From c3922424f0f548680b19afe1cd6e8976efd47af1 Mon Sep 17 00:00:00 2001
From: tombuildsstuff <git@ibuildstuff.co.uk>
Date: Thu, 5 Jul 2018 20:15:14 +0200
Subject: [PATCH] New Resource: `azurerm_data_lake_firewall_rule`

---
 azurerm/config.go                             |  17 +-
 azurerm/provider.go                           |   1 +
 ...ource_arm_data_lake_store_firewall_rule.go | 146 ++++++++++++++
 ..._arm_data_lake_store_firewall_rule_test.go | 181 ++++++++++++++++++
 website/azurerm.erb                           |   6 +-
 website/docs/r/data_lake_store.html.markdown  |  18 +-
 ...ata_lake_store_firewall_rule.html.markdown |  62 ++++++
 7 files changed, 408 insertions(+), 23 deletions(-)
 create mode 100644 azurerm/resource_arm_data_lake_store_firewall_rule.go
 create mode 100644 azurerm/resource_arm_data_lake_store_firewall_rule_test.go
 create mode 100644 website/docs/r/data_lake_store_firewall_rule.html.markdown

diff --git a/azurerm/config.go b/azurerm/config.go
index 767d92303191..85937b6ab907 100644
--- a/azurerm/config.go
+++ b/azurerm/config.go
@@ -141,7 +141,8 @@ type ArmClient struct {
 	sqlVirtualNetworkRulesClient         sql.VirtualNetworkRulesClient
 
 	// Data Lake Store
-	dataLakeStoreAccountClient account.AccountsClient
+	dataLakeStoreAccountClient       account.AccountsClient
+	dataLakeStoreFirewallRulesClient account.FirewallRulesClient
 
 	// KeyVault
 	keyVaultClient           keyvault.VaultsClient
@@ -383,7 +384,7 @@ func getArmClient(c *authentication.Config) (*ArmClient, error) {
 	client.registerContainerServicesClients(endpoint, c.SubscriptionID, auth)
 	client.registerCosmosDBClients(endpoint, c.SubscriptionID, auth, sender)
 	client.registerDatabases(endpoint, c.SubscriptionID, auth, sender)
-	client.registerDataLakeStoreAccountClients(endpoint, c.SubscriptionID, auth, sender)
+	client.registerDataLakeStoreClients(endpoint, c.SubscriptionID, auth, sender)
 	client.registerDeviceClients(endpoint, c.SubscriptionID, auth, sender)
 	client.registerDNSClients(endpoint, c.SubscriptionID, auth, sender)
 	client.registerEventGridClients(endpoint, c.SubscriptionID, auth, sender)
@@ -643,10 +644,14 @@ func (c *ArmClient) registerDatabases(endpoint, subscriptionId string, auth auto
 	c.sqlVirtualNetworkRulesClient = sqlVNRClient
 }
 
-func (c *ArmClient) registerDataLakeStoreAccountClients(endpoint, subscriptionId string, auth autorest.Authorizer, sender autorest.Sender) {
-	dataLakeStoreAccountClient := account.NewAccountsClientWithBaseURI(endpoint, subscriptionId)
-	c.configureClient(&dataLakeStoreAccountClient.Client, auth)
-	c.dataLakeStoreAccountClient = dataLakeStoreAccountClient
+func (c *ArmClient) registerDataLakeStoreClients(endpoint, subscriptionId string, auth autorest.Authorizer, sender autorest.Sender) {
+	accountClient := account.NewAccountsClientWithBaseURI(endpoint, subscriptionId)
+	c.configureClient(&accountClient.Client, auth)
+	c.dataLakeStoreAccountClient = accountClient
+
+	firewallRulesClient := account.NewFirewallRulesClientWithBaseURI(endpoint, subscriptionId)
+	c.configureClient(&firewallRulesClient.Client, auth)
+	c.dataLakeStoreFirewallRulesClient = firewallRulesClient
 }
 
