New Resource/New Data Source: azurerm_attestation_provider

azurerm/internal/clients/client.go

@@ -12,6 +12,7 @@ import (
 	appConfiguration "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/appconfiguration/client"
 	applicationInsights "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/applicationinsights/client"
 	appPlatform "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/appplatform/client"
+	attestation "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/attestation/client"
 	authorization "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/authorization/client"
 	automation "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/automation/client"
 	batch "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/batch/client"
@@ -97,6 +98,7 @@ type Client struct {
 	AppConfiguration      *appConfiguration.Client
 	AppInsights           *applicationInsights.Client
 	AppPlatform           *appPlatform.Client
+	Attestation           *attestation.Client
 	Authorization         *authorization.Client
 	Automation            *automation.Client
 	Batch                 *batch.Client
@@ -183,6 +185,7 @@ func (client *Client) Build(ctx context.Context, o *common.ClientOptions) error
 	client.AppConfiguration = appConfiguration.NewClient(o)
 	client.AppInsights = applicationInsights.NewClient(o)
 	client.AppPlatform = appPlatform.NewClient(o)
+	client.Attestation = attestation.NewClient(o)
 	client.Authorization = authorization.NewClient(o)
 	client.Automation = automation.NewClient(o)
 	client.Batch = batch.NewClient(o)

azurerm/internal/provider/services.go

@@ -7,6 +7,7 @@ import (
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/appconfiguration"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/applicationinsights"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/appplatform"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/attestation"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/authorization"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/automation"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/batch"
@@ -90,6 +91,7 @@ func SupportedServices() []common.ServiceRegistration {
 		appconfiguration.Registration{},
 		appplatform.Registration{},
 		applicationinsights.Registration{},
+		attestation.Registration{},
 		authorization.Registration{},
 		automation.Registration{},
 		batch.Registration{},

azurerm/internal/services/attestation/attestation_provider_data_source.go

@@ -0,0 +1,80 @@
+package attestation
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/location"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tags"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func dataSourceAttestationProvider() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceArmAttestationProviderRead,
+
+		Timeouts: &schema.ResourceTimeout{
+			Read: schema.DefaultTimeout(5 * time.Minute),
+		},
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+
+			"resource_group_name": azure.SchemaResourceGroupNameForDataSource(),
+
+			"location": azure.SchemaLocationForDataSource(),
+
+			"attestation_uri": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"trust_model": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"tags": tags.SchemaDataSource(),
+		},
+	}
+}
+
+func dataSourceArmAttestationProviderRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).Attestation.ProviderClient
+	ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	name := d.Get("name").(string)
+	resourceGroup := d.Get("resource_group_name").(string)
+
+	resp, err := client.Get(ctx, resourceGroup, name)
+	if err != nil {
+		if utils.ResponseWasNotFound(resp.Response) {
+			return fmt.Errorf("Attestation Provider %q (Resource Group %q) was not found", name, resourceGroup)
+		}
+		return fmt.Errorf("retrieving Attestation %q (Resource Group %q): %+v", name, resourceGroup, err)
+	}
+
+	d.Set("name", name)
+	d.Set("resource_group_name", resourceGroup)
+	d.Set("location", location.NormalizeNilable(resp.Location))
+
+	if props := resp.StatusResult; props != nil {
+		d.Set("attestation_uri", props.AttestURI)
+		d.Set("trust_model", props.TrustModel)
+	}
+
+	if resp.ID == nil || *resp.ID == "" {
+		return fmt.Errorf("empty or nil ID returned for Attestation Provider %q (Resource Group %q)", name, resourceGroup)
+	}
+	d.SetId(*resp.ID)
+
+	return tags.FlattenAndSet(d, resp.Tags)
+}

