Skip to content

Commit

Permalink
Merge pull request #1 from terraform-providers/master
Browse files Browse the repository at this point in the history
Merge base
  • Loading branch information
Piotr Gospodarek authored Oct 11, 2017
2 parents dcfc7e6 + e10638c commit 1d5a475
Show file tree
Hide file tree
Showing 665 changed files with 317,369 additions and 3,086 deletions.
23 changes: 23 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,15 +1,38 @@
## 0.3.0 (Unreleased)

UPGRADE NOTES:

* `azurerm_route_table` - `route` is no longer computed

FEATURES:

* **New Data Source:** `azurerm_builtin_role_definition` [GH-384]
* **New Data Source:** `azurerm_image` [GH-382]
* **New Data Source:** `azurerm_platform_image` [GH-375]
* **New Data Source:** `azurerm_role_definition` [GH-414]
* **New Data Source:** `azurerm_subnet` [GH-411]
* **New Resource:** `azurerm_key_vault_certificate` [GH-408]
* **New Resource:** `azurerm_role_assignment` [GH-414]
* **New Resource:** `azurerm_role_definition` [GH-414]

IMPROVEMENTS:

* `azurerm_client_config` - updating the data source to work when using AzureCLI auth [GH-393]
* `azurerm_container_group` - add support for volume mounts [GH-366]
* `azurerm_key_vault` - fix a crash when no certificate_permissions are defined [GH-374]
* `azurerm_key_vault` - waiting for the DNS to propagate [GH-401]
* `azurerm_managed_disk` - support for creating Managed Disks from Platform Images by supporting "FromImage" [GH-399]
* `azurerm_managed_disk` - support for creating Encrypted Managed Disks [GH-399]
* `azurerm_mysql_*` - Ensuring we register the MySQL Resource Provider [GH-397]
* `azurerm_network_interface` - exposing all of the Private IP Addresses assigned to the NIC [GH-409]
* `azurerm_network_security_group` / `azurerm_network_security_rule` - refactoring [GH-405]
* `azurerm_route_table` - removing routes when none are specified [GH-403]
* `azurerm_route_table` - refactoring `route` from a Set to a List [GH-402]
* `azurerm_route` - refactoring `route` from a Set to a List [GH-402]
* `azurerm_storage_account` - support for File Encryption [GH-363]
* `azurerm_storage_account` - support for Custom Domain [GH-363]
* `azurerm_storage_account` - splitting the storage account Tier and Replication out into separate fields [GH-363]
* `azurerm_subnet` - making it possible to remove Network Security Groups / Route Tables [GH-411]
* `azurerm_virtual_machine` - fixing a bug where `additional_unattend_config.content` was being updated unintentionally [GH-377]
* `azurerm_virtual_machine_scale_set` - fixing a bug where `additional_unattend_config.content` was being updated unintentionally [GH-377]

Expand Down
52 changes: 36 additions & 16 deletions azurerm/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"net/http/httputil"

"github.com/Azure/azure-sdk-for-go/arm/appinsights"
"github.com/Azure/azure-sdk-for-go/arm/authorization"
"github.com/Azure/azure-sdk-for-go/arm/automation"
"github.com/Azure/azure-sdk-for-go/arm/cdn"
"github.com/Azure/azure-sdk-for-go/arm/compute"
Expand Down Expand Up @@ -46,10 +47,11 @@ import (
// ArmClient contains the handles to all the specific Azure Resource Manager
// resource classes' respective clients.
type ArmClient struct {
clientId string
tenantId string
subscriptionId string
environment azure.Environment
clientId string
tenantId string
subscriptionId string
usingServicePrincipal bool
environment azure.Environment

StopContext context.Context

Expand Down Expand Up @@ -136,6 +138,9 @@ type ArmClient struct {

appInsightsClient appinsights.ComponentsClient

// Authentication
roleAssignmentsClient authorization.RoleAssignmentsClient
roleDefinitionsClient authorization.RoleDefinitionsClient
servicePrincipalsClient graphrbac.ServicePrincipalsClient

// Databases
Expand Down Expand Up @@ -232,10 +237,11 @@ func (c *Config) getArmClient() (*ArmClient, error) {

