azurerm_batch_pool - Added support for identity_reference into `c…

…ontainer_registries` (#17416) Co-authored-by: Denis Kuzmenok <[email protected]>
hashicorp · Aug 17, 2022 · 6c7917a · 6c7917a
1 parent a7aa576
commit 6c7917a
Show file tree

Hide file tree

Showing 6 changed files with 132 additions and 15 deletions.
diff --git a/internal/services/batch/batch_pool.go b/internal/services/batch/batch_pool.go
@@ -7,6 +7,7 @@ import (
 	"strings"
 
 	"github.com/Azure/azure-sdk-for-go/services/batch/mgmt/2022-01-01/batch"
+	"github.com/hashicorp/go-azure-helpers/lang/pointer"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
 	"github.com/hashicorp/terraform-provider-azurerm/utils"
 )
@@ -252,15 +253,13 @@ func flattenBatchPoolContainerRegistry(d *pluginsdk.ResourceData, armContainerRe
 	}
 	if userName := armContainerRegistry.UserName; userName != nil {
 		result["user_name"] = *userName
+		// Locate the password only if user_name is defined
+		result["password"] = findBatchPoolContainerRegistryPassword(d, result["registry_server"].(string), result["user_name"].(string))
 	}
-
-	// If we didn't specify a registry server and user name, just return what we have now rather than trying to locate the password
-	if len(result) != 2 {
-		return result
+	if identity := armContainerRegistry.IdentityReference; identity != nil {
+		result["user_assigned_identity_id"] = identity.ResourceID
 	}
 
-	result["password"] = findBatchPoolContainerRegistryPassword(d, result["registry_server"].(string), result["user_name"].(string))
-
 	return result
 }
 
@@ -363,11 +362,23 @@ func expandBatchPoolContainerRegistry(ref map[string]interface{}) (*batch.Contai
 		return nil, fmt.Errorf("Error: container registry reference should be defined")
 	}
 
-	containerRegistry := batch.ContainerRegistry{
-		RegistryServer: utils.String(ref["registry_server"].(string)),
-		UserName:       utils.String(ref["user_name"].(string)),
-		Password:       utils.String(ref["password"].(string)),
+	containerRegistry := batch.ContainerRegistry{}
+
+	if v := ref["registry_server"]; v != nil && v != "" {
+		containerRegistry.RegistryServer = pointer.FromString(v.(string))
+	}
+	if v := ref["user_name"]; v != nil && v != "" {
+		containerRegistry.UserName = pointer.FromString(v.(string))
 	}
+	if v := ref["password"]; v != nil && v != "" {
+		containerRegistry.Password = pointer.FromString(v.(string))
+	}
+	if v := ref["user_assigned_identity_id"]; v != nil && v != "" {
+		containerRegistry.IdentityReference = &batch.ComputeNodeIdentityReference{
+			ResourceID: pointer.FromString(v.(string)),
+		}
+	}
+
 	return &containerRegistry, nil
 }
 

diff --git a/internal/services/batch/batch_pool_data_source.go b/internal/services/batch/batch_pool_data_source.go
@@ -144,6 +144,10 @@ func dataSourceBatchPool() *pluginsdk.Resource {
 										Type:     pluginsdk.TypeString,
 										Computed: true,
 									},
+									"user_assigned_identity_id": {
+										Type:     pluginsdk.TypeString,
+										Computed: true,
+									},
 									"user_name": {
 										Type:     pluginsdk.TypeString,
 										Computed: true,

