azurerm_shared_image_version - support for new block uefi_settings

internal/services/compute/shared_image_version_resource.go

@@ -190,6 +190,65 @@ func resourceSharedImageVersion() *pluginsdk.Resource {
 				Default:  false,
 			},
 
+			"uefi_settings": {
+				Type:     pluginsdk.TypeList,
+				Optional: true,
+				ForceNew: true,
+				MaxItems: 1,
+				Elem: &pluginsdk.Resource{
+					Schema: map[string]*pluginsdk.Schema{
+						"signature_template_names": {
+							Type:     pluginsdk.TypeSet,
+							Required: true,
+							ForceNew: true,
+							Elem: &pluginsdk.Schema{
+								Type:         pluginsdk.TypeString,
+								ValidateFunc: validation.StringInSlice(galleryimageversions.PossibleValuesForUefiSignatureTemplateName(), false),
+							},
+						},
+						"additional_signatures": {
+							Type:     pluginsdk.TypeList,
+							Optional: true,
+							ForceNew: true,
+							MaxItems: 1,
+							Elem: &pluginsdk.Resource{
+								Schema: map[string]*pluginsdk.Schema{
+									"db": {
+										Type:         pluginsdk.TypeList,
+										Optional:     true,
+										ForceNew:     true,
+										Elem:         uefiKeySchema(),
+										AtLeastOneOf: []string{"uefi_settings.0.additional_signatures.0.db", "uefi_settings.0.additional_signatures.0.dbx", "uefi_settings.0.additional_signatures.0.kek", "uefi_settings.0.additional_signatures.0.pk"},
+									},
+									"dbx": {
+										Type:         pluginsdk.TypeList,
+										Optional:     true,
+										ForceNew:     true,
+										Elem:         uefiKeySchema(),
+										AtLeastOneOf: []string{"uefi_settings.0.additional_signatures.0.db", "uefi_settings.0.additional_signatures.0.dbx", "uefi_settings.0.additional_signatures.0.kek", "uefi_settings.0.additional_signatures.0.pk"},
+									},
+									"kek": {
+										Type:         pluginsdk.TypeList,
+										Optional:     true,
+										ForceNew:     true,
+										Elem:         uefiKeySchema(),
+										AtLeastOneOf: []string{"uefi_settings.0.additional_signatures.0.db", "uefi_settings.0.additional_signatures.0.dbx", "uefi_settings.0.additional_signatures.0.kek", "uefi_settings.0.additional_signatures.0.pk"},
+									},
+									"pk": {
+										Type:         pluginsdk.TypeList,
+										Optional:     true,
+										ForceNew:     true,
+										MaxItems:     1,
+										Elem:         uefiKeySchema(),
+										AtLeastOneOf: []string{"uefi_settings.0.additional_signatures.0.db", "uefi_settings.0.additional_signatures.0.dbx", "uefi_settings.0.additional_signatures.0.kek", "uefi_settings.0.additional_signatures.0.pk"},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+
 			"tags": commonschema.Tags(),
 		},
 
@@ -236,7 +295,8 @@ func resourceSharedImageVersionCreate(d *pluginsdk.ResourceData, meta interface{
 			SafetyProfile: &galleryimageversions.GalleryImageVersionSafetyProfile{
 				AllowDeletionOfReplicatedLocations: pointer.To(d.Get("deletion_of_replicated_locations_enabled").(bool)),
 			},
-			StorageProfile: galleryimageversions.GalleryImageVersionStorageProfile{},
+			StorageProfile:  galleryimageversions.GalleryImageVersionStorageProfile{},
+			SecurityProfile: &galleryimageversions.ImageVersionSecurityProfile{},
 		},
 		Tags: tags.Expand(d.Get("tags").(map[string]interface{})),
 	}
@@ -278,6 +338,10 @@ func resourceSharedImageVersionCreate(d *pluginsdk.ResourceData, meta interface{
 		}
 	}
 
+	if v, ok := d.GetOk("uefi_settings"); ok {
+		version.Properties.SecurityProfile.UefiSettings = expandUefiSettings(v.([]interface{}))
+	}
+
 	if err := client.CreateOrUpdateThenPoll(ctx, id, version); err != nil {
 		return fmt.Errorf("creating %s: %+v", id, err)
 	}
@@ -438,6 +502,10 @@ func resourceSharedImageVersionRead(d *pluginsdk.ResourceData, meta interface{})
 			if safetyProfile := props.SafetyProfile; safetyProfile != nil {
 				d.Set("deletion_of_replicated_locations_enabled", pointer.From(safetyProfile.AllowDeletionOfReplicatedLocations))
 			}
+
+			if securityProfile := props.SecurityProfile; securityProfile != nil {
+				d.Set("uefi_settings", flattenUefiSettings(securityProfile.UefiSettings))
+			}
 		}
 		if err := tags.FlattenAndSet(d, model.Tags); err != nil {
 			return err
@@ -535,6 +603,163 @@ func expandSharedImageVersionTargetRegions(d *pluginsdk.ResourceData) (*[]galler
 	return &results, nil
 }
 
