API Management: ensuring a Key Vault Child ID is passed (#2189)

* refactor: Key Vault Child -> Azure package * Adding validation for a Key Vault Child ID ``` === RUN TestAccAzureRMValidateKeyVaultChildID --- PASS: TestAccAzureRMValidateKeyVaultChildID (0.00s) PASS ```
hashicorp · Oct 31, 2018 · 46eadc3 · 46eadc3
1 parent 206ff8a
commit 46eadc3
Show file tree

Hide file tree

Showing 8 changed files with 124 additions and 44 deletions.
diff --git a/azurerm/data_source_key_vault_secret.go b/azurerm/data_source_key_vault_secret.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 
 	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
 )
 
@@ -62,7 +63,7 @@ func dataSourceArmKeyVaultSecretRead(d *schema.ResourceData, meta interface{}) e
 	}
 
 	// the version may have changed, so parse the updated id
-	respID, err := parseKeyVaultChildID(*resp.ID)
+	respID, err := azure.ParseKeyVaultChildID(*resp.ID)
 	if err != nil {
 		return err
 	}

diff --git a/azurerm/key_vault_child.go → azurerm/helpers/azure/key_vault_child.go b/azurerm/key_vault_child.go → azurerm/helpers/azure/key_vault_child.go
@@ -1,13 +1,21 @@
-package azurerm
+package azure
 
 import (
 	"fmt"
 	"net/url"
 	"regexp"
 	"strings"
+
+	"github.com/hashicorp/terraform/helper/validation"
 )
 
-func parseKeyVaultChildID(id string) (*KeyVaultChildID, error) {
+type KeyVaultChildID struct {
+	KeyVaultBaseUrl string
+	Name            string
+	Version         string
+}
+
+func ParseKeyVaultChildID(id string) (*KeyVaultChildID, error) {
 	// example: https://tharvey-keyvault.vault.azure.net/type/bird/fdf067c93bbb4b22bff4d8b7a9a56217
 	idURL, err := url.ParseRequestURI(id)
 	if err != nil {
@@ -34,13 +42,7 @@ func parseKeyVaultChildID(id string) (*KeyVaultChildID, error) {
 	return &childId, nil
 }
 
-type KeyVaultChildID struct {
-	KeyVaultBaseUrl string
-	Name            string
-	Version         string
-}
-
-func validateKeyVaultChildName(v interface{}, k string) (ws []string, es []error) {
+func ValidateKeyVaultChildName(v interface{}, k string) (ws []string, es []error) {
 	value := v.(string)
 
 	if matched := regexp.MustCompile(`^[0-9a-zA-Z-]+$`).Match([]byte(value)); !matched {
@@ -49,3 +51,25 @@ func validateKeyVaultChildName(v interface{}, k string) (ws []string, es []error
 
 	return ws, es
 }
+
+// Unfortunately this can't (easily) go in the Validate package
+// since there's a circular reference on this package
+func ValidateKeyVaultChildId(i interface{}, k string) (s []string, es []error) {
+	if s, es = validation.NoZeroValues(i, k); len(es) > 0 {
+		return s, es
+	}
+
+	v, ok := i.(string)
+	if !ok {
+		es = append(es, fmt.Errorf("Expected %s to be a string!", k))
+		return s, es
+	}
+
+	_, err := ParseKeyVaultChildID(v)
+	if err != nil {
+		es = append(es, fmt.Errorf("Error parsing Key Vault Child ID: %s", err))
+		return s, es
+	}
+
+	return s, es
+}
diff --git a/azurerm/key_vault_child_test.go → ...erm/helpers/azure/key_vault_child_test.go b/azurerm/key_vault_child_test.go → ...erm/helpers/azure/key_vault_child_test.go
@@ -1,8 +1,8 @@
-package azurerm
+package azure
 
 import "testing"
 
-func TestAccAzureRMKeyVaultChild_validateName(t *testing.T) {
+func TestAccAzureRMValidateKeyVaultChildID(t *testing.T) {
 	cases := []struct {
 		Input       string
 		ExpectError bool
@@ -12,42 +12,45 @@ func TestAccAzureRMKeyVaultChild_validateName(t *testing.T) {
 			ExpectError: true,
 		},
 		{
-			Input:       "hello",
-			ExpectError: false,
+			Input:       "https://my-keyvault.vault.azure.net/secrets",
+			ExpectError: true,
 		},
 		{
-			Input:       "hello-world",
-			ExpectError: false,
+			Input:       "https://my-keyvault.vault.azure.net/secrets/bird",
+			ExpectError: true,
 		},
 		{
-			Input:       "hello-world-21",
+			Input:       "https://my-keyvault.vault.azure.net/secrets/bird/fdf067c93bbb4b22bff4d8b7a9a56217",
 			ExpectError: false,
 		},
 		{
-			Input:       "hello_world_21",
-			ExpectError: true,
-		},
-		{
-			Input:       "Hello-World",
+			Input:       "https://my-keyvault.vault.azure.net/certificates/hello/world",
 			ExpectError: false,
 		},
 		{
-			Input:       "20202020",
+			Input:       "https://my-keyvault.vault.azure.net/keys/castle/1492",
 			ExpectError: false,
 		},
 		{
-			Input:       "ABC123!@£",
+			Input:       "https://my-keyvault.vault.azure.net/secrets/bird/fdf067c93bbb4b22bff4d8b7a9a56217/XXX",
 			ExpectError: true,
 		},
 	}
 
 	for _, tc := range cases {
-		_, errors := validateKeyVaultChildName(tc.Input, "")
+		warnings, err := ValidateKeyVaultChildId(tc.Input, "example")
+		if err != nil {
+			if !tc.ExpectError {
+				t.Fatalf("Got error for input %q: %+v", tc.Input, err)
+			}
 
