v0.9.0 release (#10)

Added support for PremiumV2 SSD with V20MP2R2 SKU and CosmosDB firewall
rules.

Co-authored-by: Tomas Simacek <tsimacek@pruestorage.com>

Author: tsimacek

CHANGELOG.md

@@ -1,3 +1,8 @@
+## 0.9.0 (July 3, 2023)
+
+* Added support for PremiumV2 SSD with V20MP2R2 SKU, refer to the [documentation](docs/resources/array_azure.md)
+* Added support for CosmosDB firewall rules using `user_assigned_identity`, refer to the [documentation](docs/resources/array_azure.md)
+
 ## 0.8.0 (May 15, 2023)
 
 * Added support for Cloud Block Store on Azure deployment for Pure Fusion using the `fusion_sec_identity` parameter, refer to the [documentation](docs/resources/array_azure.md)

cbs/acceptance/test_params.go

@@ -35,6 +35,7 @@ type AccTestCbsAzureParams struct {
 	JitGroup               string `json:"jit_group"`
 	JitGroupID             string `json:"jit_group_id"`
 	FusionSECIdentity      string `json:"fusion_sec_identity"`
+	UserAssignedIdentity   string `json:"user_assigned_identity"`
 }
 
 type AccTestCbsFusionSECAzureParams struct {

cbs/resource_array_azure.go

@@ -177,6 +177,7 @@ func resourceArrayAzure() *schema.Resource {
 				ValidateFunc: validation.StringInSlice([]string{
 					"V10MUR1",
 					"V20MUR1",
+					"V20MP2R2",
 				}, false),
 			},
 
@@ -212,6 +213,12 @@ func resourceArrayAzure() *schema.Resource {
 				}),
 			},
 
+			"user_assigned_identity": {
+				Type:        schema.TypeString,
+				Description: "A required input that denotes the identity of the customer User Assigned identity.",
+				Required:    true,
+			},
+
 			"fusion_sec_identity": {
 				Type:        schema.TypeString,
 				Description: "Optional input that denotes the identity of a Fusion Storage Endpoint Collection, obtained during Azure Portal GUI or CLI deployment",
@@ -414,13 +421,20 @@ func resourceArrayAzureCreate(ctx context.Context, d *schema.ResourceData, m int
 		setAppParameter("alertRecipients", "")
 	}
 
-	if v, ok := d.GetOk("fusion_sec_identity"); ok {
-		fusionIdentity := expandFusionIdentity(v.(string))
+	var identities = []string{}
+	if v, ok := d.GetOk("user_assigned_identity"); ok {
+		identities = append(identities, v.(string))
+	} else {
+		return diag.Errorf("failed to retrieve user_assigned_identity")
+	}
 
-		parameters.Identity = fusionIdentity
-		setAppParameter("fusionSECIdentity", fusionIdentity)
+	if v, ok := d.GetOk("fusion_sec_identity"); ok {
+		identities = append(identities, v.(string))
+		setAppParameter("fusionSECIdentity", expandIdentityObject(identities[1:]))
 	}
 
+	parameters.Identity = expandIdentityObject(identities)
+
 	if v, ok := d.GetOk("tags"); ok {
 		tags := v.(map[string]interface{})
 		tagsMap := make(map[string]interface{})
@@ -670,12 +684,14 @@ func groupGetByDisplayName(ctx context.Context, client cloud.AzureClientAPI, dis
 	return &group, nil
 }
 
