new datasource azurerm_network_manager (#24398)

* new datasource network manager

* recover test

* go generate

.github/labeler-issue-triage.yml

@@ -244,7 +244,7 @@ service/netapp:
   - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_netapp_((.|\n)*)###'
 
 service/network:
-  - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_(application_gateway\W+|application_security_group\W+|bastion_host|custom_ip_prefix|express_route_|ip_group|local_network_gateway|nat_gateway|network_connection_monitor\W+|network_ddos_protection_plan\W+|network_interface\W+|network_interface_application_gateway_backend_address_pool_association\W+|network_interface_application_security_group_association\W+|network_interface_backend_address_pool_association\W+|network_interface_nat_rule_association\W+|network_interface_security_group_association\W+|network_manager\W+|network_manager_admin_rule\W+|network_manager_admin_rule_collection\W+|network_manager_connectivity_configuration\W+|network_manager_deployment\W+|network_manager_management_group_connection\W+|network_manager_network_group\W+|network_manager_network_group\W+|network_manager_scope_connection\W+|network_manager_security_admin_configuration\W+|network_manager_static_member\W+|network_manager_subscription_connection\W+|network_packet_capture\W+|network_profile\W+|network_security_group\W+|network_security_rule\W+|network_service_tags\W+|network_watcher\W+|network_watcher_flow_log\W+|point_to_site_vpn_gateway|private_endpoint\W+|private_endpoint_application_security_group_association\W+|private_endpoint_connection\W+|private_link_service\W+|private_link_service_endpoint_connections\W+|public_ip|route|subnet|virtual_hub\W+|virtual_hub_bgp_connection\W+|virtual_hub_connection\W+|virtual_hub_ip\W+|virtual_hub_route_table\W+|virtual_hub_route_table_route\W+|virtual_hub_routing_intent\W+|virtual_hub_security_partner_provider\W+|virtual_machine_packet_capture\W+|virtual_machine_scale_set_packet_capture\W+|virtual_network\W+|virtual_network_dns_servers\W+|virtual_network_gateway\W+|virtual_network_gateway_connection\W+|virtual_network_gateway_nat_rule\W+|virtual_network_peering\W+|virtual_wan\W+|vpn_|web_application_firewall_policy)((.|\n)*)###'
+  - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_(application_gateway\W+|application_security_group\W+|bastion_host|custom_ip_prefix|express_route_|ip_group|local_network_gateway|nat_gateway|network_connection_monitor\W+|network_ddos_protection_plan\W+|network_interface\W+|network_interface_application_gateway_backend_address_pool_association\W+|network_interface_application_security_group_association\W+|network_interface_backend_address_pool_association\W+|network_interface_nat_rule_association\W+|network_interface_security_group_association\W+|network_manager\W+|network_manager\W+|network_manager_admin_rule\W+|network_manager_admin_rule_collection\W+|network_manager_connectivity_configuration\W+|network_manager_deployment\W+|network_manager_management_group_connection\W+|network_manager_network_group\W+|network_manager_network_group\W+|network_manager_scope_connection\W+|network_manager_security_admin_configuration\W+|network_manager_static_member\W+|network_manager_subscription_connection\W+|network_packet_capture\W+|network_profile\W+|network_security_group\W+|network_security_rule\W+|network_service_tags\W+|network_watcher\W+|network_watcher_flow_log\W+|point_to_site_vpn_gateway|private_endpoint\W+|private_endpoint_application_security_group_association\W+|private_endpoint_connection\W+|private_link_service\W+|private_link_service_endpoint_connections\W+|public_ip|route|subnet|virtual_hub\W+|virtual_hub_bgp_connection\W+|virtual_hub_connection\W+|virtual_hub_ip\W+|virtual_hub_route_table\W+|virtual_hub_route_table_route\W+|virtual_hub_routing_intent\W+|virtual_hub_security_partner_provider\W+|virtual_machine_packet_capture\W+|virtual_machine_scale_set_packet_capture\W+|virtual_network\W+|virtual_network_dns_servers\W+|virtual_network_gateway\W+|virtual_network_gateway_connection\W+|virtual_network_gateway_nat_rule\W+|virtual_network_peering\W+|virtual_wan\W+|vpn_|web_application_firewall_policy)((.|\n)*)###'
 
 service/network-function:
   - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_network_function_((.|\n)*)###'

