New Resource: `azurerm_recovery_services_vault_resource_guard_associa…

…tion ` (#21712)

internal/services/recoveryservices/client/client.go

@@ -10,6 +10,7 @@ import (
 	"github.com/hashicorp/go-azure-sdk/resource-manager/recoveryservicesbackup/2023-02-01/protecteditems"
 	"github.com/hashicorp/go-azure-sdk/resource-manager/recoveryservicesbackup/2023-02-01/protectioncontainers"
 	"github.com/hashicorp/go-azure-sdk/resource-manager/recoveryservicesbackup/2023-02-01/protectionpolicies"
+	"github.com/hashicorp/go-azure-sdk/resource-manager/recoveryservicesbackup/2023-02-01/resourceguardproxy"
 	"github.com/hashicorp/go-azure-sdk/resource-manager/recoveryservicessiterecovery/2022-10-01/replicationfabrics"
 	"github.com/hashicorp/go-azure-sdk/resource-manager/recoveryservicessiterecovery/2022-10-01/replicationnetworkmappings"
 	"github.com/hashicorp/go-azure-sdk/resource-manager/recoveryservicessiterecovery/2022-10-01/replicationnetworks"
@@ -47,6 +48,7 @@ type Client struct {
 	ReplicationProtectedItemsClient           *replicationprotecteditems.ReplicationProtectedItemsClient
 	ReplicationRecoveryPlansClient            *replicationrecoveryplans.ReplicationRecoveryPlansClient
 	ReplicationNetworksClient                 *replicationnetworks.ReplicationNetworksClient
+	ResourceGuardProxyClient                  *resourceguardproxy.ResourceGuardProxyClient
 }
 
 func NewClient(o *common.ClientOptions) *Client {
@@ -113,6 +115,9 @@ func NewClient(o *common.ClientOptions) *Client {
 	replicationNetworksClient := replicationnetworks.NewReplicationNetworksClientWithBaseURI(o.ResourceManagerEndpoint)
 	o.ConfigureClient(&replicationNetworksClient.Client, o.ResourceManagerAuthorizer)
 
+	resourceGuardProxyClient := resourceguardproxy.NewResourceGuardProxyClientWithBaseURI(o.ResourceManagerEndpoint)
+	o.ConfigureClient(&resourceGuardProxyClient.Client, o.ResourceManagerAuthorizer)
+
 	return &Client{
 		ProtectableItemsClient:                    &protectableItemsClient,
 		ProtectedItemsClient:                      &protectedItemsClient,
@@ -135,5 +140,6 @@ func NewClient(o *common.ClientOptions) *Client {
 		ReplicationProtectedItemsClient:           &replicationMigrationItemsClient,
 		ReplicationRecoveryPlansClient:            &replicationRecoveryPlanClient,
 		ReplicationNetworksClient:                 &replicationNetworksClient,
+		ResourceGuardProxyClient:                  &resourceGuardProxyClient,
 	}
 }

internal/services/recoveryservices/recovery_services_vault_resource_guard_association_resource.go

