diff --git a/azurerm/internal/services/containers/tests/resource_arm_kubernetes_cluster_network_test.go b/azurerm/internal/services/containers/tests/resource_arm_kubernetes_cluster_network_test.go index 1e40fe777f51..e42a2ed19ecf 100644 --- a/azurerm/internal/services/containers/tests/resource_arm_kubernetes_cluster_network_test.go +++ b/azurerm/internal/services/containers/tests/resource_arm_kubernetes_cluster_network_test.go @@ -595,11 +595,6 @@ resource "azurerm_subnet" "test" { resource_group_name = azurerm_resource_group.test.name virtual_network_name = azurerm_virtual_network.test.name address_prefix = "10.1.0.0/24" - - # TODO: remove in 2.0 - lifecycle { - ignore_changes = ["route_table_id"] - } } resource "azurerm_kubernetes_cluster" "test" { @@ -667,11 +662,6 @@ resource "azurerm_subnet" "test" { resource_group_name = azurerm_resource_group.test.name virtual_network_name = azurerm_virtual_network.test.name address_prefix = "10.1.0.0/24" - - # TODO: remove in 2.0 - lifecycle { - ignore_changes = ["route_table_id"] - } } resource "azurerm_subnet_route_table_association" "test" { @@ -802,7 +792,6 @@ resource "azurerm_subnet" "test" { resource_group_name = azurerm_resource_group.test.name virtual_network_name = azurerm_virtual_network.test.name address_prefix = "10.1.0.0/24" - route_table_id = azurerm_route_table.test.id } resource "azurerm_subnet_route_table_association" "test" { @@ -894,11 +883,6 @@ resource "azurerm_subnet" "test" { resource_group_name = azurerm_resource_group.test.name virtual_network_name = azurerm_virtual_network.test.name address_prefix = "172.0.2.0/24" - - # TODO: remove in 2.0 - lifecycle { - ignore_changes = ["route_table_id"] - } } resource "azurerm_kubernetes_cluster" "test" { @@ -1062,7 +1046,6 @@ resource "azurerm_subnet" "test" { resource_group_name = azurerm_resource_group.test.name virtual_network_name = azurerm_virtual_network.test.name address_prefix = "10.1.0.0/24" - route_table_id = azurerm_route_table.test.id } resource "azurerm_subnet_route_table_association" "test" { diff --git a/azurerm/internal/services/containers/tests/resource_arm_kubernetes_cluster_node_pool_test.go b/azurerm/internal/services/containers/tests/resource_arm_kubernetes_cluster_node_pool_test.go index 800c1bbbe403..3bc04511a773 100644 --- a/azurerm/internal/services/containers/tests/resource_arm_kubernetes_cluster_node_pool_test.go +++ b/azurerm/internal/services/containers/tests/resource_arm_kubernetes_cluster_node_pool_test.go @@ -1079,11 +1079,6 @@ resource "azurerm_subnet" "test" { resource_group_name = azurerm_resource_group.test.name virtual_network_name = azurerm_virtual_network.test.name address_prefix = "10.1.0.0/24" - - # TODO: remove in 2.0 - lifecycle { - ignore_changes = ["route_table_id"] - } } resource "azurerm_subnet_route_table_association" "test" { diff --git a/azurerm/internal/services/databricks/tests/resource_arm_databricks_workspace_test.go b/azurerm/internal/services/databricks/tests/resource_arm_databricks_workspace_test.go index 65bd9fbb5ce8..79c28089bfb2 100644 --- a/azurerm/internal/services/databricks/tests/resource_arm_databricks_workspace_test.go +++ b/azurerm/internal/services/databricks/tests/resource_arm_databricks_workspace_test.go @@ -308,10 +308,6 @@ resource "azurerm_subnet" "public" { ] } } - - lifecycle { - ignore_changes = ["network_security_group_id"] - } } resource "azurerm_subnet" "private" { @@ -333,10 +329,6 @@ resource "azurerm_subnet" "private" { ] } } - - lifecycle { - ignore_changes = ["network_security_group_id"] - } } resource "azurerm_network_security_group" "nsg" { diff --git a/azurerm/internal/services/network/data_source_subnet.go b/azurerm/internal/services/network/data_source_subnet.go index befd91681588..752579d71585 100644 --- a/azurerm/internal/services/network/data_source_subnet.go +++ b/azurerm/internal/services/network/data_source_subnet.go @@ -2,7 +2,6 @@ package network import ( "fmt" - "strings" "time" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" @@ -51,13 +50,6 @@ func dataSourceArmSubnet() *schema.Resource { Computed: true, }, - "ip_configurations": { - Type: schema.TypeSet, - Computed: true, - Elem: &schema.Schema{Type: schema.TypeString}, - Set: schema.HashString, - }, - "service_endpoints": { Type: schema.TypeList, Computed: true, @@ -104,32 +96,23 @@ func dataSourceArmSubnetRead(d *schema.ResourceData, meta interface{}) error { if props := resp.SubnetPropertiesFormat; props != nil { d.Set("address_prefix", props.AddressPrefix) - if pe := props.PrivateEndpointNetworkPolicies; pe != nil { - d.Set("enforce_private_link_endpoint_network_policies", strings.EqualFold("Disabled", *pe)) - } - - if ps := props.PrivateLinkServiceNetworkPolicies; ps != nil { - d.Set("enforce_private_link_service_network_policies", strings.EqualFold("Disabled", *ps)) - } - - if props.NetworkSecurityGroup != nil { - d.Set("network_security_group_id", props.NetworkSecurityGroup.ID) - } else { - d.Set("network_security_group_id", "") - } + d.Set("enforce_private_link_endpoint_network_policies", flattenSubnetPrivateLinkNetworkPolicy(props.PrivateEndpointNetworkPolicies)) + d.Set("enforce_private_link_service_network_policies", flattenSubnetPrivateLinkNetworkPolicy(props.PrivateLinkServiceNetworkPolicies)) - if props.RouteTable != nil { - d.Set("route_table_id", props.RouteTable.ID) - } else { - d.Set("route_table_id", "") + networkSecurityGroupId := "" + if props.NetworkSecurityGroup != nil && props.NetworkSecurityGroup.ID != nil { + networkSecurityGroupId = *props.NetworkSecurityGroup.ID } + d.Set("network_security_group_id", networkSecurityGroupId) - if err := d.Set("ip_configurations", flattenSubnetIPConfigurations(props.IPConfigurations)); err != nil { - return err + routeTableId := "" + if props.RouteTable != nil && props.RouteTable.ID != nil { + routeTableId = *props.RouteTable.ID } + d.Set("route_table_id", routeTableId) if err := d.Set("service_endpoints", flattenSubnetServiceEndpoints(props.ServiceEndpoints)); err != nil { - return err + return fmt.Errorf("Error setting `service_endpoints`: %+v", err) } } diff --git a/azurerm/internal/services/network/resource_arm_subnet.go b/azurerm/internal/services/network/resource_arm_subnet.go index 725b51482d26..d7d38b7e309b 100644 --- a/azurerm/internal/services/network/resource_arm_subnet.go +++ b/azurerm/internal/services/network/resource_arm_subnet.go @@ -22,9 +22,9 @@ var SubnetResourceName = "azurerm_subnet" func resourceArmSubnet() *schema.Resource { return &schema.Resource{ - Create: resourceArmSubnetCreateUpdate, + Create: resourceArmSubnetCreate, Read: resourceArmSubnetRead, - Update: resourceArmSubnetCreateUpdate, + Update: resourceArmSubnetUpdate, Delete: resourceArmSubnetDelete, Importer: &schema.ResourceImporter{ State: schema.ImportStatePassthrough, @@ -57,26 +57,6 @@ func resourceArmSubnet() *schema.Resource { Required: true, }, - "network_security_group_id": { - Type: schema.TypeString, - Optional: true, - Deprecated: "Use the `azurerm_subnet_network_security_group_association` resource instead.", - }, - - "route_table_id": { - Type: schema.TypeString, - Optional: true, - Deprecated: "Use the `azurerm_subnet_route_table_association` resource instead.", - }, - - "ip_configurations": { - Type: schema.TypeSet, - Optional: true, - Computed: true, - Elem: &schema.Schema{Type: schema.TypeString}, - Set: schema.HashString, - }, - "service_endpoints": { Type: schema.TypeList, Optional: true, @@ -119,10 +99,10 @@ func resourceArmSubnet() *schema.Resource { "Microsoft.Web/serverFarms", }, false), }, + "actions": { Type: schema.TypeList, Optional: true, - Computed: true, ConfigMode: schema.SchemaConfigModeAttr, Elem: &schema.Schema{ Type: schema.TypeString, @@ -157,7 +137,8 @@ func resourceArmSubnet() *schema.Resource { } } -func resourceArmSubnetCreateUpdate(d *schema.ResourceData, meta interface{}) error { +// TODO: refactor the create/flatten functions +func resourceArmSubnetCreate(d *schema.ResourceData, meta interface{}) error { client := meta.