-		hasError := len(errors) > 0
+			return
+		}
 
-		if tc.ExpectError && !hasError {
-			t.Fatalf("Expected the Key Vault Child Name to trigger a validation error for '%s'", tc.Input)
+		if tc.ExpectError && len(warnings) == 0 {
+			t.Fatalf("Got no errors for input %q but expected some", tc.Input)
+		} else if !tc.ExpectError && len(warnings) > 0 {
+			t.Fatalf("Got %d errors for input %q when didn't expect any", len(warnings), tc.Input)
 		}
 	}
 }
@@ -104,7 +107,7 @@ func TestAccAzureRMKeyVaultChild_parseID(t *testing.T) {
 	}
 
 	for _, tc := range cases {
-		secretId, err := parseKeyVaultChildID(tc.Input)
+		secretId, err := ParseKeyVaultChildID(tc.Input)
 		if err != nil {
 			if !tc.ExpectError {
 				t.Fatalf("Got error for ID '%s': %+v", tc.Input, err)
@@ -130,3 +133,53 @@ func TestAccAzureRMKeyVaultChild_parseID(t *testing.T) {
 		}
 	}
 }
+
+func TestAccAzureRMKeyVaultChild_validateName(t *testing.T) {
+	cases := []struct {
+		Input       string
+		ExpectError bool
+	}{
+		{
+			Input:       "",
+			ExpectError: true,
+		},
+		{
+			Input:       "hello",
+			ExpectError: false,
+		},
+		{
+			Input:       "hello-world",
+			ExpectError: false,
+		},
+		{
+			Input:       "hello-world-21",
+			ExpectError: false,
+		},
+		{
+			Input:       "hello_world_21",
+			ExpectError: true,
+		},
+		{
+			Input:       "Hello-World",
+			ExpectError: false,
+		},
+		{
+			Input:       "20202020",
+			ExpectError: false,
+		},
+		{
+			Input:       "ABC123!@£",
+			ExpectError: true,
+		},
+	}
+
+	for _, tc := range cases {
+		_, errors := ValidateKeyVaultChildName(tc.Input, "")
+
+		hasError := len(errors) > 0
+
+		if tc.ExpectError && !hasError {
+			t.Fatalf("Expected the Key Vault Child Name to trigger a validation error for '%s'", tc.Input)
+		}
+	}
+}
diff --git a/azurerm/helpers/validate/validate.go b/azurerm/helpers/validate/validate.go
@@ -3,7 +3,6 @@ package validate
 import (
 	"fmt"
 	"net/url"
-
 	"strings"
 
 	"github.com/hashicorp/terraform/helper/schema"

diff --git a/azurerm/resource_arm_api_management.go b/azurerm/resource_arm_api_management.go
@@ -775,7 +775,7 @@ func apiManagementResourceHostnameSchema(schemaName string) map[string]*schema.S
 		"key_vault_id": {
 			Type:         schema.TypeString,
 			Optional:     true,
-			ValidateFunc: azure.ValidateResourceID,
+			ValidateFunc: azure.ValidateKeyVaultChildId,
 			ConflictsWith: []string{
 				fmt.Sprintf("hostname_configuration.0.%s.0.certificate", schemaName),
 				fmt.Sprintf("hostname_configuration.0.%s.0.certificate_password", schemaName),

diff --git a/azurerm/resource_arm_key_vault_certificate.go b/azurerm/resource_arm_key_vault_certificate.go
@@ -13,6 +13,7 @@ import (
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/helper/schema"
 	"github.com/hashicorp/terraform/helper/validation"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
 )
 
@@ -31,7 +32,7 @@ func resourceArmKeyVaultCertificate() *schema.Resource {
 				Type:         schema.TypeString,
 				Required:     true,
 				ForceNew:     true,
-				ValidateFunc: validateKeyVaultChildName,
+				ValidateFunc: azure.ValidateKeyVaultChildName,
 			},
 
 			"vault_uri": {
@@ -369,7 +370,7 @@ func resourceArmKeyVaultCertificateRead(d *schema.ResourceData, meta interface{}
 	client := meta.(*ArmClient).keyVaultManagementClient
 	ctx := meta.(*ArmClient).StopContext
 
