From c3922424f0f548680b19afe1cd6e8976efd47af1 Mon Sep 17 00:00:00 2001 From: tombuildsstuff Date: Thu, 5 Jul 2018 20:15:14 +0200 Subject: [PATCH] New Resource: `azurerm_data_lake_firewall_rule` --- azurerm/config.go | 17 +- azurerm/provider.go | 1 + ...ource_arm_data_lake_store_firewall_rule.go | 146 ++++++++++++++ ..._arm_data_lake_store_firewall_rule_test.go | 181 ++++++++++++++++++ website/azurerm.erb | 6 +- website/docs/r/data_lake_store.html.markdown | 18 +- ...ata_lake_store_firewall_rule.html.markdown | 62 ++++++ 7 files changed, 408 insertions(+), 23 deletions(-) create mode 100644 azurerm/resource_arm_data_lake_store_firewall_rule.go create mode 100644 azurerm/resource_arm_data_lake_store_firewall_rule_test.go create mode 100644 website/docs/r/data_lake_store_firewall_rule.html.markdown diff --git a/azurerm/config.go b/azurerm/config.go index 767d92303191..85937b6ab907 100644 --- a/azurerm/config.go +++ b/azurerm/config.go @@ -141,7 +141,8 @@ type ArmClient struct { sqlVirtualNetworkRulesClient sql.VirtualNetworkRulesClient // Data Lake Store - dataLakeStoreAccountClient account.AccountsClient + dataLakeStoreAccountClient account.AccountsClient + dataLakeStoreFirewallRulesClient account.FirewallRulesClient // KeyVault keyVaultClient keyvault.VaultsClient @@ -383,7 +384,7 @@ func getArmClient(c *authentication.Config) (*ArmClient, error) { client.registerContainerServicesClients(endpoint, c.SubscriptionID, auth) client.registerCosmosDBClients(endpoint, c.SubscriptionID, auth, sender) client.registerDatabases(endpoint, c.SubscriptionID, auth, sender) - client.registerDataLakeStoreAccountClients(endpoint, c.SubscriptionID, auth, sender) + client.registerDataLakeStoreClients(endpoint, c.SubscriptionID, auth, sender) client.registerDeviceClients(endpoint, c.SubscriptionID, auth, sender) client.registerDNSClients(endpoint, c.SubscriptionID, auth, sender) client.registerEventGridClients(endpoint, c.SubscriptionID, auth, sender) @@ -643,10 +644,14 @@ func (c *ArmClient) registerDatabases(endpoint, subscriptionId string, auth auto c.sqlVirtualNetworkRulesClient = sqlVNRClient } -func (c *ArmClient) registerDataLakeStoreAccountClients(endpoint, subscriptionId string, auth autorest.Authorizer, sender autorest.Sender) { - dataLakeStoreAccountClient := account.NewAccountsClientWithBaseURI(endpoint, subscriptionId) - c.configureClient(&dataLakeStoreAccountClient.Client, auth) - c.dataLakeStoreAccountClient = dataLakeStoreAccountClient +func (c *ArmClient) registerDataLakeStoreClients(endpoint, subscriptionId string, auth autorest.Authorizer, sender autorest.Sender) { + accountClient := account.NewAccountsClientWithBaseURI(endpoint, subscriptionId) + c.configureClient(&accountClient.Client, auth) + c.dataLakeStoreAccountClient = accountClient + + firewallRulesClient := account.NewFirewallRulesClientWithBaseURI(endpoint, subscriptionId) + c.configureClient(&firewallRulesClient.Client, auth) + c.dataLakeStoreFirewallRulesClient = firewallRulesClient } func (c *ArmClient) registerDeviceClients(endpoint, subscriptionId string, auth autorest.Authorizer, sender autorest.Sender) { diff --git a/azurerm/provider.go b/azurerm/provider.go index c9ad8f102de9..95b16334a0de 100644 --- a/azurerm/provider.go +++ b/azurerm/provider.go @@ -136,6 +136,7 @@ func Provider() terraform.ResourceProvider { "azurerm_container_group": resourceArmContainerGroup(), "azurerm_cosmosdb_account": resourceArmCosmosDBAccount(), "azurerm_data_lake_store": resourceArmDataLakeStore(), + "azurerm_data_lake_store_firewall_rule": resourceArmDataLakeStoreFirewallRule(), "azurerm_dns_a_record": resourceArmDnsARecord(), "azurerm_dns_aaaa_record": resourceArmDnsAAAARecord(), "azurerm_dns_caa_record": resourceArmDnsCaaRecord(), diff --git a/azurerm/resource_arm_data_lake_store_firewall_rule.go b/azurerm/resource_arm_data_lake_store_firewall_rule.go new file mode 100644 index 000000000000..5c126e41f72d --- /dev/null +++ b/azurerm/resource_arm_data_lake_store_firewall_rule.go @@ -0,0 +1,146 @@ +package azurerm + +import ( + "fmt" + "log" + + "github.com/Azure/azure-sdk-for-go/services/datalake/store/mgmt/2016-11-01/account" + "github.com/hashicorp/terraform/helper/schema" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/response" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" +) + +func resourceArmDataLakeStoreFirewallRule() *schema.Resource { + return &schema.Resource{ + Create: