Support AzureAD Auth for azurerm_data_factory_integration_runtime_man…

…aged (#10474) fixes #8994 --- PASS: TestAccDataFactoryIntegrationRuntimeManagedSsis_basic (155.25s) --- PASS: TestAccDataFactoryIntegrationRuntimeManagedSsis_complete (226.08s) --- PASS: TestAccDataFactoryIntegrationRuntimeManagedSsis_aadAuth (280.40s)
hashicorp · Feb 18, 2021 · cacd7aa · cacd7aa
1 parent 8ad0451
commit cacd7aa
Show file tree

Hide file tree

Showing 3 changed files with 95 additions and 14 deletions.
diff --git a/...erm/internal/services/datafactory/data_factory_integration_runtime_azure_ssis_resource.go b/...erm/internal/services/datafactory/data_factory_integration_runtime_azure_ssis_resource.go
@@ -173,12 +173,12 @@ func resourceDataFactoryIntegrationRuntimeAzureSsis() *schema.Resource {
 						},
 						"administrator_login": {
 							Type:         schema.TypeString,
-							Required:     true,
+							Optional:     true,
 							ValidateFunc: validation.StringIsNotEmpty,
 						},
 						"administrator_password": {
 							Type:         schema.TypeString,
-							Required:     true,
+							Optional:     true,
 							Sensitive:    true,
 							ValidateFunc: validation.StringIsNotEmpty,
 						},
@@ -383,17 +383,21 @@ func expandDataFactoryIntegrationRuntimeAzureSsisProperties(d *schema.ResourceDa
 	if catalogInfos, ok := d.GetOk("catalog_info"); ok && len(catalogInfos.([]interface{})) > 0 {
 		catalogInfo := catalogInfos.([]interface{})[0].(map[string]interface{})
 
-		adminPassword := &datafactory.SecureString{
-			Value: utils.String(catalogInfo["administrator_password"].(string)),
-			Type:  datafactory.TypeSecureString,
-		}
-
 		ssisProperties.CatalogInfo = &datafactory.IntegrationRuntimeSsisCatalogInfo{
 			CatalogServerEndpoint: utils.String(catalogInfo["server_endpoint"].(string)),
-			CatalogAdminUserName:  utils.String(catalogInfo["administrator_login"].(string)),
-			CatalogAdminPassword:  adminPassword,
 			CatalogPricingTier:    datafactory.IntegrationRuntimeSsisCatalogPricingTier(catalogInfo["pricing_tier"].(string)),
 		}
+
+		if adminUserName := catalogInfo["administrator_login"]; adminUserName.(string) != "" {
+			ssisProperties.CatalogInfo.CatalogAdminUserName = utils.String(adminUserName.(string))
+		}
+
+		if adminPassword := catalogInfo["administrator_password"]; adminPassword.(string) != "" {
+			ssisProperties.CatalogInfo.CatalogAdminPassword = &datafactory.SecureString{
+				Value: utils.String(adminPassword.(string)),
+				Type:  datafactory.TypeSecureString,
+			}
+		}
 	}
 
 	if customSetupScripts, ok := d.GetOk("custom_setup_script"); ok && len(customSetupScripts.([]interface{})) > 0 {
@@ -432,9 +436,12 @@ func flattenDataFactoryIntegrationRuntimeAzureSsisCatalogInfo(ssisProperties *da
 	}
 
 	catalogInfo := map[string]string{
-		"server_endpoint":     *ssisProperties.CatalogServerEndpoint,
-		"administrator_login": *ssisProperties.CatalogAdminUserName,
-		"pricing_tier":        string(ssisProperties.CatalogPricingTier),
+		"server_endpoint": *ssisProperties.CatalogServerEndpoint,
+		"pricing_tier":    string(ssisProperties.CatalogPricingTier),
+	}
+
+	if ssisProperties.CatalogAdminUserName != nil {
+		catalogInfo["administrator_login"] = *ssisProperties.CatalogAdminUserName
 	}
 
 	if adminPassword, ok := d.GetOk("catalog_info.0.administrator_password"); ok {

diff --git a/...nternal/services/datafactory/data_factory_integration_runtime_azure_ssis_resource_test.go b/...nternal/services/datafactory/data_factory_integration_runtime_azure_ssis_resource_test.go
@@ -73,6 +73,21 @@ func TestAccDataFactoryIntegrationRuntimeManagedSsis_complete(t *testing.T) {
 	})
 }
 
