refactor: change implementation from SystemAssignedUserAssignedIdenti…

…tyRequired to SystemAssignedIdentityRequired
hashicorp · Jan 13, 2025 · e729aa9 · e729aa9
1 parent 1170f1b
commit e729aa9
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 28 deletions.
diff --git a/internal/services/containers/container_registry_credential_set_resource.go b/internal/services/containers/container_registry_credential_set_resource.go
@@ -60,14 +60,14 @@ func (ContainerRegistryCredentialSetResource) Arguments() map[string]*pluginsdk.
 				},
 			},
 		},
-		// At point in time of the implementation of this resource the API only accept SystemAssigned even though API Spec defines all three identity modes are possible
+		// Note [1]: At point in time of the implementation of this resource the API only accept SystemAssigned even though API Spec defines all three identity modes are possible
 		// Error when trying with type UserAssigned:
 		//	code: "CannotSetResourceIdentity"
 		//	message: "The resource identity 'UserAssigned' cannot be set on the resource of type 'Microsoft.ContainerRegistry/registries/credentialSets'."
 		// or with type empty:
 		//	code: "OnlySystemManagedIdentityAllowed"
 		//	message: "Only System Managed Identities are allowed for resources of type 'Microsoft.ContainerRegistry/registries/credentialSets'. For more information, please visit https://aka.ms/acr/cache."
-		"identity": commonschema.SystemAssignedUserAssignedIdentityRequired(),
+		"identity": commonschema.SystemAssignedIdentityRequired(),
 	}
 }
 
@@ -81,11 +81,11 @@ type AuthenticationCredential struct {
 }
 
 type ContainerRegistryCredentialSetModel struct {
-	Name                     string                                     `tfschema:"name"`
-	ContainerRegistryId      string                                     `tfschema:"container_registry_id"`
-	LoginServer              string                                     `tfschema:"login_server"`
-	AuthenticationCredential []AuthenticationCredential                 `tfschema:"authentication_credentials"`
-	Identity                 []identity.ModelSystemAssignedUserAssigned `tfschema:"identity"`
+	Name                     string                         `tfschema:"name"`
+	ContainerRegistryId      string                         `tfschema:"container_registry_id"`
+	LoginServer              string                         `tfschema:"login_server"`
+	AuthenticationCredential []AuthenticationCredential     `tfschema:"authentication_credentials"`
+	Identity                 []identity.ModelSystemAssigned `tfschema:"identity"`
 }
 
 func (ContainerRegistryCredentialSetResource) ModelObject() interface{} {
@@ -129,18 +129,13 @@ func (r ContainerRegistryCredentialSetResource) Create() sdk.ResourceFunc {
 				return metadata.ResourceRequiresImport(r.ResourceType(), id)
 			}
 
-			expandedIdentity, err := identity.ExpandSystemAndUserAssignedMapFromModel(config.Identity)
-			if err != nil {
-				return err
-			}
-
 			param := credentialsets.CredentialSet{
 				Name: pointer.To(id.CredentialSetName),
 				Properties: &credentialsets.CredentialSetProperties{
 					LoginServer:     pointer.To(config.LoginServer),
 					AuthCredentials: expandAuthCredentials(config.AuthenticationCredential),
 				},
-				Identity: expandedIdentity,
+				Identity: expandIdentity(config.Identity),
 			}
 
 			if err := client.CreateThenPoll(ctx, id, param); err != nil {
@@ -179,10 +174,7 @@ func (r ContainerRegistryCredentialSetResource) Update() sdk.ResourceFunc {
 			param.Properties = &properties
 
 			if metadata.ResourceData.HasChange("identity") {
-				param.Identity, err = identity.ExpandSystemAndUserAssignedMapFromModel(model.Identity)
-				if err != nil {
-					return err
-				}
+				param.Identity = expandIdentity(model.Identity)
 			}
 
 			if err := client.UpdateThenPoll(ctx, *id, param); err != nil {
@@ -222,11 +214,7 @@ func (ContainerRegistryCredentialSetResource) Read() sdk.ResourceFunc {
 			config.ContainerRegistryId = registryId.ID()
 
 			if model := resp.Model; model != nil {
-				flattenedIdentity, err := identity.FlattenSystemAndUserAssignedMapToModel(model.Identity)
-				if err != nil {
-					return fmt.Errorf("flattening `identity`: %+v", err)
-				}
-				config.Identity = pointer.From(flattenedIdentity)
+				config.Identity = flattenIdentity(model.Identity)
 				if props := model.Properties; props != nil {
 					config.LoginServer = pointer.From(props.LoginServer)
 					config.AuthenticationCredential = flattenAuthCredentials(props.AuthCredentials)
@@ -287,3 +275,30 @@ func flattenAuthCredentials(input *[]credentialsets.AuthCredential) []Authentica
 	}
 	return output
 }
+
+// read the note [1] above why we transform the identity here like that
+func flattenIdentity(input *identity.SystemAndUserAssignedMap) []identity.ModelSystemAssigned {
+	if input == nil {
+		return nil
+	}
+	output := make([]identity.ModelSystemAssigned, 1)
+	output[0] = identity.ModelSystemAssigned{
+		Type:        input.Type,
+		TenantId:    input.TenantId,
+		PrincipalId: input.PrincipalId,
+	}
+	return output
+}
+
+// read the note [1] above why we transform the identity here like that
+func expandIdentity(input []identity.ModelSystemAssigned) *identity.SystemAndUserAssignedMap {
+	if len(input) == 0 {
+		return nil
+	}
+	output := identity.SystemAndUserAssignedMap{
+		Type:        input[0].Type,
+		TenantId:    input[0].TenantId,
+		PrincipalId: input[0].PrincipalId,
+	}
+	return &output
+}
diff --git a/website/docs/r/container_registry_credential_set.html.markdown b/website/docs/r/container_registry_credential_set.html.markdown
@@ -127,13 +127,8 @@ A `authentication_credentials` block supports the following:
 
 An `identity` block supports the following:
 
-* `type` - (Required) The type of Managed Service Identity that is configured on for the Container Registry Credential Set. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both).
+* `type` - (Required) The type of Managed Service Identity that is configured on for the Container Registry Credential Set. Currently the only possible value is `SystemAssigned`.
 
-~> **NOTE:** The Azure Resource currently only supports `SystemAssigned` Identities.
-
-* `identity_ids` - (Optional) A list of User Assigned Managed Identity IDs to be assigned to this Container Registry Credential Set.
-
-~> **NOTE:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`.
 
 ## Attributes Reference