azuredeploy.tf

provider "azuread" {
  version = "~> 0.4"
}

provider "azurerm" {
  version = "~> 1.31"
}

provider "random" {
  version = "~> 2.1"
}

variable "location" {
  description = "Azure datacenter to deploy to."
  default = "westus2"
}

variable "servicebus_name_prefix" {
  description = "Input your unique Azure Service Bus Namespace name"
  default = "azuresbtests"
}

variable "resource_group_name_prefix" {
  description = "Resource group to provision test infrastructure in."
  default = "servicebus-go-tests"
}

variable "azure_client_secret" {
  description = "(Optional) piped in from env var so .env will be updated if there is an existing client secret"
  default     = "foo"
}

resource "random_string" "name" {
  length  = 8
  upper   = false
  special = false
  number  = false
}

# Create resource group for all of the things
resource "azurerm_resource_group" "test" {
  name      = "${var.resource_group_name_prefix}-${random_string.name.result}"
  location  = var.location
}

resource "azurerm_servicebus_namespace" "test" {
  name = "${var.servicebus_name_prefix}-${random_string.name.result}"
  location = azurerm_resource_group.test.location
  resource_group_name = azurerm_resource_group.test.name
  sku = "standard"
}

# Generate a random secret fo the service principal
resource "random_string" "secret" {
  count   = data.azurerm_client_config.current.service_principal_application_id == "" ? 1 : 0
  length  = 32
  upper   = true
  special = true
  number  = true
}

// Application for AAD authentication
resource "azuread_application" "test" {
  count                       = data.azurerm_client_config.current.service_principal_application_id == "" ? 1 : 0
  name                        = "servicebustest"
  homepage                    = "https://servicebustest-${random_string.name.result}"
  identifier_uris             = ["https://servicebustest-${random_string.name.result}"]
  reply_urls                  = ["https://servicebustest-${random_string.name.result}"]
  available_to_other_tenants  = false
  oauth2_allow_implicit_flow  = true
}

# Create a service principal, which represents a linkage between the AAD application and the password
resource "azuread_service_principal" "test" {
  count          = data.azurerm_client_config.current.service_principal_application_id == "" ? 1 : 0
  application_id = azuread_application.test[0].application_id
}

# Create a new service principal password which will be the AZURE_CLIENT_SECRET env var
resource "azuread_service_principal_password" "test" {
  count                 = data.azurerm_client_config.current.service_principal_application_id == "" ? 1 : 0
  service_principal_id  = azuread_service_principal.test[0].id
  value                 = random_string.secret[0].result
  end_date              = "2030-01-01T01:02:03Z"
}

# This provides the new AAD application the rights to managed, send and receive from the Event Hubs instance
resource "azurerm_role_assignment" "service_principal_eh" {
  count                 = data.azurerm_client_config.current.service_principal_application_id == "" ? 1 : 0
  scope                 = "subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${azurerm_resource_group.test.name}/providers/Microsoft.ServiceBus/namespaces/${azurerm_servicebus_namespace.test.name}"
  role_definition_name  = "Owner"
  principal_id          = azuread_service_principal.test[0].id
}

# This provides the new AAD application the rights to managed the resource group
resource "azurerm_role_assignment" "service_principal_rg" {
  count                 = data.azurerm_client_config.current.service_principal_application_id == "" ? 1 : 0
  scope                 = "subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${azurerm_resource_group.test.name}"
  role_definition_name  = "Owner"
  principal_id          = azuread_service_principal.test[0].id
}

# Most tests should create and destroy their own Queues, Topics, and Subscriptions. However, to keep examples from being
# bloated, the items below are created externally by Terraform.

resource "azurerm_servicebus_queue" "scheduledMessages" {
  name = "scheduledmessages"
  resource_group_name = azurerm_resource_group.test.name
  namespace_name = azurerm_servicebus_namespace.test.name
}

resource "azurerm_servicebus_queue" "queueSchedule" {
  name = "schedulewithqueue"
  resource_group_name = azurerm_resource_group.test.name
  namespace_name = azurerm_servicebus_namespace.test.name
}

resource "azurerm_servicebus_queue" "helloworld" {
  name = "helloworld"
  resource_group_name = azurerm_resource_group.test.name
  namespace_name = azurerm_servicebus_namespace.test.name
}

resource "azurerm_servicebus_queue" "receiveSession" {
  name = "receivesession"
  resource_group_name = azurerm_resource_group.test.name
  namespace_name = azurerm_servicebus_namespace.test.name
  default_message_ttl = "PT300S"
  requires_session = true
}

# Data resources used to get SubID and Tennant Info
data "azurerm_client_config" "current" {}

output "TEST_SERVICEBUS_RESOURCE_GROUP" {
  value = azurerm_resource_group.test.name
}

output "SERVICEBUS_CONNECTION_STRING" {
  value = "Endpoint=sb://${azurerm_servicebus_namespace.test.name}.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=${azurerm_servicebus_namespace.test.default_primary_key}"
  sensitive = true
}

output "AZURE_SUBSCRIPTION_ID" {
  value = data.azurerm_client_config.current.subscription_id
}

output "TEST_SERVICEBUS_LOCATION" {
  value = azurerm_servicebus_namespace.test.location
}

output "AZURE_TENANT_ID" {
  value = data.azurerm_client_config.current.tenant_id
}

output "AZURE_CLIENT_ID" {
  value = compact(
    concat(azuread_application.test.*.application_id, [data.azurerm_client_config.current.client_id])
  )[0]
}

output "AZURE_CLIENT_SECRET" {
  value  = compact(
    concat(azuread_service_principal_password.test.*.value, [var.azure_client_secret])
  )[0]
  sensitive = true
}