diff options
| author | xuzhang3 <57888764+xuzhang3@users.noreply.github.com> | 2022-10-24 11:31:43 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-24 11:31:43 +0800 |
| commit | 844117dde2e7d1525f05ae969220681b0e337b47 (patch) | |
| tree | ca349fd630088a8b285b474c3a0eb67391d13e35 | |
| parent | b5aea479caeb462049e16a1944d24c19042f6d9d (diff) | |
| parent | dfd37365774c40078c642c3110c082a89255950f (diff) | |
Merge pull request #654 from xuzhang3/f/vg_kv_search
`azuredevops_variable_group` - support custom KV search depth
3 files changed, 21 insertions, 11 deletions
diff --git a/azuredevops/internal/acceptancetests/resource_variable_group_test.go b/azuredevops/internal/acceptancetests/resource_variable_group_test.go index 7a59adba..ed629403 100644 --- a/azuredevops/internal/acceptancetests/resource_variable_group_test.go +++ b/azuredevops/internal/acceptancetests/resource_variable_group_test.go @@ -90,10 +90,11 @@ func TestAccVariableGroupKeyVault_CreateAndUpdate(t *testing.T) { ), }, { // Resource Acceptance Testing https://www.terraform.io/docs/extend/resources/import.html#resource-acceptance-testing-implementation - ResourceName: tfVarGroupNode, - ImportStateIdFunc: testutils.ComputeProjectQualifiedResourceImportID(tfVarGroupNode), - ImportState: true, - ImportStateVerify: true, + ResourceName: tfVarGroupNode, + ImportStateIdFunc: testutils.ComputeProjectQualifiedResourceImportID(tfVarGroupNode), + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"key_vault.0.search_depth"}, }, }, }) diff --git a/azuredevops/internal/service/taskagent/resource_variable_group.go b/azuredevops/internal/service/taskagent/resource_variable_group.go index d523cb1d..8657b763 100644 --- a/azuredevops/internal/service/taskagent/resource_variable_group.go +++ b/azuredevops/internal/service/taskagent/resource_variable_group.go @@ -153,6 +153,11 @@ func ResourceVariableGroup() *schema.Resource { Required: true, ValidateFunc: validation.IsUUID, }, + "search_depth": { + Type: schema.TypeInt, + Optional: true, + Default: 20, + }, }, }, }, @@ -369,6 +374,7 @@ func expandVariableGroupParameters(clients *client.AggregatedClient, d *schema.R kvConfigures := keyVault[0].(map[string]interface{}) kvName := kvConfigures[vgName].(string) serviceEndpointID := kvConfigures[vgServiceEndpointID].(string) + depth := kvConfigures["search_depth"].(int) serviceEndpointUUID, err := uuid.Parse(serviceEndpointID) if err != nil { @@ -381,7 +387,7 @@ func expandVariableGroupParameters(clients *client.AggregatedClient, d *schema.R } variableGroup.Type = converter.String(azureKeyVaultType) - kvVariables, invalidVariables, err := searchAzureKVSecrets(clients, *projectID, kvName, serviceEndpointID, variables) + kvVariables, invalidVariables, err := searchAzureKVSecrets(clients, *projectID, kvName, serviceEndpointID, variables, depth) if err != nil { return nil, nil, err } @@ -523,6 +529,12 @@ func flattenKeyVault(d *schema.ResourceData, variableGroup *v5taskagent.Variable vgServiceEndpointID: providerData.ServiceEndpointId.String(), }} + keyVaultRaw := d.Get("key_vault").([]interface{}) + if len(keyVaultRaw) == 1 { + kvConfigures := keyVaultRaw[0].(map[string]interface{}) + keyVault[0]["search_depth"] = kvConfigures["search_depth"].(int) + } + return keyVault, nil } @@ -596,11 +608,7 @@ func flattenAllowAccess(d *schema.ResourceData, definitionResource *[]build.Defi d.Set(vgAllowAccess, allowAccess) } -func searchAzureKVSecrets(clients *client.AggregatedClient, projectID, kvName, serviceEndpointID string, variables []interface{}) (kvSecrets map[string]interface{}, invalidSecrets []string, error error) { - // in case for too many secrets in the KV(For example: 10000+ secrets), limit the iteration to 20 times, secrets more - // than this will not be fetched - // TODO custom ENV configuration for iteration times - +func searchAzureKVSecrets(clients *client.AggregatedClient, projectID, kvName, serviceEndpointID string, variables []interface{}, depth int) (kvSecrets map[string]interface{}, invalidSecrets []string, error error) { var token, loop, azkvSecretsRaw = "", 0, &KeyVaultSecretResult{} kvSecrets = make(map[string]interface{}) invalidSecrets = make([]string, 0) @@ -645,7 +653,7 @@ func searchAzureKVSecrets(clients *client.AggregatedClient, projectID, kvName, s } // stop search - if token == "" || loop == 20 || len(secretNames) == 0 { + if token == "" || loop == depth || len(secretNames) == 0 { for k := range secretNames { invalidSecrets = append(invalidSecrets, k) } diff --git a/website/docs/r/variable_group.html.markdown b/website/docs/r/variable_group.html.markdown index 58e09c48..018041a3 100644 --- a/website/docs/r/variable_group.html.markdown +++ b/website/docs/r/variable_group.html.markdown @@ -110,6 +110,7 @@ A `key_vault` block supports the following: - `name` - The name of the Azure key vault to link secrets from as variables. - `service_endpoint_id` - The id of the Azure subscription endpoint to access the key vault. +- `search_depth` - Set the Azure Key Vault Secret search depth. Defaults to `20`. ## Attributes Reference |