Skip to content

Commit

Permalink
Merge pull request #423 from terraform-providers/f-add-datasource-acc…
Browse files Browse the repository at this point in the history 
…ess-policies

Added new datasource for keyvault access policies
  • Loading branch information
@tombuildsstuff
tombuildsstuff committed Oct 16, 2017
2 parents 19af985 + 8972a28 commit 5fe72b4
Show file tree
Hide file tree
Showing 4 changed files with 290 additions and 0 deletions.
107 changes: 107 additions & 0 deletions azurerm/data_source_key_vault_access_policy.go
View file
@@ -0,0 +1,107 @@
package azurerm

import (
"strings"

"github.com/Azure/azure-sdk-for-go/arm/keyvault"
"github.com/hashicorp/terraform/helper/schema"
"github.com/hashicorp/terraform/helper/validation"
)

func dataSourceArmKeyVaultAccessPolicy() *schema.Resource {
return &schema.Resource{
Read: dataSourceArmKeyVaultAccessPolicyRead,
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice([]string{
"Key Management",
"Secret Management",
"Certificate Management",
"Key & Secret Management",
"Key & Certificate Management",
"Secret & Certificate Management",
"Key, Secret, & Certificate Management",
}, false),
},

// Computed
"certificate_permissions": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"key_permissions": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"secret_permissions": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
},
}
}

func dataSourceArmKeyVaultAccessPolicyRead(d *schema.ResourceData, meta interface{}) error {
name := d.Get("name").(string)
templateManagementPermissions := map[string][]string{
"key": {
string(keyvault.KeyPermissionsGet),
string(keyvault.KeyPermissionsList),
string(keyvault.KeyPermissionsUpdate),
string(keyvault.KeyPermissionsCreate),
string(keyvault.KeyPermissionsImport),
string(keyvault.KeyPermissionsDelete),
string(keyvault.KeyPermissionsRecover),
string(keyvault.KeyPermissionsBackup),
string(keyvault.KeyPermissionsRestore),
},
"secret": {
string(keyvault.SecretPermissionsGet),
string(keyvault.SecretPermissionsList),
string(keyvault.SecretPermissionsSet),
string(keyvault.SecretPermissionsDelete),
string(keyvault.SecretPermissionsRecover),
string(keyvault.SecretPermissionsBackup),
string(keyvault.SecretPermissionsRestore),
},
"certificate": {
string(keyvault.Get),
string(keyvault.List),
string(keyvault.Update),
string(keyvault.Create),
string(keyvault.Import),
string(keyvault.Delete),
string(keyvault.Managecontacts),
string(keyvault.Manageissuers),
string(keyvault.Getissuers),
string(keyvault.Listissuers),
string(keyvault.Setissuers),
string(keyvault.Deleteissuers),
},
}

d.SetId(name)

if strings.Contains(name, "Key") {
d.Set("key_permissions", templateManagementPermissions["key"])
}
if strings.Contains(name, "Secret") {
d.Set("secret_permissions", templateManagementPermissions["secret"])
}
if strings.Contains(name, "Certificate") {
d.Set("certificate_permissions", templateManagementPermissions["certificate"])
}

return nil
}
142 changes: 142 additions & 0 deletions azurerm/data_source_key_vault_access_policy_test.go
View file
@@ -0,0 +1,142 @@
package azurerm

import (
"fmt"
"testing"

"github.com/hashicorp/terraform/helper/resource"
)

func TestAccDataSourceAzureRMKeyVaultAccessPolicy_key(t *testing.T) {
dataSourceName := "data.azurerm_key_vault_access_policy.test"
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccDataSourceKeyVaultAccessPolicy("Key Management"),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(dataSourceName, "key_permissions.#", "9"),
resource.TestCheckNoResourceAttr(dataSourceName, "secret_permissions"),
resource.TestCheckNoResourceAttr(dataSourceName, "certificate_permissions"),
),
},
},
})
}

func TestAccDataSourceAzureRMKeyVaultAccessPolicy_secret(t *testing.T) {
dataSourceName := "data.azurerm_key_vault_access_policy.test"
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccDataSourceKeyVaultAccessPolicy("Secret Management"),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckNoResourceAttr(dataSourceName, "key_permissions"),
resource.TestCheckResourceAttr(dataSourceName, "secret_permissions.#", "7"),
resource.TestCheckNoResourceAttr(dataSourceName, "certificate_permissions"),
),
},
},
})
}

