Fix azure trusted identity - internal (#137)

iru · Alex · web-flow · commit 130b10994637 · 2021-10-22T08:41:36.000+02:00
* fix azure trusted identity
* add tests
* update docs

Co-authored-by: Alex &lt;alex.qiu@sysdig.com&gt;
diff --git a/sysdig/data_source_sysdig_secure_trusted_cloud_identity.go b/sysdig/data_source_sysdig_secure_trusted_cloud_identity.go
@@ -39,6 +39,14 @@ func dataSourceSysdigSecureTrustedCloudIdentity() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"azure_tenant_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"azure_client_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 		},
 	}
 }
diff --git a/sysdig/data_source_sysdig_secure_trusted_cloud_identity_test.go b/sysdig/data_source_sysdig_secure_trusted_cloud_identity_test.go
@@ -24,16 +24,38 @@ func TestAccTrustedCloudIdentityDataSource(t *testing.T) {
 		},
 		Steps: []resource.TestStep{
 			{
-				Config: trustedIdentityDatasource(),
+				Config: trustedIdentityDatasourceAWS(),
+			},
+			{
+				Config: trustedIdentityDatasourceGCP(),
+			},
+			{
+				Config: trustedIdentityDatasourceAzure(),
 			},
 		},
 	})
 }
 
-func trustedIdentityDatasource() string {
+func trustedIdentityDatasourceAWS() string {
 	return `
 data "sysdig_secure_trusted_cloud_identity" "trusted_identity" {
 	cloud_provider = "aws"
 }
 `
 }
+
+func trustedIdentityDatasourceGCP() string {
+	return `
+data "sysdig_secure_trusted_cloud_identity" "trusted_identity" {
+	cloud_provider = "gcp"
+}
+`
+}
+
+func trustedIdentityDatasourceAzure() string {
+	return `
+data "sysdig_secure_trusted_cloud_identity" "trusted_identity" {
+	cloud_provider = "azure"
+}
+`
+}
diff --git a/website/docs/d/secure_trusted_cloud_identity.md b/website/docs/d/secure_trusted_cloud_identity.md
@@ -31,6 +31,11 @@ In addition to all arguments above, the following attributes are exported:
 
 * `identity` - Sysdig's identity (User/Role/etc) that should be used to create a trust relationship allowing Sysdig access to your cloud account.
 
-* `aws_account_id` - If `identity` is an AWS ARN, this attribute contains the AWS Account ID to which the ARN belongs, otherwise it contains the empty string.
+* `aws_account_id` - If `identity` is an AWS ARN, this attribute contains the AWS Account ID to which the ARN belongs, otherwise it contains the empty string. `cloud_provider` must be equal to `aws` or `gcp`.
+
+* `aws_role_name` - If `identity` is a AWS IAM Role ARN, this attribute contains the name of the role, otherwise it contains the empty string. `cloud_provider` must be equal to `aws` or `gcp`.
+
+* `azure_tenant_id` - If `identity` contains credentials for an Azure Service Principal, this attribute contains its Tenant ID. `cloud_provider` must be equal to `azure`.
+
+* `azure_client_id` - If `identity` contains credentials for an Azure Service Principal, this attribute contains its Client ID. `cloud_provider` must be equal to `azure`.
 
-* `aws_role_name` - If `identity` is a AWS IAM Role ARN, this attribute contains the name of the role, otherwise it contains the empty string.
