Skip to content

Commit

Permalink
azurerm_network_watcher_flow_log: Property changes
Browse files Browse the repository at this point in the history
`network_security_group_id` is superseded by `target_resource_id`

Fixes hashicorp#25982
  • Loading branch information
favoretti committed Nov 14, 2024
1 parent e4ea02c commit c43d388
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 34 deletions.
73 changes: 39 additions & 34 deletions internal/services/network/network_watcher_flow_log_resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ import (
"github.com/hashicorp/go-azure-helpers/resourcemanager/commonschema"
"github.com/hashicorp/go-azure-helpers/resourcemanager/location"
"github.com/hashicorp/go-azure-helpers/resourcemanager/tags"
"github.com/hashicorp/go-azure-sdk/resource-manager/network/2023-11-01/networksecuritygroups"
"github.com/hashicorp/go-azure-sdk/resource-manager/network/2024-03-01/flowlogs"
"github.com/hashicorp/go-azure-sdk/resource-manager/network/2024-03-01/networkwatchers"
"github.com/hashicorp/terraform-provider-azurerm/helpers/azure"
Expand Down Expand Up @@ -72,11 +71,13 @@ func resourceNetworkWatcherFlowLog() *pluginsdk.Resource {
ValidateFunc: validate.NetworkWatcherFlowLogName,
},

"network_security_group_id": {
Type: pluginsdk.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: networksecuritygroups.ValidateNetworkSecurityGroupID,
"target_resource_id": {
Type: pluginsdk.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: validation.Any(
validate.VirtualNetworkID,
),
},

"storage_account_id": {
Expand Down Expand Up @@ -172,12 +173,13 @@ func resourceNetworkWatcherFlowLog() *pluginsdk.Resource {
},
}

if !features.FourPointOhBeta() {
resource.Schema["version"] = &pluginsdk.Schema{
Type: pluginsdk.TypeInt,
Optional: true,
Computed: true,
ValidateFunc: validation.IntBetween(1, 2),
if !features.FivePointOh() {
resource.Schema["network_security_group_id"] = &pluginsdk.Schema{
Required: true,
ForceNew: true,
ValidateFunc: azure.ValidateResourceID,
Deprecated: "The property `network_security_group_id` has been superseded by `target_resource_id` and will be removed in version 5.0 of the AzureRM Provider.",
ConflictsWith: []string{"target_resource_id"},
}
}

Expand All @@ -203,10 +205,14 @@ func resourceNetworkWatcherFlowLogCreate(d *pluginsdk.ResourceData, meta interfa
defer cancel()

id := flowlogs.NewFlowLogID(subscriptionId, d.Get("resource_group_name").(string), d.Get("network_watcher_name").(string), d.Get("name").(string))
nsgId, err := networksecuritygroups.ParseNetworkSecurityGroupID(d.Get("network_security_group_id").(string))
if err != nil {
return err

var targetResourceId string
if !features.FivePointOh() {
if v, ok := d.GetOk("network_security_group_id"); ok {
targetResourceId = v.(string)
}
}
targetResourceId = d.Get("target_resource_id").(string)

// For newly created resources, the "name" is required, it is set as Optional and Computed is merely for the existing ones for the sake of backward compatibility.
if id.NetworkWatcherName == "" {
Expand All @@ -224,8 +230,8 @@ func resourceNetworkWatcherFlowLogCreate(d *pluginsdk.ResourceData, meta interfa
return tf.ImportAsExistsError("azurerm_network_watcher_flow_log", id.ID())
}

locks.ByID(nsgId.ID())
defer locks.UnlockByID(nsgId.ID())
locks.ByID(targetResourceId)
defer locks.UnlockByID(targetResourceId)

