Add azure_subscription resource (#90)

Add `azure_subscription` resource for Azure Subscription onboarding.

api/illumio/cloud/config/v1/config.proto

@@ -14,6 +14,10 @@ service ConfigService {
   rpc ReadAwsFlowLogsS3Bucket(ReadAwsFlowLogsS3BucketRequest) returns (ReadAwsFlowLogsS3BucketResponse);
   rpc UpdateAwsFlowLogsS3Bucket(UpdateAwsFlowLogsS3BucketRequest) returns (UpdateAwsFlowLogsS3BucketResponse);
   rpc DeleteAwsFlowLogsS3Bucket(DeleteAwsFlowLogsS3BucketRequest) returns (google.protobuf.Empty);
+  rpc CreateAzureSubscription(CreateAzureSubscriptionRequest) returns (CreateAzureSubscriptionResponse);
+  rpc ReadAzureSubscription(ReadAzureSubscriptionRequest) returns (ReadAzureSubscriptionResponse);
+  rpc UpdateAzureSubscription(UpdateAzureSubscriptionRequest) returns (UpdateAzureSubscriptionResponse);
+  rpc DeleteAzureSubscription(DeleteAzureSubscriptionRequest) returns (google.protobuf.Empty);
   rpc CreateK8SClusterOnboardingCredential(CreateK8SClusterOnboardingCredentialRequest) returns (CreateK8SClusterOnboardingCredentialResponse);
   rpc ReadK8SClusterOnboardingCredential(ReadK8SClusterOnboardingCredentialRequest) returns (ReadK8SClusterOnboardingCredentialResponse);
   rpc UpdateK8SClusterOnboardingCredential(UpdateK8SClusterOnboardingCredentialRequest) returns (UpdateK8SClusterOnboardingCredentialResponse);
@@ -91,6 +95,49 @@ message UpdateAwsFlowLogsS3BucketResponse {
 message DeleteAwsFlowLogsS3BucketRequest {
   string id = 1;
 }
+message CreateAzureSubscriptionRequest {
+  string client_id = 2;
+  string client_secret = 3;
+  string mode = 4;
+  string name = 5;
+  string subscription_id = 6;
+  string tenant_id = 7;
+}
+message CreateAzureSubscriptionResponse {
+  string id = 1;
+  string client_id = 2;
+  string mode = 4;
+  string name = 5;
+  string subscription_id = 6;
+  string tenant_id = 7;
+}
+message ReadAzureSubscriptionRequest {
+  string id = 1;
+}
+message ReadAzureSubscriptionResponse {
+  string id = 1;
+  string client_id = 2;
+  string mode = 4;
+  string name = 5;
+  string subscription_id = 6;
+  string tenant_id = 7;
+}
+message UpdateAzureSubscriptionRequest {
+  string id = 1;
+  string name = 5;
+  google.protobuf.FieldMask update_mask = 8;
+}
+message UpdateAzureSubscriptionResponse {
+  string id = 1;
+  string client_id = 2;
+  string mode = 4;
+  string name = 5;
+  string subscription_id = 6;
+  string tenant_id = 7;
+}
+message DeleteAzureSubscriptionRequest {
+  string id = 1;
+}
 message CreateK8SClusterOnboardingCredentialRequest {
   optional string description = 5;
   string illumio_region = 6;

api/illumio/cloud/config/v1/tags.json

@@ -1 +1 @@
-{"resource/aws_account":{"account_id":2,"account_type":3,"id":1,"management_account_id":4,"mode":5,"name":6,"organization_account_id":11,"organization_id":7,"organization_master_account_id":12,"role_arn":8,"role_external_id":9,"update_mask":10},"resource/aws_flow_logs_s3_bucket":{"account_id":2,"id":1,"s3_bucket_arn":3,"update_mask":4},"resource/k8s_cluster_onboarding_credential":{"client_id":2,"client_secret":3,"created_at":4,"description":5,"id":1,"illumio_region":6,"name":7,"update_mask":8}}
+{"resource/aws_account":{"account_id":2,"account_type":3,"id":1,"management_account_id":4,"mode":5,"name":6,"organization_account_id":11,"organization_id":7,"organization_master_account_id":12,"role_arn":8,"role_external_id":9,"update_mask":10},"resource/aws_flow_logs_s3_bucket":{"account_id":2,"id":1,"s3_bucket_arn":3,"update_mask":4},"resource/azure_subscription":{"client_id":2,"client_secret":3,"id":1,"mode":4,"name":5,"subscription_id":6,"tenant_id":7,"update_mask":8},"resource/k8s_cluster_onboarding_credential":{"client_id":2,"client_secret":3,"created_at":4,"description":5,"id":1,"illumio_region":6,"name":7,"update_mask":8}}

