diff --git a/azurerm/import_arm_notification_hub_authorization_rule_test.go b/azurerm/import_arm_notification_hub_authorization_rule_test.go
new file mode 100644
index 000000000000..7485c89ae89b
--- /dev/null
+++ b/azurerm/import_arm_notification_hub_authorization_rule_test.go
@@ -0,0 +1,80 @@
+package azurerm
+
+import (
+ "testing"
+
+ "github.com/hashicorp/terraform/helper/acctest"
+ "github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccAzureRMNotificationHubAuthorizationRule_importListen(t *testing.T) {
+ resourceName := "azurerm_notification_hub_authorization_rule.test"
+
+ ri := acctest.RandInt()
+ location := testLocation()
+ config := testAzureRMNotificationHubAuthorizationRule_listen(ri, location)
+
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ Providers: testAccProviders,
+ CheckDestroy: testCheckAzureRMNotificationHubAuthorizationRuleDestroy,
+ Steps: []resource.TestStep{
+ {
+ Config: config,
+ },
+ {
+ ResourceName: resourceName,
+ ImportState: true,
+ ImportStateVerify: true,
+ },
+ },
+ })
+}
+
+func TestAccAzureRMNotificationHubAuthorizationRule_importManage(t *testing.T) {
+ resourceName := "azurerm_notification_hub_authorization_rule.test"
+
+ ri := acctest.RandInt()
+ location := testLocation()
+ config := testAzureRMNotificationHubAuthorizationRule_manage(ri, location)
+
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ Providers: testAccProviders,
+ CheckDestroy: testCheckAzureRMNotificationHubAuthorizationRuleDestroy,
+ Steps: []resource.TestStep{
+ {
+ Config: config,
+ },
+ {
+ ResourceName: resourceName,
+ ImportState: true,
+ ImportStateVerify: true,
+ },
+ },
+ })
+}
+
+func TestAccAzureRMNotificationHubAuthorizationRule_importSend(t *testing.T) {
+ resourceName := "azurerm_notification_hub_authorization_rule.test"
+
+ ri := acctest.RandInt()
+ location := testLocation()
+ config := testAzureRMNotificationHubAuthorizationRule_send(ri, location)
+
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ Providers: testAccProviders,
+ CheckDestroy: testCheckAzureRMNotificationHubAuthorizationRuleDestroy,
+ Steps: []resource.TestStep{
+ {
+ Config: config,
+ },
+ {
+ ResourceName: resourceName,
+ ImportState: true,
+ ImportStateVerify: true,
+ },
+ },
+ })
+}
diff --git a/azurerm/provider.go b/azurerm/provider.go
index 3b33488d3899..cc9f0d98927d 100644
--- a/azurerm/provider.go
+++ b/azurerm/provider.go
@@ -197,6 +197,7 @@ func Provider() terraform.ResourceProvider {
"azurerm_network_security_rule": resourceArmNetworkSecurityRule(),
"azurerm_network_watcher": resourceArmNetworkWatcher(),
"azurerm_notification_hub": resourceArmNotificationHub(),
+ "azurerm_notification_hub_authorization_rule": resourceArmNotificationHubAuthorizationRule(),
"azurerm_notification_hub_namespace": resourceArmNotificationHubNamespace(),
"azurerm_packet_capture": resourceArmPacketCapture(),
"azurerm_policy_assignment": resourceArmPolicyAssignment(),
diff --git a/azurerm/resource_arm_notification_hub_authorization_rule.go b/azurerm/resource_arm_notification_hub_authorization_rule.go
new file mode 100644
index 000000000000..e2a0a4323da7
--- /dev/null
+++ b/azurerm/resource_arm_notification_hub_authorization_rule.go
@@ -0,0 +1,215 @@
+package azurerm
+
+import (
+ "fmt"
+ "log"
+
+ "github.com/Azure/azure-sdk-for-go/services/notificationhubs/mgmt/2017-04-01/notificationhubs"
+ "github.com/hashicorp/terraform/helper/schema"
+ "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func resourceArmNotificationHubAuthorizationRule() *schema.Resource {
+ return &schema.Resource{
+ Create: resourceArmNotificationHubAuthorizationRuleCreateUpdate,
