Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_network_watcher_flow_log: Property changes #26015

Merged
merged 18 commits into from
Nov 21, 2024
100 changes: 68 additions & 32 deletions internal/services/network/network_watcher_flow_log_resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@ import (
"github.com/hashicorp/go-azure-helpers/resourcemanager/commonschema"
"github.com/hashicorp/go-azure-helpers/resourcemanager/location"
"github.com/hashicorp/go-azure-helpers/resourcemanager/tags"
"github.com/hashicorp/go-azure-sdk/resource-manager/network/2023-11-01/networksecuritygroups"
"github.com/hashicorp/go-azure-sdk/resource-manager/network/2024-03-01/flowlogs"
"github.com/hashicorp/go-azure-sdk/resource-manager/network/2024-03-01/networksecuritygroups"
"github.com/hashicorp/go-azure-sdk/resource-manager/network/2024-03-01/networkwatchers"
"github.com/hashicorp/terraform-provider-azurerm/helpers/azure"
"github.com/hashicorp/terraform-provider-azurerm/helpers/tf"
Expand Down Expand Up @@ -72,11 +72,14 @@ func resourceNetworkWatcherFlowLog() *pluginsdk.Resource {
ValidateFunc: validate.NetworkWatcherFlowLogName,
},

"network_security_group_id": {
Type: pluginsdk.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: networksecuritygroups.ValidateNetworkSecurityGroupID,
"target_resource_id": {
Type: pluginsdk.TypeString,
ForceNew: true,
favoretti marked this conversation as resolved.
Show resolved Hide resolved
Required: true,
ValidateFunc: validation.Any(
networksecuritygroups.ValidateNetworkSecurityGroupID,
commonids.ValidateVirtualNetworkID,
),
},

"storage_account_id": {
Expand Down Expand Up @@ -172,13 +175,20 @@ func resourceNetworkWatcherFlowLog() *pluginsdk.Resource {
},
}

if !features.FourPointOhBeta() {
resource.Schema["version"] = &pluginsdk.Schema{
Type: pluginsdk.TypeInt,
if !features.FivePointOhBeta() {
resource.Schema["network_security_group_id"] = &pluginsdk.Schema{
Type: pluginsdk.TypeString,
Optional: true,
Computed: true,
ValidateFunc: validation.IntBetween(1, 2),
ValidateFunc: networksecuritygroups.ValidateNetworkSecurityGroupID,
Deprecated: "The property `network_security_group_id` has been superseded by `target_resource_id` and will be removed in version 5.0 of the AzureRM Provider.",
ExactlyOneOf: []string{"network_security_group_id", "target_resource_id"},
}
resource.Schema["target_resource_id"].Required = false
resource.Schema["target_resource_id"].Optional = true
resource.Schema["target_resource_id"].Computed = true
resource.Schema["target_resource_id"].ForceNew = false
resource.Schema["target_resource_id"].ExactlyOneOf = []string{"network_security_group_id", "target_resource_id"}
}

return resource
Expand All @@ -203,9 +213,17 @@ func resourceNetworkWatcherFlowLogCreate(d *pluginsdk.ResourceData, meta interfa
defer cancel()

id := flowlogs.NewFlowLogID(subscriptionId, d.Get("resource_group_name").(string), d.Get("network_watcher_name").(string), d.Get("name").(string))
nsgId, err := networksecuritygroups.ParseNetworkSecurityGroupID(d.Get("network_security_group_id").(string))
if err != nil {
return err

targetResourceId := ""

if !features.FivePointOhBeta() {
if v, ok := d.GetOk("network_security_group_id"); ok && v.(string) != "" {
targetResourceId = v.(string)
}
}

if v, ok := d.GetOk("target_resource_id"); ok && v.(string) != "" {
targetResourceId = v.(string)
}

// For newly created resources, the "name" is required, it is set as Optional and Computed is merely for the existing ones for the sake of backward compatibility.
Expand All @@ -224,8 +242,8 @@ func resourceNetworkWatcherFlowLogCreate(d *pluginsdk.ResourceData, meta interfa
return tf.ImportAsExistsError("azurerm_network_watcher_flow_log", id.ID())
}

locks.ByID(nsgId.ID())
defer locks.UnlockByID(nsgId.ID())
locks.ByID(targetResourceId)
defer locks.UnlockByID(targetResourceId)