-func expandFusionIdentity(fusionSECIdentity string) *managedapplications.Identity {
+func expandIdentityObject(identities []string) *managedapplications.Identity {
+	var userIdentities = make(map[string]*managedapplications.UserAssignedResourceIdentity)
+	for _, identity := range identities {
+		userIdentities[identity] = new(managedapplications.UserAssignedResourceIdentity)
+	}
 	return &managedapplications.Identity{
-		Type: managedapplications.ResourceIdentityTypeUserAssigned,
-		UserAssignedIdentities: map[string]*managedapplications.UserAssignedResourceIdentity{
-			fusionSECIdentity: {},
-		},
+		Type:                   managedapplications.ResourceIdentityTypeUserAssigned,
+		UserAssignedIdentities: userIdentities,
 	}
 }
 

cbs/resource_array_azure_test.go

@@ -246,13 +246,15 @@ func testAccAzureConfig(name string, orgDomain string, fusionArray bool) string
 
 		%[16]s
 
+		user_assigned_identity = "%[17]s"
 		tags = {
 			foo = "bar"
 			test = "value"
 		}
 	}`, name, orgDomain, cbsAzureParam.ResourceGroupName, cbsAzureParam.LicenseKey, cbsAzureParam.PureuserPrivateKeyPath, cbsAzureParam.SystemSubnet,
 		cbsAzureParam.ReplicationSubnet, cbsAzureParam.ISCSISubnet, cbsAzureParam.ManagementSubnet, cbsAzureParam.VirtualNetworkId,
-		cbsAzureParam.Location, cbsAzureParam.KeyvaultId, cbsAzureParam.ArrayModel, fusionHCL, cbsAzureParam.JitGroupID, planHCL)
+		cbsAzureParam.Location, cbsAzureParam.KeyvaultId, cbsAzureParam.ArrayModel, fusionHCL, cbsAzureParam.JitGroupID, planHCL,
+		cbsAzureParam.UserAssignedIdentity)
 }
 
 func testAccAzureConfigAppId(name string, orgDomain string, fusionArray bool) string {
@@ -283,14 +285,16 @@ func testAccAzureConfigAppId(name string, orgDomain string, fusionArray bool) st
 		%[14]s
 
 		app_definition_id = "%[15]s"
+		user_assigned_identity = "%[16]s"
 
 		tags = {
 			foo = "bar"
 			test = "value"
 		}
 	}`, name, orgDomain, cbsAzureParam.ResourceGroupName, cbsAzureParam.LicenseKey, cbsAzureParam.PureuserPrivateKeyPath, cbsAzureParam.SystemSubnet,
 		cbsAzureParam.ReplicationSubnet, cbsAzureParam.ISCSISubnet, cbsAzureParam.ManagementSubnet, cbsAzureParam.VirtualNetworkId,
-		cbsAzureParam.Location, cbsAzureParam.KeyvaultId, cbsAzureParam.ArrayModel, fusionHCL, cbsAzureParam.AppDefinitionId)
+		cbsAzureParam.Location, cbsAzureParam.KeyvaultId, cbsAzureParam.ArrayModel, fusionHCL, cbsAzureParam.AppDefinitionId,
+		cbsAzureParam.UserAssignedIdentity)
 }
 
 // Lazy load the Azure param values from the json file specified at TEST_ACC_AZURE_PARAMS_PATH.

docs/resources/array_aws.md

@@ -27,7 +27,7 @@ resource "cbs_array_aws" "cbs_example" {
 
     array_name = "terraform-example-instance"
 
-    deployment_template_url = "https://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/4ea2905b-7939-4ee0-a521-d5c2fcb41214.e6360126-9b9d-4428-a532-e4d22aef7a40.template"
+    deployment_template_url = "https://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/4ea2905b-7939-4ee0-a521-d5c2fcb41214.e1e81a59-5e4c-4400-9675-85361e830022.template"
     deployment_role_arn = "arn:aws:iam::xxxxxxxxxxxx:role/example_role"
 
     log_sender_domain = "example-company.org"

docs/resources/array_azure.md

@@ -10,8 +10,6 @@ description: |-
 
 Allows the deployment and management of a Cloud Block Store instance on Azure. The instance is deployed as an Azure Managed Application.
 
