Skip to content

Commit

Permalink
add public network access to container registry (#10969)
Browse files Browse the repository at this point in the history
* add public network access to container registry

* azurerm_container_registry - fix test TestAccContainerRegistry_geoReplication
  • Loading branch information
ms-henglu authored Mar 25, 2021
1 parent f223f68 commit 02f59ac
Show file tree
Hide file tree
Showing 27 changed files with 12,709 additions and 2,627 deletions.
2 changes: 1 addition & 1 deletion azurerm/internal/services/containers/client/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ package client

import (
"github.com/Azure/azure-sdk-for-go/services/containerinstance/mgmt/2019-12-01/containerinstance"
"github.com/Azure/azure-sdk-for-go/services/containerregistry/mgmt/2019-05-01/containerregistry"
legacy "github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2019-08-01/containerservice"
"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2020-12-01/containerservice"
"github.com/Azure/azure-sdk-for-go/services/preview/containerregistry/mgmt/2020-11-01-preview/containerregistry"
"github.com/Azure/go-autorest/autorest/azure"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/common"
)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import (
"strings"
"time"

"github.com/Azure/azure-sdk-for-go/services/containerregistry/mgmt/2019-05-01/containerregistry"
"github.com/Azure/azure-sdk-for-go/services/preview/containerregistry/mgmt/2020-11-01-preview/containerregistry"
"github.com/hashicorp/go-azure-helpers/response"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
Expand Down Expand Up @@ -83,6 +83,12 @@ func resourceContainerRegistry() *schema.Resource {
Set: location.HashCode,
},

"public_network_access_enabled": {
Type: schema.TypeBool,
Optional: true,
Default: true,
},

"storage_account_id": {
Type: schema.TypeString,
Optional: true,
Expand Down Expand Up @@ -288,6 +294,10 @@ func resourceContainerRegistryCreate(d *schema.ResourceData, meta interface{}) e
trustPolicyRaw := d.Get("trust_policy").([]interface{})
trustPolicy := expandTrustPolicy(trustPolicyRaw)

publicNetworkAccess := containerregistry.PublicNetworkAccessEnabled
if !d.Get("public_network_access_enabled").(bool) {
publicNetworkAccess = containerregistry.PublicNetworkAccessDisabled
}
parameters := containerregistry.Registry{
Location: &location,
Sku: &containerregistry.Sku{
Expand All @@ -301,6 +311,7 @@ func resourceContainerRegistryCreate(d *schema.ResourceData, meta interface{}) e
RetentionPolicy: retentionPolicy,
TrustPolicy: trustPolicy,
},
PublicNetworkAccess: publicNetworkAccess,
},

Tags: tags.Expand(t),
Expand Down Expand Up @@ -388,6 +399,12 @@ func resourceContainerRegistryUpdate(d *schema.ResourceData, meta interface{}) e

retentionPolicy := expandRetentionPolicy(d.Get("retention_policy").([]interface{}))
trustPolicy := expandTrustPolicy(d.Get("trust_policy").([]interface{}))

publicNetworkAccess := containerregistry.PublicNetworkAccessEnabled
if !d.Get("public_network_access_enabled").(bool) {
publicNetworkAccess = containerregistry.PublicNetworkAccessDisabled
}

parameters := containerregistry.RegistryUpdateParameters{
RegistryPropertiesUpdateParameters: &containerregistry.RegistryPropertiesUpdateParameters{
AdminUserEnabled: utils.Bool(adminUserEnabled),
Expand All @@ -396,6 +413,7 @@ func resourceContainerRegistryUpdate(d *schema.ResourceData, meta interface{}) e
RetentionPolicy: retentionPolicy,
TrustPolicy: trustPolicy,
},
PublicNetworkAccess: publicNetworkAccess,
},
Tags: tags.Expand(t),
}
Expand Down Expand Up @@ -577,6 +595,7 @@ func resourceContainerRegistryRead(d *schema.ResourceData, meta interface{}) err
}
d.Set("admin_enabled", resp.AdminUserEnabled)
d.Set("login_server", resp.LoginServer)
d.Set("public_network_access_enabled", resp.PublicNetworkAccess == containerregistry.PublicNetworkAccessEnabled)

networkRuleSet := flattenNetworkRuleSet(resp.NetworkRuleSet)
if err := d.Set("network_rule_set", networkRuleSet); err != nil {
Expand Down Expand Up @@ -729,15 +748,15 @@ func expandNetworkRuleSet(profiles []interface{}) *containerregistry.NetworkRule

func expandRetentionPolicy(p []interface{}) *containerregistry.RetentionPolicy {
retentionPolicy := containerregistry.RetentionPolicy{
Status: containerregistry.Disabled,
Status: containerregistry.PolicyStatusDisabled,
}

if len(p) > 0 {
v := p[0].(map[string]interface{})
days := int32(v["days"].(int))
enabled := v["enabled"].(bool)
if enabled {
retentionPolicy.Status = containerregistry.Enabled
retentionPolicy.Status = containerregistry.PolicyStatusEnabled
}
retentionPolicy.Days = utils.Int32(days)
}
Expand All @@ -747,14 +766,14 @@ func expandRetentionPolicy(p []interface{}) *containerregistry.RetentionPolicy {