+ Read: resourceArmNotificationHubAuthorizationRuleRead,
+ Update: resourceArmNotificationHubAuthorizationRuleCreateUpdate,
+ Delete: resourceArmNotificationHubAuthorizationRuleDelete,
+ Importer: &schema.ResourceImporter{
+ State: schema.ImportStatePassthrough,
+ },
+ // TODO: customizeDiff for send+listen when manage selected
+
+ Schema: map[string]*schema.Schema{
+ "name": {
+ Type: schema.TypeString,
+ Required: true,
+ ForceNew: true,
+ },
+
+ "notification_hub_name": {
+ Type: schema.TypeString,
+ Required: true,
+ ForceNew: true,
+ },
+
+ "namespace_name": {
+ Type: schema.TypeString,
+ Required: true,
+ ForceNew: true,
+ },
+
+ "resource_group_name": resourceGroupNameSchema(),
+
+ "manage": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Default: false,
+ },
+
+ "send": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Default: false,
+ },
+
+ "listen": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Default: false,
+ },
+
+ "primary_access_key": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+
+ "secondary_access_key": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+ },
+ }
+}
+
+func resourceArmNotificationHubAuthorizationRuleCreateUpdate(d *schema.ResourceData, meta interface{}) error {
+ client := meta.(*ArmClient).notificationHubsClient
+ ctx := meta.(*ArmClient).StopContext
+
+ name := d.Get("name").(string)
+ notificationHubName := d.Get("notification_hub_name").(string)
+ namespaceName := d.Get("namespace_name").(string)
+ resourceGroup := d.Get("resource_group_name").(string)
+
+ manage := d.Get("manage").(bool)
+ send := d.Get("send").(bool)
+ listen := d.Get("listen").(bool)
+ rights := expandNotificationHubAuthorizationRuleRights(manage, send, listen)
+ parameters := notificationhubs.SharedAccessAuthorizationRuleCreateOrUpdateParameters{
+ Properties: ¬ificationhubs.SharedAccessAuthorizationRuleProperties{
+ Rights: rights,
+ },
+ }
+
+ _, err := client.CreateOrUpdateAuthorizationRule(ctx, resourceGroup, namespaceName, notificationHubName, name, parameters)
+ if err != nil {
+ return fmt.Errorf("Error creating Authorization Rule %q (Notification Hub %q / Namespace %q / Resource Group %q): %+v", name, notificationHubName, namespaceName, resourceGroup, err)
+ }
+
+ read, err := client.GetAuthorizationRule(ctx, resourceGroup, namespaceName, notificationHubName, name)
+ if err != nil {
+ return fmt.Errorf("Error retrieving Authorization Rule %q (Notification Hub %q / Namespace %q / Resource Group %q): %+v", name, notificationHubName, namespaceName, resourceGroup, err)
+ }
+ if read.ID == nil {
+ return fmt.Errorf("Cannot read Authorization Rule %q (Notification Hub %q / Namespace %q / Resource Group %q) ID", name, notificationHubName, namespaceName, resourceGroup)
+ }
+
+ d.SetId(*read.ID)
+
+ return resourceArmNotificationHubAuthorizationRuleRead(d, meta)
+}
+
+func resourceArmNotificationHubAuthorizationRuleRead(d *schema.ResourceData, meta interface{}) error {
+ client := meta.(*ArmClient).notificationHubsClient
+ ctx := meta.(*ArmClient).StopContext
+
+ id, err := parseAzureResourceID(d.Id())
+ if err != nil {
+ return err
+ }
+ resourceGroup := id.ResourceGroup
+ namespaceName := id.Path["namespaces"]
+ notificationHubName := id.Path["notificationHubs"]
+ name := id.Path["AuthorizationRules"]
+
+ resp, err := client.GetAuthorizationRule(ctx, resourceGroup, namespaceName, notificationHubName, name)
+ if err != nil {
+ if utils.ResponseWasNotFound(resp.Response) {
+ log.Printf("[DEBUG] Authorization Rule %q was not found in Notification Hub %q / Namespace %q / Resource Group %q", name, notificationHubName, namespaceName, resourceGroup)
+ d.SetId("")
+ return nil
+ }
+
