Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_trusted_signing_account - new resource support #27720

Merged
merged 8 commits into from
Oct 31, 2024

Conversation

ziyeqf
Copy link
Contributor

@ziyeqf ziyeqf commented Oct 22, 2024

Community Note

  • Please vote on this PR by adding a 👍 reaction to the original PR to help the community and maintainers prioritize for review
  • Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for PR followers and do not help prioritize for review

Description

Add new resource azurerm_trusted_signing_account per the document: https://learn.microsoft.com/en-us/azure/trusted-signing/concept-trusted-signing-resources-roles
The resource provider is named "Microsoft.Codesigning", however the name on Microsoft document is "Trusted signing", so I named this resource to `azurerm_trusted_signing_account"

PR Checklist

  • I have followed the guidelines in our Contributing Documentation.
  • I have checked to ensure there aren't other open Pull Requests for the same update/change.
  • I have checked if my changes close any open issues. If so please include appropriate closing keywords below.
  • I have updated/added Documentation as required written in a helpful and kind way to assist users that may be unfamiliar with the resource / data source.
  • I have used a meaningful PR title to help maintainers and other users understand this change and help prevent duplicate work.
    For example: “resource_name_here - description of change e.g. adding property new_property_name_here

Changes to existing Resource / Data Source

  • I have added an explanation of what my changes do and why I'd like you to include them (This may be covered by linking to an issue above, but may benefit from additional explanation).
  • I have written new tests for my resource or datasource changes & updated any relevent documentation.
  • I have successfully run tests with my changes locally. If not, please provide details on testing challenges that prevented you running the tests.
  • (For changes that include a state migration only). I have manually tested the migration path between relevant versions of the provider.

Testing

  • My submission includes Test coverage as described in the Contribution Guide and the tests pass. (if this is not possible for any reason, please include details of why you did or could not add test coverage)
❯❯ tftest codesigning TestAccTrustedSigningAccount
=== RUN   TestAccTrustedSigningAccount_basic
=== PAUSE TestAccTrustedSigningAccount_basic
=== RUN   TestAccTrustedSigningAccount_update
=== PAUSE TestAccTrustedSigningAccount_update
=== RUN   TestAccTrustedSigningAccount_complete
=== PAUSE TestAccTrustedSigningAccount_complete
=== CONT  TestAccTrustedSigningAccount_basic
=== CONT  TestAccTrustedSigningAccount_complete
=== CONT  TestAccTrustedSigningAccount_update
--- PASS: TestAccTrustedSigningAccount_update (412.25s)
--- PASS: TestAccTrustedSigningAccount_complete (413.04s)
--- PASS: TestAccTrustedSigningAccount_basic (413.31s)
PASS
ok  	github.com/hashicorp/terraform-provider-azurerm/internal/services/codesigning	413.386s

Change Log

Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.

  • azurerm_trusted_signing_account - new resource support [GH-00000]

This is a (please select all that apply):

  • Bug Fix
  • New Feature (ie adding a service, resource, or data source)
  • Enhancement
  • Breaking Change

Related Issue(s)

Fixes #26388

Note

If this PR changes meaningfully during the course of review please update the title and description as required.

Copy link
Collaborator

@magodo magodo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this PR!
I've taken a look through and left some comments inline, but this is mostly looking good to me 👍

@ziyeqf
Copy link
Contributor Author

ziyeqf commented Oct 23, 2024

test result after update

❯❯ tftest codesigning TestAccTrustedSigningAccount
=== RUN   TestAccTrustedSigningAccount_basic
=== PAUSE TestAccTrustedSigningAccount_basic
=== RUN   TestAccTrustedSigningAccount_update
=== PAUSE TestAccTrustedSigningAccount_update
=== RUN   TestAccTrustedSigningAccount_complete
=== PAUSE TestAccTrustedSigningAccount_complete
=== CONT  TestAccTrustedSigningAccount_basic
=== CONT  TestAccTrustedSigningAccount_complete
=== CONT  TestAccTrustedSigningAccount_update
--- PASS: TestAccTrustedSigningAccount_complete (487.05s)
--- PASS: TestAccTrustedSigningAccount_basic (490.52s)
--- PASS: TestAccTrustedSigningAccount_update (669.03s)
PASS
ok  	github.com/hashicorp/terraform-provider-azurerm/internal/services/codesigning	669.104s

@ziyeqf ziyeqf marked this pull request as ready for review October 23, 2024 05:52
@magodo
Copy link
Collaborator

magodo commented Oct 23, 2024

LGTM now, thank you!