resourceArmDateLakeStoreAccountFirewallRuleCreateUpdate, + Read: resourceArmDateLakeStoreAccountFirewallRuleRead, + Update: resourceArmDateLakeStoreAccountFirewallRuleCreateUpdate, + Delete: resourceArmDateLakeStoreAccountFirewallRuleDelete, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + + "account_name": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + + "resource_group_name": resourceGroupNameSchema(), + + "start_ip_address": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validate.IPv4Address, + }, + + "end_ip_address": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validate.IPv4Address, + }, + }, + } +} + +func resourceArmDateLakeStoreAccountFirewallRuleCreateUpdate(d *schema.ResourceData, meta interface{}) error { + client := meta.(*ArmClient).dataLakeStoreFirewallRulesClient + ctx := meta.(*ArmClient).StopContext + + log.Printf("[INFO] preparing arguments for Date Lake Store Firewall Rule creation.") + + name := d.Get("name").(string) + accountName := d.Get("account_name").(string) + resourceGroup := d.Get("resource_group_name").(string) + startIPAddress := d.Get("start_ip_address").(string) + endIPAddress := d.Get("end_ip_address").(string) + + dateLakeStore := account.CreateOrUpdateFirewallRuleParameters{ + CreateOrUpdateFirewallRuleProperties: &account.CreateOrUpdateFirewallRuleProperties{ + StartIPAddress: utils.String(startIPAddress), + EndIPAddress: utils.String(endIPAddress), + }, + } + + _, err := client.CreateOrUpdate(ctx, resourceGroup, accountName, name, dateLakeStore) + if err != nil { + return fmt.Errorf("Error issuing create request for Data Lake Store %q (Resource Group %q): %+v", name, resourceGroup, err) + } + + read, err := client.Get(ctx, resourceGroup, accountName, name) + if err != nil { + return fmt.Errorf("Error retrieving Data Lake Store Firewall Rule %q (Account %q / Resource Group %q): %+v", name, accountName, resourceGroup, err) + } + if read.ID == nil { + return fmt.Errorf("Cannot read Data Lake Store %q (Account %q / Resource Group %q) ID", name, accountName, resourceGroup) + } + + d.SetId(*read.ID) + + return resourceArmDateLakeStoreAccountFirewallRuleRead(d, meta) +} + +func resourceArmDateLakeStoreAccountFirewallRuleRead(d *schema.ResourceData, meta interface{}) error { + client := meta.(*ArmClient).dataLakeStoreFirewallRulesClient + ctx := meta.(*ArmClient).StopContext + + id, err := parseAzureResourceID(d.Id()) + if err != nil { + return err + } + resourceGroup := id.ResourceGroup + accountName := id.Path["accounts"] + name := id.Path["firewallRules"] + + resp, err := client.Get(ctx, resourceGroup, accountName, name) + if err != nil { + if utils.ResponseWasNotFound(resp.Response) { + log.Printf("[WARN] Data Lake Store Firewall Rule %q was not found (Account %q / Resource Group %q)", name, accountName, resourceGroup) + d.SetId("") + return nil + } + return fmt.Errorf("Error making Read request on Azure Data Lake Store Firewall Rule %q (Account %q / Resource Group %q): %+v", name, accountName, resourceGroup, err) + } + + d.Set("name", name) + d.Set("account_name", accountName) + d.Set("resource_group_name", resourceGroup) + + if props := resp.FirewallRuleProperties; props != nil { + d.Set("start_ip_address", props.StartIPAddress) + d.Set("end_ip_address", props.EndIPAddress) + } + + return nil +} + +func resourceArmDateLakeStoreAccountFirewallRuleDelete(d *schema.ResourceData, meta interface{}) error { + client := meta.(*ArmClient).dataLakeStoreFirewallRulesClient + ctx := meta.(*ArmClient).StopContext + + id, err := parseAzureResourceID(d.Id()) + if err != nil { + return err + } + + resourceGroup := id.ResourceGroup + accountName := id.Path["accounts"] + name := id.Path["firewallRules"] + resp, err := client.Delete(ctx, resourceGroup, accountName, name) + if err != nil { + if response.WasNotFound(resp.Response) { + return nil + } + return fmt.Errorf("Error issuing delete request for Data Lake Store Firewall Rule %q (Account %q / Resource Group %q): %+v", name, accountName, resourceGroup, err) + } + + return nil +} diff --git a/azurerm/resource_arm_data_lake_store_firewall_rule_test.go b/azurerm/resource_arm_data_lake_store_firewall_rule_test.go new file mode 100644 index 000000000000..16a7196ed427 --- /dev/null +++ b/azurerm/resource_arm_data_lake_store_firewall_rule_test.go @@ -0,0 +1,181 @@ +package azurerm + +import ( + "fmt" + "net/http" + "testing" + + "github.com/hashicorp/terraform/helper/acctest" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" +) + +func TestAccAzureRMDataLakeStoreFirewallRule_basic(t *testing.T) { + resourceName := "azurerm_data_lake_store_firewall_rule.test" + startIP := "1.1.1.1" + endIP := "2.2.2.2" + + ri := acctest.RandInt() + rs := acctest.RandString(4) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMDataLakeStoreFirewallRuleDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMDataLakeStoreFirewallRule_basic(ri, rs, testLocation(), startIP, endIP), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMDataLakeStoreFirewallRuleExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "start_ip_address", startIP), + resource.TestCheckResourceAttr(resourceName, "end_ip_address", endIP), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccAzureRMDataLakeStoreFirewallRule_update(t *testing.T) { + resourceName := "azurerm_data_lake_store_firewall_rule.test" + ri := acctest.RandInt() + rs := acctest.RandString(4) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMDataLakeStoreFirewallRuleDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMDataLakeStoreFirewallRule_basic(ri, rs, testLocation(), "1.1.1.1", "2.2.2.2"), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMDataLakeStoreFirewallRuleExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "start_ip_address", "1.1.1.1"), + resource.TestCheckResourceAttr(resourceName, "end_ip_address", "2.2.2.2"), + ), + }, + { + Config: testAccAzureRMDataLakeStoreFirewallRule_basic(ri, rs, testLocation(), "2.2.2.2", "3.3.3.3"), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMDataLakeStoreFirewallRuleExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "start_ip_address", "2.2.2.2"), + resource.TestCheckResourceAttr(resourceName, "end_ip_address", "3.3.3.3"), + ), + }, + }, + }) +} + +func TestAccAzureRMDataLakeStoreFirewallRule_azureServices(t *testing.T) { + resourceName := "azurerm_data_lake_store_firewall_rule.test" + azureServicesIP := "0.0.0.0" + ri := acctest.RandInt() + rs := acctest.RandString(4) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMDataLakeStoreFirewallRuleDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMDataLakeStoreFirewallRule_basic(ri, rs, testLocation(), azureServicesIP, azureServicesIP), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMDataLakeStoreFirewallRuleExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "start_ip_address", azureServicesIP), + resource.TestCheckResourceAttr(resourceName, "end_ip_address", azureServicesIP), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testCheckAzureRMDataLakeStoreFirewallRuleExists(name string) resource.TestCheckFunc { + return func(s *terraform.State) error { + // Ensure we have enough information in state to look up in API + rs, ok := s.RootModule().Resources[name] + if !ok { + return fmt.Errorf("Not found: %s", name) + } + + firewallRuleName := rs.Primary.Attributes["name"] + accountName := rs.Primary.Attributes["account_name"] + resourceGroup, hasResourceGroup := rs.Primary.Attributes["resource_group_name"] + if !hasResourceGroup { + return fmt.Errorf("Bad: no resource group found in state for data lake store firewall rule: %s", name) + } + + conn := testAccProvider.Meta().(*ArmClient).dataLakeStoreFirewallRulesClient + ctx := testAccProvider.Meta().(*ArmClient).StopContext + + resp, err := conn.Get(ctx, resourceGroup, accountName, firewallRuleName) + if err != nil { + return fmt.Errorf("Bad: Get on dataLakeStoreFirewallRulesClient: %+v", err) + } + + if resp.StatusCode == http.StatusNotFound { + return fmt.Errorf("Bad: Date Lake Store Firewall Rule %q (Account %q / Resource Group: %q) does not exist", firewallRuleName, accountName, resourceGroup) + } + + return nil + } +} + +func testCheckAzureRMDataLakeStoreFirewallRuleDestroy(s *terraform.State) error { + conn := testAccProvider.Meta().(*ArmClient).dataLakeStoreFirewallRulesClient + ctx := testAccProvider.Meta().