azurerm_kubernetes_flux_configuration - added postBuild and wait pr…

…operties to kustomization block (hashicorp#25695)

* bump vendor fluxConfiguration api version

* added postBuild and Wait attributes included as part of 2023-05-01 api changes

* Added validation and documentation

* Fixed formatting

* Fixed extra = typo in test

* Resolve vendor due to failing depscheck

This reverts commit 7153aca.

* Fixed gradually deprecated functions

* Typo in test

* Update documentation for name field in postBuild

Co-authored-by: Zhenhua Hu <zhhu@microsoft.com>

* Updated defaults and kind validation

* Update docs wait description

Co-authored-by: Zhenhua Hu <zhhu@microsoft.com>

* Update docs substitute_from kind description

Co-authored-by: Zhenhua Hu <zhhu@microsoft.com>

* Update docs substitute_from optional description

Co-authored-by: Zhenhua Hu <zhhu@microsoft.com>

* Fixed depscheck

* Update internal/services/containers/kubernetes_flux_configuration_resource.go

Co-authored-by: stephybun <steph@hashicorp.com>

* Update internal/services/containers/kubernetes_flux_configuration_resource.go

Co-authored-by: stephybun <steph@hashicorp.com>

* Update website/docs/r/kubernetes_flux_configuration.html.markdown

Co-authored-by: stephybun <steph@hashicorp.com>

* Update website/docs/r/kubernetes_flux_configuration.html.markdown

Co-authored-by: stephybun <steph@hashicorp.com>

---------

Co-authored-by: Zhenhua Hu <zhhu@microsoft.com>
Co-authored-by: stephybun <steph@hashicorp.com>

internal/services/arckubernetes/arc_kubernetes_flux_configuration_resource.go

@@ -12,7 +12,7 @@ import (
 	"github.com/hashicorp/go-azure-helpers/lang/pointer"
 	"github.com/hashicorp/go-azure-helpers/lang/response"
 	arckubernetes "github.com/hashicorp/go-azure-sdk/resource-manager/hybridkubernetes/2024-01-01/connectedclusters"
-	"github.com/hashicorp/go-azure-sdk/resource-manager/kubernetesconfiguration/2022-11-01/fluxconfiguration"
+	"github.com/hashicorp/go-azure-sdk/resource-manager/kubernetesconfiguration/2023-05-01/fluxconfiguration"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/sdk"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/services/containers/validate"
 	storageValidate "github.com/hashicorp/terraform-provider-azurerm/internal/services/storage/validate"

internal/services/arckubernetes/arc_kubernetes_flux_configuration_resource_test.go

@@ -12,7 +12,7 @@ import (
 	"time"
 
 	"github.com/hashicorp/go-azure-helpers/lang/response"
-	"github.com/hashicorp/go-azure-sdk/resource-manager/kubernetesconfiguration/2022-11-01/fluxconfiguration"
+	"github.com/hashicorp/go-azure-sdk/resource-manager/kubernetesconfiguration/2023-05-01/fluxconfiguration"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
@@ -517,6 +517,20 @@ func (r ArcKubernetesFluxConfigurationResource) azureBlobWithServicePrincipalSec
 	return fmt.Sprintf(`
 				%[1]s
 
+provider "azuread" {}
+
+resource "azuread_application" "test" {
+  display_name = "acctestspa-%[2]d"
+}
+
+resource "azuread_service_principal" "test" {
+  application_id = azuread_application.test.application_id
+}
+
+resource "azuread_service_principal_password" "test" {
+  service_principal_id = azuread_service_principal.test.object_id
+}
+
 resource "azurerm_storage_account" "test" {
   name                     = "sa%[2]d"
   resource_group_name      = azurerm_resource_group.test.name
@@ -537,13 +551,13 @@ data "azurerm_client_config" "test" {
 resource "azurerm_role_assignment" "test_queue" {
   scope                = azurerm_storage_account.test.id
   role_definition_name = "Storage Queue Data Contributor"
-  principal_id         = data.azurerm_client_config.test.object_id
+  principal_id         = azuread_service_principal.test.object_id
 }
 
 resource "azurerm_role_assignment" "test_blob" {
   scope                = azurerm_storage_account.test.id
   role_definition_name = "Storage Blob Data Contributor"
-  principal_id         = data.azurerm_client_config.test.object_id
+  principal_id         = azuread_service_principal.test.object_id
 }
 
 resource "azurerm_arc_kubernetes_flux_configuration" "test" {
@@ -554,9 +568,9 @@ resource "azurerm_arc_kubernetes_flux_configuration" "test" {
   blob_storage {
     container_id = azurerm_storage_container.test.id
     service_principal {
-      client_id     = "%[3]s"
-      tenant_id     = "%[4]s"
-      client_secret = "%[5]s"
+      client_id     = azuread_service_principal.test.client_id
+      tenant_id     = data.azurerm_client_config.test.tenant_id
+      client_secret = azuread_service_principal_password.test.value
     }
   }
 