+ return fmt.Errorf("Error making Read request on Authorization Rule %q (Notification Hub %q / Namespace %q / Resource Group %q): %+v", name, notificationHubName, namespaceName, resourceGroup, err)
+ }
+
+ d.Set("name", resp.Name)
+ d.Set("notification_hub_name", notificationHubName)
+ d.Set("namespace_name", namespaceName)
+ d.Set("resource_group_name", resourceGroup)
+
+ if props := resp.SharedAccessAuthorizationRuleProperties; props != nil {
+ manage, send, listen := flattenNotificationHubAuthorizationRuleRights(props.Rights)
+ d.Set("manage", manage)
+ d.Set("send", send)
+ d.Set("listen", listen)
+
+ d.Set("primary_access_key", props.PrimaryKey)
+ d.Set("secondary_access_key", props.SecondaryKey)
+ }
+
+ return nil
+}
+
+func resourceArmNotificationHubAuthorizationRuleDelete(d *schema.ResourceData, meta interface{}) error {
+ client := meta.(*ArmClient).notificationHubsClient
+ ctx := meta.(*ArmClient).StopContext
+
+ id, err := parseAzureResourceID(d.Id())
+ if err != nil {
+ return err
+ }
+ resourceGroup := id.ResourceGroup
+ namespaceName := id.Path["namespaces"]
+ notificationHubName := id.Path["notificationHubs"]
+ name := id.Path["AuthorizationRules"]
+
+ resp, err := client.DeleteAuthorizationRule(ctx, resourceGroup, namespaceName, notificationHubName, name)
+ if err != nil {
+ if !utils.ResponseWasNotFound(resp) {
+ return fmt.Errorf("Error deleting Authorization Rule %q (Notification Hub %q / Namespace %q / Resource Group %q): %+v", name, notificationHubName, namespaceName, resourceGroup, err)
+ }
+ }
+
+ return nil
+}
+
+func expandNotificationHubAuthorizationRuleRights(manage bool, send bool, listen bool) *[]notificationhubs.AccessRights {
+ rights := make([]notificationhubs.AccessRights, 0)
+
+ if manage {
+ rights = append(rights, notificationhubs.Manage)
+ }
+
+ if send {
+ rights = append(rights, notificationhubs.Send)
+ }
+
+ if listen {
+ rights = append(rights, notificationhubs.Listen)
+ }
+
+ return &rights
+}
+
+func flattenNotificationHubAuthorizationRuleRights(input *[]notificationhubs.AccessRights) (manage bool, send bool, listen bool) {
+ if input == nil {
+ return
+ }
+
+ for _, right := range *input {
+ switch right {
+ case notificationhubs.Manage:
+ manage = true
+ continue
+ case notificationhubs.Send:
+ send = true
+ continue
+ case notificationhubs.Listen:
+ listen = true
+ continue
+ }
+ }
+
+ return
+}
diff --git a/azurerm/resource_arm_notification_hub_authorization_rule_test.go b/azurerm/resource_arm_notification_hub_authorization_rule_test.go
new file mode 100644
index 000000000000..1dd6207c6b8c
--- /dev/null
+++ b/azurerm/resource_arm_notification_hub_authorization_rule_test.go
@@ -0,0 +1,246 @@
+package azurerm
+
+import (
+ "fmt"
+ "net/http"
+ "testing"
+
+ "github.com/hashicorp/terraform/helper/acctest"
+ "github.com/hashicorp/terraform/helper/resource"
+ "github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccAzureRMNotificationHubAuthorizationRule_listen(t *testing.T) {
+ resourceName := "azurerm_notification_hub_authorization_rule.test"
+
+ ri := acctest.RandInt()
+ location := testLocation()
+
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ Providers: testAccProviders,
+ CheckDestroy: testCheckAzureRMNotificationHubAuthorizationRuleDestroy,
+ Steps: []resource.TestStep{
+ {
+ Config: testAzureRMNotificationHubAuthorizationRule_listen(ri, location),
+ Check: resource.ComposeTestCheckFunc(
+ testCheckAzureRMNotificationHubAuthorizationRuleExists(resourceName),
+ resource.TestCheckResourceAttr(resourceName, "manage", "false"),
+ resource.TestCheckResourceAttr(resourceName, "send", "false"),
+ resource.TestCheckResourceAttr(resourceName, "listen", "true"),
