diff --git a/azurerm/internal/services/datafactory/data_factory_linked_service_key_vault_resource.go b/azurerm/internal/services/datafactory/data_factory_linked_service_key_vault_resource.go index 268a66ba29e7..6df8a4c37d98 100644 --- a/azurerm/internal/services/datafactory/data_factory_linked_service_key_vault_resource.go +++ b/azurerm/internal/services/datafactory/data_factory_linked_service_key_vault_resource.go @@ -12,6 +12,7 @@ import ( "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" + keyVaultParse "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/parse" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" ) @@ -53,10 +54,10 @@ func resourceArmDataFactoryLinkedServiceKeyVault() *schema.Resource { // BUG: https://github.com/Azure/azure-rest-api-specs/issues/5788 "resource_group_name": azure.SchemaResourceGroupNameDiffSuppress(), - "base_url": { + "key_vault_id": { Type: schema.TypeString, Required: true, - ValidateFunc: validation.IsURLWithHTTPS, + ValidateFunc: azure.ValidateResourceID, }, "description": { @@ -100,12 +101,23 @@ func resourceArmDataFactoryLinkedServiceKeyVault() *schema.Resource { func resourceArmDataFactoryLinkedServiceKeyVaultCreateUpdate(d *schema.ResourceData, meta interface{}) error { client := meta.(*clients.Client).DataFactory.LinkedServiceClient + vaultClient := meta.(*clients.Client).KeyVault.VaultsClient ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d) defer cancel() name := d.Get("name").(string) dataFactoryName := d.Get("data_factory_name").(string) resourceGroup := d.Get("resource_group_name").(string) + keyVaultIdRaw := d.Get("key_vault_id").(string) + _, err := keyVaultParse.KeyVaultID(keyVaultIdRaw) + if err != nil { + return err + } + + keyVaultBaseUri, err := azure.GetKeyVaultBaseUrlFromID(ctx, vaultClient, keyVaultIdRaw) + if err != nil { + return fmt.Errorf("Error looking up Key %q vault url from id %q: %+v", name, keyVaultIdRaw, err) + } if d.IsNewResource() { existing, err := client.Get(ctx, resourceGroup, dataFactoryName, name, "") @@ -121,7 +133,7 @@ func resourceArmDataFactoryLinkedServiceKeyVaultCreateUpdate(d *schema.ResourceD } azureKeyVaultProperties := &datafactory.AzureKeyVaultLinkedServiceTypeProperties{ - BaseURL: utils.String(d.Get("base_url").(string)), + BaseURL: utils.String(keyVaultBaseUri), } azureKeyVaultLinkedService := &datafactory.AzureKeyVaultLinkedService{ @@ -171,6 +183,7 @@ func resourceArmDataFactoryLinkedServiceKeyVaultCreateUpdate(d *schema.ResourceD func resourceArmDataFactoryLinkedServiceKeyVaultRead(d *schema.ResourceData, meta interface{}) error { client := meta.(*clients.Client).DataFactory.LinkedServiceClient + vaultClient := meta.(*clients.Client).KeyVault.VaultsClient ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() @@ -231,7 +244,13 @@ func resourceArmDataFactoryLinkedServiceKeyVaultRead(d *schema.ResourceData, met } } } - d.Set("base_url", baseUrl) + + keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, vaultClient, baseUrl) + if err != nil { + return fmt.Errorf("Error looking up Key Vault id from url %q: %+v", baseUrl, err) + } + + d.Set("key_vault_id", keyVaultId) return nil } diff --git a/azurerm/internal/services/datafactory/tests/data_factory_linked_service_key_vault_resource_test.go b/azurerm/internal/services/datafactory/tests/data_factory_linked_service_key_vault_resource_test.go index e0eac9f194f7..f3ccd84def29 100644 --- a/azurerm/internal/services/datafactory/tests/data_factory_linked_service_key_vault_resource_test.go +++ b/azurerm/internal/services/datafactory/tests/data_factory_linked_service_key_vault_resource_test.go @@ -128,11 +128,22 @@ provider "azurerm" { features {} } +data "azurerm_client_config" "current" { +} + resource "azurerm_resource_group" "test" { name = "acctestRG-%d" location = "%s" } +resource "azurerm_key_vault" "test" { + name = "atkv%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + tenant_id = data.azurerm_client_config.current.tenant_id + sku_name = "standard" +} + resource "azurerm_data_factory" "test" { name = "acctestdf%d" location = azurerm_resource_group.test.location @@ -143,9 +154,9 @@ resource "azurerm_data_factory_linked_service_key_vault" "test" { name = "acctestlskv%d" resource_group_name = azurerm_resource_group.test.name data_factory_name = azurerm_data_factory.test.name - base_url = "https://myakv.vault.azure.net" + key_vault_id = azurerm_key_vault.test.id } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger) } func testAccAzureRMDataFactoryLinkedServiceKeyVault_update1(data acceptance.TestData) string { @@ -154,11 +165,22 @@ provider "azurerm" { features {} } +data "azurerm_client_config" "current" { +} + resource "azurerm_resource_group" "test" { name = "acctestRG-%d" location = "%s" } +resource "azurerm_key_vault" "test" { + name = "atkv%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + tenant_id = data.azurerm_client_config.current.tenant_id + sku_name = "standard" +} + resource "azurerm_data_factory" "test" { name = "acctestdf%d" location = azurerm_resource_group.test.location @@ -169,7 +191,7 @@ resource "azurerm_data_factory_linked_service_key_vault" "test" { name = "acctestlskv%d" resource_group_name = azurerm_resource_group.test.name data_factory_name = azurerm_data_factory.test.name - base_url = "https://myakv.vault.azure.net" + key_vault_id = azurerm_key_vault.test.id annotations = ["test1", "test2", "test3"] description = "test description" @@ -183,7 +205,7 @@ resource "azurerm_data_factory_linked_service_key_vault" "test" { bar = "test2" } } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger) } func testAccAzureRMDataFactoryLinkedServiceKeyVault_update2(data acceptance.TestData) string { @@ -192,11 +214,22 @@ provider "azurerm" { features {} } +data "azurerm_client_config" "current" { +} + resource "azurerm_resource_group" "test" { name = "acctestRG-%d" location = "%s" } +resource "azurerm_key_vault" "test" { + name = "atkv%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + tenant_id = data.azurerm_client_config.current.tenant_id + sku_name = "standard" +} + resource "azurerm_data_factory" "test" { name = "acctestdf%d" location = azurerm_resource_group.test.location @@ -207,7 +240,7 @@ resource "azurerm_data_factory_linked_service_key_vault" "test" { name = "acctestlskv%d" resource_group_name = azurerm_resource_group.test.name data_factory_name = azurerm_data_factory.test.name - base_url = "https://myakv.vault.azure.net" + key_vault_id = azurerm_key_vault.test.id annotations = ["test1", "test2"] description = "test description 2" @@ -221,5 +254,5 @@ resource "azurerm_data_factory_linked_service_key_vault" "test" { foo = "test1" } } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger) } diff --git a/website/docs/r/data_factory_linked_service_key_vault.html.markdown b/website/docs/r/data_factory_linked_service_key_vault.html.markdown index 9de3ae1d7157..99ade87451f3 100644 --- a/website/docs/r/data_factory_linked_service_key_vault.html.markdown +++ b/website/docs/r/data_factory_linked_service_key_vault.html.markdown @@ -10,16 +10,25 @@ description: |- Manages a Linked Service (connection) between Key Vault and Azure Data Factory. -~> **Note:** All arguments including the base_url will be stored in the raw state as plain-text. [Read more about sensitive data in state](/docs/state/sensitive-data.html). - ## Example Usage ```hcl +data "azurerm_client_config" "current" { +} + resource "azurerm_resource_group" "example" { name = "example-resources" location = "eastus" } +resource "azurerm_key_vault" "example" { + name = "example" + location = azurerm_resource_group.example.location + resource_group_name = azurerm_resource_group.example.name + tenant_id = data.azurerm_client_config.current.tenant_id + sku_name = "standard" +} + resource "azurerm_data_factory" "example" { name = "example" location = azurerm_resource_group.example.location @@ -30,7 +39,7 @@ resource "azurerm_data_factory_linked_service_key_vault" "example" { name = "example" resource_group_name = azurerm_resource_group.example.name data_factory_name = azurerm_data_factory.example.name - base_url = "https://myakv.vault.azure.net" + key_vault_id = azurerm_key_vault.example.id } ``` @@ -44,7 +53,7 @@ The following arguments are supported: * `data_factory_name` - (Required) The Data Factory name in which to associate the Linked Service with. Changing this forces a new resource. -* `base_url` - (Required) The base URL of the Azure Key Vault. +* `key_vault_id` - (Required) The ID the Azure Key Vault resource. * `description` - (Optional) The description for the Data Factory Linked Service Key Vault.