in internal/provider/provider.go [159:377]
func (p Provider) Schema(ctx context.Context, request provider.SchemaRequest, response *provider.SchemaResponse) {
response.Schema = schema.Schema{
Description: "The Azure API Provider",
Attributes: map[string]schema.Attribute{
"subscription_id": schema.StringAttribute{
Optional: true,
MarkdownDescription: "The Subscription ID which should be used. This can also be sourced from the `ARM_SUBSCRIPTION_ID` Environment Variable.",
},
"client_id": schema.StringAttribute{
Optional: true,
MarkdownDescription: "The Client ID which should be used. This can also be sourced from the `ARM_CLIENT_ID` Environment Variable.",
},
"client_id_file_path": schema.StringAttribute{
Optional: true,
MarkdownDescription: "The path to a file containing the Client ID which should be used. This can also be sourced from the `ARM_CLIENT_ID_FILE_PATH` Environment Variable.",
},
"tenant_id": schema.StringAttribute{
Optional: true,
MarkdownDescription: "The Tenant ID should be used. This can also be sourced from the `ARM_TENANT_ID` Environment Variable.",
},
"auxiliary_tenant_ids": schema.ListAttribute{
ElementType: types.StringType,
Optional: true,
Validators: []validator.List{listvalidator.SizeAtMost(3)},
MarkdownDescription: "List of auxiliary Tenant IDs required for multi-tenancy and cross-tenant scenarios. This can also be sourced from the `ARM_AUXILIARY_TENANT_IDS` Environment Variable.",
},
"endpoint": schema.ListNestedAttribute{
Optional: true,
Validators: []validator.List{listvalidator.SizeAtMost(1)},
MarkdownDescription: "The Azure API Endpoint Configuration.",
NestedObject: schema.NestedAttributeObject{
Attributes: map[string]schema.Attribute{
"active_directory_authority_host": schema.StringAttribute{
Optional: true,
MarkdownDescription: "The Azure Resource Manager endpoint to use. This can also be sourced from the `ARM_RESOURCE_MANAGER_ENDPOINT` Environment Variable. Defaults to `https://management.azure.com/` for public cloud.",
},
"resource_manager_endpoint": schema.StringAttribute{
Optional: true,
MarkdownDescription: "The resource ID to obtain AD tokens for. This can also be sourced from the `ARM_RESOURCE_MANAGER_AUDIENCE` Environment Variable. Defaults to `https://management.core.windows.net/` for public cloud.",
},
"resource_manager_audience": schema.StringAttribute{
Optional: true,
MarkdownDescription: "The Azure Active Directory login endpoint to use. This can also be sourced from the `ARM_ACTIVE_DIRECTORY_AUTHORITY_HOST` Environment Variable. Defaults to `https://login.microsoftonline.com/` for public cloud.",
},
},
},
},
"environment": schema.StringAttribute{
Optional: true,
Validators: []validator.String{
stringvalidator.OneOfCaseInsensitive("public", "usgovernment", "china"),
},
MarkdownDescription: "The Cloud Environment which should be used. Possible values are `public`, `usgovernment` and `china`. Defaults to `public`. This can also be sourced from the `ARM_ENVIRONMENT` Environment Variable.",
},
// TODO@mgd: the metadata_host is used to retrieve metadata from Azure to identify current environment, this is used to eliminate Azure Stack usage, in which case the provider doesn't support.
