Support auto-approval of Synapse managed private endpoints

Signed-off-by: Owen Farrell <[email protected]>
hashicorp · Sep 1, 2022 · 22fe1df · 22fe1df
1 parent 2bceac5
commit 22fe1df
Show file tree

Hide file tree

Showing 98 changed files with 6,170 additions and 60 deletions.
diff --git a/internal/services/cognitive/client/client.go b/internal/services/cognitive/client/client.go
@@ -2,18 +2,24 @@ package client
 
 import (
 	"github.com/hashicorp/go-azure-sdk/resource-manager/cognitive/2021-04-30/cognitiveservicesaccounts"
+	"github.com/hashicorp/go-azure-sdk/resource-manager/cognitive/2021-04-30/privateendpointconnections"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/common"
 )
 
 type Client struct {
-	AccountsClient *cognitiveservicesaccounts.CognitiveServicesAccountsClient
+	AccountsClient                   *cognitiveservicesaccounts.CognitiveServicesAccountsClient
+	PrivateEndpointConnectionsClient *privateendpointconnections.PrivateEndpointConnectionsClient
 }
 
 func NewClient(o *common.ClientOptions) *Client {
 	accountsClient := cognitiveservicesaccounts.NewCognitiveServicesAccountsClientWithBaseURI(o.ResourceManagerEndpoint)
 	o.ConfigureClient(&accountsClient.Client, o.ResourceManagerAuthorizer)
 
+	privateEndpointConnectionsClient := privateendpointconnections.NewPrivateEndpointConnectionsClientWithBaseURI(o.ResourceManagerEndpoint)
+	o.ConfigureClient(&privateEndpointConnectionsClient.Client, o.ResourceManagerAuthorizer)
+
 	return &Client{
-		AccountsClient: &accountsClient,
+		AccountsClient:                   &accountsClient,
+		PrivateEndpointConnectionsClient: &privateEndpointConnectionsClient,
 	}
 }
diff --git a/internal/services/cosmos/client/client.go b/internal/services/cosmos/client/client.go
@@ -15,6 +15,7 @@ type Client struct {
 	GremlinClient                    *documentdb.GremlinResourcesClient
 	MongoDbClient                    *documentdb.MongoDBResourcesClient
 	NotebookWorkspaceClient          *documentdb.NotebookWorkspacesClient
+	PrivateEndpointConnectionClient  *documentdb.PrivateEndpointConnectionsClient
 	RestorableDatabaseAccountsClient *documentdb.RestorableDatabaseAccountsClient
 	SqlDedicatedGatewayClient        *sqldedicatedgateway.SqlDedicatedGatewayClient
 	SqlClient                        *documentdb.SQLResourcesClient
@@ -44,6 +45,9 @@ func NewClient(o *common.ClientOptions) *Client {
 	notebookWorkspaceClient := documentdb.NewNotebookWorkspacesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
 	o.ConfigureClient(&notebookWorkspaceClient.Client, o.ResourceManagerAuthorizer)
 
+	privateEndpointConnectionClient := documentdb.NewPrivateEndpointConnectionsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+	o.ConfigureClient(&privateEndpointConnectionClient.Client, o.ResourceManagerAuthorizer)
+
 	restorableDatabaseAccountsClient := documentdb.NewRestorableDatabaseAccountsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
 	o.ConfigureClient(&restorableDatabaseAccountsClient.Client, o.ResourceManagerAuthorizer)
 
@@ -67,6 +71,7 @@ func NewClient(o *common.ClientOptions) *Client {
 		GremlinClient:                    &gremlinClient,
 		MongoDbClient:                    &mongoDbClient,
 		NotebookWorkspaceClient:          &notebookWorkspaceClient,
+		PrivateEndpointConnectionClient:  &privateEndpointConnectionClient,
 		RestorableDatabaseAccountsClient: &restorableDatabaseAccountsClient,
 		SqlDedicatedGatewayClient:        &sqlDedicatedGatewayClient,
 		SqlClient:                        &sqlClient,

diff --git a/internal/services/keyvault/client/client.go b/internal/services/keyvault/client/client.go
@@ -7,10 +7,11 @@ import (
 )
 
 type Client struct {
-	ManagedHsmClient *keyvault.ManagedHsmsClient
-	ManagementClient *keyvaultmgmt.BaseClient
-	VaultsClient     *keyvault.VaultsClient
-	options          *common.ClientOptions
+	ManagedHsmClient                 *keyvault.ManagedHsmsClient
+	ManagementClient                 *keyvaultmgmt.BaseClient
+	PrivateEndpointConnectionsClient *keyvault.PrivateEndpointConnectionsClient
+	VaultsClient                     *keyvault.VaultsClient
+	options                          *common.ClientOptions
 }
 
 func NewClient(o *common.ClientOptions) *Client {
@@ -20,14 +21,18 @@ func NewClient(o *common.ClientOptions) *Client {
 	managementClient := keyvaultmgmt.New()
 	o.ConfigureClient(&managementClient.Client, o.KeyVaultAuthorizer)
 
