azurerm_media_services_account - support for 'key_delivery_access_con…

…trol' (#11726)

Including the support for the property key_delivery_access_control in Azure Media Services Account. In order to support new field was required to update the API version to new version 2021-05-01, but I have already validated that the Acceptance test still works. This PR resolves #11704

azurerm/internal/services/media/client/client.go

@@ -1,7 +1,7 @@
 package client
 
 import (
-	"github.com/Azure/azure-sdk-for-go/services/mediaservices/mgmt/2020-05-01/media"
+	"github.com/Azure/azure-sdk-for-go/services/mediaservices/mgmt/2021-05-01/media"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/common"
 )
 

azurerm/internal/services/media/media_asset_filter_resource.go

@@ -6,7 +6,7 @@ import (
 	"regexp"
 	"time"
 
-	"github.com/Azure/azure-sdk-for-go/services/mediaservices/mgmt/2020-05-01/media"
+	"github.com/Azure/azure-sdk-for-go/services/mediaservices/mgmt/2021-05-01/media"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
@@ -137,8 +137,8 @@ func resourceMediaAssetFilter() *schema.Resource {
 										Type:     schema.TypeString,
 										Optional: true,
 										ValidateFunc: validation.StringInSlice([]string{
-											string(media.Equal),
-											string(media.NotEqual),
+											string(media.FilterTrackPropertyCompareOperationEqual),
+											string(media.FilterTrackPropertyCompareOperationNotEqual),
 										}, false),
 									},
 

azurerm/internal/services/media/media_asset_resource.go

@@ -6,7 +6,7 @@ import (
 	"regexp"
 	"time"
 
-	"github.com/Azure/azure-sdk-for-go/services/mediaservices/mgmt/2020-05-01/media"
+	"github.com/Azure/azure-sdk-for-go/services/mediaservices/mgmt/2021-05-01/media"
 	"github.com/hashicorp/go-azure-helpers/response"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"

azurerm/internal/services/media/media_content_key_policy_resource.go

@@ -12,7 +12,7 @@ import (
 	b64 "encoding/base64"
 	"encoding/hex"
 
-	"github.com/Azure/azure-sdk-for-go/services/mediaservices/mgmt/2020-05-01/media"
+	"github.com/Azure/azure-sdk-for-go/services/mediaservices/mgmt/2021-05-01/media"
 	"github.com/Azure/go-autorest/autorest/date"
 	"github.com/gofrs/uuid"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
@@ -292,10 +292,10 @@ func resourceMediaContentKeyPolicy() *schema.Resource {
 										Type:     schema.TypeString,
 										Optional: true,
 										ValidateFunc: validation.StringInSlice([]string{
-											string(media.DualExpiry),
-											string(media.PersistentLimited),
-											string(media.PersistentUnlimited),
-											string(media.Undefined),
+											string(media.ContentKeyPolicyFairPlayRentalAndLeaseKeyTypeDualExpiry),
+											string(media.ContentKeyPolicyFairPlayRentalAndLeaseKeyTypePersistentLimited),
+											string(media.ContentKeyPolicyFairPlayRentalAndLeaseKeyTypePersistentUnlimited),
+											string(media.ContentKeyPolicyFairPlayRentalAndLeaseKeyTypeUndefined),
 										}, false),
 									},
 									"rental_duration_seconds": {
@@ -611,11 +611,11 @@ func expandRestriction(option map[string]interface{}) (media.BasicContentKeyPoli
 	restrictionType := ""
 	if option["open_restriction_enabled"] != nil && option["open_restriction_enabled"].(bool) {
 		restrictionCount++
-		restrictionType = string(media.OdataTypeMicrosoftMediaContentKeyPolicyOpenRestriction)
+		restrictionType = string(media.OdataTypeBasicContentKeyPolicyRestrictionOdataTypeMicrosoftMediaContentKeyPolicyOpenRestriction)
 	}
 	if option["token_restriction"] != nil && len(option["token_restriction"].([]interface{})) > 0 && option["token_restriction"].([]interface{})[0] != nil {
 		restrictionCount++
-		restrictionType = string(media.OdataTypeMicrosoftMediaContentKeyPolicyTokenRestriction)
+		restrictionType = string(media.OdataTypeBasicContentKeyPolicyRestrictionOdataTypeMicrosoftMediaContentKeyPolicyTokenRestriction)
 	}
 
 	if restrictionCount == 0 {
@@ -627,16 +627,16 @@ func expandRestriction(option map[string]interface{}) (media.BasicContentKeyPoli
 	}
 
