From 85103fc212d3d48b51371af830defcb2a54da741 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Mon, 22 Apr 2024 15:06:39 +0800 Subject: [PATCH 1/5] azurerm_virtual_network_gateway - update the resource with existing Nat Rules --- .../virtual_network_gateway_resource.go | 10 +- .../virtual_network_gateway_resource_test.go | 101 ++++++++++++++++++ 2 files changed, 108 insertions(+), 3 deletions(-) diff --git a/internal/services/network/virtual_network_gateway_resource.go b/internal/services/network/virtual_network_gateway_resource.go index 780d029fc3f7..5e936ede54b2 100644 --- a/internal/services/network/virtual_network_gateway_resource.go +++ b/internal/services/network/virtual_network_gateway_resource.go @@ -657,8 +657,8 @@ func resourceVirtualNetworkGatewayCreateUpdate(d *pluginsdk.ResourceData, meta i id := parse.NewVirtualNetworkGatewayID(subscriptionId, d.Get("resource_group_name").(string), d.Get("name").(string)) + existing, err := client.Get(ctx, id.ResourceGroup, id.Name) if d.IsNewResource() { - existing, err := client.Get(ctx, id.ResourceGroup, id.Name) if err != nil { if !utils.ResponseWasNotFound(existing.Response) { return fmt.Errorf("checking for presence of existing %s: %s", id, err) @@ -673,7 +673,7 @@ func resourceVirtualNetworkGatewayCreateUpdate(d *pluginsdk.ResourceData, meta i location := azure.NormalizeLocation(d.Get("location").(string)) t := d.Get("tags").(map[string]interface{}) - properties, err := getVirtualNetworkGatewayProperties(id, d) + properties, err := getVirtualNetworkGatewayProperties(id, d, existing) if err != nil { return err } @@ -802,7 +802,7 @@ func resourceVirtualNetworkGatewayDelete(d *pluginsdk.ResourceData, meta interfa return nil } -func getVirtualNetworkGatewayProperties(id parse.VirtualNetworkGatewayId, d *pluginsdk.ResourceData) (*network.VirtualNetworkGatewayPropertiesFormat, error) { +func getVirtualNetworkGatewayProperties(id parse.VirtualNetworkGatewayId, d *pluginsdk.ResourceData, existingVNetGateway network.VirtualNetworkGateway) (*network.VirtualNetworkGatewayPropertiesFormat, error) { gatewayType := network.VirtualNetworkGatewayType(d.Get("type").(string)) vpnType := network.VpnType(d.Get("vpn_type").(string)) enableBgp := d.Get("enable_bgp").(bool) @@ -857,6 +857,10 @@ func getVirtualNetworkGatewayProperties(id parse.VirtualNetworkGatewayId, d *plu props.BgpSettings = bgpSettings } + if existingVNetGateway.VirtualNetworkGatewayPropertiesFormat != nil && existingVNetGateway.VirtualNetworkGatewayPropertiesFormat.NatRules != nil { + props.NatRules = existingVNetGateway.VirtualNetworkGatewayPropertiesFormat.NatRules + } + // Sku validation for policy-based VPN gateways if props.GatewayType == network.VirtualNetworkGatewayTypeVpn && props.VpnType == network.VpnTypePolicyBased { if ok, err := evaluateSchemaValidateFunc(string(props.Sku.Name), "sku", validateVirtualNetworkGatewayPolicyBasedVpnSku()); !ok { diff --git a/internal/services/network/virtual_network_gateway_resource_test.go b/internal/services/network/virtual_network_gateway_resource_test.go index 5156f3c0554c..81757d0c11ac 100644 --- a/internal/services/network/virtual_network_gateway_resource_test.go +++ b/internal/services/network/virtual_network_gateway_resource_test.go @@ -397,6 +397,28 @@ func TestAccVirtualNetworkGateway_updateTagsWithBgpSettings(t *testing.T) { }) } +func TestAccVirtualNetworkGateway_updateWithNatRule(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_virtual_network_gateway", "test") + r := VirtualNetworkGatewayResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.updateWithNatRule(data, "Test1"), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + { + Config: r.updateWithNatRule(data, "Test2"), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + }) +} + func (t VirtualNetworkGatewayResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) { gatewayName := state.Attributes["name"] resourceGroup := state.Attributes["resource_group_name"] @@ -1763,3 +1785,82 @@ resource "azurerm_virtual_network_gateway" "test" { } `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger) } + +func (VirtualNetworkGatewayResource) updateWithNatRule(data acceptance.TestData, tag string) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" + + lifecycle { + ignore_changes = [tags] + } +} + +resource "azurerm_virtual_network" "test" { + name = "acctestvn-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + address_space = ["10.0.0.0/16"] +} + +resource "azurerm_subnet" "test" { + name = "GatewaySubnet" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefixes = ["10.0.1.0/24"] +} + +resource "azurerm_public_ip" "test" { + name = "acctestpip-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + allocation_method = "Dynamic" +} + +resource "azurerm_virtual_network_gateway" "test" { + name = "acctestvng-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + + type = "Vpn" + vpn_type = "RouteBased" + sku = "Basic" + + ip_configuration { + public_ip_address_id = azurerm_public_ip.test.id + subnet_id = azurerm_subnet.test.id + } + + tags = { + env = "%s" + } +} + +data "azurerm_virtual_network_gateway" "test" { + name = azurerm_virtual_network_gateway.test.name + resource_group_name = azurerm_virtual_network_gateway.test.resource_group_name +} + +resource "azurerm_virtual_network_gateway_nat_rule" "test" { + name = "acctestvngnatrule-%d" + resource_group_name = azurerm_resource_group.test.name + virtual_network_gateway_id = data.azurerm_virtual_network_gateway.test.id + mode = "EgressSnat" + type = "Dynamic" + ip_configuration_id = data.azurerm_virtual_network_gateway.test.ip_configuration.0.id + + external_mapping { + address_space = "10.1.0.0/26" + } + + internal_mapping { + address_space = "10.2.0.0/26" + } +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger, tag, data.RandomInteger) +} From 2a6c53b71686f98ef87f2f9d9694cff7bcad60f4 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Mon, 22 Apr 2024 15:07:59 +0800 Subject: [PATCH 2/5] update code --- .../services/network/virtual_network_gateway_resource_test.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/internal/services/network/virtual_network_gateway_resource_test.go b/internal/services/network/virtual_network_gateway_resource_test.go index 81757d0c11ac..245acecd6f72 100644 --- a/internal/services/network/virtual_network_gateway_resource_test.go +++ b/internal/services/network/virtual_network_gateway_resource_test.go @@ -1795,10 +1795,6 @@ provider "azurerm" { resource "azurerm_resource_group" "test" { name = "acctestRG-%d" location = "%s" - - lifecycle { - ignore_changes = [tags] - } } resource "azurerm_virtual_network" "test" { From cee00ed80bd966aa9585a5e1b8ae45f59c18a0c7 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Mon, 22 Apr 2024 19:38:21 +0800 Subject: [PATCH 3/5] update code --- .../virtual_network_gateway_resource_test.go | 33 ++++++++++++------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/internal/services/network/virtual_network_gateway_resource_test.go b/internal/services/network/virtual_network_gateway_resource_test.go index 245acecd6f72..bde16c0dcf7b 100644 --- a/internal/services/network/virtual_network_gateway_resource_test.go +++ b/internal/services/network/virtual_network_gateway_resource_test.go @@ -1792,6 +1792,8 @@ provider "azurerm" { features {} } +data "azurerm_client_config" "current" {} + resource "azurerm_resource_group" "test" { name = "acctestRG-%d" location = "%s" @@ -1801,21 +1803,22 @@ resource "azurerm_virtual_network" "test" { name = "acctestvn-%d" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name - address_space = ["10.0.0.0/16"] + address_space = ["10.1.0.0/16"] } resource "azurerm_subnet" "test" { name = "GatewaySubnet" resource_group_name = azurerm_resource_group.test.name virtual_network_name = azurerm_virtual_network.test.name - address_prefixes = ["10.0.1.0/24"] + address_prefixes = ["10.1.1.0/24"] } resource "azurerm_public_ip" "test" { name = "acctestpip-%d" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name - allocation_method = "Dynamic" + allocation_method = "Static" + sku = "Standard" } resource "azurerm_virtual_network_gateway" "test" { @@ -1823,13 +1826,19 @@ resource "azurerm_virtual_network_gateway" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name - type = "Vpn" - vpn_type = "RouteBased" - sku = "Basic" + type = "Vpn" + vpn_type = "RouteBased" + enable_bgp = false + active_active = false + private_ip_address_enabled = false + sku = "VpnGw2" + generation = "Generation2" ip_configuration { - public_ip_address_id = azurerm_public_ip.test.id - subnet_id = azurerm_subnet.test.id + name = "default" + public_ip_address_id = azurerm_public_ip.test.id + private_ip_address_allocation = "Dynamic" + subnet_id = azurerm_subnet.test.id } tags = { @@ -1845,10 +1854,10 @@ data "azurerm_virtual_network_gateway" "test" { resource "azurerm_virtual_network_gateway_nat_rule" "test" { name = "acctestvngnatrule-%d" resource_group_name = azurerm_resource_group.test.name - virtual_network_gateway_id = data.azurerm_virtual_network_gateway.test.id + virtual_network_gateway_id = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${acctestRG- % d}/providers/Microsoft.Network/virtualNetworkGateways/${acctestvng- % d}" mode = "EgressSnat" type = "Dynamic" - ip_configuration_id = data.azurerm_virtual_network_gateway.test.ip_configuration.0.id + ip_configuration_id = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${acctestRG- % d}/providers/Microsoft.Network/virtualNetworkGateways/${acctestvng- % d}/ipConfigurations/default" external_mapping { address_space = "10.1.0.0/26" @@ -1857,6 +1866,8 @@ resource "azurerm_virtual_network_gateway_nat_rule" "test" { internal_mapping { address_space = "10.2.0.0/26" } + + depends_on = [data.azurerm_virtual_network_gateway.test] } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger, tag, data.RandomInteger) +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger, tag, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger) } From a7284af5a8b43bfdf57fa21df383f9392aa83e3c Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Mon, 22 Apr 2024 20:23:56 +0800 Subject: [PATCH 4/5] update code --- .../services/network/virtual_network_gateway_resource_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/services/network/virtual_network_gateway_resource_test.go b/internal/services/network/virtual_network_gateway_resource_test.go index bde16c0dcf7b..37fe5527e75f 100644 --- a/internal/services/network/virtual_network_gateway_resource_test.go +++ b/internal/services/network/virtual_network_gateway_resource_test.go @@ -1854,10 +1854,10 @@ data "azurerm_virtual_network_gateway" "test" { resource "azurerm_virtual_network_gateway_nat_rule" "test" { name = "acctestvngnatrule-%d" resource_group_name = azurerm_resource_group.test.name - virtual_network_gateway_id = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${acctestRG- % d}/providers/Microsoft.Network/virtualNetworkGateways/${acctestvng- % d}" + virtual_network_gateway_id = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/acctestRG-%d/providers/Microsoft.Network/virtualNetworkGateways/acctestvng-%d" mode = "EgressSnat" type = "Dynamic" - ip_configuration_id = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${acctestRG- % d}/providers/Microsoft.Network/virtualNetworkGateways/${acctestvng- % d}/ipConfigurations/default" + ip_configuration_id = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/acctestRG-%d/providers/Microsoft.Network/virtualNetworkGateways/acctestvng-%d/ipConfigurations/default" external_mapping { address_space = "10.1.0.0/26" From e54468b4abb0d9fabeb58474666db3f8e29b0f27 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Thu, 25 Apr 2024 10:49:03 +0800 Subject: [PATCH 5/5] update code --- .../network/virtual_network_gateway_resource.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/internal/services/network/virtual_network_gateway_resource.go b/internal/services/network/virtual_network_gateway_resource.go index 5e936ede54b2..055b16308d96 100644 --- a/internal/services/network/virtual_network_gateway_resource.go +++ b/internal/services/network/virtual_network_gateway_resource.go @@ -657,8 +657,9 @@ func resourceVirtualNetworkGatewayCreateUpdate(d *pluginsdk.ResourceData, meta i id := parse.NewVirtualNetworkGatewayID(subscriptionId, d.Get("resource_group_name").(string), d.Get("name").(string)) - existing, err := client.Get(ctx, id.ResourceGroup, id.Name) + var existingVNetGateway network.VirtualNetworkGateway if d.IsNewResource() { + existing, err := client.Get(ctx, id.ResourceGroup, id.Name) if err != nil { if !utils.ResponseWasNotFound(existing.Response) { return fmt.Errorf("checking for presence of existing %s: %s", id, err) @@ -668,12 +669,18 @@ func resourceVirtualNetworkGatewayCreateUpdate(d *pluginsdk.ResourceData, meta i if !utils.ResponseWasNotFound(existing.Response) { return tf.ImportAsExistsError("azurerm_virtual_network_gateway", id.ID()) } + } else { + existing, err := client.Get(ctx, id.ResourceGroup, id.Name) + if err != nil { + return err + } + existingVNetGateway = existing } location := azure.NormalizeLocation(d.Get("location").(string)) t := d.Get("tags").(map[string]interface{}) - properties, err := getVirtualNetworkGatewayProperties(id, d, existing) + properties, err := getVirtualNetworkGatewayProperties(id, d, existingVNetGateway) if err != nil { return err }