@@ -0,0 +1,181 @@
+package recoveryservices
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/hashicorp/go-azure-helpers/lang/pointer"
+	"github.com/hashicorp/go-azure-helpers/lang/response"
+	"github.com/hashicorp/go-azure-helpers/resourcemanager/commonschema"
+	"github.com/hashicorp/go-azure-sdk/resource-manager/dataprotection/2022-04-01/resourceguards"
+	"github.com/hashicorp/go-azure-sdk/resource-manager/recoveryservices/2022-10-01/vaults"
+	"github.com/hashicorp/go-azure-sdk/resource-manager/recoveryservicesbackup/2023-02-01/resourceguardproxy"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-provider-azurerm/helpers/tf"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/sdk"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation"
+)
+
+const VaultGuardResourceType = "Microsoft.RecoveryServices/vaults/backupResourceGuardProxies"
+const VaultGuardProxyDeleteRequestName = "default" // this name does not matter, this value comes from Portal.
+
+type VaultGuardProxyResource struct{}
+
+var _ sdk.Resource = VaultGuardProxyResource{}
+
+type VaultGuardProxyModel struct {
+	Name            string `tfschema:"name"`
+	VaultId         string `tfschema:"vault_id"`
+	ResourceGuardId string `tfschema:"resource_guard_id"`
+}
+
+func (r VaultGuardProxyResource) IDValidationFunc() pluginsdk.SchemaValidateFunc {
+	return resourceguardproxy.ValidateBackupResourceGuardProxyID
+}
+
+func (r VaultGuardProxyResource) ModelObject() interface{} {
+	return &VaultGuardProxyModel{}
+}
+
+func (r VaultGuardProxyResource) ResourceType() string {
+	return "azurerm_recovery_services_vault_resource_guard_association"
+}
+
+func (r VaultGuardProxyResource) Arguments() map[string]*schema.Schema {
+	return map[string]*schema.Schema{
+		"name": {
+			Type:         pluginsdk.TypeString,
+			Required:     true,
+			ForceNew:     true,
+			ValidateFunc: validation.StringIsNotEmpty,
+		},
+
+		"vault_id": commonschema.ResourceIDReferenceRequiredForceNew(vaults.VaultId{}),
+
+		"resource_guard_id": commonschema.ResourceIDReferenceRequiredForceNew(resourceguards.ResourceGuardId{}),
+	}
+}
+
+func (r VaultGuardProxyResource) Attributes() map[string]*schema.Schema {
+	return map[string]*schema.Schema{}
+}
+func (r VaultGuardProxyResource) Create() sdk.ResourceFunc {
+	return sdk.ResourceFunc{
+		Timeout: 30 * time.Minute,
+		Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error {
+			var plan VaultGuardProxyModel
+			if err := metadata.Decode(&plan); err != nil {
+				return fmt.Errorf("decoding %w", err)
+			}
+			client := metadata.Client.RecoveryServices.ResourceGuardProxyClient
+
+			vaultId, err := vaults.ParseVaultID(plan.VaultId)
+			if err != nil {
+				return fmt.Errorf("parsing vault id %w", err)
+			}
+
+			id := resourceguardproxy.NewBackupResourceGuardProxyID(vaultId.SubscriptionId, vaultId.ResourceGroupName, vaultId.VaultName, plan.Name)
+
+			existing, err := client.Get(ctx, id)
+			if err != nil {
+				if !response.WasNotFound(existing.HttpResponse) {
+					return fmt.Errorf("checking presence of %s:%+v", id, err)
+				}
+			}
+
+			if !response.WasNotFound(existing.HttpResponse) {
+				return tf.ImportAsExistsError("azurerm_recovery_services_vault_resource_guard_association", id.ID())
+			}
+
+			proxy := resourceguardproxy.ResourceGuardProxyBaseResource{
+				Id:   pointer.To(id.ID()),
+				Type: pointer.To(VaultGuardResourceType),
+				Properties: pointer.To(resourceguardproxy.ResourceGuardProxyBase{
+					ResourceGuardResourceId: pointer.To(plan.ResourceGuardId),
+				}),
+			}
+
+			if _, err = client.Put(ctx, id, proxy); err != nil {
+				return fmt.Errorf("creating %s:%w", id, err)
+			}
+
+			metadata.SetID(id)
+			return nil
+		},
+	}
+}
+
+func (r VaultGuardProxyResource) Read() sdk.ResourceFunc {
+	return sdk.ResourceFunc{
+		Timeout: 5 * time.Minute,
+		Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error {
+			client := metadata.Client.RecoveryServices.ResourceGuardProxyClient
+
+			id, err := resourceguardproxy.ParseBackupResourceGuardProxyID(metadata.ResourceData.Id())
+			if err != nil {
+				return fmt.Errorf("parsing %q:%+v", metadata.ResourceData.Id(), err)
+			}
+
+			resp, err := client.Get(ctx, *id)
+			if err != nil {
+				if response.WasNotFound(resp.HttpResponse) {
+					return metadata.MarkAsGone(id)
+				}
+				return fmt.Errorf("creating %s:%+v", id, err)
+			}
+
+			vaultId := vaults.NewVaultID(id.SubscriptionId, id.ResourceGroupName, id.VaultName)
+			state := VaultGuardProxyModel{
+				VaultId: vaultId.ID(),
+				Name:    id.BackupResourceGuardProxyName,
+			}
+
+			if resp.Model != nil && resp.Model.Properties != nil {
+				state.ResourceGuardId = pointer.From(resp.Model.Properties.ResourceGuardResourceId)
+			}
+
+			return metadata.Encode(&state)
+		},
+	}
+}
+
+func (r VaultGuardProxyResource) Delete() sdk.ResourceFunc {
+	return sdk.ResourceFunc{
+		Timeout: 30 * time.Minute,
+		Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error {
+			var plan VaultGuardProxyModel
+			if err := metadata.Decode(&plan); err != nil {
+				return fmt.Errorf("decoding %w", err)
+			}
+			client := metadata.Client.RecoveryServices.ResourceGuardProxyClient
+
+			id, err := resourceguardproxy.ParseBackupResourceGuardProxyID(metadata.ResourceData.Id())
+			if err != nil {
+				return fmt.Errorf("parsing %q:%+v", metadata.ResourceData.Id(), err)
+			}
+
+			guardId, err := resourceguards.ParseResourceGuardID(plan.ResourceGuardId)
+			if err != nil {
+				return fmt.Errorf("parsing %q:%+v", plan.ResourceGuardId, err)
+			}
+
+			requestId := resourceguards.NewDeleteResourceGuardProxyRequestID(guardId.SubscriptionId, guardId.ResourceGroupName, guardId.ResourceGuardName, VaultGuardProxyDeleteRequestName)
+
+			unlock := resourceguardproxy.UnlockDeleteRequest{
+				ResourceGuardOperationRequests: pointer.To([]string{requestId.ID()}),
+			}
+
+			if _, err = client.UnlockDelete(ctx, *id, unlock); err != nil {
+				return fmt.Errorf("unlocking delete %s:%+v", id, err)
+			}
+
+			if _, err = client.Delete(ctx, *id); err != nil {
+				return fmt.Errorf("deleting %s:%+v", id, err)
+			}
+
+			return nil
+		},
+	}
+}

