeysOnDestroy:    true,
 					PurgeSoftDeletedSecretsOnDestroy: true,
 					PurgeSoftDeletedHSMsOnDestroy:    true,
+					PurgeSoftDeletedHSMKeysOnDestroy: true,
 					PurgeSoftDeleteOnDestroy:         true,
 					RecoverSoftDeletedCerts:          true,
 					RecoverSoftDeletedKeys:           true,
 					RecoverSoftDeletedKeyVaults:      true,
 					RecoverSoftDeletedSecrets:        true,
+					RecoverSoftDeletedHSMKeys:        true,
 				},
 			},
 		},
@@ -773,15 +789,17 @@ func TestExpandFeaturesKeyVault(t *testing.T) {
 				map[string]interface{}{
 					"key_vault": []interface{}{
 						map[string]interface{}{
-							"purge_soft_deleted_certificates_on_destroy":              false,
-							"purge_soft_deleted_keys_on_destroy":                      false,
-							"purge_soft_deleted_secrets_on_destroy":                   false,
-							"purge_soft_deleted_hardware_security_modules_on_destroy": false,
-							"purge_soft_delete_on_destroy":                            false,
-							"recover_soft_deleted_certificates":                       false,
-							"recover_soft_deleted_keys":                               false,
-							"recover_soft_deleted_key_vaults":                         false,
-							"recover_soft_deleted_secrets":                            false,
+							"purge_soft_deleted_certificates_on_destroy":                  false,
+							"purge_soft_deleted_keys_on_destroy":                          false,
+							"purge_soft_deleted_secrets_on_destroy":                       false,
+							"purge_soft_deleted_hardware_security_modules_on_destroy":     false,
+							"purge_soft_deleted_hardware_security_module_keys_on_destroy": false,
+							"purge_soft_delete_on_destroy":                                false,
+							"recover_soft_deleted_certificates":                           false,
+							"recover_soft_deleted_keys":                                   false,
+							"recover_soft_deleted_key_vaults":                             false,
+							"recover_soft_deleted_secrets":                                false,
+							"recover_soft_deleted_hardware_security_module_keys":          false,
 						},
 					},
 				},
@@ -793,10 +811,12 @@ func TestExpandFeaturesKeyVault(t *testing.T) {
 					PurgeSoftDeletedSecretsOnDestroy: false,
 					PurgeSoftDeleteOnDestroy:         false,
 					PurgeSoftDeletedHSMsOnDestroy:    false,
+					PurgeSoftDeletedHSMKeysOnDestroy: false,
 					RecoverSoftDeletedCerts:          false,
 					RecoverSoftDeletedKeyVaults:      false,
 					RecoverSoftDeletedKeys:           false,
 					RecoverSoftDeletedSecrets:        false,
+					RecoverSoftDeletedHSMKeys:        false,
 				},
 			},
 		},

diff --git a/internal/services/managedhsm/client/client.go b/internal/services/managedhsm/client/client.go
@@ -23,7 +23,7 @@ type Client struct {
 	ManagedHsmClient *managedhsms.ManagedHsmsClient
 
 	// Data Plane
-	DataPlaneClient                *dataplane.BaseClient
+	DataPlaneKeysClient            *dataplane.BaseClient
 	DataPlaneRoleAssignmentsClient *dataplane.RoleAssignmentsClient
 	DataPlaneRoleDefinitionsClient *dataplane.RoleDefinitionsClient
 	DataPlaneSecurityDomainsClient *dataplane.HSMSecurityDomainClient
@@ -36,8 +36,8 @@ func NewClient(o *common.ClientOptions) (*Client, error) {
 	}
 	o.Configure(managedHsmClient.Client, o.Authorizers.ResourceManager)
 
-	managementClient := dataplane.New()
-	o.ConfigureClient(&managementClient.Client, o.KeyVaultAuthorizer)
+	managementKeysClient := dataplane.New()
+	o.ConfigureClient(&managementKeysClient.Client, o.ManagedHSMAuthorizer)
 
 	securityDomainClient := dataplane.NewHSMSecurityDomainClient()
 	o.ConfigureClient(&securityDomainClient.Client, o.ManagedHSMAuthorizer)
@@ -53,7 +53,7 @@ func NewClient(o *common.ClientOptions) (*Client, error) {
 		ManagedHsmClient: managedHsmClient,
 
 		// Data Plane
-		DataPlaneClient:                &managementClient,
+		DataPlaneKeysClient:            &managementKeysClient,
 		DataPlaneSecurityDomainsClient: &securityDomainClient,
 		DataPlaneRoleDefinitionsClient: &roleDefinitionsClient,
 		DataPlaneRoleAssignmentsClient: &roleAssignmentsClient,