Merge pull request #10330 from terraform-providers/f/key-vault-cachin…

…g-part-ii keyvault: optimising the lookup/adding a cache for Key Vaults
hashicorp · Jan 27, 2021 · 6c0c80f · 6c0c80f
2 parents 2845dd8 + e4b790d
commit 6c0c80f
Show file tree

Hide file tree

Showing 22 changed files with 374 additions and 380 deletions.
diff --git a/azurerm/helpers/azure/key_vault.go b/azurerm/helpers/azure/key_vault.go
diff --git a/azurerm/internal/services/compute/disk_encryption_set_resource.go b/azurerm/internal/services/compute/disk_encryption_set_resource.go
@@ -7,15 +7,16 @@ import (
 	"time"
 
 	"github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2020-06-01/compute"
-	"github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2019-09-01/keyvault"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/compute/parse"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/client"
 	keyVaultParse "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/parse"
 	keyVaultValidate "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/validate"
+	resourcesClient "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/resource/client"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tags"
 	azSchema "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/schema"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts"
@@ -94,7 +95,8 @@ func resourceDiskEncryptionSet() *schema.Resource {
 
 func resourceDiskEncryptionSetCreate(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*clients.Client).Compute.DiskEncryptionSetsClient
-	vaultClient := meta.(*clients.Client).KeyVault.VaultsClient
+	keyVaultsClient := meta.(*clients.Client).KeyVault
+	resourcesClient := meta.(*clients.Client).Resource
 	ctx, cancel := timeouts.ForCreate(meta.(*clients.Client).StopContext, d)
 	defer cancel()
 
@@ -112,7 +114,7 @@ func resourceDiskEncryptionSetCreate(d *schema.ResourceData, meta interface{}) e
 	}
 
 	keyVaultKeyId := d.Get("key_vault_key_id").(string)
-	keyVaultDetails, err := diskEncryptionSetRetrieveKeyVault(ctx, vaultClient, keyVaultKeyId)
+	keyVaultDetails, err := diskEncryptionSetRetrieveKeyVault(ctx, keyVaultsClient, resourcesClient, keyVaultKeyId)
 	if err != nil {
 		return fmt.Errorf("Error validating Key Vault Key %q for Disk Encryption Set: %+v", keyVaultKeyId, err)
 	}
@@ -204,7 +206,8 @@ func resourceDiskEncryptionSetRead(d *schema.ResourceData, meta interface{}) err
 
 func resourceDiskEncryptionSetUpdate(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*clients.Client).Compute.DiskEncryptionSetsClient
-	vaultClient := meta.(*clients.Client).KeyVault.VaultsClient
+	keyVaultsClient := meta.(*clients.Client).KeyVault
+	resourcesClient := meta.(*clients.Client).Resource
 	ctx, cancel := timeouts.ForUpdate(meta.(*clients.Client).StopContext, d)
 	defer cancel()
 
@@ -220,7 +223,7 @@ func resourceDiskEncryptionSetUpdate(d *schema.ResourceData, meta interface{}) e
 
 	if d.HasChange("key_vault_key_id") {
 		keyVaultKeyId := d.Get("key_vault_key_id").(string)
-		keyVaultDetails, err := diskEncryptionSetRetrieveKeyVault(ctx, vaultClient, keyVaultKeyId)
+		keyVaultDetails, err := diskEncryptionSetRetrieveKeyVault(ctx, keyVaultsClient, resourcesClient, keyVaultKeyId)
 		if err != nil {
 			return fmt.Errorf("Error validating Key Vault Key %q for Disk Encryption Set: %+v", keyVaultKeyId, err)
 		}
@@ -312,30 +315,27 @@ type diskEncryptionSetKeyVault struct {
 	softDeleteEnabled      bool
 }
 
-func diskEncryptionSetRetrieveKeyVault(ctx context.Context, client *keyvault.VaultsClient, id string) (*diskEncryptionSetKeyVault, error) {
+func diskEncryptionSetRetrieveKeyVault(ctx context.Context, keyVaultsClient *client.Client, resourcesClient *resourcesClient.Client, id string) (*diskEncryptionSetKeyVault, error) {
 	keyVaultKeyId, err := keyVaultParse.ParseNestedItemID(id)
 	if err != nil {
 		return nil, err
 	}
-	keyVaultID, err := azure.GetKeyVaultIDFromBaseUrl(ctx, client, keyVaultKeyId.KeyVaultBaseUrl)
+	keyVaultID, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, keyVaultKeyId.KeyVaultBaseUrl)
 	if err != nil {
 		return nil, fmt.Errorf("Error retrieving the Resource ID the Key Vault at URL %q: %s", keyVaultKeyId.KeyVaultBaseUrl, err)
 	}
 	if keyVaultID == nil {
 		return nil, fmt.Errorf("Unable to determine the Resource ID for the Key Vault at URL %q", keyVaultKeyId.KeyVaultBaseUrl)
 	}
 
