streamanalytics: support for User Assigned Identities and updating hashicorp/go-azure-sdk to v0.20240201.1064937

go.mod

@@ -17,8 +17,8 @@ require (
 	github.com/google/go-cmp v0.5.9
 	github.com/google/uuid v1.3.1
 	github.com/hashicorp/go-azure-helpers v0.66.1
-	github.com/hashicorp/go-azure-sdk/resource-manager v0.20240131.1125554
-	github.com/hashicorp/go-azure-sdk/sdk v0.20240131.1125554
+	github.com/hashicorp/go-azure-sdk/resource-manager v0.20240201.1064937
+	github.com/hashicorp/go-azure-sdk/sdk v0.20240201.1064937
 	github.com/hashicorp/go-hclog v1.5.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-uuid v1.0.3

go.sum

@@ -115,10 +115,10 @@ github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brv
 github.com/hashicorp/go-azure-helpers v0.12.0/go.mod h1:Zc3v4DNeX6PDdy7NljlYpnrdac1++qNW0I4U+ofGwpg=
 github.com/hashicorp/go-azure-helpers v0.66.1 h1:SokAckK9hvQ9PZO2TmZY/CGru8KWJ4A7hcRUggHMEus=
 github.com/hashicorp/go-azure-helpers v0.66.1/go.mod h1:kJxXrFtJKJdOEqvad8pllAe7dhP4DbN8J6sqFZe47+4=
-github.com/hashicorp/go-azure-sdk/resource-manager v0.20240131.1125554 h1:/7fZEzrIks7a5K6506HnaGuknqddhsM5Om9q8bQQlGQ=
-github.com/hashicorp/go-azure-sdk/resource-manager v0.20240131.1125554/go.mod h1:++kfrtzJigPsDMjmdJwnUNq5TG2eU4aZkHSDpaigUQ0=
-github.com/hashicorp/go-azure-sdk/sdk v0.20240131.1125554 h1:3A9SB0jxS12NAjTs3k6jTBbncxCzUHjx/R+s+n0JFrU=
-github.com/hashicorp/go-azure-sdk/sdk v0.20240131.1125554/go.mod h1:6jgkzx26qtPndLSW5u7pKIw4m3iiFiLnHlp7yDQ2Crc=
+github.com/hashicorp/go-azure-sdk/resource-manager v0.20240201.1064937 h1:0Qsxoi+3HFoZfWfcXFUKlWbbk2SiYdbb+FyRrMcrY1c=
+github.com/hashicorp/go-azure-sdk/resource-manager v0.20240201.1064937/go.mod h1:tWvx1elhgqkBLrnieHoGYzw253uFkybKTbXLfSMeJy8=
+github.com/hashicorp/go-azure-sdk/sdk v0.20240201.1064937 h1:lb3ePovn8wlLdemYrT4MJFrWuzXKHiwDXvdcpeWlqPw=
+github.com/hashicorp/go-azure-sdk/sdk v0.20240201.1064937/go.mod h1:6jgkzx26qtPndLSW5u7pKIw4m3iiFiLnHlp7yDQ2Crc=
 github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU=
 github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg=
 github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=

internal/services/streamanalytics/stream_analytics_job_data_source.go

@@ -10,6 +10,7 @@ import (
 	"github.com/hashicorp/go-azure-helpers/lang/pointer"
 	"github.com/hashicorp/go-azure-helpers/lang/response"
 	"github.com/hashicorp/go-azure-helpers/resourcemanager/commonschema"
+	"github.com/hashicorp/go-azure-helpers/resourcemanager/identity"
 	"github.com/hashicorp/go-azure-helpers/resourcemanager/location"
 	"github.com/hashicorp/go-azure-sdk/resource-manager/streamanalytics/2021-10-01-preview/streamingjobs"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
@@ -65,7 +66,7 @@ func dataSourceStreamAnalyticsJob() *pluginsdk.Resource {
 				Computed: true,
 			},
 