diff --git a/internal/services/batch/batch_pool_resource.go b/internal/services/batch/batch_pool_resource.go
@@ -10,6 +10,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/services/batch/mgmt/2022-01-01/batch"
 	"github.com/hashicorp/go-azure-helpers/lang/response"
+	"github.com/hashicorp/go-azure-helpers/resourcemanager/commonids"
 	"github.com/hashicorp/go-azure-helpers/resourcemanager/commonschema"
 	"github.com/hashicorp/go-azure-helpers/resourcemanager/identity"
 	"github.com/hashicorp/terraform-provider-azurerm/helpers/azure"
@@ -159,15 +160,22 @@ func resourceBatchPool() *pluginsdk.Resource {
 										ForceNew:     true,
 										ValidateFunc: validation.StringIsNotEmpty,
 									},
+									"user_assigned_identity_id": {
+										Type:         pluginsdk.TypeString,
+										Optional:     true,
+										ForceNew:     true,
+										ValidateFunc: commonids.ValidateUserAssignedIdentityID,
+										Description:  "The User Assigned Identity to use for Container Registry access.",
+									},
 									"user_name": {
 										Type:         pluginsdk.TypeString,
-										Required:     true,
+										Optional:     true,
 										ForceNew:     true,
 										ValidateFunc: validation.StringIsNotEmpty,
 									},
 									"password": {
 										Type:         pluginsdk.TypeString,
-										Required:     true,
+										Optional:     true,
 										ForceNew:     true,
 										Sensitive:    true,
 										ValidateFunc: validation.StringIsNotEmpty,

diff --git a/internal/services/batch/batch_pool_resource_test.go b/internal/services/batch/batch_pool_resource_test.go
@@ -334,13 +334,13 @@ func TestAccBatchPool_validateResourceFileWithoutSource(t *testing.T) {
 	})
 }
 
-func TestAccBatchPool_container(t *testing.T) {
+func TestAccBatchPool_containerWithUser(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azurerm_batch_pool", "test")
 	r := BatchPoolResource{}
 
 	data.ResourceTest(t, r, []acceptance.TestStep{
 		{
-			Config: r.containerConfiguration(data),
+			Config: r.containerConfigurationWithRegistryUser(data),
 			Check: acceptance.ComposeTestCheckFunc(
 				check.That(data.ResourceName).ExistsInAzure(r),
 				check.That(data.ResourceName).Key("container_configuration.0.type").HasValue("DockerCompatible"),
@@ -349,6 +349,7 @@ func TestAccBatchPool_container(t *testing.T) {
 				check.That(data.ResourceName).Key("container_configuration.0.container_registries.0.registry_server").HasValue("myContainerRegistry.azurecr.io"),
 				check.That(data.ResourceName).Key("container_configuration.0.container_registries.0.user_name").HasValue("myUserName"),
 				check.That(data.ResourceName).Key("container_configuration.0.container_registries.0.password").HasValue("myPassword"),
+				check.That(data.ResourceName).Key("container_configuration.0.container_registries.0.user_assigned_identity_id").IsEmpty(),
 			),
 		},
 		data.ImportStep(
@@ -358,6 +359,29 @@ func TestAccBatchPool_container(t *testing.T) {
 	})
 }
 
+func TestAccBatchPool_containerWithUAMI(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_batch_pool", "test")
+	r := BatchPoolResource{}
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.containerConfigurationWithRegistryUAMI(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+				check.That(data.ResourceName).Key("container_configuration.0.type").HasValue("DockerCompatible"),
+				check.That(data.ResourceName).Key("container_configuration.0.container_image_names.#").HasValue("1"),
+				check.That(data.ResourceName).Key("container_configuration.0.container_registries.#").HasValue("1"),
+				check.That(data.ResourceName).Key("container_configuration.0.container_registries.0.registry_server").HasValue("myContainerRegistry.azurecr.io"),
+				check.That(data.ResourceName).Key("container_configuration.0.container_registries.0.user_name").IsEmpty(),
+				check.That(data.ResourceName).Key("container_configuration.0.container_registries.0.user_assigned_identity_id").IsSet(),
+			),
+		},
+		data.ImportStep(
+			"stop_pending_resize_operation",
+		),
+	})
+}
+
 func TestAccBatchPool_validateResourceFileWithMultipleSources(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azurerm_batch_pool", "test")
 	r := BatchPoolResource{}
@@ -1268,7 +1292,7 @@ resource "azurerm_batch_pool" "test" {
 `, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomString)
 }
 