@@ -570,13 +584,23 @@ resource "azurerm_arc_kubernetes_flux_configuration" "test" {
     azurerm_role_assignment.test_blob
   ]
 }
-`, r.template(data, credential, privateKey, publicKey), data.RandomInteger, os.Getenv("ARM_CLIENT_ID"), os.Getenv("ARM_TENANT_ID"), os.Getenv("ARM_CLIENT_SECRET"))
+`, r.template(data, credential, privateKey, publicKey), data.RandomInteger)
 }
 
 func (r ArcKubernetesFluxConfigurationResource) azureBlobWithServicePrincipalCertificate(data acceptance.TestData, credential string, privateKey string, publicKey string) string {
 	return fmt.Sprintf(`
 				%[1]s
 
+provider "azuread" {}
+
+resource "azuread_application" "test" {
+  display_name = "acctestspa-%[2]d"
+}
+
+resource "azuread_service_principal" "test" {
+  application_id = azuread_application.test.application_id
+}
+
 resource "azurerm_storage_account" "test" {
   name                     = "sa%[2]d"
   resource_group_name      = azurerm_resource_group.test.name
@@ -597,13 +621,13 @@ data "azurerm_client_config" "test" {
 resource "azurerm_role_assignment" "test_queue" {
   scope                = azurerm_storage_account.test.id
   role_definition_name = "Storage Queue Data Contributor"
-  principal_id         = data.azurerm_client_config.test.object_id
+  principal_id         = azuread_service_principal.test.object_id
 }
 
 resource "azurerm_role_assignment" "test_blob" {
   scope                = azurerm_storage_account.test.id
   role_definition_name = "Storage Blob Data Contributor"
-  principal_id         = data.azurerm_client_config.test.object_id
+  principal_id         = azuread_service_principal.test.object_id
 }
 
 resource "azurerm_arc_kubernetes_flux_configuration" "test" {
@@ -614,10 +638,10 @@ resource "azurerm_arc_kubernetes_flux_configuration" "test" {
   blob_storage {
     container_id = azurerm_storage_container.test.id
     service_principal {
-      client_id                     = "%[3]s"
-      tenant_id                     = "%[4]s"
-      client_certificate_base64     = "%[5]s"
-      client_certificate_password   = "%[6]s"
+      client_id                     = azuread_service_principal.test.client_id
+      tenant_id                     = data.azurerm_client_config.test.tenant_id
+      client_certificate_base64     = "%[3]s"
+      client_certificate_password   = "%[4]s"
       client_certificate_send_chain = true
     }
   }
@@ -632,7 +656,7 @@ resource "azurerm_arc_kubernetes_flux_configuration" "test" {
     azurerm_role_assignment.test_blob
   ]
 }
-`, r.template(data, credential, privateKey, publicKey), data.RandomInteger, os.Getenv("ARM_CLIENT_ID"), os.Getenv("ARM_TENANT_ID"), os.Getenv("ARM_CLIENT_CERTIFICATE"), os.Getenv("ARM_CLIENT_CERTIFICATE_PASSWORD"))
+`, r.template(data, credential, privateKey, publicKey), data.RandomInteger, os.Getenv("ARM_CLIENT_CERTIFICATE"), os.Getenv("ARM_CLIENT_CERTIFICATE_PASSWORD"))
 }
 
 func (r ArcKubernetesFluxConfigurationResource) kustomizationNameDuplicated(data acceptance.TestData, credential string, privateKey string, publicKey string) string {

internal/services/arckubernetes/client/client.go

@@ -8,7 +8,7 @@ import (
 
 	"github.com/hashicorp/go-azure-sdk/resource-manager/hybridkubernetes/2024-01-01/connectedclusters"
 	"github.com/hashicorp/go-azure-sdk/resource-manager/kubernetesconfiguration/2022-11-01/extensions"
-	"github.com/hashicorp/go-azure-sdk/resource-manager/kubernetesconfiguration/2022-11-01/fluxconfiguration"
+	"github.com/hashicorp/go-azure-sdk/resource-manager/kubernetesconfiguration/2023-05-01/fluxconfiguration"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/common"
 )
 