+func expandUefiSettings(input []interface{}) *galleryimageversions.GalleryImageVersionUefiSettings {
+	if len(input) == 0 || input[0] == nil {
+		return nil
+	}
+
+	v := input[0].(map[string]interface{})
+	result := &galleryimageversions.GalleryImageVersionUefiSettings{}
+
+	if templateNamesSet, ok := v["signature_template_names"].(*pluginsdk.Set); ok {
+		result.SignatureTemplateNames = expandSignatureTemplateNames(templateNamesSet.List())
+	}
+
+	if additionalSignatures, ok := v["additional_signatures"].([]interface{}); ok {
+		result.AdditionalSignatures = expandAdditionalSignatures(additionalSignatures)
+	}
+
+	return result
+}
+
+func expandSignatureTemplateNames(input []interface{}) *[]galleryimageversions.UefiSignatureTemplateName {
+	if len(input) == 0 {
+		return nil
+	}
+
+	result := make([]galleryimageversions.UefiSignatureTemplateName, 0)
+	for _, v := range input {
+		result = append(result, galleryimageversions.UefiSignatureTemplateName(v.(string)))
+	}
+	return &result
+}
+
+func expandAdditionalSignatures(input []interface{}) *galleryimageversions.UefiKeySignatures {
+	if len(input) == 0 || input[0] == nil {
+		return nil
+	}
+
+	v := input[0].(map[string]interface{})
+	result := &galleryimageversions.UefiKeySignatures{}
+
+	if db, ok := v["db"].([]interface{}); ok {
+		result.Db = expandUefiKeyList(db)
+	}
+
+	if dbx, ok := v["dbx"].([]interface{}); ok {
+		result.Dbx = expandUefiKeyList(dbx)
+	}
+
+	if kek, ok := v["kek"].([]interface{}); ok {
+		result.Kek = expandUefiKeyList(kek)
+	}
+
+	if pk, ok := v["pk"].([]interface{}); ok {
+		result.Pk = expandUefiKey(pk)
+	}
+
+	return result
+}
+
+func expandUefiKeyList(input []interface{}) *[]galleryimageversions.UefiKey {
+	if len(input) == 0 {
+		return nil
+	}
+
+	result := make([]galleryimageversions.UefiKey, 0)
+	for _, v := range input {
+		if item := expandUefiKey([]interface{}{v}); item != nil {
+			result = append(result, *item)
+		}
+	}
+	return &result
+}
+
+func expandUefiKey(input []interface{}) *galleryimageversions.UefiKey {
+	if len(input) == 0 || input[0] == nil {
+		return nil
+	}
+
+	data := input[0].(map[string]interface{})
+
+	certData := make([]string, 0)
+	if certList, ok := data["certificate_base64"].([]interface{}); ok {
+		for _, item := range certList {
+			if str, ok := item.(string); ok {
+				certData = append(certData, str)
+			}
+		}
+	}
+
+	typeStr := data["type"].(string)
+
+	return &galleryimageversions.UefiKey{
+		Type:  pointer.To(galleryimageversions.UefiKeyType(typeStr)),
+		Value: &certData,
+	}
+}
+
+func flattenUefiSettings(input *galleryimageversions.GalleryImageVersionUefiSettings) []interface{} {
+	results := make([]interface{}, 0)
+
+	if input == nil {
+		return results
+	}
+
+	results = append(results, map[string]interface{}{
+		"signature_template_names": pointer.From(input.SignatureTemplateNames),
+		"additional_signatures":    flattenAdditionalSignatures(input.AdditionalSignatures),
+	})
+
+	return results
+}
+
+func flattenAdditionalSignatures(input *galleryimageversions.UefiKeySignatures) []interface{} {
+	results := make([]interface{}, 0)
+
+	if input == nil {
+		return results
+	}
+
+	result := make(map[string]interface{})
+	result["db"] = flattenUefiKeyList(input.Db)
+	result["dbx"] = flattenUefiKeyList(input.Dbx)
+	result["kek"] = flattenUefiKeyList(input.Kek)
+	result["pk"] = flattenUefiKey(input.Pk)
+
+	return append(results, result)
+}
+
+func flattenUefiKeyList(input *[]galleryimageversions.UefiKey) []interface{} {
+	results := make([]interface{}, 0)
+	if input == nil {
+		return results
+	}
+
+	for _, v := range *input {
+		if item := flattenUefiKey(&v); len(item) > 0 {
+			results = append(results, item[0])
+		}
+	}
+
+	return results
+}
+
+func flattenUefiKey(input *galleryimageversions.UefiKey) []interface{} {
+	results := make([]interface{}, 0)
+	if input == nil {
+		return results
+	}
+
+	result := make(map[string]interface{})
+	if input.Value != nil && len(*input.Value) > 0 {
+		result["certificate_base64"] = *input.Value
+	}
+	result["type"] = pointer.From(input.Type)
+
+	return append(results, result)
+}
+
 func flattenSharedImageVersionTargetRegions(input *[]galleryimageversions.TargetRegion) []interface{} {
 	results := make([]interface{}, 0)