 func (c *ArmClient) registerDeviceClients(endpoint, subscriptionId string, auth autorest.Authorizer, sender autorest.Sender) {
diff --git a/azurerm/provider.go b/azurerm/provider.go
index c9ad8f102de9..95b16334a0de 100644
--- a/azurerm/provider.go
+++ b/azurerm/provider.go
@@ -136,6 +136,7 @@ func Provider() terraform.ResourceProvider {
 			"azurerm_container_group":                      resourceArmContainerGroup(),
 			"azurerm_cosmosdb_account":                     resourceArmCosmosDBAccount(),
 			"azurerm_data_lake_store":                      resourceArmDataLakeStore(),
+			"azurerm_data_lake_store_firewall_rule":        resourceArmDataLakeStoreFirewallRule(),
 			"azurerm_dns_a_record":                         resourceArmDnsARecord(),
 			"azurerm_dns_aaaa_record":                      resourceArmDnsAAAARecord(),
 			"azurerm_dns_caa_record":                       resourceArmDnsCaaRecord(),
diff --git a/azurerm/resource_arm_data_lake_store_firewall_rule.go b/azurerm/resource_arm_data_lake_store_firewall_rule.go
new file mode 100644
index 000000000000..5c126e41f72d
--- /dev/null
+++ b/azurerm/resource_arm_data_lake_store_firewall_rule.go
@@ -0,0 +1,146 @@
+package azurerm
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/Azure/azure-sdk-for-go/services/datalake/store/mgmt/2016-11-01/account"
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/response"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func resourceArmDataLakeStoreFirewallRule() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceArmDateLakeStoreAccountFirewallRuleCreateUpdate,
+		Read:   resourceArmDateLakeStoreAccountFirewallRuleRead,
+		Update: resourceArmDateLakeStoreAccountFirewallRuleCreateUpdate,
+		Delete: resourceArmDateLakeStoreAccountFirewallRuleDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"account_name": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"resource_group_name": resourceGroupNameSchema(),
+
+			"start_ip_address": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: validate.IPv4Address,
+			},
+
+			"end_ip_address": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: validate.IPv4Address,
+			},
+		},
+	}
+}
+
+func resourceArmDateLakeStoreAccountFirewallRuleCreateUpdate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*ArmClient).dataLakeStoreFirewallRulesClient
+	ctx := meta.(*ArmClient).StopContext
+
+	log.Printf("[INFO] preparing arguments for Date Lake Store Firewall Rule creation.")
+
+	name := d.Get("name").(string)
+	accountName := d.Get("account_name").(string)
+	resourceGroup := d.Get("resource_group_name").(string)
+	startIPAddress := d.Get("start_ip_address").(string)
+	endIPAddress := d.Get("end_ip_address").(string)
+
+	dateLakeStore := account.CreateOrUpdateFirewallRuleParameters{
+		CreateOrUpdateFirewallRuleProperties: &account.CreateOrUpdateFirewallRuleProperties{
+			StartIPAddress: utils.String(startIPAddress),
+			EndIPAddress:   utils.String(endIPAddress),
+		},
+	}
+
+	_, err := client.CreateOrUpdate(ctx, resourceGroup, accountName, name, dateLakeStore)
+	if err != nil {
+		return fmt.Errorf("Error issuing create request for Data Lake Store %q (Resource Group %q): %+v", name, resourceGroup, err)
+	}
+
+	read, err := client.Get(ctx, resourceGroup, accountName, name)
+	if err != nil {
+		return fmt.Errorf("Error retrieving Data Lake Store Firewall Rule %q (Account %q / Resource Group %q): %+v", name, accountName, resourceGroup, err)
+	}
+	if read.ID == nil {
+		return fmt.Errorf("Cannot read Data Lake Store %q (Account %q / Resource Group %q) ID", name, accountName, resourceGroup)
+	}
+
+	d.SetId(*read.ID)
+
+	return resourceArmDateLakeStoreAccountFirewallRuleRead(d, meta)
+}
+
+func resourceArmDateLakeStoreAccountFirewallRuleRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*ArmClient).dataLakeStoreFirewallRulesClient
