base_url->key_vault_id, documentation cleanup

hashicorp · May 18, 2020 · 7fc5299 · 7fc5299
1 parent b1f4def
commit 7fc5299
Show file tree

Hide file tree

Showing 3 changed files with 75 additions and 14 deletions.
diff --git a/azurerm/internal/services/datafactory/data_factory_linked_service_key_vault_resource.go b/azurerm/internal/services/datafactory/data_factory_linked_service_key_vault_resource.go
@@ -12,6 +12,7 @@ import (
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
+	keyVaultParse "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/parse"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
 )
@@ -53,10 +54,10 @@ func resourceArmDataFactoryLinkedServiceKeyVault() *schema.Resource {
 			// BUG: https://github.com/Azure/azure-rest-api-specs/issues/5788
 			"resource_group_name": azure.SchemaResourceGroupNameDiffSuppress(),
 
-			"base_url": {
+			"key_vault_id": {
 				Type:         schema.TypeString,
 				Required:     true,
-				ValidateFunc: validation.IsURLWithHTTPS,
+				ValidateFunc: azure.ValidateResourceID,
 			},
 
 			"description": {
@@ -100,12 +101,23 @@ func resourceArmDataFactoryLinkedServiceKeyVault() *schema.Resource {
 
 func resourceArmDataFactoryLinkedServiceKeyVaultCreateUpdate(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*clients.Client).DataFactory.LinkedServiceClient
+	vaultClient := meta.(*clients.Client).KeyVault.VaultsClient
 	ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d)
 	defer cancel()
 
 	name := d.Get("name").(string)
 	dataFactoryName := d.Get("data_factory_name").(string)
 	resourceGroup := d.Get("resource_group_name").(string)
+	keyVaultIdRaw := d.Get("key_vault_id").(string)
+	_, err := keyVaultParse.KeyVaultID(keyVaultIdRaw)
+	if err != nil {
+		return err
+	}
+
+	keyVaultBaseUri, err := azure.GetKeyVaultBaseUrlFromID(ctx, vaultClient, keyVaultIdRaw)
+	if err != nil {
+		return fmt.Errorf("Error looking up Key %q vault url from id %q: %+v", name, keyVaultIdRaw, err)
+	}
 
 	if d.IsNewResource() {
 		existing, err := client.Get(ctx, resourceGroup, dataFactoryName, name, "")
@@ -121,7 +133,7 @@ func resourceArmDataFactoryLinkedServiceKeyVaultCreateUpdate(d *schema.ResourceD
 	}
 
 	azureKeyVaultProperties := &datafactory.AzureKeyVaultLinkedServiceTypeProperties{
-		BaseURL: utils.String(d.Get("base_url").(string)),
+		BaseURL: utils.String(keyVaultBaseUri),
 	}
 
 	azureKeyVaultLinkedService := &datafactory.AzureKeyVaultLinkedService{
@@ -171,6 +183,7 @@ func resourceArmDataFactoryLinkedServiceKeyVaultCreateUpdate(d *schema.ResourceD
 
 func resourceArmDataFactoryLinkedServiceKeyVaultRead(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*clients.Client).DataFactory.LinkedServiceClient
+	vaultClient := meta.(*clients.Client).KeyVault.VaultsClient
 	ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
 	defer cancel()
 
@@ -231,7 +244,13 @@ func resourceArmDataFactoryLinkedServiceKeyVaultRead(d *schema.ResourceData, met
 			}
 		}
 	}
-	d.Set("base_url", baseUrl)
+
+	keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, vaultClient, baseUrl)
+	if err != nil {
+		return fmt.Errorf("Error looking up Key Vault id from url %q: %+v", baseUrl, err)
+	}
+
+	d.Set("key_vault_id", keyVaultId)
 
 	return nil
 }

diff --git a/...nternal/services/datafactory/tests/data_factory_linked_service_key_vault_resource_test.go b/...nternal/services/datafactory/tests/data_factory_linked_service_key_vault_resource_test.go
@@ -128,11 +128,22 @@ provider "azurerm" {
   features {}
 }
 
+data "azurerm_client_config" "current" {
+}
+
 resource "azurerm_resource_group" "test" {
   name     = "acctestRG-%d"
   location = "%s"
 }
 
+resource "azurerm_key_vault" "test" {
+  name                = "atkv%d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+  tenant_id           = data.azurerm_client_config.current.tenant_id
+  sku_name            = "standard"
+}
+
 resource "azurerm_data_factory" "test" {
   name                = "acctestdf%d"
   location            = azurerm_resource_group.test.location
@@ -143,9 +154,9 @@ resource "azurerm_data_factory_linked_service_key_vault" "test" {
   name                = "acctestlskv%d"
   resource_group_name = azurerm_resource_group.test.name
   data_factory_name   = azurerm_data_factory.test.name
-  base_url            = "https://myakv.vault.azure.net"
+  key_vault_id        = azurerm_key_vault.test.id
 }
-`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger)
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger)
 }
 
 func testAccAzureRMDataFactoryLinkedServiceKeyVault_update1(data acceptance.TestData) string {
@@ -154,11 +165,22 @@ provider "azurerm" {
   features {}
 }
 