loc := d.Get("location").(string)
if loc == "" {
Expand All @@ -244,7 +262,7 @@ func resourceNetworkWatcherFlowLogCreate(d *pluginsdk.ResourceData, meta interfa
parameters := flowlogs.FlowLog{
Location: utils.String(location.Normalize(loc)),
Properties: &flowlogs.FlowLogPropertiesFormat{
TargetResourceId: nsgId.ID(),
TargetResourceId: targetResourceId,
StorageId: d.Get("storage_account_id").(string),
Enabled: pointer.To(d.Get("enabled").(bool)),
RetentionPolicy: expandNetworkWatcherFlowLogRetentionPolicy(d.Get("retention_policy").([]interface{})),
Expand Down Expand Up @@ -297,12 +315,20 @@ func resourceNetworkWatcherFlowLogUpdate(d *pluginsdk.ResourceData, meta interfa

payload := existing.Model

nsgId, err := networksecuritygroups.ParseNetworkSecurityGroupID(d.Get("network_security_group_id").(string))
if err != nil {
return err
targetResourceId := ""

if !features.FivePointOhBeta() {
if v, ok := d.GetOk("network_security_group_id"); ok && v.(string) != "" {
targetResourceId = v.(string)
}
}

if v, ok := d.GetOk("target_resource_id"); ok && v.(string) != "" {
targetResourceId = v.(string)
}
locks.ByID(nsgId.ID())
defer locks.UnlockByID(nsgId.ID())

locks.ByID(targetResourceId)
defer locks.UnlockByID(targetResourceId)

if d.HasChange("storage_account_id") {
payload.Properties.StorageId = d.Get("storage_account_id").(string)
Expand Down Expand Up @@ -389,12 +415,20 @@ func resourceNetworkWatcherFlowLogRead(d *pluginsdk.ResourceData, meta interface
d.Set("storage_account_id", props.StorageId)
}

networkSecurityGroupId := ""
nsgId, err := networksecuritygroups.ParseNetworkSecurityGroupIDInsensitively(props.TargetResourceId)
if err == nil {
networkSecurityGroupId = nsgId.ID()
targetResourceId := props.TargetResourceId
targetIsNSG := false
if nsgId, err := networksecuritygroups.ParseNetworkSecurityGroupIDInsensitively(props.TargetResourceId); err == nil {
targetResourceId = nsgId.ID()
targetIsNSG = true
} else if vnetId, err := commonids.ParseVirtualNetworkIDInsensitively(props.TargetResourceId); err == nil {
targetResourceId = vnetId.ID()
}

if !features.FivePointOhBeta() && targetIsNSG {
d.Set("network_security_group_id", targetResourceId)
}
d.Set("network_security_group_id", networkSecurityGroupId)

d.Set("target_resource_id", targetResourceId)

if err := d.Set("retention_policy", flattenNetworkWatcherFlowLogRetentionPolicy(props.RetentionPolicy)); err != nil {
return fmt.Errorf("setting `retention_policy`: %+v", err)
Expand Down Expand Up @@ -422,16 +456,18 @@ func resourceNetworkWatcherFlowLogDelete(d *pluginsdk.ResourceData, meta interfa
return fmt.Errorf("retrieving %s: %+v", id, err)
}
if resp.Model == nil || resp.Model.Properties == nil || resp.Model.Properties.TargetResourceId == "" {
return fmt.Errorf("retreiving %s: `properties` or `properties.TargetResourceID` was nil", id)
return fmt.Errorf("retrieving %s: `properties` or `properties.TargetResourceID` was nil", id)
}

networkSecurityGroupId, err := networksecuritygroups.ParseNetworkSecurityGroupIDInsensitively(resp.Model.Properties.TargetResourceId)
if err != nil {
return fmt.Errorf("parsing %q as a Network Security Group ID: %+v", resp.Model.Properties.TargetResourceId, err)
targetResourceId := resp.Model.Properties.TargetResourceId
favoretti marked this conversation as resolved.
Show resolved Hide resolved
if nsgId, err := networksecuritygroups.ParseNetworkSecurityGroupIDInsensitively(resp.Model.Properties.TargetResourceId); err == nil {
targetResourceId = nsgId.ID()
} else if vnetId, err := commonids.ParseVirtualNetworkIDInsensitively(resp.Model.Properties.TargetResourceId); err == nil {
targetResourceId = vnetId.ID()
}

locks.ByID(networkSecurityGroupId.ID())
defer locks.UnlockByID(networkSecurityGroupId.ID())
locks.ByID(targetResourceId)
defer locks.UnlockByID(targetResourceId)

if err := client.DeleteThenPoll(ctx, *id); err != nil {
return fmt.Errorf("deleting %s: %v", id, err)
Expand Down
Loading
Loading