-	// TODO: use keyvault's custom ID parse function when implemented
-	parsedKeyVaultID, err := azure.ParseAzureResourceID(*keyVaultID)
+	parsedKeyVaultID, err := keyVaultParse.VaultID(*keyVaultID)
 	if err != nil {
-		return nil, fmt.Errorf("Error parsing ID for keyvault in Disk Encryption Set: %+v", err)
+		return nil, err
 	}
-	resourceGroup := parsedKeyVaultID.ResourceGroup
-	vaultName := parsedKeyVaultID.Path["vaults"]
 
-	resp, err := client.Get(ctx, resourceGroup, vaultName)
+	resp, err := keyVaultsClient.VaultsClient.Get(ctx, parsedKeyVaultID.ResourceGroup, parsedKeyVaultID.Name)
 	if err != nil {
-		return nil, fmt.Errorf("Error retrieving KeyVault %q (Resource Group %q): %+v", vaultName, resourceGroup, err)
+		return nil, fmt.Errorf("retrieving %s: %+v", *parsedKeyVaultID, err)
 	}
 
 	purgeProtectionEnabled := false
@@ -353,8 +353,8 @@ func diskEncryptionSetRetrieveKeyVault(ctx context.Context, client *keyvault.Vau
 
 	return &diskEncryptionSetKeyVault{
 		keyVaultId:             *keyVaultID,
-		resourceGroupName:      resourceGroup,
-		keyVaultName:           vaultName,
+		resourceGroupName:      parsedKeyVaultID.ResourceGroup,
+		keyVaultName:           parsedKeyVaultID.Name,
 		purgeProtectionEnabled: purgeProtectionEnabled,
 		softDeleteEnabled:      softDeleteEnabled,
 	}, nil

diff --git a/azurerm/internal/services/datafactory/data_factory_linked_service_key_vault_resource.go b/azurerm/internal/services/datafactory/data_factory_linked_service_key_vault_resource.go
@@ -101,22 +101,21 @@ func resourceDataFactoryLinkedServiceKeyVault() *schema.Resource {
 
 func resourceDataFactoryLinkedServiceKeyVaultCreateUpdate(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*clients.Client).DataFactory.LinkedServiceClient
-	vaultClient := meta.(*clients.Client).KeyVault.VaultsClient
+	keyVaultsClient := meta.(*clients.Client).KeyVault
 	ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d)
 	defer cancel()
 
 	name := d.Get("name").(string)
 	dataFactoryName := d.Get("data_factory_name").(string)
 	resourceGroup := d.Get("resource_group_name").(string)
-	keyVaultIdRaw := d.Get("key_vault_id").(string)
-	_, err := keyVaultParse.VaultID(keyVaultIdRaw)
+	keyVaultId, err := keyVaultParse.VaultID(d.Get("key_vault_id").(string))
 	if err != nil {
 		return err
 	}
 
-	keyVaultBaseUri, err := azure.GetKeyVaultBaseUrlFromID(ctx, vaultClient, keyVaultIdRaw)
+	keyVaultBaseUri, err := keyVaultsClient.BaseUriForKeyVault(ctx, *keyVaultId)
 	if err != nil {
-		return fmt.Errorf("Error looking up Key %q vault url from id %q: %+v", name, keyVaultIdRaw, err)
+		return err
 	}
 
 	if d.IsNewResource() {
@@ -133,7 +132,7 @@ func resourceDataFactoryLinkedServiceKeyVaultCreateUpdate(d *schema.ResourceData
 	}
 
 	azureKeyVaultProperties := &datafactory.AzureKeyVaultLinkedServiceTypeProperties{
-		BaseURL: utils.String(keyVaultBaseUri),
+		BaseURL: keyVaultBaseUri,
 	}
 
 	azureKeyVaultLinkedService := &datafactory.AzureKeyVaultLinkedService{
@@ -183,7 +182,8 @@ func resourceDataFactoryLinkedServiceKeyVaultCreateUpdate(d *schema.ResourceData
 
 func resourceDataFactoryLinkedServiceKeyVaultRead(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*clients.Client).DataFactory.LinkedServiceClient
-	vaultClient := meta.(*clients.Client).KeyVault.VaultsClient
+	keyVaultsClient := meta.(*clients.Client).KeyVault
+	resourcesClient := meta.(*clients.Client).Resource
 	ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
 	defer cancel()
 
@@ -245,11 +245,13 @@ func resourceDataFactoryLinkedServiceKeyVaultRead(d *schema.ResourceData, meta i
 		}
 	}
 
-	keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, vaultClient, baseUrl)
-	if err != nil {
-		return fmt.Errorf("Error looking up Key Vault id from url %q: %+v", baseUrl, err)
+	var keyVaultId *string
+	if baseUrl != "" {
+		keyVaultId, err = keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, baseUrl)
+		if err != nil {
+			return err
+		}
 	}
-
 	d.Set("key_vault_id", keyVaultId)
 
 	return nil