First try to fix it

hashicorp · Jun 6, 2021 · df14777 · df14777
1 parent aca7155
commit df14777
Show file tree

Hide file tree

Showing 3 changed files with 81 additions and 26 deletions.
diff --git a/azurerm/helpers/azure/resourceid.go b/azurerm/helpers/azure/resourceid.go
@@ -40,6 +40,7 @@ func ParseAzureResourceID(id string) (*ResourceID, error) {
 	}
 
 	var subscriptionID string
+	var provider string
 
 	// Put the constituent key-value pairs into a map
 	componentMap := make(map[string]string, len(components)/2)
@@ -52,13 +53,17 @@ func ParseAzureResourceID(id string) (*ResourceID, error) {
 			return nil, fmt.Errorf("Key/Value cannot be empty strings. Key: '%s', Value: '%s'", key, value)
 		}
 
-		// Catch the subscriptionID before it can be overwritten by another "subscriptions"
-		// value in the ID which is the case for the Service Bus subscription resource
-		if key == "subscriptions" && subscriptionID == "" {
+		switch key {
+		case "subscriptions" && subscriptionID == "":
+			// Catch the subscriptionID before it can be overwritten by another "subscriptions"
+			// value in the ID which is the case for the Service Bus subscription resource
 			subscriptionID = value
-		} else {
+		case "providers" && provider == "":
+			// Catch the provider before it can be overwritten by another "providers"
+			// value in the ID which can be the case for the Role Assignment resource
+			provider = value
+		default:
 			componentMap[key] = value
-		}
 	}
 
 	// Build up a TargetResourceID from the map
@@ -82,10 +87,8 @@ func ParseAzureResourceID(id string) (*ResourceID, error) {
 		delete(componentMap, "resourcegroups")
 	}
 
-	// It is OK not to have a provider in the case of a resource group
-	if provider, ok := componentMap["providers"]; ok {
+	if provider != "" {
 		idObj.Provider = provider
-		delete(componentMap, "providers")
 	}
 
 	return idObj, nil

diff --git a/azurerm/internal/services/authorization/parse/role_assignment.go b/azurerm/internal/services/authorization/parse/role_assignment.go
@@ -8,14 +8,16 @@ import (
 )
 
 type RoleAssignmentId struct {
-	SubscriptionID  string
-	ResourceGroup   string
-	ManagementGroup string
-	Name            string
-	TenantId        string
+	SubscriptionID   string
+	ResourceGroup    string
+	ManagementGroup  string
+	ResourceScope    string
+	ResourceProvider string
+	Name             string
+	TenantId         string
 }
 
-func NewRoleAssignmentID(subscriptionId, resourceGroup, managementGroup, name, tenantId string) (*RoleAssignmentId, error) {
+func NewRoleAssignmentID(subscriptionId, resourceGroup, resourceProvider, resourceScope, managementGroup, name, tenantId string) (*RoleAssignmentId, error) {
 	if subscriptionId == "" && resourceGroup == "" && managementGroup == "" {
 		return nil, fmt.Errorf("one of subscriptionId, resourceGroup, or managementGroup must be provided")
 	}
@@ -33,17 +35,24 @@ func NewRoleAssignmentID(subscriptionId, resourceGroup, managementGroup, name, t
 	}
 
 	return &RoleAssignmentId{
-		SubscriptionID:  subscriptionId,
-		ResourceGroup:   resourceGroup,
-		ManagementGroup: managementGroup,
-		Name:            name,
-		TenantId:        tenantId,
+		SubscriptionID:   subscriptionId,
+		ResourceGroup:    resourceGroup,
+		ResourceProvider: resourceProvider,
+		ResourceScope:    resourceScope,
+		ManagementGroup:  managementGroup,
+		Name:             name,
+		TenantId:         tenantId,
 	}, nil
 }
 
 // in general case, the id format does not change
 // for cross tenant scenario, add the tenantId info
 func (id RoleAssignmentId) AzureResourceID() string {
+	if id.ResourceScope != "" {
+		fmtString := "/subscriptions/%s/resourceGroups/%s/providers/%s/%s/providers/Microsoft.Authorization/roleAssignments/%s"
+		return fmt.Sprintf(fmtString, id.SubscriptionID, id.ResourceGroup, id.ResourceProvider, id.ResourceScope, id.Name)
+	}
+
 	if id.ManagementGroup != "" {
 		fmtString := "/providers/Microsoft.Management/managementGroups/%s/providers/Microsoft.Authorization/roleAssignments/%s"
 		return fmt.Sprintf(fmtString, id.ManagementGroup, id.Name)
@@ -90,6 +99,17 @@ func RoleAssignmentID(input string) (*RoleAssignmentId, error) {
 		}
 		roleAssignmentId.SubscriptionID = id.SubscriptionID
 		roleAssignmentId.ResourceGroup = id.ResourceGroup
+		if id.Provider != "Microsoft.Authorization" && id.Provider != "" {
+			roleAssignmentId.ResourceProvider = id.Provider
+			// logic to save resource scope
+			result := strings.Split(input, "/")
+			for k, v := range result {
+				if v == id.Provider && len(result) >= k+1 {
+					roleAssignmentId.ResourceScope = fmt.Sprintf("%s/%s", result[k+1], result[k+2])
+				}
+			}
+		}
+
 		if roleAssignmentId.Name, err = id.PopSegment("roleAssignments"); err != nil {
 			return nil, err
 		}

diff --git a/azurerm/internal/services/authorization/parse/role_assignment_test.go b/azurerm/internal/services/authorization/parse/role_assignment_test.go
@@ -10,37 +10,43 @@ var _ resourceid.Formatter = RoleAssignmentId{}
 
