Merge pull request #1213 from xuzhang3/f/azurestack

`azuredevops_serviceendpoint_azurerm` - Add support for `server_url` and `AzurSstack`
microsoft · Nov 6, 2024 · 6034d44 · 6034d44
2 parents c226e83 + 1f8fbe1
commit 6034d44
Show file tree

Hide file tree

Showing 5 changed files with 94 additions and 14 deletions.
diff --git a/azuredevops/internal/acceptancetests/resource_serviceendpoint_azurerm_test.go b/azuredevops/internal/acceptancetests/resource_serviceendpoint_azurerm_test.go
@@ -360,3 +360,58 @@ func TestAccServiceEndpointAzureRm_ManagedServiceIdentity_CreateAndUpdate(t *tes
 		},
 	})
 }
+
+func TestAccServiceEndpointAzureRm_azureStack(t *testing.T) {
+	projectName := testutils.GenerateResourceName()
+	serviceEndpointName := testutils.GenerateResourceName()
+
+	tfNode := "azuredevops_serviceendpoint_azurerm.test"
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testutils.PreCheck(t, nil) },
+		Providers:    testutils.GetProviders(),
+		CheckDestroy: testutils.CheckServiceEndpointDestroyed("azuredevops_serviceendpoint_azurerm"),
+		Steps: []resource.TestStep{
+			{
+				Config: hclAzureRMServiceEndpointEnvironmentAzureStack(projectName, serviceEndpointName),
+				Check: resource.ComposeTestCheckFunc(
+					testutils.CheckServiceEndpointExistsWithName(tfNode, serviceEndpointName),
+					resource.TestCheckResourceAttrSet(tfNode, "project_id"),
+					resource.TestCheckResourceAttrSet(tfNode, "azurerm_spn_tenantid"),
+					resource.TestCheckResourceAttrSet(tfNode, "azurerm_subscription_id"),
+					resource.TestCheckResourceAttrSet(tfNode, "azurerm_subscription_name"),
+					resource.TestCheckResourceAttrSet(tfNode, "server_url"),
+					resource.TestCheckResourceAttr(tfNode, "service_endpoint_name", serviceEndpointName),
+				),
+			},
+			{
+				ResourceName:            tfNode,
+				ImportStateIdFunc:       testutils.ComputeProjectQualifiedResourceImportID(tfNode),
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"credentials.0.serviceprincipalkey"},
+			},
+		},
+	})
+}
+
+func hclAzureRMServiceEndpointEnvironmentAzureStack(projectName, serviceEndpointName string) string {
+	return fmt.Sprintf(`
+resource "azuredevops_project" "test" {
+	name       = "%s"
+}
+
+resource "azuredevops_serviceendpoint_azurerm" "test" {
+  project_id                             = azuredevops_project.test.id
+  service_endpoint_name                  = "%s"
+  environment = "AzureStack"
+  server_url = "https://www.azuredevops.com"
+  azurerm_spn_tenantid                   = "00000000-0000-0000-0000-000000000000"
+  azurerm_subscription_id                = "00000000-0000-0000-0000-000000000000"
+  azurerm_subscription_name              = "Test Sub"
+  credentials {
+     serviceprincipalid  = "00000000-0000-0000-0000-000000000000"
+     serviceprincipalkey = "00000000-0000-0000-0000-000000000000"
+   }
+}
+`, projectName, serviceEndpointName)
+}
diff --git a/azuredevops/internal/service/serviceendpoint/data_serviceendpoint_azurerm.go b/azuredevops/internal/service/serviceendpoint/data_serviceendpoint_azurerm.go
@@ -58,6 +58,11 @@ func DataServiceEndpointAzureRM() *schema.Resource {
 			Computed: true,
 		},
 
+		"server_url": {
+			Type:     schema.TypeString,
+			Computed: true,
+		},
+
 		"service_principal_id": {
 			Type:     schema.TypeString,
 			Computed: true,

diff --git a/azuredevops/internal/service/serviceendpoint/resource_serviceendpoint_azurerm.go b/azuredevops/internal/service/serviceendpoint/resource_serviceendpoint_azurerm.go
@@ -112,7 +112,7 @@ func ResourceServiceEndpointAzureRM() *schema.Resource {
 			ForceNew:     true,
 			Description:  "Environment (Azure Cloud type)",
 			Default:      "AzureCloud",
-			ValidateFunc: validation.StringInSlice([]string{"AzureCloud", "AzureChinaCloud", "AzureUSGovernment", "AzureGermanCloud"}, false),
+			ValidateFunc: validation.StringInSlice([]string{"AzureCloud", "AzureChinaCloud", "AzureUSGovernment", "AzureGermanCloud", "AzureStack"}, false),
 		},
 
 		"service_endpoint_authentication_scheme": {
@@ -124,6 +124,14 @@ func ResourceServiceEndpointAzureRM() *schema.Resource {
 			ValidateFunc: validation.StringInSlice([]string{"WorkloadIdentityFederation", "ManagedServiceIdentity", "ServicePrincipal"}, false),
 		},
 