+	ctx := meta.(*ArmClient).StopContext
+
+	id, err := parseAzureResourceID(d.Id())
+	if err != nil {
+		return err
+	}
+	resourceGroup := id.ResourceGroup
+	accountName := id.Path["accounts"]
+	name := id.Path["firewallRules"]
+
+	resp, err := client.Get(ctx, resourceGroup, accountName, name)
+	if err != nil {
+		if utils.ResponseWasNotFound(resp.Response) {
+			log.Printf("[WARN] Data Lake Store Firewall Rule %q was not found (Account %q / Resource Group %q)", name, accountName, resourceGroup)
+			d.SetId("")
+			return nil
+		}
+		return fmt.Errorf("Error making Read request on Azure Data Lake Store Firewall Rule %q (Account %q / Resource Group %q): %+v", name, accountName, resourceGroup, err)
+	}
+
+	d.Set("name", name)
+	d.Set("account_name", accountName)
+	d.Set("resource_group_name", resourceGroup)
+
+	if props := resp.FirewallRuleProperties; props != nil {
+		d.Set("start_ip_address", props.StartIPAddress)
+		d.Set("end_ip_address", props.EndIPAddress)
+	}
+
+	return nil
+}
+
+func resourceArmDateLakeStoreAccountFirewallRuleDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*ArmClient).dataLakeStoreFirewallRulesClient
+	ctx := meta.(*ArmClient).StopContext
+
+	id, err := parseAzureResourceID(d.Id())
+	if err != nil {
+		return err
+	}
+
+	resourceGroup := id.ResourceGroup
+	accountName := id.Path["accounts"]
+	name := id.Path["firewallRules"]
+	resp, err := client.Delete(ctx, resourceGroup, accountName, name)
+	if err != nil {
+		if response.WasNotFound(resp.Response) {
+			return nil
+		}
+		return fmt.Errorf("Error issuing delete request for Data Lake Store Firewall Rule %q (Account %q / Resource Group %q): %+v", name, accountName, resourceGroup, err)
+	}
+
+	return nil
+}
diff --git a/azurerm/resource_arm_data_lake_store_firewall_rule_test.go b/azurerm/resource_arm_data_lake_store_firewall_rule_test.go
new file mode 100644
index 000000000000..16a7196ed427
--- /dev/null
+++ b/azurerm/resource_arm_data_lake_store_firewall_rule_test.go
@@ -0,0 +1,181 @@
+package azurerm
+
+import (
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/acctest"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccAzureRMDataLakeStoreFirewallRule_basic(t *testing.T) {
+	resourceName := "azurerm_data_lake_store_firewall_rule.test"
+	startIP := "1.1.1.1"
+	endIP := "2.2.2.2"
+
+	ri := acctest.RandInt()
+	rs := acctest.RandString(4)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMDataLakeStoreFirewallRuleDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMDataLakeStoreFirewallRule_basic(ri, rs, testLocation(), startIP, endIP),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMDataLakeStoreFirewallRuleExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "start_ip_address", startIP),
+					resource.TestCheckResourceAttr(resourceName, "end_ip_address", endIP),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccAzureRMDataLakeStoreFirewallRule_update(t *testing.T) {
+	resourceName := "azurerm_data_lake_store_firewall_rule.test"
+	ri := acctest.RandInt()
+	rs := acctest.RandString(4)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMDataLakeStoreFirewallRuleDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMDataLakeStoreFirewallRule_basic(ri, rs, testLocation(), "1.1.1.1", "2.2.2.2"),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMDataLakeStoreFirewallRuleExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "start_ip_address", "1.1.1.1"),
+					resource.TestCheckResourceAttr(resourceName, "end_ip_address", "2.2.2.2"),
+				),
+			},
+			{
+				Config: testAccAzureRMDataLakeStoreFirewallRule_basic(ri, rs, testLocation(), "2.2.2.2", "3.3.3.3"),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMDataLakeStoreFirewallRuleExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "start_ip_address", "2.2.2.2"),
