managedhsm: introducing dedicated Resource ID Parsers for the Data Plane Versioned and Versionless Key IDs #25601
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
14 tasks
|
Hi Tom, I rebased #25088 on top of this PR and I found two small gaps this PR might want to address too:
What do you think? |
…ane Versioned and Versionless Key IDs
…ssignment This switches to using the Resource ID the Resource actually uses rather than this apparent Terraform unique value?
This now uses `managed_hsm_id` to discover the Managed HSM rather than the Data Plane URI - which mirrors the pattern used elsewhere. This is important for two reasons: 1. We don't support provisioning resources across Subscriptions - a unique Provider instance needs to be used for each Subscription 2. This allows us to determine when the Managed HSM in question has been removed out-of-band due to limitations in Go's networking layer
…he Parse function directly This was tested via the validate, but was missing tests covering this directly
tombuildsstuff
force-pushed
the
f/managed-hsm-nested-items
branch
from
99d4bdf
to
c9dfeab
Compare
…gnment IDs This causes "/" to become "", and "/keys" to become "keys" We only trim the first leading slash when parsing, not when outputting.
katbyte
added a commit
that referenced
this pull request
May 2, 2024
dduportal
pushed a commit
to jenkins-infra/azure
that referenced
this pull request
May 3, 2024
<Actions>
<action
id="f410411e63aff4bb73a81c2aec1d373cf8a903e63b30dee2006b0030d8a94cc8">
<h3>Bump Terraform `azurerm` provider version</h3>
<details
id="1d9343c012f5434ac9fe8a98135bae3667b399259be16d9b14302ea3bd424a24">
<summary>Update Terraform lock file</summary>
<p>changes detected:
	"hashicorp/azurerm" updated from
"3.101.0" to "3.102.0" in file
".terraform.lock.hcl"</p>
<details>
<summary>3.102.0</summary>
<pre>Changelog retrieved
from:
	https://github.com/hashicorp/terraform-provider-azurerm/releases/tag/v3.102.0
FEATURES:

*
New Resource: `azurerm_storage_sync_server_endpoint`
([#25831](https://github.com/hashicorp/terraform-provider-azurerm/issues/25831))
*
New Resource: `azurerm_storage_container_immutability_policy`
([#25804](https://github.com/hashicorp/terraform-provider-azurerm/issues/25804))

ENHANCEMENTS:

*
`azurerm_load_test` - add support for `encryption`
([#25759](https://github.com/hashicorp/terraform-provider-azurerm/issues/25759))
*
`azurerm_network_connection_monitor` - update validation for
`target_resource_type` and `target_resource_id`
([#25745](https://github.com/hashicorp/terraform-provider-azurerm/issues/25745))
*
`azurerm_mssql_managed_database` - support for a Restorable Database ID
to be used as the `source_database_id` for point in time restore
([#25568](https://github.com/hashicorp/terraform-provider-azurerm/issues/25568))
*
`azurerm_storage_account` - support for the `managed_hsm_key_id`
property
([#25088](https://github.com/hashicorp/terraform-provider-azurerm/issues/25088))
*
`azurerm_storage_account_customer_managed_key` - support for the
`managed_hsm_key_id` property
([#25088](https://github.com/hashicorp/terraform-provider-azurerm/issues/25088))

BUG
FIXES:

* `azurerm_linux_function_app` - now sets docker
registry url in `linux_fx_version` by default
([#23911](https://github.com/hashicorp/terraform-provider-azurerm/issues/23911))
*
`azurerm_resource_group` - work around sporadic eventual consistency
errors
([#25758](https://github.com/hashicorp/terraform-provider-azurerm/issues/25758))

DEPRECATIONS:

*
`azurerm_key_vault_managed_hardware_security_module_role_assignment` -
the `vault_base_url` property has been deprecated in favour of the
`managed_hsm_id` property
([#25601](https://github.com/hashicorp/terraform-provider-azurerm/issues/25601))


</pre>
</details>
</details>
<a
href="https://infra.ci.jenkins.io/job/updatecli/job/azure/job/main/148/">Jenkins
pipeline link</a>
</action>
</Actions>
---
<table>
<tr>
<td width="77">
<img src="https://www.updatecli.io/images/updatecli.png" alt="Updatecli
logo" width="50" height="50">
</td>
<td>
<p>
Created automatically by <a
href="https://www.updatecli.io/">Updatecli</a>
</p>
<details><summary>Options:</summary>
<br />
<p>Most of Updatecli configuration is done via <a
href="https://www.updatecli.io/docs/prologue/quick-start/">its
manifest(s)</a>.</p>
<ul>
<li>If you close this pull request, Updatecli will automatically reopen
it, the next time it runs.</li>
<li>If you close this pull request and delete the base branch, Updatecli
will automatically recreate it, erasing all previous commits made.</li>
</ul>
<p>
Feel free to report any issues at <a
href="https://github.com/updatecli/updatecli/issues">github.com/updatecli/updatecli</a>.<br
/>
If you find this tool useful, do not hesitate to star <a
href="https://github.com/updatecli/updatecli/stargazers">our GitHub
repository</a> as a sign of appreciation, and/or to tell us directly on
our <a
href="https://matrix.to/#/#Updatecli_community:gitter.im">chat</a>!
</p>
</details>
</td>
</tr>
</table>
Co-authored-by: Jenkins Infra Bot (updatecli) <60776566+jenkins-infra-bot@users.noreply.github.com>
1 task
|
Think you missed the removal of the scope in the data example here https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_managed_hardware_security_module_role_assignment |
|
@riemers Could you open a new issue for this so we can track this? Thanks! |
1 task
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Community Note
Description
This PR introduces dedicated Resource ID parsers for Managed HSM Data Plane Keys - it doesn't yet refactor the Role Assignments/Definitions to the same pattern since the current Resource IDs differ from those defined in the API - but that'll come in a bit.
This PR refactors the Managed HSM package to introduce a consistent set of Resource ID parsers which take into account the Domain Suffix.
Whilst this should be mostly complete, due to a number of issues with the existing resources - this isn’t quite as far as I wanted this to be before I headed out, and the following remains:
managed_hsm_idbeing the new preference rather thanvault_base_urlresource_manager_id?