(*clients.Client).Network.SubnetsClient ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d) defer cancel() @@ -168,7 +149,7 @@ func resourceArmSubnetCreateUpdate(d *schema.ResourceData, meta interface{}) err vnetName := d.Get("virtual_network_name").(string) resGroup := d.Get("resource_group_name").(string) - if features.ShouldResourcesBeImported() && d.IsNewResource() { + if features.ShouldResourcesBeImported() { existing, err := client.Get(ctx, resGroup, vnetName, name, "") if err != nil { if !utils.ResponseWasNotFound(existing.Response) { @@ -186,71 +167,22 @@ func resourceArmSubnetCreateUpdate(d *schema.ResourceData, meta interface{}) err locks.ByName(vnetName, VirtualNetworkResourceName) defer locks.UnlockByName(vnetName, VirtualNetworkResourceName) - properties := network.SubnetPropertiesFormat{ - AddressPrefix: &addressPrefix, - } - - if v, ok := d.GetOk("enforce_private_link_service_network_policies"); ok { - // To enable private endpoints you must disable the network policies for the - // subnet because Network policies like network security groups are not - // supported by private endpoints. - if v.(bool) { - properties.PrivateLinkServiceNetworkPolicies = utils.String("Disabled") - } - } + privateEndpointNetworkPolicies := d.Get("enforce_private_link_endpoint_network_policies").(bool) + privateLinkServiceNetworkPolicies := d.Get("enforce_private_link_service_network_policies").(bool) - if v, ok := d.GetOk("network_security_group_id"); ok { - nsgId := v.(string) - properties.NetworkSecurityGroup = &network.SecurityGroup{ - ID: &nsgId, - } - - parsedNsgId, err := ParseNetworkSecurityGroupID(nsgId) - if err != nil { - return err - } - - locks.ByName(parsedNsgId.Name, networkSecurityGroupResourceName) - defer locks.UnlockByName(parsedNsgId.Name, networkSecurityGroupResourceName) - } else { - properties.NetworkSecurityGroup = nil - } - - if v, ok := d.GetOk("route_table_id"); ok { - rtId := v.(string) - properties.RouteTable = &network.RouteTable{ - ID: &rtId, - } - - parsedRouteTableId, err := ParseRouteTableID(rtId) - if err != nil { - return err - } + serviceEndpointsRaw := d.Get("service_endpoints").([]interface{}) + properties := network.SubnetPropertiesFormat{ + AddressPrefix: &addressPrefix, + ServiceEndpoints: expandSubnetServiceEndpoints(serviceEndpointsRaw), - locks.ByName(parsedRouteTableId.Name, routeTableResourceName) - defer locks.UnlockByName(parsedRouteTableId.Name, routeTableResourceName) - } else { - properties.RouteTable = nil - } - - if v, ok := d.GetOk("enforce_private_link_endpoint_network_policies"); ok { - // This is strange logic, but to get the schema to make sense for the end user - // I exposed it with the same name that the Azure CLI does to be consistent - // between the tool sets, which means true == Disabled. - // - // To enable private endpoints you must disable the network policies for the - // subnet because Network policies like network security groups are not - // supported by private endpoints. - if v.(bool) { - properties.PrivateEndpointNetworkPolicies = utils.String("Disabled") - } + // To enable private endpoints you must disable the network policies for the subnet because + // Network policies like network security groups are not supported by private endpoints. + PrivateEndpointNetworkPolicies: expandSubnetPrivateLinkNetworkPolicy(privateEndpointNetworkPolicies), + PrivateLinkServiceNetworkPolicies: expandSubnetPrivateLinkNetworkPolicy(privateLinkServiceNetworkPolicies), } - serviceEndpoints := expandSubnetServiceEndpoints(d) - properties.ServiceEndpoints = &serviceEndpoints - - delegations := expandSubnetDelegation(d) - properties.Delegations = &delegations + delegationsRaw := d.Get("delegation").([]interface{}) + properties.Delegations = expandSubnetDelegation(delegationsRaw) subnet := network.Subnet{ Name: &name, @@ -279,6 +211,73 @@ func resourceArmSubnetCreateUpdate(d *schema.ResourceData, meta interface{}) err return resourceArmSubnetRead(d, meta) } +func resourceArmSubnetUpdate(d *schema.ResourceData, meta interface{}) error { + client := meta.(*clients.Client).Network.SubnetsClient + ctx, cancel := timeouts.ForUpdate(meta.(*clients.Client).StopContext, d) + defer cancel() + + id, err := azure.ParseAzureResourceID(d.Id()) + if err != nil { + return err + } + resourceGroup := id.ResourceGroup + networkName := id.Path["virtualNetworks"] + name := id.Path["subnets"] + + existing, err := client.Get(ctx, resourceGroup, networkName, name, "") + if err != nil { + return fmt.Errorf("Error retrieving existing Subnet %q (Virtual Network %q / Resource Group %q): %+v", name, networkName, resourceGroup, err) + } + + if existing.SubnetPropertiesFormat == nil { + return fmt.Errorf("Error retrieving existing Subnet %q (Virtual Network %q / Resource Group %q): `properties` was nil", name, networkName, resourceGroup) + } + + // TODO: locking on the NSG/Route Table if applicable + + props := *existing.SubnetPropertiesFormat + + if d.HasChange("address_prefix") { + props.AddressPrefix = utils.String(d.Get("address_prefix").(string)) + } + + if d.HasChange("delegation") { + delegationsRaw := d.Get("delegation").([]interface{}) + props.Delegations = expandSubnetDelegation(delegationsRaw) + } + + if d.HasChange("enforce_private_link_endpoint_network_policies") { + v := d.Get("enforce_private_link_endpoint_network_policies").(bool) + props.PrivateEndpointNetworkPolicies = expandSubnetPrivateLinkNetworkPolicy(v) + } + + if d.HasChange("enforce_private_link_service_network_policies") { + v := d.Get("enforce_private_link_service_network_policies").(bool) + props.PrivateLinkServiceNetworkPolicies = expandSubnetPrivateLinkNetworkPolicy(v) + } + + if d.HasChange("service_endpoints") { + serviceEndpointsRaw := d.Get("service_endpoints").