Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Resource: azurerm_container_registry_credential_set #27528

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
+729 −1
Open

New Resource: azurerm_container_registry_credential_set #27528

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
0de99eb
feat: add new resource azurerm_container_registry_credential_set
jan-mrm Sep 27, 2024
e54f1c5
fix: set auth_credentials correctly in import test
jan-mrm Sep 27, 2024
e540207
refactor: implement review feedback
jan-mrm Oct 28, 2024
642b66a
refactor: format docs
jan-mrm Oct 28, 2024
1097761
Merge remote-tracking branch 'origin/main' into feat/new-resource-acr…
jan-mrm Dec 6, 2024
593cf9f
chore: update api version in new credential set resource after it has…
jan-mrm Dec 6, 2024
530676b
chore: add changes from 'make generate'
jan-mrm Dec 6, 2024
3b0c239
Merge remote-tracking branch 'origin/main' into feat/new-resource-acr…
jan-mrm Jan 2, 2025
1170f1b
refactor: change implementation to SystemAssignedUserAssignedIdentity…
jan-mrm Jan 10, 2025
e729aa9
refactor: change implementation from SystemAssignedUserAssignedIdenti…
jan-mrm Jan 13, 2025
b56f65a
refactor: implement review feedback - import step and key vault in te…
jan-mrm Jan 14, 2025
c1a73eb
refactor: tf fmt
jan-mrm Jan 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions internal/services/containers/client/client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
containerregistry_v2019_06_01_preview "github.com/hashicorp/go-azure-sdk/resource-manager/containerregistry/2019-06-01-preview"
containerregistry_v2023_06_01_preview "github.com/hashicorp/go-azure-sdk/resource-manager/containerregistry/2023-06-01-preview"
"github.com/hashicorp/go-azure-sdk/resource-manager/containerregistry/2023-07-01/cacherules"
"github.com/hashicorp/go-azure-sdk/resource-manager/containerregistry/2023-07-01/credentialsets"
"github.com/hashicorp/go-azure-sdk/resource-manager/containerservice/2019-08-01/containerservices"
"github.com/hashicorp/go-azure-sdk/resource-manager/containerservice/2024-04-01/fleetupdatestrategies"
"github.com/hashicorp/go-azure-sdk/resource-manager/containerservice/2024-04-01/updateruns"
Expand All @@ -28,6 +29,7 @@ type Client struct {
AgentPoolsClient *agentpools.AgentPoolsClient
ContainerInstanceClient *containerinstance.ContainerInstanceClient
CacheRulesClient *cacherules.CacheRulesClient
CredentialSetsClient *credentialsets.CredentialSetsClient
ContainerRegistryClient_v2023_06_01_preview *containerregistry_v2023_06_01_preview.Client
// v2019_06_01_preview is needed for container registry agent pools and tasks
ContainerRegistryClient_v2019_06_01_preview *containerregistry_v2019_06_01_preview.Client
Expand Down Expand Up @@ -69,6 +71,12 @@ func NewContainersClient(o *common.ClientOptions) (*Client, error) {
}
o.Configure(cacheRulesClient.Client, o.Authorizers.ResourceManager)

credentialSetsClient, err := credentialsets.NewCredentialSetsClientWithBaseURI(o.Environment.ResourceManager)
if err != nil {
return nil, fmt.Errorf("building Credential Sets client: %+v", err)
}
o.Configure(credentialSetsClient.Client, o.Authorizers.ResourceManager)

// AKS
fleetUpdateRunsClient, err := updateruns.NewUpdateRunsClientWithBaseURI(o.Environment.ResourceManager)
if err != nil {
Expand Down Expand Up @@ -128,6 +136,7 @@ func NewContainersClient(o *common.ClientOptions) (*Client, error) {
AgentPoolsClient: agentPoolsClient,
ContainerInstanceClient: containerInstanceClient,
CacheRulesClient: cacheRulesClient,
CredentialSetsClient: credentialSetsClient,
ContainerRegistryClient_v2023_06_01_preview: containerRegistryClient_v2023_06_01_preview,
ContainerRegistryClient_v2019_06_01_preview: containerRegistryClient_v2019_06_01_preview,
FleetUpdateRunsClient: fleetUpdateRunsClient,
Expand Down
331 changes: 331 additions & 0 deletions internal/services/containers/container_registry_credential_set_resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,331 @@
package containers

import (
"context"
"fmt"
"log"
"time"