 	switch restrictionType {
-	case string(media.OdataTypeMicrosoftMediaContentKeyPolicyOpenRestriction):
+	case string(media.OdataTypeBasicContentKeyPolicyRestrictionOdataTypeMicrosoftMediaContentKeyPolicyOpenRestriction):
 		openRestriction := &media.ContentKeyPolicyOpenRestriction{
-			OdataType: media.OdataTypeMicrosoftMediaContentKeyPolicyOpenRestriction,
+			OdataType: media.OdataTypeBasicContentKeyPolicyRestrictionOdataTypeMicrosoftMediaContentKeyPolicyOpenRestriction,
 		}
 		return openRestriction, nil
-	case string(media.OdataTypeMicrosoftMediaContentKeyPolicyTokenRestriction):
+	case string(media.OdataTypeBasicContentKeyPolicyRestrictionOdataTypeMicrosoftMediaContentKeyPolicyTokenRestriction):
 		tokenRestrictions := option["token_restriction"].([]interface{})
 		tokenRestriction := tokenRestrictions[0].(map[string]interface{})
 		contentKeyPolicyTokenRestriction := &media.ContentKeyPolicyTokenRestriction{
-			OdataType: media.OdataTypeMicrosoftMediaContentKeyPolicyTokenRestriction,
+			OdataType: media.OdataTypeBasicContentKeyPolicyRestrictionOdataTypeMicrosoftMediaContentKeyPolicyTokenRestriction,
 		}
 		if tokenRestriction["audience"] != nil && tokenRestriction["audience"].(string) != "" {
 			contentKeyPolicyTokenRestriction.Audience = utils.String(tokenRestriction["audience"].(string))
@@ -749,20 +749,20 @@ func expandConfiguration(input map[string]interface{}) (media.BasicContentKeyPol
 	configurationType := ""
 	if input["clear_key_configuration_enabled"] != nil && input["clear_key_configuration_enabled"].(bool) {
 		configurationCount++
-		configurationType = string(media.OdataTypeMicrosoftMediaContentKeyPolicyClearKeyConfiguration)
+		configurationType = string(media.OdataTypeBasicContentKeyPolicyConfigurationOdataTypeMicrosoftMediaContentKeyPolicyClearKeyConfiguration)
 	}
 	if input["widevine_configuration_template"] != nil && input["widevine_configuration_template"].(string) != "" {
 		configurationCount++
-		configurationType = string(media.OdataTypeMicrosoftMediaContentKeyPolicyWidevineConfiguration)
+		configurationType = string(media.OdataTypeBasicContentKeyPolicyConfigurationOdataTypeMicrosoftMediaContentKeyPolicyWidevineConfiguration)
 	}
 	if input["fairplay_configuration"] != nil && len(input["fairplay_configuration"].([]interface{})) > 0 && input["fairplay_configuration"].([]interface{})[0] != nil {
 		configurationCount++
-		configurationType = string(media.OdataTypeMicrosoftMediaContentKeyPolicyFairPlayConfiguration)
+		configurationType = string(media.OdataTypeBasicContentKeyPolicyConfigurationOdataTypeMicrosoftMediaContentKeyPolicyFairPlayConfiguration)
 	}
 
 	if input["playready_configuration_license"] != nil && len(input["playready_configuration_license"].([]interface{})) > 0 {
 		configurationCount++
-		configurationType = string(media.OdataTypeMicrosoftMediaContentKeyPolicyPlayReadyConfiguration)
+		configurationType = string(media.OdataTypeBasicContentKeyPolicyConfigurationOdataTypeMicrosoftMediaContentKeyPolicyPlayReadyConfiguration)
 	}
 
 	if configurationCount == 0 {
@@ -774,26 +774,26 @@ func expandConfiguration(input map[string]interface{}) (media.BasicContentKeyPol
 	}
 
