From 674694eb8269121ab16eeb8930b937f92f0f1653 Mon Sep 17 00:00:00 2001 From: Heng Lu Date: Fri, 4 Aug 2023 15:23:04 +0800 Subject: [PATCH 1/4] `azurerm_spring_cloud_configuration_service` - support for the `ca_certificate_id` property --- ...ng_cloud_configuration_service_resource.go | 16 ++ ...oud_configuration_service_resource_test.go | 138 +++++++++++++++++- ..._cloud_configuration_service.html.markdown | 2 + 3 files changed, 155 insertions(+), 1 deletion(-) diff --git a/internal/services/springcloud/spring_cloud_configuration_service_resource.go b/internal/services/springcloud/spring_cloud_configuration_service_resource.go index a2d2ef2ae75a..931307635ca4 100644 --- a/internal/services/springcloud/spring_cloud_configuration_service_resource.go +++ b/internal/services/springcloud/spring_cloud_configuration_service_resource.go @@ -102,6 +102,12 @@ func resourceSpringCloudConfigurationService() *pluginsdk.Resource { ValidateFunc: validation.StringIsNotEmpty, }, + "ca_certificate_id": { + Type: pluginsdk.TypeString, + Optional: true, + ValidateFunc: validate.SpringCloudCertificateID, + }, + "host_key": { Type: pluginsdk.TypeString, Optional: true, @@ -259,6 +265,7 @@ func expandConfigurationServiceConfigurationServiceGitRepositoryArray(input []in for _, item := range input { v := item.(map[string]interface{}) results = append(results, appplatform.ConfigurationServiceGitRepository{ + CaCertResourceID: utils.String(v["ca_certificate_id"].(string)), Name: utils.String(v["name"].(string)), Patterns: utils.ExpandStringSlice(v["patterns"].(*pluginsdk.Set).List()), URI: utils.String(v["uri"].(string)), @@ -330,7 +337,16 @@ func flattenConfigurationServiceConfigurationServiceGitRepositoryArray(input *[] username = value.(string) } } + + var caCertificateId string + if item.CaCertResourceID != nil { + certificatedId, err := parse.SpringCloudCertificateIDInsensitively(*item.CaCertResourceID) + if err == nil { + caCertificateId = certificatedId.ID() + } + } results = append(results, map[string]interface{}{ + "ca_certificate_id": caCertificateId, "name": name, "label": label, "patterns": utils.FlattenStringSlice(item.Patterns), diff --git a/internal/services/springcloud/spring_cloud_configuration_service_resource_test.go b/internal/services/springcloud/spring_cloud_configuration_service_resource_test.go index ae51e032cdc9..535c03aa1e6c 100644 --- a/internal/services/springcloud/spring_cloud_configuration_service_resource_test.go +++ b/internal/services/springcloud/spring_cloud_configuration_service_resource_test.go @@ -112,7 +112,8 @@ func TestAccSpringCloudConfigurationService_generation(t *testing.T) { check.That(data.ResourceName).ExistsInAzure(r), ), }, - data.ImportStep(), { + data.ImportStep(), + { Config: r.generation(data, "Gen2"), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), @@ -122,6 +123,20 @@ func TestAccSpringCloudConfigurationService_generation(t *testing.T) { }) } +func TestAccSpringCloudConfigurationService_caCertificateId(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_spring_cloud_configuration_service", "test") + r := SpringCloudConfigurationServiceResource{} + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.caCertificateId(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + }) +} + func (r SpringCloudConfigurationServiceResource) Exists(ctx context.Context, client *clients.Client, state *pluginsdk.InstanceState) (*bool, error) { id, err := parse.SpringCloudConfigurationServiceID(state.ID) if err != nil { @@ -238,3 +253,124 @@ resource "azurerm_spring_cloud_configuration_service" "test" { } `, template, generation) } + +func (r SpringCloudConfigurationServiceResource) caCertificateId(data acceptance.TestData) string { + template := r.template(data) + return fmt.Sprintf(` +%s + + +data "azurerm_client_config" "current" { +} + +data "azuread_service_principal" "test" { + display_name = "Azure Spring Cloud Domain-Management" +} + +resource "azurerm_key_vault" "test" { + name = "acctest-kv-%[2]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + tenant_id = data.azurerm_client_config.current.tenant_id + sku_name = "standard" + + access_policy { + tenant_id = data.azurerm_client_config.current.tenant_id + object_id = data.azurerm_client_config.current.object_id + + secret_permissions = [ + "Set", + ] + + certificate_permissions = [ + "Create", + "Delete", + "Get", + "Purge", + "Update", + ] + } + + access_policy { + tenant_id = data.azurerm_client_config.current.tenant_id + object_id = data.azuread_service_principal.test.object_id + + secret_permissions = [ + "Get", + "List", + ] + + certificate_permissions = [ + "Get", + "List", + ] + } +} + +resource "azurerm_key_vault_certificate" "test" { + name = "acctest-cert-%[2]d" + key_vault_id = azurerm_key_vault.test.id + + certificate_policy { + issuer_parameters { + name = "Self" + } + + key_properties { + exportable = true + key_size = 2048 + key_type = "RSA" + reuse_key = true + } + + lifetime_action { + action { + action_type = "AutoRenew" + } + + trigger { + days_before_expiry = 30 + } + } + + secret_properties { + content_type = "application/x-pkcs12" + } + + x509_certificate_properties { + key_usage = [ + "cRLSign", + "dataEncipherment", + "digitalSignature", + "keyAgreement", + "keyCertSign", + "keyEncipherment", + ] + + subject = "CN=contoso.com" + validity_in_months = 12 + } + } +} + + +resource "azurerm_spring_cloud_certificate" "test" { + name = "acctest-scc-%[2]d" + resource_group_name = azurerm_spring_cloud_service.test.resource_group_name + service_name = azurerm_spring_cloud_service.test.name + key_vault_certificate_id = azurerm_key_vault_certificate.test.id +} + +resource "azurerm_spring_cloud_configuration_service" "test" { + name = "default" + spring_cloud_service_id = azurerm_spring_cloud_service.test.id + repository { + name = "fake" + label = "master" + patterns = ["app/dev"] + uri = "https://github.com/Azure-Samples/piggymetrics" + ca_certificate_id = azurerm_spring_cloud_certificate.test.id + } +} +`, template, data.RandomIntOfLength(10)) +} diff --git a/website/docs/r/spring_cloud_configuration_service.html.markdown b/website/docs/r/spring_cloud_configuration_service.html.markdown index 658504ad3478..5a3b1db50128 100644 --- a/website/docs/r/spring_cloud_configuration_service.html.markdown +++ b/website/docs/r/spring_cloud_configuration_service.html.markdown @@ -73,6 +73,8 @@ A `repository` block supports the following: * `uri` - (Required) Specifies the URI of the repository. +* `ca_certificate_id` - (Optional) Specifies the ID of the CA Spring Cloud Certificate for https URL of Git repository. + * `host_key` - (Optional) Specifies the SSH public key of git repository. * `host_key_algorithm` - (Optional) Specifies the SSH key algorithm of git repository. From 2f8a21c2af0828033a145b9379fc4018dad11050 Mon Sep 17 00:00:00 2001 From: Heng Lu Date: Fri, 4 Aug 2023 15:46:51 +0800 Subject: [PATCH 2/4] update --- .../spring_cloud_configuration_service_resource.go | 9 ++++++--- ...pring_cloud_configuration_service_resource_test.go | 11 ++++++----- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/internal/services/springcloud/spring_cloud_configuration_service_resource.go b/internal/services/springcloud/spring_cloud_configuration_service_resource.go index 931307635ca4..196a6dc706fa 100644 --- a/internal/services/springcloud/spring_cloud_configuration_service_resource.go +++ b/internal/services/springcloud/spring_cloud_configuration_service_resource.go @@ -264,8 +264,7 @@ func expandConfigurationServiceConfigurationServiceGitRepositoryArray(input []in results := make([]appplatform.ConfigurationServiceGitRepository, 0) for _, item := range input { v := item.(map[string]interface{}) - results = append(results, appplatform.ConfigurationServiceGitRepository{ - CaCertResourceID: utils.String(v["ca_certificate_id"].(string)), + repo := appplatform.ConfigurationServiceGitRepository{ Name: utils.String(v["name"].(string)), Patterns: utils.ExpandStringSlice(v["patterns"].