From 3fafa45ddc3eb654cd867da46aeb37d90fbc7241 Mon Sep 17 00:00:00 2001
From: Sune Keller <absukl@almbrand.dk>
Date: Wed, 6 May 2020 01:03:05 +0200
Subject: [PATCH] Support User Assigned Managed Identity on API Management

Signed-off-by: Sune Keller <absukl@almbrand.dk>
---
 .../apimanagement/api_management_resource.go  | 35 +++++++++++++++++--
 1 file changed, 33 insertions(+), 2 deletions(-)

diff --git a/azurerm/internal/services/apimanagement/api_management_resource.go b/azurerm/internal/services/apimanagement/api_management_resource.go
index e01857116ccb..08f7e1c0ca88 100644
--- a/azurerm/internal/services/apimanagement/api_management_resource.go
+++ b/azurerm/internal/services/apimanagement/api_management_resource.go
@@ -88,8 +88,11 @@ func resourceArmApiManagementService() *schema.Resource {
 						"type": {
 							Type:     schema.TypeString,
 							Required: true,
+							Default:  string(apimanagement.None),
 							ValidateFunc: validation.StringInSlice([]string{
-								"SystemAssigned",
+								string(apimanagement.SystemAssigned),
+								string(apimanagement.UserAssigned),
+								string(apimanagement.SystemAssignedUserAssigned),
 							}, false),
 						},
 						"principal_id": {
@@ -100,6 +103,15 @@ func resourceArmApiManagementService() *schema.Resource {
 							Type:     schema.TypeString,
 							Computed: true,
 						},
+						"identity_ids": {
+							Type:     schema.TypeList,
+							Optional: true,
+							MinItems: 1,
+							Elem: &schema.Schema{
+								Type:         schema.TypeString,
+								ValidateFunc: validation.NoZeroValues,
+							},
+						},
 					},
 				},
 			},
@@ -907,9 +919,20 @@ func expandAzureRmApiManagementIdentity(d *schema.ResourceData) *apimanagement.S
 
 	v := vs[0].(map[string]interface{})
 	identityType := v["type"].(string)
-	return &apimanagement.ServiceIdentity{
+
+	identityIds := make(map[string]*apimanagement.UserIdentityProperties)
+	for _, id := range v["identity_ids"].([]interface{}) {
+		identityIds[id.(string)] = &apimanagement.UserIdentityProperties{}
+	}
+	managedServiceIdentity := apimanagement.ServiceIdentity{
 		Type: apimanagement.ApimIdentityType(identityType),
 	}
+
+	if managedServiceIdentity.Type == apimanagement.UserAssigned || managedServiceIdentity.Type == apimanagement.SystemAssignedUserAssigned {
+		managedServiceIdentity.UserAssignedIdentities = identityIds
+	}
+
+	return &managedServiceIdentity
 }
 
 func flattenAzureRmApiManagementMachineIdentity(identity *apimanagement.ServiceIdentity) []interface{} {
@@ -929,6 +952,14 @@ func flattenAzureRmApiManagementMachineIdentity(identity *apimanagement.ServiceI
 		result["tenant_id"] = identity.TenantID.String()
 	}
 
+	identityIds := make([]string, 0)
+	if identity.UserAssignedIdentities != nil {
+		for key := range identity.UserAssignedIdentities {
+			identityIds = append(identityIds, key)
+		}
+		result["identity_ids"] = identityIds
+	}
+
 	return []interface{}{result}
 }