From 92e2f44af2c80bf785b4a85aef83349cb90bf144 Mon Sep 17 00:00:00 2001 From: Sepke Date: Tue, 30 Jan 2018 09:54:57 +0100 Subject: [PATCH 1/5] add role_definition_name to role_assignment --- azurerm/resource_arm_role_assignment.go | 37 +++++++++++++++++--- azurerm/resource_arm_role_assignment_test.go | 36 +++++++++++++++++++ website/docs/r/role_assignment.html.markdown | 14 ++++---- 3 files changed, 74 insertions(+), 13 deletions(-) diff --git a/azurerm/resource_arm_role_assignment.go b/azurerm/resource_arm_role_assignment.go index cc302be37a2d..cc486b1d5494 100644 --- a/azurerm/resource_arm_role_assignment.go +++ b/azurerm/resource_arm_role_assignment.go @@ -35,11 +35,19 @@ func resourceArmRoleAssignment() *schema.Resource { "role_definition_id": { Type: schema.TypeString, - Required: true, + Optional: true, + Computed: true, ForceNew: true, + ConflictsWith: []string{"role_definition_name"}, DiffSuppressFunc: ignoreCaseDiffSuppressFunc, }, + "role_definition_name": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + }, + "principal_id": { Type: schema.TypeString, Required: true, @@ -50,12 +58,31 @@ func resourceArmRoleAssignment() *schema.Resource { } func resourceArmRoleAssignmentCreate(d *schema.ResourceData, meta interface{}) error { - client := meta.(*ArmClient).roleAssignmentsClient + roleAssignmentsClient := meta.(*ArmClient).roleAssignmentsClient + roleDefinitionsClient := meta.(*ArmClient).roleDefinitionsClient ctx := meta.(*ArmClient).StopContext name := d.Get("name").(string) scope := d.Get("scope").(string) - roleDefinitionId := d.Get("role_definition_id").(string) + + var roleDefinitionId string + if v, ok := d.GetOk("role_definition_id"); ok { + roleDefinitionId = v.(string) + } else if v, ok := d.GetOk("role_definition_name"); ok { + filter := fmt.Sprintf("roleName eq '%s'", v.(string)) + roleDefinitions, err := roleDefinitionsClient.List(ctx, "", filter) + if err != nil { + return fmt.Errorf("Error loading Role Definition List: %+v", err) + } + if len(roleDefinitions.Values()) != 1 { + return fmt.Errorf("Error loading Role Definition List: could not find role '%s'", name) + } + roleDefinitionId = *roleDefinitions.Values()[0].ID + } else { + return fmt.Errorf("Error: either role_definition_id or role_definition_name needs to be set") + } + d.Set("role_definition_id", roleDefinitionId) + principalId := d.Get("principal_id").(string) if name == "" { @@ -74,12 +101,12 @@ func resourceArmRoleAssignmentCreate(d *schema.ResourceData, meta interface{}) e }, } - _, err := client.Create(ctx, scope, name, properties) + _, err := roleAssignmentsClient.Create(ctx, scope, name, properties) if err != nil { return err } - read, err := client.Get(ctx, scope, name) + read, err := roleAssignmentsClient.Get(ctx, scope, name) if err != nil { return err } diff --git a/azurerm/resource_arm_role_assignment_test.go b/azurerm/resource_arm_role_assignment_test.go index 3685c2c2f91f..2168474241d4 100644 --- a/azurerm/resource_arm_role_assignment_test.go +++ b/azurerm/resource_arm_role_assignment_test.go @@ -31,6 +31,27 @@ func TestAccAzureRMRoleAssignment_emptyName(t *testing.T) { }) } +func TestAccAzureRMRoleAssignment_roleyName(t *testing.T) { + id := uuid.New().String() + resourceName := "azurerm_role_assignment.test" + config := testAccAzureRMRoleAssignment_roleName(id) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMRoleAssignmentDestroy, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMRoleAssignmentExists(resourceName), + resource.TestCheckResourceAttrSet(resourceName, "role_definition_id"), + ), + }, + }, + }) +} + func TestAccAzureRMRoleAssignment_builtin(t *testing.T) { id := uuid.New().String() config := testAccAzureRMRoleAssignment_builtin(id) @@ -141,6 +162,21 @@ resource "azurerm_role_assignment" "test" { ` } +func testAccAzureRMRoleAssignment_roleName(id string) string { + return fmt.Sprintf(` +data "azurerm_subscription" "primary" {} + +data "azurerm_client_config" "test" {} + +resource "azurerm_role_assignment" "test" { + name = "%s" + scope = "${data.azurerm_subscription.primary.id}" + role_definition_name = "Reader" + principal_id = "${data.azurerm_client_config.test.service_principal_object_id}" +} +`) +} + func testAccAzureRMRoleAssignment_builtin(id string) string { return fmt.Sprintf(` data "azurerm_subscription" "primary" {} diff --git a/website/docs/r/role_assignment.html.markdown b/website/docs/r/role_assignment.html.markdown index 0b0916ba63a3..c1394d520479 100644 --- a/website/docs/r/role_assignment.html.markdown +++ b/website/docs/r/role_assignment.html.markdown @@ -18,14 +18,10 @@ data "azurerm_subscription" "primary" {} data "azurerm_client_config" "test" {} -data "azurerm_builtin_role_definition" "test" { - name = "Reader" -} - resource "azurerm_role_assignment" "test" { - scope = "${data.azurerm_subscription.primary.id}" - role_definition_id = "${data.azurerm_subscription.primary.id}${data.azurerm_builtin_role_definition.test.id}" - principal_id = "${data.azurerm_client_config.test.service_principal_object_id}" + scope = "${data.azurerm_subscription.primary.id}" + role_definition_name = "Reader" + principal_id = "${data.azurerm_client_config.test.service_principal_object_id}" } ``` @@ -97,7 +93,9 @@ The following arguments are supported: * `scope` - (Required) The scope at which the Role Assignment applies too, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. Changing this forces a new resource to be created. -* `role_definition_id` - (Required) The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. +* `role_definition_id` - (Optional, Forces new resource) The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. + +* `role_definition_name` - (Optional, Forces new resource) The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with role_definition_id. * `principal_id` - (Required) The ID of the Principal (User or Application) to assign the Role Definition to. Changing this forces a new resource to be created. From d178bc41125dfaf02982bacd525be8947a738515 Mon Sep 17 00:00:00 2001 From: Sepke Date: Tue, 30 Jan 2018 15:09:45 +0100 Subject: [PATCH 2/5] fix missing id parameter --- azurerm/resource_arm_role_assignment_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azurerm/resource_arm_role_assignment_test.go b/azurerm/resource_arm_role_assignment_test.go index 2168474241d4..4cbde4b7a6e4 100644 --- a/azurerm/resource_arm_role_assignment_test.go +++ b/azurerm/resource_arm_role_assignment_test.go @@ -174,7 +174,7 @@ resource "azurerm_role_assignment" "test" { role_definition_name = "Reader" principal_id = "${data.azurerm_client_config.test.service_principal_object_id}" } -`) +`, id) } func testAccAzureRMRoleAssignment_builtin(id string) string { From 69e942094fccdfe2983153919204a32246ef9e59 Mon Sep 17 00:00:00 2001 From: Sepke Date: Wed, 7 Feb 2018 08:15:12 +0100 Subject: [PATCH 3/5] schema and docs update --- azurerm/resource_arm_role_assignment.go | 8 ++++---- website/docs/r/role_assignment.html.markdown | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/azurerm/resource_arm_role_assignment.go b/azurerm/resource_arm_role_assignment.go index cc486b1d5494..69408f3561d4 100644 --- a/azurerm/resource_arm_role_assignment.go +++ b/azurerm/resource_arm_role_assignment.go @@ -5,7 +5,6 @@ import ( "log" "github.com/Azure/azure-sdk-for-go/services/authorization/mgmt/2015-07-01/authorization" - "github.com/hashicorp/go-uuid" "github.com/hashicorp/terraform/helper/schema" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" ) @@ -43,9 +42,10 @@ func resourceArmRoleAssignment() *schema.Resource { }, "role_definition_name": { - Type: schema.TypeString, - Optional: true, - ForceNew: true, + Type: schema.TypeString, + Optional: true, + ForceNew: true, + ConflictsWith: []string{"role_definition_id"}, }, "principal_id": { diff --git a/website/docs/r/role_assignment.html.markdown