+	privateEndpointConnectionsClient := keyvault.NewPrivateEndpointConnectionsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+	o.ConfigureClient(&privateEndpointConnectionsClient.Client, o.ResourceManagerAuthorizer)
+
 	vaultsClient := keyvault.NewVaultsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
 	o.ConfigureClient(&vaultsClient.Client, o.ResourceManagerAuthorizer)
 
 	return &Client{
-		ManagedHsmClient: &managedHsmClient,
-		ManagementClient: &managementClient,
-		VaultsClient:     &vaultsClient,
-		options:          o,
+		ManagedHsmClient:                 &managedHsmClient,
+		ManagementClient:                 &managementClient,
+		PrivateEndpointConnectionsClient: &privateEndpointConnectionsClient,
+		VaultsClient:                     &vaultsClient,
+		options:                          o,
 	}
 }
 

diff --git a/internal/services/keyvault/parse/private_endpoint_connection.go b/internal/services/keyvault/parse/private_endpoint_connection.go
@@ -0,0 +1,75 @@
+package parse
+
+// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/go-azure-helpers/resourcemanager/resourceids"
+)
+
+type PrivateEndpointConnectionId struct {
+	SubscriptionId string
+	ResourceGroup  string
+	VaultName      string
+	Name           string
+}
+
+func NewPrivateEndpointConnectionID(subscriptionId, resourceGroup, vaultName, name string) PrivateEndpointConnectionId {
+	return PrivateEndpointConnectionId{
+		SubscriptionId: subscriptionId,
+		ResourceGroup:  resourceGroup,
+		VaultName:      vaultName,
+		Name:           name,
+	}
+}
+
+func (id PrivateEndpointConnectionId) String() string {
+	segments := []string{
+		fmt.Sprintf("Name %q", id.Name),
+		fmt.Sprintf("Vault Name %q", id.VaultName),
+		fmt.Sprintf("Resource Group %q", id.ResourceGroup),
+	}
+	segmentsStr := strings.Join(segments, " / ")
+	return fmt.Sprintf("%s: (%s)", "Private Endpoint Connection", segmentsStr)
+}
+
+func (id PrivateEndpointConnectionId) ID() string {
+	fmtString := "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.KeyVault/vaults/%s/privateEndpointConnections/%s"
+	return fmt.Sprintf(fmtString, id.SubscriptionId, id.ResourceGroup, id.VaultName, id.Name)
+}
+
+// PrivateEndpointConnectionID parses a PrivateEndpointConnection ID into an PrivateEndpointConnectionId struct
+func PrivateEndpointConnectionID(input string) (*PrivateEndpointConnectionId, error) {
+	id, err := resourceids.ParseAzureResourceID(input)
+	if err != nil {
+		return nil, err
+	}
+
+	resourceId := PrivateEndpointConnectionId{
+		SubscriptionId: id.SubscriptionID,
+		ResourceGroup:  id.ResourceGroup,
+	}
+
+	if resourceId.SubscriptionId == "" {
+		return nil, fmt.Errorf("ID was missing the 'subscriptions' element")
+	}
+
+	if resourceId.ResourceGroup == "" {
+		return nil, fmt.Errorf("ID was missing the 'resourceGroups' element")
+	}
+
+	if resourceId.VaultName, err = id.PopSegment("vaults"); err != nil {
+		return nil, err
+	}
+	if resourceId.Name, err = id.PopSegment("privateEndpointConnections"); err != nil {
+		return nil, err
+	}
+
+	if err := id.ValidateNoEmptySegments(input); err != nil {
+		return nil, err
+	}
+
+	return &resourceId, nil
+}
diff --git a/internal/services/keyvault/parse/private_endpoint_connection_test.go b/internal/services/keyvault/parse/private_endpoint_connection_test.go
@@ -0,0 +1,128 @@
+package parse
+
+// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten
+
+import (
+	"testing"
+
+	"github.com/hashicorp/go-azure-helpers/resourcemanager/resourceids"
+)
+
+var _ resourceids.Id = PrivateEndpointConnectionId{}
+
+func TestPrivateEndpointConnectionIDFormatter(t *testing.T) {
+	actual := NewPrivateEndpointConnectionID("12345678-1234-9876-4563-123456789012", "resGroup1", "vault1", "privateEndpointConnection1").ID()
+	expected := "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.KeyVault/vaults/vault1/privateEndpointConnections/privateEndpointConnection1"
+	if actual != expected {
+		t.Fatalf("Expected %q but got %q", expected, actual)
+	}
+}
+
+func TestPrivateEndpointConnectionID(t *testing.T) {
+	testData := []struct {
+		Input    string
+		Error    bool
+		Expected *PrivateEndpointConnectionId
+	}{
+
