Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

keyvault: optimising the lookup/adding a cache for Key Vaults #10330

Merged
merged 26 commits into from
Jan 27, 2021
Merged

keyvault: optimising the lookup/adding a cache for Key Vaults #10330

Show file tree
Hide file tree
Changes from 23 commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
3092d0f
r/storage_account_customer_managed_key: switching to use the key vaul…
tombuildsstuff Jan 25, 2021
cc448dd
r/kusto_cluster: refactoring to use the cache
tombuildsstuff Jan 25, 2021
4dc21c4
r/data_factory_linked_service: refactoring to use the cache
tombuildsstuff Jan 25, 2021
e7c6e84
r/app_service_certificate: switching to use the cache
tombuildsstuff Jan 25, 2021
2f9ca57
r/mysql_server_key: switching to use the cache
tombuildsstuff Jan 25, 2021
5bf623d
r/postgres_server_key: switching to use the cache
tombuildsstuff Jan 25, 2021
73e180d
r/storage_account_customer_managed_key: switching to use the cache
tombuildsstuff Jan 25, 2021
b148732
r/disk_encryption_set: switching over to use the cache
tombuildsstuff Jan 25, 2021
45bbcae
r/kusto_cluster_customer_managed_key: switching over to use the cache
tombuildsstuff Jan 25, 2021
6c0fe84
r/key_vault_certificate_issuer: switching to use the cache
tombuildsstuff Jan 25, 2021
0d596e0
d/key_vault_certificate_issuer: switching to use the cache
tombuildsstuff Jan 25, 2021
058b939
d/key_vault_certificate: switching to use the cache
tombuildsstuff Jan 25, 2021
95700e2
r/key_vault_certificate: switching to use the cache
tombuildsstuff Jan 25, 2021
7fd6d9d
key_vault: pulling the nested item importer from the cache
tombuildsstuff Jan 25, 2021
210d447
d/key_vault_key: switching to use the cache
tombuildsstuff Jan 25, 2021
eae3493
r/key_vault_key: switching to use the cache
tombuildsstuff Jan 25, 2021
10d85e8
d/key_vault_secret: switching to use the cache
tombuildsstuff Jan 25, 2021
cd70f93
r/key_vault_secret: switching to use the cache
tombuildsstuff Jan 25, 2021
26e54cd
refactor: removing the unused file
tombuildsstuff Jan 25, 2021
c90ba8b
linting: formatting
tombuildsstuff Jan 25, 2021
b1ed5a1
linting: removing the `deadcode` since this is no longer unused
tombuildsstuff Jan 27, 2021
b53803a
keyvault/caching: threading through the resources client
tombuildsstuff Jan 27, 2021
aad2c0b
keyvault: updating the cache to query the specific key vault to retri…
tombuildsstuff Jan 27, 2021
fbd4652
Update azurerm/internal/services/keyvault/key_vault_secret_resource.go
tombuildsstuff Jan 27, 2021
f20c691
Update azurerm/internal/services/keyvault/key_vault_secret_resource.go
tombuildsstuff Jan 27, 2021
e4b790d
Update azurerm/internal/services/keyvault/key_vault_secret_resource.go
tombuildsstuff Jan 27, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
120 changes: 0 additions & 120 deletions azurerm/helpers/azure/key_vault.go
View file
Open in desktop

This file was deleted.

32 changes: 16 additions & 16 deletions azurerm/internal/services/compute/disk_encryption_set_resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,16 @@ import (
"time"

"github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2020-06-01/compute"
"github.com/Azure/azure-sdk-for-go/services/keyvault/mgmt/2019-09-01/keyvault"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/compute/parse"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/client"
keyVaultParse "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/parse"
keyVaultValidate "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/keyvault/validate"
resourcesClient "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/resource/client"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tags"
azSchema "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/schema"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts"
Expand Down Expand Up @@ -94,7 +95,8 @@ func resourceDiskEncryptionSet() *schema.Resource {

func resourceDiskEncryptionSetCreate(d *schema.ResourceData, meta interface{}) error {
client := meta.(*clients.Client).Compute.DiskEncryptionSetsClient
vaultClient := meta.(*clients.Client).KeyVault.VaultsClient
keyVaultsClient := meta.(*clients.Client).KeyVault
resourcesClient := meta.(*clients.Client).Resource
ctx, cancel := timeouts.ForCreate(meta.(*clients.Client).StopContext, d)
defer cancel()

