always set dns_proxy_enabled value and add a migration

hashicorp · Jun 30, 2023 · 02972e8 · 02972e8
1 parent 35731f6
commit 02972e8
Show file tree

Hide file tree

Showing 2 changed files with 165 additions and 8 deletions.
diff --git a/internal/services/firewall/firewall_resource.go b/internal/services/firewall/firewall_resource.go
@@ -17,6 +17,7 @@ import (
 	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/locks"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/services/firewall/azuresdkhacks"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/services/firewall/migration"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/services/firewall/parse"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/services/firewall/validate"
 	networkValidate "github.com/hashicorp/terraform-provider-azurerm/internal/services/network/validate"
@@ -48,6 +49,11 @@ func resourceFirewall() *pluginsdk.Resource {
 			Delete: pluginsdk.DefaultTimeout(90 * time.Minute),
 		},
 
+		SchemaVersion: 1,
+		StateUpgraders: pluginsdk.StateUpgrades(map[int]pluginsdk.StateUpgrade{
+			0: migration.FirewallV0ToV1{},
+		}),
+
 		Schema: map[string]*pluginsdk.Schema{
 			"name": {
 				Type:         pluginsdk.TypeString,
@@ -773,7 +779,7 @@ func validateFirewallIPConfigurationSettings(configs []interface{}) error {
 }
 
 type firewallAdditionalProperty struct {
-	ProxyEnabled  *bool    `tfschema:"dns_proxy_enabled"`
+	ProxyEnabled  bool     `tfschema:"dns_proxy_enabled"`
 	CustomServers []string `tfschema:"custom_servers"`
 }
 
@@ -784,7 +790,7 @@ func (f *firewallAdditionalProperty) addDNSServer(name string) {
 func encodeFirewallAdditionalProperty(d *pluginsdk.ResourceData) *firewallAdditionalProperty {
 	var res firewallAdditionalProperty
 	val := d.Get("dns_proxy_enabled").(bool)
-	res.ProxyEnabled = pointer.To(val)
+	res.ProxyEnabled = val
 
 	if servers, ok := d.Get("dns_servers").([]interface{}); ok && len(servers) > 0 {
 		// res.ProxyEnabled = true // honer the `dns_proxy_enabled` configuration
@@ -802,7 +808,7 @@ func flattenFirewallAdditionalProps(input map[string]*string) (settings firewall
 
 	if enabledPtr := input["Network.DNS.EnableProxy"]; enabledPtr != nil {
 		proxyEnabled := *enabledPtr == "true"
-		settings.ProxyEnabled = &proxyEnabled
+		settings.ProxyEnabled = proxyEnabled
 	}
 
 	if serversPtr := input["Network.DNS.Servers"]; serversPtr != nil {
@@ -821,17 +827,17 @@ func (f *firewallAdditionalProperty) toTFServers() (res []interface{}) {
 }
 
 func (f *firewallAdditionalProperty) toSDKModel() map[string]*string {
-	if f == nil || (!pointer.From(f.ProxyEnabled) && f.CustomServers == nil) {
+	if f == nil || (!f.ProxyEnabled && f.CustomServers == nil) {
 		return nil
 	}
 
 	res := map[string]*string{}
-	proxyValue := "false"
+	proxyEnabled := "false"
 	// to not break existing behavior, set this key when proxy is enabled or custom dns servers are set
-	if (f.ProxyEnabled != nil && *f.ProxyEnabled) || len(f.CustomServers) > 0 {
-		proxyValue = "true"
+	if f.ProxyEnabled {
+		proxyEnabled = "true"
 	}
-	res["Network.DNS.EnableProxy"] = pointer.To(proxyValue)
+	res["Network.DNS.EnableProxy"] = pointer.To(proxyEnabled)
 
 	if len(f.CustomServers) > 0 {
 		// if not set custom dns servers, then do not set this key to use default azure provided servers