internal/services/network/network_manager_data_source.go

@@ -0,0 +1,169 @@
+package network
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/hashicorp/go-azure-helpers/lang/response"
+	"github.com/hashicorp/go-azure-helpers/resourcemanager/commonschema"
+	"github.com/hashicorp/go-azure-helpers/resourcemanager/location"
+	"github.com/hashicorp/go-azure-sdk/resource-manager/network/2023-06-01/networkmanagers"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/sdk"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation"
+	"github.com/hashicorp/terraform-provider-azurerm/utils"
+)
+
+type ManagerDataSource struct{}
+
+var _ sdk.DataSource = ManagerDataSource{}
+
+func (r ManagerDataSource) ResourceType() string {
+	return "azurerm_network_manager"
+}
+
+func (r ManagerDataSource) ModelObject() interface{} {
+	return &ManagerModel{}
+}
+
+func (r ManagerDataSource) Arguments() map[string]*pluginsdk.Schema {
+	return map[string]*pluginsdk.Schema{
+		"name": {
+			Type:         pluginsdk.TypeString,
+			Required:     true,
+			ValidateFunc: validation.StringIsNotEmpty,
+		},
+
+		"resource_group_name": commonschema.ResourceGroupNameForDataSource(),
+	}
+}
+
+func (r ManagerDataSource) Attributes() map[string]*pluginsdk.Schema {
+	return map[string]*pluginsdk.Schema{
+		"location": commonschema.LocationComputed(),
+
+		"scope": {
+			Type:     pluginsdk.TypeList,
+			Computed: true,
+			Elem: &pluginsdk.Resource{
+				Schema: map[string]*schema.Schema{
+					"management_group_ids": {
+						Type:     pluginsdk.TypeList,
+						Computed: true,
+						Elem: &pluginsdk.Schema{
+							Type: pluginsdk.TypeString,
+						},
+					},
+					"subscription_ids": {
+						Type:     pluginsdk.TypeList,
+						Computed: true,
+						Elem: &pluginsdk.Schema{
+							Type: pluginsdk.TypeString,
+						},
+					},
+				},
+			},
+		},
+
+		"scope_accesses": {
+			Type:     pluginsdk.TypeList,
+			Computed: true,
+			Elem: &pluginsdk.Schema{
+				Type: pluginsdk.TypeString,
+			},
+		},
+
+		"cross_tenant_scopes": {
+			Type:     pluginsdk.TypeList,
+			Computed: true,
+			Elem: &pluginsdk.Resource{
+				Schema: map[string]*pluginsdk.Schema{
+					"tenant_id": {
+						Type:     pluginsdk.TypeString,
+						Computed: true,
+					},
+					"subscriptions": {
+						Type:     pluginsdk.TypeList,
+						Computed: true,
+						Elem: &pluginsdk.Schema{
+							Type: pluginsdk.TypeString,
+						},
+					},
+					"management_groups": {
+						Type:     pluginsdk.TypeList,
+						Computed: true,
+						Elem: &pluginsdk.Schema{
+							Type: pluginsdk.TypeString,
+						},
+					},
+				},
+			},
+		},
+
+		"description": {
+			Type:     pluginsdk.TypeString,
+			Computed: true,
+		},
+
+		"tags": commonschema.TagsDataSource(),
+	}
+}
+
+func (r ManagerDataSource) Read() sdk.ResourceFunc {
+	return sdk.ResourceFunc{
+		Timeout: 5 * time.Minute,
+		Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error {
+			client := metadata.Client.Network.NetworkManagers
+			subscriptionId := metadata.Client.Account.SubscriptionId
+
+			var model ManagerModel
+			if err := metadata.Decode(&model); err != nil {
+				return fmt.Errorf("decoding: %+v", err)
+			}
+
+			id := networkmanagers.NewNetworkManagerID(subscriptionId, model.ResourceGroupName, model.Name)
+
+			existing, err := client.Get(ctx, id)
+			if err != nil {
+				if response.WasNotFound(existing.HttpResponse) {
+					return fmt.Errorf("%s does not exist", id)
+				}
+
+				return fmt.Errorf("retrieving %s: %+v", id, err)
+			}
+			if existing.Model == nil {
+				return fmt.Errorf("retrieving %s: model was nil", id)
+			}
+			if existing.Model.Properties == nil {
+				return fmt.Errorf("retrieving %s: model properties was nil", id)
+			}
+
+			properties := existing.Model.Properties
+			var description string
+			var scope []ManagerScopeModel
+			var ScopeAccesses []string
+			if properties.Description != nil {
+				description = *properties.Description
+			}
+			scope = flattenNetworkManagerScope(properties.NetworkManagerScopes)
+			ScopeAccesses = flattenNetworkManagerScopeAccesses(properties.NetworkManagerScopeAccesses)
+
+			state := ManagerModel{
+				CrossTenantScopes: flattenNetworkManagerCrossTenantScopes(properties.NetworkManagerScopes.CrossTenantScopes),
+				Description:       description,
+				Location:          location.NormalizeNilable(existing.Model.Location),
+				Name:              id.NetworkManagerName,
+				ResourceGroupName: id.ResourceGroupName,
+				ScopeAccesses:     ScopeAccesses,
+				Scope:             scope,
+				Tags:              utils.FlattenPtrMapStringString(existing.Model.Tags),
+			}
+
+			metadata.SetID(id)
+
+			return metadata.Encode(&state)
+		},
+	}
+}

