diff --git a/.github/labeler-issue-triage.yml b/.github/labeler-issue-triage.yml index eb00ea6de95a..0b972dc872c7 100644 --- a/.github/labeler-issue-triage.yml +++ b/.github/labeler-issue-triage.yml @@ -175,7 +175,7 @@ service/iot-time-series: - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_iot_time_series_insights_((.|\n)*)###' service/key-vault: - - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_key_vault((.|\n)*)###' + - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_(key_vault\W+|key_vault_access_policy\W+|key_vault_certificate\W+|key_vault_certificate_contacts\W+|key_vault_certificate_data\W+|key_vault_certificate_issuer\W+|key_vault_certificates\W+|key_vault_encrypted_value\W+|key_vault_key\W+|key_vault_managed_storage_account\W+|key_vault_managed_storage_account_sas_token_definition\W+|key_vault_secret\W+|key_vault_secrets\W+)((.|\n)*)###' service/kusto: - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_kusto_((.|\n)*)###' @@ -210,6 +210,9 @@ service/maintenance: service/managed-apps: - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_managed_application((.|\n)*)###' +service/managed-hsm: + - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_key_vault_managed_hardware_security_module((.|\n)*)###' + service/management-groups: - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_(management_group\W+|management_group_subscription_association\W+)((.|\n)*)###' diff --git a/.github/labeler-pull-request-triage.yml b/.github/labeler-pull-request-triage.yml index 62a6d3345e8a..9d7538b8c6a7 100644 --- a/.github/labeler-pull-request-triage.yml +++ b/.github/labeler-pull-request-triage.yml @@ -354,6 +354,11 @@ service/managed-apps: - any-glob-to-any-file: - internal/services/managedapplications/**/* +service/managed-hsm: +- changed-files: + - any-glob-to-any-file: + - internal/services/managedhsm/**/* + service/management-groups: - changed-files: - any-glob-to-any-file: diff --git a/.teamcity/components/generated/services.kt b/.teamcity/components/generated/services.kt index 364674ddf75e..4a67bbc75ebb 100644 --- a/.teamcity/components/generated/services.kt +++ b/.teamcity/components/generated/services.kt @@ -76,6 +76,7 @@ var services = mapOf( "machinelearning" to "Machine Learning", "maintenance" to "Maintenance", "managedapplications" to "Managed Applications", + "managedhsm" to "Managed HSM", "managedidentity" to "ManagedIdentity", "managementgroup" to "Management Group", "maps" to "Maps", diff --git a/internal/clients/client.go b/internal/clients/client.go index 2dfc0e9b20fb..7e726003556f 100644 --- a/internal/clients/client.go +++ b/internal/clients/client.go @@ -93,6 +93,7 @@ import ( machinelearning "github.com/hashicorp/terraform-provider-azurerm/internal/services/machinelearning/client" maintenance "github.com/hashicorp/terraform-provider-azurerm/internal/services/maintenance/client" managedapplication "github.com/hashicorp/terraform-provider-azurerm/internal/services/managedapplications/client" + managedhsm "github.com/hashicorp/terraform-provider-azurerm/internal/services/managedhsm/client" managementgroup "github.com/hashicorp/terraform-provider-azurerm/internal/services/managementgroup/client" maps "github.com/hashicorp/terraform-provider-azurerm/internal/services/maps/client" mariadb "github.com/hashicorp/terraform-provider-azurerm/internal/services/mariadb/client" @@ -228,6 +229,7 @@ type Client struct { Maintenance *maintenance.Client ManagedApplication *managedapplication.Client ManagementGroups *managementgroup.Client + ManagedHSMs *managedhsm.Client Maps *maps.Client MariaDB *mariadb.Client Media *media.Client @@ -492,6 +494,7 @@ func (client *Client) Build(ctx context.Context, o *common.ClientOptions) error return fmt.Errorf("building clients for Managed Applications: %+v", err) } client.ManagementGroups = managementgroup.NewClient(o) + client.ManagedHSMs = managedhsm.NewClient(o) if client.Maps, err = maps.NewClient(o); err != nil { return fmt.Errorf("building clients for Maps: %+v", err) } diff --git a/internal/provider/services.go b/internal/provider/services.go index 2150d8c510cb..37a836b9dea6 100644 --- a/internal/provider/services.go +++ b/internal/provider/services.go @@ -76,6 +76,7 @@ import ( "github.com/hashicorp/terraform-provider-azurerm/internal/services/machinelearning" "github.com/hashicorp/terraform-provider-azurerm/internal/services/maintenance" "github.com/hashicorp/terraform-provider-azurerm/internal/services/managedapplications" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/managedhsm" "github.com/hashicorp/terraform-provider-azurerm/internal/services/managedidentity" "github.com/hashicorp/terraform-provider-azurerm/internal/services/managementgroup" "github.com/hashicorp/terraform-provider-azurerm/internal/services/maps" @@ -177,8 +178,9 @@ func SupportedTypedServices() []sdk.TypedServiceRegistration { labservice.Registration{}, loadbalancer.Registration{}, loganalytics.Registration{}, - media.Registration{}, machinelearning.Registration{}, + managedhsm.Registration{}, + media.Registration{}, monitor.Registration{}, mobilenetwork.Registration{}, mssql.Registration{}, @@ -279,6 +281,7 @@ func SupportedUntypedServices() []sdk.UntypedServiceRegistration { managedapplications.Registration{}, lighthouse.Registration{}, managementgroup.Registration{}, + managedhsm.Registration{}, maps.Registration{}, mariadb.Registration{}, media.Registration{}, diff --git a/internal/services/keyvault/client/client.go b/internal/services/keyvault/client/client.go index b693c570acb7..d86683d36a21 100644 --- a/internal/services/keyvault/client/client.go +++ b/internal/services/keyvault/client/client.go @@ -4,48 +4,33 @@ package client import ( - "github.com/hashicorp/go-azure-sdk/resource-manager/keyvault/2023-02-01/managedhsms" "github.com/hashicorp/go-azure-sdk/resource-manager/keyvault/2023-02-01/vaults" "github.com/hashicorp/terraform-provider-azurerm/internal/common" dataplane "github.com/tombuildsstuff/kermit/sdk/keyvault/7.4/keyvault" ) type Client struct { - ManagedHsmClient *managedhsms.ManagedHsmsClient - ManagementClient *dataplane.BaseClient - VaultsClient *vaults.VaultsClient + // NOTE: Key Vault and Managed HSMs are /intentionally/ split into two different service packages + // whilst the service shares a similar interface - the behaviours and functionalities of the service + // including the casing that is required to be used for the constants - differs between the two + // services. + // + // As such this separation on our side is intentional to avoid code reuse given these differences. + + VaultsClient *vaults.VaultsClient - MHSMSDClient *dataplane.HSMSecurityDomainClient - MHSMRoleClient *dataplane.RoleDefinitionsClient - MHSMRoleAssignmentsClient *dataplane.RoleAssignmentsClient + ManagementClient *dataplane.BaseClient } func NewClient(o *common.ClientOptions) *Client { - managedHsmClient := managedhsms.NewManagedHsmsClientWithBaseURI(o.ResourceManagerEndpoint) - o.ConfigureClient(&managedHsmClient.Client, o.ResourceManagerAuthorizer) - managementClient := dataplane.New() o.ConfigureClient(&managementClient.Client, o.KeyVaultAuthorizer) vaultsClient := vaults.NewVaultsClientWithBaseURI(o.ResourceManagerEndpoint) - - sdClient := dataplane.NewHSMSecurityDomainClient() - o.ConfigureClient(&sdClient.Client, o.ManagedHSMAuthorizer) - - mhsmRoleDefineClient := dataplane.NewRoleDefinitionsClient() - o.ConfigureClient(&mhsmRoleDefineClient.Client, o.ManagedHSMAuthorizer) - o.ConfigureClient(&vaultsClient.Client, o.ResourceManagerAuthorizer) - mhsmRoleAssignClient := dataplane.NewRoleAssignmentsClient() - o.ConfigureClient(&mhsmRoleAssignClient.Client, o.ManagedHSMAuthorizer) - return &Client{ - ManagedHsmClient: &managedHsmClient, - ManagementClient: &managementClient, - VaultsClient: &vaultsClient, - MHSMSDClient: &sdClient, - MHSMRoleClient: &mhsmRoleDefineClient, - MHSMRoleAssignmentsClient: &mhsmRoleAssignClient, + ManagementClient: &managementClient, + VaultsClient: &vaultsClient, } } diff --git a/internal/services/keyvault/registration.go b/internal/services/keyvault/registration.go index 39759bbcac69..9b35fbb26cab 100644 --- a/internal/services/keyvault/registration.go +++ b/internal/services/keyvault/registration.go @@ -34,16 +34,15 @@ func (r Registration) WebsiteCategories() []string { // SupportedDataSources returns the supported Data Sources supported by this Service func (r Registration) SupportedDataSources() map[string]*pluginsdk.Resource { return map[string]*pluginsdk.Resource{ - "azurerm_key_vault_access_policy": dataSourceKeyVaultAccessPolicy(), - "azurerm_key_vault_certificate": dataSourceKeyVaultCertificate(), - "azurerm_key_vault_certificate_data": dataSourceKeyVaultCertificateData(), - "azurerm_key_vault_certificate_issuer": dataSourceKeyVaultCertificateIssuer(), - "azurerm_key_vault_key": dataSourceKeyVaultKey(), - "azurerm_key_vault_managed_hardware_security_module": dataSourceKeyVaultManagedHardwareSecurityModule(), - "azurerm_key_vault_secret": dataSourceKeyVaultSecret(), - "azurerm_key_vault_secrets": dataSourceKeyVaultSecrets(), - "azurerm_key_vault": dataSourceKeyVault(), - "azurerm_key_vault_certificates": dataSourceKeyVaultCertificates(), + "azurerm_key_vault_access_policy": dataSourceKeyVaultAccessPolicy(), + "azurerm_key_vault_certificate": dataSourceKeyVaultCertificate(), + "azurerm_key_vault_certificate_data": dataSourceKeyVaultCertificateData(), + "azurerm_key_vault_certificate_issuer": dataSourceKeyVaultCertificateIssuer(), + "azurerm_key_vault_key": dataSourceKeyVaultKey(), + "azurerm_key_vault_secret": dataSourceKeyVaultSecret(), + "azurerm_key_vault_secrets": dataSourceKeyVaultSecrets(), + "azurerm_key_vault": dataSourceKeyVault(), + "azurerm_key_vault_certificates": dataSourceKeyVaultCertificates(), } } @@ -54,7 +53,6 @@ func (r Registration) SupportedResources() map[string]*pluginsdk.Resource { "azurerm_key_vault_certificate": resourceKeyVaultCertificate(), "azurerm_key_vault_certificate_issuer": resourceKeyVaultCertificateIssuer(), "azurerm_key_vault_key": resourceKeyVaultKey(), - "azurerm_key_vault_managed_hardware_security_module": resourceKeyVaultManagedHardwareSecurityModule(), "azurerm_key_vault_secret": resourceKeyVaultSecret(), "azurerm_key_vault": resourceKeyVault(), "azurerm_key_vault_managed_storage_account": resourceKeyVaultManagedStorageAccount(), @@ -65,14 +63,11 @@ func (r Registration) SupportedResources() map[string]*pluginsdk.Resource { func (r Registration) DataSources() []sdk.DataSource { return []sdk.DataSource{ EncryptedValueDataSource{}, - KeyvaultMHSMRoleDefinitionDataSource{}, } } func (r Registration) Resources() []sdk.Resource { return []sdk.Resource{ KeyVaultCertificateContactsResource{}, - KeyVaultMHSMRoleDefinitionResource{}, - KeyVaultManagedHSMRoleAssignmentResource{}, } } diff --git a/internal/services/managedhsm/client/client.go b/internal/services/managedhsm/client/client.go new file mode 100644 index 000000000000..2ee03bdc09cc --- /dev/null +++ b/internal/services/managedhsm/client/client.go @@ -0,0 +1,56 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package client + +import ( + "github.com/hashicorp/go-azure-sdk/resource-manager/keyvault/2023-02-01/managedhsms" + "github.com/hashicorp/terraform-provider-azurerm/internal/common" + dataplane "github.com/tombuildsstuff/kermit/sdk/keyvault/7.4/keyvault" +) + +type Client struct { + // NOTE: Key Vault and Managed HSMs are /intentionally/ split into two different service packages + // whilst the service shares a similar interface - the behaviours and functionalities of the service + // including the casing that is required to be used for the constants - differs between the two + // services. + // + // As such this separation on our side is intentional to avoid code reuse given these differences. + + // Resource Manager + ManagedHsmClient *managedhsms.ManagedHsmsClient + + // Data Plane + DataPlaneClient *dataplane.BaseClient + DataPlaneRoleAssignmentsClient *dataplane.RoleAssignmentsClient + DataPlaneRoleDefinitionsClient *dataplane.RoleDefinitionsClient + DataPlaneSecurityDomainsClient *dataplane.HSMSecurityDomainClient +} + +func NewClient(o *common.ClientOptions) *Client { + managedHsmClient := managedhsms.NewManagedHsmsClientWithBaseURI(o.ResourceManagerEndpoint) + o.ConfigureClient(&managedHsmClient.Client, o.ResourceManagerAuthorizer) + + managementClient := dataplane.New() + o.ConfigureClient(&managementClient.Client, o.KeyVaultAuthorizer) + + securityDomainClient := dataplane.NewHSMSecurityDomainClient() + o.ConfigureClient(&securityDomainClient.Client, o.ManagedHSMAuthorizer) + + roleDefinitionsClient := dataplane.NewRoleDefinitionsClient() + o.ConfigureClient(&roleDefinitionsClient.Client, o.ManagedHSMAuthorizer) + + roleAssignmentsClient := dataplane.NewRoleAssignmentsClient() + o.ConfigureClient(&roleAssignmentsClient.Client, o.ManagedHSMAuthorizer) + + return &Client{ + // Resource Manger + ManagedHsmClient: &managedHsmClient, + + // Data Plane + DataPlaneClient: &managementClient, + DataPlaneSecurityDomainsClient: &securityDomainClient, + DataPlaneRoleDefinitionsClient: &roleDefinitionsClient, + DataPlaneRoleAssignmentsClient: &roleAssignmentsClient, + } +} diff --git a/internal/services/keyvault/custompollers/hsm_download_poller.go b/internal/services/managedhsm/custompollers/hsm_download_poller.go similarity index 76% rename from internal/services/keyvault/custompollers/hsm_download_poller.go rename to internal/services/managedhsm/custompollers/hsm_download_poller.go index 0ee00632be89..43df88071061 100644 --- a/internal/services/keyvault/custompollers/hsm_download_poller.go +++ b/internal/services/managedhsm/custompollers/hsm_download_poller.go @@ -9,12 +9,12 @@ import ( "time" "github.com/hashicorp/go-azure-sdk/sdk/client/pollers" - kv74 "github.com/tombuildsstuff/kermit/sdk/keyvault/7.4/keyvault" + dataplane "github.com/tombuildsstuff/kermit/sdk/keyvault/7.4/keyvault" ) var _ pollers.PollerType = &hsmDownloadPoller{} -func NewHSMDownloadPoller(client *kv74.HSMSecurityDomainClient, baseUrl string) *hsmDownloadPoller { +func NewHSMDownloadPoller(client *dataplane.HSMSecurityDomainClient, baseUrl string) pollers.PollerType { return &hsmDownloadPoller{ client: client, baseUrl: baseUrl, @@ -22,7 +22,7 @@ func NewHSMDownloadPoller(client *kv74.HSMSecurityDomainClient, baseUrl string) } type hsmDownloadPoller struct { - client *kv74.HSMSecurityDomainClient + client *dataplane.HSMSecurityDomainClient baseUrl string } @@ -32,7 +32,7 @@ func (p *hsmDownloadPoller) Poll(ctx context.Context) (*pollers.PollResult, erro return nil, fmt.Errorf("waiting for Security Domain to download failed within %s: %+v", p.baseUrl, err) } - if res.Status == kv74.OperationStatusSuccess { + if res.Status == dataplane.OperationStatusSuccess { return &pollers.PollResult{ Status: pollers.PollingStatusSucceeded, PollInterval: 10 * time.Second, diff --git a/internal/services/keyvault/custompollers/hsm_purge_poller.go b/internal/services/managedhsm/custompollers/hsm_purge_poller.go similarity index 96% rename from internal/services/keyvault/custompollers/hsm_purge_poller.go rename to internal/services/managedhsm/custompollers/hsm_purge_poller.go index c5d5e7b48851..e8e9918dcb76 100644 --- a/internal/services/keyvault/custompollers/hsm_purge_poller.go +++ b/internal/services/managedhsm/custompollers/hsm_purge_poller.go @@ -15,7 +15,7 @@ import ( var _ pollers.PollerType = &hsmDownloadPoller{} -func NewHSMPurgePoller(client *managedhsms.ManagedHsmsClient, id managedhsms.DeletedManagedHSMId) *hsmPurgePoller { +func NewHSMPurgePoller(client *managedhsms.ManagedHsmsClient, id managedhsms.DeletedManagedHSMId) pollers.PollerType { return &hsmPurgePoller{ client: client, purgeId: id, diff --git a/internal/services/keyvault/key_vault_managed_hardware_security_module_data_source.go b/internal/services/managedhsm/key_vault_managed_hardware_security_module_data_source.go similarity index 96% rename from internal/services/keyvault/key_vault_managed_hardware_security_module_data_source.go rename to internal/services/managedhsm/key_vault_managed_hardware_security_module_data_source.go index 073f5c09c5f3..18bcbc9da52b 100644 --- a/internal/services/keyvault/key_vault_managed_hardware_security_module_data_source.go +++ b/internal/services/managedhsm/key_vault_managed_hardware_security_module_data_source.go @@ -1,7 +1,7 @@ // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: MPL-2.0 -package keyvault +package managedhsm import ( "fmt" @@ -13,7 +13,7 @@ import ( "github.com/hashicorp/go-azure-helpers/resourcemanager/tags" "github.com/hashicorp/go-azure-sdk/resource-manager/keyvault/2023-02-01/managedhsms" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" - "github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/validate" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/managedhsm/validate" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" "github.com/hashicorp/terraform-provider-azurerm/internal/timeouts" "github.com/hashicorp/terraform-provider-azurerm/utils" @@ -77,7 +77,7 @@ func dataSourceKeyVaultManagedHardwareSecurityModule() *pluginsdk.Resource { } func dataSourceKeyVaultManagedHardwareSecurityModuleRead(d *pluginsdk.ResourceData, meta interface{}) error { - client := meta.(*clients.Client).KeyVault.ManagedHsmClient + client := meta.(*clients.Client).ManagedHSMs.ManagedHsmClient subscriptionId := meta.(*clients.Client).Account.SubscriptionId ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() diff --git a/internal/services/keyvault/key_vault_managed_hardware_security_module_data_source_test.go b/internal/services/managedhsm/key_vault_managed_hardware_security_module_data_source_test.go similarity index 98% rename from internal/services/keyvault/key_vault_managed_hardware_security_module_data_source_test.go rename to internal/services/managedhsm/key_vault_managed_hardware_security_module_data_source_test.go index 787f3717ddfd..01d932f7d1ee 100644 --- a/internal/services/keyvault/key_vault_managed_hardware_security_module_data_source_test.go +++ b/internal/services/managedhsm/key_vault_managed_hardware_security_module_data_source_test.go @@ -1,7 +1,7 @@ // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: MPL-2.0 -package keyvault_test +package managedhsm_test import ( "fmt" diff --git a/internal/services/keyvault/key_vault_managed_hardware_security_module_resource.go b/internal/services/managedhsm/key_vault_managed_hardware_security_module_resource.go similarity index 94% rename from internal/services/keyvault/key_vault_managed_hardware_security_module_resource.go rename to internal/services/managedhsm/key_vault_managed_hardware_security_module_resource.go index 8301abda03dd..1457e69033e8 100644 --- a/internal/services/keyvault/key_vault_managed_hardware_security_module_resource.go +++ b/internal/services/managedhsm/key_vault_managed_hardware_security_module_resource.go @@ -1,7 +1,7 @@ // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: MPL-2.0 -package keyvault +package managedhsm import ( "context" @@ -23,10 +23,11 @@ import ( "github.com/hashicorp/terraform-provider-azurerm/helpers/azure" "github.com/hashicorp/terraform-provider-azurerm/helpers/tf" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" - "github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/client" - "github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/custompollers" - "github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/parse" - "github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/validate" + keyVaultParse "github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/parse" + keyVaultValidation "github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/validate" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/managedhsm/client" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/managedhsm/custompollers" + managedHSMValidation "github.com/hashicorp/terraform-provider-azurerm/internal/services/managedhsm/validate" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation" "github.com/hashicorp/terraform-provider-azurerm/internal/timeouts" @@ -60,7 +61,7 @@ func resourceKeyVaultManagedHardwareSecurityModule() *pluginsdk.Resource { Type: pluginsdk.TypeString, Required: true, ForceNew: true, - ValidateFunc: validate.ManagedHardwareSecurityModuleName, + ValidateFunc: managedHSMValidation.ManagedHardwareSecurityModuleName, }, "resource_group_name": commonschema.ResourceGroupName(), @@ -154,7 +155,7 @@ func resourceKeyVaultManagedHardwareSecurityModule() *pluginsdk.Resource { RequiredWith: []string{"security_domain_quorum"}, Elem: &pluginsdk.Schema{ Type: pluginsdk.TypeString, - ValidateFunc: validate.NestedItemId, + ValidateFunc: keyVaultValidation.NestedItemId, }, }, @@ -178,7 +179,7 @@ func resourceKeyVaultManagedHardwareSecurityModule() *pluginsdk.Resource { } func resourceArmKeyVaultManagedHardwareSecurityModuleCreate(d *pluginsdk.ResourceData, meta interface{}) error { - kvClient := meta.(*clients.Client).KeyVault + kvClient := meta.(*clients.Client).ManagedHSMs hsmClient := kvClient.ManagedHsmClient subscriptionId := meta.(*clients.Client).Account.SubscriptionId ctx, cancel := timeouts.ForCreate(meta.(*clients.Client).StopContext, d) @@ -245,7 +246,7 @@ func resourceArmKeyVaultManagedHardwareSecurityModuleCreate(d *pluginsdk.Resourc // update to re-activate the security module func resourceArmKeyVaultManagedHardwareSecurityModuleUpdate(d *pluginsdk.ResourceData, meta interface{}) error { - kvClient := meta.(*clients.Client).KeyVault + kvClient := meta.(*clients.Client).ManagedHSMs hsmClient := kvClient.ManagedHsmClient ctx, cancel := timeouts.ForUpdate(meta.(*clients.Client).StopContext, d) defer cancel() @@ -294,7 +295,7 @@ func resourceArmKeyVaultManagedHardwareSecurityModuleUpdate(d *pluginsdk.Resourc } func resourceArmKeyVaultManagedHardwareSecurityModuleRead(d *pluginsdk.ResourceData, meta interface{}) error { - hsmClient := meta.(*clients.Client).KeyVault.ManagedHsmClient + hsmClient := meta.(*clients.Client).ManagedHSMs.ManagedHsmClient ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() @@ -357,7 +358,7 @@ func resourceArmKeyVaultManagedHardwareSecurityModuleRead(d *pluginsdk.ResourceD } func resourceArmKeyVaultManagedHardwareSecurityModuleDelete(d *pluginsdk.ResourceData, meta interface{}) error { - hsmClient := meta.(*clients.Client).KeyVault.ManagedHsmClient + hsmClient := meta.(*clients.Client).ManagedHSMs.ManagedHsmClient ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d) defer cancel() @@ -444,8 +445,8 @@ func flattenMHSMNetworkAcls(acl *managedhsms.MHSMNetworkRuleSet) []interface{} { } func securityDomainDownload(ctx context.Context, cli *client.Client, vaultBaseUrl string, certIds []interface{}, quorum int) (encDataStr string, err error) { - sdClient := cli.MHSMSDClient - keyClient := cli.ManagementClient + sdClient := cli.DataPlaneSecurityDomainsClient + keyClient := cli.DataPlaneClient var param kv74.CertificateInfoObject @@ -456,7 +457,10 @@ func securityDomainDownload(ctx context.Context, cli *client.Client, vaultBaseUr if !ok { continue } - keyID, _ := parse.ParseNestedItemID(certIDStr) + keyID, err := keyVaultParse.ParseNestedItemID(certIDStr) + if err != nil { + return "", fmt.Errorf("parsing %q: %+v", certIDStr, err) + } certRes, err := keyClient.GetCertificate(ctx, keyID.KeyVaultBaseUrl, keyID.Name, keyID.Version) if err != nil { return "", fmt.Errorf("retrieving key %s: %v", certID, err) diff --git a/internal/services/keyvault/key_vault_managed_hardware_security_module_resource_test.go b/internal/services/managedhsm/key_vault_managed_hardware_security_module_resource_test.go similarity index 99% rename from internal/services/keyvault/key_vault_managed_hardware_security_module_resource_test.go rename to internal/services/managedhsm/key_vault_managed_hardware_security_module_resource_test.go index 244482098fd4..f528958b8b76 100644 --- a/internal/services/keyvault/key_vault_managed_hardware_security_module_resource_test.go +++ b/internal/services/managedhsm/key_vault_managed_hardware_security_module_resource_test.go @@ -1,7 +1,7 @@ // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: MPL-2.0 -package keyvault_test +package managedhsm_test import ( "context" @@ -166,7 +166,7 @@ func (KeyVaultManagedHardwareSecurityModuleResource) Exists(ctx context.Context, return nil, err } - resp, err := clients.KeyVault.ManagedHsmClient.Get(ctx, *id) + resp, err := clients.ManagedHSMs.ManagedHsmClient.Get(ctx, *id) if err != nil { return nil, fmt.Errorf("retrieving %s: %+v", *id, err) } diff --git a/internal/services/keyvault/key_vault_managed_hardware_security_module_role_assignment_resource.go b/internal/services/managedhsm/key_vault_managed_hardware_security_module_role_assignment_resource.go similarity index 91% rename from internal/services/keyvault/key_vault_managed_hardware_security_module_role_assignment_resource.go rename to internal/services/managedhsm/key_vault_managed_hardware_security_module_role_assignment_resource.go index ba7e43566f36..6d7b6e29ea67 100644 --- a/internal/services/keyvault/key_vault_managed_hardware_security_module_role_assignment_resource.go +++ b/internal/services/managedhsm/key_vault_managed_hardware_security_module_role_assignment_resource.go @@ -1,7 +1,7 @@ // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: MPL-2.0 -package keyvault +package managedhsm import ( "context" @@ -14,8 +14,8 @@ import ( "github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions" "github.com/hashicorp/terraform-provider-azurerm/internal/locks" "github.com/hashicorp/terraform-provider-azurerm/internal/sdk" - "github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/parse" - "github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/validate" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/managedhsm/parse" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/managedhsm/validate" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation" "github.com/hashicorp/terraform-provider-azurerm/utils" @@ -95,7 +95,7 @@ func (m KeyVaultManagedHSMRoleAssignmentResource) Create() sdk.ResourceFunc { return sdk.ResourceFunc{ Timeout: 30 * time.Minute, Func: func(ctx context.Context, meta sdk.ResourceMetaData) (err error) { - client := meta.Client.KeyVault.MHSMRoleAssignmentsClient + client := meta.Client.ManagedHSMs.DataPlaneRoleAssignmentsClient var model KeyVaultManagedHSMRoleAssignmentModel if err := meta.Decode(&model); err != nil { @@ -105,7 +105,7 @@ func (m KeyVaultManagedHSMRoleAssignmentResource) Create() sdk.ResourceFunc { locks.ByName(model.VaultBaseUrl, "azurerm_key_vault_managed_hardware_security_module") defer locks.UnlockByName(model.VaultBaseUrl, "azurerm_key_vault_managed_hardware_security_module") - id, err := parse.NewMHSMNestedItemID(model.VaultBaseUrl, model.Scope, parse.RoleAssignmentType, model.Name) + id, err := parse.NewNestedItemID(model.VaultBaseUrl, model.Scope, parse.RoleAssignmentType, model.Name) if err != nil { return err } @@ -138,9 +138,9 @@ func (m KeyVaultManagedHSMRoleAssignmentResource) Read() sdk.ResourceFunc { return sdk.ResourceFunc{ Timeout: 5 * time.Minute, Func: func(ctx context.Context, meta sdk.ResourceMetaData) error { - client := meta.Client.KeyVault.MHSMRoleAssignmentsClient + client := meta.Client.ManagedHSMs.DataPlaneRoleAssignmentsClient - id, err := parse.MHSMNestedItemID(meta.ResourceData.Id()) + id, err := parse.NestedItemID(meta.ResourceData.Id()) if err != nil { return err } @@ -179,7 +179,7 @@ func (m KeyVaultManagedHSMRoleAssignmentResource) Delete() sdk.ResourceFunc { return sdk.ResourceFunc{ Timeout: 10 * time.Minute, Func: func(ctx context.Context, meta sdk.ResourceMetaData) error { - id, err := parse.MHSMNestedItemID(meta.ResourceData.Id()) + id, err := parse.NestedItemID(meta.ResourceData.Id()) if err != nil { return err } @@ -188,7 +188,7 @@ func (m KeyVaultManagedHSMRoleAssignmentResource) Delete() sdk.ResourceFunc { locks.ByName(id.VaultBaseUrl, "azurerm_key_vault_managed_hardware_security_module") defer locks.UnlockByName(id.VaultBaseUrl, "azurerm_key_vault_managed_hardware_security_module") - if _, err := meta.Client.KeyVault.MHSMRoleAssignmentsClient.Delete(ctx, id.VaultBaseUrl, id.Scope, id.Name); err != nil { + if _, err := meta.Client.ManagedHSMs.DataPlaneRoleAssignmentsClient.Delete(ctx, id.VaultBaseUrl, id.Scope, id.Name); err != nil { return fmt.Errorf("deleting %s: %v", id.ID(), err) } return nil @@ -197,5 +197,5 @@ func (m KeyVaultManagedHSMRoleAssignmentResource) Delete() sdk.ResourceFunc { } func (m KeyVaultManagedHSMRoleAssignmentResource) IDValidationFunc() pluginsdk.SchemaValidateFunc { - return validate.MHSMNestedItemId + return validate.NestedItemId } diff --git a/internal/services/keyvault/key_vault_managed_hardware_security_module_role_assignment_resource_test.go b/internal/services/managedhsm/key_vault_managed_hardware_security_module_role_assignment_resource_test.go similarity index 92% rename from internal/services/keyvault/key_vault_managed_hardware_security_module_role_assignment_resource_test.go rename to internal/services/managedhsm/key_vault_managed_hardware_security_module_role_assignment_resource_test.go index b43b36841917..bf066db0a920 100644 --- a/internal/services/keyvault/key_vault_managed_hardware_security_module_role_assignment_resource_test.go +++ b/internal/services/managedhsm/key_vault_managed_hardware_security_module_role_assignment_resource_test.go @@ -1,7 +1,7 @@ // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: MPL-2.0 -package keyvault_test +package managedhsm_test import ( "context" @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" - "github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/parse" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/managedhsm/parse" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" "github.com/hashicorp/terraform-provider-azurerm/utils" ) @@ -18,11 +18,11 @@ type KeyVaultManagedHSMRoleAssignmentResource struct{} // real test nested in TestAccKeyVaultManagedHardwareSecurityModule, only provide Exists logic here func (k KeyVaultManagedHSMRoleAssignmentResource) Exists(ctx context.Context, client *clients.Client, state *pluginsdk.InstanceState) (*bool, error) { - id, err := parse.MHSMNestedItemID(state.ID) + id, err := parse.NestedItemID(state.ID) if err != nil { return nil, err } - resp, err := client.KeyVault.MHSMRoleAssignmentsClient.Get(ctx, id.VaultBaseUrl, id.Scope, id.Name) + resp, err := client.ManagedHSMs.DataPlaneRoleAssignmentsClient.Get(ctx, id.VaultBaseUrl, id.Scope, id.Name) if err != nil { return nil, fmt.Errorf("retrieving Type %s: %+v", id, err) } diff --git a/internal/services/keyvault/key_vault_managed_hardware_security_module_role_definition_data_source.go b/internal/services/managedhsm/key_vault_managed_hardware_security_module_role_definition_data_source.go similarity index 95% rename from internal/services/keyvault/key_vault_managed_hardware_security_module_role_definition_data_source.go rename to internal/services/managedhsm/key_vault_managed_hardware_security_module_role_definition_data_source.go index 51e4c6f94457..7609d1f840b3 100644 --- a/internal/services/keyvault/key_vault_managed_hardware_security_module_role_definition_data_source.go +++ b/internal/services/managedhsm/key_vault_managed_hardware_security_module_role_definition_data_source.go @@ -1,7 +1,7 @@ // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: MPL-2.0 -package keyvault +package managedhsm import ( "context" @@ -11,7 +11,7 @@ import ( "github.com/hashicorp/go-azure-helpers/lang/pointer" "github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions" "github.com/hashicorp/terraform-provider-azurerm/internal/sdk" - "github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/parse" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/managedhsm/parse" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation" "github.com/hashicorp/terraform-provider-azurerm/utils" @@ -137,12 +137,12 @@ func (k KeyvaultMHSMRoleDefinitionDataSource) Read() sdk.ResourceFunc { return err } - id, err := parse.NewMHSMNestedItemID(model.VaultBaseUrl, roleDefinitionScope, parse.RoleDefinitionType, model.Name) + id, err := parse.NewNestedItemID(model.VaultBaseUrl, roleDefinitionScope, parse.RoleDefinitionType, model.Name) if err != nil { return err } - client := meta.Client.KeyVault.MHSMRoleClient + client := meta.Client.ManagedHSMs.DataPlaneRoleDefinitionsClient result, err := client.Get(ctx, id.VaultBaseUrl, roleDefinitionScope, id.Name) if err != nil { if utils.ResponseWasNotFound(result.Response) { diff --git a/internal/services/keyvault/key_vault_managed_hardware_security_module_role_definition_resource.go b/internal/services/managedhsm/key_vault_managed_hardware_security_module_role_definition_resource.go similarity index 93% rename from internal/services/keyvault/key_vault_managed_hardware_security_module_role_definition_resource.go rename to internal/services/managedhsm/key_vault_managed_hardware_security_module_role_definition_resource.go index 7008de67ac3e..a23a27f198bb 100644 --- a/internal/services/keyvault/key_vault_managed_hardware_security_module_role_definition_resource.go +++ b/internal/services/managedhsm/key_vault_managed_hardware_security_module_role_definition_resource.go @@ -1,7 +1,7 @@ // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: MPL-2.0 -package keyvault +package managedhsm import ( "context" @@ -13,8 +13,8 @@ import ( "github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roledefinitions" "github.com/hashicorp/terraform-provider-azurerm/internal/locks" "github.com/hashicorp/terraform-provider-azurerm/internal/sdk" - "github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/parse" - "github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/validate" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/managedhsm/parse" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/managedhsm/validate" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation" "github.com/hashicorp/terraform-provider-azurerm/utils" @@ -158,7 +158,7 @@ func (k KeyVaultMHSMRoleDefinitionResource) Create() sdk.ResourceFunc { return sdk.ResourceFunc{ Timeout: 30 * time.Minute, Func: func(ctx context.Context, meta sdk.ResourceMetaData) (err error) { - client := meta.Client.KeyVault.MHSMRoleClient + client := meta.Client.ManagedHSMs.DataPlaneRoleDefinitionsClient var model KeyVaultMHSMRoleDefinitionModel if err = meta.Decode(&model); err != nil { @@ -170,7 +170,7 @@ func (k KeyVaultMHSMRoleDefinitionResource) Create() sdk.ResourceFunc { locks.ByName(model.VaultBaseUrl, "azurerm_key_vault_managed_hardware_security_module") defer locks.UnlockByName(model.VaultBaseUrl, "azurerm_key_vault_managed_hardware_security_module") - id, err := parse.NewMHSMNestedItemID(model.VaultBaseUrl, roleDefinitionScope, parse.RoleDefinitionType, model.Name) + id, err := parse.NewNestedItemID(model.VaultBaseUrl, roleDefinitionScope, parse.RoleDefinitionType, model.Name) if err != nil { return err } @@ -207,7 +207,7 @@ func (k KeyVaultMHSMRoleDefinitionResource) Read() sdk.ResourceFunc { Timeout: 5 * time.Minute, Func: func(ctx context.Context, meta sdk.ResourceMetaData) error { // import has no model data but only id - id, err := parse.MHSMNestedItemID(meta.ResourceData.Id()) + id, err := parse.NestedItemID(meta.ResourceData.Id()) if err != nil { return err } @@ -217,7 +217,7 @@ func (k KeyVaultMHSMRoleDefinitionResource) Read() sdk.ResourceFunc { return err } - client := meta.Client.KeyVault.MHSMRoleClient + client := meta.Client.ManagedHSMs.DataPlaneRoleDefinitionsClient result, err := client.Get(ctx, id.VaultBaseUrl, id.Scope, id.Name) if err != nil { if response.WasNotFound(result.Response.Response) { @@ -251,14 +251,14 @@ func (k KeyVaultMHSMRoleDefinitionResource) Update() sdk.ResourceFunc { return sdk.ResourceFunc{ Timeout: time.Minute * 10, Func: func(ctx context.Context, meta sdk.ResourceMetaData) (err error) { - client := meta.Client.KeyVault.MHSMRoleClient + client := meta.Client.ManagedHSMs.DataPlaneRoleDefinitionsClient var model KeyVaultMHSMRoleDefinitionModel if err = meta.Decode(&model); err != nil { return err } - id, err := parse.NewMHSMNestedItemID(model.VaultBaseUrl, roleDefinitionScope, parse.RoleDefinitionType, model.Name) + id, err := parse.NewNestedItemID(model.VaultBaseUrl, roleDefinitionScope, parse.RoleDefinitionType, model.Name) if err != nil { return err } @@ -297,7 +297,7 @@ func (k KeyVaultMHSMRoleDefinitionResource) Delete() sdk.ResourceFunc { return sdk.ResourceFunc{ Timeout: 10 * time.Minute, Func: func(ctx context.Context, meta sdk.ResourceMetaData) error { - id, err := parse.MHSMNestedItemID(meta.ResourceData.Id()) + id, err := parse.NestedItemID(meta.ResourceData.Id()) if err != nil { return err } @@ -305,7 +305,7 @@ func (k KeyVaultMHSMRoleDefinitionResource) Delete() sdk.ResourceFunc { locks.ByName(id.VaultBaseUrl, "azurerm_key_vault_managed_hardware_security_module") defer locks.UnlockByName(id.VaultBaseUrl, "azurerm_key_vault_managed_hardware_security_module") - if _, err = meta.Client.KeyVault.MHSMRoleClient.Delete(ctx, id.VaultBaseUrl, id.Scope, id.Name); err != nil { + if _, err = meta.Client.ManagedHSMs.DataPlaneRoleDefinitionsClient.Delete(ctx, id.VaultBaseUrl, id.Scope, id.Name); err != nil { return fmt.Errorf("deleting %+v: %v", id, err) } return nil @@ -314,7 +314,7 @@ func (k KeyVaultMHSMRoleDefinitionResource) Delete() sdk.ResourceFunc { } func (k KeyVaultMHSMRoleDefinitionResource) IDValidationFunc() pluginsdk.SchemaValidateFunc { - return validate.MHSMNestedItemId + return validate.NestedItemId } func expandKeyVaultMHSMRolePermissions(perms []Permission) *[]keyvault.Permission { diff --git a/internal/services/keyvault/key_vault_managed_hardware_security_module_role_definition_resource_test.go b/internal/services/managedhsm/key_vault_managed_hardware_security_module_role_definition_resource_test.go similarity index 93% rename from internal/services/keyvault/key_vault_managed_hardware_security_module_role_definition_resource_test.go rename to internal/services/managedhsm/key_vault_managed_hardware_security_module_role_definition_resource_test.go