api/schema/azure_subscription_resource.go

@@ -0,0 +1,95 @@
+// Copyright (c) Illumio, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package schema
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	resource_schema "github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+)
+
+var (
+	azureSubscriptionResource = Resource{
+		TypeName: "azure_subscription",
+		Schema: resource_schema.Schema{
+			Version:     1,
+			Description: "Manages an Azure subscription in CloudSecure.",
+			Attributes: map[string]resource_schema.Attribute{
+				IDFieldName: idAttribute,
+				"client_id": StringResourceAttributeWithMode{
+					StringAttribute: resource_schema.StringAttribute{
+						Description: "The client_id of the Azure Active Directory App Service Principal used by CloudSecure to manage this subscription.",
+						Required:    true,
+						PlanModifiers: []planmodifier.String{
+							stringplanmodifier.RequiresReplace(),
+						},
+					},
+					attributeWithMode: attributeWithMode{
+						Mode: ImmutableAttributeMode,
+					},
+				},
+				"client_secret": StringResourceAttributeWithMode{
+					StringAttribute: resource_schema.StringAttribute{
+						Description: "The client_secret of the Azure Active Directory App Service Principal used by CloudSecure to manage this subscription.",
+						Required:    true,
+						PlanModifiers: []planmodifier.String{
+							stringplanmodifier.RequiresReplace(),
+						},
+					},
+					attributeWithMode: attributeWithMode{
+						Mode: WriteOnlyOnceAttributeMode,
+					},
+				},
+				"mode": StringResourceAttributeWithMode{
+					StringAttribute: resource_schema.StringAttribute{
+						Description: "Access mode, must be `\"ReadWrite\"` (default) or `\"Read\"`.",
+						Optional:    true,
+						Computed:    true,
+						Default:     stringdefault.StaticString("ReadWrite"),
+						Validators: []validator.String{
+							stringvalidator.OneOf("ReadWrite", "Read"),
+						},
+						PlanModifiers: []planmodifier.String{
+							stringplanmodifier.RequiresReplace(),
+						},
+					},
+					attributeWithMode: attributeWithMode{
+						Mode: ImmutableAttributeMode,
+					},
+				},
+				"name": resource_schema.StringAttribute{
+					Description: "Display name for the Azure subscription.",
+					Required:    true,
+				},
+				"subscription_id": StringResourceAttributeWithMode{
+					StringAttribute: resource_schema.StringAttribute{
+						MarkdownDescription: "Azure subscription ID.",
+						Required:            true,
+						PlanModifiers: []planmodifier.String{
+							stringplanmodifier.RequiresReplace(),
+						},
+					},
+					attributeWithMode: attributeWithMode{
+						Mode: ImmutableAttributeMode,
+					},
+				},
+				"tenant_id": StringResourceAttributeWithMode{
+					StringAttribute: resource_schema.StringAttribute{
+						Description: "ID of the Azure tenant.",
+						Required:    true,
+						PlanModifiers: []planmodifier.String{
+							stringplanmodifier.RequiresReplace(),
+						},
+					},
+					attributeWithMode: attributeWithMode{
+						Mode: ImmutableAttributeMode,
+					},
+				},
+			},
+		},
+	}
+)

api/schema/schema.go

@@ -19,6 +19,7 @@ func (c *cloudSecureSchema) Resources() Resources {
 	resources := Resources{
 		awsAccountResource,
 		awsFlowLogsS3Bucket,
+		azureSubscriptionResource,
 		k8sClusterOnboardingCredential,
 	}
 	sort.Sort(resources)