internal/services/recoveryservices/recovery_services_vault_resource_guard_association_resource_test.go

@@ -0,0 +1,79 @@
+package recoveryservices_test
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/go-azure-sdk/resource-manager/recoveryservicesbackup/2023-02-01/resourceguardproxy"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
+	"github.com/hashicorp/terraform-provider-azurerm/utils"
+)
+
+type VaultResourceGuardAssociationResource struct{}
+
+func TestAccSiteRecoveryVaultResourceGuardAssociation_basic(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_recovery_services_vault_resource_guard_association", "test")
+	r := VaultResourceGuardAssociationResource{}
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.basic(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
+func (VaultResourceGuardAssociationResource) basic(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-recovery-%[1]d"
+  location = "%s"
+}
+
+resource "azurerm_recovery_services_vault" "test" {
+  name                = "acctest-vault-%[1]d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+  sku                 = "Standard"
+
+  soft_delete_enabled = false
+}
+
+resource "azurerm_data_protection_resource_guard" "test" {
+  name                = "acctest-dprg-%[1]d"
+  resource_group_name = azurerm_resource_group.test.name
+  location            = azurerm_resource_group.test.location
+}
+
+resource "azurerm_recovery_services_vault_resource_guard_association" "test" {
+  name              = "tftest"
+  vault_id          = azurerm_recovery_services_vault.test.id
+  resource_guard_id = azurerm_data_protection_resource_guard.test.id
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger)
+}
+
+func (t VaultResourceGuardAssociationResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
+	id, err := resourceguardproxy.ParseBackupResourceGuardProxyID(state.ID)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := clients.RecoveryServices.ResourceGuardProxyClient.Get(ctx, *id)
+	if err != nil {
+		return nil, fmt.Errorf("reading %s: %+v", id.String(), err)
+	}
+
+	return utils.Bool(resp.Model != nil), nil
+}

internal/services/recoveryservices/registration.go

@@ -32,6 +32,7 @@ func (r Registration) Resources() []sdk.Resource {
 		HyperVNetworkMappingResource{},
 		VMWareReplicationPolicyResource{},
 		VMWareReplicationPolicyAssociationResource{},
+		VaultGuardProxyResource{},
 	}
 }