New data source: azurerm_network_service_tags (#6229)

Service Tags / address prefixes are useful when using firewall rules or UDRs in some scenarios.

azurerm/internal/services/network/client/client.go

@@ -29,6 +29,7 @@ type Client struct {
  RouteTablesClient *network.RouteTablesClient
  SecurityGroupClient *network.SecurityGroupsClient
  SecurityRuleClient *network.SecurityRulesClient
+ ServiceTagsClient *network.ServiceTagsClient
  SubnetsClient *network.SubnetsClient
  NatGatewayClient *network.NatGatewaysClient
  VnetGatewayConnectionsClient *network.VirtualNetworkGatewayConnectionsClient
@@ -126,6 +127,9 @@ func NewClient(o *common.ClientOptions) *Client {
  SecurityRuleClient := network.NewSecurityRulesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
  o.ConfigureClient(&SecurityRuleClient.Client, o.ResourceManagerAuthorizer)
 
+ ServiceTagsClient := network.NewServiceTagsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+ o.ConfigureClient(&ServiceTagsClient.Client, o.ResourceManagerAuthorizer)
+
  SubnetsClient := network.NewSubnetsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
  o.ConfigureClient(&SubnetsClient.Client, o.ResourceManagerAuthorizer)
 
@@ -177,6 +181,7 @@ func NewClient(o *common.ClientOptions) *Client {
  RouteTablesClient: &RouteTablesClient,
  SecurityGroupClient: &SecurityGroupClient,
  SecurityRuleClient: &SecurityRuleClient,
+ ServiceTagsClient: &ServiceTagsClient,
  SubnetsClient: &SubnetsClient,
  NatGatewayClient: &NatGatewayClient,
  VnetGatewayConnectionsClient: &VnetGatewayConnectionsClient,

azurerm/internal/services/network/data_source_network_service_tags.go

@@ -0,0 +1,113 @@
+package network
+
+import (
+ "fmt"
+ "strings"
+ "time"
+
+ "github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+ "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
+ "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
+ "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/location"
+ "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts"
+)
+
+func dataSourceNetworkServiceTags() *schema.Resource {
+ return &schema.Resource{
+ Read: dataSourceNetworkServiceTagsRead,
+
+ Timeouts: &schema.ResourceTimeout{
+ Read: schema.DefaultTimeout(5 * time.Minute),
+ },
+
+ Schema: map[string]*schema.Schema{
+ "location": azure.SchemaLocation(),
+
+ "service": {
+ Type: schema.TypeString,
+ Required: true,
+ },
+
+ "location_filter": {
+ Type: schema.TypeString,
+ Optional: true,
+ StateFunc: azure.NormalizeLocation,
+ DiffSuppressFunc: location.DiffSuppressFunc,
+ },
+
+ "address_prefixes": {
+ Type: schema.TypeList,
+ Computed: true,
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ },
+ }
+}
+
+func dataSourceNetworkServiceTagsRead(d *schema.ResourceData, meta interface{}) error {
+ client := meta.(*clients.Client).Network.ServiceTagsClient
+ ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
+ defer cancel()
+
+ location := azure.NormalizeLocation(d.Get("location"))
+ res, err := client.List(ctx, location)
+ if err != nil {
+ return fmt.Errorf("error listing network service tags: %+v", err)
+ }
+
+ if res.Values == nil {
+ return fmt.Errorf("unexpected nil value for service tag information")
+ }
+
+ service := d.Get("service").(string)
+ locationFilter := azure.NormalizeLocation(d.Get("location_filter"))
+
+ for _, sti := range *res.Values {
+ if sti.Name == nil || !isServiceTagOf(*sti.Name, service) {
+ continue
+ }
+
+ if props := sti.Properties; props != nil {
+ if props.Region == nil {
+ continue
+ }
+
+ if azure.NormalizeLocation(*props.Region) == locationFilter {
+ addressPrefixes := make([]string, 0)
+ if props.AddressPrefixes != nil {
+ addressPrefixes = *props.AddressPrefixes
+ }
+ err = d.Set("address_prefixes", addressPrefixes)
+ if err != nil {
+ return fmt.Errorf("error setting `address_prefixes`: %+v", err)
+ }
+
+ if sti.ID == nil {
+ return fmt.Errorf("unexcepted nil ID for service tag")
+ }
+
+ d.SetId(*sti.ID)
+ return nil
+ }
+ }
+ }
+ errSuffix := "globally"
+ if locationFilter != "" {
+ errSuffix = "for region " + locationFilter
+ }
+ return fmt.Errorf("specified service tag `%s` not found %s", service, errSuffix)
+}
+
+// isServiceTagOf is used to check whether a service tag name belongs to the service of name `serviceName`.
+// Service tag name has format as below:
+// - (regional) serviceName.locationName
+// - (all) serviceName
+func isServiceTagOf(stName, serviceName string) bool {
+ stNameComponents := strings.Split(stName, ".")
+ if len(stNameComponents) != 1 && len(stNameComponents) != 2 {
+ return false
+ }
+ return stNameComponents[0] == serviceName
+}