([]interface{}) + props.ServiceEndpoints = expandSubnetServiceEndpoints(serviceEndpointsRaw) + } + + subnet := network.Subnet{ + Name: utils.String(name), + SubnetPropertiesFormat: &props, + } + + future, err := client.CreateOrUpdate(ctx, resourceGroup, networkName, name, subnet) + if err != nil { + return fmt.Errorf("Error updating Subnet %q (Virtual Network %q / Resource Group %q): %+v", name, networkName, resourceGroup, err) + } + + if err := future.WaitForCompletionRef(ctx, client.Client); err != nil { + return fmt.Errorf("Error waiting for update of Subnet %q (Virtual Network %q / Resource Group %q): %+v", name, networkName, resourceGroup, err) + } + + return resourceArmSubnetRead(d, meta) +} + func resourceArmSubnetRead(d *schema.ResourceData, meta interface{}) error { client := meta.(*clients.Client).Network.SubnetsClient ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) @@ -288,71 +287,38 @@ func resourceArmSubnetRead(d *schema.ResourceData, meta interface{}) error { if err != nil { return err } - resGroup := id.ResourceGroup - vnetName := id.Path["virtualNetworks"] + resourceGroup := id.ResourceGroup + networkName := id.Path["virtualNetworks"] name := id.Path["subnets"] - resp, err := client.Get(ctx, resGroup, vnetName, name, "") + resp, err := client.Get(ctx, resourceGroup, networkName, name, "") if err != nil { if utils.ResponseWasNotFound(resp.Response) { d.SetId("") return nil } - return fmt.Errorf("Error making Read request on Azure Subnet %q: %+v", name, err) + return fmt.Errorf("Error retrieving Subnet %q (Virtual Network %q / Resource Group %q): %+v", name, networkName, resourceGroup, err) } d.Set("name", name) - d.Set("resource_group_name", resGroup) - d.Set("virtual_network_name", vnetName) + d.Set("resource_group_name", resourceGroup) + d.Set("virtual_network_name", networkName) if props := resp.SubnetPropertiesFormat; props != nil { d.Set("address_prefix", props.AddressPrefix) - if p := props.PrivateLinkServiceNetworkPolicies; p != nil { - // To enable private endpoints you must disable the network policies for the - // subnet because Network policies like network security groups are not - // supported by private endpoints. - - d.Set("enforce_private_link_service_network_policies", strings.EqualFold("Disabled", *p)) - } - - var securityGroupId *string - if props.NetworkSecurityGroup != nil { - securityGroupId = props.NetworkSecurityGroup.ID - } - d.Set("network_security_group_id", securityGroupId) - - var routeTableId string - if props.RouteTable != nil && props.RouteTable.ID != nil { - routeTableId = *props.RouteTable.ID + delegation := flattenSubnetDelegation(props.Delegations) + if err := d.Set("delegation", delegation); err != nil { + return fmt.Errorf("Error flattening `delegation`: %+v", err) } - d.Set("route_table_id", routeTableId) - ips := flattenSubnetIPConfigurations(props.IPConfigurations) - if err := d.Set("ip_configurations", ips); err != nil { - return err - } + d.Set("enforce_private_link_endpoint_network_policies", flattenSubnetPrivateLinkNetworkPolicy(props.PrivateEndpointNetworkPolicies)) + d.Set("enforce_private_link_service_network_policies", flattenSubnetPrivateLinkNetworkPolicy(props.PrivateLinkServiceNetworkPolicies)) serviceEndpoints := flattenSubnetServiceEndpoints(props.ServiceEndpoints) if err := d.Set("service_endpoints", serviceEndpoints); err != nil { - return err - } - - // This is strange logic, but to get the schema to make sense for the end user - // I exposed it with the same name that the Azure CLI does to be consistent - // between the tool sets, which means true == Disabled. - // - // To enable private endpoints you must disable the network policies for the - // subnet because Network policies like network security groups are not - // supported by private endpoints. - if privateEndpointNetworkPolicies := props.PrivateEndpointNetworkPolicies; privateEndpointNetworkPolicies != nil { - d.Set("enforce_private_link_endpoint_network_policies", *privateEndpointNetworkPolicies == "Disabled") - } - - delegation := flattenSubnetDelegation(props.Delegations) - if err := d.Set("delegation", delegation); err != nil { - return fmt.Errorf("Error flattening `delegation`: %+v", err) + return fmt.Errorf("Error setting `service_endpoints`: %+v", err) } } @@ -368,55 +334,32 @@ func resourceArmSubnetDelete(d *schema.ResourceData, meta interface{}) error { if err != nil { return err } - resGroup := id.ResourceGroup + resourceGroup := id.ResourceGroup name := id.Path["subnets"] - vnetName := id.Path["virtualNetworks"] + networkName := id.Path["virtualNetworks"] - if v, ok := d.GetOk("network_security_group_id"); ok { - networkSecurityGroupId := v.(string) - parsedNetworkSecurityGroupId, err2 := ParseNetworkSecurityGroupID(networkSecurityGroupId) - if err2 != nil { - return err2 - } - - locks.ByName(parsedNetworkSecurityGroupId.Name, networkSecurityGroupResourceName) - defer locks.UnlockByName(parsedNetworkSecurityGroupId.Name, networkSecurityGroupResourceName) - } - - if v, ok := d.GetOk("route_table_id"); ok { - rtId := v.(string) - parsedRouteTableId, err2 := ParseRouteTableID(rtId) - if err2 != nil { - return err2 - } - - locks.ByName(parsedRouteTableId.Name, routeTableResourceName) - defer locks.UnlockByName(parsedRouteTableId.Name, routeTableResourceName) - } - - locks.ByName(vnetName, VirtualNetworkResourceName) - defer locks.UnlockByName(vnetName, VirtualNetworkResourceName) + locks.ByName(networkName, VirtualNetworkResourceName) + defer locks.UnlockByName(networkName, VirtualNetworkResourceName) locks.ByName(name, SubnetResourceName) defer locks.UnlockByName(name, SubnetResourceName) - future, err := client.Delete(ctx, resGroup, vnetName, name) + future, err := client.Delete(ctx, resourceGroup, networkName, name) if err != nil { - return fmt.Errorf("Error deleting Subnet %q (Virtual Network %q / Resource Group %q): %+v", name, vnetName, resGroup, err) + return fmt.Errorf("Error deleting Subnet %q (Virtual Network %q / Resource Group %q): %+v", name, networkName, resourceGroup, err) } if err = future.WaitForCompletionRef(ctx, client.Client); err != nil { - return fmt.Errorf("Error waiting for completion for Subnet %q (Virtual Network %q / Resource Group %q): %+v", name, vnetName, resGroup, err) + return fmt.Errorf("Error waiting for deletion of Subnet %q (Virtual Network %q / Resource Group %q): %+v", name, networkName, resourceGroup, err) } return nil } -func expandSubnetServiceEndpoints(d *schema.ResourceData) []network.ServiceEndpointPropertiesFormat { - serviceEndpoints := d.Get("service_endpoints").([]interface{}) +func expandSubnetServiceEndpoints(input []interface{}) *[]network.ServiceEndpointPropertiesFormat { endpoints := make([]network.ServiceEndpointPropertiesFormat, 0) - for _, svcEndpointRaw := range serviceEndpoints { + for _, svcEndpointRaw := range input { if svc, ok := svcEndpointRaw.(string); ok { endpoint := network.ServiceEndpointPropertiesFormat{ Service: &svc, @@ -425,7 +368,7 @@ func expandSubnetServiceEndpoints(d *schema.ResourceData) []network.ServiceEndpo } } - return endpoints + return &endpoints } func flattenSubnetServiceEndpoints(serviceEndpoints *[]network.ServiceEndpointPropertiesFormat) []string { @@ -444,23 +387,10 @@ func flattenSubnetServiceEndpoints(serviceEndpoints *[]network.ServiceEndpointPr return endpoints } -func flattenSubnetIPConfigurations(ipConfigurations *[]network.IPConfiguration) []string { - ips := make([]string, 0) - - if ipConfigurations != nil { - for _, ip := range *ipConfigurations { - ips = append(ips, *ip.ID) - } - } - - return ips -} - -func expandSubnetDelegation(d *schema.ResourceData) []network.Delegation { - delegations := d.Get("delegation").