Merge pull request #384 from terraform-providers/data-source-builtin-…

…role-definitions New Data Source: `azurerm_builtin_role_definition`
hashicorp · Oct 3, 2017 · 82da283 · 82da283
2 parents 853797f + 1eacca5
commit 82da283
Show file tree

Hide file tree

Showing 7 changed files with 181 additions and 24 deletions.
diff --git a/azurerm/config.go b/azurerm/config.go
@@ -136,6 +136,7 @@ type ArmClient struct {
 
 	appInsightsClient appinsights.ComponentsClient
 
+	// Authentication
 	servicePrincipalsClient graphrbac.ServicePrincipalsClient
 
 	// Databases
@@ -624,12 +625,6 @@ func (c *Config) getArmClient() (*ArmClient, error) {
 	ai.Sender = sender
 	client.appInsightsClient = ai
 
-	spc := graphrbac.NewServicePrincipalsClientWithBaseURI(graphEndpoint, c.TenantID)
-	setUserAgent(&spc.Client)
-	spc.Authorizer = graphAuth
-	spc.Sender = sender
-	client.servicePrincipalsClient = spc
-
 	aadb := automation.NewAccountClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&aadb.Client)
 	aadb.Authorizer = auth
@@ -654,13 +649,21 @@ func (c *Config) getArmClient() (*ArmClient, error) {
 	aschc.Sender = sender
 	client.automationScheduleClient = aschc
 
-	client.registerKeyVaultClients(endpoint, c.SubscriptionID, auth, keyVaultAuth, sender)
-
+	client.registerAuthentication(graphEndpoint, c.TenantID, graphAuth, sender)
 	client.registerDatabases(endpoint, c.SubscriptionID, auth, sender)
+	client.registerKeyVaultClients(endpoint, c.SubscriptionID, auth, keyVaultAuth, sender)
 
 	return &client, nil
 }
 
+func (c *ArmClient) registerAuthentication(graphEndpoint, tenantId string, graphAuth autorest.Authorizer, sender autorest.Sender) {
+	spc := graphrbac.NewServicePrincipalsClientWithBaseURI(graphEndpoint, tenantId)
+	setUserAgent(&spc.Client)
+	spc.Authorizer = graphAuth
+	spc.Sender = sender
+	c.servicePrincipalsClient = spc
+}
+
 func (c *ArmClient) registerDatabases(endpoint, subscriptionId string, auth autorest.Authorizer, sender autorest.Sender) {
 	// MySQL
 	mysqlConfigClient := mysql.NewConfigurationsClientWithBaseURI(endpoint, subscriptionId)

diff --git a/azurerm/data_source_arm_builtin_role_definition.go b/azurerm/data_source_arm_builtin_role_definition.go
@@ -0,0 +1,42 @@
+package azurerm
+
+import (
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/helper/validation"
+)
+
+func dataSourceArmBuiltInRoleDefinition() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceArmBuiltInRoleDefinitionRead,
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+				ValidateFunc: validation.StringInSlice([]string{
+					"Contributor",
+					"Reader",
+					"Owner",
+					"VirtualMachineContributor",
+				}, false),
+			},
+		},
+	}
+}
+
+func dataSourceArmBuiltInRoleDefinitionRead(d *schema.ResourceData, meta interface{}) error {
+	name := d.Get("name").(string)
+	roleDefinitionIds := map[string]string{
+		"Contributor":               "b24988ac-6180-42a0-ab88-20f7382dd24c",
+		"Owner":                     "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
+		"Reader":                    "acdd72a7-3385-48ef-bd42-f606fba81ae7",
+		"VirtualMachineContributor": "d73bb868-a0df-4d4d-bd69-98a00b01fccb",
+	}
+	roleDefinitionId := roleDefinitionIds[name]
+
+	// TODO: when the API's fixed - pull out additional information from the API
+	// https://github.com/Azure/azure-rest-api-specs/issues/1785
+
+	d.SetId(roleDefinitionId)
+
+	return nil
+}
diff --git a/azurerm/data_source_arm_builtin_role_definition_test.go b/azurerm/data_source_arm_builtin_role_definition_test.go
@@ -0,0 +1,80 @@
+package azurerm
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccDataSourceAzureRMBuiltInRoleDefinition_contributor(t *testing.T) {
+	dataSourceName := "data.azurerm_builtin_role_definition.test"
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceBuiltInRoleDefinition("Contributor"),
+				Check: resource.ComposeTestCheckFunc(
+					testAzureRMClientConfigAttr(dataSourceName, "id", "b24988ac-6180-42a0-ab88-20f7382dd24c"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccDataSourceAzureRMBuiltInRoleDefinition_owner(t *testing.T) {
+	dataSourceName := "data.azurerm_builtin_role_definition.test"
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceBuiltInRoleDefinition("Owner"),
+				Check: resource.ComposeTestCheckFunc(
+					testAzureRMClientConfigAttr(dataSourceName, "id", "8e3af657-a8ff-443c-a75c-2fe8c4bcb635"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccDataSourceAzureRMBuiltInRoleDefinition_reader(t *testing.T) {
+	dataSourceName := "data.azurerm_builtin_role_definition.test"
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceBuiltInRoleDefinition("Reader"),
+				Check: resource.ComposeTestCheckFunc(
+					testAzureRMClientConfigAttr(dataSourceName, "id", "acdd72a7-3385-48ef-bd42-f606fba81ae7"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccDataSourceAzureRMBuiltInRoleDefinition_virtualMachineContributor(t *testing.T) {
+	dataSourceName := "data.azurerm_builtin_role_definition.test"
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceBuiltInRoleDefinition("VirtualMachineContributor"),
+				Check: resource.ComposeTestCheckFunc(
+					testAzureRMClientConfigAttr(dataSourceName, "id", "d73bb868-a0df-4d4d-bd69-98a00b01fccb"),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceBuiltInRoleDefinition(name string) string {
+	return fmt.Sprintf(`
+data "azurerm_builtin_role_definition" "test" {
+  name = "%s"
+}
+`, name)
+}
diff --git a/azurerm/data_source_arm_resource_group.go b/azurerm/data_source_arm_resource_group.go
@@ -17,20 +17,15 @@ func dataSourceArmResourceGroup() *schema.Resource {
 }
 
