r\iothub: Extract file_upload and support identityBased auth
#15466
Conversation
|
Teste result (Failed test is due to transient latency of Role Assignment) |
myc2h6o
force-pushed
the
iothub_file_upload
branch
from
6c77b99
to
3fa76d8
Compare
myc2h6o
force-pushed
the
iothub_file_upload
branch
from
3fa76d8
to
fb0be9e
Compare
| Sensitive: true, | ||
| }, | ||
|
|
||
| "container_name": { |
There was a problem hiding this comment.
Could we add some validation here?
| } | ||
|
|
||
| if err = future.WaitForCompletionRef(ctx, client.Client); err != nil { | ||
| return fmt.Errorf("waiting for the completion of the creating/updating of %s: %+v", id, err) |
There was a problem hiding this comment.
| return fmt.Errorf("waiting for the completion of the creating/updating of %s: %+v", id, err) | |
| return fmt.Errorf("waiting for creation/update of %s: %+v", id, err) |
| Create: resourceIotHubFileUploadCreateUpdate, | ||
| Read: resourceIotHubFileUploadRead, | ||
| Update: resourceIotHubFileUploadCreateUpdate, |
There was a problem hiding this comment.
We should split create and update into separate methods.
|
|
||
| future, err := client.CreateOrUpdate(ctx, id.ResourceGroup, id.IotHubName, iothub, "") | ||
| if err != nil { | ||
| return fmt.Errorf("updating %s: %+v", id, err) |
There was a problem hiding this comment.
| return fmt.Errorf("updating %s: %+v", id, err) | |
| return fmt.Errorf("updating %s: %+v", *id, err) |
| } | ||
|
|
||
| if err = future.WaitForCompletionRef(ctx, client.Client); err != nil { | ||
| return fmt.Errorf("waiting for %s to finish updating: %+v", id, err) |
There was a problem hiding this comment.
| return fmt.Errorf("waiting for %s to finish updating: %+v", id, err) | |
| return fmt.Errorf("waiting for update of %s: %+v", *id, err) |
|
|
||
| * `lock_duration` - (Optional) The lock duration for the file upload notifications queue, specified as an [ISO 8601 timespan duration](https://en.wikipedia.org/wiki/ISO_8601#Durations). This value must be between 5 and 300 seconds, and evaluates to `PT1M` by default. | ||
|
|
||
| * `max_delivery_count` - (Optional) The number of times the IoT hub attempts to deliver a file upload notification message. It evaluates to `10` by default. |
There was a problem hiding this comment.
| * `max_delivery_count` - (Optional) The number of times the IoT hub attempts to deliver a file upload notification message. It evaluates to `10` by default. | |
| * `max_delivery_count` - (Optional) The number of times the IoT hub attempts to deliver a file upload notification message. Defaults to `10`. |
|
|
||
| * `max_delivery_count` - (Optional) The number of times the IoT hub attempts to deliver a file upload notification message. It evaluates to `10` by default. | ||
|
|
||
| * `notifications` - (Optional) Used to specify whether file notifications are sent to IoT Hub on upload. It evaluates to false by default. |
There was a problem hiding this comment.
| * `notifications` - (Optional) Used to specify whether file notifications are sent to IoT Hub on upload. It evaluates to false by default. | |
| * `notifications` - (Optional) Specifies whether file notifications are sent to IoT Hub on upload. Defaults to `false`. |
|
|
||
| * `notifications` - (Optional) Used to specify whether file notifications are sent to IoT Hub on upload. It evaluates to false by default. | ||
|
|
||
| * `sas_ttl` - (Optional) The period of time for which the SAS URI generated by IoT Hub for file upload is valid, specified as an [ISO 8601 timespan duration](https://en.wikipedia.org/wiki/ISO_8601#Durations). This value must be between 1 minute and 24 hours, and evaluates to `PT1H` by default. |
There was a problem hiding this comment.
| * `sas_ttl` - (Optional) The period of time for which the SAS URI generated by IoT Hub for file upload is valid, specified as an [ISO 8601 timespan duration](https://en.wikipedia.org/wiki/ISO_8601#Durations). This value must be between 1 minute and 24 hours, and evaluates to `PT1H` by default. | |
| * `sas_ttl` - (Optional) The period of time for which the SAS URI generated by IoT Hub for file upload is valid, specified as an [ISO 8601 timespan duration](https://en.wikipedia.org/wiki/ISO_8601#Durations). This value must be between 1 minute and 24 hours. Defaults to `PT1H`. |
|
|
||
| In addition to the Arguments listed above - the following Attributes are exported: | ||
|
|
||
| * `id` - The ID of the IotHub File Upload. |
There was a problem hiding this comment.
I've seen multiple spellings of IotHub in this doc (IoT Hub, Iot Hub, IotHub) could we be consistent and update the doc to use just one?
| ```shell | ||
| terraform import azurerm_iothub_file_upload.file_upload1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Devices/IotHubs/hub1/FileUpload/default | ||
| ``` | ||
| ~> **NOTE:** As there may only be a single fallback route per IoTHub, the id always ends with `/FileUpload/default`. |
|
Hi @myc2h6o, After looking into this further it appears that even though the service does allow this functionality once the relevant permissions have been assigned to the System Assigned Identity, the portal recommends against it. Since the IoTHub resource already supports file upload with all the available properties there is no need to split this out into a separate resource. Whilst I'd like to thank you for your contribution, as this functionality can already be achieved in the recommended manner I am going to close this PR for the moment. Thanks! |
|
Hi @stephybun thanks for reviewing this big change, there are many useful suggestions! I did some research after looking at your comment and Azure does recommend User-Assigned identity in this case. This is the doc I found. This pr also includes two new properties under |
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
Similar to #14705. Add support for Identity-Based authentication for File Upload.
azurerm_iothub_file_uploadso that File Upload can useSystemAssignedidentity of its IotHub at creation time.azurerm_iothubdirectly, howeverSystemAssignedcan only be used at Update because it requires a Role Assignment and it can only be done after the IotHub is created.