([]interface{}) +func expandSubnetDelegation(input []interface{}) *[]network.Delegation { retDelegations := make([]network.Delegation, 0) - for _, deleValue := range delegations { + for _, deleValue := range input { deleData := deleValue.(map[string]interface{}) deleName := deleData["name"].(string) srvDelegations := deleData["service_delegation"].([]interface{}) @@ -485,7 +415,7 @@ func expandSubnetDelegation(d *schema.ResourceData) []network.Delegation { retDelegations = append(retDelegations, retDelegation) } - return retDelegations + return &retDelegations } func flattenSubnetDelegation(delegations *[]network.Delegation) []interface{} { @@ -522,3 +452,27 @@ func flattenSubnetDelegation(delegations *[]network.Delegation) []interface{} { return retDeles } + +// TODO: confirm this logic below + +func expandSubnetPrivateLinkNetworkPolicy(enabled bool) *string { + // This is strange logic, but to get the schema to make sense for the end user + // I exposed it with the same name that the Azure CLI does to be consistent + // between the tool sets, which means true == Disabled. + if enabled { + return utils.String("Disabled") + } + + return utils.String("Enabled") +} + +func flattenSubnetPrivateLinkNetworkPolicy(input *string) bool { + // This is strange logic, but to get the schema to make sense for the end user + // I exposed it with the same name that the Azure CLI does to be consistent + // between the tool sets, which means true == Disabled. + if input == nil { + return false + } + + return strings.EqualFold(*input, "Disabled") +} diff --git a/azurerm/internal/services/network/tests/data_source_subnet_test.go b/azurerm/internal/services/network/tests/data_source_subnet_test.go index 89440f431cfa..c4aab9677713 100644 --- a/azurerm/internal/services/network/tests/data_source_subnet_test.go +++ b/azurerm/internal/services/network/tests/data_source_subnet_test.go @@ -8,7 +8,7 @@ import ( "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance" ) -func TestAccDataSourceAzureRMSubnet_basic(t *testing.T) { +func TestAccDataSourceSubnet_basic(t *testing.T) { data := acceptance.BuildTestData(t, "data.azurerm_subnet", "test") resource.ParallelTest(t, resource.TestCase{ @@ -16,7 +16,7 @@ func TestAccDataSourceAzureRMSubnet_basic(t *testing.T) { Providers: acceptance.SupportedProviders, Steps: []resource.TestStep{ { - Config: testAccDataSourceAzureRMSubnet_basic(data), + Config: testAccDataSourceSubnet_basic(data), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet(data.ResourceName, "name"), resource.TestCheckResourceAttrSet(data.ResourceName, "resource_group_name"), @@ -30,7 +30,7 @@ func TestAccDataSourceAzureRMSubnet_basic(t *testing.T) { }) } -func TestAccDataSourceAzureRMSubnet_networkSecurityGroup(t *testing.T) { +func TestAccDataSourceSubnet_networkSecurityGroup(t *testing.T) { data := acceptance.BuildTestData(t, "data.azurerm_subnet", "test") resource.ParallelTest(t, resource.TestCase{ @@ -38,7 +38,11 @@ func TestAccDataSourceAzureRMSubnet_networkSecurityGroup(t *testing.T) { Providers: acceptance.SupportedProviders, Steps: []resource.TestStep{ { - Config: testAccDataSourceAzureRMSubnet_networkSecurityGroup(data), + // since the network security group association is a separate resource this forces it + Config: testAccDataSourceSubnet_networkSecurityGroupDependencies(data), + }, + { + Config: testAccDataSourceSubnet_networkSecurityGroup(data), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet(data.ResourceName, "name"), resource.TestCheckResourceAttrSet(data.ResourceName, "resource_group_name"), @@ -52,7 +56,7 @@ func TestAccDataSourceAzureRMSubnet_networkSecurityGroup(t *testing.T) { }) } -func TestAccDataSourceAzureRMSubnet_routeTable(t *testing.T) { +func TestAccDataSourceSubnet_routeTable(t *testing.T) { data := acceptance.BuildTestData(t, "data.azurerm_subnet", "test") resource.ParallelTest(t, resource.TestCase{ @@ -60,21 +64,25 @@ func TestAccDataSourceAzureRMSubnet_routeTable(t *testing.T) { Providers: acceptance.SupportedProviders, Steps: []resource.TestStep{ { - Config: testAccDataSourceAzureRMSubnet_routeTable(data), + // since the route table association is a separate resource this forces it + Config: testAccDataSourceSubnet_routeTableDependencies(data), + }, + { + Config: testAccDataSourceSubnet_routeTable(data), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet(data.ResourceName, "name"), resource.TestCheckResourceAttrSet(data.ResourceName, "resource_group_name"), resource.TestCheckResourceAttrSet(data.ResourceName, "virtual_network_name"), resource.TestCheckResourceAttrSet(data.ResourceName, "address_prefix"), - resource.TestCheckResourceAttr(data.ResourceName, "network_security_group_id", ""), resource.TestCheckResourceAttrSet(data.ResourceName, "route_table_id"), + resource.TestCheckResourceAttr(data.ResourceName, "network_security_group_id", ""), ), }, }, }) } -func TestAccDataSourceAzureRMSubnet_serviceEndpoints(t *testing.T) { +func TestAccDataSourceSubnet_serviceEndpoints(t *testing.T) { data := acceptance.BuildTestData(t, "data.azurerm_subnet", "test") resource.ParallelTest(t, resource.TestCase{ @@ -82,7 +90,7 @@ func TestAccDataSourceAzureRMSubnet_serviceEndpoints(t *testing.T) { Providers: acceptance.SupportedProviders, Steps: []resource.TestStep{ { - Config: testAccDataSourceAzureRMSubnet_serviceEndpoints(data), + Config: testAccDataSourceSubnet_serviceEndpoint(data), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet(data.ResourceName, "name"), resource.TestCheckResourceAttrSet(data.ResourceName, "resource_group_name"), @@ -99,46 +107,35 @@ func TestAccDataSourceAzureRMSubnet_serviceEndpoints(t *testing.T) { }) } -func testAccDataSourceAzureRMSubnet_basic(data acceptance.TestData) string { +func testAccDataSourceSubnet_basic(data acceptance.TestData) string { + template := testAccDataSourceSubnet_template(data) return fmt.Sprintf(` -resource "azurerm_resource_group" "test" { - name = "acctest%d-rg" - location = "%s" -} - -resource "azurerm_virtual_network" "test" { - name = "acctest%d-vn" - address_space = ["10.0.0.0/16"] - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" -} - -resource "azurerm_subnet" "test" { - name = "acctest%d-private" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" - address_prefix = "10.0.0.0/24" -} +%s data "azurerm_subnet" "test" { - name = "${azurerm_subnet.test.name}" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" + name = azurerm_subnet.test.name + virtual_network_name = azurerm_subnet.test.virtual_network_name + resource_group_name = azurerm_subnet.test.resource_group_name } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) +`, template) } -func