From a0ab2c5415fc6402c0735b2a20143b934dff160e Mon Sep 17 00:00:00 2001 From: Alexander Guth Date: Tue, 13 Dec 2022 12:47:43 +0100 Subject: [PATCH 1/7] add msi example --- .../{ => basic-usage}/README.md | 2 +- .../{ => basic-usage}/main.tf | 2 +- .../{ => basic-usage}/variables.tf | 0 examples/stream-analytics/msi-auth/README.md | 3 + examples/stream-analytics/msi-auth/main.tf | 73 +++++++++++++++++++ .../stream-analytics/msi-auth/variables.tf | 7 ++ 6 files changed, 85 insertions(+), 2 deletions(-) rename examples/stream-analytics/{ => basic-usage}/README.md (74%) rename examples/stream-analytics/{ => basic-usage}/main.tf (97%) rename examples/stream-analytics/{ => basic-usage}/variables.tf (100%) create mode 100644 examples/stream-analytics/msi-auth/README.md create mode 100644 examples/stream-analytics/msi-auth/main.tf create mode 100644 examples/stream-analytics/msi-auth/variables.tf diff --git a/examples/stream-analytics/README.md b/examples/stream-analytics/basic-usage/README.md similarity index 74% rename from examples/stream-analytics/README.md rename to examples/stream-analytics/basic-usage/README.md index 3aacc49f06f5..a22637d79700 100644 --- a/examples/stream-analytics/README.md +++ b/examples/stream-analytics/basic-usage/README.md @@ -1,3 +1,3 @@ -## Example: Azure Stream Analytics +# Azure Stream Analytics: Basic usage This example provisions an Azure Storage Account and a Stream Analytics job, that uses it as a reference input. diff --git a/examples/stream-analytics/main.tf b/examples/stream-analytics/basic-usage/main.tf similarity index 97% rename from examples/stream-analytics/main.tf rename to examples/stream-analytics/basic-usage/main.tf index 2804f582a6f5..2f7d672ca740 100644 --- a/examples/stream-analytics/main.tf +++ b/examples/stream-analytics/basic-usage/main.tf @@ -8,7 +8,7 @@ resource "azurerm_resource_group" "example" { } resource "azurerm_storage_account" "example" { - name = "${var.prefix}-examplestoracc" + name = "${var.prefix}examplestoracc" resource_group_name = "${azurerm_resource_group.example.name}" location = "${azurerm_resource_group.example.location}" account_tier = "Standard" diff --git a/examples/stream-analytics/variables.tf b/examples/stream-analytics/basic-usage/variables.tf similarity index 100% rename from examples/stream-analytics/variables.tf rename to examples/stream-analytics/basic-usage/variables.tf diff --git a/examples/stream-analytics/msi-auth/README.md b/examples/stream-analytics/msi-auth/README.md new file mode 100644 index 000000000000..0c3968d1f51e --- /dev/null +++ b/examples/stream-analytics/msi-auth/README.md @@ -0,0 +1,3 @@ +# Azure Stream Analytics: MSI authentication + +This example provisions an example that uses MSI authentication for the Stream Analytics inputs and outputs. diff --git a/examples/stream-analytics/msi-auth/main.tf b/examples/stream-analytics/msi-auth/main.tf new file mode 100644 index 000000000000..f702e27f4ae2 --- /dev/null +++ b/examples/stream-analytics/msi-auth/main.tf @@ -0,0 +1,73 @@ +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "example" { + name = "${var.prefix}-example-resources" + location = "${var.location}" +} + +resource "azurerm_storage_account" "example" { + name = "${var.prefix}examplestoracc" + resource_group_name = "${azurerm_resource_group.example.name}" + location = "${azurerm_resource_group.example.location}" + account_tier = "Standard" + account_replication_type = "LRS" +} + +resource "azurerm_role_assignment" "example" { + scope = azurerm_storage_account.example.id + role_definition_name = "Storage Blob Data Contributor" + principal_id = azurerm_stream_analytics_job.example.identity[0].principal_id +} + +resource "azurerm_storage_container" "example" { + name = "${var.prefix}example" + storage_account_name = "${azurerm_storage_account.example.name}" + container_access_type = "private" +} + +resource "azurerm_stream_analytics_job" "example" { + name = "${var.prefix}-example-job" + resource_group_name = "${azurerm_resource_group.example.name}" + location = "${azurerm_resource_group.example.location}" + compatibility_level = "1.1" + data_locale = "en-US" + events_late_arrival_max_delay_in_seconds = 60 + events_out_of_order_max_delay_in_seconds = 50 + events_out_of_order_policy = "Adjust" + output_error_policy = "Drop" + streaming_units = 3 + + identity { + type = "SystemAssigned" + } + + tags = { + environment = "Example" + } + + transformation_query = < Date: Tue, 13 Dec 2022 13:29:24 +0100 Subject: [PATCH 2/7] update readme --- examples/stream-analytics/msi-auth/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/examples/stream-analytics/msi-auth/README.md b/examples/stream-analytics/msi-auth/README.md index 0c3968d1f51e..511b49295ace 100644 --- a/examples/stream-analytics/msi-auth/README.md +++ b/examples/stream-analytics/msi-auth/README.md @@ -1,3 +1,7 @@ # Azure Stream Analytics: MSI authentication This example provisions an example that uses MSI authentication for the Stream Analytics inputs and outputs. + +## Inputs + +- `azurerm_stream_analytics_reference_input_blob` From ee423bfad8baf941c57206835bc73e6f07aa724a Mon Sep 17 00:00:00 2001 From: Alexander Guth Date: Wed, 14 Dec 2022 10:23:16 +0100 Subject: [PATCH 3/7] normalize account key --- examples/stream-analytics/msi-auth/README.md | 2 +- examples/stream-analytics/msi-auth/main.tf | 1 - ...m_analytics_reference_input_blob_resource.go | 14 +++++++++++--- ...lytics_reference_input_blob_resource_test.go | 17 +++++++++-------- 4 files changed, 21 insertions(+), 13 deletions(-) diff --git a/examples/stream-analytics/msi-auth/README.md b/examples/stream-analytics/msi-auth/README.md index 511b49295ace..fc573fdd2a87 100644 --- a/examples/stream-analytics/msi-auth/README.md +++ b/examples/stream-analytics/msi-auth/README.md @@ -1,6 +1,6 @@ # Azure Stream Analytics: MSI authentication -This example provisions an example that uses MSI authentication for the Stream Analytics inputs and outputs. +This example provisions an example that uses [MSI authentication](https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview) for the Stream Analytics inputs and outputs. ## Inputs diff --git a/examples/stream-analytics/msi-auth/main.tf b/examples/stream-analytics/msi-auth/main.tf index f702e27f4ae2..ce0f9b1908c7 100644 --- a/examples/stream-analytics/msi-auth/main.tf +++ b/examples/stream-analytics/msi-auth/main.tf @@ -59,7 +59,6 @@ resource "azurerm_stream_analytics_reference_input_blob" "test" { stream_analytics_job_name = "${azurerm_stream_analytics_job.example.name}" resource_group_name = "${azurerm_stream_analytics_job.example.resource_group_name}" storage_account_name = "${azurerm_storage_account.example.name}" - storage_account_key = "${azurerm_storage_account.example.primary_access_key}" storage_container_name = "${azurerm_storage_container.example.name}" authentication_mode = "Msi" path_pattern = "some-random-pattern" diff --git a/internal/services/streamanalytics/stream_analytics_reference_input_blob_resource.go b/internal/services/streamanalytics/stream_analytics_reference_input_blob_resource.go index 460289896d6c..4d3011fa2a41 100644 --- a/internal/services/streamanalytics/stream_analytics_reference_input_blob_resource.go +++ b/internal/services/streamanalytics/stream_analytics_reference_input_blob_resource.go @@ -72,7 +72,7 @@ func resourceStreamAnalyticsReferenceInputBlob() *pluginsdk.Resource { "storage_account_key": { Type: pluginsdk.TypeString, - Required: true, + Optional: true, Sensitive: true, ValidateFunc: validation.StringIsNotEmpty, }, @@ -149,7 +149,7 @@ func resourceStreamAnalyticsReferenceInputBlobCreate(d *pluginsdk.ResourceData, StorageAccounts: &[]inputs.StorageAccount{ { AccountName: utils.String(d.Get("storage_account_name").(string)), - AccountKey: utils.String(d.Get("storage_account_key").(string)), + AccountKey: normalizeAccountKey(d.Get("storage_account_key").(string)), }, }, AuthenticationMode: utils.ToPtr(inputs.AuthenticationMode(d.Get("authentication_mode").(string))), @@ -198,7 +198,7 @@ func resourceStreamAnalyticsReferenceInputBlobUpdate(d *pluginsdk.ResourceData, StorageAccounts: &[]inputs.StorageAccount{ { AccountName: utils.String(d.Get("storage_account_name").(string)), - AccountKey: utils.String(d.Get("storage_account_key").