@ziyeqf ziyeqf requested review from katbyte and a team as code owners October 23, 2024 05:52
Copy link
Member

@stephybun stephybun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ziyeqf please fix up the comments left in-line

go.mod Outdated
Comment on lines 20 to 21
github.com/hashicorp/go-azure-sdk/resource-manager v0.20241017.1093842
github.com/hashicorp/go-azure-sdk/sdk v0.20241017.1093842
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updating the go-azure-sdk should be done in a separate PR otherwise we end up causing conflicts like has happened here.


var model TruestedSigningAccountModel
if err := meta.Decode(&model); err != nil {
return err
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These errors should be wrapped

Suggested change
return err
return fmt.Errorf("decoding: %+v", err)

Comment on lines 103 to 110
req := codesigningaccounts.CodeSigningAccount{}
req.Name = &model.Name
req.Location = model.Location
req.Properties = pointer.To(codesigningaccounts.CodeSigningAccountProperties{})
req.Properties.Sku = pointer.To(codesigningaccounts.AccountSku{
Name: codesigningaccounts.SkuName(model.SkuName),
})
req.Tags = &model.Tags
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please update this to

Suggested change
req := codesigningaccounts.CodeSigningAccount{}
req.Name = &model.Name
req.Location = model.Location
req.Properties = pointer.To(codesigningaccounts.CodeSigningAccountProperties{})
req.Properties.Sku = pointer.To(codesigningaccounts.AccountSku{
Name: codesigningaccounts.SkuName(model.SkuName),
})
req.Tags = &model.Tags
req := codesigningaccounts.CodeSigningAccount{
Name: &model.Name
Location: location.Normalize(model.Location)
Tags: &model.Tags
Properties: &codesigningaccounts.CodeSigningAccountProperties{
Sku: &codesigningaccounts.AccountSku{
Name: codesigningaccounts.SkuName(model.SkuName),
}
}
}

client := meta.Client.CodeSigning.Client.CodeSigningAccounts
result, err := client.Get(ctx, *id)
if err != nil {
return err
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return err
return fmt.Errorf("retrieving %s: %+v", id, err)

Comment on lines 138 to 158
if result.Model == nil {
return fmt.Errorf("retrieving %s got nil model", id)
}
var output TruestedSigningAccountModel
output.Name = id.CodeSigningAccountName
output.ResourceGroupName = id.ResourceGroupName

if result.Model == nil {
return fmt.Errorf("Get response nil Model")
}
model := result.Model
output.Location = model.Location
output.Tags = pointer.From(model.Tags)
if ptrProp := model.Properties; ptrProp != nil {
itemProp := *ptrProp
output.AccountUri = pointer.From(itemProp.AccountUri)
if ptrSku := itemProp.Sku; ptrSku != nil {
itemSku := *ptrSku
output.SkuName = string(itemSku.Name)
}
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't error if the model is nil in the read, yet we're doing it twice here. This is also inconsistent with our contributor guidelines and the rest of the provider. Please refactor this

Suggested change
if result.Model == nil {
return fmt.Errorf("retrieving %s got nil model", id)
}
var output TruestedSigningAccountModel
output.Name = id.CodeSigningAccountName
output.ResourceGroupName = id.ResourceGroupName
if result.Model == nil {
return fmt.Errorf("Get response nil Model")
}
model := result.Model
output.Location = model.Location
output.Tags = pointer.From(model.Tags)
if ptrProp := model.Properties; ptrProp != nil {
itemProp := *ptrProp
output.AccountUri = pointer.From(itemProp.AccountUri)
if ptrSku := itemProp.Sku; ptrSku != nil {
itemSku := *ptrSku
output.SkuName = string(itemSku.Name)
}
}
var output TruestedSigningAccountModel
output.Name = id.CodeSigningAccountName
output.ResourceGroupName = id.ResourceGroupName
if model := result.Model; model != nil {
output.Location = location.Normalize(model.Location)
output.Tags = pointer.From(model.Tags)
if props := model.Properties; props != nil {
output.AccountUri = pointer.From(props.AccountUri)
if sku := props.Sku; sku != nil {
output.SkuName = string(sku.Name)
}
}
}