diff --git a/internal/services/firewall/migration/firewall_v0_to_v1.go b/internal/services/firewall/migration/firewall_v0_to_v1.go
@@ -0,0 +1,151 @@
+package migration
+
+import (
+	"context"
+
+	pluginsdk "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
+)
+
+var _ pluginsdk.StateUpgrade = FirewallV0ToV1{}
+
+type FirewallV0ToV1 struct{}
+
+func (FirewallV0ToV1) Schema() map[string]*pluginsdk.Schema {
+	s := map[string]*pluginsdk.Schema{
+		"dns_servers": {
+			Elem:     &pluginsdk.Schema{Type: pluginsdk.TypeString},
+			Optional: true,
+			Type:     pluginsdk.TypeList,
+		},
+		"firewall_policy_id": {
+			Optional: true,
+			Type:     pluginsdk.TypeString,
+		},
+		"ip_configuration": {
+			Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{
+				"name": {
+					Required: true,
+					Type:     pluginsdk.TypeString,
+				},
+				"private_ip_address": {
+					Computed: true,
+					Type:     pluginsdk.TypeString,
+				},
+				"public_ip_address_id": {
+					Required: true,
+					Type:     pluginsdk.TypeString,
+				},
+				"subnet_id": {
+					ForceNew: true,
+					Optional: true,
+					Type:     pluginsdk.TypeString,
+				},
+			}},
+			Optional: true,
+			Type:     pluginsdk.TypeList,
+		},
+		"location": {
+			ForceNew: true,
+			Required: true,
+			Type:     pluginsdk.TypeString,
+		},
+		"management_ip_configuration": {
+			Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{
+				"name": {
+					Required: true,
+					Type:     pluginsdk.TypeString,
+				},
+				"private_ip_address": {
+					Computed: true,
+					Type:     pluginsdk.TypeString,
+				},
+				"public_ip_address_id": {
+					Required: true,
+					Type:     pluginsdk.TypeString,
+				},
+				"subnet_id": {
+					ForceNew: true,
+					Required: true,
+					Type:     pluginsdk.TypeString,
+				},
+			}},
+			ForceNew: true,
+			Optional: true,
+			Type:     pluginsdk.TypeList,
+		},
+		"name": {
+			ForceNew: true,
+			Required: true,
+			Type:     pluginsdk.TypeString,
+		},
+		"private_ip_ranges": {
+			Elem:     &pluginsdk.Schema{Type: pluginsdk.TypeString},
+			Optional: true,
+			Type:     pluginsdk.TypeSet,
+		},
+		"resource_group_name": {
+			ForceNew: true,
+			Required: true,
+			Type:     pluginsdk.TypeString,
+		},
+		"sku_name": {
+			ForceNew: true,
+			Required: true,
+			Type:     pluginsdk.TypeString,
+		},
+		"sku_tier": {
+			Required: true,
+			Type:     pluginsdk.TypeString,
+		},
+		"tags": {
+			Elem:     &pluginsdk.Schema{Type: pluginsdk.TypeString},
+			Optional: true,
+			Type:     pluginsdk.TypeMap,
+		},
+		"threat_intel_mode": {
+			Computed: true,
+			Optional: true,
+			Type:     pluginsdk.TypeString,
+		},
+		"virtual_hub": {
+			Elem: &pluginsdk.Resource{Schema: map[string]*pluginsdk.Schema{
+				"private_ip_address": {
+					Computed: true,
+					Type:     pluginsdk.TypeString,
+				},
+				"public_ip_addresses": {
+					Computed: true,
+					Elem:     &pluginsdk.Schema{Type: pluginsdk.TypeString},
+					Type:     pluginsdk.TypeList,
+				},
+				"public_ip_count": {
+					Optional: true,
+					Type:     pluginsdk.TypeInt,
+				},
+				"virtual_hub_id": {
+					Required: true,
+					Type:     pluginsdk.TypeString,
+				},
+			}},
+			Optional: true,
+			Type:     pluginsdk.TypeList,
+		},
+		"zones": {
+			Elem:     &pluginsdk.Schema{Type: pluginsdk.TypeString},
+			ForceNew: true,
+			Optional: true,
+			Type:     pluginsdk.TypeSet,
+		},
+	}
+	return s
+}
+
+func (FirewallV0ToV1) UpgradeFunc() pluginsdk.StateUpgraderFunc {
+	return func(ctx context.Context, rawState map[string]interface{}, meta interface{}) (map[string]interface{}, error) {
+		servers := rawState["dns_servers"].([]interface{})
+		if len(servers) > 0 {
+			rawState["dns_proxy_enabled"] = true
+		}
+		return rawState, nil
+	}
+}