(*ArmClient).StopContext + + for _, rs := range s.RootModule().Resources { + if rs.Type != "azurerm_data_lake_store_firewall_rule" { + continue + } + + firewallRuleName := rs.Primary.Attributes["name"] + accountName := rs.Primary.Attributes["account_name"] + resourceGroup := rs.Primary.Attributes["resource_group_name"] + + resp, err := conn.Get(ctx, resourceGroup, accountName, firewallRuleName) + if err != nil { + if resp.StatusCode == http.StatusNotFound { + return nil + } + + return err + } + + return fmt.Errorf("Data Lake Store Firewall Rule still exists:\n%#v", resp) + } + + return nil +} + +func testAccAzureRMDataLakeStoreFirewallRule_basic(rInt int, rs, location, startIP, endIP string) string { + return fmt.Sprintf(` +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +resource "azurerm_data_lake_store" "test" { + name = "unlikely23exst2acct%s" + resource_group_name = "${azurerm_resource_group.test.name}" + location = "%s" +} + +resource "azurerm_data_lake_store_firewall_rule" "test" { + name = "example" + account_name = "${azurerm_data_lake_store.test.name}" + resource_group_name = "${azurerm_resource_group.test.name}" + start_ip_address = "%s" + end_ip_address = "%s" +} +`, rInt, location, rs, location, startIP, endIP) +} diff --git a/website/azurerm.erb b/website/azurerm.erb index 63e393803a17..e0c3181b9eb3 100644 --- a/website/azurerm.erb +++ b/website/azurerm.erb @@ -409,10 +409,14 @@ Data Lake Store Resources diff --git a/website/docs/r/data_lake_store.html.markdown b/website/docs/r/data_lake_store.html.markdown index 6c7213c66450..d36296e063bf 100644 --- a/website/docs/r/data_lake_store.html.markdown +++ b/website/docs/r/data_lake_store.html.markdown @@ -1,7 +1,7 @@ --- layout: "azurerm" page_title: "Azure Resource Manager: azurerm_data_lake_store" -sidebar_current: "docs-azurerm-resource-data-lake-store" +sidebar_current: "docs-azurerm-resource-data-lake-store-x" description: |- Manage an Azure Data Lake Store. --- @@ -13,7 +13,6 @@ Manage an Azure Data Lake Store. ## Example Usage ```hcl -# Pay As You Go resource "azurerm_resource_group" "test" { name = "test" location = "northeurope" @@ -22,20 +21,7 @@ resource "azurerm_resource_group" "test" { resource "azurerm_data_lake_store" "consumption" { name = "consumptiondatalake" resource_group_name = "${azurerm_resource_group.test.name}" - location = "northeurope" -} - -# Monthly Commitment Tier -resource "azurerm_resource_group" "test" { - name = "test" - location = "westeurope" -} - -resource "azurerm_data_lake_store" "monthly" { - name = "monthlydatalake" - resource_group_name = "${azurerm_resource_group.test.name}" - location = "westeurope" - tier = "Commitment_1TB" + location = "${azurerm_resource_group.test.location}" } ``` diff --git a/website/docs/r/data_lake_store_firewall_rule.html.markdown b/website/docs/r/data_lake_store_firewall_rule.html.markdown new file mode 100644 index 000000000000..69018d1d4b3f --- /dev/null +++ b/website/docs/r/data_lake_store_firewall_rule.html.markdown @@ -0,0 +1,62 @@ +--- +layout: "azurerm" +page_title: "Azure Resource Manager: azurerm_data_lake_store_firewall_rule" +sidebar_current: "docs-azurerm-resource-data-lake-store-firewall-rule" +description: |- + Manage a Azure Data Lake Store Firewall Rule. +--- + +# azurerm_data_lake_store_firewall_rule + +Manage a Azure Data Lake Store Firewall Rule. + +## Example Usage + +```hcl +resource "azurerm_resource_group" "test" { + name = "test" + location = "northeurope" +} + +resource "azurerm_data_lake_store" "test" { + name = "consumptiondatalake" + resource_group_name = "${azurerm_resource_group.test.name}" + location = "${azurerm_resource_group.test.location}" +} + +resource "azurerm_data_lake_store_firewall_rule" "test" { + name = "office-ip-range" + account_name = "${azurerm_data_lake_store.test.name}" + resource_group_name = "${azurerm_resource_group.test.name}" + start_ip_address = "1.2.3.4" + end_ip_address = "2.3.4.5" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) Specifies the name of the Data Lake Store. Changing this forces a new resource to be created. Has to be between 3 to 24 characters. + +* `resource_group_name` - (Required) The name of the resource group in which to create the Data Lake Store. + +* `account_name` - (Required) Specifies the name of the Data Lake Store for which the Firewall Rule should take effect. + +* `start_ip_address` - (Required) The Start IP address for the firewall rule. + +* `end_ip_address` - (Required) The End IP Address for the firewall rule. + +## Attributes Reference + +The following attributes are exported: + +* `id` - The Date Lake Store Firewall Rule ID. + +## Import + +Date Lake Store Firewall Rules can be imported using the `resource id`, e.g. + +```shell +terraform import azurerm_data_lake_store_firewall_rule.rule1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.DataLakeStore/accounts/mydatalakeaccount/firewallRules/rule1 +```