Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azurerm_role_management_policy New resource & data source #25900

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

azurerm_role_management_policy New resource & data source #25900

wants to merge 6 commits into from

Conversation

oWretch
Copy link
Contributor

@oWretch oWretch commented May 8, 2024
edited by rcskosir

Community Note

  • Please vote on this PR by adding a 👍 reaction to the original PR to help the community and maintainers prioritize for review
  • Please do not leave "+1" or "me too" comments, they generate extra noise for PR followers and do not help prioritize for review

Description

Add support for managing the policies for PIM assignments to Azure resources. Based on the work in hashicorp/terraform-provider-azuread#1327.

Closes #23295 as this has not been updated for 7 months and has merge conflicts with main. I also thought code consistency would be nice between providers. Also closes #20496.

Fixes #19912, fixes #22766, fixes #23458, fixes hashicorp/terraform-provider-azuread#1186

PR Checklist

  • I have followed the guidelines in our Contributing Documentation.
  • I have checked to ensure there aren't other open Pull Requests for the same update/change.
  • I have checked if my changes close any open issues. If so please include appropriate closing keywords below.
  • I have updated/added Documentation as required written in a helpful and kind way to assist users that may be unfamiliar with the resource / data source.
  • I have used a meaningful PR title to help maintainers and other users understand this change and help prevent duplicate work.

Changes to existing Resource / Data Source

  • I have added an explanation of what my changes do and why I'd like you to include them (This may be covered by linking to an issue above, but may benefit from additional explanation).
  • I have written new tests for my resource or datasource changes & updated any relevent documentation.
  • I have successfully run tests with my changes locally. If not, please provide details on testing challenges that prevented you running the tests.

Testing

  • My submission includes Test coverage as described in the Contribution Guide and the tests pass. (if this is not possible for any reason, please include details of why you did or could not add test coverage)
terraform-provider-azurerm % make acctests SERVICE='authorization' TESTARGS='-run="TestRoleManagementPolicy(DataSource)?_"' TESTTIMEOUT='60m'
==> Checking that code complies with gofmt requirements...
==> Checking that Custom Timeouts are used...
==> Checking that acceptance test packages are used...
TF_ACC=1 go test -v ./internal/services/authorization -run="TestRoleManagementPolicy(DataSource)?_" -timeout 60m -ldflags="-X=github.com/hashicorp/terraform-provider-azurerm/version.ProviderVersion=acc"
=== RUN   TestRoleManagementPolicyDataSource_resourceGroup
=== PAUSE TestRoleManagementPolicyDataSource_resourceGroup
=== RUN   TestRoleManagementPolicyDataSource_managementGroup
=== PAUSE TestRoleManagementPolicyDataSource_managementGroup
=== RUN   TestRoleManagementPolicy_resourceGroup
=== PAUSE TestRoleManagementPolicy_resourceGroup
=== RUN   TestRoleManagementPolicy_managementGroup
=== PAUSE TestRoleManagementPolicy_managementGroup
=== CONT  TestRoleManagementPolicyDataSource_resourceGroup
=== CONT  TestRoleManagementPolicy_resourceGroup
=== CONT  TestRoleManagementPolicy_managementGroup
=== CONT  TestRoleManagementPolicyDataSource_managementGroup
--- PASS: TestRoleManagementPolicyDataSource_managementGroup (87.60s)
--- PASS: TestRoleManagementPolicy_managementGroup (126.46s)
--- PASS: TestRoleManagementPolicyDataSource_resourceGroup (134.63s)
--- PASS: TestRoleManagementPolicy_resourceGroup (241.30s)
PASS
ok      github.com/hashicorp/terraform-provider-azurerm/internal/services/authorization 244.468s

Change Log

Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.

This is a (please select all that apply):

  • Bug Fix
  • New Feature (ie adding a service, resource, or data source)
  • Enhancement
  • Breaking Change

@oWretch oWretch marked this pull request as ready for review May 9, 2024 02:58
manicminer
manicminer requested changes May 9, 2024
View reviewed changes
Copy link
Member

@manicminer manicminer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for working on this @oWretch. Whilst this duplicates #23295, this does appear to be more developed so I'll close that one out in favor of this PR.

I've made some comments inline, if you can take a look at these I'll happily circle back for another review.

Thanks!

internal/services/authorization/parse/role_management_policy.go Outdated Show resolved Hide resolved
internal/services/authorization/role_management_policy_data_source.go Outdated Show resolved Hide resolved
internal/services/authorization/role_management_policy_data_source.go Outdated
Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error {
client := metadata.Client.Authorization.RoleManagementPoliciesClient

var id *parse.RoleManagementPolicyId
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As above, we can use the ID type from the sdk here

internal/services/authorization/role_management_policy_data_source.go Outdated Show resolved Hide resolved
internal/services/authorization/role_management_policy_data_source.go Outdated
Comment on lines 579 to 588
Computed: true,
},
"default_recipients": {
Description: "Whether the default recipients are notified",
Type: pluginsdk.TypeBool,
Computed: true,
},
"additional_recipients": {
Description: "The additional recipients to notify",
Type: pluginsdk.TypeSet,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and these

internal/services/authorization/role_management_policy_data_source.go Outdated Show resolved Hide resolved
internal/services/authorization/role_management_policy_data_source.go Outdated Show resolved Hide resolved
website/docs/r/role_management_policy.html.markdown Outdated Show resolved Hide resolved
internal/services/authorization/role_management_policy_resource.go Outdated Show resolved Hide resolved
website/docs/r/role_management_policy.html.markdown Outdated Show resolved Hide resolved
@manicminer manicminer mentioned this pull request May 9, 2024
Closed
@oWretch oWretch requested a review from manicminer May 9, 2024 22:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@manicminer manicminer Awaiting requested review from manicminer

Assignees
No one assigned
Labels
dependencies documentation service/authorization size/XL
Projects
None yet
Milestone
No milestone
2 participants
@oWretch @manicminer