 func dataSourceArmResourceGroupRead(d *schema.ResourceData, meta interface{}) error {
-	armClient := meta.(*ArmClient)
-
-	resourceGroupName := d.Get("name").(string)
-	resourceId := &ResourceID{
-		SubscriptionID: armClient.subscriptionId,
-		ResourceGroup:  resourceGroupName,
-	}
-	resourceIdString, err := composeAzureResourceID(resourceId)
+	client := meta.(*ArmClient).resourceGroupClient
 
+	name := d.Get("name").(string)
+	resp, err := client.Get(name)
 	if err != nil {
 		return err
 	}
 
-	d.SetId(resourceIdString)
+	d.SetId(*resp.ID)
 
 	if err := resourceArmResourceGroupRead(d, meta); err != nil {
 		return err

diff --git a/azurerm/provider.go b/azurerm/provider.go
@@ -68,13 +68,14 @@ func Provider() terraform.ResourceProvider {
 		},
 
 		DataSourcesMap: map[string]*schema.Resource{
-			"azurerm_client_config":  dataSourceArmClientConfig(),
-			"azurerm_image":          dataSourceArmImage(),
-			"azurerm_managed_disk":   dataSourceArmManagedDisk(),
-			"azurerm_platform_image": dataSourceArmPlatformImage(),
-			"azurerm_public_ip":      dataSourceArmPublicIP(),
-			"azurerm_resource_group": dataSourceArmResourceGroup(),
-			"azurerm_subscription":   dataSourceArmSubscription(),
+			"azurerm_builtin_role_definition": dataSourceArmBuiltInRoleDefinition(),
+			"azurerm_client_config":           dataSourceArmClientConfig(),
+			"azurerm_image":                   dataSourceArmImage(),
+			"azurerm_managed_disk":            dataSourceArmManagedDisk(),
+			"azurerm_platform_image":          dataSourceArmPlatformImage(),
+			"azurerm_public_ip":               dataSourceArmPublicIP(),
+			"azurerm_resource_group":          dataSourceArmResourceGroup(),
+			"azurerm_subscription":            dataSourceArmSubscription(),
 		},
 
 		ResourcesMap: map[string]*schema.Resource{
@@ -395,6 +396,7 @@ func registerProviderWithSubscription(providerName string, client resources.Prov
 
 func determineAzureResourceProvidersToRegister(providerList []resources.Provider) map[string]struct{} {
 	providers := map[string]struct{}{
+		"Microsoft.Authorization":       {},
 		"Microsoft.Automation":          {},
 		"Microsoft.Cache":               {},
 		"Microsoft.Cdn":                 {},

diff --git a/website/azurerm.erb b/website/azurerm.erb
@@ -23,6 +23,9 @@
             <li<%= sidebar_current("docs-azurerm-datasource") %>>
               <a href="#">Data Sources</a>
               <ul class="nav nav-visible">
+                <li<%= sidebar_current("docs-azurerm-datasource-builtin_role_definition") %>>
+                    <a href="/docs/providers/azurerm/d/builtin_role_definition.html">azurerm_builtin_role_definition</a>
+                </li>
                 <li<%= sidebar_current("docs-azurerm-datasource-client-config") %>>
                     <a href="/docs/providers/azurerm/d/client_config.html">azurerm_client_config</a>
                 </li>

diff --git a/website/docs/d/builtin_role_definition.markdown b/website/docs/d/builtin_role_definition.markdown
@@ -0,0 +1,32 @@
+---
+layout: "azurerm"
+page_title: "Azure Resource Manager: azurerm_builtin_role_definition"
+sidebar_current: "docs-azurerm-datasource-builtin-role-definition"
+description: |-
+  Get information about a built-in Role Definition.
+---
+
+# azurerm_built_in_role_definition
+
+Use this data source to access the properties of a built-in Role Definition.
+
+## Example Usage
+
+```hcl
+data "azurerm_builtin_role_definition" "contributor" {
+  name = "Contributor"
+}
+
+output "contributor_role_definition_id" {
+  value = "${data.azurerm_built_in_role.contributor.id}"
+}
+```
+
+## Argument Reference
+
+* `name` - (Required) Specifies the name of the built-in Role Definition. Possible values are: `Contributor`, `Owner`, `Reader` and `VirtualMachineContributor`.
+
+
+## Attributes Reference
+
+* `id` - the ID of the built-in Role Definition.