-			"identity": commonschema.SystemAssignedIdentityComputed(),
+			"identity": commonschema.SystemOrUserAssignedIdentityComputed(),
 
 			"last_output_time": {
 				Type:     pluginsdk.TypeString,
@@ -131,7 +132,11 @@ func dataSourceStreamAnalyticsJobRead(d *pluginsdk.ResourceData, meta interface{
 
 	if model := resp.Model; model != nil {
 		d.Set("location", location.NormalizeNilable(model.Location))
-		if err := d.Set("identity", flattenJobIdentity(model.Identity)); err != nil {
+		flattenedIdentity, err := identity.FlattenSystemOrUserAssignedMap(model.Identity)
+		if err != nil {
+			return fmt.Errorf("flattening `identity`: %v", err)
+		}
+		if err := d.Set("identity", flattenedIdentity); err != nil {
 			return fmt.Errorf("setting `identity`: %v", err)
 		}
 

internal/services/streamanalytics/stream_analytics_job_data_source_test.go

@@ -72,7 +72,7 @@ data "azurerm_stream_analytics_job" "test" {
 }
 
 func (d StreamAnalyticsJobDataSource) identity(data acceptance.TestData) string {
-	config := StreamAnalyticsJobResource{}.identity(data)
+	config := StreamAnalyticsJobResource{}.identitySystemAssigned(data)
 	return fmt.Sprintf(`
 %s
 

internal/services/streamanalytics/stream_analytics_job_resource.go

@@ -188,7 +188,7 @@ func resourceStreamAnalyticsJob() *pluginsdk.Resource {
 				ValidateFunc: validation.StringIsNotEmpty,
 			},
 
-			"identity": commonschema.SystemAssignedIdentityOptional(),
+			"identity": commonschema.SystemOrUserAssignedIdentityOptional(),
 
 			"job_id": {
 				Type:     pluginsdk.TypeString,
@@ -261,11 +261,6 @@ func resourceStreamAnalyticsJobCreateUpdate(d *pluginsdk.ResourceData, meta inte
 		}
 	}
 
-	expandedIdentity, err := expandStreamAnalyticsJobIdentity(d.Get("identity").([]interface{}))
-	if err != nil {
-		return fmt.Errorf("expanding `identity`: %+v", err)
-	}
-
 	props := streamingjobs.StreamingJob{
 		Name:     utils.String(id.StreamingJobName),
 		Location: utils.String(azure.NormalizeLocation(d.Get("location").(string))),
@@ -280,9 +275,26 @@ func resourceStreamAnalyticsJobCreateUpdate(d *pluginsdk.ResourceData, meta inte
 			OutputErrorPolicy:                  pointer.To(streamingjobs.OutputErrorPolicy(d.Get("output_error_policy").(string))),
 			JobType:                            pointer.To(streamingjobs.JobType(jobType)),
 		},
-		Identity: expandedIdentity,
-		Tags:     tags.Expand(d.Get("tags").(map[string]interface{})),
+		Tags: tags.Expand(d.Get("tags").(map[string]interface{})),
+	}
+
+	expandedIdentity, err := identity.ExpandSystemOrUserAssignedMap(d.Get("identity").([]interface{}))
+	if err != nil {
+		return fmt.Errorf("expanding `identity`: %+v", err)
+	}
+	if expandedIdentity.Type == identity.TypeNone {
+		// The StreamAnalytics API doesn't implement the standard `None` pattern - meaning that sending `None` outputs
+		// an API error. This conditional is required to support this, else the API returns:
+		//
+		// >  Code="BadRequest" Message="The JSON provided in the request body is invalid. Cannot convert value 'None'
+		// > to type 'System.Nullable`1[Microsoft.Streaming.Service.Contracts.CSMResourceProvider.IdentityType]"
+		// > Details=[{"code":"400","correlationId":"dcdbdcfa-fe38-66f8-3aa3-36950bab0a28","message":"The JSON provided in the request body is invalid.
+		// > Cannot convert value 'None' to type 'System.Nullable`1[Microsoft.Streaming.Service.Contracts.CSMResourceProvider.IdentityType]"
+		//
+		// Tracked in https://github.com/Azure/azure-rest-api-specs/issues/17649
+		expandedIdentity = nil
 	}
+	props.Identity = expandedIdentity
 
