hashicorp · katbyte · Oct 10, 2019 · Aug 15, 2019 · Aug 15, 2019 · Aug 15, 2019
diff --git a/azurerm/internal/services/network/client.go b/azurerm/internal/services/network/client.go
@@ -9,6 +9,7 @@ type Client struct {
 	ApplicationGatewaysClient            *network.ApplicationGatewaysClient
 	ApplicationSecurityGroupsClient      *network.ApplicationSecurityGroupsClient
 	AzureFirewallsClient                 *network.AzureFirewallsClient
+	BastionHostsClient                   *network.BastionHostsClient
 	ConnectionMonitorsClient             *network.ConnectionMonitorsClient
 	DDOSProtectionPlansClient            *network.DdosProtectionPlansClient
 	ExpressRouteAuthsClient              *network.ExpressRouteCircuitAuthorizationsClient
@@ -45,6 +46,9 @@ func BuildClient(o *common.ClientOptions) *Client {
 	AzureFirewallsClient := network.NewAzureFirewallsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
 	o.ConfigureClient(&AzureFirewallsClient.Client, o.ResourceManagerAuthorizer)
 
+	BastionHostsClient := network.NewBastionHostsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+	o.ConfigureClient(&BastionHostsClient.Client, o.ResourceManagerAuthorizer)
+
 	ConnectionMonitorsClient := network.NewConnectionMonitorsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
 	o.ConfigureClient(&ConnectionMonitorsClient.Client, o.ResourceManagerAuthorizer)
 
@@ -121,6 +125,7 @@ func BuildClient(o *common.ClientOptions) *Client {
 		ApplicationGatewaysClient:            &ApplicationGatewaysClient,
 		ApplicationSecurityGroupsClient:      &ApplicationSecurityGroupsClient,
 		AzureFirewallsClient:                 &AzureFirewallsClient,
+		BastionHostsClient:                   &BastionHostsClient,
 		ConnectionMonitorsClient:             &ConnectionMonitorsClient,
 		DDOSProtectionPlansClient:            &DDOSProtectionPlansClient,
 		ExpressRouteAuthsClient:              &ExpressRouteAuthsClient,

diff --git a/azurerm/provider.go b/azurerm/provider.go
@@ -199,6 +199,7 @@ func Provider() terraform.ResourceProvider {
 		"azurerm_azuread_application":                                resourceArmActiveDirectoryApplication(),
 		"azurerm_azuread_service_principal_password":                 resourceArmActiveDirectoryServicePrincipalPassword(),
 		"azurerm_azuread_service_principal":                          resourceArmActiveDirectoryServicePrincipal(),
+		"azurerm_bastion_host":                                       resourceArmBastionHost(),
 		"azurerm_batch_account":                                      resourceArmBatchAccount(),
 		"azurerm_batch_application":                                  resourceArmBatchApplication(),
 		"azurerm_batch_certificate":                                  resourceArmBatchCertificate(),

diff --git a/azurerm/resource_arm_bastion_host.go b/azurerm/resource_arm_bastion_host.go
@@ -0,0 +1,279 @@
+package azurerm
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	"github.com/Azure/azure-sdk-for-go/services/network/mgmt/2019-06-01/network"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/response"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tags"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func resourceArmBastionHost() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceArmBastionHostCreateUpdate,
+		Read:   resourceArmBastionHostRead,
+		Update: resourceArmBastionHostCreateUpdate,
+		Delete: resourceArmBastionHostDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validateAzureRMBastionHostName,
+			},
+
+			"location": azure.SchemaLocation(),
+
+			"resource_group_name": azure.SchemaResourceGroupName(),
+
+			"ip_configuration": {
+				Type:     schema.TypeList,
+				ForceNew: true,
+				Optional: true,
+				MaxItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"name": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: validateAzureRMBastionIPConfigName,
+						},
+						"subnet_id": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: azure.ValidateResourceID,
+						},
+						"public_ip_address_id": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: azure.ValidateResourceID,
+						},
+					},
+				},
+			},
+
+			"dns_name": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"tags": tags.Schema(),
+		},
+	}
+}
+
+func resourceArmBastionHostCreateUpdate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*ArmClient).Network.BastionHostsClient
+	ctx := meta.(*ArmClient).StopContext
+
+	log.Println("[INFO] preparing arguments for Azure Bastion Host creation.")