"github.com/hashicorp/go-azure-helpers/lang/pointer"
"github.com/hashicorp/go-azure-helpers/lang/response"
"github.com/hashicorp/go-azure-helpers/resourcemanager/identity"
"github.com/hashicorp/go-azure-sdk/resource-manager/containerregistry/2023-06-01-preview/registries"
"github.com/hashicorp/go-azure-sdk/resource-manager/containerregistry/2023-07-01/credentialsets"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-provider-azurerm/internal/sdk"
"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
)

var _ sdk.Resource = ContainerRegistryCredentialSetResource{}

type ContainerRegistryCredentialSetResource struct{}

func (ContainerRegistryCredentialSetResource) Arguments() map[string]*pluginsdk.Schema {
return map[string]*pluginsdk.Schema{
"name": {
Type: pluginsdk.TypeString,
Required: true,
ForceNew: true,
Description: "The name of the credential set.",
},
"container_registry_id": {
Type: pluginsdk.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: registries.ValidateRegistryID,
},
"login_server": {
Type: pluginsdk.TypeString,
Required: true,
ForceNew: true,
},
"auth_credentials": {
jan-mrm marked this conversation as resolved.
Show resolved Hide resolved
Type: pluginsdk.TypeList,
Required: true,
MaxItems: 1,
Elem: &pluginsdk.Resource{
Schema: map[string]*schema.Schema{
"username_secret_identifier": {
Type: pluginsdk.TypeString,
Required: true,
},
"password_secret_identifier": {
Type: pluginsdk.TypeString,
Required: true,
},
jan-mrm marked this conversation as resolved.
Show resolved Hide resolved
},
},
},
}
}

func (ContainerRegistryCredentialSetResource) Attributes() map[string]*pluginsdk.Schema {
return map[string]*pluginsdk.Schema{
"identity": {
Type: pluginsdk.TypeList,
Computed: true,
Elem: &pluginsdk.Resource{
Schema: map[string]*schema.Schema{
"type": {
Type: pluginsdk.TypeString,
Computed: true,
},
"tenant_id": {
Type: pluginsdk.TypeString,
Computed: true,
},
"principal_id": {
Type: pluginsdk.TypeString,
Computed: true,
},
},
},
},
jan-mrm marked this conversation as resolved.
Show resolved Hide resolved
}
}

type Identity struct {
Type string `tfschema:"type"`
TenantId string `tfschema:"tenant_id"`
PrincipalId string `tfschema:"principal_id"`
}
jan-mrm marked this conversation as resolved.
Show resolved Hide resolved

type AuthCredential struct {
UsernameSecretIdentifier string `tfschema:"username_secret_identifier"`
PasswordSecretIdentifier string `tfschema:"password_secret_identifier"`
}

type ContainerRegistryCredentialSetModel struct {
Name string `tfschema:"name"`
ContainerRegistryId string `tfschema:"container_registry_id"`
LoginServer string `tfschema:"login_server"`
AuthCredentials []AuthCredential `tfschema:"auth_credentials"`
Identity []Identity `tfschema:"identity"`
jan-mrm marked this conversation as resolved.
Show resolved Hide resolved
}

func (ContainerRegistryCredentialSetResource) ModelObject() interface{} {
return &ContainerRegistryCredentialSetModel{}
}

func (ContainerRegistryCredentialSetResource) ResourceType() string {
return "azurerm_container_registry_credential_set"
}

func (r ContainerRegistryCredentialSetResource) Create() sdk.ResourceFunc {
return sdk.ResourceFunc{
Timeout: 30 * time.Minute,
Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error {
client := metadata.Client.Containers.CredentialSetsClient
subscriptionId := metadata.Client.Account.SubscriptionId

var config ContainerRegistryCredentialSetModel
if err := metadata.Decode(&config); err != nil {
return err
}

log.Printf("[INFO] preparing arguments for Container Registry Credential Set creation.")

registryId, err := registries.ParseRegistryID(metadata.ResourceData.Get("container_registry_id").(string))
jan-mrm marked this conversation as resolved.
Show resolved Hide resolved
if err != nil {
return err
}

id := credentialsets.NewCredentialSetID(subscriptionId,
registryId.ResourceGroupName,
registryId.RegistryName,
metadata.ResourceData.Get("name").(string),
jan-mrm marked this conversation as resolved.
Show resolved Hide resolved
)

existing, err := client.Get(ctx, id)
if err != nil && !response.WasNotFound(existing.HttpResponse) {
return fmt.Errorf("checking for presence of existing %s: %+v", id, err)
}
if !response.WasNotFound(existing.HttpResponse) {
return metadata.ResourceRequiresImport(r.ResourceType(), id)
}

param := credentialsets.CredentialSet{
Name: &id.CredentialSetName,
jan-mrm marked this conversation as resolved.
Show resolved Hide resolved
Properties: &credentialsets.CredentialSetProperties{
LoginServer: pointer.To(config.LoginServer),
AuthCredentials: expandAuthCredentials(config.AuthCredentials),
},
Identity: &identity.SystemAndUserAssignedMap{
Type: identity.TypeSystemAssigned,
},
jan-mrm marked this conversation as resolved.
Show resolved Hide resolved
}

if err := client.CreateThenPoll(ctx, id, param); err != nil {
return fmt.Errorf("creating %s: %+v", id, err)
}

metadata.SetID(id)
return nil
},
}
}

func (r ContainerRegistryCredentialSetResource) Update() sdk.ResourceFunc {
return sdk.ResourceFunc{
Timeout: 30 * time.Minute,
Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error {
client := metadata.Client.Containers.CredentialSetsClient
id, err := credentialsets.ParseCredentialSetID(metadata.ResourceData.Id())
if err != nil {
return err
}

