Feat: add new OIDC credentials creation and assigment (Azure Resource) (

#769)
env0 · Dec 17, 2023 · cec07ec · cec07ec
1 parent 10c00bb
commit cec07ec
Show file tree

Hide file tree

Showing 8 changed files with 369 additions and 10 deletions.
diff --git a/client/cloud_credentials.go b/client/cloud_credentials.go
@@ -96,14 +96,15 @@ func (c *AzureCredentialsCreatePayload) SetOrganizationId(organizationId string)
 }
 
 const (
-	GoogleCostCredentialsType            GcpCredentialsType   = "GCP_CREDENTIALS"
-	AzureCostCredentialsType             AzureCredentialsType = "AZURE_CREDENTIALS"
 	AwsCostCredentialsType               AwsCredentialsType   = "AWS_ASSUMED_ROLE"
 	AwsAssumedRoleCredentialsType        AwsCredentialsType   = "AWS_ASSUMED_ROLE_FOR_DEPLOYMENT"
 	AwsAccessKeysCredentialsType         AwsCredentialsType   = "AWS_ACCESS_KEYS_FOR_DEPLOYMENT"
 	AwsOidcCredentialsType               AwsCredentialsType   = "AWS_OIDC"
+	GoogleCostCredentialsType            GcpCredentialsType   = "GCP_CREDENTIALS"
 	GcpServiceAccountCredentialsType     GcpCredentialsType   = "GCP_SERVICE_ACCOUNT_FOR_DEPLOYMENT"
+	AzureCostCredentialsType             AzureCredentialsType = "AZURE_CREDENTIALS"
 	AzureServicePrincipalCredentialsType AzureCredentialsType = "AZURE_SERVICE_PRINCIPAL_FOR_DEPLOYMENT"
+	AzureOidcCredentialsType             AzureCredentialsType = "AZURE_OIDC"
 )
 
 func (client *ApiClient) CloudCredentials(id string) (Credentials, error) {

diff --git a/env0/credentials.go b/env0/credentials.go
@@ -15,23 +15,25 @@ import (
 type CloudType string
 
 const (
-	GCP_TYPE        CloudType = "gcp"
-	AZURE_TYPE      CloudType = "azure"
 	AWS_TYPE        CloudType = "aws"
-	GCP_COST_TYPE   CloudType = "google_cost"
-	AZURE_COST_TYPE CloudType = "azure_cost"
 	AWS_COST_TYPE   CloudType = "aws_cost"
 	AWS_OIDC_TYPE   CloudType = "aws_oidc"
+	AZURE_TYPE      CloudType = "azure"
+	AZURE_COST_TYPE CloudType = "azure_cost"
+	AZURE_OIDC_TYPE CloudType = "azure_oidc"
+	GCP_TYPE        CloudType = "gcp"
+	GCP_COST_TYPE   CloudType = "google_cost"
 )
 
 var credentialsTypeToPrefixList map[CloudType][]string = map[CloudType][]string{
-	GCP_TYPE:        {string(client.GcpServiceAccountCredentialsType)},
-	AZURE_TYPE:      {string(client.AzureServicePrincipalCredentialsType)},
 	AWS_TYPE:        {string(client.AwsAssumedRoleCredentialsType), string(client.AwsAccessKeysCredentialsType)},
-	GCP_COST_TYPE:   {string(client.GoogleCostCredentialsType)},
-	AZURE_COST_TYPE: {string(client.AzureCostCredentialsType)},
 	AWS_COST_TYPE:   {string(client.AwsCostCredentialsType)},
 	AWS_OIDC_TYPE:   {string(client.AwsOidcCredentialsType)},
+	AZURE_TYPE:      {string(client.AzureServicePrincipalCredentialsType)},
+	AZURE_COST_TYPE: {string(client.AzureCostCredentialsType)},
+	AZURE_OIDC_TYPE: {string(client.AzureOidcCredentialsType)},
+	GCP_TYPE:        {string(client.GcpServiceAccountCredentialsType)},
+	GCP_COST_TYPE:   {string(client.GoogleCostCredentialsType)},
 }
 
 func getCredentialsByName(name string, prefixList []string, meta interface{}) (client.Credentials, error) {

diff --git a/env0/provider.go b/env0/provider.go
@@ -104,6 +104,7 @@ func Provider(version string) plugin.ProviderFunc {
 				"env0_aws_oidc_credentials":                 resourceAwsOidcCredentials(),
 				"env0_aws_cost_credentials":                 resourceCostCredentials("aws"),
 				"env0_azure_cost_credentials":               resourceCostCredentials("azure"),
+				"env0_azure_oidc_credentials":               resourceAzureOidcCredentials(),
 				"env0_gcp_cost_credentials":                 resourceCostCredentials("google"),
 				"env0_gcp_credentials":                      resourceGcpCredentials(),
 				"env0_azure_credentials":                    resourceAzureCredentials(),

diff --git a/env0/resource_azure_oidc_credentials.go b/env0/resource_azure_oidc_credentials.go
@@ -0,0 +1,99 @@
+package env0
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/env0/terraform-provider-env0/client"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func resourceAzureOidcCredentials() *schema.Resource {
+	return &schema.Resource{
+		CreateContext: resourceAzureOidcCredentialsCreate,
+		UpdateContext: resourceAzureOidcCredentialsUpdate,
+		ReadContext:   resourceCredentialsRead(AZURE_OIDC_TYPE),
+		DeleteContext: resourceCredentialsDelete,
+
+		Importer: &schema.ResourceImporter{StateContext: resourceCredentialsImport(AZURE_OIDC_TYPE)},
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:        schema.TypeString,
+				Description: "name for the oidc credentials",
+				Required:    true,
+				ForceNew:    true,
+			},
+			"subscription_id": {
+				Type:        schema.TypeString,
+				Description: "the azure subscription id",
+				Required:    true,
+			},
+			"tenant_id": {
+				Type:        schema.TypeString,
+				Description: "the azure tenant id",
+				Required:    true,
+			},
+			"client_id": {
+				Type:        schema.TypeString,
+				Description: "the azure client id",
+				Required:    true,
+			},
+		},
+	}
+}
+
+func azureOidcCredentialsGetValue(d *schema.ResourceData) (client.AzureCredentialsValuePayload, error) {
+	value := client.AzureCredentialsValuePayload{}
+
+	if err := readResourceData(&value, d); err != nil {
+		return value, fmt.Errorf("schema resource data deserialization failed: %w", err)
+	}
+
+	return value, nil
+}
+
+func resourceAzureOidcCredentialsCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	apiClient := meta.(client.ApiClientInterface)
+
+	value, err := azureOidcCredentialsGetValue(d)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	request := client.AzureCredentialsCreatePayload{
+		Name:  d.Get("name").(string),
+		Value: value,
+		Type:  client.AzureOidcCredentialsType,
+	}
+
+	credentials, err := apiClient.CredentialsCreate(&request)
+	if err != nil {
+		return diag.Errorf("could not create azure oidc credentials: %v", err)
+	}
+
+	d.SetId(credentials.Id)
+
+	return nil
+}
+
+func resourceAzureOidcCredentialsUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	apiClient := meta.(client.ApiClientInterface)
+
+	value, err := azureOidcCredentialsGetValue(d)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	request := client.AzureCredentialsCreatePayload{
+		Value: value,
+		Type:  client.AzureOidcCredentialsType,
+	}
+
+	if _, err := apiClient.CredentialsUpdate(d.Id(), &request); err != nil {
+		return diag.Errorf("could not update azure oidc credentials: %s %v", d.Id(), err)
+	}
+
+	return nil
+}