func TestAccDataSourceAzureRMKeyVaultAccessPolicy_certificate(t *testing.T) {
dataSourceName := "data.azurerm_key_vault_access_policy.test"
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccDataSourceKeyVaultAccessPolicy("Certificate Management"),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckNoResourceAttr(dataSourceName, "key_permissions"),
resource.TestCheckNoResourceAttr(dataSourceName, "secret_permissions"),
resource.TestCheckResourceAttr(dataSourceName, "certificate_permissions.#", "12"),
),
},
},
})
}

func TestAccDataSourceAzureRMKeyVaultAccessPolicy_keySecret(t *testing.T) {
dataSourceName := "data.azurerm_key_vault_access_policy.test"
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccDataSourceKeyVaultAccessPolicy("Key & Secret Management"),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(dataSourceName, "key_permissions.#", "9"),
resource.TestCheckResourceAttr(dataSourceName, "secret_permissions.#", "7"),
resource.TestCheckNoResourceAttr(dataSourceName, "certificate_permissions"),
),
},
},
})
}

func TestAccDataSourceAzureRMKeyVaultAccessPolicy_keyCertificate(t *testing.T) {
dataSourceName := "data.azurerm_key_vault_access_policy.test"
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccDataSourceKeyVaultAccessPolicy("Key & Certificate Management"),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(dataSourceName, "key_permissions.#", "9"),
resource.TestCheckNoResourceAttr(dataSourceName, "secret_permissions"),
resource.TestCheckResourceAttr(dataSourceName, "certificate_permissions.#", "12"),
),
},
},
})
}

func TestAccDataSourceAzureRMKeyVaultAccessPolicy_secretCertificate(t *testing.T) {
dataSourceName := "data.azurerm_key_vault_access_policy.test"
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccDataSourceKeyVaultAccessPolicy("Secret & Certificate Management"),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckNoResourceAttr(dataSourceName, "key_permissions"),
resource.TestCheckResourceAttr(dataSourceName, "secret_permissions.#", "7"),
resource.TestCheckResourceAttr(dataSourceName, "certificate_permissions.#", "12"),
),
},
},
})
}

func TestAccDataSourceAzureRMKeyVaultAccessPolicy_keySecretCertificate(t *testing.T) {
dataSourceName := "data.azurerm_key_vault_access_policy.test"
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccDataSourceKeyVaultAccessPolicy("Key, Secret, & Certificate Management"),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(dataSourceName, "key_permissions.#", "9"),
resource.TestCheckResourceAttr(dataSourceName, "secret_permissions.#", "7"),
resource.TestCheckResourceAttr(dataSourceName, "certificate_permissions.#", "12"),
),
},
},
})
}

func testAccDataSourceKeyVaultAccessPolicy(name string) string {
return fmt.Sprintf(`
data "azurerm_key_vault_access_policy" "test" {
name = "%s"
}
`, name)
}
1 change: 1 addition & 0 deletions azurerm/provider.go
View file
Expand Up @@ -71,6 +71,7 @@ func Provider() terraform.ResourceProvider {
"azurerm_builtin_role_definition": dataSourceArmBuiltInRoleDefinition(),
"azurerm_client_config": dataSourceArmClientConfig(),
"azurerm_image": dataSourceArmImage(),
"azurerm_key_vault_access_policy": dataSourceArmKeyVaultAccessPolicy(),
"azurerm_managed_disk": dataSourceArmManagedDisk(),
"azurerm_platform_image": dataSourceArmPlatformImage(),
"azurerm_public_ip": dataSourceArmPublicIP(),
Expand Down
40 changes: 40 additions & 0 deletions website/docs/d/key_vault_access_policy.html.markdown
View file
@@ -0,0 +1,40 @@
---
layout: "azurerm"
page_title: "Azure Resource Manager: azurerm_key_vault_access_policy"
sidebar_current: "docs-azurerm-datasource-azurerm_key_vault_access_policy"
description: |-
Get information about the templated Access Policies for Key Vault.
---

# azurerm_key_vault_access_policy

Use this data source to access information about the permissions from the Management Key Vault Templates.

## Example Usage

```hcl
data "azurerm_key_vault_access_policy" "contributor" {
name = "Key Management"
}
output "access_policy_key_permissions" {
value = "${data.azurerm_key_vault_access_policy.key_permissions}"
}
```

## Argument Reference

* `name` - (Required) Specifies the name of the Management Tempalte. Possible values are: `Key Management`,
`Secret Management`, `Certificate Management`, `Key & Secret Management`, `Key & Certificate Management`,
`Secret & Certificate Management`, `Key, Secret, & Certificate Management`


## Attributes Reference

* `id` - the ID of the Key Vault Access Policy

* `key_permissions` - the key permissions for the access policy

* `secret_permissions` - the secret permissions for the access policy

* `certificate_permissions` - the certificate permissions for the access policy

0 comments on commit 5fe72b4

Please sign in to comment.