+ ),
+ },
+ },
+ })
+}
+
+func TestAccAzureRMNotificationHubAuthorizationRule_manage(t *testing.T) {
+ resourceName := "azurerm_notification_hub_authorization_rule.test"
+
+ ri := acctest.RandInt()
+ location := testLocation()
+
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ Providers: testAccProviders,
+ CheckDestroy: testCheckAzureRMNotificationHubAuthorizationRuleDestroy,
+ Steps: []resource.TestStep{
+ {
+ Config: testAzureRMNotificationHubAuthorizationRule_listen(ri, location),
+ Check: resource.ComposeTestCheckFunc(
+ testCheckAzureRMNotificationHubAuthorizationRuleExists(resourceName),
+ resource.TestCheckResourceAttr(resourceName, "manage", "true"),
+ resource.TestCheckResourceAttr(resourceName, "send", "true"),
+ resource.TestCheckResourceAttr(resourceName, "listen", "true"),
+ ),
+ },
+ },
+ })
+}
+
+func TestAccAzureRMNotificationHubAuthorizationRule_send(t *testing.T) {
+ resourceName := "azurerm_notification_hub_authorization_rule.test"
+
+ ri := acctest.RandInt()
+ location := testLocation()
+
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ Providers: testAccProviders,
+ CheckDestroy: testCheckAzureRMNotificationHubAuthorizationRuleDestroy,
+ Steps: []resource.TestStep{
+ {
+ Config: testAzureRMNotificationHubAuthorizationRule_listen(ri, location),
+ Check: resource.ComposeTestCheckFunc(
+ testCheckAzureRMNotificationHubAuthorizationRuleExists(resourceName),
+ resource.TestCheckResourceAttr(resourceName, "manage", "false"),
+ resource.TestCheckResourceAttr(resourceName, "send", "true"),
+ resource.TestCheckResourceAttr(resourceName, "listen", "true"),
+ ),
+ },
+ },
+ })
+}
+
+func TestAccAzureRMNotificationHubAuthorizationRule_updated(t *testing.T) {
+ resourceName := "azurerm_notification_hub_authorization_rule.test"
+
+ ri := acctest.RandInt()
+ location := testLocation()
+
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ Providers: testAccProviders,
+ CheckDestroy: testCheckAzureRMNotificationHubAuthorizationRuleDestroy,
+ Steps: []resource.TestStep{
+ {
+ Config: testAzureRMNotificationHubAuthorizationRule_listen(ri, location),
+ Check: resource.ComposeTestCheckFunc(
+ testCheckAzureRMNotificationHubAuthorizationRuleExists(resourceName),
+ resource.TestCheckResourceAttr(resourceName, "manage", "false"),
+ resource.TestCheckResourceAttr(resourceName, "send", "false"),
+ resource.TestCheckResourceAttr(resourceName, "listen", "true"),
+ ),
+ },
+ {
+ Config: testAzureRMNotificationHubAuthorizationRule_manage(ri, location),
+ Check: resource.ComposeTestCheckFunc(
+ testCheckAzureRMNotificationHubAuthorizationRuleExists(resourceName),
+ resource.TestCheckResourceAttr(resourceName, "manage", "true"),
+ resource.TestCheckResourceAttr(resourceName, "send", "true"),
+ resource.TestCheckResourceAttr(resourceName, "listen", "true"),
+ ),
+ },
+ },
+ })
+}
+
+func testCheckAzureRMNotificationHubAuthorizationRuleExists(name string) resource.TestCheckFunc {
+ return func(s *terraform.State) error {
+ rs, ok := s.RootModule().Resources[name]
+ if !ok {
+ return fmt.Errorf("not found: %s", name)
+ }
+
+ client := testAccProvider.Meta().(*ArmClient).notificationHubsClient
+ ctx := testAccProvider.Meta().(*ArmClient).StopContext
+
+ resourceGroup := rs.Primary.Attributes["resource_group_name"]
+ notificationHubName := rs.Primary.Attributes["notification_hub_name"]
+ namespaceName := rs.Primary.Attributes["namespace_name"]
+ ruleName := rs.Primary.Attributes["name"]
+
+ resp, err := client.GetAuthorizationRule(ctx, resourceGroup, namespaceName, notificationHubName, ruleName)
+ if err != nil {
+ return fmt.Errorf("Bad: Get on notificationHubsClient: %s", err)