(string)), + AccountKey: normalizeAccountKey(d.Get("storage_account_key").(string)), }, }, AuthenticationMode: utils.ToPtr(inputs.AuthenticationMode(d.Get("authentication_mode").(string))), @@ -321,3 +321,11 @@ func resourceStreamAnalyticsReferenceInputBlobDelete(d *pluginsdk.ResourceData, return nil } + +func normalizeAccountKey(accountKey string) *string { + if accountKey != "" { + return utils.String(accountKey) + } + + return nil +} diff --git a/internal/services/streamanalytics/stream_analytics_reference_input_blob_resource_test.go b/internal/services/streamanalytics/stream_analytics_reference_input_blob_resource_test.go index 78cc2f490c5a..342cfa765e4d 100644 --- a/internal/services/streamanalytics/stream_analytics_reference_input_blob_resource_test.go +++ b/internal/services/streamanalytics/stream_analytics_reference_input_blob_resource_test.go @@ -85,10 +85,11 @@ func TestAccStreamAnalyticsReferenceInputBlob_update(t *testing.T) { func TestAccStreamAnalyticsReferenceInputBlob_authenticationMode(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_stream_analytics_reference_input_blob", "test") r := StreamAnalyticsReferenceInputBlobResource{} + debug := r.authenticationMode(data) data.ResourceTest(t, r, []acceptance.TestStep{ { - Config: r.authenticationMode(data), + Config: debug, Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), ), @@ -247,7 +248,6 @@ resource "azurerm_stream_analytics_reference_input_blob" "test" { stream_analytics_job_name = azurerm_stream_analytics_job.test.name resource_group_name = azurerm_stream_analytics_job.test.resource_group_name storage_account_name = azurerm_storage_account.test.name - storage_account_key = azurerm_storage_account.test.primary_access_key storage_container_name = azurerm_storage_container.test.name path_pattern = "some-random-pattern" date_format = "yyyy/MM/dd" @@ -300,11 +300,12 @@ resource "azurerm_resource_group" "test" { } resource "azurerm_storage_account" "test" { - name = "acctestsa%s" - resource_group_name = azurerm_resource_group.test.name - location = azurerm_resource_group.test.location - account_tier = "Standard" - account_replication_type = "LRS" + name = "acctestsa%s" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + account_tier = "Standard" + account_replication_type = "LRS" + allow_nested_items_to_be_public = false } resource "azurerm_storage_container" "test" { @@ -317,7 +318,7 @@ resource "azurerm_stream_analytics_job" "test" { name = "acctestjob-%d" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location - compatibility_level = "1.0" + compatibility_level = "1.1" data_locale = "en-GB" events_late_arrival_max_delay_in_seconds = 60 events_out_of_order_max_delay_in_seconds = 50 From 5e34f669e7a90a5219b25fa6fe22491274838385 Mon Sep 17 00:00:00 2001 From: Alexander Guth Date: Wed, 14 Dec 2022 10:24:53 +0100 Subject: [PATCH 4/7] revert debug stmt --- .../stream_analytics_reference_input_blob_resource_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/internal/services/streamanalytics/stream_analytics_reference_input_blob_resource_test.go b/internal/services/streamanalytics/stream_analytics_reference_input_blob_resource_test.go index 342cfa765e4d..49386dc899ba 100644 --- a/internal/services/streamanalytics/stream_analytics_reference_input_blob_resource_test.go +++ b/internal/services/streamanalytics/stream_analytics_reference_input_blob_resource_test.go @@ -85,11 +85,10 @@ func TestAccStreamAnalyticsReferenceInputBlob_update(t *testing.T) { func TestAccStreamAnalyticsReferenceInputBlob_authenticationMode(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_stream_analytics_reference_input_blob", "test") r := StreamAnalyticsReferenceInputBlobResource{} - debug := r.authenticationMode(data) data.ResourceTest(t, r, []acceptance.TestStep{ { - Config: debug, + Config: r.authenticationMode(data), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), ), From fa256dac43b4079721ce5fad75c433233773fdab Mon Sep 17 00:00:00 2001 From: Alexander Guth Date: Wed, 14 Dec 2022 10:29:13 +0100 Subject: [PATCH 5/7] wording --- examples/stream-analytics/msi-auth/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/stream-analytics/msi-auth/README.md b/examples/stream-analytics/msi-auth/README.md index fc573fdd2a87..02394ef4685e 100644 --- a/examples/stream-analytics/msi-auth/README.md +++ b/examples/stream-analytics/msi-auth/README.md @@ -1,6 +1,6 @@ # Azure Stream Analytics: MSI authentication -This example provisions an example that uses [MSI authentication](https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview) for the Stream Analytics inputs and outputs. +This example provisions a Stream Analytics job that uses [MSI authentication](https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview) for the Stream Analytics inputs and outputs. ## Inputs From 4924a8aa749b1a4a7d48ea4f5ee838ada434e8f1 Mon Sep 17 00:00:00 2001 From: Alexander Guth Date: Wed, 14 Dec 2022 10:49:29 +0100 Subject: [PATCH 6/7] fix format --- examples/stream-analytics/basic-usage/main.tf | 30 +++++++++---------- examples/stream-analytics/msi-auth/main.tf | 30 +++++++++---------- ...alytics_reference_input_blob.html.markdown | 2 +- 3 files changed, 31 insertions(+), 31 deletions(-) diff --git a/examples/stream-analytics/basic-usage/main.tf b/examples/stream-analytics/basic-usage/main.tf index 2f7d672ca740..9d95b8fab62e 100644 --- a/examples/stream-analytics/basic-usage/main.tf +++ b/examples/stream-analytics/basic-usage/main.tf @@ -4,27 +4,27 @@ provider "azurerm" { resource "azurerm_resource_group" "example" { name = "${var.prefix}-example-resources" - location = "${var.location}" + location = var.location } resource "azurerm_storage_account" "example" { name = "${var.prefix}examplestoracc" - resource_group_name = "${azurerm_resource_group.example.name}" - location = "${azurerm_resource_group.example.location}" + resource_group_name = azurerm_resource_group.example.name + location = azurerm_resource_group.example.location account_tier = "Standard" account_replication_type = "LRS" } resource "azurerm_storage_container" "example" { name = "${var.prefix}example" - storage_account_name = "${azurerm_storage_account.example.name}" + storage_account_name = azurerm_storage_account.example.name container_access_type = "private" } resource "azurerm_stream_analytics_job" "example" { name = "${var.prefix}-example-job" - resource_group_name = "${azurerm_resource_group.example.name}" - location = "${azurerm_resource_group.example.location}" + resource_group_name = azurerm_resource_group.example.name + location = azurerm_resource_group.example.location compatibility_level = "1.1" data_locale = "en-US" events_late_arrival_max_delay_in_seconds = 60 @@ -45,15 +45,15 @@ QUERY } resource "azurerm_stream_analytics_reference_input_blob" "test" { - name = "${var.prefix}-blob-reference-input" - stream_analytics_job_name = "${azurerm_stream_analytics_job.example.name}" - resource_group_name = "${azurerm_stream_analytics_job.example.resource_group_name}" - storage_account_name = "${azurerm_storage_account.example.name}" - storage_account_key = "${azurerm_storage_account.example.primary_access_key}" - storage_container_name = "${azurerm_storage_container.example.name}" - path_pattern = "some-random-pattern" - date_format = "yyyy/MM/dd" - time_format = "HH" + name = "${var.prefix}-blob-reference-input" + stream_analytics_job_name = azurerm_stream_analytics_job.example.name + resource_group_name = azurerm_stream_analytics_job.example.resource_group_name + storage_account_name = azurerm_storage_account.example.name + storage_account_key = azurerm_storage_account.example.primary_access_key + storage_container_name = azurerm_storage_container.example.name + path_pattern = "some-random-pattern" + date_format = "yyyy/MM/dd" + time_format = "HH" serialization { type = "Json" diff --git a/examples/stream-analytics/msi-auth/main.tf b/examples/stream-analytics/msi-auth/main.tf index ce0f9b1908c7..e1985bb3084a 100644 --- a/examples/stream-analytics/msi-auth/main.tf +++ b/examples/stream-analytics/msi-auth/main.tf @@ -4,13 +4,13 @@ provider "azurerm" { resource "azurerm_resource_group" "example" { name = "${var.prefix}-example-resources" - location = "${var.location}" + location = var.location } resource "azurerm_storage_account" "example" { name = "${var.prefix}examplestoracc" - resource_group_name = "${azurerm_resource_group.example.name}" - location = "${azurerm_resource_group.example.location}" + resource_group_name = azurerm_resource_group.example.name + location = azurerm_resource_group.example.location account_tier = "Standard" account_replication_type = "LRS" } @@ -23,14 +23,14 @@ resource "azurerm_role_assignment" "example" { resource "azurerm_storage_container" "example" { name = "${var.prefix}example" - storage_account_name = "${azurerm_storage_account.example.name}" + storage_account_name = azurerm_storage_account.example.name container_access_type = "private" } resource "azurerm_stream_analytics_job" "example" { name = "${var.prefix}-example-job" - resource_group_name = "${azurerm_resource_group.example.name}" - location = "${azurerm_resource_group.example.location}" + resource_group_name = azurerm_resource_group.example.name + location = azurerm_resource_group.example.location compatibility_level = "1.1" data_locale = "en-US" events_late_arrival_max_delay_in_seconds = 60 @@ -55,15 +55,15 @@ QUERY } resource "azurerm_stream_analytics_reference_input_blob" "test" { - name = "${var.prefix}-blob-reference-input" - stream_analytics_job_name = "${azurerm_stream_analytics_job.example.name}" - resource_group_name = "${azurerm_stream_analytics_job.example.resource_group_name}" - storage_account_name = "${azurerm_storage_account.example.name}" - storage_container_name = "${azurerm_storage_container.example.name}" - authentication_mode = "Msi" - path_pattern = "some-random-pattern" - date_format = "yyyy/MM/dd" - time_format = "HH" + name = "${var.prefix}-blob-reference-input" + stream_analytics_job_name = azurerm_stream_analytics_job.example.name + resource_group_name = azurerm_stream_analytics_job.example.resource_group_name + storage_account_name = azurerm_storage_account.example.name + storage_container_name = azurerm_storage_container.example.name + authentication_mode = "Msi" + path_pattern = "some-random-pattern" + date_format = "yyyy/MM/dd" + time_format = "HH" serialization { type = "Json" diff --git a/website/docs/r/stream_analytics_reference_input_blob.html.markdown b/website/docs/r/stream_analytics_reference_input_blob.html.markdown index 19003dd087c7..6bedbbd4af9c 100644 --- a/website/docs/r/stream_analytics_reference_input_blob.html.markdown +++ b/website/docs/r/stream_analytics_reference_input_blob.html.markdown @@ -71,7 +71,7 @@ The following arguments are supported: * `storage_account_name` - (Required) The name of the Storage Account that has the blob container with reference data. -* `storage_account_key` - (Required) The Access Key which should be used to connect to this Storage Account. +* `storage_account_key` - (Optional) The Access Key which should be used to connect to this Storage Account. * `storage_container_name` - (Required) The name of the Container within the Storage Account. From 5df1c03e436de684558aec11a1fce10c7bf5d17c Mon Sep 17 00:00:00 2001 From: Alexander Guth Date: Wed, 14 Dec 2022 11:10:08 +0100 Subject: [PATCH 7/7] Precise docs --- .../docs/r/stream_analytics_reference_input_blob.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/r/stream_analytics_reference_input_blob.html.markdown b/website/docs/r/stream_analytics_reference_input_blob.html.markdown index 6bedbbd4af9c..b0e9f6c32ee8 100644 --- a/website/docs/r/stream_analytics_reference_input_blob.html.markdown +++ b/website/docs/r/stream_analytics_reference_input_blob.html.markdown @@ -71,7 +71,7 @@ The following arguments are supported: * `storage_account_name` - (Required) The name of the Storage Account that has the blob container with reference data. -* `storage_account_key` - (Optional) The Access Key which should be used to connect to this Storage Account. +* `storage_account_key` - (Optional) The Access Key which should be used to connect to this Storage Account. Required if `authentication_mode` is `ConnectionString`. * `storage_container_name` - (Required) The name of the Container within the Storage Account.