 	if _, ok := d.GetOk("compatibility_level"); ok {
 		compatibilityLevel := d.Get("compatibility_level").(string)
@@ -394,9 +406,14 @@ func resourceStreamAnalyticsJobRead(d *pluginsdk.ResourceData, meta interface{})
 	if model := resp.Model; model != nil {
 		d.Set("location", location.NormalizeNilable(model.Location))
 
-		if err := d.Set("identity", flattenJobIdentity(model.Identity)); err != nil {
+		flattenedIdentity, err := identity.FlattenSystemOrUserAssignedMap(model.Identity)
+		if err != nil {
+			return fmt.Errorf("flattening `identity`: %v", err)
+		}
+		if err := d.Set("identity", flattenedIdentity); err != nil {
 			return fmt.Errorf("setting `identity`: %v", err)
 		}
+
 		if props := model.Properties; props != nil {
 			compatibilityLevel := ""
 			if v := props.CompatibilityLevel; v != nil {
@@ -502,55 +519,6 @@ func resourceStreamAnalyticsJobDelete(d *pluginsdk.ResourceData, meta interface{
 	return nil
 }
 
-func expandStreamAnalyticsJobIdentity(input []interface{}) (*streamingjobs.Identity, error) {
-	expanded, err := identity.ExpandSystemAssigned(input)
-	if err != nil {
-		return nil, err
-	}
-
-	// Otherwise we get:
-	//   Code="BadRequest"
-	//   Message="The JSON provided in the request body is invalid. Cannot convert value 'None' to
-	//   type 'System.Nullable`1[Microsoft.Streaming.Service.Contracts.CSMResourceProvider.IdentityType]"
-	// Upstream issue: https://github.com/Azure/azure-rest-api-specs/issues/17649
-	if expanded.Type == identity.TypeNone {
-		return nil, nil
-	}
-
-	return &streamingjobs.Identity{
-		Type: utils.String(string(expanded.Type)),
-	}, nil
-}
-
-func flattenJobIdentity(identity *streamingjobs.Identity) []interface{} {
-	if identity == nil {
-		return nil
-	}
-
-	var t string
-	if identity.Type != nil {
-		t = *identity.Type
-	}
-
-	var tenantId string
-	if identity.TenantId != nil {
-		tenantId = *identity.TenantId
-	}
-
-	var principalId string
-	if identity.PrincipalId != nil {
-		principalId = *identity.PrincipalId
-	}
-
-	return []interface{}{
-		map[string]interface{}{
-			"type":         t,
-			"tenant_id":    tenantId,
-			"principal_id": principalId,
-		},
-	}
-}
-
 func expandJobStorageAccount(input []interface{}) *streamingjobs.JobStorageAccount {
 	if input == nil {
 		return nil

internal/services/streamanalytics/stream_analytics_job_resource_test.go

@@ -90,13 +90,13 @@ func TestAccStreamAnalyticsJob_update(t *testing.T) {
 	})
 }
 
-func TestAccStreamAnalyticsJob_identity(t *testing.T) {
+func TestAccStreamAnalyticsJob_identitySystemAssigned(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azurerm_stream_analytics_job", "test")
 	r := StreamAnalyticsJobResource{}
 
 	data.ResourceSequentialTest(t, r, []acceptance.TestStep{
 		{
-			Config: r.identity(data),
+			Config: r.identitySystemAssigned(data),
 			Check: acceptance.ComposeTestCheckFunc(
 				check.That(data.ResourceName).ExistsInAzure(r),
 				check.That(data.ResourceName).Key("identity.0.tenant_id").Exists(),
@@ -107,6 +107,23 @@ func TestAccStreamAnalyticsJob_identity(t *testing.T) {
 	})
 }
 
