Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_postgresql_flexible_server add suport for customer_managed_key #20086

Merged
merged 3 commits into from
Jan 24, 2023

Conversation

bwilczynski
Copy link
Contributor

@bwilczynski bwilczynski commented Jan 18, 2023

Implements Customer Managed Key for PostgreSQL Flexible Server, fixes #19215

Usage:

resource "azurerm_postgresql_flexible_server" "test" {
  ...
  
  identity {
    type         = "UserAssigned"
    identity_ids = [azurerm_user_assigned_identity.test.id]
  }
  
  customer_managed_key {
    key_vault_key_id                    = azurerm_key_vault_key.test.id
    primary_user_assigned_identity_id   = azurerm_user_assigned_identity.test.id
  }
}

@bwilczynski bwilczynski changed the title WiP: azurerm_postgresql_flexible_server add suport for customer_managed_key azurerm_postgresql_flexible_server add suport for customer_managed_key Jan 18, 2023
@bwilczynski
Copy link
Contributor Author

❯ make acctests SERVICE='postgres' TESTARGS='-run=TestAccPostgresqlFlexibleServer_createWithCustomerManagedKey' TESTTIMEOUT='60m'
==> Checking that code complies with gofmt requirements...
==> Checking that Custom Timeouts are used...
==> Checking that acceptance test packages are used...
TF_ACC=1 go test -v ./internal/services/postgres -run=TestAccPostgresqlFlexibleServer_createWithCustomerManagedKey -timeout 60m -ldflags="-X=github.com/hashicorp/terraform-provider-azurerm/version.ProviderVersion=acc"
=== RUN   TestAccPostgresqlFlexibleServer_createWithCustomerManagedKey
=== PAUSE TestAccPostgresqlFlexibleServer_createWithCustomerManagedKey
=== CONT  TestAccPostgresqlFlexibleServer_createWithCustomerManagedKey
--- PASS: TestAccPostgresqlFlexibleServer_createWithCustomerManagedKey (863.62s)
PASS
ok      github.com/hashicorp/terraform-provider-azurerm/internal/services/postgres      864.896s

@bwilczynski bwilczynski marked this pull request as ready for review January 18, 2023 17:38
Copy link
Collaborator

@katbyte katbyte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @bwilczynski ! LGTM 🔐

Copy link
Collaborator

@katbyte katbyte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checking the test it looks like this is causing a number of failures:

------- Stdout: -------
=== RUN   TestAccPostgresqlFlexibleServerDatabase_withoutCharsetAndCollation
=== PAUSE TestAccPostgresqlFlexibleServerDatabase_withoutCharsetAndCollation
=== CONT  TestAccPostgresqlFlexibleServerDatabase_withoutCharsetAndCollation
    testcase.go:110: Step 1/2 error: After applying this test step, the plan was not empty.
        stdout:
        
        
        Terraform used the selected providers to generate the following execution
        plan. Resource actions are indicated with the following symbols:
        -/+ destroy and then create replacement
        
        Terraform will perform the following actions:
        
          # azurerm_postgresql_flexible_server.test must be replaced
        -/+ resource "azurerm_postgresql_flexible_server" "test" {
              ~ backup_retention_days         = 7 -> (known after apply)
              ~ fqdn                          = "acctest-fs-230119173658098114.postgres.database.azure.com" -> (known after apply)
              ~ id                            = "/subscriptions/*******/resourceGroups/acctestRG-postgresql-230119173658098114/providers/Microsoft.DBforPostgreSQL/flexibleServers/acctest-fs-230119173658098114" -> (known after apply)
                name                          = "acctest-fs-230119173658098114"
              + private_dns_zone_id           = (known after apply)
              ~ public_network_access_enabled = true -> (known after apply)
                # (9 unchanged attributes hidden)
        
              ~ authentication {
                  ~ active_directory_auth_enabled = false -> (known after apply)
                  ~ password_auth_enabled         = true -> (known after apply)
                  + tenant_id                     = (known after apply)
                }
        