index 4f2802db6aed..cf499ca00912 100644 --- a/internal/services/keyvault/key_vault_managed_hardware_security_module_role_definition_resource_test.go +++ b/internal/services/managedhsm/key_vault_managed_hardware_security_module_role_definition_resource_test.go @@ -1,7 +1,7 @@ // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: MPL-2.0 -package keyvault_test +package managedhsm_test import ( "context" @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" - "github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/parse" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/managedhsm/parse" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" "github.com/hashicorp/terraform-provider-azurerm/utils" ) @@ -19,11 +19,11 @@ type KeyVaultMHSMRoleDefinitionResource struct{} // real test nested in TestAccKeyVaultManagedHardwareSecurityModule, only provide Exists logic here func (k KeyVaultMHSMRoleDefinitionResource) Exists(ctx context.Context, client *clients.Client, state *pluginsdk.InstanceState) (*bool, error) { baseURL := state.Attributes["vault_base_url"] - id, err := parse.MHSMNestedItemID(state.ID) + id, err := parse.NestedItemID(state.ID) if err != nil { return nil, err } - resp, err := client.KeyVault.MHSMRoleClient.Get(ctx, baseURL, "/", id.Name) + resp, err := client.ManagedHSMs.DataPlaneRoleDefinitionsClient.Get(ctx, baseURL, "/", id.Name) if err != nil { return nil, fmt.Errorf("retrieving Type %s: %+v", id, err) } diff --git a/internal/services/keyvault/parse/mhsm_nested_item.go b/internal/services/managedhsm/parse/mhsm_nested_item.go similarity index 73% rename from internal/services/keyvault/parse/mhsm_nested_item.go rename to internal/services/managedhsm/parse/mhsm_nested_item.go index 3e9516485d0d..9e79a357e28d 100644 --- a/internal/services/keyvault/parse/mhsm_nested_item.go +++ b/internal/services/managedhsm/parse/mhsm_nested_item.go @@ -11,23 +11,25 @@ import ( "github.com/hashicorp/go-azure-helpers/resourcemanager/resourceids" ) -var _ resourceids.Id = MHSMNestedItemId{} +var _ resourceids.Id = NestedItemId{} type MHSMResourceType string const ( + // TODO: this should be extended to support the other types of Nested Items available for a Managed HSM + RoleDefinitionType MHSMResourceType = "RoleDefinition" RoleAssignmentType MHSMResourceType = "RoleAssignment" ) -type MHSMNestedItemId struct { +type NestedItemId struct { VaultBaseUrl string Scope string Type MHSMResourceType Name string } -func NewMHSMNestedItemID(hsmBaseUrl, scope string, typ MHSMResourceType, name string) (*MHSMNestedItemId, error) { +func NewNestedItemID(hsmBaseUrl, scope string, typ MHSMResourceType, name string) (*NestedItemId, error) { keyVaultUrl, err := url.Parse(hsmBaseUrl) if err != nil || hsmBaseUrl == "" { return nil, fmt.Errorf("parsing managedHSM nested itemID %q: %+v", hsmBaseUrl, err) @@ -37,7 +39,7 @@ func NewMHSMNestedItemID(hsmBaseUrl, scope string, typ MHSMResourceType, name st keyVaultUrl.Host = hostParts[0] } - return &MHSMNestedItemId{ + return &NestedItemId{ VaultBaseUrl: keyVaultUrl.String(), Scope: scope, Type: typ, @@ -45,7 +47,7 @@ func NewMHSMNestedItemID(hsmBaseUrl, scope string, typ MHSMResourceType, name st }, nil } -func (n MHSMNestedItemId) ID() string { +func (n NestedItemId) ID() string { // example: https://tharvey-keyvault.managedhsm.azure.net///uuid-idshifds-fks segments := []string{ strings.TrimSuffix(n.VaultBaseUrl, "/"), @@ -56,16 +58,12 @@ func (n MHSMNestedItemId) ID() string { return strings.TrimSuffix(strings.Join(segments, "/"), "/") } -func (n MHSMNestedItemId) String() string { +func (n NestedItemId) String() string { return n.ID() } -func MHSMNestedItemID(input string) (*MHSMNestedItemId, error) { - return parseMHSMNestedItemId(input) -} - -func parseMHSMNestedItemId(id string) (*MHSMNestedItemId, error) { - idURL, err := url.ParseRequestURI(id) +func NestedItemID(input string) (*NestedItemId, error) { + idURL, err := url.ParseRequestURI(input) if err != nil { return nil, fmt.Errorf("Cannot parse Azure KeyVault Child Id: %s", err) } @@ -77,17 +75,17 @@ func parseMHSMNestedItemId(id string) (*MHSMNestedItemId, error) { nameSep := strings.LastIndex(path, "/") if nameSep <= 0 { - return nil, fmt.Errorf("no name speparate exist in %s", id) + return nil, fmt.Errorf("no name speparate exist in %s", input) } scope, name := path[:nameSep], path[nameSep+1:] typeSep := strings.LastIndex(scope, "/") if typeSep <= 0 { - return nil, fmt.Errorf("no type speparate exist in %s", id) + return nil, fmt.Errorf("no type speparate exist in %s", input) } scope, typ := scope[:typeSep], scope[typeSep+1:] - childId := MHSMNestedItemId{ + childId := NestedItemId{ VaultBaseUrl: fmt.Sprintf("%s://%s/", idURL.Scheme, idURL.Host), Scope: scope, Type: MHSMResourceType(typ), diff --git a/internal/services/keyvault/parse/mhsm_nested_item_test.go b/internal/services/managedhsm/parse/mhsm_nested_item_test.go similarity index 92% rename from internal/services/keyvault/parse/mhsm_nested_item_test.go rename to internal/services/managedhsm/parse/mhsm_nested_item_test.go index 1d95bd9d7cfd..159cf9f647e5 100644 --- a/internal/services/keyvault/parse/mhsm_nested_item_test.go +++ b/internal/services/managedhsm/parse/mhsm_nested_item_test.go @@ -42,7 +42,7 @@ func TestNewMHSMNestedItemID(t *testing.T) { }, } for idx, tc := range cases { - id, err := NewMHSMNestedItemID(tc.keyVaultBaseUrl, tc.Scope, mhsmType, tc.Name) + id, err := NewNestedItemID(tc.keyVaultBaseUrl, tc.Scope, mhsmType, tc.Name) if err != nil { if !tc.ExpectError { t.Fatalf("Got error for New Resource ID '%s': %+v", tc.keyVaultBaseUrl, err) @@ -60,7 +60,7 @@ func TestParseMHSMNestedItemID(t *testing.T) { typ := RoleDefinitionType cases := []struct { Input string - Expected MHSMNestedItemId + Expected NestedItemId ExpectError bool }{ { @@ -70,7 +70,7 @@ func TestParseMHSMNestedItemID(t *testing.T) { { Input: fmt.Sprintf("https://my-keyvault.managedhsm.azure.net///%s/test", typ), ExpectError: true, - Expected: MHSMNestedItemId{ + Expected: NestedItemId{ Name: "test", VaultBaseUrl: "https://my-keyvault.managedhsm.azure.net/", Scope: "/", @@ -79,7 +79,7 @@ func TestParseMHSMNestedItemID(t *testing.T) { { Input: fmt.Sprintf("https://my-keyvault.managedhsm.azure.net///%s/bird", typ), ExpectError: true, - Expected: MHSMNestedItemId{ + Expected: NestedItemId{ Name: "bird", VaultBaseUrl: "https://my-keyvault.managedhsm.azure.net/", Scope: "/", @@ -88,7 +88,7 @@ func TestParseMHSMNestedItemID(t *testing.T) { { Input: fmt.Sprintf("https://my-keyvault.managedhsm.azure.net///%s/bird", typ), ExpectError: false, - Expected: MHSMNestedItemId{ + Expected: NestedItemId{ Name: "bird", VaultBaseUrl: "https://my-keyvault.managedhsm.azure.net/", Scope: "/", @@ -97,7 +97,7 @@ func TestParseMHSMNestedItemID(t *testing.T) { { Input: fmt.Sprintf("https://my-keyvault.managedhsm.azure.net//keys/%s/world", typ), ExpectError: false, - Expected: MHSMNestedItemId{ + Expected: NestedItemId{ Name: "world", VaultBaseUrl: "https://my-keyvault.managedhsm.azure.net/", Scope: "/keys", @@ -106,7 +106,7 @@ func TestParseMHSMNestedItemID(t *testing.T) { { Input: fmt.Sprintf("https://my-keyvault.managedhsm.azure.net//keys/%s/fdf067c93bbb4b22bff4d8b7a9a56217", typ), ExpectError: true, - Expected: MHSMNestedItemId{ + Expected: NestedItemId{ Name: "fdf067c93bbb4b22bff4d8b7a9a56217", VaultBaseUrl: "https://my-keyvault.managedhsm.azure.net/", Scope: "/keys", @@ -115,7 +115,7 @@ func TestParseMHSMNestedItemID(t *testing.T) { { Input: "https://kvhsm23030816100222.managedhsm.azure.net///RoleDefinition/862d4d5e-bf01-11ed-a49d-00155d61ee9e", ExpectError: true, - Expected: MHSMNestedItemId{ + Expected: NestedItemId{ Name: "862d4d5e-bf01-11ed-a49d-00155d61ee9e", VaultBaseUrl: "https://kvhsm23030816100222.managedhsm.azure.net/", Scope: "/", @@ -124,7 +124,7 @@ func TestParseMHSMNestedItemID(t *testing.T) { } for idx, tc := range cases { - secretId, err := MHSMNestedItemID(tc.Input) + secretId, err := NestedItemID(tc.Input) if err != nil { if tc.ExpectError { continue diff --git a/internal/services/managedhsm/registration.go b/internal/services/managedhsm/registration.go new file mode 100644 index 000000000000..61c233c2b596 --- /dev/null +++ b/internal/services/managedhsm/registration.go @@ -0,0 +1,60 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package managedhsm + +import ( + "github.com/hashicorp/terraform-provider-azurerm/internal/sdk" + "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" +) + +type Registration struct{} + +var ( + _ sdk.TypedServiceRegistrationWithAGitHubLabel = Registration{} + _ sdk.UntypedServiceRegistrationWithAGitHubLabel = Registration{} +) + +func (r Registration) AssociatedGitHubLabel() string { + return "service/managed-hsm" +} + +// Name is the name of this Service +func (r Registration) Name() string { + return "Managed HSM" +} + +// WebsiteCategories returns a list of categories which can be used for the sidebar +func (r Registration) WebsiteCategories() []string { + return []string{ + // Managed HSM is grouped under Key Vault + "Key Vault", + } +} + +// SupportedDataSources returns the supported Data Sources supported by this Service +func (r Registration) SupportedDataSources() map[string]*pluginsdk.Resource { + return map[string]*pluginsdk.Resource{ + "azurerm_key_vault_managed_hardware_security_module": dataSourceKeyVaultManagedHardwareSecurityModule(), + } +} + +// SupportedResources returns the supported Resources supported by this Service +func (r Registration) SupportedResources() map[string]*pluginsdk.Resource { + return map[string]*pluginsdk.Resource{ + "azurerm_key_vault_managed_hardware_security_module": resourceKeyVaultManagedHardwareSecurityModule(), + } +} + +func (r Registration) DataSources() []sdk.DataSource { + return []sdk.DataSource{ + KeyvaultMHSMRoleDefinitionDataSource{}, + } +} + +func (r Registration) Resources() []sdk.Resource { + return []sdk.Resource{ + KeyVaultMHSMRoleDefinitionResource{}, + KeyVaultManagedHSMRoleAssignmentResource{}, + } +} diff --git a/internal/services/keyvault/validate/managed_hsm_name.go b/internal/services/managedhsm/validate/managed_hsm_name.go similarity index 100% rename from internal/services/keyvault/validate/managed_hsm_name.go rename to internal/services/managedhsm/validate/managed_hsm_name.go diff --git a/internal/services/keyvault/validate/managed_hsm_name_test.go b/internal/services/managedhsm/validate/managed_hsm_name_test.go similarity index 100% rename from internal/services/keyvault/validate/managed_hsm_name_test.go rename to internal/services/managedhsm/validate/managed_hsm_name_test.go diff --git a/internal/services/keyvault/validate/mhsm_nested_item_id.go b/internal/services/managedhsm/validate/mhsm_nested_item_id.go similarity index 79% rename from internal/services/keyvault/validate/mhsm_nested_item_id.go rename to internal/services/managedhsm/validate/mhsm_nested_item_id.go index 3a6a219d7b9c..a01c979c7651 100644 --- a/internal/services/keyvault/validate/mhsm_nested_item_id.go +++ b/internal/services/managedhsm/validate/mhsm_nested_item_id.go @@ -6,11 +6,11 @@ package validate import ( "fmt" - "github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/parse" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/managedhsm/parse" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation" ) -func MHSMNestedItemId(i interface{}, k string) (warnings []string, errors []error) { +func NestedItemId(i interface{}, k string) (warnings []string, errors []error) { if warnings, errors = validation.StringIsNotEmpty(i, k); len(errors) > 0 { return warnings, errors } @@ -21,7 +21,7 @@ func MHSMNestedItemId(i interface{}, k string) (warnings []string, errors []erro return warnings, errors } - if _, err := parse.MHSMNestedItemID(v); err != nil { + if _, err := parse.NestedItemID(v); err != nil { errors = append(errors, fmt.Errorf("parsing %q: %s", v, err)) return warnings, errors } diff --git a/internal/services/keyvault/validate/mhsm_nested_item_id_test.go b/internal/services/managedhsm/validate/mhsm_nested_item_id_test.go similarity index 95% rename from internal/services/keyvault/validate/mhsm_nested_item_id_test.go rename to internal/services/managedhsm/validate/mhsm_nested_item_id_test.go index 11f0c5202ba4..8b09e3c2bc76 100644 --- a/internal/services/keyvault/validate/mhsm_nested_item_id_test.go +++ b/internal/services/managedhsm/validate/mhsm_nested_item_id_test.go @@ -40,7 +40,7 @@ func TestMHSMNestedItemId(t *testing.T) { } for _, tc := range cases { - warnings, err := MHSMNestedItemId(tc.Input, "example") + warnings, err := NestedItemId(tc.Input, "example") if err != nil { if !tc.ExpectError { t.Fatalf("Got error for input %q: %+v", tc.Input, err)