azurerm_sentinel_alert_rule_fusion - remove existing check for built in rule

[ziyeqf]

The only one fusion alert rule is enabled by default ( source ), so removing the existing check and update the document.

In my opinion we can deprecate the name and template_alert_rule_guid and remove them in v5.0, however this will be a breaking change, and the resource also needs to be refactored to typed sdk, to make the resource able to be used, I just removed the existing check in this PR.

Community Note

• Please vote on this PR by adding a 👍 reaction to the original PR to help the community and maintainers prioritize for review
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for PR followers and do not help prioritize for review

Description

PR Checklist

• I have followed the guidelines in our Contributing Documentation.
• I have checked to ensure there aren't other open Pull Requests for the same update/change.
• I have checked if my changes close any open issues. If so please include appropriate closing keywords below.
• I have updated/added Documentation as required written in a helpful and kind way to assist users that may be unfamiliar with the resource / data source.
• I have used a meaningful PR title to help maintainers and other users understand this change and help prevent duplicate work.
  For example: “resource_name_here - description of change e.g. adding property new_property_name_here”

Changes to existing Resource / Data Source

• I have added an explanation of what my changes do and why I'd like you to include them (This may be covered by linking to an issue above, but may benefit from additional explanation).
• I have written new tests for my resource or datasource changes & updated any relevent documentation.
• I have successfully run tests with my changes locally. If not, please provide details on testing challenges that prevented you running the tests.
• (For changes that include a state migration only). I have manually tested the migration path between relevant versions of the provider.

Testing

• My submission includes Test coverage as described in the Contribution Guide and the tests pass. (if this is not possible for any reason, please include details of why you did or could not add test coverage)

❯❯ tftest sentinel TestAccSentinelAlertRuleFusion_
=== RUN   TestAccSentinelAlertRuleFusion_basic
=== PAUSE TestAccSentinelAlertRuleFusion_basic
=== RUN   TestAccSentinelAlertRuleFusion_disable
=== PAUSE TestAccSentinelAlertRuleFusion_disable
=== RUN   TestAccSentinelAlertRuleFusion_sourceSetting
=== PAUSE TestAccSentinelAlertRuleFusion_sourceSetting
=== CONT  TestAccSentinelAlertRuleFusion_basic
=== CONT  TestAccSentinelAlertRuleFusion_sourceSetting
=== CONT  TestAccSentinelAlertRuleFusion_disable
--- PASS: TestAccSentinelAlertRuleFusion_basic (265.21s)
--- PASS: TestAccSentinelAlertRuleFusion_sourceSetting (310.56s)
--- PASS: TestAccSentinelAlertRuleFusion_disable (416.85s)
PASS
ok  	github.com/hashicorp/terraform-provider-azurerm/internal/services/sentinel	416.940s

Change Log

Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.

• azurerm_sentinel_alert_rule_fusion - remove existing check for built in rule [azurerm_sentinel_alert_rule_fusion - remove existing check for built in rule #27653]

This is a (please select all that apply):

• Bug Fix
• New Feature (ie adding a service, resource, or data source)
• Enhancement
• Breaking Change

Related Issue(s)

Note

If this PR changes meaningfully during the course of review please update the title and description as required.

[katbyte]

Can name ONLY be BuiltInFusion? if so could we please add that as a default, make the property optional, and deprecate it.

or can additional rules be added? or the existing ones name renamed?

[ziyeqf]

I'm not sure about the already existing rules with different names, for new created ones, it can only be BuiltInFusion

[ziyeqf]

just triggered another testing, maybe we can wait for it.

[stephybun]

This doesn't follow our guidelines for breaking changes.

Please also make sure the upgrade guide is updated with this change.

[ziyeqf]

sure, sorry for missed that part.

[ziyeqf]

updated testing result

❯❯ tftest sentinel TestAccSentinelAlertRuleFusion_
=== RUN   TestAccSentinelAlertRuleFusion_basic
=== PAUSE TestAccSentinelAlertRuleFusion_basic
=== RUN   TestAccSentinelAlertRuleFusion_disable
=== PAUSE TestAccSentinelAlertRuleFusion_disable
=== RUN   TestAccSentinelAlertRuleFusion_sourceSetting
=== PAUSE TestAccSentinelAlertRuleFusion_sourceSetting
=== CONT  TestAccSentinelAlertRuleFusion_basic
=== CONT  TestAccSentinelAlertRuleFusion_sourceSetting
=== CONT  TestAccSentinelAlertRuleFusion_disable
--- PASS: TestAccSentinelAlertRuleFusion_basic (488.65s)
--- PASS: TestAccSentinelAlertRuleFusion_sourceSetting (553.41s)
--- PASS: TestAccSentinelAlertRuleFusion_disable (901.94s)
PASS
ok  	github.com/hashicorp/terraform-provider-azurerm/internal/services/sentinel	902.014s

[stephybun]

We shouldn't advertise or encourage the use of deprecated properties which is why we remove them from the documentation entirely.

Suggested change

* `name` - (Optional) The name which should be used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created. Defaults to `BuiltInFusion`

[ziyeqf]

kindly bubble this PR up

[stephybun]

The string formatter for the IDs contain detailed information about the resource's name, we would be unnecessarily repeating ourselves by adding that in the error message.