              - customer_managed_key { # forces replacement}
            }
        
          # azurerm_postgresql_flexible_server_database.test must be replaced
        -/+ resource "azurerm_postgresql_flexible_server_database" "test" {
              ~ id        = "/subscriptions/*******/resourceGroups/acctestRG-postgresql-230119173658098114/providers/Microsoft.DBforPostgreSQL/flexibleServers/acctest-fs-230119173658098114/databases/acctest-fsd-230119173658098114" -> (known after apply)
                name      = "acctest-fsd-230119173658098114"
              ~ server_id = "/subscriptions/*******/resourceGroups/acctestRG-postgresql-230119173658098114/providers/Microsoft.DBforPostgreSQL/flexibleServers/acctest-fs-230119173658098114" -> (known after apply) # forces replacement
                # (2 unchanged attributes hidden)
            }
        
        Plan: 2 to add, 0 to change, 2 to destroy.
--- FAIL: TestAccPostgresqlFlexibleServerDatabase_withoutCharsetAndCollation (474.94s)
FAIL

once these are fixed up this will be good to merge

@bwilczynski
Copy link
Contributor Author

bwilczynski commented Jan 20, 2023

It should be fine now @katbyte

TF_ACC=1 go test -v ./internal/services/postgres -run=TestAccPostgresqlFlexibleServer -timeout 60m -ldflags="-X=github.com/hashicorp/terraform-provider-azurerm/version.ProviderVersion=acc"
        
--- PASS: TestAccPostgresqlFlexibleServer_requiresImport (573.81s)
--- PASS: TestAccPostgresqlFlexibleServerDatabase_basic (645.54s)
--- PASS: TestAccPostgresqlFlexibleServerDatabase_withoutCharsetAndCollation (647.15s)
--- PASS: TestAccPostgresqlFlexibleServerDatabase_charsetLowercase (648.42s)
--- PASS: TestAccPostgresqlFlexibleServerDatabase_requiresImport (664.60s)
--- PASS: TestAccPostgresqlFlexibleServer_createWithCustomerManagedKey (892.19s)
--- PASS: TestAccPostgresqlFlexibleServer_geoRedundantBackupEnabled (677.05s)
--- PASS: TestAccPostgresqlFlexibleServer_basic (675.75s)
--- PASS: TestAccPostgresqlFlexibleServerFirewallRule_update (1012.16s)
--- PASS: TestAccPostgresqlFlexibleServer_updateMaintenanceWindow (1208.63s)
--- PASS: TestAccPostgresqlFlexibleServerFirewallRule_basic (742.85s)
--- PASS: TestAccPostgresqlFlexibleServerFirewallRule_requiresImport (820.64s)
--- PASS: TestAccPostgresqlFlexibleServer_pointInTimeRestore (2181.74s)
--- PASS: TestAccPostgresqlFlexibleServer_updateSku (1735.71s)
--- PASS: TestAccPostgresqlFlexibleServer_complete (1285.36s)
--- PASS: TestAccPostgresqlFlexibleServer_failover (2618.98s)

@bwilczynski
Copy link
Contributor Author

However there are some issues that I assume are due to my local / permission setup and need to be rerun:

--- FAIL: TestAccPostgresqlFlexibleServerAdministrator_requiresImport (200.71s)
--- FAIL: TestAccPostgresqlFlexibleServerAdministrator_disappears (254.17s)
--- FAIL: TestAccPostgresqlFlexibleServerAdministrator_basic (258.88s)
--- FAIL: TestAccPostgresqlFlexibleServer_authConfig (239.37s)

Code="AadAuthEnableFailedDueToMissingGraphApiAccessPrincipal" Message="Expected Microsoft Graph API client application with ClientId = xxx is not found in the TenantId = xxx, or does not have required permissions."

@bwilczynski
Copy link
Contributor Author

An unrelated commit was added to this PR to make it pass the tests. It looks like the code on the main is broken.

@evenh
Copy link
Contributor

evenh commented Jan 23, 2023

Looking forward to this functionality 🙌🏻

Copy link
Collaborator

@katbyte katbyte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @bwilczynski ! looks good now 🍄

@katbyte katbyte merged commit 5bbe761 into hashicorp:main Jan 24, 2023
katbyte added a commit that referenced this pull request Jan 24, 2023
@github-actions github-actions bot added this to the v3.41.0 milestone Jan 24, 2023
@bwilczynski bwilczynski deleted the postgres-cmk branch January 24, 2023 21:06
@github-actions
Copy link

This functionality has been released in v3.41.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 27, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support for CMK in azurerm_postgresql_flexible_server resource
3 participants