// client declarations:
client := ArmClient{
clientId: c.ClientID,
tenantId: c.TenantID,
subscriptionId: c.SubscriptionID,
environment: env,
clientId: c.ClientID,
tenantId: c.TenantID,
subscriptionId: c.SubscriptionID,
environment: env,
usingServicePrincipal: c.ClientSecret != "",
}

oauthConfig, err := adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, c.TenantID)
Expand Down Expand Up @@ -624,12 +630,6 @@ func (c *Config) getArmClient() (*ArmClient, error) {
ai.Sender = sender
client.appInsightsClient = ai

spc := graphrbac.NewServicePrincipalsClientWithBaseURI(graphEndpoint, c.TenantID)
setUserAgent(&spc.Client)
spc.Authorizer = graphAuth
spc.Sender = sender
client.servicePrincipalsClient = spc

aadb := automation.NewAccountClientWithBaseURI(endpoint, c.SubscriptionID)
setUserAgent(&aadb.Client)
aadb.Authorizer = auth
Expand All @@ -654,13 +654,33 @@ func (c *Config) getArmClient() (*ArmClient, error) {
aschc.Sender = sender
client.automationScheduleClient = aschc

client.registerKeyVaultClients(endpoint, c.SubscriptionID, auth, keyVaultAuth, sender)

client.registerAuthentication(endpoint, graphEndpoint, c.SubscriptionID, c.TenantID, auth, graphAuth, sender)
client.registerDatabases(endpoint, c.SubscriptionID, auth, sender)
client.registerKeyVaultClients(endpoint, c.SubscriptionID, auth, keyVaultAuth, sender)

return &client, nil
}

func (c *ArmClient) registerAuthentication(endpoint, graphEndpoint, subscriptionId, tenantId string, auth, graphAuth autorest.Authorizer, sender autorest.Sender) {
spc := graphrbac.NewServicePrincipalsClientWithBaseURI(graphEndpoint, tenantId)
setUserAgent(&spc.Client)
spc.Authorizer = graphAuth
spc.Sender = sender
c.servicePrincipalsClient = spc

rac := authorization.NewRoleAssignmentsClientWithBaseURI(endpoint, subscriptionId)
setUserAgent(&rac.Client)
rac.Authorizer = auth
rac.Sender = sender
c.roleAssignmentsClient = rac

rdc := authorization.NewRoleDefinitionsClientWithBaseURI(endpoint, subscriptionId)
setUserAgent(&rdc.Client)
rdc.Authorizer = auth
rdc.Sender = sender
c.roleDefinitionsClient = rdc
}

func (c *ArmClient) registerDatabases(endpoint, subscriptionId string, auth autorest.Authorizer, sender autorest.Sender) {
// MySQL
mysqlConfigClient := mysql.NewConfigurationsClientWithBaseURI(endpoint, subscriptionId)
Expand Down
102 changes: 102 additions & 0 deletions azurerm/data_source_builtin_role_definition.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
package azurerm

import (
"fmt"

"github.com/hashicorp/terraform/helper/schema"
"github.com/hashicorp/terraform/helper/validation"
)

func dataSourceArmBuiltInRoleDefinition() *schema.Resource {
return &schema.Resource{
Read: dataSourceArmBuiltInRoleDefinitionRead,
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice([]string{
"Contributor",
"Reader",
"Owner",
"VirtualMachineContributor",
}, false),
},

// Computed
"description": {
Type: schema.TypeString,
Computed: true,
},
"type": {
Type: schema.TypeString,
Computed: true,
},
"permissions": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"actions": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"not_actions": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
},
},
},
"assignable_scopes": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
},
}
}

func dataSourceArmBuiltInRoleDefinitionRead(d *schema.ResourceData, meta interface{}) error {
client := meta.(*ArmClient).roleDefinitionsClient
name := d.Get("name").(string)
roleDefinitionIds := map[string]string{
"Contributor": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
"Owner": "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
"Reader": "/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
"VirtualMachineContributor": "/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb",
}
roleDefinitionId := roleDefinitionIds[name]

d.SetId(roleDefinitionId)

role, err := client.GetByID(roleDefinitionId)
if err != nil {
return fmt.Errorf("Error loadng Role Definition: %+v", err)
}

if props := role.Properties; props != nil {
d.Set("name", props.RoleName)
d.Set("description", props.Description)
d.Set("type", props.Type)

permissions := flattenRoleDefinitionPermissions(props.Permissions)
if err := d.Set("permissions", permissions); err != nil {
return err
}

assignableScopes := flattenRoleDefinitionAssignableScopes(props.AssignableScopes)
if err := d.Set("assignable_scopes", assignableScopes); err != nil {
return err
}
}

return nil
}
108 changes: 108 additions & 0 deletions azurerm/data_source_builtin_role_definition_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
package azurerm

import (
"fmt"
"testing"