+func TestAccStreamAnalyticsJob_identityUserAssigned(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_stream_analytics_job", "test")
+	r := StreamAnalyticsJobResource{}
+
+	data.ResourceSequentialTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.identityUserAssigned(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+				check.That(data.ResourceName).Key("identity.0.tenant_id").IsEmpty(),
+				check.That(data.ResourceName).Key("identity.0.principal_id").IsEmpty(),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
 func TestAccStreamAnalyticsJob_jobTypeCloud(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azurerm_stream_analytics_job", "test")
 	r := StreamAnalyticsJobResource{}
@@ -325,7 +342,7 @@ QUERY
 `, data.RandomInteger, data.Locations.Primary, data.RandomInteger)
 }
 
-func (r StreamAnalyticsJobResource) identity(data acceptance.TestData) string {
+func (r StreamAnalyticsJobResource) identitySystemAssigned(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 provider "azurerm" {
   features {}
@@ -355,6 +372,43 @@ QUERY
 `, data.RandomInteger, data.Locations.Primary, data.RandomInteger)
 }
 
+func (r StreamAnalyticsJobResource) identityUserAssigned(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-%d"
+  location = "%s"
+}
+
+resource "azurerm_user_assigned_identity" "test" {
+  name                = "acctestuai-%d"
+  resource_group_name = azurerm_resource_group.test.name
+  location            = azurerm_resource_group.test.location
+}
+
+resource "azurerm_stream_analytics_job" "test" {
+  name                = "acctestjob-%d"
+  resource_group_name = azurerm_resource_group.test.name
+  location            = azurerm_resource_group.test.location
+  streaming_units     = 3
+
+  transformation_query = <<QUERY
+    SELECT *
+    INTO [YourOutputAlias]
+    FROM [YourInputAlias]
+QUERY
+
+  identity {
+    type         = "UserAssigned"
+    identity_ids = [azurerm_user_assigned_identity.test.id]
+  }
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger)
+}
+
 func (r StreamAnalyticsJobResource) jobTypeCloud(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 provider "azurerm" {

vendor/modules.txt

@@ -154,7 +154,7 @@ github.com/hashicorp/go-azure-helpers/resourcemanager/tags
 github.com/hashicorp/go-azure-helpers/resourcemanager/zones
 github.com/hashicorp/go-azure-helpers/sender
 github.com/hashicorp/go-azure-helpers/storage
-# github.com/hashicorp/go-azure-sdk/resource-manager v0.20240131.1125554
+# github.com/hashicorp/go-azure-sdk/resource-manager v0.20240201.1064937
 ## explicit; go 1.21
 github.com/hashicorp/go-azure-sdk/resource-manager/aad/2021-05-01/domainservices
 github.com/hashicorp/go-azure-sdk/resource-manager/aadb2c/2021-04-01-preview
@@ -1035,7 +1035,7 @@ github.com/hashicorp/go-azure-sdk/resource-manager/web/2023-01-01/resourceprovid
 github.com/hashicorp/go-azure-sdk/resource-manager/web/2023-01-01/webapps
 github.com/hashicorp/go-azure-sdk/resource-manager/webpubsub/2023-02-01
 github.com/hashicorp/go-azure-sdk/resource-manager/webpubsub/2023-02-01/webpubsub
-# github.com/hashicorp/go-azure-sdk/sdk v0.20240131.1125554
+# github.com/hashicorp/go-azure-sdk/sdk v0.20240201.1064937
 ## explicit; go 1.21
 github.com/hashicorp/go-azure-sdk/sdk/auth
 github.com/hashicorp/go-azure-sdk/sdk/auth/autorest

website/docs/d/stream_analytics_job.html.markdown

@@ -68,6 +68,8 @@ output "job_id" {
 
 An `identity` block exports the following:
 
+* `identity_ids` - A list of User Assigned Managed Identity IDs assigned to this resource.
+
 * `principal_id` - The Principal ID associated with this Managed Service Identity.
 
 * `tenant_id` - The Tenant ID associated with this Managed Service Identity.