 	switch configurationType {
-	case string(media.OdataTypeMicrosoftMediaContentKeyPolicyClearKeyConfiguration):
+	case string(media.OdataTypeBasicContentKeyPolicyConfigurationOdataTypeMicrosoftMediaContentKeyPolicyClearKeyConfiguration):
 		clearKeyConfiguration := &media.ContentKeyPolicyClearKeyConfiguration{
-			OdataType: media.OdataTypeMicrosoftMediaContentKeyPolicyClearKeyConfiguration,
+			OdataType: media.OdataTypeBasicContentKeyPolicyConfigurationOdataTypeMicrosoftMediaContentKeyPolicyClearKeyConfiguration,
 		}
 		return clearKeyConfiguration, nil
-	case string(media.OdataTypeMicrosoftMediaContentKeyPolicyWidevineConfiguration):
+	case string(media.OdataTypeBasicContentKeyPolicyConfigurationOdataTypeMicrosoftMediaContentKeyPolicyWidevineConfiguration):
 		wideVineConfiguration := &media.ContentKeyPolicyWidevineConfiguration{
-			OdataType:        media.OdataTypeMicrosoftMediaContentKeyPolicyWidevineConfiguration,
+			OdataType:        media.OdataTypeBasicContentKeyPolicyConfigurationOdataTypeMicrosoftMediaContentKeyPolicyWidevineConfiguration,
 			WidevineTemplate: utils.String(input["widevine_configuration_template"].(string)),
 		}
 		return wideVineConfiguration, nil
-	case string(media.OdataTypeMicrosoftMediaContentKeyPolicyFairPlayConfiguration):
+	case string(media.OdataTypeBasicContentKeyPolicyConfigurationOdataTypeMicrosoftMediaContentKeyPolicyFairPlayConfiguration):
 		fairplayConfiguration, err := expandFairplayConfiguration(input["fairplay_configuration"].([]interface{}))
 		if err != nil {
 			return nil, err
 		}
 		return fairplayConfiguration, nil
-	case string(media.OdataTypeMicrosoftMediaContentKeyPolicyPlayReadyConfiguration):
+	case string(media.OdataTypeBasicContentKeyPolicyConfigurationOdataTypeMicrosoftMediaContentKeyPolicyPlayReadyConfiguration):
 		playReadyConfiguration := &media.ContentKeyPolicyPlayReadyConfiguration{
-			OdataType: media.OdataTypeMicrosoftMediaContentKeyPolicyPlayReadyConfiguration,
+			OdataType: media.OdataTypeBasicContentKeyPolicyConfigurationOdataTypeMicrosoftMediaContentKeyPolicyPlayReadyConfiguration,
 		}
 
 		if input["playready_configuration_license"] != nil {
@@ -815,36 +815,36 @@ func expandVerificationKey(input map[string]interface{}) (media.BasicContentKeyP
 	verificationKeyType := ""
 	if input["primary_symmetric_token_key"] != nil && input["primary_symmetric_token_key"].(string) != "" {
 		verificationKeyCount++
-		verificationKeyType = string(media.OdataTypeMicrosoftMediaContentKeyPolicySymmetricTokenKey)
+		verificationKeyType = string(media.OdataTypeBasicContentKeyPolicyRestrictionTokenKeyOdataTypeMicrosoftMediaContentKeyPolicySymmetricTokenKey)
 	}
 	if (input["primary_rsa_token_key_exponent"] != nil && input["primary_rsa_token_key_exponent"].(string) != "") || (input["primary_rsa_token_key_modulus"] != nil && input["primary_rsa_token_key_modulus"].(string) != "") {
 		verificationKeyCount++
-		verificationKeyType = string(media.OdataTypeMicrosoftMediaContentKeyPolicyRsaTokenKey)
+		verificationKeyType = string(media.OdataTypeBasicContentKeyPolicyRestrictionTokenKeyOdataTypeMicrosoftMediaContentKeyPolicyRsaTokenKey)
 	}
 
 	if input["primary_x509_token_key_raw"] != nil && input["primary_x509_token_key_raw"].(string) != "" {
 		verificationKeyCount++
-		verificationKeyType = string(media.OdataTypeMicrosoftMediaContentKeyPolicyX509CertificateTokenKey)
+		verificationKeyType = string(media.OdataTypeBasicContentKeyPolicyRestrictionTokenKeyOdataTypeMicrosoftMediaContentKeyPolicyX509CertificateTokenKey)
 	}
 
 	if verificationKeyCount > 1 {
 		return nil, fmt.Errorf("more than one type of token key in the same token_restriction is not allowed.")
 	}
 
 	switch verificationKeyType {
-	case string(media.OdataTypeMicrosoftMediaContentKeyPolicySymmetricTokenKey):
+	case string(media.OdataTypeBasicContentKeyPolicyRestrictionTokenKeyOdataTypeMicrosoftMediaContentKeyPolicySymmetricTokenKey):
 		symmetricTokenKey := &media.ContentKeyPolicySymmetricTokenKey{
-			OdataType: media.OdataTypeMicrosoftMediaContentKeyPolicySymmetricTokenKey,
+			OdataType: media.OdataTypeBasicContentKeyPolicyRestrictionTokenKeyOdataTypeMicrosoftMediaContentKeyPolicySymmetricTokenKey,
 		}
 