-The instance is deployed at Purity version 6.3.5.
-
 Refer to the [deployment guide](https://support.purestorage.com/FlashArray/PurityFA/Cloud_Block_Store/Cloud_Block_Store_Deployment_and_Configuration_Guide_for_Azure) for information on how to configure the Azure environment for the CBS instance.
 
 ~>Along with the infrastructure components defined in the deployment guide, an [Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/)
@@ -84,6 +82,7 @@ resource "cbs_array_azure" "azure_instance" {
     system_subnet = "SN-xxxxxxxxxxxxxx"
     iscsi_subnet = "SN-xxxxxxxxxxxxxx"
     replication_subnet = "SN-xxxxxxxxxxxxxx"
+    user_assigned_identity = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx/resourcegroups/mock_resource_group_name/providers/Microsoft.ManagedIdentity/userAssignedIdentities/xxxxxxx",
 
     jit_approval_group_object_ids = ["xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"]
 }
@@ -93,7 +92,7 @@ resource "cbs_array_azure" "azure_instance" {
 ## Argument Reference
 
 - `alert_recipients` (Optional) - List of email addresses to receive alerts.
-- `array_model` (Required) - CBS array size to launch. The possible values are `V10MUR1` or `V20MUR1`.
+- `array_model` (Required) - CBS array size to launch. The possible values are `V10MUR1`, `V20MUR1` or `V20MP2R2`.
 - `array_name` (Required) - Name of the array, and the name of the managed application.
 - `fusion_sec_identity` (Optional) - Input that denotes the identity of a Fusion Storage Endpoint Collection, obtained during Azure Portal GUI or CLI deployment.
 Required when the array is deployed for use in a Fusion cluster.
@@ -112,6 +111,7 @@ The [azuread_group](https://registry.terraform.io/providers/hashicorp/azuread/la
 - `resource_group_name` (Required) - Name of the resource group in which to deploy the managed application.
 - `system_subnet` (Required) - Subnet for the system interface of the Array.
 - `tags` (Optional) - A list of tags to apply to all resources in the managed application.
+- `user_assigned_identity` (Required) - A required input that denotes the identity of the customer User Assigned identity.
 - `virtual_network_id` (Required) - The ID of the virtual network that contains the network interfaces of the array.
 - `zone` (Required) - The Availability Zone within the deployment location.
 

examples/aws_array/main.tf

@@ -2,7 +2,7 @@ terraform {
     required_providers {
         cbs = {
             source = "PureStorage-OpenConnect/cbs"
-            version = "~> 0.8.0"
+            version = "~> 0.9.0"
         }
     }
 }

examples/aws_array/terraform.tfvars

@@ -1,7 +1,7 @@
 #Variables
 region                  = "us-west-2"
 array_name              = "array-name"
-template_url            = "https://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/4ea2905b-7939-4ee0-a521-d5c2fcb41214.e6360126-9b9d-4428-a532-e4d22aef7a40.template"
+template_url            = "https://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/4ea2905b-7939-4ee0-a521-d5c2fcb41214.e1e81a59-5e4c-4400-9675-85361e830022.template"
 deployment_role_arn     = "arn:aws:iam::xxxxxxxxxxxx:role/example_role"
 log_sender_domain       = "example-company.org"
 alert_recipients        = ["admin1@example-company.org", "admin2@example-company.org"]

examples/azure_array/main.tf

@@ -2,7 +2,7 @@ terraform {
     required_providers {
         cbs = {
             source = "PureStorage-OpenConnect/cbs"
-            version = "~> 0.8.0"
+            version = "~> 0.9.0"
         }
     }
 }
@@ -33,6 +33,8 @@ resource "cbs_array_azure" "azure_instance" {
     replication_subnet = var.replication_subnet
 
     jit_approval_group_object_ids = var.jit_group_ids
+    user_assigned_identity = var.user_assigned_identity
+
     plan {
         name = data.cbs_azure_plans.azure_plans.plans[0].name
         product = data.cbs_azure_plans.azure_plans.plans[0].product