+
+	resourceGroup := d.Get("resource_group_name").(string)
+	name := d.Get("name").(string)
+	location := azure.NormalizeLocation(d.Get("location").(string))
+	tags := d.Get("tags").(map[string]interface{})
+
+	if requireResourcesToBeImported && d.IsNewResource() {
+		existing, err := client.Get(ctx, resourceGroup, name)
+		if err != nil {
+			if !utils.ResponseWasNotFound(existing.Response) {
+				return fmt.Errorf("Error checking for presence of existing Bastion Host %q (Resource Group %q): %s", name, resourceGroup, err)
+			}
+		}
+
+		if existing.ID != nil && *existing.ID != "" {
+			return tf.ImportAsExistsError("azurerm_bastion_host", *existing.ID)
+		}
+	}
+
+	parameters := network.BastionHost{
+		Location: &location,
+		BastionHostPropertiesFormat: &network.BastionHostPropertiesFormat{
+			IPConfigurations: expandArmBastionHostIPConfiguration(d.Get("ip_configuration").([]interface{})),
+		},
+		Tags: expandTags(tags),
+	}
+
+	future, err := client.CreateOrUpdate(ctx, resourceGroup, name, parameters)
+	if err != nil {
+		return fmt.Errorf("Error creating/updating Bastion Host %q (Resource Group %q): %+v", name, resourceGroup, err)
+	}
+
+	if err = future.WaitForCompletionRef(ctx, client.Client); err != nil {
+		return fmt.Errorf("Error waiting for creation/update of Bastion Host %q (Resource Group %q): %+v", name, resourceGroup, err)
+	}
+
+	read, err := client.Get(ctx, resourceGroup, name)
+	if err != nil {
+		return fmt.Errorf("Error retrieving Bastion Host %q (Resource Group %q): %+v", name, resourceGroup, err)
+	}
+
+	d.SetId(*read.ID)
+
+	return resourceArmBastionHostRead(d, meta)
+}
+
+func resourceArmBastionHostRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*ArmClient).Network.BastionHostsClient
+	ctx := meta.(*ArmClient).StopContext
+
+	id, err := azure.ParseAzureResourceID(d.Id())
+	if err != nil {
+		return err
+	}
+
+	name := id.Path["bastionHosts"]
+	resourceGroup := id.ResourceGroup
+
+	resp, err := client.Get(ctx, resourceGroup, name)
+	if err != nil {
+		if utils.ResponseWasNotFound(resp.Response) {
+			d.SetId("")
+			log.Printf("[DEBUG] Bastion Host %q was not found in Resource Group %q - removing from state!", name, resourceGroup)
+			return nil
+		}
+		return fmt.Errorf("Error reading the state of Bastion Host %q: %+v", name, err)
+	}
+
+	d.Set("name", resp.Name)
+	d.Set("resource_group_name", resourceGroup)
+
+	if location := resp.Location; location != nil {
+		d.Set("location", azure.NormalizeLocation(*location))
+	}
+
+	if props := resp.BastionHostPropertiesFormat; props != nil {
+		d.Set("dns_name", props.DNSName)
+
+		if ipConfigs := props.IPConfigurations; ipConfigs != nil {
+			if err := d.Set("ip_configuration", flattenArmBastionHostIPConfiguration(ipConfigs)); err != nil {
+				return fmt.Errorf("Error flattening `ip_configuration`: %+v", err)
+			}
+		}
+	}
+
+	return tags.FlattenAndSet(d, resp.Tags)
+}
+
+func resourceArmBastionHostDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*ArmClient).Network.BastionHostsClient
+	ctx := meta.(*ArmClient).StopContext
+
+	id, err := parseAzureResourceID(d.Id())
+	if err != nil {