+func TestAccDataFactoryIntegrationRuntimeManagedSsis_aadAuth(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_data_factory_integration_runtime_azure_ssis", "test")
+	r := IntegrationRuntimeManagedSsisResource{}
+
+	data.ResourceTest(t, r, []resource.TestStep{
+		{
+			Config: r.aadAuth(data),
+			Check: resource.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
 func (IntegrationRuntimeManagedSsisResource) basic(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 provider "azurerm" {
@@ -208,6 +223,65 @@ resource "azurerm_data_factory_integration_runtime_azure_ssis" "test" {
 `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomString, data.RandomInteger, data.RandomInteger)
 }
 
+func (IntegrationRuntimeManagedSsisResource) aadAuth(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-df-%d"
+  location = "%s"
+}
+
+resource "azurerm_data_factory" "test" {
+  name                = "acctestdfirm%d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+
+  identity {
+    type = "SystemAssigned"
+  }
+}
+
+resource "azurerm_sql_server" "test" {
+  name                         = "acctestsql%d"
+  resource_group_name          = azurerm_resource_group.test.name
+  location                     = azurerm_resource_group.test.location
+  version                      = "12.0"
+  administrator_login          = "ssis_catalog_admin"
+  administrator_login_password = "my-s3cret-p4ssword!"
+}
+
+data "azuread_service_principal" "test" {
+  display_name = azurerm_data_factory.test.name
+}
+
+resource "azurerm_sql_active_directory_administrator" "test" {
+  server_name         = azurerm_sql_server.test.name
+  resource_group_name = azurerm_resource_group.test.name
+  login               = azurerm_data_factory.test.name
+  tenant_id           = azurerm_data_factory.test.identity.0.tenant_id
+  object_id           = data.azuread_service_principal.test.application_id
+}
+
+resource "azurerm_data_factory_integration_runtime_azure_ssis" "test" {
+  name                = "managed-integration-runtime"
+  data_factory_name   = azurerm_data_factory.test.name
+  resource_group_name = azurerm_resource_group.test.name
+  location            = azurerm_resource_group.test.location
+  node_size           = "Standard_D8_v3"
+
+  catalog_info {
+    server_endpoint = azurerm_sql_server.test.fully_qualified_domain_name
+    pricing_tier    = "Basic"
+  }
+
+  depends_on = [azurerm_sql_active_directory_administrator.test]
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger)
+}
+
 func (t IntegrationRuntimeManagedSsisResource) Exists(ctx context.Context, clients *clients.Client, state *terraform.InstanceState) (*bool, error) {
 	id, err := azure.ParseAzureResourceID(state.ID)
 	if err != nil {

diff --git a/website/docs/r/data_factory_integration_runtime_azure_ssis.html.markdown b/website/docs/r/data_factory_integration_runtime_azure_ssis.html.markdown
@@ -70,9 +70,9 @@ A `catalog_info` block supports the following:
 
 * `server_endpoint` - (Required) The endpoint of an Azure SQL Server that will be used to host the SSIS catalog.
 
-* `administrator_login` - (Required) Administrator login name for the SQL Server.
+* `administrator_login` - (Optional) Administrator login name for the SQL Server.
 
-* `administrator_password` - (Required) Administrator login password for the SQL Server.
+* `administrator_password` - (Optional) Administrator login password for the SQL Server.
 
 * `pricing_tier` - (Optional) Pricing tier for the database that will be created for the SSIS catalog. Valid values are: `Basic`, `Standard`, `Premium` and `PremiumRS`.