examples/azure_array/terraform.tfvars

@@ -1,17 +1,18 @@
 #Variables
-array_name          = "terraform-example-instance"
-location            = "location_xxxx"
-resource_group_name = "resource_xxxx"
-license_key         = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx"
-log_sender_domain   = "example-company.org"
-alert_recipients    = ["admin1@example-company.org", "admin2@example-company.org"]
-array_model         = "V10MUR1"
-zone                = 1
-virtual_network_id  = "/subscriptions/xxxxxxxxxxxxxx/resourceGroups/xxxxxxxxxxxxxx/providers/Microsoft.Network/virtualNetworks/xxxxxxxxxxxxxx"
-key_vault_id        = "/subscriptions/xxxxxxxxxxxxxx/resourceGroups/xxxxxxxxxxxxxx/providers/Microsoft.KeyVault/vaults/xxxxxxxxxxxxxx"
-management_subnet   = "SN-xxxxxxxxxxxxxx"
-system_subnet       = "SN-xxxxxxxxxxxxxx"
-iscsi_subnet        = "SN-xxxxxxxxxxxxxx"
-replication_subnet  = "SN-xxxxxxxxxxxxxx"
-jit_group_ids       = ["xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"]
-key_file_path       = "example.pem"
+array_name             = "terraform-example-instance"
+location               = "location_xxxx"
+resource_group_name    = "resource_xxxx"
+license_key            = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx"
+log_sender_domain      = "example-company.org"
+alert_recipients       = ["admin1@example-company.org", "admin2@example-company.org"]
+array_model            = "V10MUR1"
+zone                   = 1
+virtual_network_id     = "/subscriptions/xxxxxxxxxxxxxx/resourceGroups/xxxxxxxxxxxxxx/providers/Microsoft.Network/virtualNetworks/xxxxxxxxxxxxxx"
+key_vault_id           = "/subscriptions/xxxxxxxxxxxxxx/resourceGroups/xxxxxxxxxxxxxx/providers/Microsoft.KeyVault/vaults/xxxxxxxxxxxxxx"
+management_subnet      = "SN-xxxxxxxxxxxxxx"
+system_subnet          = "SN-xxxxxxxxxxxxxx"
+iscsi_subnet           = "SN-xxxxxxxxxxxxxx"
+replication_subnet     = "SN-xxxxxxxxxxxxxx"
+jit_group_ids          = ["xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"]
+key_file_path          = "example.pem"
+user_assigned_identity = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx/resourcegroups/mock_resource_group_name/providers/Microsoft.ManagedIdentity/userAssignedIdentities/xxxxxxx"

examples/azure_array/variables.tf

@@ -60,4 +60,8 @@ variable "key_vault_id" {
 
 variable "key_file_path" {
     type = string
+}
+
+variable "user_assigned_identity" {
+    type = string
 }

examples/azure_fusion_sec/main.tf

@@ -2,7 +2,7 @@ terraform {
     required_providers {
         cbs = {
             source = "PureStorage-OpenConnect/cbs"
-            version = "~> 0.8.0"
+            version = "~> 0.9.0"
         }
     }
 }

testing/mock-params-azure.json

@@ -12,5 +12,6 @@
     "virtual_network_id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mock_resource_group_name/providers/Microsoft.Network/virtualNetworks/mock_vnet_name",
     "keyvault_id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mock_resource_group_name/providers/Microsoft.KeyVault/vaults/A00000000000000000000000",
     "jit_group":"jit_group",
-    "jit_group_id":"00000000-0000-0000-0001-000000000000"
+    "jit_group_id":"00000000-0000-0000-0001-000000000000",
+    "user_assigned_identity": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx/resourcegroups/mock_resource_group_name/providers/Microsoft.ManagedIdentity/userAssignedIdentities/xxxxxxx"
 }