 		if input["primary_symmetric_token_key"] != nil && input["primary_symmetric_token_key"].(string) != "" {
 			keyValue, _ := b64.StdEncoding.DecodeString(input["primary_symmetric_token_key"].(string))
 			symmetricTokenKey.KeyValue = &keyValue
 		}
 		return symmetricTokenKey, nil
-	case string(media.OdataTypeMicrosoftMediaContentKeyPolicyRsaTokenKey):
+	case string(media.OdataTypeBasicContentKeyPolicyRestrictionTokenKeyOdataTypeMicrosoftMediaContentKeyPolicyRsaTokenKey):
 		rsaTokenKey := &media.ContentKeyPolicyRsaTokenKey{
-			OdataType: media.OdataTypeMicrosoftMediaContentKeyPolicyRsaTokenKey,
+			OdataType: media.OdataTypeBasicContentKeyPolicyRestrictionTokenKeyOdataTypeMicrosoftMediaContentKeyPolicyRsaTokenKey,
 		}
 		if input["primary_rsa_token_key_exponent"] != nil && input["primary_rsa_token_key_exponent"].(string) != "" {
 			exponent := []byte(input["primary_rsa_token_key_exponent"].(string))
@@ -855,9 +855,9 @@ func expandVerificationKey(input map[string]interface{}) (media.BasicContentKeyP
 			rsaTokenKey.Modulus = &modulus
 		}
 		return rsaTokenKey, nil
-	case string(media.OdataTypeMicrosoftMediaContentKeyPolicyX509CertificateTokenKey):
+	case string(media.OdataTypeBasicContentKeyPolicyRestrictionTokenKeyOdataTypeMicrosoftMediaContentKeyPolicyX509CertificateTokenKey):
 		x509CertificateTokenKey := &media.ContentKeyPolicyX509CertificateTokenKey{
-			OdataType: media.OdataTypeMicrosoftMediaContentKeyPolicyX509CertificateTokenKey,
+			OdataType: media.OdataTypeBasicContentKeyPolicyRestrictionTokenKeyOdataTypeMicrosoftMediaContentKeyPolicyX509CertificateTokenKey,
 		}
 
 		if input["primary_x509_token_key_raw"] != nil && input["primary_x509_token_key_raw"].(string) != "" {
@@ -963,7 +963,7 @@ func flattenRentalConfiguration(input *media.ContentKeyPolicyFairPlayOfflineRent
 
 func expandFairplayConfiguration(input []interface{}) (*media.ContentKeyPolicyFairPlayConfiguration, error) {
 	fairplayConfiguration := &media.ContentKeyPolicyFairPlayConfiguration{
-		OdataType: media.OdataTypeMicrosoftMediaContentKeyPolicyWidevineConfiguration,
+		OdataType: media.OdataTypeBasicContentKeyPolicyConfigurationOdataTypeMicrosoftMediaContentKeyPolicyFairPlayConfiguration,
 	}
 
 	fairplay := input[0].(map[string]interface{})

azurerm/internal/services/media/media_job_resource.go

@@ -6,7 +6,7 @@ import (
 	"regexp"
 	"time"
 
-	"github.com/Azure/azure-sdk-for-go/services/mediaservices/mgmt/2020-05-01/media"
+	"github.com/Azure/azure-sdk-for-go/services/mediaservices/mgmt/2021-05-01/media"
 	"github.com/hashicorp/go-azure-helpers/response"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"

azurerm/internal/services/media/media_live_output_resource.go

@@ -6,7 +6,7 @@ import (
 	"regexp"
 	"time"
 
-	"github.com/Azure/azure-sdk-for-go/services/mediaservices/mgmt/2020-05-01/media"
+	"github.com/Azure/azure-sdk-for-go/services/mediaservices/mgmt/2021-05-01/media"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"

azurerm/internal/services/media/media_services_account_resource.go

@@ -6,7 +6,7 @@ import (
 	"regexp"
 	"time"
 