func expandTrustPolicy(p []interface{}) *containerregistry.TrustPolicy {
trustPolicy := containerregistry.TrustPolicy{
Status: containerregistry.Disabled,
Status: containerregistry.PolicyStatusDisabled,
}

if len(p) > 0 {
v := p[0].(map[string]interface{})
enabled := v["enabled"].(bool)
if enabled {
trustPolicy.Status = containerregistry.Enabled
trustPolicy.Status = containerregistry.PolicyStatusEnabled
}
trustPolicy.Type = containerregistry.Notary
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -211,31 +211,28 @@ func TestAccContainerRegistry_geoReplication(t *testing.T) {
skuPremium := "Premium"
skuBasic := "Basic"

primaryLocation := location.Normalize(data.Locations.Primary)
secondaryLocation := location.Normalize(data.Locations.Secondary)
ternaryLocation := location.Normalize(data.Locations.Ternary)

data.ResourceTest(t, r, []resource.TestStep{
// first config creates an ACR with locations
{
Config: r.geoReplication(data, skuPremium, []string{primaryLocation, secondaryLocation}),
Config: r.geoReplication(data, skuPremium, []string{secondaryLocation}),
Check: resource.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
check.That(data.ResourceName).Key("sku").HasValue(skuPremium),
check.That(data.ResourceName).Key("georeplication_locations.#").HasValue("2"),
check.That(data.ResourceName).Key("georeplication_locations.0").HasValue(primaryLocation),
check.That(data.ResourceName).Key("georeplication_locations.1").HasValue(secondaryLocation),
check.That(data.ResourceName).Key("georeplication_locations.#").HasValue("1"),
check.That(data.ResourceName).Key("georeplication_locations.0").HasValue(secondaryLocation),
),
},
// second config updates the ACR with updated locations
{
Config: r.geoReplication(data, skuPremium, []string{ternaryLocation, primaryLocation}),
Config: r.geoReplication(data, skuPremium, []string{ternaryLocation}),
Check: resource.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
check.That(data.ResourceName).Key("sku").HasValue(skuPremium),
check.That(data.ResourceName).Key("georeplication_locations.#").HasValue("2"),
check.That(data.ResourceName).Key("georeplication_locations.#").HasValue("1"),
check.That(data.ResourceName).Key("georeplication_locations.0").HasValue(ternaryLocation),
check.That(data.ResourceName).Key("georeplication_locations.1").HasValue(primaryLocation),
),
},
// third config updates the ACR with no location
Expand All @@ -249,12 +246,11 @@ func TestAccContainerRegistry_geoReplication(t *testing.T) {
},
// fourth config updates an ACR with replicas
{
Config: r.geoReplication(data, skuPremium, []string{primaryLocation, secondaryLocation}),
Config: r.geoReplication(data, skuPremium, []string{secondaryLocation}),
Check: resource.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
check.That(data.ResourceName).Key("georeplication_locations.#").HasValue("2"),
check.That(data.ResourceName).Key("georeplication_locations.0").HasValue(primaryLocation),
check.That(data.ResourceName).Key("georeplication_locations.1").HasValue(secondaryLocation),
check.That(data.ResourceName).Key("georeplication_locations.#").HasValue("1"),
check.That(data.ResourceName).Key("georeplication_locations.0").HasValue(secondaryLocation),
),
},
// fifth config updates the SKU to basic and no replicas (should remove the existing replicas if any)
Expand All @@ -279,7 +275,7 @@ func TestAccContainerRegistry_networkAccessProfileIp(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
check.That(data.ResourceName).Key("network_rule_set.0.default_action").HasValue("Allow"),
check.That(data.ResourceName).Key("network_rule_set.0.ip_rule.#").HasValue("1"),
check.That(data.ResourceName).Key("network_rule_set.0.ip_rule.#").HasValue("2"),
),
},
data.ImportStep(),
Expand Down Expand Up @@ -498,11 +494,12 @@ resource "azurerm_container_registry" "test" {
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location
admin_enabled = true
sku = "Basic"
sku = "Premium"
tags = {
environment = "production"
}
public_network_access_enabled = false
}
`, data.RandomInteger, data.Locations.Primary, data.RandomInteger)
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import (
"regexp"
"time"

"github.com/Azure/azure-sdk-for-go/services/containerregistry/mgmt/2019-05-01/containerregistry"
"github.com/Azure/azure-sdk-for-go/services/preview/containerregistry/mgmt/2020-11-01-preview/containerregistry"
"github.com/hashicorp/go-azure-helpers/response"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@ import (
"fmt"
"time"

"github.com/Azure/azure-sdk-for-go/services/containerregistry/mgmt/2019-05-01/containerregistry"
"github.com/Azure/azure-sdk-for-go/services/machinelearningservices/mgmt/2020-04-01/machinelearningservices"
"github.com/Azure/azure-sdk-for-go/services/preview/containerregistry/mgmt/2020-11-01-preview/containerregistry"
"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2019-06-01/storage"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 02f59ac

Please sign in to comment.