Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Resource: 'azurerm_storage_account_customer_managed_key' to enable storage account encryption using key vault customer-managed keys #5668

Merged
merged 26 commits into from
Feb 24, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
d1cf0b7
Initial port to new code base
WodansSon Feb 10, 2020
6291f85
Merge branch 'master' into nr_storage_account_cmk
WodansSon Feb 10, 2020
8f9d064
Got it to compile
WodansSon Feb 11, 2020
10e222d
Mostly working
WodansSon Feb 11, 2020
b15d1b3
Progress
WodansSon Feb 12, 2020
99b6fe5
Make error msg more user friendly
WodansSon Feb 12, 2020
bb8ed68
Update error conditional
WodansSon Feb 12, 2020
1d4684a
Rename resource
WodansSon Feb 13, 2020
a86c893
Add SACMK doc to TOC
WodansSon Feb 13, 2020
cf39a6e
Fixed import issue
WodansSon Feb 13, 2020
5d7f77b
Updates
WodansSon Feb 14, 2020
3a45d8e
Updated doc
WodansSon Feb 14, 2020
1668aa3
Format doc hcl blocks
WodansSon Feb 14, 2020
f89146b
Merge branch 'master' into nr_storage_account_cmk
WodansSon Feb 19, 2020
b9da1f0
Merge branch 'master' of https://github.com/terraform-providers/terra…
WodansSon Feb 21, 2020
1736632
Updates to CMK
WodansSon Feb 22, 2020
3ce6b8c
r/key_vault_key: formatting
tombuildsstuff Feb 22, 2020
fb8e382
r/storage_account: locking on the correct key during update
tombuildsstuff Feb 23, 2020
8310245
r/storage_account_customer_managed_key: comments from code review
tombuildsstuff Feb 23, 2020
675364a
r/storage_account_customer_managed_key: adding validation
tombuildsstuff Feb 23, 2020
c80abda
r/key_vault_key: removing the unused `key_vault_access_policy_id` field
tombuildsstuff Feb 23, 2020
7edd1c9
r/storage_account_customer_managed_key: fixing the example
tombuildsstuff Feb 23, 2020
ab5b5b3
d/key_vault_key: removing a dead field
tombuildsstuff Feb 23, 2020
d7c87e2
d/storage_account: removing removed fields
tombuildsstuff Feb 23, 2020
fb837ad
linting
tombuildsstuff Feb 24, 2020
ef0105d
r/storage_account_customer_managed_key: adding args to the error
tombuildsstuff Feb 24, 2020
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 12 additions & 1 deletion azurerm/internal/acceptance/data.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ type TestData struct {
// Locations is a set of Azure Regions which should be used for this Test
Locations Regions

// RandomString is a random integer which is unique to this test case
// RandomInteger is a random integer which is unique to this test case
RandomInteger int

// RandomString is a random 5 character string is unique to this test case
Expand Down Expand Up @@ -90,6 +90,7 @@ func BuildTestData(t *testing.T, resourceType string, resourceLabel string) Test
return testData
}

// RandomIntOfLength is a random 8 to 18 digit integer which is unique to this test case
func (td *TestData) RandomIntOfLength(len int) int {
// len should not be
// - greater then 18, longest a int can represent
Expand All @@ -116,3 +117,13 @@ func (td *TestData) RandomIntOfLength(len int) int {

return i
}

// RandomStringOfLength is a random 1 to 1024 character string which is unique to this test case
func (td *TestData) RandomStringOfLength(len int) string {
// len should not be less then 1 or greater than 1024
if 1 > len || len > 1024 {
panic(fmt.Sprintf("Invalid Test: RandomStringOfLength: length argument must be between 1 and 1024 characters"))
}

return acctest.RandString(len)
}
2 changes: 2 additions & 0 deletions azurerm/internal/services/iothub/resource_arm_iothub.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ import (
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
)

// TODO: outside of this pr make this private

var IothubResourceName = "azurerm_iothub"

func suppressIfTypeIsNot(t string) schema.SchemaDiffSuppressFunc {
Expand Down
31 changes: 31 additions & 0 deletions azurerm/internal/services/keyvault/parse/key_vault_id.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
package parse

import (
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
)

type KeyVaultId struct {
Name string
ResourceGroup string
}

func KeyVaultID(input string) (*KeyVaultId, error) {
id, err := azure.ParseAzureResourceID(input)
if err != nil {
return nil, err
}

account := KeyVaultId{
ResourceGroup: id.ResourceGroup,
}

if account.Name, err = id.PopSegment("vaults"); err != nil {
return nil, err
}

if err := id.ValidateNoEmptySegments(input); err != nil {
return nil, err
}

return &account, nil
}
73 changes: 73 additions & 0 deletions azurerm/internal/services/keyvault/parse/key_vault_id_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
package parse

import (
"testing"
)

func TestKeyVaultID(t *testing.T) {
testData := []struct {
Name string
Input string
Expected *KeyVaultId
}{
{
Name: "Empty",
Input: "",
Expected: nil,
},
{
Name: "No Resource Groups Segment",
Input: "/subscriptions/00000000-0000-0000-0000-000000000000",
Expected: nil,
},
{
Name: "No Resource Groups Value",
Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/",
Expected: nil,
},
{
Name: "Resource Group ID",
Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/foo/",
Expected: nil,
},
{
Name: "Missing Vaults Value",
Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.KeyVault/vaults/",
Expected: nil,
},
{
Name: "Key Vault ID",
Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.KeyVault/vaults/vault1",
Expected: &KeyVaultId{
Name: "vault1",
ResourceGroup: "resGroup1",
},
},
{
Name: "Wrong Casing",
Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.KeyVault/Vaults/vault1",
Expected: nil,
},
}

