From a680f181034362276d07291a0186680bf1a2621e Mon Sep 17 00:00:00 2001 From: kt Date: Mon, 11 Jun 2018 12:43:00 -0700 Subject: [PATCH 1/4] azurerm_role_definition: role_definition_id is now optional --- azurerm/resource_arm_role_definition.go | 13 +++++- azurerm/resource_arm_role_definition_test.go | 43 ++++++++++++++++++++ website/docs/r/role_definition.html.markdown | 3 +- 3 files changed, 56 insertions(+), 3 deletions(-) diff --git a/azurerm/resource_arm_role_definition.go b/azurerm/resource_arm_role_definition.go index d3ce17c34fb1..8584f7e412a3 100644 --- a/azurerm/resource_arm_role_definition.go +++ b/azurerm/resource_arm_role_definition.go @@ -5,6 +5,7 @@ import ( "log" "github.com/Azure/azure-sdk-for-go/services/preview/authorization/mgmt/2018-01-01-preview/authorization" + "github.com/hashicorp/go-uuid" "github.com/hashicorp/terraform/helper/schema" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" ) @@ -22,7 +23,8 @@ func resourceArmRoleDefinition() *schema.Resource { Schema: map[string]*schema.Schema{ "role_definition_id": { Type: schema.TypeString, - Required: true, + Optional: true, + Computed: true, ForceNew: true, }, @@ -81,6 +83,15 @@ func resourceArmRoleDefinitionCreateUpdate(d *schema.ResourceData, meta interfac ctx := meta.(*ArmClient).StopContext roleDefinitionId := d.Get("role_definition_id").(string) + if roleDefinitionId == "" { + uuid, err := uuid.GenerateUUID() + if err != nil { + return fmt.Errorf("Error generating UUID for Role Assignment: %+v", err) + } + + roleDefinitionId = uuid + } + name := d.Get("name").(string) scope := d.Get("scope").(string) description := d.Get("description").(string) diff --git a/azurerm/resource_arm_role_definition_test.go b/azurerm/resource_arm_role_definition_test.go index 5186e4580aa3..7ea2ec5455a2 100644 --- a/azurerm/resource_arm_role_definition_test.go +++ b/azurerm/resource_arm_role_definition_test.go @@ -87,6 +87,28 @@ func TestAccAzureRMRoleDefinition_update(t *testing.T) { }) } +func TestAccAzureRMRoleDefinition_emptyName(t *testing.T) { + resourceName := "azurerm_role_definition.test" + + ri := acctest.RandInt() + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMRoleDefinitionDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMRoleDefinition_emptyId(ri), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMRoleDefinitionExists(resourceName), + resource.TestCheckResourceAttrSet(resourceName, "id"), + resource.TestCheckResourceAttrSet(resourceName, "name"), + ), + }, + }, + }) +} + func testCheckAzureRMRoleDefinitionExists(name string) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[name] @@ -201,3 +223,24 @@ resource "azurerm_role_definition" "test" { } `, id, rInt) } + +func testAccAzureRMRoleDefinition_emptyId(rInt int) string { + return fmt.Sprintf(` +data "azurerm_subscription" "primary" {} + +resource "azurerm_role_definition" "test" { + role_definition_id = "hi" + name = "acctestrd-%d" + scope = "${data.azurerm_subscription.primary.id}" + + permissions { + actions = ["*"] + not_actions = [] + } + + assignable_scopes = [ + "${data.azurerm_subscription.primary.id}", + ] +} +`, rInt) +} diff --git a/website/docs/r/role_definition.html.markdown b/website/docs/r/role_definition.html.markdown index 1e181e33e104..281cdf1209ce 100644 --- a/website/docs/r/role_definition.html.markdown +++ b/website/docs/r/role_definition.html.markdown @@ -17,7 +17,6 @@ Manages a custom Role Definition, used to assign Roles to Users/Principals. data "azurerm_subscription" "primary" {} resource "azurerm_role_definition" "test" { - role_definition_id = "12345678-1234-5678-1234-123456780123" name = "my-custom-role" scope = "${data.azurerm_subscription.primary.id}" description = "This is a custom role created via Terraform" @@ -37,7 +36,7 @@ resource "azurerm_role_definition" "test" { The following arguments are supported: -* `role_definition_id` - (Required) A unique UUID/GUID which identifies this role. Changing this forces a new resource to be created. +* `role_definition_id` - (Optional) A unique UUID/GUID which identifies this role - one will be generated if not specified.. Changing this forces a new resource to be created. * `name` - (Required) The name of the Role Definition. Changing this forces a new resource to be created. From 2189f02309d3e8926378afed11ffea0a7dd801d8 Mon Sep 17 00:00:00 2001 From: kt Date: Mon, 11 Jun 2018 13:28:01 -0700 Subject: [PATCH 2/4] azurerm_role_definition: role_definition_id testing UUID format --- azurerm/resource_arm_role_definition_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azurerm/resource_arm_role_definition_test.go b/azurerm/resource_arm_role_definition_test.go index 7ea2ec5455a2..16c395e59b82 100644 --- a/azurerm/resource_arm_role_definition_test.go +++ b/azurerm/resource_arm_role_definition_test.go @@ -229,7 +229,7 @@ func testAccAzureRMRoleDefinition_emptyId(rInt int) string { data "azurerm_subscription" "primary" {} resource "azurerm_role_definition" "test" { - role_definition_id = "hi" + role_definition_id = "fbda02370fbdf6f76e80f2d42708669a" name = "acctestrd-%d" scope = "${data.azurerm_subscription.primary.id}" From 1bd305465aa82eb2916a84e347be01eaaaca97c2 Mon Sep 17 00:00:00 2001 From: kt Date: Mon, 11 Jun 2018 13:38:26 -0700 Subject: [PATCH 3/4] azurerm_role_definition: role_definition_id updated empty test --- azurerm/resource_arm_role_definition_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/azurerm/resource_arm_role_definition_test.go b/azurerm/resource_arm_role_definition_test.go index 16c395e59b82..3c72499a6f0a 100644 --- a/azurerm/resource_arm_role_definition_test.go +++ b/azurerm/resource_arm_role_definition_test.go @@ -229,7 +229,6 @@ func testAccAzureRMRoleDefinition_emptyId(rInt int) string { data "azurerm_subscription" "primary" {} resource "azurerm_role_definition" "test" { - role_definition_id = "fbda02370fbdf6f76e80f2d42708669a" name = "acctestrd-%d" scope = "${data.azurerm_subscription.primary.id}" From 9fe7aa72b65941db4567bff5a845cb82278c0735 Mon Sep 17 00:00:00 2001 From: kt Date: Tue, 12 Jun 2018 08:07:23 -0700 Subject: [PATCH 4/4] role definition - removed extra . from docs --- website/docs/r/role_definition.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/r/role_definition.html.markdown b/website/docs/r/role_definition.html.markdown index 281cdf1209ce..4add04c60c70 100644 --- a/website/docs/r/role_definition.html.markdown +++ b/website/docs/r/role_definition.html.markdown @@ -36,7 +36,7 @@ resource "azurerm_role_definition" "test" { The following arguments are supported: -* `role_definition_id` - (Optional) A unique UUID/GUID which identifies this role - one will be generated if not specified.. Changing this forces a new resource to be created. +* `role_definition_id` - (Optional) A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created. * `name` - (Required) The name of the Role Definition. Changing this forces a new resource to be created.