-func (BatchPoolResource) containerConfiguration(data acceptance.TestData) string {
+func (BatchPoolResource) containerConfigurationWithRegistryUser(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 provider "azurerm" {
   features {}
@@ -1323,6 +1347,73 @@ resource "azurerm_batch_pool" "test" {
 `, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomString, data.RandomString)
 }
 
+func (BatchPoolResource) containerConfigurationWithRegistryUAMI(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "testaccbatch%d"
+  location = "%s"
+}
+
+resource "azurerm_user_assigned_identity" "test" {
+  resource_group_name = azurerm_resource_group.test.name
+  location            = azurerm_resource_group.test.location
+  name                = "testaccuami%d"
+}
+
+resource "azurerm_container_registry" "test" {
+  name                = "testregistry%s"
+  resource_group_name = azurerm_resource_group.test.name
+  location            = azurerm_resource_group.test.location
+  sku                 = "Basic"
+
+  identity {
+    type = "UserAssigned"
+    identity_ids = [
+      azurerm_user_assigned_identity.test.id
+    ]
+  }
+}
+
+resource "azurerm_batch_account" "test" {
+  name                = "testaccbatch%s"
+  resource_group_name = azurerm_resource_group.test.name
+  location            = azurerm_resource_group.test.location
+}
+
+resource "azurerm_batch_pool" "test" {
+  name                = "testaccpool%s"
+  resource_group_name = azurerm_resource_group.test.name
+  account_name        = azurerm_batch_account.test.name
+  node_agent_sku_id   = "batch.node.ubuntu 20.04"
+  vm_size             = "Standard_A1"
+
+  fixed_scale {
+    target_dedicated_nodes = 1
+  }
+
+  storage_image_reference {
+    publisher = "microsoft-azure-batch"
+    offer     = "ubuntu-server-container"
+    sku       = "20-04-lts"
+    version   = "latest"
+  }
+
+  container_configuration {
+    type                  = "DockerCompatible"
+    container_image_names = ["centos7"]
+    container_registries {
+      registry_server           = "myContainerRegistry.azurecr.io"
+      user_assigned_identity_id = azurerm_user_assigned_identity.test.id
+    }
+  }
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomString, data.RandomString, data.RandomString)
+}
+
 func (BatchPoolResource) customImageConfiguration(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 provider "azurerm" {

diff --git a/website/docs/d/batch_pool.html.markdown b/website/docs/d/batch_pool.html.markdown
@@ -151,6 +151,8 @@ A `container_registries` block exports the following:
 
 * `password` - The password to log into the registry server.
 
+* `user_assigned_identity_id` - The reference to the user assigned identity to use to access an Azure Container Registry instead of username and password.
+
 ---
 
 A `network_configuration` block exports the following:

diff --git a/website/docs/r/batch_pool.html.markdown b/website/docs/r/batch_pool.html.markdown
@@ -281,6 +281,7 @@ A `container_registries` block supports the following:
 
 * `password` - (Optional) The password to log into the registry server. Changing this forces a new resource to be created.
 
+* `user_assigned_identity_id` - (Optional) The reference to the user assigned identity to use to access an Azure Container Registry instead of username and password. Changing this forces a new resource to be created.
 ---
 
 A `network_configuration` block supports the following:
-Original file line number
+Diff line change
@@ Expand Up / @@ -151,6 +151,8 @@ A `container_registries` block exports the following: @@
     * `password` - The password to log into the registry server.
+    * `user_assigned_identity_id` - The reference to the user assigned identity to use to access an Azure Container Registry instead of username and password.
     ---
     A `network_configuration` block exports the following:
@@ Expand Down @@