diff --git a/internal/services/redis/redis_cache_data_source.go b/internal/services/redis/redis_cache_data_source.go index b8905ae8c7453..0372861493663 100644 --- a/internal/services/redis/redis_cache_data_source.go +++ b/internal/services/redis/redis_cache_data_source.go @@ -162,6 +162,10 @@ func dataSourceRedisCache() *pluginsdk.Resource { Type: pluginsdk.TypeString, Computed: true, }, + "data_persistence_authentication_method": { + Type: pluginsdk.TypeString, + Computed: true, + }, }, }, }, diff --git a/internal/services/redis/redis_cache_resource.go b/internal/services/redis/redis_cache_resource.go index 5480f47ac6c81..fca201b77852c 100644 --- a/internal/services/redis/redis_cache_resource.go +++ b/internal/services/redis/redis_cache_resource.go @@ -179,6 +179,16 @@ func resourceRedisCache() *pluginsdk.Resource { Computed: true, }, + "data_persistence_authentication_method": { + Type: pluginsdk.TypeString, + Optional: true, + Default: "SAS", + ValidateFunc: validation.StringInSlice([]string{ + "SAS", + "ManagedIdentity", + }, false), + }, + "rdb_backup_enabled": { Type: pluginsdk.TypeBool, Optional: true, @@ -830,6 +840,10 @@ func expandRedisConfiguration(d *pluginsdk.ResourceData) (*redis.RedisCommonProp output.MaxmemoryPolicy = utils.String(v) } + if v := raw["data_persistence_authentication_method"].(string); v != "" { + output.PreferredDataPersistenceAuthMethod = utils.String(v) + } + // AAD/Entra support // nolint : staticcheck v, valExists := d.GetOkExists("redis_configuration.0.active_directory_authentication_enabled") @@ -1000,6 +1014,10 @@ func flattenRedisConfiguration(input *redis.RedisCommonPropertiesRedisConfigurat outputs["maxmemory_policy"] = *input.MaxmemoryPolicy } + if input.PreferredDataPersistenceAuthMethod != nil { + outputs["data_persistence_authentication_method"] = *input.PreferredDataPersistenceAuthMethod + } + if input.MaxfragmentationmemoryReserved != nil { i, err := strconv.Atoi(*input.MaxfragmentationmemoryReserved) if err != nil { diff --git a/internal/services/redis/redis_cache_resource_test.go b/internal/services/redis/redis_cache_resource_test.go index 6a17974a74c50..241a28b42f524 100644 --- a/internal/services/redis/redis_cache_resource_test.go +++ b/internal/services/redis/redis_cache_resource_test.go @@ -36,6 +36,25 @@ func TestAccRedisCache_basic(t *testing.T) { }) } +func TestAccRedisCache_managedIdentityAuth(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_redis_cache", "test") + r := RedisCacheResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.managedIdentityAuth(data, true), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("minimum_tls_version").Exists(), + check.That(data.ResourceName).Key("primary_connection_string").Exists(), + check.That(data.ResourceName).Key("secondary_connection_string").Exists(), + check.That(data.ResourceName).Key("redis_configuration.0.data_persistence_authentication_method").HasValue("ManagedIdentity"), + ), + }, + data.ImportStep(), + }) +} + func TestAccRedisCache_withoutSSL(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_redis_cache", "test") r := RedisCacheResource{} @@ -583,6 +602,34 @@ resource "azurerm_redis_cache" "test" { `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, !requireSSL) } +func (RedisCacheResource) managedIdentityAuth(data acceptance.TestData, requireSSL bool) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +resource "azurerm_redis_cache" "test" { + name = "acctestRedis-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + capacity = 1 + family = "C" + sku_name = "Basic" + enable_non_ssl_port = %t + minimum_tls_version = "1.2" + + redis_configuration { + data_persistence_authentication_method = "ManagedIdentity" + } +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, !requireSSL) +} + func (RedisCacheResource) requiresImport(data acceptance.TestData) string { template := RedisCacheResource{}.basic(data, true) return fmt.Sprintf(` diff --git a/website/docs/r/redis_cache.html.markdown b/website/docs/r/redis_cache.html.markdown index 858fed9239a82..45811986fd2c0 100644 --- a/website/docs/r/redis_cache.html.markdown +++ b/website/docs/r/redis_cache.html.markdown @@ -146,6 +146,8 @@ redis_configuration { * `maxmemory_delta` - (Optional) The max-memory delta for this Redis instance. Defaults are shown below. * `maxmemory_policy` - (Optional) How Redis will select what to remove when `maxmemory` is reached. Defaults to `volatile-lru`. +* `data_persistence_authentication_method` - (Optional) Preferred auth method to communicate to storage account used for data persistence. Possible values are `SAS` and `ManagedIdentity`. Defaults to `SAS`. + * `maxfragmentationmemory_reserved` - (Optional) Value in megabytes reserved to accommodate for memory fragmentation. Defaults are shown below. * `rdb_backup_enabled` - (Optional) Is Backup Enabled? Only supported on Premium SKUs. Defaults to `false`.