for _, v := range testData {
t.Logf("[DEBUG] Testing %q", v.Name)

actual, err := KeyVaultID(v.Input)
if err != nil {
if v.Expected == nil {
continue
}

t.Fatalf("Expected a value but got an error: %s", err)
}

if actual.Name != v.Expected.Name {
t.Fatalf("Expected %q but got %q for Name", v.Expected.Name, actual.Name)
}

if actual.ResourceGroup != v.Expected.ResourceGroup {
t.Fatalf("Expected %q but got %q for Resource Group", v.Expected.ResourceGroup, actual.ResourceGroup)
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -339,6 +339,7 @@ func resourceArmKeyVaultKeyRead(d *schema.ResourceData, meta interface{}) error
}

d.Set("name", id.Name)

if key := resp.Key; key != nil {
d.Set("key_type", string(key.Kty))

Expand Down
22 changes: 22 additions & 0 deletions azurerm/internal/services/keyvault/validate/key_vault_id.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
package validate

import (
"fmt"

"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/parse"
)

func KeyVaultID(i interface{}, k string) (warnings []string, errors []error) {
v, ok := i.(string)
if !ok {
errors = append(errors, fmt.Errorf("expected type of %q to be string", k))
return
}

if _, err := parse.KeyVaultID(v); err != nil {
errors = append(errors, fmt.Errorf("Can not parse %q as a resource id: %v", k, err))
return
}

return warnings, errors
}
27 changes: 0 additions & 27 deletions azurerm/internal/services/storage/data_source_storage_account.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,11 +54,6 @@ func dataSourceArmStorageAccount() *schema.Resource {
Computed: true,
},

"account_encryption_source": {
Type: schema.TypeString,
Computed: true,
},

"custom_domain": {
Type: schema.TypeList,
Computed: true,
Expand All @@ -72,16 +67,6 @@ func dataSourceArmStorageAccount() *schema.Resource {
},
},

"enable_blob_encryption": {
Type: schema.TypeBool,
Computed: true,
},

"enable_file_encryption": {
Type: schema.TypeBool,
Computed: true,
},

"enable_https_traffic_only": {
Type: schema.TypeBool,
Computed: true,
Expand Down Expand Up @@ -329,18 +314,6 @@ func dataSourceArmStorageAccountRead(d *schema.ResourceData, meta interface{}) e
}
}

if encryption := props.Encryption; encryption != nil {
if services := encryption.Services; services != nil {
if blob := services.Blob; blob != nil {
d.Set("enable_blob_encryption", blob.Enabled)
}
if file := services.File; file != nil {
d.Set("enable_file_encryption", file.Enabled)
}
}
d.Set("account_encryption_source", string(encryption.KeySource))
}

// Computed
d.Set("primary_location", props.PrimaryLocation)
d.Set("secondary_location", props.SecondaryLocation)
Expand Down
23 changes: 12 additions & 11 deletions azurerm/internal/services/storage/registration.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,16 +32,17 @@ func (r Registration) SupportedDataSources() map[string]*schema.Resource {
// SupportedResources returns the supported Resources supported by this Service
func (r Registration) SupportedResources() map[string]*schema.Resource {
return map[string]*schema.Resource{
"azurerm_storage_account": resourceArmStorageAccount(),
"azurerm_storage_account_network_rules": resourceArmStorageAccountNetworkRules(),
"azurerm_storage_blob": resourceArmStorageBlob(),
"azurerm_storage_container": resourceArmStorageContainer(),
"azurerm_storage_data_lake_gen2_filesystem": resourceArmStorageDataLakeGen2FileSystem(),
"azurerm_storage_management_policy": resourceArmStorageManagementPolicy(),
"azurerm_storage_queue": resourceArmStorageQueue(),
"azurerm_storage_share": resourceArmStorageShare(),
"azurerm_storage_share_directory": resourceArmStorageShareDirectory(),
"azurerm_storage_table": resourceArmStorageTable(),
"azurerm_storage_table_entity": resourceArmStorageTableEntity(),
"azurerm_storage_account": resourceArmStorageAccount(),
"azurerm_storage_account_customer_managed_key": resourceArmStorageAccountCustomerManagedKey(),
"azurerm_storage_account_network_rules": resourceArmStorageAccountNetworkRules(),
"azurerm_storage_blob": resourceArmStorageBlob(),
"azurerm_storage_container": resourceArmStorageContainer(),
"azurerm_storage_data_lake_gen2_filesystem": resourceArmStorageDataLakeGen2FileSystem(),
"azurerm_storage_management_policy": resourceArmStorageManagementPolicy(),
"azurerm_storage_queue": resourceArmStorageQueue(),
"azurerm_storage_share": resourceArmStorageShare(),
"azurerm_storage_share_directory": resourceArmStorageShareDirectory(),
"azurerm_storage_table": resourceArmStorageTable(),
"azurerm_storage_table_entity": resourceArmStorageTableEntity(),
}
}
Loading