internal/services/network/network_manager_data_source_test.go

@@ -0,0 +1,40 @@
+package network_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check"
+)
+
+type ManagerDataSource struct{}
+
+func testAccNetworkManagerDataSource_complete(t *testing.T) {
+	data := acceptance.BuildTestData(t, "data.azurerm_network_manager", "test")
+	d := ManagerDataSource{}
+	data.DataSourceTestInSequence(t, []acceptance.TestStep{
+		{
+			Config: d.complete(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).Key("location").IsNotEmpty(),
+				check.That(data.ResourceName).Key("description").IsNotEmpty(),
+				check.That(data.ResourceName).Key("scope_accesses.#").HasValue("2"),
+				check.That(data.ResourceName).Key("scope_accesses.0").HasValue("Connectivity"),
+				check.That(data.ResourceName).Key("scope.#").HasValue("1"),
+				check.That(data.ResourceName).Key("scope.0.subscription_ids.#").HasValue("1"),
+			),
+		},
+	})
+}
+
+func (d ManagerDataSource) complete(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+%s
+
+data "azurerm_network_manager" "test" {
+  name                = azurerm_network_manager.test.name
+  resource_group_name = azurerm_network_manager.test.resource_group_name
+}
+`, ManagerResource{}.complete(data))
+}

internal/services/network/network_manager_resource.go

@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/hashicorp/go-azure-helpers/lang/pointer"
 	"github.com/hashicorp/go-azure-helpers/lang/response"
 	"github.com/hashicorp/go-azure-helpers/resourcemanager/commonids"
 	"github.com/hashicorp/go-azure-helpers/resourcemanager/commonschema"
@@ -226,19 +227,20 @@ func (r ManagerResource) Read() sdk.ResourceFunc {
 			properties := resp.Model.Properties
 			var description string
 			var scope []ManagerScopeModel
-			var ScopeAccesses []string
+			var scopeAccesses []string
 			if properties.Description != nil {
 				description = *properties.Description
 			}
 			scope = flattenNetworkManagerScope(properties.NetworkManagerScopes)
-			ScopeAccesses = flattenNetworkManagerScopeAccesses(properties.NetworkManagerScopeAccesses)
+			scopeAccesses = flattenNetworkManagerScopeAccesses(properties.NetworkManagerScopeAccesses)
 
 			return metadata.Encode(&ManagerModel{
+				CrossTenantScopes: flattenNetworkManagerCrossTenantScopes(properties.NetworkManagerScopes.CrossTenantScopes),
 				Description:       description,
 				Location:          location.NormalizeNilable(resp.Model.Location),
 				Name:              id.NetworkManagerName,
 				ResourceGroupName: id.ResourceGroupName,
-				ScopeAccesses:     ScopeAccesses,
+				ScopeAccesses:     scopeAccesses,
 				Scope:             scope,
 				Tags:              utils.FlattenPtrMapStringString(resp.Model.Tags),
 			})
@@ -361,3 +363,19 @@ func flattenNetworkManagerScopeAccesses(input []networkmanagers.ConfigurationTyp
 	}
 	return result
 }
+
+func flattenNetworkManagerCrossTenantScopes(input *[]networkmanagers.CrossTenantScopes) []ManagerCrossTenantScopeModel {
+	if input == nil {
+		return make([]ManagerCrossTenantScopeModel, 0)
+	}
+
+	var results []ManagerCrossTenantScopeModel
+	for _, v := range *input {
+		results = append(results, ManagerCrossTenantScopeModel{
+			TenantId:         pointer.From(v.TenantId),
+			ManagementGroups: flattenStringSlicePtr(v.ManagementGroups),
+			Subscriptions:    flattenStringSlicePtr(v.Subscriptions),
+		})
+	}
+	return results
+}

