azurerm_data_factory - support for the customer_managed_key_id property

[allantargino]

fix #10417
This PR adds both CMK (Customer Managed Keys) and user assigned identities to ADF.

Azure Data Factory currently only allows using CMK encryption at creation time when using user assigned identities.

[allantargino]

I need some help with this PR 😢
TestAccDataFactory_userAssignedIdentity is failing and I can't figure it out why the plan is different:

Running tool: /usr/local/go/bin/go test -timeout 3600s -run ^TestAccDataFactory_userAssignedIdentity$ github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/datafactory -v

=== RUN   TestAccDataFactory_userAssignedIdentity
=== PAUSE TestAccDataFactory_userAssignedIdentity
=== CONT  TestAccDataFactory_userAssignedIdentity
    /home/allan/repos/terraform/azurerm/azurerm/internal/services/datafactory/testing.go:684: Step 0 error: After applying this step and refreshing, the plan was not empty:

        DIFF:

        UPDATE: azurerm_data_factory.test
          github_configuration.#:         "0" => "0"
          id:                             "/subscriptions/x/resourceGroups/acctestrg-df-210208104113152502/providers/Microsoft.DataFactory/factories/acctest210208104113152502" => "/subscriptions/x/resourceGroups/acctestrg-df-210208104113152502/providers/Microsoft.DataFactory/factories/acctest210208104113152502"
          identity.#:                     "1" => "1"
          identity.0.principal_id:        "" => ""
          identity.0.tenant_id:           "" => ""
          identity.0.type:                "UserAssigned" => "UserAssigned"
          identity.0.user_identity_ids.#: "1" => "1"
          identity.0.user_identity_ids.0: "/subscriptions/x/resourcegroups/acctestRG-df-210208104113152502/providers/Microsoft.ManagedIdentity/userAssignedIdentities/acctest210208104113152502" => "/subscriptions/x/resourceGroups/acctestRG-df-210208104113152502/providers/Microsoft.ManagedIdentity/userAssignedIdentities/acctest210208104113152502"
          location:                       "brazilsouth" => "brazilsouth"
          name:                           "acctest210208104113152502" => "acctest210208104113152502"
          public_network_enabled:         "true" => "true"
          resource_group_name:            "acctestrg-df-210208104113152502" => "acctestrg-df-210208104113152502"
          vsts_configuration.#:           "0" => "0"

The apply works and I can manually verify that ADF contains the user identity.

[ArcturusZhang]

And here is why we are getting the non-empty plan:

• /subscriptions/x/resourcegroups/acctestRG-df-210208104113152502/providers/Microsoft.ManagedIdentity/userAssignedIdentities/acctest210208104113152502
• /subscriptions/x/resourceGroups/acctestRG-df-210208104113152502/providers/Microsoft.ManagedIdentity/userAssignedIdentities/acctest210208104113152502

The root cause of this is that the user assigned identity resource is not returning its ID in proper casing - we could fix this by introducing ID parsing functionality in the msi service and then this would be automatically fixed.

[ArcturusZhang]

Well it turns out that our user_assigned_identity resource already implemented the ID Formatters - therefore the root cause of the non-empty diff has been fixed. @allantargino could you please update your PR, resolve the merge conflict and try the test again?

[allantargino]

I renamed key_vault_key_id to customer_managed_key_id so it is aligned to #11328.
Also fixed the suggestions.

[allantargino]

@ArcturusZhang even after merging main into this branch, I am getting the same resourcegroups problem :(

              ~ identity {
                  ~ identity_ids = [
                      - "/subscriptions/x/resourcegroups/acctestRG-df-210426143744464185/providers/Microsoft.ManagedIdentity/userAssignedIdentities/acctest210426143744464185",
                      + "/subscriptions/x/resourceGroups/acctestRG-df-210426143744464185/providers/Microsoft.ManagedIdentity/userAssignedIdentities/acctest210426143744464185",
                    ]
                    # (1 unchanged attribute hidden)
                }
            }

[katbyte]

@allantargino - the new parser will need to be used in "case insensitive mode" to parse and the pop out the correctly cased id

[allantargino]

Thank you @ArcturusZhang and @katbyte ! Super clear now!
I refactored the user assigned identity assignment part during the create/update since the API was returning a 400 when using the array empty (instead of nil).
I also included the user identity property on the data source, since it used the same flattening function as the resource.

[katbyte]

Thanks @allantargino - this LGTM 👍

[ghost]

This has been released in version 2.58.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.58.0"
}
# ... other configuration ...

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.