From 59a96351edc2cd0e6a30adf878a1f040ea67e20e Mon Sep 17 00:00:00 2001 From: Sune Keller Date: Tue, 12 May 2020 14:38:25 +0200 Subject: [PATCH] Default identity.type to None and allow specifying it explicitly --- .../apimanagement/api_management_resource.go | 43 +++++++++++-------- 1 file changed, 25 insertions(+), 18 deletions(-) diff --git a/azurerm/internal/services/apimanagement/api_management_resource.go b/azurerm/internal/services/apimanagement/api_management_resource.go index 6cddea681b91..240a151d60ca 100644 --- a/azurerm/internal/services/apimanagement/api_management_resource.go +++ b/azurerm/internal/services/apimanagement/api_management_resource.go @@ -87,8 +87,10 @@ func resourceArmApiManagementService() *schema.Resource { Schema: map[string]*schema.Schema{ "type": { Type: schema.TypeString, - Required: true, + Optional: true, + Default: string(apimanagement.None), ValidateFunc: validation.StringInSlice([]string{ + string(apimanagement.None), string(apimanagement.SystemAssigned), string(apimanagement.UserAssigned), string(apimanagement.SystemAssignedUserAssigned), @@ -945,34 +947,39 @@ func flattenApiManagementAdditionalLocations(input *[]apimanagement.AdditionalLo } func expandAzureRmApiManagementIdentity(d *schema.ResourceData) (*apimanagement.ServiceIdentity, error) { + var identityIdSet *schema.Set + managedServiceIdentity := apimanagement.ServiceIdentity{} + vs := d.Get("identity").([]interface{}) if len(vs) == 0 { - return &apimanagement.ServiceIdentity{ - Type: apimanagement.None, - }, nil - } - - v := vs[0].(map[string]interface{}) - identityType := v["type"].(string) - - managedServiceIdentity := apimanagement.ServiceIdentity{ - Type: apimanagement.ApimIdentityType(identityType), + managedServiceIdentity.Type = apimanagement.None + } else { + v := vs[0].(map[string]interface{}) + identityType, exists := v["type"] + if !exists { + return nil, fmt.Errorf("`type` must be specified when `identity` is set") + } + managedServiceIdentity.Type = apimanagement.ApimIdentityType(identityType.(string)) + if identityIds, exists := v["identity_ids"]; exists { + identityIdSet = (identityIds.(*schema.Set)) + } } - identityIdSet := (v["identity_ids"].(*schema.Set)) + // If type contains `UserAssigned`, `identity_ids` must be specified and have at least 1 element if managedServiceIdentity.Type == apimanagement.UserAssigned || managedServiceIdentity.Type == apimanagement.SystemAssignedUserAssigned { - if identityIdSet.Len() == 0 { + if identityIdSet == nil || identityIdSet.Len() == 0 { return nil, fmt.Errorf("`identity_ids` must have at least 1 element when `type` includes `UserAssigned`") } - identityIds := make(map[string]*apimanagement.UserIdentityProperties) + userAssignedIdentities := make(map[string]*apimanagement.UserIdentityProperties) for _, id := range identityIdSet.List() { - identityIds[id.(string)] = &apimanagement.UserIdentityProperties{} + userAssignedIdentities[id.(string)] = &apimanagement.UserIdentityProperties{} } - managedServiceIdentity.UserAssignedIdentities = identityIds - } else if identityIdSet.Len() > 0 { - return nil, fmt.Errorf("`identity_ids` can only be specified when `type` includes `UserAssigned`") + managedServiceIdentity.UserAssignedIdentities = userAssignedIdentities + } else if identityIdSet != nil && identityIdSet.Len() > 0 { + // If type does _not_ contain `UserAssigned` (i.e. is set to `SystemAssigned` or defaulted to `None`), `identity_ids` is not allowed + return nil, fmt.Errorf("`identity_ids` can only be specified when `type` includes `UserAssigned`; but `type` is currently %q", managedServiceIdentity.Type) } return &managedServiceIdentity, nil