internal/services/network/network_manager_resource_test.go

@@ -30,6 +30,7 @@ func TestAccNetworkManager(t *testing.T) {
 			"complete":       testAccNetworkManager_complete,
 			"update":         testAccNetworkManager_update,
 			"requiresImport": testAccNetworkManager_requiresImport,
+			"dataSource":     testAccNetworkManagerDataSource_complete,
 		},
 		"NetworkGroup": {
 			"basic":          testAccNetworkManagerNetworkGroup_basic,

internal/services/network/registration.go

@@ -33,6 +33,7 @@ func (r Registration) WebsiteCategories() []string {
 
 func (r Registration) DataSources() []sdk.DataSource {
 	return []sdk.DataSource{
+		ManagerDataSource{},
 		ManagerNetworkGroupDataSource{},
 	}
 }

website/docs/d/network_manager.html.markdown

@@ -0,0 +1,91 @@
+---
+subcategory: "Network"
+layout: "azurerm"
+page_title: "Azure Resource Manager: azurerm_network_manager"
+description: |-
+  Get information about an existing Network Manager.
+---
+
+# azurerm_network_manager
+
+Use this data source to access information about a Network Manager.
+
+## Example Usage
+
+```hcl
+resource "azurerm_resource_group" "example" {
+  name     = "example-resources"
+  location = "West Europe"
+}
+
+data "azurerm_subscription" "current" {
+}
+
+resource "azurerm_network_manager" "example" {
+  name                = "example-network-manager"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+  scope {
+    subscription_ids = [data.azurerm_subscription.current.id]
+  }
+  scope_accesses = ["Connectivity", "SecurityAdmin"]
+  description    = "example network manager"
+}
+
+data "azurerm_network_manager" "example" {
+  name                = azurerm_network_manager.example.name
+  resource_group_name = azurerm_network_manager.example.resource_group_name
+}
+```
+
+## Arguments Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name of the Network Manager.
+
+* `resource_group_name` - (Required) The Name of the Resource Group where the Network Manager exists.
+
+
+## Attributes Reference
+
+In addition to the Arguments listed above - the following Attributes are exported:
+
+* `id` - The ID of the Network Manager.
+
+* `cross_tenant_scopes` - One or more `cross_tenant_scopes` blocks as defined below.
+
+* `description` - A description of the Network Manager.
+
+* `location` - The Azure Region where the Network Manager exists.
+
+* `scope` - A `scope` block as defined below.
+
+* `scope_accesses` - A list of configuration deployment type configured on the Network Manager.
+
+* `tags` - A mapping of tags assigned to the Network Manager.
+
+---
+
+A `scope` block exports the following:
+
+* `management_group_ids` - A list of management group IDs used a scope for the Network Manager.
+
+* `subscription_ids` - A list of subscription IDs used as the scope for the Network Manager.
+
+---
+
+A `cross_tenant_scopes` block exports the following:
+
+* `management_groups` - A list of management groups used as cross tenant scope for the Network Manager.
+
+* `subscriptions` - A list of subscriptions used as cross tenant scope for the Network Manager.
+
+* `tenant_id` - The tenant ID of the cross tenant scope.
+
+
+## Timeouts
+
+The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/language/resources/syntax#operation-timeouts) for certain actions:
+
+* `read` - (Defaults to 5 minutes) Used when retrieving the Network Manager.

website/docs/r/network_manager.html.markdown

@@ -71,7 +71,7 @@ In addition to the Arguments listed above - the following Attributes are exporte
 
 * `id` - The ID of the Network Managers.
 
-* `cross_tenant_scopes` - A `cross_tenant_scopes` block as defined below.
+* `cross_tenant_scopes` - One or more `cross_tenant_scopes` blocks as defined below.
 
 ---