+		{
+			// empty
+			Input: "",
+			Error: true,
+		},
+
+		{
+			// missing SubscriptionId
+			Input: "/",
+			Error: true,
+		},
+
+		{
+			// missing value for SubscriptionId
+			Input: "/subscriptions/",
+			Error: true,
+		},
+
+		{
+			// missing ResourceGroup
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/",
+			Error: true,
+		},
+
+		{
+			// missing value for ResourceGroup
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/",
+			Error: true,
+		},
+
+		{
+			// missing VaultName
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.KeyVault/",
+			Error: true,
+		},
+
+		{
+			// missing value for VaultName
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.KeyVault/vaults/",
+			Error: true,
+		},
+
+		{
+			// missing Name
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.KeyVault/vaults/vault1/",
+			Error: true,
+		},
+
+		{
+			// missing value for Name
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.KeyVault/vaults/vault1/privateEndpointConnections/",
+			Error: true,
+		},
+
+		{
+			// valid
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.KeyVault/vaults/vault1/privateEndpointConnections/privateEndpointConnection1",
+			Expected: &PrivateEndpointConnectionId{
+				SubscriptionId: "12345678-1234-9876-4563-123456789012",
+				ResourceGroup:  "resGroup1",
+				VaultName:      "vault1",
+				Name:           "privateEndpointConnection1",
+			},
+		},
+
+		{
+			// upper-cased
+			Input: "/SUBSCRIPTIONS/12345678-1234-9876-4563-123456789012/RESOURCEGROUPS/RESGROUP1/PROVIDERS/MICROSOFT.KEYVAULT/VAULTS/VAULT1/PRIVATEENDPOINTCONNECTIONS/PRIVATEENDPOINTCONNECTION1",
+			Error: true,
+		},
+	}
+
+	for _, v := range testData {
+		t.Logf("[DEBUG] Testing %q", v.Input)
+
+		actual, err := PrivateEndpointConnectionID(v.Input)
+		if err != nil {
+			if v.Error {
+				continue
+			}
+
+			t.Fatalf("Expect a value but got an error: %s", err)
+		}
+		if v.Error {
+			t.Fatal("Expect an error but didn't get one")
+		}
+
+		if actual.SubscriptionId != v.Expected.SubscriptionId {
+			t.Fatalf("Expected %q but got %q for SubscriptionId", v.Expected.SubscriptionId, actual.SubscriptionId)
+		}
+		if actual.ResourceGroup != v.Expected.ResourceGroup {
+			t.Fatalf("Expected %q but got %q for ResourceGroup", v.Expected.ResourceGroup, actual.ResourceGroup)
+		}
+		if actual.VaultName != v.Expected.VaultName {
+			t.Fatalf("Expected %q but got %q for VaultName", v.Expected.VaultName, actual.VaultName)
+		}
+		if actual.Name != v.Expected.Name {
+			t.Fatalf("Expected %q but got %q for Name", v.Expected.Name, actual.Name)
+		}
+	}
+}
diff --git a/internal/services/keyvault/resourceids.go b/internal/services/keyvault/resourceids.go
@@ -2,6 +2,7 @@ package keyvault
 
 //go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=Vault -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.KeyVault/vaults/vault1
 //go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=ManagedHSM -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.KeyVault/managedHSMs/hsm1
+//go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=PrivateEndpointConnection -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.KeyVault/vaults/vault1/privateEndpointConnections/privateEndpointConnection1
 
 // KeyVault Access Policies are Terraform specific, but can be either an Object ID or an Application ID
 //go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=AccessPolicyApplication -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.KeyVault/vaults/vault1/objectId/object1/applicationId/application1

diff --git a/internal/services/keyvault/validate/private_endpoint_connection_id.go b/internal/services/keyvault/validate/private_endpoint_connection_id.go
@@ -0,0 +1,23 @@
+package validate
+
+// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/parse"
+)
+
+func PrivateEndpointConnectionID(input interface{}, key string) (warnings []string, errors []error) {
+	v, ok := input.(string)
+	if !ok {
+		errors = append(errors, fmt.Errorf("expected %q to be a string", key))
+		return
+	}
+
+	if _, err := parse.PrivateEndpointConnectionID(v); err != nil {
+		errors = append(errors, err)
+	}
+
+	return
+}