loc := d.Get("location").(string)
if loc == "" {
Expand All @@ -244,7 +250,7 @@ func resourceNetworkWatcherFlowLogCreate(d *pluginsdk.ResourceData, meta interfa
parameters := flowlogs.FlowLog{
Location: utils.String(location.Normalize(loc)),
Properties: &flowlogs.FlowLogPropertiesFormat{
TargetResourceId: nsgId.ID(),
TargetResourceId: targetResourceId,
StorageId: d.Get("storage_account_id").(string),
Enabled: pointer.To(d.Get("enabled").(bool)),
RetentionPolicy: expandNetworkWatcherFlowLogRetentionPolicy(d.Get("retention_policy").([]interface{})),
Expand Down Expand Up @@ -297,12 +303,14 @@ func resourceNetworkWatcherFlowLogUpdate(d *pluginsdk.ResourceData, meta interfa

payload := existing.Model

nsgId, err := networksecuritygroups.ParseNetworkSecurityGroupID(d.Get("network_security_group_id").(string))
if err != nil {
return err
var targetResourceId string
if !features.FivePointOh() {
targetResourceId = d.Get("network_security_group_id").(string)
}
locks.ByID(nsgId.ID())
defer locks.UnlockByID(nsgId.ID())
targetResourceId = d.Get("target_resource_id").(string)

locks.ByID(targetResourceId)
defer locks.UnlockByID(targetResourceId)

if d.HasChange("storage_account_id") {
payload.Properties.StorageId = d.Get("storage_account_id").(string)
Expand Down Expand Up @@ -389,12 +397,12 @@ func resourceNetworkWatcherFlowLogRead(d *pluginsdk.ResourceData, meta interface
d.Set("storage_account_id", props.StorageId)
}

networkSecurityGroupId := ""
nsgId, err := networksecuritygroups.ParseNetworkSecurityGroupIDInsensitively(props.TargetResourceId)
if err == nil {
networkSecurityGroupId = nsgId.ID()
targetResourceId := ""
if !features.FourPointOhBeta() {
d.Set("network_security_group_id", targetResourceId)
}
d.Set("network_security_group_id", networkSecurityGroupId)

d.Set("target_resource_id", targetResourceId)

if err := d.Set("retention_policy", flattenNetworkWatcherFlowLogRetentionPolicy(props.RetentionPolicy)); err != nil {
return fmt.Errorf("setting `retention_policy`: %+v", err)
Expand Down Expand Up @@ -425,13 +433,10 @@ func resourceNetworkWatcherFlowLogDelete(d *pluginsdk.ResourceData, meta interfa
return fmt.Errorf("retreiving %s: `properties` or `properties.TargetResourceID` was nil", id)
}

networkSecurityGroupId, err := networksecuritygroups.ParseNetworkSecurityGroupIDInsensitively(resp.Model.Properties.TargetResourceId)
if err != nil {
return fmt.Errorf("parsing %q as a Network Security Group ID: %+v", resp.Model.Properties.TargetResourceId, err)
}
targetResourceId := resp.Model.Properties.TargetResourceId

locks.ByID(networkSecurityGroupId.ID())
defer locks.UnlockByID(networkSecurityGroupId.ID())
locks.ByID(targetResourceId)
defer locks.UnlockByID(targetResourceId)

if err := client.DeleteThenPoll(ctx, *id); err != nil {
return fmt.Errorf("deleting %s: %v", id, err)
Expand Down
4 changes: 4 additions & 0 deletions website/docs/r/network_watcher_flow_log.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,10 @@ The following arguments are supported:

* `network_security_group_id` - (Required) The ID of the Network Security Group for which to enable flow logs for. Changing this forces a new resource to be created.

~> **NOTE:** `network_security_group_id` is deprecated and will be removed in favour of the property `target_resource_id` in version 4.0 of the AzureRM Provider.

* `target_resource_id` - (Required) The ID of the Resource for which to enable flow logs for. Changing this forces a new resource to be created.

* `storage_account_id` - (Required) The ID of the Storage Account where flow logs are stored.

* `enabled` - (Required) Should Network Flow Logging be Enabled?
Expand Down

0 comments on commit c43d388

Please sign in to comment.