+		"server_url": {
+			Type:         schema.TypeString,
+			Optional:     true,
+			Computed:     true,
+			ForceNew:     true,
+			ValidateFunc: validation.IsURLWithHTTPorHTTPS,
+		},
+
 		"workload_identity_federation_issuer": {
 			Type:        schema.TypeString,
 			Computed:    true,
@@ -406,6 +414,12 @@ func expandServiceEndpointAzureRM(d *schema.ResourceData) (*serviceendpoint.Serv
 		endpointUrl = "https://management.usgovcloudapi.net/"
 	case "AzureGermanCloud":
 		endpointUrl = "https://management.microsoftazure.de"
+	case "AzureStack":
+		if serverUrl, ok := d.GetOk("server_url"); ok {
+			endpointUrl = serverUrl.(string)
+		} else {
+			return nil, fmt.Errorf(" `server_url` is required when `environment` is `AzureStack`")
+		}
 	}
 
 	if scopeLevel == "Subscription" || scopeLevel == "ResourceGroup" {
@@ -454,6 +468,10 @@ func flattenServiceEndpointAzureRM(d *schema.ResourceData, serviceEndpoint *serv
 		}
 	}
 
+	if serviceEndpoint.Url != nil {
+		d.Set("server_url", serviceEndpoint.Url)
+	}
+
 	s := strings.SplitN(scope, "/", -1)
 	if len(s) == 5 {
 		d.Set("resource_group", s[4])

diff --git a/website/docs/d/serviceendpoint_azurerm.html.markdown b/website/docs/d/serviceendpoint_azurerm.html.markdown
@@ -62,16 +62,17 @@ The following arguments are supported:
 
 In addition to the Arguments list above - the following Attributes are exported:
 
-* `authorization` - Specifies the Authorization Scheme Map.
-* `azurerm_management_group_id` - Specified the Management Group ID of the Service Endpoint is target, if available.
-* `azurerm_management_group_name` - Specified the Management Group Name of the Service Endpoint target, if available.
-* `azurerm_subscription_id` - Specifies the Subscription ID of the Service Endpoint target, if available.
-* `azurerm_subscription_name` - Specifies the Subscription Name of the Service Endpoint target, if available.
-* `resource_group` - Specifies the Resource Group of the Service Endpoint target, if available.
-* `azurerm_spn_tenantid` - Specifies the Tenant ID of the Azure targets.
+* `authorization` - The Authorization Scheme Map.
+* `azurerm_management_group_id` - The Management Group ID of the Service Endpoint is target, if available.
+* `azurerm_management_group_name` - The Management Group Name of the Service Endpoint target, if available.
+* `azurerm_subscription_id` - The Subscription ID of the Service Endpoint target, if available.
+* `azurerm_subscription_name` - The Subscription Name of the Service Endpoint target, if available.
+* `resource_group` - The Resource Group of the Service Endpoint target, if available.
+* `azurerm_spn_tenantid` - The Tenant ID of the Azure targets.
 * `service_principal_id` - The Application(Client) ID of the Service Principal.
-* `description` - Specifies the description of the Service Endpoint.
-* `environment` - The Cloud Environment. Possible values are `AzureCloud`, `AzureChinaCloud`, `AzureUSGovernment`, and `AzureGermanCloud`.
-* `service_endpoint_authentication_scheme` - Specifies the authentication scheme of azurerm endpoint, either `WorkloadIdentityFederation`, `ManagedServiceIdentity` or `ServicePrincipal`. 
-* `workload_identity_federation_issuer` - The issuer if `service_endpoint_authentication_scheme` is set to `WorkloadIdentityFederation`. This looks like `https://vstoken.dev.azure.com/f66a4bc2-08ad-4ec0-a25e-e769d6b3b294`, where the GUID is the Organization ID of your Azure DevOps Organisation.
-* `workload_identity_federation_subject` - The subject if `service_endpoint_authentication_scheme` is set to `WorkloadIdentityFederation`. This looks like `sc://my-organisation/my-project/my-service-connection-name`.
+* `description` - The description of the Service Endpoint.
+* `server_url` - The server URL of the service Endpoint.
+* `environment` - The Cloud Environment.
+* `service_endpoint_authentication_scheme` - The authentication scheme of Azure Resource Management Endpoint 
+* `workload_identity_federation_issuer` - The issuer if `of the Workload Identity Federation Subject 
+* `workload_identity_federation_subject` - The subject of the Workload Identity Federation Subject.
diff --git a/website/docs/r/serviceendpoint_azurerm.html.markdown b/website/docs/r/serviceendpoint_azurerm.html.markdown
@@ -206,7 +206,8 @@ The following arguments are supported:
 - `azurerm_management_group_name` - (Optional) The Management group Name of the targets.
 - `azurerm_subscription_id` - (Optional) The Subscription ID of the Azure targets.
 - `azurerm_subscription_name` - (Optional) The Subscription Name of the targets.
-- `environment` - (Optional) The Cloud Environment to use. Defaults to `AzureCloud`. Possible values are `AzureCloud`, `AzureChinaCloud`, `AzureUSGovernment`, and `AzureGermanCloud`. Changing this forces a new resource to be created.
+- `environment` - (Optional) The Cloud Environment to use. Defaults to `AzureCloud`. Possible values are `AzureCloud`, `AzureChinaCloud`, `AzureUSGovernment`, `AzureGermanCloud` and `AzureStack`. Changing this forces a new resource to be created.
+- `server_url` - (Optional) The server URL of the service endpoint. Changing this forces a new resource to be created.
 
 ~> **NOTE:** One of either `Subscription` scoped i.e. `azurerm_subscription_id`, `azurerm_subscription_name` or `ManagementGroup` scoped i.e. `azurerm_management_group_id`, `azurerm_management_group_name` values must be specified.