b/website/docs/r/role_assignment.html.markdown index c1394d520479..09649203af92 100644 --- a/website/docs/r/role_assignment.html.markdown +++ b/website/docs/r/role_assignment.html.markdown @@ -93,9 +93,9 @@ The following arguments are supported: * `scope` - (Required) The scope at which the Role Assignment applies too, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. Changing this forces a new resource to be created. -* `role_definition_id` - (Optional, Forces new resource) The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. +* `role_definition_id` - (Optional, Forces new resource) The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `role_definition_name`. -* `role_definition_name` - (Optional, Forces new resource) The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with role_definition_id. +* `role_definition_name` - (Optional, Forces new resource) The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `role_definition_id`. * `principal_id` - (Required) The ID of the Principal (User or Application) to assign the Role Definition to. Changing this forces a new resource to be created. From cefc4067738e058c1c44bdd3429dde08be122186 Mon Sep 17 00:00:00 2001 From: Sepke Date: Wed, 7 Feb 2018 08:26:08 +0100 Subject: [PATCH 4/5] readd uuid import --- azurerm/resource_arm_role_assignment.go | 1 + 1 file changed, 1 insertion(+) diff --git a/azurerm/resource_arm_role_assignment.go b/azurerm/resource_arm_role_assignment.go index 69408f3561d4..e428baffdef9 100644 --- a/azurerm/resource_arm_role_assignment.go +++ b/azurerm/resource_arm_role_assignment.go @@ -5,6 +5,7 @@ import ( "log" "github.com/Azure/azure-sdk-for-go/services/authorization/mgmt/2015-07-01/authorization" + "github.com/hashicorp/go-uuid" "github.com/hashicorp/terraform/helper/schema" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" ) From 038c0dc7af485dcf64f531408f2a2b9061494357 Mon Sep 17 00:00:00 2001 From: tombuildsstuff Date: Mon, 12 Feb 2018 16:20:59 -0800 Subject: [PATCH 5/5] Minor tweaks for consistency --- azurerm/resource_arm_role_assignment_test.go | 2 +- website/docs/r/role_assignment.html.markdown | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/azurerm/resource_arm_role_assignment_test.go b/azurerm/resource_arm_role_assignment_test.go index 4cbde4b7a6e4..eea5c60fc8b8 100644 --- a/azurerm/resource_arm_role_assignment_test.go +++ b/azurerm/resource_arm_role_assignment_test.go @@ -31,7 +31,7 @@ func TestAccAzureRMRoleAssignment_emptyName(t *testing.T) { }) } -func TestAccAzureRMRoleAssignment_roleyName(t *testing.T) { +func TestAccAzureRMRoleAssignment_roleName(t *testing.T) { id := uuid.New().String() resourceName := "azurerm_role_assignment.test" config := testAccAzureRMRoleAssignment_roleName(id) diff --git a/website/docs/r/role_assignment.html.markdown b/website/docs/r/role_assignment.html.markdown index 09649203af92..1ec6748426ea 100644 --- a/website/docs/r/role_assignment.html.markdown +++ b/website/docs/r/role_assignment.html.markdown @@ -93,9 +93,9 @@ The following arguments are supported: * `scope` - (Required) The scope at which the Role Assignment applies too, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. Changing this forces a new resource to be created. -* `role_definition_id` - (Optional, Forces new resource) The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `role_definition_name`. +* `role_definition_id` - (Optional) The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `role_definition_name`. -* `role_definition_name` - (Optional, Forces new resource) The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `role_definition_id`. +* `role_definition_name` - (Optional) The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `role_definition_id`. * `principal_id` - (Required) The ID of the Principal (User or Application) to assign the Role Definition to. Changing this forces a new resource to be created.