From d859875e8b633ad5714cb1c0f181218ecb865a43 Mon Sep 17 00:00:00 2001 From: kt Date: Mon, 21 Dec 2020 10:26:11 -0800 Subject: [PATCH 1/3] azurerm_cosmosdb_account: include key vault id in update requests for azure policy --- .../services/cosmos/cosmosdb_account_resource.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/azurerm/internal/services/cosmos/cosmosdb_account_resource.go b/azurerm/internal/services/cosmos/cosmosdb_account_resource.go index a2d973001aca..063e0b527913 100644 --- a/azurerm/internal/services/cosmos/cosmosdb_account_resource.go +++ b/azurerm/internal/services/cosmos/cosmosdb_account_resource.go @@ -534,6 +534,15 @@ func resourceArmCosmosDbAccountUpdate(d *schema.ResourceData, meta interface{}) Tags: tags.Expand(t), } + if keyVaultKeyIDRaw, ok := d.GetOk("key_vault_key_id"); ok { + keyVaultKey, err := azure.ParseKeyVaultChildIDVersionOptional(keyVaultKeyIDRaw.(string)) + if err != nil { + return fmt.Errorf("could not parse Key Vault Key ID: %+v", err) + } + keyVaultKeyURI := fmt.Sprintf("%skeys/%s", keyVaultKey.KeyVaultBaseUrl, keyVaultKey.Name) + account.DatabaseAccountCreateUpdateProperties.KeyVaultKeyURI = utils.String(keyVaultKeyURI) + } + if _, err = resourceArmCosmosDbAccountApiUpsert(client, ctx, resourceGroup, name, account, d); err != nil { return fmt.Errorf("Error updating CosmosDB Account %q properties (Resource Group %q): %+v", name, resourceGroup, err) } From 787a89cc8a47ab8c97f28f53177f531debe211d6 Mon Sep 17 00:00:00 2001 From: kt Date: Mon, 21 Dec 2020 11:04:04 -0800 Subject: [PATCH 2/3] add update test with a key vault uri --- .../cosmos/cosmosdb_account_resource.go | 2 +- .../cosmos/cosmosdb_account_resource_test.go | 33 ++++++++++++++++--- 2 files changed, 29 insertions(+), 6 deletions(-) diff --git a/azurerm/internal/services/cosmos/cosmosdb_account_resource.go b/azurerm/internal/services/cosmos/cosmosdb_account_resource.go index 063e0b527913..462c4a227257 100644 --- a/azurerm/internal/services/cosmos/cosmosdb_account_resource.go +++ b/azurerm/internal/services/cosmos/cosmosdb_account_resource.go @@ -542,7 +542,7 @@ func resourceArmCosmosDbAccountUpdate(d *schema.ResourceData, meta interface{}) keyVaultKeyURI := fmt.Sprintf("%skeys/%s", keyVaultKey.KeyVaultBaseUrl, keyVaultKey.Name) account.DatabaseAccountCreateUpdateProperties.KeyVaultKeyURI = utils.String(keyVaultKeyURI) } - + if _, err = resourceArmCosmosDbAccountApiUpsert(client, ctx, resourceGroup, name, account, d); err != nil { return fmt.Errorf("Error updating CosmosDB Account %q properties (Resource Group %q): %+v", name, resourceGroup, err) } diff --git a/azurerm/internal/services/cosmos/cosmosdb_account_resource_test.go b/azurerm/internal/services/cosmos/cosmosdb_account_resource_test.go index fc991a9845aa..63e0e4f5811f 100644 --- a/azurerm/internal/services/cosmos/cosmosdb_account_resource_test.go +++ b/azurerm/internal/services/cosmos/cosmosdb_account_resource_test.go @@ -97,11 +97,27 @@ func testAccAzureRMCosmosDBAccount_public_network_access_enabled(t *testing.T, k }) } -func TestAccAzureRMCosmosDBAccount_key_vault_uri(t *testing.T) { - testAccAzureRMCosmosDBAccount_key_vault_uri(t, documentdb.MongoDB, documentdb.Strong) + +func TestAccCosmosDBAccount_keyVaultUri(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_cosmosdb_account", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMCosmosDBAccountDestroy, + Steps: []resource.TestStep{ + { + Config: checkAccAzureRMCosmosDBAccount_key_vault_uri(data, documentdb.MongoDB, documentdb.Strong), + Check: resource.ComposeAggregateTestCheckFunc( + checkAccAzureRMCosmosDBAccount_basic(data, documentdb.Strong, 1), + ), + }, + data.ImportStep(), + }, + }) } -func testAccAzureRMCosmosDBAccount_key_vault_uri(t *testing.T, kind documentdb.DatabaseAccountKind, consistency documentdb.DefaultConsistencyLevel) { +func TestAccCosmosDBAccount_keyVaultUriUpdateConsistancy(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_cosmosdb_account", "test") resource.ParallelTest(t, resource.TestCase{ @@ -110,9 +126,16 @@ func testAccAzureRMCosmosDBAccount_key_vault_uri(t *testing.T, kind documentdb.D CheckDestroy: testCheckAzureRMCosmosDBAccountDestroy, Steps: []resource.TestStep{ { - Config: checkAccAzureRMCosmosDBAccount_key_vault_uri(data, kind, consistency), + Config: checkAccAzureRMCosmosDBAccount_key_vault_uri(data, documentdb.MongoDB, documentdb.Strong), Check: resource.ComposeAggregateTestCheckFunc( - checkAccAzureRMCosmosDBAccount_basic(data, consistency, 1), + checkAccAzureRMCosmosDBAccount_basic(data, documentdb.Strong, 1), + ), + }, + data.ImportStep(), + { + Config: checkAccAzureRMCosmosDBAccount_key_vault_uri(data, documentdb.MongoDB, documentdb.Session), + Check: resource.ComposeAggregateTestCheckFunc( + checkAccAzureRMCosmosDBAccount_basic(data, documentdb.Strong, 1), ), }, data.ImportStep(), From 69476e9ea2a36ee59e822a32a0f2675da1e73250 Mon Sep 17 00:00:00 2001 From: kt Date: Mon, 21 Dec 2020 11:07:45 -0800 Subject: [PATCH 3/3] make fmt --- .../internal/services/cosmos/cosmosdb_account_resource_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/azurerm/internal/services/cosmos/cosmosdb_account_resource_test.go b/azurerm/internal/services/cosmos/cosmosdb_account_resource_test.go index 63e0e4f5811f..cb969d665aca 100644 --- a/azurerm/internal/services/cosmos/cosmosdb_account_resource_test.go +++ b/azurerm/internal/services/cosmos/cosmosdb_account_resource_test.go @@ -97,7 +97,6 @@ func testAccAzureRMCosmosDBAccount_public_network_access_enabled(t *testing.T, k }) } - func TestAccCosmosDBAccount_keyVaultUri(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_cosmosdb_account", "test")