internal/services/containers/client/client.go

@@ -18,7 +18,7 @@ import (
 	"github.com/hashicorp/go-azure-sdk/resource-manager/containerservice/2024-05-01/managedclusters"
 	"github.com/hashicorp/go-azure-sdk/resource-manager/containerservice/2024-05-01/snapshots"
 	"github.com/hashicorp/go-azure-sdk/resource-manager/kubernetesconfiguration/2022-11-01/extensions"
-	"github.com/hashicorp/go-azure-sdk/resource-manager/kubernetesconfiguration/2022-11-01/fluxconfiguration"
+	"github.com/hashicorp/go-azure-sdk/resource-manager/kubernetesconfiguration/2023-05-01/fluxconfiguration"
 	"github.com/hashicorp/go-azure-sdk/sdk/client/resourcemanager"
 	"github.com/hashicorp/go-azure-sdk/sdk/environments"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/common"

internal/services/containers/kubernetes_flux_configuration_resource.go

@@ -12,7 +12,7 @@ import (
 	"github.com/hashicorp/go-azure-helpers/lang/pointer"
 	"github.com/hashicorp/go-azure-helpers/lang/response"
 	"github.com/hashicorp/go-azure-helpers/resourcemanager/commonids"
-	"github.com/hashicorp/go-azure-sdk/resource-manager/kubernetesconfiguration/2022-11-01/fluxconfiguration"
+	"github.com/hashicorp/go-azure-sdk/resource-manager/kubernetesconfiguration/2023-05-01/fluxconfiguration"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/sdk"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/services/containers/validate"
 	storageValidate "github.com/hashicorp/terraform-provider-azurerm/internal/services/storage/validate"
@@ -30,6 +30,11 @@ const (
 	FluxGitSemverRange  string = "semver"
 )
 
+const (
+	SubstituteFromKindConfigMap string = "ConfigMap"
+	SubstituteFromKindSecret    string = "Secret"
+)
+
 type KubernetesFluxConfigurationModel struct {
 	Name                            string                         `tfschema:"name"`
 	ClusterID                       string                         `tfschema:"cluster_id"`
@@ -88,14 +93,27 @@ type GitRepositoryDefinitionModel struct {
 }
 
 type KustomizationDefinitionModel struct {
-	Name                   string   `tfschema:"name"`
-	Path                   string   `tfschema:"path"`
-	TimeoutInSeconds       int64    `tfschema:"timeout_in_seconds"`
-	SyncIntervalInSeconds  int64    `tfschema:"sync_interval_in_seconds"`
-	RetryIntervalInSeconds int64    `tfschema:"retry_interval_in_seconds"`
-	Force                  bool     `tfschema:"recreating_enabled"`
-	Prune                  bool     `tfschema:"garbage_collection_enabled"`
-	DependsOn              []string `tfschema:"depends_on"`
+	Name                   string                     `tfschema:"name"`
+	Path                   string                     `tfschema:"path"`
+	TimeoutInSeconds       int64                      `tfschema:"timeout_in_seconds"`
+	SyncIntervalInSeconds  int64                      `tfschema:"sync_interval_in_seconds"`
+	RetryIntervalInSeconds int64                      `tfschema:"retry_interval_in_seconds"`
+	Force                  bool                       `tfschema:"recreating_enabled"`
+	Prune                  bool                       `tfschema:"garbage_collection_enabled"`
+	DependsOn              []string                   `tfschema:"depends_on"`
+	PostBuild              []PostBuildDefinitionModel `tfschema:"post_build"`
+	Wait                   bool                       `tfschema:"wait"`
+}
+
+type PostBuildDefinitionModel struct {
+	Substitute     map[string]string               `tfschema:"substitute"`
+	SubstituteFrom []SubstituteFromDefinitionModel `tfschema:"substitute_from"`
+}
+
+type SubstituteFromDefinitionModel struct {
+	Kind     string `tfschema:"kind"`
+	Name     string `tfschema:"name"`
+	Optional bool   `tfschema:"optional"`
 }
 
