Merge pull request #10438 from terraform-providers/b/role-assignment-…

…scope r/role_assignment: adding validation for `scope`
hashicorp · Feb 3, 2021 · 1cb613e · 1cb613e
2 parents c6e055e + 8885f54
commit 1cb613e
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 41 deletions.
diff --git a/.teamcity/components/settings.kt b/.teamcity/components/settings.kt
@@ -22,6 +22,9 @@ var serviceTestConfigurationOverrides = mapOf(
  // Spring Cloud only allows a max of 10 provisioned
  "appplatform" to testConfiguration(5, defaultStartHour),
 
+ // these tests all conflict with one another
+ "authorization" to testConfiguration(1, defaultStartHour),
+
  // The AKS API has a low rate limit
  "containers" to testConfiguration(5, defaultStartHour),
 

diff --git a/azurerm/internal/services/authorization/role_assignment_resource.go b/azurerm/internal/services/authorization/role_assignment_resource.go
@@ -12,8 +12,12 @@ import (
  "github.com/hashicorp/terraform-plugin-sdk/helper/resource"
  "github.com/hashicorp/terraform-plugin-sdk/helper/schema"
  "github.com/hashicorp/terraform-plugin-sdk/helper/validation"
+ "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
  "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf"
  "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
+ managementGroupValidate "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/managementgroup/validate"
+ resourceValidate "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/resource/validate"
+ subscriptionValidate "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/subscription/validate"
  "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/suppress"
  "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts"
  "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
@@ -48,6 +52,12 @@ func resourceArmRoleAssignment() *schema.Resource {
  Type: schema.TypeString,
  Required: true,
  ForceNew: true,
+ ValidateFunc: validation.Any(
+ managementGroupValidate.ManagementGroupID,
+ subscriptionValidate.SubscriptionID,
+ resourceValidate.ResourceGroupID,
+ azure.ValidateResourceID,
+ ),
  },
 
  "role_definition_id": {

diff --git a/azurerm/internal/services/authorization/role_assignment_resource_test.go b/azurerm/internal/services/authorization/role_assignment_resource_test.go
@@ -17,38 +17,7 @@ import (
 
 type RoleAssignmentResource struct{}
 
-func TestAccRoleAssignment(t *testing.T) {
- // NOTE: this is a combined test rather than separate split out tests due to
- // Azure only being happy about provisioning a couple at a time
- acceptance.RunTestsInSequence(t, map[string]map[string]func(t *testing.T){
- "basic": {
- "roleName": testAccRoleAssignment_roleName,
- "custom": testAccRoleAssignment_custom,
- },
- "basic_empty_name": {
- "emptyName": testAccRoleAssignment_emptyName,
- },
- "built_in": {
- "builtin": testAccRoleAssignment_builtin,
- },
- "data_actions": {
- "dataActions": testAccRoleAssignment_dataActions,
- },
- "requires_import": {
- "requiresImport": testAccRoleAssignment_requiresImport,
- },
- "assignment": {
- "sp": testAccActiveDirectoryServicePrincipal_servicePrincipal,
- "spType": testAccActiveDirectoryServicePrincipal_servicePrincipalWithType,
- "group": testAccActiveDirectoryServicePrincipal_group,
- },
- "management": {
- "assign": testAccRoleAssignment_managementGroup,
- },
- })
-}
-
-func testAccRoleAssignment_emptyName(t *testing.T) {
+func TestAccRoleAssignment_emptyName(t *testing.T) {
  data := acceptance.BuildTestData(t, "azurerm_role_assignment", "test")
  r := RoleAssignmentResource{}
 
@@ -64,7 +33,7 @@ func testAccRoleAssignment_emptyName(t *testing.T) {
  })
 }
 
-func testAccRoleAssignment_roleName(t *testing.T) {
+func TestAccRoleAssignment_roleName(t *testing.T) {
  data := acceptance.BuildTestData(t, "azurerm_role_assignment", "test")
  id := uuid.New().String()
 
@@ -83,7 +52,7 @@ func testAccRoleAssignment_roleName(t *testing.T) {
  })
 }
 
-func testAccRoleAssignment_requiresImport(t *testing.T) {
+func TestAccRoleAssignment_requiresImport(t *testing.T) {
  data := acceptance.BuildTestData(t, "azurerm_role_assignment", "test")
  id := uuid.New().String()
 
@@ -105,7 +74,7 @@ func testAccRoleAssignment_requiresImport(t *testing.T) {
  })
 }
 
-func testAccRoleAssignment_dataActions(t *testing.T) {
+func TestAccRoleAssignment_dataActions(t *testing.T) {
  data := acceptance.BuildTestData(t, "azurerm_role_assignment", "test")
  id := uuid.New().String()
 
@@ -123,7 +92,7 @@ func testAccRoleAssignment_dataActions(t *testing.T) {
  })
 }
 
-func testAccRoleAssignment_builtin(t *testing.T) {
+func TestAccRoleAssignment_builtin(t *testing.T) {
  data := acceptance.BuildTestData(t, "azurerm_role_assignment", "test")
  id := uuid.New().String()
 
@@ -140,7 +109,7 @@ func testAccRoleAssignment_builtin(t *testing.T) {
  })
 }
 
-func testAccRoleAssignment_custom(t *testing.T) {
+func TestAccRoleAssignment_custom(t *testing.T) {
  data := acceptance.BuildTestData(t, "azurerm_role_assignment", "test")
  roleDefinitionId := uuid.New().String()
  roleAssignmentId := uuid.New().String()
@@ -159,7 +128,7 @@ func testAccRoleAssignment_custom(t *testing.T) {
  })
 }
 
-func testAccActiveDirectoryServicePrincipal_servicePrincipal(t *testing.T) {
+func TestAccRoleAssignment_ServicePrincipal(t *testing.T) {
  data := acceptance.BuildTestData(t, "azurerm_role_assignment", "test")
  ri := acceptance.RandTimeInt()
  id := uuid.New().String()
@@ -177,7 +146,7 @@ func testAccActiveDirectoryServicePrincipal_servicePrincipal(t *testing.T) {
  })
 }
 
-func testAccActiveDirectoryServicePrincipal_servicePrincipalWithType(t *testing.T) {
+func TestAccRoleAssignment_ServicePrincipalWithType(t *testing.T) {
  data := acceptance.BuildTestData(t, "azurerm_role_assignment", "test")
  ri := acceptance.RandTimeInt()
  id := uuid.New().String()
@@ -194,7 +163,7 @@ func testAccActiveDirectoryServicePrincipal_servicePrincipalWithType(t *testing.
  })
 }
 
-func testAccActiveDirectoryServicePrincipal_group(t *testing.T) {
+func TestAccRoleAssignment_ServicePrincipalGroup(t *testing.T) {
  data := acceptance.BuildTestData(t, "azurerm_role_assignment", "test")
  ri := acceptance.RandTimeInt()
  id := uuid.New().String()
@@ -212,7 +181,7 @@ func testAccActiveDirectoryServicePrincipal_group(t *testing.T) {
 }
 
 // TODO - "real" management group with appropriate required for testing
-func testAccRoleAssignment_managementGroup(t *testing.T) {
+func TestAccRoleAssignment_managementGroup(t *testing.T) {
  data := acceptance.BuildTestData(t, "azurerm_role_assignment", "test")
  groupId := uuid.New().String()