Skip to content

Commit

Permalink
azurerm_app_service_connection: CustomizeDiff is ineffective as most …
Browse files Browse the repository at this point in the history 
…computed values are unknown/zero at plan time
  • Loading branch information
@manicminer
manicminer committed Sep 25, 2024
1 parent 24276f6 commit e8d572c
Show file tree
Hide file tree
Showing 2 changed files with 102 additions and 105 deletions.
102 changes: 102 additions & 0 deletions internal/services/serviceconnector/helper.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,10 @@ func authInfoSchema() *pluginsdk.Schema {
}

func expandServiceConnectorAuthInfoForCreate(input []AuthInfoModel) (servicelinker.AuthInfoBase, error) {
if err := validateServiceConnectorAuthInfo(input); err != nil {
return nil, err
}

if len(input) == 0 {
return nil, nil
}
Expand Down Expand Up @@ -153,6 +157,10 @@ func expandServiceConnectorAuthInfoForCreate(input []AuthInfoModel) (servicelink
}

func expandServiceConnectorAuthInfoForUpdate(input []AuthInfoModel) (links.AuthInfoBase, error) {
if err := validateServiceConnectorAuthInfo(input); err != nil {
return nil, err
}

if len(input) == 0 {
return nil, nil
}
Expand Down Expand Up @@ -194,6 +202,100 @@ func expandServiceConnectorAuthInfoForUpdate(input []AuthInfoModel) (links.AuthI
return nil, fmt.Errorf("unrecognised authentication type: %q", in.Type)
}

func validateServiceConnectorAuthInfo(input []AuthInfoModel) error {
if len(input) > 0 {
authInfo := input[0]
switch servicelinker.AuthType(authInfo.Type) {
case servicelinker.AuthTypeSecret:
if authInfo.ClientId != "" {
return fmt.Errorf("`client_id` cannot be set when `type` is set to `Secret`")
}
if authInfo.SubscriptionId != "" {
return fmt.Errorf("`subscription_id` cannot be set when `type` is set to `Secret`")
}
if authInfo.PrincipalId != "" {
return fmt.Errorf("`principal_id` cannot be set when `type` is set to `Secret`")
}
if authInfo.Certificate != "" {
return fmt.Errorf("`certificate` cannot be set when `type` is set to `Secret`")
}
if authInfo.Name != "" && authInfo.Secret == "" {
return fmt.Errorf("`name` cannot be set when `secret` is empty")
}
if authInfo.Name == "" && authInfo.Secret != "" {
return fmt.Errorf("`secret` cannot be set when `name` is empty")
}

case servicelinker.AuthTypeSystemAssignedIdentity:
if authInfo.Name != "" || authInfo.Secret != "" || authInfo.ClientId != "" || authInfo.SubscriptionId != "" || authInfo.PrincipalId != "" || authInfo.Certificate != "" {
return fmt.Errorf("no other authentication parameters should be set when `type` is set to `SystemIdentity`")
}

case servicelinker.AuthTypeServicePrincipalSecret:
if authInfo.ClientId == "" {
return fmt.Errorf("`client_id` must be specified when `type` is set to `ServicePrincipal`")
}
if authInfo.PrincipalId == "" {
return fmt.Errorf("`principal_id` must be specified when `type` is set to `ServicePrincipal`")
}
if authInfo.Secret == "" {
return fmt.Errorf("`secret` must be specified when `type` is set to `ServicePrincipal`")
}
if authInfo.SubscriptionId != "" {
return fmt.Errorf("`subscription_id` cannot be set when `type` is set to `ServicePrincipal`")
}
if authInfo.Name != "" {
return fmt.Errorf("`name` cannot be set when `type` is set to `ServicePrincipal`")
}
if authInfo.Certificate != "" {
return fmt.Errorf("`certificate` cannot be set when `type` is set to `ServicePrincipal`")
}

case servicelinker.AuthTypeServicePrincipalCertificate:
if authInfo.ClientId == "" {
return fmt.Errorf("`client_id` must be specified when `type` is set to `ServicePrincipalCertificate`")
}
if authInfo.PrincipalId == "" {
return fmt.Errorf("`principal_id` must be specified when `type` is set to `ServicePrincipalCertificate`")
}
if authInfo.Certificate == "" {
return fmt.Errorf("`certificate` must be specified when `type` is set to `ServicePrincipalCertificate`")
}
if authInfo.SubscriptionId != "" {
return fmt.Errorf("`subscription_id` cannot be set when `type` is set to `ServicePrincipalCertificate`")
}
if authInfo.Name != "" {
return fmt.Errorf("`name` cannot be set when `type` is set to `ServicePrincipalCertificate`")
}
if authInfo.Secret != "" {
return fmt.Errorf("`secret` cannot be set when `type` is set to `ServicePrincipalCertificate`")
}

case servicelinker.AuthTypeUserAssignedIdentity:
if authInfo.PrincipalId != "" {
return fmt.Errorf("`principal_id` cannot be set when `type` is set to `UserIdentity`")
}
if authInfo.Certificate != "" {
return fmt.Errorf("`certificate` cannot be set when `type` is set to `UserIdentity`")
}
if authInfo.Name != "" {
return fmt.Errorf("`name` cannot be set when `type` is set to `UserIdentity`")
}
if authInfo.Secret != "" {
return fmt.Errorf("`secret` cannot be set when `type` is set to `UserIdentity`")
}
if authInfo.ClientId == "" && authInfo.SubscriptionId != "" {
return fmt.Errorf("`subscription_id` cannot be set when `client_id` is empty")
}
if authInfo.ClientId != "" && authInfo.SubscriptionId == "" {
return fmt.Errorf("`client_id` cannot be set when `subscription_id` is empty")
}
}
}