Expand All @@ -112,7 +114,7 @@ func resourceDiskEncryptionSetCreate(d *schema.ResourceData, meta interface{}) e
}

keyVaultKeyId := d.Get("key_vault_key_id").(string)
keyVaultDetails, err := diskEncryptionSetRetrieveKeyVault(ctx, vaultClient, keyVaultKeyId)
keyVaultDetails, err := diskEncryptionSetRetrieveKeyVault(ctx, keyVaultsClient, resourcesClient, keyVaultKeyId)
if err != nil {
return fmt.Errorf("Error validating Key Vault Key %q for Disk Encryption Set: %+v", keyVaultKeyId, err)
}
Expand Down Expand Up @@ -204,7 +206,8 @@ func resourceDiskEncryptionSetRead(d *schema.ResourceData, meta interface{}) err

func resourceDiskEncryptionSetUpdate(d *schema.ResourceData, meta interface{}) error {
client := meta.(*clients.Client).Compute.DiskEncryptionSetsClient
vaultClient := meta.(*clients.Client).KeyVault.VaultsClient
keyVaultsClient := meta.(*clients.Client).KeyVault
resourcesClient := meta.(*clients.Client).Resource
ctx, cancel := timeouts.ForUpdate(meta.(*clients.Client).StopContext, d)
defer cancel()

Expand All @@ -220,7 +223,7 @@ func resourceDiskEncryptionSetUpdate(d *schema.ResourceData, meta interface{}) e

if d.HasChange("key_vault_key_id") {
keyVaultKeyId := d.Get("key_vault_key_id").(string)
keyVaultDetails, err := diskEncryptionSetRetrieveKeyVault(ctx, vaultClient, keyVaultKeyId)
keyVaultDetails, err := diskEncryptionSetRetrieveKeyVault(ctx, keyVaultsClient, resourcesClient, keyVaultKeyId)
if err != nil {
return fmt.Errorf("Error validating Key Vault Key %q for Disk Encryption Set: %+v", keyVaultKeyId, err)
}
Expand Down Expand Up @@ -312,30 +315,27 @@ type diskEncryptionSetKeyVault struct {
softDeleteEnabled bool
}

func diskEncryptionSetRetrieveKeyVault(ctx context.Context, client *keyvault.VaultsClient, id string) (*diskEncryptionSetKeyVault, error) {
func diskEncryptionSetRetrieveKeyVault(ctx context.Context, keyVaultsClient *client.Client, resourcesClient *resourcesClient.Client, id string) (*diskEncryptionSetKeyVault, error) {
keyVaultKeyId, err := keyVaultParse.ParseNestedItemID(id)
if err != nil {
return nil, err
}
keyVaultID, err := azure.GetKeyVaultIDFromBaseUrl(ctx, client, keyVaultKeyId.KeyVaultBaseUrl)
keyVaultID, err := keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, keyVaultKeyId.KeyVaultBaseUrl)
if err != nil {
return nil, fmt.Errorf("Error retrieving the Resource ID the Key Vault at URL %q: %s", keyVaultKeyId.KeyVaultBaseUrl, err)
}
if keyVaultID == nil {
return nil, fmt.Errorf("Unable to determine the Resource ID for the Key Vault at URL %q", keyVaultKeyId.KeyVaultBaseUrl)
}

// TODO: use keyvault's custom ID parse function when implemented
parsedKeyVaultID, err := azure.ParseAzureResourceID(*keyVaultID)
parsedKeyVaultID, err := keyVaultParse.VaultID(*keyVaultID)
if err != nil {
return nil, fmt.Errorf("Error parsing ID for keyvault in Disk Encryption Set: %+v", err)
return nil, err
}
resourceGroup := parsedKeyVaultID.ResourceGroup
vaultName := parsedKeyVaultID.Path["vaults"]