+					resource.TestCheckResourceAttr(resourceName, "end_ip_address", "3.3.3.3"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAzureRMDataLakeStoreFirewallRule_azureServices(t *testing.T) {
+	resourceName := "azurerm_data_lake_store_firewall_rule.test"
+	azureServicesIP := "0.0.0.0"
+	ri := acctest.RandInt()
+	rs := acctest.RandString(4)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMDataLakeStoreFirewallRuleDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMDataLakeStoreFirewallRule_basic(ri, rs, testLocation(), azureServicesIP, azureServicesIP),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMDataLakeStoreFirewallRuleExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "start_ip_address", azureServicesIP),
+					resource.TestCheckResourceAttr(resourceName, "end_ip_address", azureServicesIP),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testCheckAzureRMDataLakeStoreFirewallRuleExists(name string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		// Ensure we have enough information in state to look up in API
+		rs, ok := s.RootModule().Resources[name]
+		if !ok {
+			return fmt.Errorf("Not found: %s", name)
+		}
+
+		firewallRuleName := rs.Primary.Attributes["name"]
+		accountName := rs.Primary.Attributes["account_name"]
+		resourceGroup, hasResourceGroup := rs.Primary.Attributes["resource_group_name"]
+		if !hasResourceGroup {
+			return fmt.Errorf("Bad: no resource group found in state for data lake store firewall rule: %s", name)
+		}
+
+		conn := testAccProvider.Meta().(*ArmClient).dataLakeStoreFirewallRulesClient
+		ctx := testAccProvider.Meta().(*ArmClient).StopContext
+
+		resp, err := conn.Get(ctx, resourceGroup, accountName, firewallRuleName)
+		if err != nil {
+			return fmt.Errorf("Bad: Get on dataLakeStoreFirewallRulesClient: %+v", err)
+		}
+
+		if resp.StatusCode == http.StatusNotFound {
+			return fmt.Errorf("Bad: Date Lake Store Firewall Rule %q (Account %q / Resource Group: %q) does not exist", firewallRuleName, accountName, resourceGroup)
+		}
+
+		return nil
+	}
+}
+
+func testCheckAzureRMDataLakeStoreFirewallRuleDestroy(s *terraform.State) error {
+	conn := testAccProvider.Meta().(*ArmClient).dataLakeStoreFirewallRulesClient
+	ctx := testAccProvider.Meta().(*ArmClient).StopContext
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "azurerm_data_lake_store_firewall_rule" {
+			continue
+		}
+
+		firewallRuleName := rs.Primary.Attributes["name"]
+		accountName := rs.Primary.Attributes["account_name"]
+		resourceGroup := rs.Primary.Attributes["resource_group_name"]
+
+		resp, err := conn.Get(ctx, resourceGroup, accountName, firewallRuleName)
+		if err != nil {
+			if resp.StatusCode == http.StatusNotFound {
+				return nil
+			}
+
+			return err
+		}
+
+		return fmt.Errorf("Data Lake Store Firewall Rule still exists:\n%#v", resp)
+	}
+
+	return nil
+}
+
+func testAccAzureRMDataLakeStoreFirewallRule_basic(rInt int, rs, location, startIP, endIP string) string {
+	return fmt.Sprintf(`
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-%d"
+  location = "%s"
+}
+
+resource "azurerm_data_lake_store" "test" {
+  name                = "unlikely23exst2acct%s"
+  resource_group_name = "${azurerm_resource_group.test.name}"
+  location            = "%s"
+}
+
+resource "azurerm_data_lake_store_firewall_rule" "test" {
+  name                = "example"
+  account_name        = "${azurerm_data_lake_store.test.name}"
+  resource_group_name = "${azurerm_resource_group.test.name}"
+  start_ip_address    = "%s"
+  end_ip_address      = "%s"
+}
+`, rInt, location, rs, location, startIP, endIP)
+}
diff --git a/website/azurerm.erb b/website/azurerm.erb
index 63e393803a17..e0c3181b9eb3 100644
--- a/website/azurerm.erb
+++ b/website/azurerm.erb
@@ -409,10 +409,14 @@
               <a href="#">Data Lake Store Resources</a>
               <ul class="nav nav-visible">
 