 type ManagedIdentityDefinitionModel struct {
@@ -218,6 +236,55 @@ func (r KubernetesFluxConfigurationResource) Arguments() map[string]*pluginsdk.S
 							Type: pluginsdk.TypeString,
 						},
 					},
+
+					"post_build": {
+						Type:     pluginsdk.TypeList,
+						Optional: true,
+						MaxItems: 1,
+						Elem: &pluginsdk.Resource{
+							Schema: map[string]*pluginsdk.Schema{
+								"substitute": {
+									Type:     pluginsdk.TypeMap,
+									Optional: true,
+									Elem: &pluginsdk.Schema{
+										Type:         pluginsdk.TypeString,
+										ValidateFunc: validation.StringIsNotEmpty,
+									},
+								},
+								"substitute_from": {
+									Type:     pluginsdk.TypeList,
+									Optional: true,
+									Elem: &pluginsdk.Resource{
+										Schema: map[string]*pluginsdk.Schema{
+											"kind": {
+												Type:     pluginsdk.TypeString,
+												Required: true,
+												ValidateFunc: validation.StringInSlice([]string{
+													SubstituteFromKindConfigMap,
+													SubstituteFromKindSecret,
+												}, false),
+											},
+											"name": {
+												Type:         pluginsdk.TypeString,
+												Required:     true,
+												ValidateFunc: validation.StringIsNotEmpty,
+											},
+											"optional": {
+												Type:     pluginsdk.TypeBool,
+												Optional: true,
+												Default:  false,
+											},
+										},
+									},
+								},
+							},
+						},
+					},
+					"wait": {
+						Type:     pluginsdk.TypeBool,
+						Optional: true,
+						Default:  true,
+					},
 				},
 			},
 		},
@@ -841,10 +908,12 @@ func expandKustomizationDefinitionModel(inputList []KustomizationDefinitionModel
 			DependsOn:              &input.DependsOn,
 			Force:                  &input.Force,
 			Name:                   &input.Name,
+			PostBuild:              expandPostBuildDefinitionModel(input.PostBuild),
 			Prune:                  &input.Prune,
 			RetryIntervalInSeconds: &input.RetryIntervalInSeconds,
 			SyncIntervalInSeconds:  &input.SyncIntervalInSeconds,
 			TimeoutInSeconds:       &input.TimeoutInSeconds,
+			Wait:                   &input.Wait,
 		}
 
 		if input.Path != "" {
@@ -857,6 +926,45 @@ func expandKustomizationDefinitionModel(inputList []KustomizationDefinitionModel
 	return &outputList
 }
 
+func expandPostBuildDefinitionModel(inputList []PostBuildDefinitionModel) *fluxconfiguration.PostBuildDefinition {
+	if len(inputList) == 0 {
+		return nil
+	}
+
+	input := inputList[0]
+
+	output := fluxconfiguration.PostBuildDefinition{}
+
+	if len(input.Substitute) > 0 {
+		output.Substitute = &input.Substitute
+	}
+
+	if len(input.SubstituteFrom) > 0 {
+		output.SubstituteFrom = expandSubstituteFromDefinitionModel(input.SubstituteFrom)
+	}
+
+	return &output
+}
+
+func expandSubstituteFromDefinitionModel(inputList []SubstituteFromDefinitionModel) *[]fluxconfiguration.SubstituteFromDefinition {
+	if len(inputList) == 0 {
+		return nil
+	}
+
+	input := inputList
+	output := make([]fluxconfiguration.SubstituteFromDefinition, 0)
+
+	for _, v := range input {
+		output = append(output, fluxconfiguration.SubstituteFromDefinition{
+			Kind:     &v.Kind,
+			Name:     &v.Name,
+			Optional: &v.Optional,
+		})
+	}
+
+	return &output
+}
+
 func expandServicePrincipalDefinitionModel(inputList []ServicePrincipalDefinitionModel) *fluxconfiguration.ServicePrincipalDefinition {
 	if len(inputList) == 0 {
 		return nil
@@ -1057,10 +1165,46 @@ func flattenKustomizationDefinitionModel(inputList *map[string]fluxconfiguration
 			Force:                  pointer.From(input.Force),
 			Name:                   pointer.From(input.Name),
 			Path:                   pointer.From(input.Path),
+			PostBuild:              flattenPostBuildDefinitionModel(input.PostBuild),
 			Prune:                  pointer.From(input.Prune),
 			RetryIntervalInSeconds: pointer.From(input.RetryIntervalInSeconds),
 			SyncIntervalInSeconds:  pointer.From(input.SyncIntervalInSeconds),
 			TimeoutInSeconds:       pointer.From(input.TimeoutInSeconds),
+			Wait:                   pointer.From(input.Wait),
+		}
+
+		outputList = append(outputList, output)
+	}
+
+	return outputList
+}
+
+func flattenPostBuildDefinitionModel(input *fluxconfiguration.PostBuildDefinition) []PostBuildDefinitionModel {
+	outputList := make([]PostBuildDefinitionModel, 0)
+
+	if input == nil {
+		return outputList
+	}
+
+	output := PostBuildDefinitionModel{
+		Substitute:     pointer.From(input.Substitute),
+		SubstituteFrom: flattenSubstituteFromDefinitionModel(input.SubstituteFrom),
+	}
+
+	return append(outputList, output)
+}
+
+func flattenSubstituteFromDefinitionModel(input *[]fluxconfiguration.SubstituteFromDefinition) []SubstituteFromDefinitionModel {
+	outputList := make([]SubstituteFromDefinitionModel, 0)
+	if input == nil {
+		return outputList
+	}
+
+	for _, v := range *input {
+		output := SubstituteFromDefinitionModel{
+			Kind:     pointer.From(v.Kind),
+			Name:     pointer.From(v.Name),
+			Optional: pointer.From(v.Optional),
 		}
 
 		outputList = append(outputList, output)