opentofu/builtin/providers/azurerm/resource_arm_eventhub_authorization_rule.go
Tom Harvey 8580cc4b18 provider/azurerm: EventHub Authorization Rules (#10971)
* Adding a missing property to the Consumer Groups doc

* Support for Event Hub Authorization Rules

* Documentation for Authorization Rules

* Missed a comment

* Fixing the `no authorisation rule` state

* Making the documentation around the Permissions more explicit / updating the import url

* Fixing up the tests

* Clearing up the docs

* Fixing the linting

* Moving the validation inside of the expand
2017-01-02 16:32:07 +00:00

251 lines
6.2 KiB
Go

package azurerm
import (
"fmt"
"log"
"net/http"
"github.com/Azure/azure-sdk-for-go/arm/eventhub"
"github.com/hashicorp/terraform/helper/schema"
)
func resourceArmEventHubAuthorizationRule() *schema.Resource {
return &schema.Resource{
Create: resourceArmEventHubAuthorizationRuleCreateUpdate,
Read: resourceArmEventHubAuthorizationRuleRead,
Update: resourceArmEventHubAuthorizationRuleCreateUpdate,
Delete: resourceArmEventHubAuthorizationRuleDelete,
Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
},
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"namespace_name": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"eventhub_name": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"resource_group_name": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"location": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"listen": {
Type: schema.TypeBool,
Optional: true,
Default: false,
},
"send": {
Type: schema.TypeBool,
Optional: true,
Default: false,
},
"manage": {
Type: schema.TypeBool,
Optional: true,
Default: false,
},
"primary_key": {
Type: schema.TypeString,
Computed: true,
},
"primary_connection_string": {
Type: schema.TypeString,
Computed: true,
},
"secondary_key": {
Type: schema.TypeString,
Computed: true,
},
"secondary_connection_string": {
Type: schema.TypeString,
Computed: true,
},
},
}
}
func resourceArmEventHubAuthorizationRuleCreateUpdate(d *schema.ResourceData, meta interface{}) error {
client := meta.(*ArmClient).eventHubClient
log.Printf("[INFO] preparing arguments for Azure ARM EventHub Authorization Rule creation.")
name := d.Get("name").(string)
namespaceName := d.Get("namespace_name").(string)
eventHubName := d.Get("eventhub_name").(string)
location := d.Get("location").(string)
resGroup := d.Get("resource_group_name").(string)
rights, err := expandEventHubAuthorizationRuleAccessRights(d)
if err != nil {
return err
}
parameters := eventhub.SharedAccessAuthorizationRuleCreateOrUpdateParameters{
Name: &name,
Location: &location,
SharedAccessAuthorizationRuleProperties: &eventhub.SharedAccessAuthorizationRuleProperties{
Rights: rights,
},
}
_, err = client.CreateOrUpdateAuthorizationRule(resGroup, namespaceName, eventHubName, name, parameters)
if err != nil {
return err
}
read, err := client.GetAuthorizationRule(resGroup, namespaceName, eventHubName, name)
if err != nil {
return err
}
if read.ID == nil {
return fmt.Errorf("Cannot read EventHub Authorization Rule %s (resource group %s) ID", name, resGroup)
}
d.SetId(*read.ID)
return resourceArmEventHubAuthorizationRuleRead(d, meta)
}
func resourceArmEventHubAuthorizationRuleRead(d *schema.ResourceData, meta interface{}) error {
client := meta.(*ArmClient).eventHubClient
id, err := parseAzureResourceID(d.Id())
if err != nil {
return err
}
resGroup := id.ResourceGroup
namespaceName := id.Path["namespaces"]
eventHubName := id.Path["eventhubs"]
name := id.Path["authorizationRules"]
resp, err := client.GetAuthorizationRule(resGroup, namespaceName, eventHubName, name)
if err != nil {
return fmt.Errorf("Error making Read request on Azure EventHub Authorization Rule %s: %s", name, err)
}
if resp.StatusCode == http.StatusNotFound {
d.SetId("")
return nil
}
keysResp, err := client.ListKeys(resGroup, namespaceName, eventHubName, name)
if err != nil {
return fmt.Errorf("Error making Read request on Azure EventHub Authorization Rule List Keys %s: %s", name, err)
}
d.Set("name", name)
d.Set("eventhub_name", eventHubName)
d.Set("namespace_name", namespaceName)
d.Set("resource_group_name", resGroup)
d.Set("location", azureRMNormalizeLocation(*resp.Location))
flattenEventHubAuthorizationRuleAccessRights(d, resp)
d.Set("primary_key", keysResp.PrimaryKey)
d.Set("primary_connection_string", keysResp.PrimaryConnectionString)
d.Set("secondary_key", keysResp.SecondaryKey)
d.Set("secondary_connection_string", keysResp.SecondaryConnectionString)
return nil
}
func resourceArmEventHubAuthorizationRuleDelete(d *schema.ResourceData, meta interface{}) error {
eventhubClient := meta.(*ArmClient).eventHubClient
id, err := parseAzureResourceID(d.Id())
if err != nil {
return err
}
resGroup := id.ResourceGroup
namespaceName := id.Path["namespaces"]
eventHubName := id.Path["eventhubs"]
name := id.Path["authorizationRules"]
resp, err := eventhubClient.DeleteAuthorizationRule(resGroup, namespaceName, eventHubName, name)
if resp.StatusCode != http.StatusOK {
return fmt.Errorf("Error issuing Azure ARM delete request of EventHub Authorization Rule '%s': %s", name, err)
}
return nil
}
func expandEventHubAuthorizationRuleAccessRights(d *schema.ResourceData) (*[]eventhub.AccessRights, error) {
canSend := d.Get("send").(bool)
canListen := d.Get("listen").(bool)
canManage := d.Get("manage").(bool)
rights := []eventhub.AccessRights{}
if canListen {
rights = append(rights, eventhub.Listen)
}
if canSend {
rights = append(rights, eventhub.Send)
}
if canManage {
rights = append(rights, eventhub.Manage)
}
if len(rights) == 0 {
return nil, fmt.Errorf("At least one Authorization Rule State must be enabled (e.g. Listen/Manage/Send)")
}
if canManage && !(canListen && canSend) {
return nil, fmt.Errorf("In order to enable the 'Manage' Authorization Rule - both the 'Listen' and 'Send' rules must be enabled")
}
return &rights, nil
}
func flattenEventHubAuthorizationRuleAccessRights(d *schema.ResourceData, resp eventhub.SharedAccessAuthorizationRuleResource) {
var canListen = false
var canSend = false
var canManage = false
for _, right := range *resp.Rights {
switch right {
case eventhub.Listen:
canListen = true
case eventhub.Send:
canSend = true
case eventhub.Manage:
canManage = true
default:
log.Printf("[DEBUG] Unknown Authorization Rule Right '%s'", right)
}
}
d.Set("listen", canListen)
d.Set("send", canSend)
d.Set("manage", canManage)
}