New Resource: azurerm_servicebus_namespace_customer_managed_key

[catriona-m]

Community Note

• Please vote on this PR by adding a 👍 reaction to the original PR to help the community and maintainers prioritize for review
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for PR followers and do not help prioritize for review

Description

This PR adds support for the new resource azurerm_servicebus_namespace_customer_managed_key

PR Checklist

• I have followed the guidelines in our Contributing Documentation.
• I have checked to ensure there aren't other open Pull Requests for the same update/change.
• I have checked if my changes close any open issues. If so please include appropriate closing keywords below.
• I have updated/added Documentation as required written in a helpful and kind way to assist users that may be unfamiliar with the resource / data source.
• I have used a meaningful PR title to help maintainers and other users understand this change and help prevent duplicate work.
  For example: “resource_name_here - description of change e.g. adding property new_property_name_here”

Testing

• My submission includes Test coverage as described in the Contribution Guide and the tests pass. (if this is not possible for any reason, please include details of why you did or could not add test coverage)

=== RUN   TestAccServicebusNamespaceCustomerManagedKey_basic
=== PAUSE TestAccServicebusNamespaceCustomerManagedKey_basic
=== CONT  TestAccServicebusNamespaceCustomerManagedKey_basic
--- PASS: TestAccServicebusNamespaceCustomerManagedKey_basic (581.52s)
=== RUN   TestAccServicebusNamespaceCustomerManagedKey_complete
=== PAUSE TestAccServicebusNamespaceCustomerManagedKey_complete
=== CONT  TestAccServicebusNamespaceCustomerManagedKey_complete
--- PASS: TestAccServicebusNamespaceCustomerManagedKey_complete (584.67s)
=== RUN   TestAccServicebusNamespaceCustomerManagedKey_requiresImport
=== PAUSE TestAccServicebusNamespaceCustomerManagedKey_requiresImport
=== CONT  TestAccServicebusNamespaceCustomerManagedKey_requiresImport
--- PASS: TestAccServicebusNamespaceCustomerManagedKey_requiresImport (529.35s)
=== RUN   TestAccServicebusNamespaceCustomerManagedKey_updated
=== PAUSE TestAccServicebusNamespaceCustomerManagedKey_updated
=== CONT  TestAccServicebusNamespaceCustomerManagedKey_updated
--- PASS: TestAccServicebusNamespaceCustomerManagedKey_updated (780.80s)
=== RUN   TestAccServicebusNamespaceCustomerManagedKey_userAssignedIdentityUpdated
=== PAUSE TestAccServicebusNamespaceCustomerManagedKey_userAssignedIdentityUpdated
=== CONT  TestAccServicebusNamespaceCustomerManagedKey_userAssignedIdentityUpdated
--- PASS: TestAccServicebusNamespaceCustomerManagedKey_userAssignedIdentityUpdated (496.32s)
PASS

Change Log

Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.

• New Resource: azurerm_servicebus_namespace_customer_managed_key [GH-00000]

This is a (please select all that apply):

• Bug Fix
• New Feature (ie adding a service, resource, or data source)
• Enhancement
• Breaking Change

Related Issue(s)

Fixes #21313

Note

If this PR changes meaningfully during the course of review please update the title and description as required.

[stephybun]

The validation function on the property will ensure that the user input is a user assigned identity ID with correct casing in the static segments, so there isn't strictly a need to parse that here if we're just passing the string value of it to the API

Suggested change

	identityId, err := commonids.ParseUserAssignedIdentityID(cmk.IdentityID)
	if err != nil {
	return err
	}
	(*payload.Properties.Encryption.KeyVaultProperties)[0].Identity = &namespaces.UserAssignedIdentityProperties{
	UserAssignedIdentity: pointer.To(identityId.ID()),
	(*payload.Properties.Encryption.KeyVaultProperties)[0].Identity = &namespaces.UserAssignedIdentityProperties{
	UserAssignedIdentity: pointer.To(cmk.IdentityID),

[stephybun]

We should also nil check model here:

Suggested change

	if props := resp.Model.Properties; props != nil && props.Encryption != nil {
	if model := resp.Model; model != nil {
	if props := model.Properties; props != nil && props.Encryption != nil {
	...
	}

[stephybun]

Suggested change

	identityId, err := commonids.ParseUserAssignedIdentityID(cmk.IdentityID)
	if err != nil {
	return err
	}
	(*payload.Properties.Encryption.KeyVaultProperties)[0].Identity = &namespaces.UserAssignedIdentityProperties{
	UserAssignedIdentity: pointer.To(identityId.ID()),
	}
	(*payload.Properties.Encryption.KeyVaultProperties)[0].Identity = &namespaces.UserAssignedIdentityProperties{
	UserAssignedIdentity: pointer.To(cmk.IdentityID),
	}

[stephybun]

I can't tell the difference between these two configs, are they the same?

[stephybun]

We usually use the basic config for the requires import check

Suggested change

	Config: r.complete(data),
	Config: r.basic(data),

[stephybun]

I realise ServiceBus is written together as one word in a lot of our documentation, but I think this should actually be split into two words. Could you split it in this doc and we can update the others at a later point?

[stephybun]

I think it would be good to warn users not to try and manage the CMK with both this resource and the block on the resource. We have this for other resources where something that can be configured in-line is also available as a virtual resource

Suggested change

	~> **Note:** It's possible to define a Customer Managed Key both within [the `azurerm_servicebus_namespace` resource](servicebus_namespace.html) via the `customer_managed_key` block and by using this resource. It is not possible to use both methods to manage a Customer Managed Key for a Service Bus Namespace since it will result in a conflict.

A note on the service bus namespace resource under the customer_managed_key block informing users that they need to add this to ignore_changes if they're using this resource to manage CMK might also be a good addition too.