-	id, err := parseKeyVaultChildID(d.Id())
+	id, err := azure.ParseKeyVaultChildID(d.Id())
 	if err != nil {
 		return err
 	}
@@ -419,7 +420,7 @@ func resourceArmKeyVaultCertificateDelete(d *schema.ResourceData, meta interface
 	client := meta.(*ArmClient).keyVaultManagementClient
 	ctx := meta.(*ArmClient).StopContext
 
-	id, err := parseKeyVaultChildID(d.Id())
+	id, err := azure.ParseKeyVaultChildID(d.Id())
 	if err != nil {
 		return err
 	}

diff --git a/azurerm/resource_arm_key_vault_key.go b/azurerm/resource_arm_key_vault_key.go
@@ -7,6 +7,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault"
 	"github.com/hashicorp/terraform/helper/schema"
 	"github.com/hashicorp/terraform/helper/validation"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
 )
 
@@ -25,7 +26,7 @@ func resourceArmKeyVaultKey() *schema.Resource {
 				Type:         schema.TypeString,
 				Required:     true,
 				ForceNew:     true,
-				ValidateFunc: validateKeyVaultChildName,
+				ValidateFunc: azure.ValidateKeyVaultChildName,
 			},
 
 			"vault_uri": {
@@ -139,7 +140,7 @@ func resourceArmKeyVaultKeyUpdate(d *schema.ResourceData, meta interface{}) erro
 	ctx := meta.(*ArmClient).StopContext
 
 	log.Print("[INFO] preparing arguments for AzureRM KeyVault Key update.")
-	id, err := parseKeyVaultChildID(d.Id())
+	id, err := azure.ParseKeyVaultChildID(d.Id())
 	if err != nil {
 		return err
 	}
@@ -167,7 +168,7 @@ func resourceArmKeyVaultKeyRead(d *schema.ResourceData, meta interface{}) error
 	client := meta.(*ArmClient).keyVaultManagementClient
 	ctx := meta.(*ArmClient).StopContext
 
-	id, err := parseKeyVaultChildID(d.Id())
+	id, err := azure.ParseKeyVaultChildID(d.Id())
 	if err != nil {
 		return err
 	}
@@ -209,7 +210,7 @@ func resourceArmKeyVaultKeyDelete(d *schema.ResourceData, meta interface{}) erro
 	client := meta.(*ArmClient).keyVaultManagementClient
 	ctx := meta.(*ArmClient).StopContext
 
-	id, err := parseKeyVaultChildID(d.Id())
+	id, err := azure.ParseKeyVaultChildID(d.Id())
 	if err != nil {
 		return err
 	}

diff --git a/azurerm/resource_arm_key_vault_secret.go b/azurerm/resource_arm_key_vault_secret.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault"
 	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
 )
 
@@ -24,7 +25,7 @@ func resourceArmKeyVaultSecret() *schema.Resource {
 				Type:         schema.TypeString,
 				Required:     true,
 				ForceNew:     true,
-				ValidateFunc: validateKeyVaultChildName,
+				ValidateFunc: azure.ValidateKeyVaultChildName,
 			},
 
 			"vault_uri": {
@@ -96,7 +97,7 @@ func resourceArmKeyVaultSecretUpdate(d *schema.ResourceData, meta interface{}) e
 	ctx := meta.(*ArmClient).StopContext
 	log.Print("[INFO] preparing arguments for AzureRM KeyVault Secret update.")
 
-	id, err := parseKeyVaultChildID(d.Id())
+	id, err := azure.ParseKeyVaultChildID(d.Id())
 	if err != nil {
 		return err
 	}
@@ -123,7 +124,7 @@ func resourceArmKeyVaultSecretUpdate(d *schema.ResourceData, meta interface{}) e
 		if err != nil {
 			return fmt.Errorf("Error getting Key Vault Secret %q : %+v", id.Name, err)
 		}
-		_, err = parseKeyVaultChildID(*read.ID)
+		_, err = azure.ParseKeyVaultChildID(*read.ID)
 		if err != nil {
 			return err
 		}
@@ -149,7 +150,7 @@ func resourceArmKeyVaultSecretRead(d *schema.ResourceData, meta interface{}) err
 	client := meta.(*ArmClient).keyVaultManagementClient
 	ctx := meta.(*ArmClient).StopContext
 
-	id, err := parseKeyVaultChildID(d.Id())
+	id, err := azure.ParseKeyVaultChildID(d.Id())
 	if err != nil {
 		return err
 	}
@@ -166,7 +167,7 @@ func resourceArmKeyVaultSecretRead(d *schema.ResourceData, meta interface{}) err
 	}
 
 	// the version may have changed, so parse the updated id
-	respID, err := parseKeyVaultChildID(*resp.ID)
+	respID, err := azure.ParseKeyVaultChildID(*resp.ID)
 	if err != nil {
 		return err
 	}
@@ -185,7 +186,7 @@ func resourceArmKeyVaultSecretDelete(d *schema.ResourceData, meta interface{}) e
 	client := meta.(*ArmClient).keyVaultManagementClient
 	ctx := meta.(*ArmClient).StopContext
 
-	id, err := parseKeyVaultChildID(d.Id())
+	id, err := azure.ParseKeyVaultChildID(d.Id())
 	if err != nil {
 		return err
 	}