-	"github.com/Azure/azure-sdk-for-go/services/mediaservices/mgmt/2020-05-01/media"
+	"github.com/Azure/azure-sdk-for-go/services/mediaservices/mgmt/2021-05-01/media"
 	"github.com/hashicorp/go-azure-helpers/response"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
@@ -115,6 +115,34 @@ func resourceMediaServicesAccount() *schema.Resource {
 				}, true),
 			},
 
+			"key_delivery_access_control": {
+				Type:     schema.TypeList,
+				Optional: true,
+				Computed: true,
+				MaxItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"default_action": {
+							Type:     schema.TypeString,
+							Optional: true,
+							ValidateFunc: validation.StringInSlice([]string{
+								string(media.DefaultActionDeny),
+								string(media.DefaultActionAllow),
+							}, true),
+						},
+
+						"ip_allow_list": {
+							Type:     schema.TypeSet,
+							Optional: true,
+							Elem: &schema.Schema{
+								Type:         schema.TypeString,
+								ValidateFunc: validation.StringIsNotEmpty,
+							},
+						},
+					},
+				},
+			},
+
 			"tags": tags.Schema(),
 		},
 	}
@@ -164,6 +192,10 @@ func resourceMediaServicesAccountCreateUpdate(d *schema.ResourceData, meta inter
 		parameters.StorageAuthentication = media.StorageAuthentication(v.(string))
 	}
 
+	if keyDelivery, ok := d.GetOk("key_delivery_access_control"); ok {
+		parameters.KeyDelivery = expandKeyDelivery(keyDelivery.([]interface{}))
+	}
+
 	if _, err := client.CreateOrUpdate(ctx, resourceId.ResourceGroup, resourceId.Name, parameters); err != nil {
 		return fmt.Errorf("creating %s: %+v", resourceId, err)
 	}
@@ -212,6 +244,10 @@ func resourceMediaServicesAccountRead(d *schema.ResourceData, meta interface{})
 		return fmt.Errorf("flattening `identity`: %s", err)
 	}
 
+	if err := d.Set("key_delivery_access_control", flattenKeyDelivery(resp.KeyDelivery)); err != nil {
+		return fmt.Errorf("flattening `key_delivery_access_control`: %s", err)
+	}
+
 	return tags.FlattenAndSet(d, resp.Tags)
 }
 
@@ -245,13 +281,13 @@ func expandMediaServicesAccountStorageAccounts(input []interface{}) (*[]media.St
 
 		id := accountMap["id"].(string)
 
-		storageType := media.Secondary
+		storageType := media.StorageAccountTypeSecondary
 		if accountMap["is_primary"].(bool) {
 			if foundPrimary {
 				return nil, fmt.Errorf("Only one Storage Account can be set as Primary")
 			}
 
-			storageType = media.Primary
+			storageType = media.StorageAccountTypePrimary
 			foundPrimary = true
 		}
 
@@ -279,7 +315,7 @@ func flattenMediaServicesAccountStorageAccounts(input *[]media.StorageAccount) [
 			output["id"] = *storageAccount.ID
 		}
 
-		output["is_primary"] = storageAccount.Type == media.Primary
+		output["is_primary"] = storageAccount.Type == media.StorageAccountTypePrimary
 
 		results = append(results, output)
 	}
@@ -315,3 +351,38 @@ func flattenAzureRmMediaServicedentity(identity *media.ServiceIdentity) []interf
 
 	return []interface{}{result}
 }
+
+func expandKeyDelivery(input []interface{}) *media.KeyDelivery {
+	if len(input) == 0 {
+		return nil
+	}
+
+	keyDelivery := input[0].(map[string]interface{})
+	defaultAction := keyDelivery["default_action"].(string)
+
+	var ipAllowList *[]string
+	if v := keyDelivery["ip_allow_list"]; v != nil {
+		ips := keyDelivery["ip_allow_list"].(*schema.Set).List()
+		ipAllowList = utils.ExpandStringSlice(ips)
+	}
+
+	return &media.KeyDelivery{
+		AccessControl: &media.AccessControl{
+			DefaultAction: media.DefaultAction(defaultAction),
+			IPAllowList:   ipAllowList,
+		},
+	}
+}
+
+func flattenKeyDelivery(input *media.KeyDelivery) []interface{} {
+	if input == nil && input.AccessControl != nil {
+		return make([]interface{}, 0)
+	}
+
+	return []interface{}{
+		map[string]interface{}{
+			"default_action": string(input.AccessControl.DefaultAction),
+			"ip_allow_list":  utils.FlattenStringSlice(input.AccessControl.IPAllowList),
+		},
+	}
+}