azurerm/internal/services/network/registration.go

@@ -39,6 +39,7 @@ func (r Registration) SupportedDataSources() map[string]*schema.Resource {
  "azurerm_public_ips": dataSourceArmPublicIPs(),
  "azurerm_public_ip_prefix": dataSourceArmPublicIpPrefix(),
  "azurerm_route_table": dataSourceArmRouteTable(),
+ "azurerm_network_service_tags": dataSourceNetworkServiceTags(),
  "azurerm_subnet": dataSourceArmSubnet(),
  "azurerm_virtual_hub": dataSourceArmVirtualHub(),
  "azurerm_virtual_network_gateway": dataSourceArmVirtualNetworkGateway(),

azurerm/internal/services/network/tests/data_source_network_service_tags_test.go

@@ -0,0 +1,57 @@
+package tests
+
+import (
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+ "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance"
+)
+
+func TestAccDataSourceAzureRMServiceTags_basic(t *testing.T) {
+ data := acceptance.BuildTestData(t, "data.azurerm_network_service_tags", "test")
+
+ resource.ParallelTest(t, resource.TestCase{
+ PreCheck: func() { acceptance.PreCheck(t) },
+ Providers: acceptance.SupportedProviders,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccDataSourceAzureRMServiceTags_basic(),
+ Check: resource.ComposeTestCheckFunc(
+ resource.TestCheckResourceAttr(data.ResourceName, "address_prefixes.#", "210"),
+ ),
+ },
+ },
+ })
+}
+
+func TestAccDataSourceAzureRMServiceTags_region(t *testing.T) {
+ data := acceptance.BuildTestData(t, "data.azurerm_network_service_tags", "test")
+
+ resource.ParallelTest(t, resource.TestCase{
+ PreCheck: func() { acceptance.PreCheck(t) },
+ Providers: acceptance.SupportedProviders,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccDataSourceAzureRMServiceTags_region(),
+ Check: resource.ComposeTestCheckFunc(
+ resource.TestCheckResourceAttr(data.ResourceName, "address_prefixes.#", "3"),
+ ),
+ },
+ },
+ })
+}
+
+func testAccDataSourceAzureRMServiceTags_basic() string {
+ return `data "azurerm_network_service_tags" "test" {
+ location = "northeurope"
+ service = "AzureKeyVault"
+}`
+}
+
+func testAccDataSourceAzureRMServiceTags_region() string {
+ return `data "azurerm_network_service_tags" "test" {
+ location = "northeurope"
+ service = "AzureKeyVault"
+ location_filter = "australiacentral"
+}`
+}

website/allowed-subcategories

@@ -14,7 +14,7 @@ Compute
 Container
 CosmosDB (DocumentDB)
 Cost Management
-Custom Provider
+Custom Providers
 DNS
 Data Explorer
 Data Factory

website/azurerm.erb

@@ -394,6 +394,10 @@
  <a href="/docs/providers/azurerm/d/netapp_snapshot.html">azurerm_netapp_snapshot</a>
  </li>
 
+ <li>
+ <a href="/docs/providers/azurerm/d/network_service_tags.html">azurerm_network_service_tags</a>
+ </li>
+
  <li>
  <a href="/docs/providers/azurerm/d/platform_image.html">azurerm_platform_image</a>
  </li>

website/docs/d/network_service_tags.html.markdown

@@ -0,0 +1,51 @@
+---
+subcategory: "Network"
+layout: "azurerm"
+page_title: "Azure Resource Manager: azurerm_network_service_tags"
+description: |-
+ Gets information about Service Tags for a specific service type.
+---
+
+# Data Source: azurerm__network_service_tags
+
+Use this data source to access information about Service Tags.
+
+## Example Usage
+
+```hcl
+data "azurerm_network_service_tags" "example" {
+ location = "West Europe"
+ service = "AzureKeyVault"
+ location_filter = "northeurope"
+}
+
+output "address_prefixes" {
+ value = data.azurerm_service_tags.example.address_prefixes
+}
+```
+
+## Arguments Reference
+
+The following arguments are supported:
+
+* `location` - (Required) The Azure Region where the Service Tags exists. This value is not used to filter the results but for specifying the region to request. For filtering by region use `location_filter` instead. More information can be found here: [Service Tags URL parameters](https://docs.microsoft.com/en-us/rest/api/virtualnetwork/servicetags/list#uri-parameters).
+
+* `service` - (Required) The type of the service for which address prefixes will be fetched. Available service tags can be found here: [Available service tags](https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overview#available-service-tags).
+
+---
+
+* `location_filter` - (Optional) Changes the scope of the service tags. Can be any value that is also valid for `location`. If this field is empty then all address prefixes are considered instead of only location specific ones.
+
+## Attributes Reference
+
+In addition to the Arguments listed above - the following Attributes are exported: 
+
+* `id` - The ID of this Service Tags block.
+
+* `address_prefixes` - List of address prefixes for the service type (and optionally a specific region).
+
+## Timeouts
+
+The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions:
+
+* `read` - (Defaults to 5 minutes) Used when retrieving the Service Tags.

website/docs/r/custom_provider.html.markdown

@@ -1,5 +1,5 @@
 ---
-subcategory: "Custom Provider"
+subcategory: "Custom Providers"
 layout: "azurerm"
 page_title: "Azure Resource Manager: azurerm_custom_provider"
 description: |-