+data "azurerm_client_config" "current" {
+}
+
 resource "azurerm_resource_group" "test" {
   name     = "acctestRG-%d"
   location = "%s"
 }
 
+resource "azurerm_key_vault" "test" {
+  name                = "atkv%d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+  tenant_id           = data.azurerm_client_config.current.tenant_id
+  sku_name            = "standard"
+}
+
 resource "azurerm_data_factory" "test" {
   name                = "acctestdf%d"
   location            = azurerm_resource_group.test.location
@@ -169,7 +191,7 @@ resource "azurerm_data_factory_linked_service_key_vault" "test" {
   name                = "acctestlskv%d"
   resource_group_name = azurerm_resource_group.test.name
   data_factory_name   = azurerm_data_factory.test.name
-  base_url            = "https://myakv.vault.azure.net"
+  key_vault_id        = azurerm_key_vault.test.id
   annotations         = ["test1", "test2", "test3"]
   description         = "test description"
 
@@ -183,7 +205,7 @@ resource "azurerm_data_factory_linked_service_key_vault" "test" {
     bar = "test2"
   }
 }
-`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger)
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger)
 }
 
 func testAccAzureRMDataFactoryLinkedServiceKeyVault_update2(data acceptance.TestData) string {
@@ -192,11 +214,22 @@ provider "azurerm" {
   features {}
 }
 
+data "azurerm_client_config" "current" {
+}
+
 resource "azurerm_resource_group" "test" {
   name     = "acctestRG-%d"
   location = "%s"
 }
 
+resource "azurerm_key_vault" "test" {
+  name                = "atkv%d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+  tenant_id           = data.azurerm_client_config.current.tenant_id
+  sku_name            = "standard"
+}
+
 resource "azurerm_data_factory" "test" {
   name                = "acctestdf%d"
   location            = azurerm_resource_group.test.location
@@ -207,7 +240,7 @@ resource "azurerm_data_factory_linked_service_key_vault" "test" {
   name                = "acctestlskv%d"
   resource_group_name = azurerm_resource_group.test.name
   data_factory_name   = azurerm_data_factory.test.name
-  base_url            = "https://myakv.vault.azure.net"
+  key_vault_id        = azurerm_key_vault.test.id
   annotations         = ["test1", "test2"]
   description         = "test description 2"
 
@@ -221,5 +254,5 @@ resource "azurerm_data_factory_linked_service_key_vault" "test" {
     foo = "test1"
   }
 }
-`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger)
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger)
 }
diff --git a/website/docs/r/data_factory_linked_service_key_vault.html.markdown b/website/docs/r/data_factory_linked_service_key_vault.html.markdown
@@ -10,16 +10,25 @@ description: |-
 
 Manages a Linked Service (connection) between Key Vault and Azure Data Factory.
 
-~> **Note:** All arguments including the base_url will be stored in the raw state as plain-text. [Read more about sensitive data in state](/docs/state/sensitive-data.html).
-
 ## Example Usage
 
 ```hcl
+data "azurerm_client_config" "current" {
+}
+
 resource "azurerm_resource_group" "example" {
   name     = "example-resources"
   location = "eastus"
 }
 
+resource "azurerm_key_vault" "example" {
+  name                = "example"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+  tenant_id           = data.azurerm_client_config.current.tenant_id
+  sku_name            = "standard"
+}
+
 resource "azurerm_data_factory" "example" {
   name                = "example"
   location            = azurerm_resource_group.example.location
@@ -30,7 +39,7 @@ resource "azurerm_data_factory_linked_service_key_vault" "example" {
   name                = "example"
   resource_group_name = azurerm_resource_group.example.name
   data_factory_name   = azurerm_data_factory.example.name
-  base_url            = "https://myakv.vault.azure.net"
+  key_vault_id        = azurerm_key_vault.example.id
 }
 ```
 
@@ -44,7 +53,7 @@ The following arguments are supported:
 
 * `data_factory_name` - (Required) The Data Factory name in which to associate the Linked Service with. Changing this forces a new resource.
 
-* `base_url` - (Required) The base URL of the Azure Key Vault.
+* `key_vault_id` - (Required) The ID the Azure Key Vault resource.
 
 * `description` - (Optional) The description for the Data Factory Linked Service Key Vault.