existing, err := client.Get(ctx, *id)
if err != nil {
return fmt.Errorf("retrieving %s: %+v", id, err)
}
if existing.Model == nil {
return fmt.Errorf("retrieving %s: `model` was nil", id)
}
if existing.Model.Properties == nil {
return fmt.Errorf("retrieving %s: `properties` was nil", id)
}

var model ContainerRegistryCredentialSetModel
if err := metadata.Decode(&model); err != nil {
return err
}

if metadata.ResourceData.HasChange("login_server") {
existing.Model.Properties.LoginServer = pointer.To(model.LoginServer)
}
if metadata.ResourceData.HasChange("auth_credentials") {
existing.Model.Properties.AuthCredentials = expandAuthCredentials(model.AuthCredentials)
}

param := credentialsets.CredentialSetUpdateParameters{
Identity: expandIdentity(model.Identity),
Properties: &credentialsets.CredentialSetUpdateProperties{
AuthCredentials: existing.Model.Properties.AuthCredentials,
},
}
if err := client.UpdateThenPoll(ctx, *id, param); err != nil {
return fmt.Errorf("updating %s: %+v", id, err)
}
jan-mrm marked this conversation as resolved.
Show resolved Hide resolved

return nil
},
}
}

func (ContainerRegistryCredentialSetResource) Read() sdk.ResourceFunc {
return sdk.ResourceFunc{
Timeout: 5 * time.Minute,
Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error {
client := metadata.Client.Containers.CredentialSetsClient
id, err := credentialsets.ParseCredentialSetID(metadata.ResourceData.Id())
if err != nil {
return err
}

resp, err := client.Get(ctx, *id)
if err != nil {
if response.WasNotFound(resp.HttpResponse) {
return metadata.MarkAsGone(id)
}
return fmt.Errorf("retrieving %s: %+v", id, err)
}

registryId := registries.NewRegistryID(id.SubscriptionId, id.ResourceGroupName, id.RegistryName)

var config ContainerRegistryCredentialSetModel
if err := metadata.Decode(&config); err != nil {
return err
}

config.Name = id.CredentialSetName
config.ContainerRegistryId = registryId.ID()

if model := resp.Model; model != nil {
config.Identity = flattenIdentity(model.Identity)
jan-mrm marked this conversation as resolved.
Show resolved Hide resolved
if props := model.Properties; props != nil {
config.LoginServer = pointer.From(props.LoginServer)
config.AuthCredentials = flattenAuthCredentials(props.AuthCredentials)
}
}
if err := metadata.Encode(&config); err != nil {
return fmt.Errorf("encoding: %+v", err)
}
return nil
jan-mrm marked this conversation as resolved.
Show resolved Hide resolved
},
}
}

func (ContainerRegistryCredentialSetResource) Delete() sdk.ResourceFunc {
return sdk.ResourceFunc{
Timeout: 30 * time.Minute,
Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error {
client := metadata.Client.Containers.CredentialSetsClient
id, err := credentialsets.ParseCredentialSetID(metadata.ResourceData.Id())
if err != nil {
return err
}

if err := client.DeleteThenPoll(ctx, *id); err != nil {
return fmt.Errorf("deleting %s: %+v", *id, err)
}
return nil
},
}
}

func (ContainerRegistryCredentialSetResource) IDValidationFunc() pluginsdk.SchemaValidateFunc {
return credentialsets.ValidateCredentialSetID
}

func expandAuthCredentials(input []AuthCredential) *[]credentialsets.AuthCredential {
if len(input) == 0 {
return nil
}
output := make([]credentialsets.AuthCredential, 0, len(input))
for _, v := range input {
output = append(output, credentialsets.AuthCredential{
Name: pointer.To(credentialsets.CredentialNameCredentialOne),
UsernameSecretIdentifier: pointer.To(v.UsernameSecretIdentifier),
PasswordSecretIdentifier: pointer.To(v.PasswordSecretIdentifier),
})
}
return &output
}

func flattenAuthCredentials(input *[]credentialsets.AuthCredential) []AuthCredential {
if input == nil {
return nil
}
output := make([]AuthCredential, len(*input))
for i, v := range *input {
output[i] = AuthCredential{
UsernameSecretIdentifier: pointer.From(v.UsernameSecretIdentifier),
PasswordSecretIdentifier: pointer.From(v.PasswordSecretIdentifier),
}
}
return output
jan-mrm marked this conversation as resolved.
Show resolved Hide resolved
}

func flattenIdentity(input *identity.SystemAndUserAssignedMap) []Identity {
if input == nil {
return nil
}
output := make([]Identity, 1)
output[0] = Identity{
Type: string(input.Type),
TenantId: input.TenantId,
PrincipalId: input.PrincipalId,
}
return output
}

func expandIdentity(input []Identity) *identity.SystemAndUserAssignedMap {
if len(input) == 0 {
return nil
}
output := identity.SystemAndUserAssignedMap{
Type: identity.TypeSystemAssigned,
}
return &output
}
jan-mrm marked this conversation as resolved.
Show resolved Hide resolved
Loading
Loading