}
resp, err := client.CodeSigning.Client.CodeSigningAccounts.Get(ctx, *id)
if err != nil {
return nil, fmt.Errorf("retrieving TrustedSigningAccount %s: %+v", id, err)
Copy link
Member

@stephybun stephybun Oct 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return nil, fmt.Errorf("retrieving TrustedSigningAccount %s: %+v", id, err)
return nil, fmt.Errorf("retrieving %s: %+v", id, err)

if err != nil {
return nil, fmt.Errorf("retrieving TrustedSigningAccount %s: %+v", id, err)
}
return utils.Bool(resp.Model != nil), nil
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return utils.Bool(resp.Model != nil), nil
return pointer.To(resp.Model != nil), nil

var _ sdk.TypedServiceRegistration = Registration{}

func (r Registration) AssociatedGitHubLabel() string {
return "service/codesigning"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should probably just call this

Suggested change
return "service/codesigning"
return "service/trustedsigning"


The following arguments are supported:

* `name` - (Required) The name which should be used for this Trusted Signing. Changing this forces a new Trusted Signing Account to be created.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please update all instances of Trusted Signing to Trusted Signing Account

Suggested change
* `name` - (Required) The name which should be used for this Trusted Signing. Changing this forces a new Trusted Signing Account to be created.
* `name` - (Required) The name which should be used for this Trusted Signing Account. Changing this forces a new Trusted Signing Account to be created.


* `id` - The ID of the Trusted Signing.

* `account_uri` - The URI of the trusted signing account which is used during signing files.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please be consistent with the casing throughout the documentation

Suggested change
* `account_uri` - The URI of the trusted signing account which is used during signing files.
* `account_uri` - The URI of the Trusted Signing Account which is used during signing files.

@ziyeqf
Copy link
Contributor Author

ziyeqf commented Oct 31, 2024

I'm not sure why the CI failed for a change on .github/labeler-pull-request-triage.yml beyond this RP by make generate, seems not related.

and here is the new test result:

❯❯ tftest codesigning TestAccTrustedSigningAccount
=== RUN   TestAccTrustedSigningAccount_basic
=== PAUSE TestAccTrustedSigningAccount_basic
=== RUN   TestAccTrustedSigningAccount_update
=== PAUSE TestAccTrustedSigningAccount_update
=== RUN   TestAccTrustedSigningAccount_complete
=== PAUSE TestAccTrustedSigningAccount_complete
=== CONT  TestAccTrustedSigningAccount_basic
=== CONT  TestAccTrustedSigningAccount_complete
=== CONT  TestAccTrustedSigningAccount_update
--- PASS: TestAccTrustedSigningAccount_basic (412.82s)
--- PASS: TestAccTrustedSigningAccount_complete (413.86s)
--- PASS: TestAccTrustedSigningAccount_update (542.41s)
PASS
ok  	github.com/hashicorp/terraform-provider-azurerm/internal/services/codesigning	542.497s


req := codesigningaccounts.CodeSigningAccount{
Name: &model.Name,
Location: model.Location,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Forgot to normalize this one as well, we normalize when building the payload as well as before setting into state

Suggested change
Location: model.Location,
Location: location.Normalize(model.Location),

Copy link
Member

@stephybun stephybun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @ziyeqf LGTM 🍀
image

@stephybun stephybun merged commit 2d8b22f into hashicorp:main Oct 31, 2024
33 of 34 checks passed
@github-actions github-actions bot added this to the v4.8.0 milestone Oct 31, 2024
stephybun added a commit that referenced this pull request Oct 31, 2024
Copy link

github-actions bot commented Dec 2, 2024

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 2, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support for Azure Trusted Signing Account
4 participants