Suggested change

	if _, err := client.CreateOrUpdate(ctx, id, params); err != nil {
	return fmt.Errorf("creating Sentinel Alert Rule Fusion %q: %+v", id, err)
	}
	if _, err := client.CreateOrUpdate(ctx, id, params); err != nil {
	return fmt.Errorf("creating %s: %+v", id, err)
	}

[stephybun]

Suggested change

	return fmt.Errorf("retrieving %q: %+v", id, err)
	return fmt.Errorf("retrieving %s: %+v", id, err)

[stephybun]

Hasn't been updated

[stephybun]

Please keep the schema in-lined here

[stephybun]

Suggested change

	return fmt.Errorf("asserting alert rule of %q: %+v", id, err)
	return fmt.Errorf("asserting alert rule of %s: %+v", id, err)

[stephybun]

This doesn't follow the pattern that we expect for the update function which

1. nil check Model
2. nil check Properties
3. Patch changes in to Properties/Model

This particular case will deviate slightly since this is a discriminated type and it's generally good practice to check that the type assertion we're doing is successful and throwing an error if it isnt. Can you please update this to

Suggested change

	payload := resp.Model.(alertrules.FusionAlertRule)
	if resp.Model == nil {
	return fmt.Errorf("retrieving %s: `model` was nil", id)
	}
	payload, ok := resp.Model.(alertrules.FusionAlertRule)
	if !ok {
	return fmt.Errorf("retrieving %s: expected an alert rule of type `Fusion`, got %q", pointer.From(resp.Model.AlertRule().Type))
	}
	if payload.Properties == nil {
	return fmt.Errorf("retrieving %s: `properties` was nil", id)
	}

[stephybun]

Same here

Suggested change

	if payload.Properties == nil {
	payload.Properties = &alertrules.FusionAlertRuleProperties{}
	}

[stephybun]

Same here

Suggested change

	if payload.Properties == nil {
	payload.Properties = &alertrules.FusionAlertRuleProperties{}
	}

[stephybun]

We don't need to nil check this anymore since we're doing it further up

Suggested change

	if payload.Properties != nil {
	payload.Properties.Description = nil
	payload.Properties.DisplayName = nil
	payload.Properties.LastModifiedUtc = nil
	payload.Properties.Severity = nil
	payload.Properties.Tactics = nil
	}
	payload.Properties.Description = nil
	payload.Properties.DisplayName = nil
	payload.Properties.LastModifiedUtc = nil
	payload.Properties.Severity = nil
	payload.Properties.Tactics = nil

[stephybun]

Suggested change

	return fmt.Errorf("creating Sentinel Alert Rule Fusion %q: %+v", id, err)
	return fmt.Errorf("updating %s: %+v", id, err)

[stephybun]

This has been put inside the ```markdown box where we've put examples of how the breaking changes should be documented, this should be moved down out of this block

[stephybun]

@ziyeqf can you please provide testing evidence in 5.0 mode as well

[ziyeqf]

4.0 test result

❯❯ tftest sentinel TestAccSentinelAlertRuleFusion_
=== RUN   TestAccSentinelAlertRuleFusion_basic
=== PAUSE TestAccSentinelAlertRuleFusion_basic
=== RUN   TestAccSentinelAlertRuleFusion_disable
=== PAUSE TestAccSentinelAlertRuleFusion_disable
=== RUN   TestAccSentinelAlertRuleFusion_sourceSetting
=== PAUSE TestAccSentinelAlertRuleFusion_sourceSetting
=== CONT  TestAccSentinelAlertRuleFusion_basic
=== CONT  TestAccSentinelAlertRuleFusion_sourceSetting
=== CONT  TestAccSentinelAlertRuleFusion_disable
--- PASS: TestAccSentinelAlertRuleFusion_basic (227.66s)
--- PASS: TestAccSentinelAlertRuleFusion_sourceSetting (263.98s)
--- PASS: TestAccSentinelAlertRuleFusion_disable (412.58s)
PASS
ok  	github.com/hashicorp/terraform-provider-azurerm/internal/services/sentinel	412.666s

5.0

❯❯ ARM_FIVEPOINTZERO_BETA=true tftest sentinel TestAccSentinelAlertRuleFusion_
=== RUN   TestAccSentinelAlertRuleFusion_basic
=== PAUSE TestAccSentinelAlertRuleFusion_basic
=== RUN   TestAccSentinelAlertRuleFusion_disable
=== PAUSE TestAccSentinelAlertRuleFusion_disable
=== RUN   TestAccSentinelAlertRuleFusion_sourceSetting
=== PAUSE TestAccSentinelAlertRuleFusion_sourceSetting
=== CONT  TestAccSentinelAlertRuleFusion_basic
=== CONT  TestAccSentinelAlertRuleFusion_sourceSetting
=== CONT  TestAccSentinelAlertRuleFusion_disable
--- PASS: TestAccSentinelAlertRuleFusion_basic (433.09s)
--- PASS: TestAccSentinelAlertRuleFusion_sourceSetting (508.14s)
--- PASS: TestAccSentinelAlertRuleFusion_disable (828.12s)
PASS
ok  	github.com/hashicorp/terraform-provider-azurerm/internal/services/sentinel	828.202s

[stephybun]

As specified in point 4 for breaking schema changes these should be listed in alphabetical order, so should be put before all the storage changes above

[stephybun]

Hasn't been updated

[stephybun]

Thanks @ziyeqf LGTM 🦖