"github.com/hashicorp/terraform/helper/resource"
)

func TestAccDataSourceAzureRMBuiltInRoleDefinition_contributor(t *testing.T) {
dataSourceName := "data.azurerm_builtin_role_definition.test"
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccDataSourceBuiltInRoleDefinition("Contributor"),
Check: resource.ComposeTestCheckFunc(
testAzureRMClientConfigAttr(dataSourceName, "id", "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"),
resource.TestCheckResourceAttrSet(dataSourceName, "description"),
resource.TestCheckResourceAttrSet(dataSourceName, "type"),
resource.TestCheckResourceAttr(dataSourceName, "permissions.#", "1"),
resource.TestCheckResourceAttr(dataSourceName, "permissions.0.actions.#", "1"),
resource.TestCheckResourceAttr(dataSourceName, "permissions.0.actions.0", "*"),
resource.TestCheckResourceAttr(dataSourceName, "permissions.0.not_actions.#", "3"),
resource.TestCheckResourceAttr(dataSourceName, "permissions.0.not_actions.0", "Microsoft.Authorization/*/Delete"),
resource.TestCheckResourceAttr(dataSourceName, "permissions.0.not_actions.1", "Microsoft.Authorization/*/Write"),
resource.TestCheckResourceAttr(dataSourceName, "permissions.0.not_actions.2", "Microsoft.Authorization/elevateAccess/Action"),
),
},
},
})
}

func TestAccDataSourceAzureRMBuiltInRoleDefinition_owner(t *testing.T) {
dataSourceName := "data.azurerm_builtin_role_definition.test"
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccDataSourceBuiltInRoleDefinition("Owner"),
Check: resource.ComposeTestCheckFunc(
testAzureRMClientConfigAttr(dataSourceName, "id", "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"),
resource.TestCheckResourceAttrSet(dataSourceName, "description"),
resource.TestCheckResourceAttrSet(dataSourceName, "type"),
resource.TestCheckResourceAttr(dataSourceName, "permissions.#", "1"),
resource.TestCheckResourceAttr(dataSourceName, "permissions.0.actions.#", "1"),
resource.TestCheckResourceAttr(dataSourceName, "permissions.0.actions.0", "*"),
resource.TestCheckResourceAttr(dataSourceName, "permissions.0.not_actions.#", "0"),
),
},
},
})
}

func TestAccDataSourceAzureRMBuiltInRoleDefinition_reader(t *testing.T) {
dataSourceName := "data.azurerm_builtin_role_definition.test"
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccDataSourceBuiltInRoleDefinition("Reader"),
Check: resource.ComposeTestCheckFunc(
testAzureRMClientConfigAttr(dataSourceName, "id", "/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7"),
resource.TestCheckResourceAttrSet(dataSourceName, "description"),
resource.TestCheckResourceAttrSet(dataSourceName, "type"),
resource.TestCheckResourceAttr(dataSourceName, "permissions.#", "1"),
resource.TestCheckResourceAttr(dataSourceName, "permissions.0.actions.#", "1"),
resource.TestCheckResourceAttr(dataSourceName, "permissions.0.actions.0", "*/read"),
resource.TestCheckResourceAttr(dataSourceName, "permissions.0.not_actions.#", "0"),
),
},
},
})
}

func TestAccDataSourceAzureRMBuiltInRoleDefinition_virtualMachineContributor(t *testing.T) {
dataSourceName := "data.azurerm_builtin_role_definition.test"
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccDataSourceBuiltInRoleDefinition("VirtualMachineContributor"),
Check: resource.ComposeTestCheckFunc(
testAzureRMClientConfigAttr(dataSourceName, "id", "/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb"),
resource.TestCheckResourceAttrSet(dataSourceName, "description"),
resource.TestCheckResourceAttrSet(dataSourceName, "type"),
resource.TestCheckResourceAttr(dataSourceName, "permissions.#", "1"),
resource.TestCheckResourceAttr(dataSourceName, "permissions.0.actions.#", "17"),
resource.TestCheckResourceAttr(dataSourceName, "permissions.0.actions.0", "Microsoft.Authorization/*/read"),
resource.TestCheckResourceAttr(dataSourceName, "permissions.0.actions.15", "Microsoft.Resources/subscriptions/resourceGroups/read"),
resource.TestCheckResourceAttr(dataSourceName, "permissions.0.not_actions.#", "0"),
),
},
},
})
}

func testAccDataSourceBuiltInRoleDefinition(name string) string {
return fmt.Sprintf(`
data "azurerm_builtin_role_definition" "test" {
name = "%s"
}
`, name)
}
Loading

0 comments on commit 1d5a475

Please sign in to comment.