return nil
}

func expandSecretStore(input []SecretStoreModel) *servicelinker.SecretStore {
if len(input) == 0 {
return nil
Expand Down
105 changes: 0 additions & 105 deletions internal/services/serviceconnector/service_connector_app_service_resource.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ import (
"github.com/hashicorp/terraform-provider-azurerm/utils"
)

var _ sdk.ResourceWithCustomizeDiff = AppServiceConnectorResource{}
var _ sdk.ResourceWithUpdate = AppServiceConnectorResource{}

type AppServiceConnectorResource struct{}
Expand Down Expand Up @@ -105,110 +104,6 @@ func (r AppServiceConnectorResource) ResourceType() string {
return "azurerm_app_service_connection"
}

func (r AppServiceConnectorResource) CustomizeDiff() sdk.ResourceFunc {
return sdk.ResourceFunc{
Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error {
var model AppServiceConnectorResourceModel
if err := metadata.DecodeDiff(&model); err != nil {
return err
}

if len(model.AuthInfo) > 0 {
authInfo := model.AuthInfo[0]
switch servicelinker.AuthType(authInfo.Type) {
case servicelinker.AuthTypeSecret:
if authInfo.ClientId != "" {
return fmt.Errorf("`client_id` cannot be set when `type` is set to `Secret`")
}
if authInfo.SubscriptionId != "" {
return fmt.Errorf("`subscription_id` cannot be set when `type` is set to `Secret`")
}
if authInfo.PrincipalId != "" {
return fmt.Errorf("`principal_id` cannot be set when `type` is set to `Secret`")
}
if authInfo.Certificate != "" {
return fmt.Errorf("`certificate` cannot be set when `type` is set to `Secret`")
}
if authInfo.Name != "" && authInfo.Secret == "" {
return fmt.Errorf("`name` cannot be set when `secret` is empty")
}
if authInfo.Name == "" && authInfo.Secret != "" {
return fmt.Errorf("`secret` cannot be set when `name` is empty")
}

case servicelinker.AuthTypeSystemAssignedIdentity:
if authInfo.Name != "" || authInfo.Secret != "" || authInfo.ClientId != "" || authInfo.SubscriptionId != "" || authInfo.PrincipalId != "" || authInfo.Certificate != "" {
return fmt.Errorf("no other authentication parameters should be set when `type` is set to `SystemIdentity`")
}

case servicelinker.AuthTypeServicePrincipalSecret:
if authInfo.ClientId == "" {
return fmt.Errorf("`client_id` must be specified when `type` is set to `ServicePrincipal`")
}
if authInfo.PrincipalId == "" {
return fmt.Errorf("`principal_id` must be specified when `type` is set to `ServicePrincipal`")
}
if authInfo.Secret == "" {
return fmt.Errorf("`secret` must be specified when `type` is set to `ServicePrincipal`")
}
if authInfo.SubscriptionId != "" {
return fmt.Errorf("`subscription_id` cannot be set when `type` is set to `ServicePrincipal`")
}
if authInfo.Name != "" {
return fmt.Errorf("`name` cannot be set when `type` is set to `ServicePrincipal`")
}
if authInfo.Certificate != "" {
return fmt.Errorf("`certificate` cannot be set when `type` is set to `ServicePrincipal`")
}

case servicelinker.AuthTypeServicePrincipalCertificate:
if authInfo.ClientId == "" {
return fmt.Errorf("`client_id` must be specified when `type` is set to `ServicePrincipalCertificate`")
}
if authInfo.PrincipalId == "" {
return fmt.Errorf("`principal_id` must be specified when `type` is set to `ServicePrincipalCertificate`")
}
if authInfo.Certificate == "" {
return fmt.Errorf("`certificate` must be specified when `type` is set to `ServicePrincipalCertificate`")
}
if authInfo.SubscriptionId != "" {
return fmt.Errorf("`subscription_id` cannot be set when `type` is set to `ServicePrincipalCertificate`")
}
if authInfo.Name != "" {
return fmt.Errorf("`name` cannot be set when `type` is set to `ServicePrincipalCertificate`")
}
if authInfo.Secret != "" {
return fmt.Errorf("`secret` cannot be set when `type` is set to `ServicePrincipalCertificate`")
}

case servicelinker.AuthTypeUserAssignedIdentity:
if authInfo.PrincipalId != "" {
return fmt.Errorf("`principal_id` cannot be set when `type` is set to `UserIdentity`")
}
if authInfo.Certificate != "" {
return fmt.Errorf("`certificate` cannot be set when `type` is set to `UserIdentity`")
}
if authInfo.Name != "" {
return fmt.Errorf("`name` cannot be set when `type` is set to `UserIdentity`")
}
if authInfo.Secret != "" {
return fmt.Errorf("`secret` cannot be set when `type` is set to `UserIdentity`")
}
if authInfo.ClientId == "" && authInfo.SubscriptionId != "" {
return fmt.Errorf("`subscription_id` cannot be set when `client_id` is empty")
}
if authInfo.ClientId != "" && authInfo.SubscriptionId == "" {
return fmt.Errorf("`client_id` cannot be set when `subscription_id` is empty")
}
}
}

return nil
},
Timeout: 5 * time.Minute,
}
}

func (r AppServiceConnectorResource) Create() sdk.ResourceFunc {
return sdk.ResourceFunc{
Timeout: 30 * time.Minute,
Expand Down

0 comments on commit e8d572c

Please sign in to comment.