+ }
+
+ if resp.StatusCode == http.StatusNotFound {
+ return fmt.Errorf("Notification Hub Authorization Rule does not exist: %s", name)
+ }
+
+ return nil
+ }
+}
+
+func testCheckAzureRMNotificationHubAuthorizationRuleDestroy(s *terraform.State) error {
+ client := testAccProvider.Meta().(*ArmClient).notificationHubsClient
+ ctx := testAccProvider.Meta().(*ArmClient).StopContext
+
+ for _, rs := range s.RootModule().Resources {
+ if rs.Type != "azurerm_notification_hub_authorization_rule" {
+ continue
+ }
+
+ resourceGroup := rs.Primary.Attributes["resource_group_name"]
+ notificationHubName := rs.Primary.Attributes["notification_hub_name"]
+ namespaceName := rs.Primary.Attributes["namespace_name"]
+ ruleName := rs.Primary.Attributes["name"]
+ resp, err := client.GetAuthorizationRule(ctx, resourceGroup, namespaceName, notificationHubName, ruleName)
+
+ if err != nil {
+ return nil
+ }
+
+ if resp.StatusCode != http.StatusNotFound {
+ return fmt.Errorf("Notification Hub Authorization Rule still exists:%s", *resp.Name)
+ }
+ }
+
+ return nil
+}
+
+func testAzureRMNotificationHubAuthorizationRule_listen(ri int, location string) string {
+ template := testAzureRMNotificationHubAuthorizationRule_template(ri, location)
+ return fmt.Sprintf(`
+%s
+
+resource "azurerm_notification_hub_authorization_rule" "test" {
+ name = "acctestrule-%d"
+ notification_hub_name = "${azurerm_notification_hub.test.name}"
+ namespace_name = "${azurerm_notification_hub_namespace.test.name}"
+ resource_group_name = "${azurerm_resource_group.test.name}"
+ listen = true
+}
+`, template, ri)
+}
+
+func testAzureRMNotificationHubAuthorizationRule_send(ri int, location string) string {
+ template := testAzureRMNotificationHubAuthorizationRule_template(ri, location)
+ return fmt.Sprintf(`
+%s
+
+resource "azurerm_notification_hub_authorization_rule" "test" {
+ name = "acctestrule-%d"
+ notification_hub_name = "${azurerm_notification_hub.test.name}"
+ namespace_name = "${azurerm_notification_hub_namespace.test.name}"
+ resource_group_name = "${azurerm_resource_group.test.name}"
+ send = true
+ listen = true
+}
+`, template, ri)
+}
+
+func testAzureRMNotificationHubAuthorizationRule_manage(ri int, location string) string {
+ template := testAzureRMNotificationHubAuthorizationRule_template(ri, location)
+ return fmt.Sprintf(`
+%s
+
+resource "azurerm_notification_hub_authorization_rule" "test" {
+ name = "acctestrule-%d"
+ notification_hub_name = "${azurerm_notification_hub.test.name}"
+ namespace_name = "${azurerm_notification_hub_namespace.test.name}"
+ resource_group_name = "${azurerm_resource_group.test.name}"
+ manage = true
+ send = true
+ listen = true
+}
+`, template, ri)
+}
+
+func testAzureRMNotificationHubAuthorizationRule_template(ri int, location string) string {
+ return fmt.Sprintf(`
+resource "azurerm_resource_group" "test" {
+ name = "acctestrg-%d"
+ location = "%s"
+}
+
+resource "azurerm_notification_hub_namespace" "test" {
+ name = "acctestnhn-%d"
+ resource_group_name = "${azurerm_resource_group.test.name}"
+ location = "${azurerm_resource_group.test.location}"
+ namespace_type = "NotificationHub"
+
+ sku {
+ name = "Free"
+ }
+}
+
+resource "azurerm_notification_hub" "test" {
+ name = "acctestnh-%d"
+ namespace_name = "${azurerm_notification_hub_namespace.test.name}"
+ resource_group_name = "${azurerm_resource_group.test.name}"
+ location = "${azurerm_resource_group.test.location}"
+}
+`, ri, location, ri, ri)
+}
diff --git a/website/azurerm.erb b/website/azurerm.erb
index f6e294fac740..313b5d32abc2 100644
--- a/website/azurerm.erb
+++ b/website/azurerm.erb
@@ -616,6 +616,10 @@