-                <li<%= sidebar_current("docs-azurerm-resource-data-lake-store") %>>
+                <li<%= sidebar_current("docs-azurerm-resource-data-lake-store-x") %>>
                   <a href="/docs/providers/azurerm/r/data_lake_store.html">azurerm_data_lake_store</a>
                 </li>
 
+                <li<%= sidebar_current("docs-azurerm-resource-data-lake-store-firewall-rule") %>>
+                  <a href="/docs/providers/azurerm/r/data_lake_store_firewall_rule.html">azurerm_data_lake_store_firewall_rule</a>
+                </li>
+
               </ul>
             </li>
 
diff --git a/website/docs/r/data_lake_store.html.markdown b/website/docs/r/data_lake_store.html.markdown
index 6c7213c66450..d36296e063bf 100644
--- a/website/docs/r/data_lake_store.html.markdown
+++ b/website/docs/r/data_lake_store.html.markdown
@@ -1,7 +1,7 @@
 ---
 layout: "azurerm"
 page_title: "Azure Resource Manager: azurerm_data_lake_store"
-sidebar_current: "docs-azurerm-resource-data-lake-store"
+sidebar_current: "docs-azurerm-resource-data-lake-store-x"
 description: |-
   Manage an Azure Data Lake Store.
 ---
@@ -13,7 +13,6 @@ Manage an Azure Data Lake Store.
 ## Example Usage
 
 ```hcl
-# Pay As You Go
 resource "azurerm_resource_group" "test" {
   name     = "test"
   location = "northeurope"
@@ -22,20 +21,7 @@ resource "azurerm_resource_group" "test" {
 resource "azurerm_data_lake_store" "consumption" {
   name                = "consumptiondatalake"
   resource_group_name = "${azurerm_resource_group.test.name}"
-  location            = "northeurope"
-}
-
-# Monthly Commitment Tier
-resource "azurerm_resource_group" "test" {
-  name     = "test"
-  location = "westeurope"
-}
-
-resource "azurerm_data_lake_store" "monthly" {
-  name                = "monthlydatalake"
-  resource_group_name = "${azurerm_resource_group.test.name}"
-  location            = "westeurope"
-  tier                = "Commitment_1TB"
+  location            = "${azurerm_resource_group.test.location}"
 }
 ```
 
diff --git a/website/docs/r/data_lake_store_firewall_rule.html.markdown b/website/docs/r/data_lake_store_firewall_rule.html.markdown
new file mode 100644
index 000000000000..69018d1d4b3f
--- /dev/null
+++ b/website/docs/r/data_lake_store_firewall_rule.html.markdown
@@ -0,0 +1,62 @@
+---
+layout: "azurerm"
+page_title: "Azure Resource Manager: azurerm_data_lake_store_firewall_rule"
+sidebar_current: "docs-azurerm-resource-data-lake-store-firewall-rule"
+description: |-
+  Manage a Azure Data Lake Store Firewall Rule.
+---
+
+# azurerm_data_lake_store_firewall_rule
+
+Manage a Azure Data Lake Store Firewall Rule.
+
+## Example Usage
+
+```hcl
+resource "azurerm_resource_group" "test" {
+  name     = "test"
+  location = "northeurope"
+}
+
+resource "azurerm_data_lake_store" "test" {
+  name                = "consumptiondatalake"
+  resource_group_name = "${azurerm_resource_group.test.name}"
+  location            = "${azurerm_resource_group.test.location}"
+}
+
+resource "azurerm_data_lake_store_firewall_rule" "test" {
+  name = "office-ip-range"
+  account_name = "${azurerm_data_lake_store.test.name}"
+  resource_group_name = "${azurerm_resource_group.test.name}"
+  start_ip_address = "1.2.3.4"
+  end_ip_address = "2.3.4.5"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) Specifies the name of the Data Lake Store. Changing this forces a new resource to be created. Has to be between 3 to 24 characters.
+
+* `resource_group_name` - (Required) The name of the resource group in which to create the Data Lake Store.
+
+* `account_name` - (Required) Specifies the name of the Data Lake Store for which the Firewall Rule should take effect.
+
+* `start_ip_address` - (Required) The Start IP address for the firewall rule.
+
+* `end_ip_address` - (Required) The End IP Address for the firewall rule.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The Date Lake Store Firewall Rule ID.
+
+## Import
+
+Date Lake Store Firewall Rules can be imported using the `resource id`, e.g.
+
+```shell
+terraform import azurerm_data_lake_store_firewall_rule.rule1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.DataLakeStore/accounts/mydatalakeaccount/firewallRules/rule1
+```