feat: role management policy resource

hashicorp · Feb 16, 2023 · 4c1762d · 4c1762d
1 parent e128e98
commit 4c1762d
Show file tree

Hide file tree

Showing 26 changed files with 3,497 additions and 4 deletions.
diff --git a/internal/provider/services.go b/internal/provider/services.go
@@ -125,6 +125,7 @@ func SupportedTypedServices() []sdk.TypedServiceRegistration {
 		appconfiguration.Registration{},
 		applicationinsights.Registration{},
 		appservice.Registration{},
+		authorization.Registration{},
 		automation.Registration{},
 		batch.Registration{},
 		bot.Registration{},

diff --git a/internal/services/authorization/client/client.go b/internal/services/authorization/client/client.go
@@ -2,12 +2,14 @@ package client
 
 import (
 	"github.com/Azure/azure-sdk-for-go/services/preview/authorization/mgmt/2020-04-01-preview/authorization" // nolint: staticcheck // nolint: staticcheck
+	"github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2020-10-01/rolemanagementpolicies"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/common"
 )
 
 type Client struct {
-	RoleAssignmentsClient *authorization.RoleAssignmentsClient
-	RoleDefinitionsClient *authorization.RoleDefinitionsClient
+	RoleAssignmentsClient        *authorization.RoleAssignmentsClient
+	RoleDefinitionsClient        *authorization.RoleDefinitionsClient
+	RoleManagementPoliciesClient *rolemanagementpolicies.RoleManagementPoliciesClient
 }
 
 func NewClient(o *common.ClientOptions) *Client {
@@ -17,8 +19,12 @@ func NewClient(o *common.ClientOptions) *Client {
 	roleDefinitionsClient := authorization.NewRoleDefinitionsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
 	o.ConfigureClient(&roleDefinitionsClient.Client, o.ResourceManagerAuthorizer)
 
+	roleManagementPoliciesClient := rolemanagementpolicies.NewRoleManagementPoliciesClientWithBaseURI(o.ResourceManagerEndpoint)
+	o.ConfigureClient(&roleManagementPoliciesClient.Client, o.ResourceManagerAuthorizer)
+
 	return &Client{
-		RoleAssignmentsClient: &roleAssignmentsClient,
-		RoleDefinitionsClient: &roleDefinitionsClient,
+		RoleAssignmentsClient:        &roleAssignmentsClient,
+		RoleDefinitionsClient:        &roleDefinitionsClient,
+		RoleManagementPoliciesClient: &roleManagementPoliciesClient,
 	}
 }
diff --git a/internal/services/authorization/parse/role_management_policy.go b/internal/services/authorization/parse/role_management_policy.go
@@ -0,0 +1,66 @@
+package parse
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2020-10-01/rolemanagementpolicies"
+)
+
+type RoleManagementPolicyID struct {
+	Scope                    string
+	RoleManagementPolicyName string
+	RoleDefinitionId         string
+}
+
+func NewRoleManagementPolicyID(scope string, roleManagementPolicyName string, roleDefinitionId string) RoleManagementPolicyID {
+	return RoleManagementPolicyID{
+		Scope:                    scope,
+		RoleManagementPolicyName: roleManagementPolicyName,
+		RoleDefinitionId:         roleDefinitionId,
+	}
+}
+
+func (id RoleManagementPolicyID) ID() string {
+	fmtString := "%s/providers/Microsoft.Authorization/roleManagementPolicies/%s|%s"
+	return fmt.Sprintf(fmtString, id.Scope, id.RoleManagementPolicyName, id.RoleDefinitionId)
+}
+
+func (id RoleManagementPolicyID) ScopedRoleManagementPolicyId() rolemanagementpolicies.ScopedRoleManagementPolicyId {
+	return rolemanagementpolicies.NewScopedRoleManagementPolicyID(id.Scope, id.RoleManagementPolicyName)
+}
+
+func (id RoleManagementPolicyID) String() string {
+	segments := []string{
+		fmt.Sprintf("RoleManagementPolicyName %q", id.RoleManagementPolicyName),
+		fmt.Sprintf("Scope %q", id.Scope),
+		fmt.Sprintf("Role Definition Id %q", id.RoleDefinitionId),
+	}
+	segmentsStr := strings.Join(segments, " / ")
+	return fmt.Sprintf("%s: (%s)", "Role Management Policy", segmentsStr)
+}
+
+// RoleManagementPolicyId is a pseudo ID for storing Scope parameter as this it not retrievable from API
+// It is formed of the Azure Resource ID for the Role and the Scope it is created against
+func RoleManagementPolicyId(input string) (*RoleManagementPolicyID, error) {
+	parts := strings.Split(input, "|")
+	if len(parts) != 2 {
+		return nil, fmt.Errorf("could not parse Role Management Policy ID, invalid format %q", input)
+	}
+
+	roleManagementPolicyID := RoleManagementPolicyID{}
+
+	rawRoleManagementPolicyId := parts[0]
+	rawRoleDefinitionId := parts[1]
+
+	roleManagementPolicyId, err := rolemanagementpolicies.ParseScopedRoleManagementPolicyID(rawRoleManagementPolicyId)
+	if err != nil {
+		return nil, err
+	}
+	roleManagementPolicyID.Scope = *&roleManagementPolicyId.Scope
+	roleManagementPolicyID.RoleManagementPolicyName = *&roleManagementPolicyId.RoleManagementPolicyName
+
+	roleManagementPolicyID.RoleDefinitionId = rawRoleDefinitionId
+
+	return &roleManagementPolicyID, nil
+}
diff --git a/internal/services/authorization/registration.go b/internal/services/authorization/registration.go
@@ -8,6 +8,7 @@ import (
 type Registration struct{}
 
 var _ sdk.UntypedServiceRegistrationWithAGitHubLabel = Registration{}
+var _ sdk.TypedServiceRegistrationWithAGitHubLabel = Registration{}
 
 func (r Registration) AssociatedGitHubLabel() string {
 	return "service/authorization"
@@ -40,3 +41,14 @@ func (r Registration) SupportedResources() map[string]*pluginsdk.Resource {
 		"azurerm_role_definition": resourceArmRoleDefinition(),
 	}
 }
+
+func (r Registration) DataSources() []sdk.DataSource {
+	return []sdk.DataSource{}
+}
+
+func (r Registration) Resources() []sdk.Resource {
+	resources := []sdk.Resource{
+		RoleManagementPolicyResource{},
+	}
+	return resources
+}