(*pluginsdk.Set).List()), URI: utils.String(v["uri"].(string)), @@ -277,7 +276,11 @@ func expandConfigurationServiceConfigurationServiceGitRepositoryArray(input []in HostKeyAlgorithm: utils.String(v["host_key_algorithm"].(string)), PrivateKey: utils.String(v["private_key"].(string)), StrictHostKeyChecking: utils.Bool(v["strict_host_key_checking"].(bool)), - }) + } + if caCertificatedId := v["ca_certificate_id"].(string); caCertificatedId != "" { + repo.CaCertResourceID = utils.String(caCertificatedId) + } + results = append(results, repo) } return &results } diff --git a/internal/services/springcloud/spring_cloud_configuration_service_resource_test.go b/internal/services/springcloud/spring_cloud_configuration_service_resource_test.go index 535c03aa1e6c..9f3778287c12 100644 --- a/internal/services/springcloud/spring_cloud_configuration_service_resource_test.go +++ b/internal/services/springcloud/spring_cloud_configuration_service_resource_test.go @@ -364,12 +364,13 @@ resource "azurerm_spring_cloud_certificate" "test" { resource "azurerm_spring_cloud_configuration_service" "test" { name = "default" spring_cloud_service_id = azurerm_spring_cloud_service.test.id + generation = "Gen2" repository { - name = "fake" - label = "master" - patterns = ["app/dev"] - uri = "https://github.com/Azure-Samples/piggymetrics" - ca_certificate_id = azurerm_spring_cloud_certificate.test.id + name = "fake" + label = "master" + patterns = ["app/dev"] + uri = "https://github.com/Azure-Samples/piggymetrics" + ca_certificate_id = azurerm_spring_cloud_certificate.test.id } } `, template, data.RandomIntOfLength(10)) From 68cbc2215d470ce27befb83e2578127dd10288cf Mon Sep 17 00:00:00 2001 From: Heng Lu <79895375+ms-henglu@users.noreply.github.com> Date: Mon, 7 Aug 2023 10:00:54 +0800 Subject: [PATCH 3/4] Update website/docs/r/spring_cloud_configuration_service.html.markdown Co-authored-by: Tom Harvey --- website/docs/r/spring_cloud_configuration_service.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/r/spring_cloud_configuration_service.html.markdown b/website/docs/r/spring_cloud_configuration_service.html.markdown index 5a3b1db50128..57e1fd7e40c7 100644 --- a/website/docs/r/spring_cloud_configuration_service.html.markdown +++ b/website/docs/r/spring_cloud_configuration_service.html.markdown @@ -73,7 +73,7 @@ A `repository` block supports the following: * `uri` - (Required) Specifies the URI of the repository. -* `ca_certificate_id` - (Optional) Specifies the ID of the CA Spring Cloud Certificate for https URL of Git repository. +* `ca_certificate_id` - (Optional) Specifies the ID of the Certificate Authority used when retrieving the Git Repository via HTTPS. * `host_key` - (Optional) Specifies the SSH public key of git repository. From 7781269dd7bab51e2456938577e0fde029b37d9c Mon Sep 17 00:00:00 2001 From: Heng Lu Date: Mon, 7 Aug 2023 14:07:22 +0800 Subject: [PATCH 4/4] update --- .../spring_cloud_configuration_service_resource_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/internal/services/springcloud/spring_cloud_configuration_service_resource_test.go b/internal/services/springcloud/spring_cloud_configuration_service_resource_test.go index 9f3778287c12..e1df6e5e540c 100644 --- a/internal/services/springcloud/spring_cloud_configuration_service_resource_test.go +++ b/internal/services/springcloud/spring_cloud_configuration_service_resource_test.go @@ -264,7 +264,7 @@ data "azurerm_client_config" "current" { } data "azuread_service_principal" "test" { - display_name = "Azure Spring Cloud Domain-Management" + display_name = "Azure Spring Cloud Resource Provider" } resource "azurerm_key_vault" "test" { @@ -359,6 +359,7 @@ resource "azurerm_spring_cloud_certificate" "test" { resource_group_name = azurerm_spring_cloud_service.test.resource_group_name service_name = azurerm_spring_cloud_service.test.name key_vault_certificate_id = azurerm_key_vault_certificate.test.id + exclude_private_key = true } resource "azurerm_spring_cloud_configuration_service" "test" {