// "metadata_host": {
// Type: schema.TypeString,
// Required: true,
// DefaultFunc: schema.EnvDefaultFunc("ARM_METADATA_HOSTNAME", ""),
// Description: "The Hostname which should be used for the Azure Metadata Service.",
// },
// Client Certificate specific fields
"client_certificate_path": schema.StringAttribute{
Optional: true,
MarkdownDescription: "The path to the Client Certificate associated with the Service Principal which should be used. This can also be sourced from the `ARM_CLIENT_CERTIFICATE_PATH` Environment Variable.",
},
"client_certificate": schema.StringAttribute{
Optional: true,
MarkdownDescription: "A base64-encoded PKCS#12 bundle to be used as the client certificate for authentication. This can also be sourced from the `ARM_CLIENT_CERTIFICATE` environment variable.",
},
"client_certificate_password": schema.StringAttribute{
Optional: true,
MarkdownDescription: "The password associated with the Client Certificate. This can also be sourced from the `ARM_CLIENT_CERTIFICATE_PASSWORD` Environment Variable.",
},
// Client Secret specific fields
"client_secret": schema.StringAttribute{
Optional: true,
MarkdownDescription: "The Client Secret which should be used. This can also be sourced from the `ARM_CLIENT_SECRET` Environment Variable.",
},
"client_secret_file_path": schema.StringAttribute{
Optional: true,
MarkdownDescription: "The path to a file containing the Client Secret which should be used. For use When authenticating as a Service Principal using a Client Secret. This can also be sourced from the `ARM_CLIENT_SECRET_FILE_PATH` Environment Variable.",
},
"skip_provider_registration": schema.BoolAttribute{
Optional: true,
MarkdownDescription: "Should the Provider skip registering the Resource Providers it supports? This can also be sourced from the `ARM_SKIP_PROVIDER_REGISTRATION` Environment Variable. Defaults to `false`.",
},
// OIDC specific fields
"oidc_request_token": schema.StringAttribute{
Optional: true,
MarkdownDescription: "The bearer token for the request to the OIDC provider. This can also be sourced from the `ARM_OIDC_REQUEST_TOKEN`, `ACTIONS_ID_TOKEN_REQUEST_TOKEN`, or `SYSTEM_ACCESSTOKEN` Environment Variables.",
},
"oidc_request_url": schema.StringAttribute{
Optional: true,
MarkdownDescription: "The URL for the OIDC provider from which to request an ID token. This can also be sourced from the `ARM_OIDC_REQUEST_URL`, `ACTIONS_ID_TOKEN_REQUEST_URL`, or `SYSTEM_OIDCREQUESTURI` Environment Variables.",
},
"oidc_token": schema.StringAttribute{
Optional: true,
MarkdownDescription: "The ID token when authenticating using OpenID Connect (OIDC). This can also be sourced from the `ARM_OIDC_TOKEN` environment Variable.",
},
"oidc_token_file_path": schema.StringAttribute{
Optional: true,
MarkdownDescription: "The path to a file containing an ID token when authenticating using OpenID Connect (OIDC). This can also be sourced from the `ARM_OIDC_TOKEN_FILE_PATH` environment Variable.",
},
"oidc_azure_service_connection_id": schema.StringAttribute{
Optional: true,
MarkdownDescription: "The Azure Pipelines Service Connection ID to use for authentication. This can also be sourced from the `ARM_ADO_PIPELINE_SERVICE_CONNECTION_ID`, `ARM_OIDC_AZURE_SERVICE_CONNECTION_ID`, or `AZURESUBSCRIPTION_SERVICE_CONNECTION_ID` Environment Variables.",
},
"use_oidc": schema.BoolAttribute{
Optional: true,
MarkdownDescription: "Should OIDC be used for Authentication? This can also be sourced from the `ARM_USE_OIDC` Environment Variable. Defaults to `false`.",
},
// Azure CLI specific fields
"use_cli": schema.BoolAttribute{
Optional: true,
MarkdownDescription: "Should Azure CLI be used for authentication? This can also be sourced from the `ARM_USE_CLI` environment variable. Defaults to `true`.",
},
// Managed Service Identity specific fields
"use_msi": schema.BoolAttribute{
Optional: true,
MarkdownDescription: "Should Managed Identity be used for Authentication? This can also be sourced from the `ARM_USE_MSI` Environment Variable. Defaults to `false`.",
},
"use_aks_workload_identity": schema.BoolAttribute{
