opentofu/builtin/providers/azurerm/resource_arm_eventhub_authorization_rule.go

package azurerm

import (
	"fmt"
	"log"

	"net/http"

	"github.com/Azure/azure-sdk-for-go/arm/eventhub"
	"github.com/hashicorp/terraform/helper/schema"
)

func resourceArmEventHubAuthorizationRule() *schema.Resource {
	return &schema.Resource{
		Create: resourceArmEventHubAuthorizationRuleCreateUpdate,
		Read:   resourceArmEventHubAuthorizationRuleRead,
		Update: resourceArmEventHubAuthorizationRuleCreateUpdate,
		Delete: resourceArmEventHubAuthorizationRuleDelete,
		Importer: &schema.ResourceImporter{
			State: schema.ImportStatePassthrough,
		},

		Schema: map[string]*schema.Schema{
			"name": {
				Type:     schema.TypeString,
				Required: true,
				ForceNew: true,
			},

			"namespace_name": {
				Type:     schema.TypeString,
				Required: true,
				ForceNew: true,
			},

			"eventhub_name": {
				Type:     schema.TypeString,
				Required: true,
				ForceNew: true,
			},

			"resource_group_name": {
				Type:     schema.TypeString,
				Required: true,
				ForceNew: true,
			},

			"location": {
				Type:     schema.TypeString,
				Required: true,
				ForceNew: true,
			},

			"listen": {
				Type:     schema.TypeBool,
				Optional: true,
				Default:  false,
			},

			"send": {
				Type:     schema.TypeBool,
				Optional: true,
				Default:  false,
			},

			"manage": {
				Type:     schema.TypeBool,
				Optional: true,
				Default:  false,
			},

			"primary_key": {
				Type:     schema.TypeString,
				Computed: true,
			},

			"primary_connection_string": {
				Type:     schema.TypeString,
				Computed: true,
			},

			"secondary_key": {
				Type:     schema.TypeString,
				Computed: true,
			},

			"secondary_connection_string": {
				Type:     schema.TypeString,
				Computed: true,
			},
		},
	}
}

func resourceArmEventHubAuthorizationRuleCreateUpdate(d *schema.ResourceData, meta interface{}) error {
	client := meta.(*ArmClient).eventHubClient
	log.Printf("[INFO] preparing arguments for Azure ARM EventHub Authorization Rule creation.")

	name := d.Get("name").(string)
	namespaceName := d.Get("namespace_name").(string)
	eventHubName := d.Get("eventhub_name").(string)
	location := d.Get("location").(string)
	resGroup := d.Get("resource_group_name").(string)

	rights, err := expandEventHubAuthorizationRuleAccessRights(d)
	if err != nil {
		return err
	}

	parameters := eventhub.SharedAccessAuthorizationRuleCreateOrUpdateParameters{
		Name:     &name,
		Location: &location,
		SharedAccessAuthorizationRuleProperties: &eventhub.SharedAccessAuthorizationRuleProperties{
			Rights: rights,
		},
	}

	_, err = client.CreateOrUpdateAuthorizationRule(resGroup, namespaceName, eventHubName, name, parameters)
	if err != nil {
		return err
	}

	read, err := client.GetAuthorizationRule(resGroup, namespaceName, eventHubName, name)
	if err != nil {
		return err
	}

	if read.ID == nil {
		return fmt.Errorf("Cannot read EventHub Authorization Rule %s (resource group %s) ID", name, resGroup)
	}

	d.SetId(*read.ID)

	return resourceArmEventHubAuthorizationRuleRead(d, meta)
}

func resourceArmEventHubAuthorizationRuleRead(d *schema.ResourceData, meta interface{}) error {
	client := meta.(*ArmClient).eventHubClient

	id, err := parseAzureResourceID(d.Id())
	if err != nil {
		return err
	}
	resGroup := id.ResourceGroup
	namespaceName := id.Path["namespaces"]
	eventHubName := id.Path["eventhubs"]
	name := id.Path["authorizationRules"]

	resp, err := client.GetAuthorizationRule(resGroup, namespaceName, eventHubName, name)
	if err != nil {
		return fmt.Errorf("Error making Read request on Azure EventHub Authorization Rule %s: %s", name, err)
	}
	if resp.StatusCode == http.StatusNotFound {
		d.SetId("")
		return nil
	}

	keysResp, err := client.ListKeys(resGroup, namespaceName, eventHubName, name)
	if err != nil {
		return fmt.Errorf("Error making Read request on Azure EventHub Authorization Rule List Keys %s: %s", name, err)
	}

	d.Set("name", name)
	d.Set("eventhub_name", eventHubName)
	d.Set("namespace_name", namespaceName)
	d.Set("resource_group_name", resGroup)
	d.Set("location", azureRMNormalizeLocation(*resp.Location))

	flattenEventHubAuthorizationRuleAccessRights(d, resp)

	d.Set("primary_key", keysResp.PrimaryKey)
	d.Set("primary_connection_string", keysResp.PrimaryConnectionString)
	d.Set("secondary_key", keysResp.SecondaryKey)
	d.Set("secondary_connection_string", keysResp.SecondaryConnectionString)

	return nil
}

func resourceArmEventHubAuthorizationRuleDelete(d *schema.ResourceData, meta interface{}) error {
	eventhubClient := meta.(*ArmClient).eventHubClient

	id, err := parseAzureResourceID(d.Id())
	if err != nil {
		return err
	}
	resGroup := id.ResourceGroup
	namespaceName := id.Path["namespaces"]
	eventHubName := id.Path["eventhubs"]
	name := id.Path["authorizationRules"]

	resp, err := eventhubClient.DeleteAuthorizationRule(resGroup, namespaceName, eventHubName, name)

	if resp.StatusCode != http.StatusOK {
		return fmt.Errorf("Error issuing Azure ARM delete request of EventHub Authorization Rule '%s': %s", name, err)
	}

	return nil
}

func expandEventHubAuthorizationRuleAccessRights(d *schema.ResourceData) (*[]eventhub.AccessRights, error) {
	canSend := d.Get("send").(bool)
	canListen := d.Get("listen").(bool)
	canManage := d.Get("manage").(bool)
	rights := []eventhub.AccessRights{}
	if canListen {
		rights = append(rights, eventhub.Listen)
	}

	if canSend {
		rights = append(rights, eventhub.Send)
	}

	if canManage {
		rights = append(rights, eventhub.Manage)
	}

	if len(rights) == 0 {
		return nil, fmt.Errorf("At least one Authorization Rule State must be enabled (e.g. Listen/Manage/Send)")
	}

	if canManage && !(canListen && canSend) {
		return nil, fmt.Errorf("In order to enable the 'Manage' Authorization Rule - both the 'Listen' and 'Send' rules must be enabled")
	}

	return &rights, nil
}

func flattenEventHubAuthorizationRuleAccessRights(d *schema.ResourceData, resp eventhub.SharedAccessAuthorizationRuleResource) {

	var canListen = false
	var canSend = false
	var canManage = false

	for _, right := range *resp.Rights {
		switch right {
		case eventhub.Listen:
			canListen = true
		case eventhub.Send:
			canSend = true
		case eventhub.Manage:
			canManage = true
		default:
			log.Printf("[DEBUG] Unknown Authorization Rule Right '%s'", right)
		}
	}

	d.Set("listen", canListen)
	d.Set("send", canSend)
	d.Set("manage", canManage)
}