resp, err := client.Get(ctx, resourceGroup, vaultName)
resp, err := keyVaultsClient.VaultsClient.Get(ctx, parsedKeyVaultID.ResourceGroup, parsedKeyVaultID.Name)
if err != nil {
return nil, fmt.Errorf("Error retrieving KeyVault %q (Resource Group %q): %+v", vaultName, resourceGroup, err)
return nil, fmt.Errorf("retrieving %s: %+v", *parsedKeyVaultID, err)
}

purgeProtectionEnabled := false
Expand All @@ -353,8 +353,8 @@ func diskEncryptionSetRetrieveKeyVault(ctx context.Context, client *keyvault.Vau

return &diskEncryptionSetKeyVault{
keyVaultId: *keyVaultID,
resourceGroupName: resourceGroup,
keyVaultName: vaultName,
resourceGroupName: parsedKeyVaultID.ResourceGroup,
keyVaultName: parsedKeyVaultID.Name,
purgeProtectionEnabled: purgeProtectionEnabled,
softDeleteEnabled: softDeleteEnabled,
}, nil
Expand Down
24 changes: 13 additions & 11 deletions azurerm/internal/services/datafactory/data_factory_linked_service_key_vault_resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,22 +101,21 @@ func resourceDataFactoryLinkedServiceKeyVault() *schema.Resource {

func resourceDataFactoryLinkedServiceKeyVaultCreateUpdate(d *schema.ResourceData, meta interface{}) error {
client := meta.(*clients.Client).DataFactory.LinkedServiceClient
vaultClient := meta.(*clients.Client).KeyVault.VaultsClient
keyVaultsClient := meta.(*clients.Client).KeyVault
ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d)
defer cancel()

name := d.Get("name").(string)
dataFactoryName := d.Get("data_factory_name").(string)
resourceGroup := d.Get("resource_group_name").(string)
keyVaultIdRaw := d.Get("key_vault_id").(string)
_, err := keyVaultParse.VaultID(keyVaultIdRaw)
keyVaultId, err := keyVaultParse.VaultID(d.Get("key_vault_id").(string))
if err != nil {
return err
}

keyVaultBaseUri, err := azure.GetKeyVaultBaseUrlFromID(ctx, vaultClient, keyVaultIdRaw)
keyVaultBaseUri, err := keyVaultsClient.BaseUriForKeyVault(ctx, *keyVaultId)
if err != nil {
return fmt.Errorf("Error looking up Key %q vault url from id %q: %+v", name, keyVaultIdRaw, err)
return err
}

if d.IsNewResource() {
Expand All @@ -133,7 +132,7 @@ func resourceDataFactoryLinkedServiceKeyVaultCreateUpdate(d *schema.ResourceData
}

azureKeyVaultProperties := &datafactory.AzureKeyVaultLinkedServiceTypeProperties{
BaseURL: utils.String(keyVaultBaseUri),
BaseURL: keyVaultBaseUri,
}

azureKeyVaultLinkedService := &datafactory.AzureKeyVaultLinkedService{
Expand Down Expand Up @@ -183,7 +182,8 @@ func resourceDataFactoryLinkedServiceKeyVaultCreateUpdate(d *schema.ResourceData

func resourceDataFactoryLinkedServiceKeyVaultRead(d *schema.ResourceData, meta interface{}) error {
client := meta.(*clients.Client).DataFactory.LinkedServiceClient
vaultClient := meta.(*clients.Client).KeyVault.VaultsClient
keyVaultsClient := meta.(*clients.Client).KeyVault
resourcesClient := meta.(*clients.Client).Resource
ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
defer cancel()

Expand Down Expand Up @@ -245,11 +245,13 @@ func resourceDataFactoryLinkedServiceKeyVaultRead(d *schema.ResourceData, meta i
}
}

keyVaultId, err := azure.GetKeyVaultIDFromBaseUrl(ctx, vaultClient, baseUrl)
if err != nil {
return fmt.Errorf("Error looking up Key Vault id from url %q: %+v", baseUrl, err)
var keyVaultId *string
if baseUrl != "" {
keyVaultId, err = keyVaultsClient.KeyVaultIDFromBaseUrl(ctx, resourcesClient, baseUrl)
if err != nil {
return err
}
}

d.Set("key_vault_id", keyVaultId)

return nil
Expand Down
Loading