 func TestRoleAssignmentIDFormatter(t *testing.T) {
 	testData := []struct {
-		SubscriptionId  string
-		ResourceGroup   string
-		ManagementGroup string
-		Name            string
-		TenantId        string
-		Expected        string
+		SubscriptionId   string
+		ResourceGroup    string
+		ResourceProvider string
+		ResourceScope    string
+		ManagementGroup  string
+		Name             string
+		TenantId         string
+		Expected         string
 	}{
 		{
 			SubscriptionId:  "",
 			ResourceGroup:   "",
+			ResourceScope:   "",
 			ManagementGroup: "",
 			Name:            "23456781-2349-8764-5631-234567890121",
 			TenantId:        "",
 		},
 		{
 			SubscriptionId:  "12345678-1234-9876-4563-123456789012",
 			ResourceGroup:   "group1",
+			ResourceScope:   "",
 			ManagementGroup: "managementGroup1",
 			Name:            "23456781-2349-8764-5631-234567890121",
 			TenantId:        "",
 		},
 		{
 			SubscriptionId:  "12345678-1234-9876-4563-123456789012",
 			ResourceGroup:   "",
+			ResourceScope:   "",
 			ManagementGroup: "managementGroup1",
 			Name:            "23456781-2349-8764-5631-234567890121",
 			TenantId:        "",
 		},
 		{
 			SubscriptionId:  "12345678-1234-9876-4563-123456789012",
 			ResourceGroup:   "",
+			ResourceScope:   "",
 			ManagementGroup: "",
 			Name:            "23456781-2349-8764-5631-234567890121",
 			TenantId:        "",
@@ -49,6 +55,7 @@ func TestRoleAssignmentIDFormatter(t *testing.T) {
 		{
 			SubscriptionId:  "12345678-1234-9876-4563-123456789012",
 			ResourceGroup:   "group1",
+			ResourceScope:   "",
 			ManagementGroup: "",
 			Name:            "23456781-2349-8764-5631-234567890121",
 			TenantId:        "",
@@ -57,6 +64,7 @@ func TestRoleAssignmentIDFormatter(t *testing.T) {
 		{
 			SubscriptionId:  "",
 			ResourceGroup:   "",
+			ResourceScope:   "",
 			ManagementGroup: "12345678-1234-9876-4563-123456789012",
 			Name:            "23456781-2349-8764-5631-234567890121",
 			TenantId:        "",
@@ -65,15 +73,26 @@ func TestRoleAssignmentIDFormatter(t *testing.T) {
 		{
 			SubscriptionId:  "",
 			ResourceGroup:   "",
+			ResourceScope:   "",
 			ManagementGroup: "12345678-1234-9876-4563-123456789012",
 			Name:            "23456781-2349-8764-5631-234567890121",
 			TenantId:        "34567812-3456-7653-6742-345678901234",
 			Expected:        "/providers/Microsoft.Management/managementGroups/12345678-1234-9876-4563-123456789012/providers/Microsoft.Authorization/roleAssignments/23456781-2349-8764-5631-234567890121|34567812-3456-7653-6742-345678901234",
 		},
+		{
+			SubscriptionId:   "12345678-1234-9876-4563-123456789012",
+			ResourceGroup:    "group1",
+			ResourceProvider: "Microsoft.Storage",
+			ResourceScope:    "storageAccounts/nameStorageAccount",
+			ManagementGroup:  "",
+			Name:             "23456781-2349-8764-5631-234567890121",
+			TenantId:         "34567812-3456-7653-6742-345678901234",
+			Expected:         "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/group1/providers/Microsoft.Storage/storageAccounts/nameStorageAccount/providers/Microsoft.Authorization/roleAssignments/23456781-2349-8764-5631-234567890121|34567812-3456-7653-6742-345678901234",
+		},
 	}
 	for _, v := range testData {
 		t.Logf("testing %+v", v)
-		actual, err := NewRoleAssignmentID(v.SubscriptionId, v.ResourceGroup, v.ManagementGroup, v.Name, v.TenantId)
+		actual, err := NewRoleAssignmentID(v.SubscriptionId, v.ResourceGroup, v.ResourceProvider, v.ResourceScope, v.ManagementGroup, v.Name, v.TenantId)
 		if err != nil {
 			if v.Expected == "" {
 				continue
@@ -140,6 +159,7 @@ func TestRoleAssignmentID(t *testing.T) {
 			Expected: &RoleAssignmentId{
 				SubscriptionID:  "12345678-1234-9876-4563-123456789012",
 				ResourceGroup:   "",
+				ResourceScope:   "",
 				ManagementGroup: "",
 				Name:            "23456781-2349-8764-5631-234567890121",
 			},
@@ -176,6 +196,18 @@ func TestRoleAssignmentID(t *testing.T) {
 				TenantId:        "34567812-3456-7653-6742-345678901234",
 			},
 		},
+		{
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/group1/providers/Microsoft.Storage/storageAccounts/nameStorageAccount/providers/Microsoft.Authorization/roleAssignments/23456781-2349-8764-5631-234567890121|34567812-3456-7653-6742-345678901234",
+			Expected: &RoleAssignmentId{
+				SubscriptionID:   "12345678-1234-9876-4563-123456789012",
+				ResourceGroup:    "group1",
+				ResourceProvider: "Microsoft.Storage",
+				ResourceScope:    "storageAccounts/nameStorageAccount",
+				ManagementGroup:  "",
+				Name:             "23456781-2349-8764-5631-234567890121",
+				TenantId:         "34567812-3456-7653-6742-345678901234",
+			},
+		},
 	}
 
 	for _, v := range testData {