azurerm/internal/services/attestation/attestation_provider_resource.go

@@ -0,0 +1,227 @@
+package attestation
+
+import (
+	"encoding/base64"
+	"encoding/pem"
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/Azure/azure-sdk-for-go/services/preview/attestation/mgmt/2018-09-01-preview/attestation"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/location"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/attestation/parse"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/attestation/validate"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tags"
+	azSchema "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/schema"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func resourceArmAttestationProvider() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceArmAttestationProviderCreate,
+		Read:   resourceArmAttestationProviderRead,
+		Update: resourceArmAttestationProviderUpdate,
+		Delete: resourceArmAttestationProviderDelete,
+
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(30 * time.Minute),
+			Read:   schema.DefaultTimeout(5 * time.Minute),
+			Update: schema.DefaultTimeout(30 * time.Minute),
+			Delete: schema.DefaultTimeout(30 * time.Minute),
+		},
+
+		Importer: azSchema.ValidateResourceIDPriorToImport(func(id string) error {
+			_, err := parse.AttestationId(id)
+			return err
+		}),
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validate.AttestationName,
+			},
+
+			"resource_group_name": azure.SchemaResourceGroupName(),
+
+			"location": azure.SchemaLocation(),
+
+			"policy_signing_certificate_data": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ForceNew:     true,
+				ValidateFunc: validate.IsCert,
+			},
+
+			"tags": tags.Schema(),
+
+			"attestation_uri": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"trust_model": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+func resourceArmAttestationProviderCreate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).Attestation.ProviderClient
+	ctx, cancel := timeouts.ForCreate(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	name := d.Get("name").(string)
+	resourceGroup := d.Get("resource_group_name").(string)
+
+	existing, err := client.Get(ctx, resourceGroup, name)
+	if err != nil {
+		if !utils.ResponseWasNotFound(existing.Response) {
+			return fmt.Errorf("checking for presence of existing Attestation Provider %q (Resource Group %q): %+v", name, resourceGroup, err)
+		}
+	}
+	if existing.ID != nil && *existing.ID != "" {
+		return tf.ImportAsExistsError("azurerm_attestation_provider", *existing.ID)
+	}
+
+	props := attestation.ServiceCreationParams{
+		Location:   utils.String(location.Normalize(d.Get("location").(string))),
+		Properties: &attestation.ServiceCreationSpecificParams{
+			// AttestationPolicy was deprecated in October of 2019
+		},
+		Tags: tags.Expand(d.Get("tags").(map[string]interface{})),
+	}
+
+	// NOTE: This maybe an slice in a future release or even a slice of slices
+	//       The service team does not currently have any user data for this
+	//       resource.
+	policySigningCertificate := d.Get("policy_signing_certificate_data").(string)
+
+	if policySigningCertificate != "" {
+		block, _ := pem.Decode([]byte(policySigningCertificate))
+		if block == nil {
+			return fmt.Errorf("invalid X.509 certificate, unable to decode")
+		}
+
+		v := base64.StdEncoding.EncodeToString(block.Bytes)
+		props.Properties.PolicySigningCertificates = expandArmAttestationProviderJSONWebKeySet(v)
+	}
+
+	if _, err := client.Create(ctx, resourceGroup, name, props); err != nil {
+		return fmt.Errorf("creating Attestation Provider %q (Resource Group %q): %+v", name, resourceGroup, err)
+	}
+
+	resp, err := client.Get(ctx, resourceGroup, name)
+	if err != nil {
+		return fmt.Errorf("retrieving Attestation Provider %q (Resource Group %q): %+v", name, resourceGroup, err)
+	}
+
+	if resp.ID == nil || *resp.ID == "" {
+		return fmt.Errorf("empty or nil ID returned for Attestation Provider %q (Resource Group %q)", name, resourceGroup)
+	}
+
+	d.SetId(*resp.ID)
+	return resourceArmAttestationProviderRead(d, meta)
+}
+
+func resourceArmAttestationProviderRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).Attestation.ProviderClient
+	ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	id, err := parse.AttestationId(d.Id())
+	if err != nil {
+		return err
+	}
+
+	resp, err := client.Get(ctx, id.ResourceGroup, id.Name)
+	if err != nil {
+		if utils.ResponseWasNotFound(resp.Response) {
+			log.Printf("[INFO] attestation %q does not exist - removing from state", d.Id())
+			d.SetId("")
+			return nil
+		}
+		return fmt.Errorf("retrieving Attestation Provider %q (Resource Group %q): %+v", id.Name, id.ResourceGroup, err)
+	}
+
+	d.Set("name", id.Name)
+	d.Set("resource_group_name", id.ResourceGroup)
+	d.Set("location", location.NormalizeNilable(resp.Location))
+
+	if props := resp.StatusResult; props != nil {
+		d.Set("attestation_uri", props.AttestURI)
+		d.Set("trust_model", props.TrustModel)
+	}
+
+	return tags.FlattenAndSet(d, resp.Tags)
+}
+
+func resourceArmAttestationProviderUpdate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).Attestation.ProviderClient
+	ctx, cancel := timeouts.ForUpdate(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	id, err := parse.AttestationId(d.Id())
+	if err != nil {
+		return err
+	}
+
+	updateParams := attestation.ServicePatchParams{}
+	if d.HasChange("tags") {
+		updateParams.Tags = tags.Expand(d.Get("tags").(map[string]interface{}))
+	}
+
+	if _, err := client.Update(ctx, id.ResourceGroup, id.Name, updateParams); err != nil {
+		return fmt.Errorf("updating Attestation Provider %q (Resource Group %q): %+v", id.Name, id.ResourceGroup, err)
+	}
+	return resourceArmAttestationProviderRead(d, meta)
+}
+
+func resourceArmAttestationProviderDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).Attestation.ProviderClient
+	ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	id, err := parse.AttestationId(d.Id())
+	if err != nil {
+		return err
+	}
+
+	if _, err := client.Delete(ctx, id.ResourceGroup, id.Name); err != nil {
+		return fmt.Errorf("deleting Attestation Provider %q (Resource Group %q): %+v", id.Name, id.ResourceGroup, err)
+	}
+	return nil
+}
+
+func expandArmAttestationProviderJSONWebKeySet(pem string) *attestation.JSONWebKeySet {
+	if len(pem) == 0 {
+		return nil
+	}
+
+	result := attestation.JSONWebKeySet{
+		Keys: expandArmAttestationProviderJSONWebKeyArray(pem),
+	}
+
+	return &result
+}
+
+func expandArmAttestationProviderJSONWebKeyArray(pem string) *[]attestation.JSONWebKey {
+	results := make([]attestation.JSONWebKey, 0)
+	certs := []string{pem}
+
+	result := attestation.JSONWebKey{
+		Kty: utils.String("RSA"),
+		X5c: &certs,
+	}
+
+	results = append(results, result)
+
+	return &results
+}

azurerm/internal/services/attestation/client/client.go

@@ -0,0 +1,19 @@
+package client
+
+import (
+	"github.com/Azure/azure-sdk-for-go/services/preview/attestation/mgmt/2018-09-01-preview/attestation"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/common"
+)
+
+type Client struct {
+	ProviderClient *attestation.ProvidersClient
+}
+
+func NewClient(o *common.ClientOptions) *Client {
+	providerClient := attestation.NewProvidersClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+	o.ConfigureClient(&providerClient.Client, o.ResourceManagerAuthorizer)
+
+	return &Client{
+		ProviderClient: &providerClient,
+	}
+}