refactor: identity id (#24)

* refactor: identity id

* feat: add user assigned identities for environment testing

* fix: update Managed Identity assertions

* fix: update managed identity assertions

* refactor: update managed identity assignment in main.tf

* feat: update managed identity assignment and assertions

CHANGELOG.md

@@ -16,13 +16,13 @@ ENHANCEMENTS:
 
 FEATURES:
 
-* **New Parameter**: `firewall_policy_id`
-* **New Parameter**: `capacity`
 * **New Parameter**: `zones`
 * **New Parameter**: `sku_name`
 * **New Parameter**: `enable_http2`
-* **New Parameter**: `backend_address_pool.fqdns`
+* **New Parameter**: `firewall_policy_id`
+* **New Parameter**: `capacity`
 * **New Parameter**: `frontend_ip_configuration.subnet_id`
+* **New Parameter**: `backend_address_pool.fqdns`
 
 DEPRECATIONS:
 

README.md

@@ -30,6 +30,7 @@ The following parameters are supported:
 |firewall\_policy\_id|The ID of the Firewall Policy to associate with the Application Gateway.|`string`|`null`|no|
 |capacity|The capacity (number of instances) of the Application Gateway. Possible values are between `1` and `125`.|`number`|`null`|no|
 |autoscale\_configuration|A mapping with the autoscale configuration of the application gateway.|`object({})`|`null`|no|
+|identity\_id|The ID of the Managed Identity to associate with the Application Gateway.|`string`|`null`|no|
 |subnet\_id|The ID of the Subnet which the Application Gateway should be connected to.|`string`|n/a|yes|
 |frontend\_ip\_configuration|A mapping the front ip configuration.|`object({})`|n/a|yes|
 |backend\_address\_pools|List of objects that represent the configuration of each backend address pool.|`list(object({}))`|n/a|yes|

main.tf

@@ -22,6 +22,15 @@ resource "azurerm_application_gateway" "main" {
     }
   }
 
+  dynamic "identity" {
+    for_each = var.identity_id != null ? [""] : []
+
+    content {
+      type         = "UserAssigned"
+      identity_ids = [var.identity_id]
+    }
+  }
+
   gateway_ip_configuration {
     name      = "GatewayIpConfiguration"
     subnet_id = var.subnet_id
@@ -63,15 +72,6 @@ resource "azurerm_application_gateway" "main" {
     port = 443
   }
 
-  # dynamic "identity" {
-  #   for_each = var.identity_id != null ? [""] : []
-
-  #   content {
-  #     type         = "UserAssigned"
-  #     identity_ids = [var.identity_id]
-  #   }
-  # }
-
   # dynamic "ssl_certificate" {
   #   for_each = var.ssl_certificates
 

tests/environment/main.tf

@@ -46,3 +46,10 @@ resource "azurerm_public_ip" "pip" {
   allocation_method   = "Static"
   sku                 = "Standard"
 }
+
+resource "azurerm_user_assigned_identity" "id" {
+  name                = "${local.workspace_id}1"
+  resource_group_name = azurerm_resource_group.rg.name
+  location            = azurerm_resource_group.rg.location
+  tags                = azurerm_resource_group.rg.tags
+}

tests/environment/outputs.tf

@@ -33,3 +33,7 @@ output "subnet_address_prefix" {
 output "public_ip_id" {
   value = azurerm_public_ip.pip.id
 }
+
+output "managed_identity_id" {
+  value = azurerm_user_assigned_identity.id.id
+}

tests/testing.tftest.hcl

@@ -65,6 +65,7 @@ run "plan" {
     location            = run.setup.resource_group_location
     tags                = run.setup.resource_group_tags
     firewall_policy_id  = run.setup.firewall_policy_id
+    identity_id         = run.setup.managed_identity_id
     subnet_id           = run.setup.subnet_id
     frontend_ip_configuration = {
       subnet_id                     = run.setup.subnet_id
@@ -172,6 +173,23 @@ run "plan" {
     condition     = azurerm_application_gateway.main.frontend_ip_configuration[1].private_ip_address == cidrhost(run.setup.subnet_address_prefix, 10)
     error_message = "The name of the second Frontend IP Configuration is not as expected."
   }
+
+  #region Managed Identity
+
+  assert {
+    condition     = length(azurerm_application_gateway.main.identity[0].identity_ids) == 1
+    error_message = "The number of Managed Identities is not as expected."
+  }
+
+  assert {
+    condition     = azurerm_application_gateway.main.identity[0].type == "UserAssigned"
+    error_message = "The Managed Identity type is not as expected."
+  }
+
+  assert {
+    condition     = tolist(azurerm_application_gateway.main.identity[0].identity_ids) == tolist([run.setup.managed_identity_id])
+    error_message = "The Managed Identity ID is not as expected."
+  }
 }
 
 run "apply" {
@@ -183,6 +201,7 @@ run "apply" {
     location            = run.setup.resource_group_location
     tags                = run.setup.resource_group_tags
     firewall_policy_id  = run.setup.firewall_policy_id
+    identity_id         = run.setup.managed_identity_id
     subnet_id           = run.setup.subnet_id
     frontend_ip_configuration = {
       subnet_id                     = run.setup.subnet_id

variables.tf

@@ -97,6 +97,12 @@ variable "autoscale_configuration" {
   }
 }
 
+variable "identity_id" {
+  type        = string
+  default     = null
+  description = "The ID of the Managed Identity to associate with the Application Gateway."
+}
+
 variable "subnet_id" {
   type        = string
   description = "The ID of the Subnet which the Application Gateway should be connected to."
@@ -126,12 +132,6 @@ variable "backend_address_pools" {
   }
 }
 
-# variable "identity_id" {
-#   type        = string
-#   default     = null
-#   description = "Specifies a user managed identity id to be assigned to the Application Gateway."
-# }
-
 # variable "ssl_certificates" {
 #   type = list(object({
 #     name                = string