+		return err
+	}
+
+	name := id.Path["bastionHosts"]
+	resourceGroup := id.ResourceGroup
+
+	future, err := client.Delete(ctx, resourceGroup, name)
+	if err != nil {
+		return fmt.Errorf("Error deleting Bastion Host %q (Resource Group %q): %+v", name, resourceGroup, err)
+	}
+
+	if err = future.WaitForCompletionRef(ctx, client.Client); err != nil {
+		if !response.WasNotFound(future.Response()) {
+			return fmt.Errorf("Error waiting for deletion of Bastion Host %q (Resource Group %q): %+v", name, resourceGroup, err)
+		}
+	}
+
+	return nil
+}
+
+func validateAzureRMBastionHostName(v interface{}, k string) (warnings []string, errors []error) {
+	value := v.(string)
+	if !regexp.MustCompile(`^[a-zA-Z0-9]+$`).MatchString(value) {
+		errors = append(errors, fmt.Errorf("lowercase letters, highercase letters numbers only are allowed in %q: %q", k, value))
+	}
+
+	if 1 > len(value) {
+		errors = append(errors, fmt.Errorf("%q cannot be less than 1 characters: %q", k, value))
+	}
+
+	if len(value) > 64 {
+		errors = append(errors, fmt.Errorf("%q cannot be longer than 64 characters: %q %d", k, value, len(value)))
+	}
+
+	return warnings, errors
+}
+
+func validateAzureRMBastionIPConfigName(v interface{}, k string) (warnings []string, errors []error) {
+	value := v.(string)
+	if !regexp.MustCompile(`^[a-zA-Z0-9]+$`).MatchString(value) {
+		errors = append(errors, fmt.Errorf("lowercase letters, highercase letters numbers only are allowed in %q: %q", k, value))
+	}
+
+	if 1 > len(value) {
+		errors = append(errors, fmt.Errorf("%q cannot be less than 1 characters: %q", k, value))
+	}
+
+	if len(value) > 32 {
+		errors = append(errors, fmt.Errorf("%q cannot be longer than 32 characters: %q %d", k, value, len(value)))
+	}
+
+	return warnings, errors
+}
+
+func expandArmBastionHostIPConfiguration(input []interface{}) (ipConfigs *[]network.BastionHostIPConfiguration) {
+	if len(input) == 0 {
+		return nil
+	}
+
+	property := input[0].(map[string]interface{})
+	ipConfName := property["name"].(string)
+	subID := property["subnet_id"].(string)
+	pipID := property["public_ip_address_id"].(string)
+
+	return &[]network.BastionHostIPConfiguration{
+		{
+			Name: &ipConfName,
+			BastionHostIPConfigurationPropertiesFormat: &network.BastionHostIPConfigurationPropertiesFormat{
+				Subnet: &network.SubResource{
+					ID: &subID,
+				},
+				PublicIPAddress: &network.SubResource{
+					ID: &pipID,
+				},
+			},
+		},
+	}
+}
+
+func flattenArmBastionHostIPConfiguration(ipConfigs *[]network.BastionHostIPConfiguration) []interface{} {
+	result := make([]interface{}, 0)
+	if ipConfigs == nil {
+		return result
+	}
+
+	for _, config := range *ipConfigs {
+		ipConfig := make(map[string]interface{})
+
+		if config.Name != nil {
+			ipConfig["name"] = *config.Name
+		}
+
+		if props := config.BastionHostIPConfigurationPropertiesFormat; props != nil {
+			if subnet := props.Subnet; subnet != nil {
+				ipConfig["subnet_id"] = *subnet.ID
+			}
+
+			if pip := props.PublicIPAddress; pip != nil {
+				ipConfig["public_ip_address_id"] = *pip.ID
+			}
+		}
+
+		result = append(result, ipConfig)
+	}
+	return result
+}