Optional: true,
MarkdownDescription: "Should AKS Workload Identity be used for Authentication? This can also be sourced from the `ARM_USE_AKS_WORKLOAD_IDENTITY` Environment Variable. Defaults to `false`. When set, `client_id`, `tenant_id` and `oidc_token_file_path` will be detected from the environment and do not need to be specified.",
},
// TODO@mgd: azidentity doesn't support msi_endpoint
// "msi_endpoint": {
// Type: schema.TypeString,
// Optional: true,
// DefaultFunc: schema.EnvDefaultFunc("ARM_MSI_ENDPOINT", ""),
// Description: "The path to a custom endpoint for Managed Service Identity - in most circumstances this should be detected automatically. ",
// },
// Managed Tracking GUID for User-agent
"partner_id": schema.StringAttribute{
Optional: true,
Validators: []validator.String{
stringvalidator.Any(myvalidator.StringIsUUID(), myvalidator.StringIsEmpty()),
},
MarkdownDescription: "A GUID/UUID that is [registered](https://docs.microsoft.com/azure/marketplace/azure-partner-customer-usage-attribution#register-guids-and-offers) with Microsoft to facilitate partner resource usage attribution. This can also be sourced from the `ARM_PARTNER_ID` Environment Variable.",
},
"custom_correlation_request_id": schema.StringAttribute{
Optional: true,
MarkdownDescription: "The value of the `x-ms-correlation-request-id` header, otherwise an auto-generated UUID will be used. This can also be sourced from the `ARM_CORRELATION_REQUEST_ID` environment variable.",
},
"disable_correlation_request_id": schema.BoolAttribute{
Optional: true,
MarkdownDescription: "This will disable the x-ms-correlation-request-id header.",
},
"disable_terraform_partner_id": schema.BoolAttribute{
Optional: true,
MarkdownDescription: "Disable sending the Terraform Partner ID if a custom `partner_id` isn't specified, which allows Microsoft to better understand the usage of Terraform. The Partner ID does not give HashiCorp any direct access to usage information. This can also be sourced from the `ARM_DISABLE_TERRAFORM_PARTNER_ID` environment variable. Defaults to `false`.",
},
"default_name": schema.StringAttribute{
Optional: true,
MarkdownDescription: "The default name to create the azure resource. The `name` in each resource block can override the `default_name`. Changing this forces new resources to be created.",
},
"default_location": schema.StringAttribute{
Optional: true,
MarkdownDescription: " The default Azure Region where the azure resource should exist. The `location` in each resource block can override the `default_location`. Changing this forces new resources to be created.",
},
"default_tags": schema.MapAttribute{
Optional: true,
ElementType: types.StringType,
Validators: []validator.Map{
tags.Validator(),
},
MarkdownDescription: "A mapping of tags which should be assigned to the azure resource as default tags. The`tags` in each resource block can override the `default_tags`.",
},
"enable_preflight": schema.BoolAttribute{
Optional: true,
Description: "Enable Preflight Validation. The default is false. When set to true, the provider will use Preflight to do static validation before really deploying a new resource. When set to false, the provider will disable this validation. This can also be sourced from the `ARM_ENABLE_PREFLIGHT` Environment Variable.",
},
"disable_default_output": schema.BoolAttribute{
Optional: true,
Description: "Disable default output. The default is false. When set to false, the provider will output the read-only properties if `response_export_values` is not specified in the resource block. When set to true, the provider will disable this output. This can also be sourced from the `ARM_DISABLE_DEFAULT_OUTPUT` Environment Variable.",
},
"maximum_busy_retry_attempts": schema.Int32Attribute{
Optional: true,
MarkdownDescription: "The maximum number of retries to attempt if the Azure API returns an HTTP 408, 429, 500, 502, 503, or 504 response. The default is `3`. The resource-specific retry configuration may additionally be used to retry on other errors and conditions.",
},
},
}
}