azurerm_notification_hub
+ >
+ azurerm_notification_hub_authorization_rule
+
+
>
azurerm_notification_hub_namespace
diff --git a/website/docs/r/notification_hub_authorization_rule.html.markdown b/website/docs/r/notification_hub_authorization_rule.html.markdown
new file mode 100644
index 000000000000..fb0cdfbaabd9
--- /dev/null
+++ b/website/docs/r/notification_hub_authorization_rule.html.markdown
@@ -0,0 +1,87 @@
+---
+layout: "azurerm"
+page_title: "Azure Resource Manager: azurerm_notification_hub_authorization_rule"
+sidebar_current: "docs-azurerm-resource-messaging-notification-hub-authorization-rule"
+description: |-
+ Manages an Authorization Rule associated with a Notification Hub within a Notification Hub Namespace.
+
+---
+
+# azurerm_notification_hub_authorization_rule
+
+Manages an Authorization Rule associated with a Notification Hub within a Notification Hub Namespace.
+
+## Example Usage
+
+```hcl
+resource "azurerm_resource_group" "test" {
+ name = "notificationhub-resources"
+ location = "Australia East"
+}
+
+resource "azurerm_notification_hub_namespace" "test" {
+ name = "myappnamespace"
+ resource_group_name = "${azurerm_resource_group.test.name}"
+ location = "${azurerm_resource_group.test.location}"
+ namespace_type = "NotificationHub"
+
+ sku {
+ name = "Free"
+ }
+}
+
+resource "azurerm_notification_hub" "test" {
+ name = "mynotificationhub"
+ namespace_name = "${azurerm_notification_hub_namespace.test.name}"
+ resource_group_name = "${azurerm_resource_group.test.name}"
+ location = "${azurerm_resource_group.test.location}"
+}
+
+resource "azurerm_notification_hub_authorization_rule" "test" {
+ name = "management-auth-rule"
+ notification_hub_name = "${azurerm_notification_hub.test.name}"
+ namespace_name = "${azurerm_notification_hub_namespace.test.name}"
+ resource_group_name = "${azurerm_resource_group.test.name}"
+ manage = true
+ send = true
+ listen = true
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name to use for this Authorization Rule. Changing this forces a new resource to be created.
+
+* `notification_hub_name` - (Required) The name of the Notification Hub for which the Authorization Rule should be created. Changing this forces a new resource to be created.
+
+* `namespace_name` - (Required) The name of the Notification Hub Namespace in which the Notification Hub exists. Changing this forces a new resource to be created.
+
+* `resource_group_name` - (Required) The name of the Resource Group in which the Notification Hub Namespace exists. Changing this forces a new resource to be created.
+
+* `manage` - (Optional) Does this Authorization Rule have Manage access to the Notification Hub? Defaults to `false`.
+
+-> **NOTE:** If `manage` is set to `true` then both `send` and `listen` must also be set to `true`.
+
+* `send` - (Optional) Does this Authorization Rule have Send access to the Notification Hub? Defaults to `false`.
+
+* `listen` - (Optional) Does this Authorization Rule have Listen access to the Notification Hub? Defaults to `false`.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The ID of the Authorization Rule.
+
+* `primary_access_key` - The Primary Access Key associated with this Authorization Rule.
+
+* `secondary_access_key` - The Secondary Access Key associated with this Authorization Rule.
+
+## Import
+
+Notification Hub Authorization Rule can be imported using the `resource id`, e.g.
+
+```shell
+terraform import azurerm_notification_hub_authorization_rule.rule1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.NotificationHubs/namespaces/{namespaceName}/notificationHubs/hub1/AuthorizationRules/rule1
+```