testAccDataSourceAzureRMSubnet_networkSecurityGroup(data acceptance.TestData) string { +func testAccDataSourceSubnet_networkSecurityGroupDependencies(data acceptance.TestData) string { + template := testAccDataSourceSubnet_template(data) return fmt.Sprintf(` -resource "azurerm_resource_group" "test" { - name = "acctest%d-rg" - location = "%s" +%s + +resource "azurerm_subnet" "test" { + name = "internal" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefix = "10.0.0.0/24" } resource "azurerm_network_security_group" "test" { name = "acctestnsg%d" - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name security_rule { name = "test123" @@ -153,98 +150,96 @@ resource "azurerm_network_security_group" "test" { } } -resource "azurerm_virtual_network" "test" { - name = "acctest%d-vn" - address_space = ["10.0.0.0/16"] - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" +resource "azurerm_subnet_network_security_group_association" "test" { + subnet_id = azurerm_subnet.test.id + network_security_group_id = azurerm_network_security_group.test.id } - -resource "azurerm_subnet" "test" { - name = "acctest%d-private" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" - address_prefix = "10.0.0.0/24" - network_security_group_id = "${azurerm_network_security_group.test.id}" +`, template, data.RandomInteger) } +func testAccDataSourceSubnet_networkSecurityGroup(data acceptance.TestData) string { + template := testAccDataSourceSubnet_networkSecurityGroupDependencies(data) + return fmt.Sprintf(` +%s + data "azurerm_subnet" "test" { - name = "${azurerm_subnet.test.name}" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" + name = azurerm_subnet.test.name + virtual_network_name = azurerm_subnet.test.virtual_network_name + resource_group_name = azurerm_subnet.test.resource_group_name } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger) +`, template) } -func testAccDataSourceAzureRMSubnet_routeTable(data acceptance.TestData) string { +func testAccDataSourceSubnet_routeTableDependencies(data acceptance.TestData) string { + template := testAccDataSourceSubnet_template(data) return fmt.Sprintf(` -resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" +%s + +resource "azurerm_subnet" "test" { + name = "internal" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefix = "10.0.0.0/24" } resource "azurerm_route_table" "test" { - name = "acctest-%d" - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" + name = "acctestrt-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name route { - name = "acctest-%d" + name = "first" address_prefix = "10.100.0.0/14" next_hop_type = "VirtualAppliance" next_hop_in_ip_address = "10.10.1.1" } } -resource "azurerm_virtual_network" "test" { - name = "acctestvirtnet%d" - address_space = ["10.0.0.0/16"] - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" +resource "azurerm_subnet_route_table_association" "test" { + subnet_id = azurerm_subnet.test.id + route_table_id = azurerm_route_table.test.id +} +`, template, data.RandomInteger) } -resource "azurerm_subnet" "test" { - name = "acctestsubnet%d" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" - address_prefix = "10.0.2.0/24" - route_table_id = "${azurerm_route_table.test.id}" +func testAccDataSourceSubnet_routeTable(data acceptance.TestData) string { + template := testAccDataSourceSubnet_routeTableDependencies(data) + return fmt.Sprintf(` +%s + +data "azurerm_subnet" "test" { + name = azurerm_subnet.test.name + virtual_network_name = azurerm_subnet.test.virtual_network_name + resource_group_name = azurerm_subnet.test.resource_group_name +} +`, template) } +func testAccDataSourceSubnet_serviceEndpoint(data acceptance.TestData) string { + template := testAccAzureRMSubnet_serviceEndpointsUpdated(data) + return fmt.Sprintf(` +%s + data "azurerm_subnet" "test" { - name = "${azurerm_subnet.test.name}" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" + name = azurerm_subnet.test.name + virtual_network_name = azurerm_subnet.test.virtual_network_name + resource_group_name = azurerm_subnet.test.resource_group_name } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger) +`, template) } -func testAccDataSourceAzureRMSubnet_serviceEndpoints(data acceptance.TestData) string { +func testAccDataSourceSubnet_template(data acceptance.TestData) string { return fmt.Sprintf(` resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" + name = "acctest%d-rg" location = "%s" } resource "azurerm_virtual_network" "test" { - name = "acctestvirtnet%d" + name = "acctest%d-vn" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location address_space = ["10.0.0.0/16"] - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" -} - -resource "azurerm_subnet" "test" { - name = "acctestsubnet%d" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" - address_prefix = "10.0.2.0/24" - service_endpoints = ["Microsoft.Sql", "Microsoft.Storage"] -} - -data "azurerm_subnet" "test" { - name = "${azurerm_subnet.test.name}" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger) } diff --git a/azurerm/internal/services/network/tests/resource_arm_route_table_test.go b/azurerm/internal/services/network/tests/resource_arm_route_table_test.go index e69d34553a31..b84133563c55 100644 --- a/azurerm/internal/services/network/tests/resource_arm_route_table_test.go +++ b/azurerm/internal/services/network/tests/resource_arm_route_table_test.go @@ -265,34 +265,6 @@ func TestAccAzureRMRouteTable_multipleRoutes(t *testing.T) { }) } -func TestAccAzureRMRouteTable_withTagsSubnet(t *testing.T) { - data := acceptance.BuildTestData(t, "azurerm_route_table", "test") - - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { acceptance.PreCheck(t) }, - Providers: acceptance.SupportedProviders, - CheckDestroy: testCheckAzureRMRouteTableDestroy, - Steps: []resource.TestStep{ - { - Config: testAccAzureRMRouteTable_withTagsSubnet(data), - Check: resource.ComposeTestCheckFunc( - testCheckAzureRMRouteTableExists("azurerm_route_table.test"), - testCheckAzureRMSubnetExists("azurerm_subnet.subnet1"), - resource.TestCheckResourceAttrSet("azurerm_subnet.subnet1", "route_table_id"), - ), - }, - { - Config: testAccAzureRMRouteTable_withAddTagsSubnet(data), - Check: resource.ComposeTestCheckFunc( - testCheckAzureRMRouteTableExists("azurerm_route_table.test"), - testCheckAzureRMSubnetExists("azurerm_subnet.subnet1"), - resource.TestCheckResourceAttrSet("azurerm_subnet.subnet1", "route_table_id"), - ), - }, - }, - }) -} - func testCheckAzureRMRouteTableExists(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[resourceName] @@ -582,102 +554,3 @@ resource "azurerm_route_table" "test" { } `, data.RandomInteger, data.Locations.Primary, data.RandomInteger) } - -func testAccAzureRMRouteTable_withTagsSubnet(data acceptance.TestData) string { - return fmt.Sprintf(` -resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" - - tags = { - environment = "staging" - } -} - -resource "azurerm_virtual_network" "test" { - name = "acctestvirtnet%d" - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" - address_space = ["10.0.0.0/16"] - - tags = { - environment = "staging" - } -} - -resource "azurerm_subnet" "subnet1" { - name = "subnet1" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" - address_prefix = "10.0.1.0/24" - route_table_id = "${azurerm_route_table.test.id}" -} - -resource "azurerm_route_table" "test" { - name = "acctestrt%d" - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" - - route { - name = "route1" - address_prefix = "10.1.0.0/16" - next_hop_type = "vnetlocal" - } - - tags = { - environment = "staging" - } -} -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) -} - -func testAccAzureRMRouteTable_withAddTagsSubnet(data acceptance.TestData) string { - return fmt.Sprintf(` -resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" - - tags = { - environment = "staging" - cloud = "Azure" - } -} - -resource "azurerm_virtual_network" "test" { - name = "acctestvirtnet%d" - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" - address_space = ["10.0.0.0/16"] - - tags = { - environment = "staging" - cloud = "Azure" - } -} - -resource "azurerm_subnet" "subnet1" { - name = "subnet1" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" - address_prefix = "10.0.1.0/24" - route_table_id = "${azurerm_route_table.test.id}" -} - -resource "azurerm_route_table" "test" { - name = "acctestrt%d" - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" - - route { - name = "route1" - address_prefix = "10.1.0.0/16" - next_hop_type = "vnetlocal" - } - - tags = { - environment = "staging" - cloud = "Azure" - } -} -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) -} diff --git a/azurerm/internal/services/network/tests/resource_arm_subnet_nat_gateway_association_test.go b/azurerm/internal/services/network/tests/resource_arm_subnet_nat_gateway_association_test.go index 86ff7f597aca..2a2f2c12fdc7 100644 --- a/azurerm/internal/services/network/tests/resource_arm_subnet_nat_gateway_association_test.go +++ b/azurerm/internal/services/network/tests/resource_arm_subnet_nat_gateway_association_test.go @@ -55,7 +55,7 @@ func TestAccAzureRMSubnetNatGatewayAssociation_requiresImport(t *testing.T) { }, { Config: testAccAzureRMSubnetNatGatewayAssociation_requiresImport(data), - ExpectError: acceptance.RequiresImportError(""), + ExpectError: acceptance.RequiresImportError(data.ResourceType), }, }, }) @@ -83,6 +83,33 @@ func TestAccAzureRMSubnetNatGatewayAssociation_deleted(t *testing.T) { }) } +func TestAccAzureRMSubnetNatGatewayAssociation_updateSubnet(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_subnet_nat_gateway_association", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + // intentional since this is a virtual resource + CheckDestroy: testCheckAzureRMSubnetDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMSubnetNatGatewayAssociation_basic(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMSubnetNatGatewayAssociationExists(data.ResourceName), + ), + }, + data.ImportStep(), + { + Config: testAccAzureRMSubnetNatGatewayAssociation_updateSubnet(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMSubnetNatGatewayAssociationExists(data.ResourceName), + ), + }, + data.ImportStep(), + }, + }) +} + func testCheckAzureRMSubnetNatGatewayAssociationExists(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { client := acceptance.AzureProvider.Meta().(*clients.Client).Network.SubnetsClient @@ -207,37 +234,22 @@ func testCheckAzureRMSubnetHasNoNatGateways(resourceName string) resource.TestCh } func testAccAzureRMSubnetNatGatewayAssociation_basic(data acceptance.TestData) string { + template := testAccAzureRMSubnetNatGatewayAssociation_template(data) return fmt.Sprintf(` -resource "azurerm_resource_group" "test" { - name = "acctestRG-network-%d" - location = "%s" -} - -resource "azurerm_virtual_network" "test" { - name = "acctestvn-%d" - address_space = ["10.0.0.0/16"] - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" -} +%s resource "azurerm_subnet" "test" { - name = "acctestsubnet-%d" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" + name = "internal" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name address_prefix = "10.0.2.0/24" } -resource "azurerm_nat_gateway" "test" { - name = "acctest-%d" - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" -} - resource "azurerm_subnet_nat_gateway_association" "test" { - subnet_id = "${azurerm_subnet.test.id}" - nat_gateway_id = "${azurerm_nat_gateway.test.id}" + subnet_id = azurerm_subnet.test.id + nat_gateway_id = azurerm_nat_gateway.test.id } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger) +`, template) } func testAccAzureRMSubnetNatGatewayAssociation_requiresImport(data acceptance.TestData) string { @@ -246,8 +258,51 @@ func testAccAzureRMSubnetNatGatewayAssociation_requiresImport(data acceptance.Te %s resource "azurerm_subnet_nat_gateway_association" "import" { - subnet_id = "${azurerm_subnet_nat_gateway_association.test.subnet_id}" - nat_gateway_id = "${azurerm_subnet_nat_gateway_association.test.nat_gateway_id}" + subnet_id = azurerm_subnet_nat_gateway_association.test.subnet_id + nat_gateway_id = azurerm_subnet_nat_gateway_association.test.nat_gateway_id +} +`, template) +} + +func testAccAzureRMSubnetNatGatewayAssociation_updateSubnet(data acceptance.TestData) string { + template := testAccAzureRMSubnetNatGatewayAssociation_template(data) + return fmt.Sprintf(` +%s + +resource "azurerm_subnet" "test" { + name = "internal" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefix = "10.0.2.0/24" + + enforce_private_link_endpoint_network_policies = true +} + +resource "azurerm_subnet_nat_gateway_association" "test" { + subnet_id = azurerm_subnet.test.id + nat_gateway_id = azurerm_nat_gateway.test.id } `, template) } + +func testAccAzureRMSubnetNatGatewayAssociation_template(data acceptance.TestData) string { + return fmt.Sprintf(` +resource "azurerm_resource_group" "test" { + name = "acctestRG-network-%d" + location = "%s" +} + +resource "azurerm_virtual_network" "test" { + name = "acctestvn-%d" + address_space = ["10.0.0.0/16"] + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name +} + +resource "azurerm_nat_gateway" "test" { + name = "acctest-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) +} diff --git a/azurerm/internal/services/network/tests/resource_arm_subnet_network_security_group_association_test.go b/azurerm/internal/services/network/tests/resource_arm_subnet_network_security_group_association_test.go index 016a9e30c961..960cc88e7c94 100644 --- a/azurerm/internal/services/network/tests/resource_arm_subnet_network_security_group_association_test.go +++ b/azurerm/internal/services/network/tests/resource_arm_subnet_network_security_group_association_test.go @@ -61,6 +61,33 @@ func TestAccAzureRMSubnetNetworkSecurityGroupAssociation_requiresImport(t *testi }) } +func TestAccAzureRMSubnetNetworkSecurityGroupAssociation_updateSubnet(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_subnet_network_security_group_association", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + // intentional as this is a Virtual Resource + CheckDestroy: testCheckAzureRMSubnetDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMSubnetNetworkSecurityGroupAssociation_basic(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMSubnetNetworkSecurityGroupAssociationExists(data.ResourceName), + ), + }, + data.ImportStep(), + { + Config: testAccAzureRMSubnetNetworkSecurityGroupAssociation_updateSubnet(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMSubnetNetworkSecurityGroupAssociationExists(data.ResourceName), + ), + }, + data.ImportStep(), + }, + }) +} + func TestAccAzureRMSubnetNetworkSecurityGroupAssociation_deleted(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_subnet_network_security_group_association", "test") @@ -212,6 +239,58 @@ func testCheckAzureRMSubnetHasNoNetworkSecurityGroup(resourceName string) resour } func testAccAzureRMSubnetNetworkSecurityGroupAssociation_basic(data acceptance.TestData) string { + template := testAccAzureRMSubnetNetworkSecurityGroupAssociation_template(data) + return fmt.Sprintf(` +%s + +resource "azurerm_subnet" "test" { + name = "internal" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefix = "10.0.2.0/24" +} + +resource "azurerm_subnet_network_security_group_association" "test" { + subnet_id = azurerm_subnet.test.id + network_security_group_id = azurerm_network_security_group.test.id +} +`, template) +} + +func testAccAzureRMSubnetNetworkSecurityGroupAssociation_requiresImport(data acceptance.TestData) string { + template := testAccAzureRMSubnetNetworkSecurityGroupAssociation_basic(data) + return fmt.Sprintf(` +%s + +resource "azurerm_subnet_network_security_group_association" "internal" { + subnet_id = azurerm_subnet_network_security_group_association.test.subnet_id + network_security_group_id = azurerm_subnet_network_security_group_association.test.network_security_group_id +} +`, template) +} + +func testAccAzureRMSubnetNetworkSecurityGroupAssociation_updateSubnet(data acceptance.TestData) string { + template := testAccAzureRMSubnetNetworkSecurityGroupAssociation_template(data) + return fmt.Sprintf(` +%s + +resource "azurerm_subnet" "test" { + name = "internal" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefix = "10.0.2.0/24" + + enforce_private_link_endpoint_network_policies = true +} + +resource "azurerm_subnet_network_security_group_association" "test" { + subnet_id = azurerm_subnet.test.id + network_security_group_id = azurerm_network_security_group.test.id +} +`, template) +} + +func testAccAzureRMSubnetNetworkSecurityGroupAssociation_template(data acceptance.TestData) string { return fmt.Sprintf(` resource "azurerm_resource_group" "test" { name = "acctestRG-%d" @@ -225,14 +304,6 @@ resource "azurerm_virtual_network" "test" { resource_group_name = "${azurerm_resource_group.test.name}" } -resource "azurerm_subnet" "test" { - name = "acctestsubnet%d" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" - address_prefix = "10.0.2.0/24" - network_security_group_id = "${azurerm_network_security_group.test.id}" -} - resource "azurerm_network_security_group" "test" { name = "acctestnsg%d" location = "${azurerm_resource_group.test.location}" @@ -250,18 +321,5 @@ resource "azurerm_network_security_group" "test" { destination_address_prefix = "*" } } - -resource "azurerm_subnet_network_security_group_association" "test" { - subnet_id = "${azurerm_subnet.test.id}" - network_security_group_id = "${azurerm_network_security_group.test.id}" -} -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger) -} - -func testAccAzureRMSubnetNetworkSecurityGroupAssociation_requiresImport(data acceptance.TestData) string { - template := testAccAzureRMSubnetNetworkSecurityGroupAssociation_basic(data) - return fmt.Sprintf(` -%s - -`, template) +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) } diff --git a/azurerm/internal/services/network/tests/resource_arm_subnet_route_table_association_test.go b/azurerm/internal/services/network/tests/resource_arm_subnet_route_table_association_test.go index b6602d29c7f6..8e539fcc3080 100644 --- a/azurerm/internal/services/network/tests/resource_arm_subnet_route_table_association_test.go +++ b/azurerm/internal/services/network/tests/resource_arm_subnet_route_table_association_test.go @@ -32,6 +32,7 @@ func TestAccAzureRMSubnetRouteTableAssociation_basic(t *testing.T) { }, }) } + func TestAccAzureRMSubnetRouteTableAssociation_requiresImport(t *testing.T) { if !features.ShouldResourcesBeImported() { t.Skip("Skipping since resources aren't required to be imported") @@ -54,12 +55,39 @@ func TestAccAzureRMSubnetRouteTableAssociation_requiresImport(t *testing.T) { }, { Config: testAccAzureRMSubnetRouteTableAssociation_requiresImport(data), - ExpectError: acceptance.RequiresImportError(""), + ExpectError: acceptance.RequiresImportError("azurerm_subnet_route_table_association"), }, }, }) } +func TestAccAzureRMSubnetRouteTableAssociation_updateSubnet(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_subnet_route_table_association", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + // intentional since this is a Virtual Resource + CheckDestroy: testCheckAzureRMSubnetDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMSubnetRouteTableAssociation_basic(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMSubnetRouteTableAssociationExists(data.ResourceName), + ), + }, + data.ImportStep(), + { + Config: testAccAzureRMSubnetRouteTableAssociation_updateSubnet(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMSubnetRouteTableAssociationExists(data.ResourceName), + ), + }, + data.ImportStep(), + }, + }) +} + func TestAccAzureRMSubnetRouteTableAssociation_deleted(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_subnet_route_table_association", "test") @@ -211,45 +239,22 @@ func testCheckAzureRMSubnetHasNoRouteTable(resourceName string) resource.TestChe } func testAccAzureRMSubnetRouteTableAssociation_basic(data acceptance.TestData) string { + template := testAccAzureRMSubnetRouteTableAssociation_template(data) return fmt.Sprintf(` -resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" -} - -resource "azurerm_virtual_network" "test" { - name = "acctestvirtnet%d" - address_space = ["10.0.0.0/16"] - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" -} +%s resource "azurerm_subnet" "test" { - name = "acctestsubnet%d" + name = "internal" resource_group_name = "${azurerm_resource_group.test.name}" virtual_network_name = "${azurerm_virtual_network.test.name}" address_prefix = "10.0.2.0/24" - route_table_id = "${azurerm_route_table.test.id}" -} - -resource "azurerm_route_table" "test" { - name = "acctest-%d" - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" - - route { - name = "acctest-%d" - address_prefix = "10.100.0.0/14" - next_hop_type = "VirtualAppliance" - next_hop_in_ip_address = "10.10.1.1" - } } resource "azurerm_subnet_route_table_association" "test" { - subnet_id = "${azurerm_subnet.test.id}" - route_table_id = "${azurerm_route_table.test.id}" + subnet_id = azurerm_subnet.test.id + route_table_id = azurerm_route_table.test.id } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger) +`, template) } func testAccAzureRMSubnetRouteTableAssociation_requiresImport(data acceptance.TestData) string { @@ -258,8 +263,57 @@ func testAccAzureRMSubnetRouteTableAssociation_requiresImport(data acceptance.Te %s resource "azurerm_subnet_route_table_association" "import" { - subnet_id = "${azurerm_subnet_route_table_association.test.subnet_id}" - route_table_id = "${azurerm_subnet_route_table_association.test.route_table_id}" + subnet_id = azurerm_subnet_route_table_association.test.subnet_id + route_table_id = azurerm_subnet_route_table_association.test.route_table_id +} +`, template) +} + +func testAccAzureRMSubnetRouteTableAssociation_updateSubnet(data acceptance.TestData) string { + template := testAccAzureRMSubnetRouteTableAssociation_template(data) + return fmt.Sprintf(` +%s +resource "azurerm_subnet" "test" { + name = "internal" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefix = "10.0.2.0/24" + + enforce_private_link_endpoint_network_policies = true +} + +resource "azurerm_subnet_route_table_association" "test" { + subnet_id = azurerm_subnet.test.id + route_table_id = azurerm_route_table.test.id } `, template) } + +func testAccAzureRMSubnetRouteTableAssociation_template(data acceptance.TestData) string { + return fmt.Sprintf(` +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +resource "azurerm_virtual_network" "test" { + name = "acctestvirtnet%d" + address_space = ["10.0.0.0/16"] + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name +} + +resource "azurerm_route_table" "test" { + name = "acctest-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + + route { + name = "first" + address_prefix = "10.100.0.0/14" + next_hop_type = "VirtualAppliance" + next_hop_in_ip_address = "10.10.1.1" + } +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) +} diff --git a/azurerm/internal/services/network/tests/resource_arm_subnet_test.go b/azurerm/internal/services/network/tests/resource_arm_subnet_test.go index d2334f1eecb2..3e72723ecf97 100644 --- a/azurerm/internal/services/network/tests/resource_arm_subnet_test.go +++ b/azurerm/internal/services/network/tests/resource_arm_subnet_test.go @@ -3,7 +3,6 @@ package tests import ( "fmt" "log" - "strings" "testing" "github.com/hashicorp/go-azure-helpers/response" @@ -61,7 +60,7 @@ func TestAccAzureRMSubnet_requiresImport(t *testing.T) { }) } -func TestAccAzureRMSubnet_delegation(t *testing.T) { +func TestAccAzureRMSubnet_disappears(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_subnet", "test") resource.ParallelTest(t, resource.TestCase{ @@ -70,17 +69,18 @@ func TestAccAzureRMSubnet_delegation(t *testing.T) { CheckDestroy: testCheckAzureRMSubnetDestroy, Steps: []resource.TestStep{ { - Config: testAccAzureRMSubnet_delegation(data), + Config: testAccAzureRMSubnet_basic(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMSubnetExists(data.ResourceName), - resource.TestCheckResourceAttr(data.ResourceName, "delegation.#", "1"), + testCheckAzureRMSubnetDisappears(data.ResourceName), ), + ExpectNonEmptyPlan: true, }, }, }) } -func TestAccAzureRMSubnet_delegationComputedActions(t *testing.T) { +func TestAccAzureRMSubnet_delegation(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_subnet", "test") resource.ParallelTest(t, resource.TestCase{ @@ -89,42 +89,38 @@ func TestAccAzureRMSubnet_delegationComputedActions(t *testing.T) { CheckDestroy: testCheckAzureRMSubnetDestroy, Steps: []resource.TestStep{ { - Config: testAccAzureRMSubnet_delegationComputedActions(data), + Config: testAccAzureRMSubnet_delegation(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMSubnetExists(data.ResourceName), - resource.TestCheckResourceAttr(data.ResourceName, "delegation.#", "1"), ), }, - }, - }) -} - -func TestAccAzureRMSubnet_routeTableUpdate(t *testing.T) { - data := acceptance.BuildTestData(t, "azurerm_subnet", "test") - - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { acceptance.PreCheck(t) }, - Providers: acceptance.SupportedProviders, - CheckDestroy: testCheckAzureRMSubnetDestroy, - Steps: []resource.TestStep{ + data.ImportStep(), { - Config: testAccAzureRMSubnet_routeTable(data), + Config: testAccAzureRMSubnet_delegationUpdated(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMSubnetExists(data.ResourceName), ), }, - + data.ImportStep(), + { + Config: testAccAzureRMSubnet_basic(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMSubnetExists(data.ResourceName), + ), + }, + data.ImportStep(), { - Config: testAccAzureRMSubnet_updatedRouteTable(data), + Config: testAccAzureRMSubnet_delegation(data), Check: resource.ComposeTestCheckFunc( - testCheckAzureRMSubnetRouteTableExists(data.ResourceName, fmt.Sprintf("acctest-%d", data.RandomInteger)), + testCheckAzureRMSubnetExists(data.ResourceName), ), }, + data.ImportStep(), }, }) } -func TestAccAzureRMSubnet_routeTableRemove(t *testing.T) { +func TestAccAzureRMSubnet_enforcePrivateLinkEndpointNetworkPolicies(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_subnet", "test") resource.ParallelTest(t, resource.TestCase{ @@ -133,17 +129,23 @@ func TestAccAzureRMSubnet_routeTableRemove(t *testing.T) { CheckDestroy: testCheckAzureRMSubnetDestroy, Steps: []resource.TestStep{ { - Config: testAccAzureRMSubnet_routeTable(data), + Config: testAccAzureRMSubnet_enforcePrivateLinkEndpointNetworkPolicies(data, true), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMSubnetExists(data.ResourceName), + ), + }, + data.ImportStep(), + { + Config: testAccAzureRMSubnet_enforcePrivateLinkEndpointNetworkPolicies(data, false), Check: resource.ComposeTestCheckFunc( testCheckAzureRMSubnetExists(data.ResourceName), - resource.TestCheckResourceAttrSet(data.ResourceName, "route_table_id"), ), }, + data.ImportStep(), { - Config: testAccAzureRMSubnet_routeTableUnlinked(data), + Config: testAccAzureRMSubnet_enforcePrivateLinkEndpointNetworkPolicies(data, true), Check: resource.ComposeTestCheckFunc( testCheckAzureRMSubnetExists(data.ResourceName), - resource.TestCheckResourceAttr(data.ResourceName, "route_table_id", ""), ), }, data.ImportStep(), @@ -151,7 +153,7 @@ func TestAccAzureRMSubnet_routeTableRemove(t *testing.T) { }) } -func TestAccAzureRMSubnet_removeNetworkSecurityGroup(t *testing.T) { +func TestAccAzureRMSubnet_enforcePrivateLinkServiceNetworkPolicies(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_subnet", "test") resource.ParallelTest(t, resource.TestCase{ @@ -160,44 +162,31 @@ func TestAccAzureRMSubnet_removeNetworkSecurityGroup(t *testing.T) { CheckDestroy: testCheckAzureRMSubnetDestroy, Steps: []resource.TestStep{ { - Config: testAccAzureRMSubnet_networkSecurityGroup(data), + Config: testAccAzureRMSubnet_enforcePrivateLinkServiceNetworkPolicies(data, true), Check: resource.ComposeTestCheckFunc( testCheckAzureRMSubnetExists(data.ResourceName), - resource.TestCheckResourceAttrSet(data.ResourceName, "network_security_group_id"), ), }, + data.ImportStep(), { - Config: testAccAzureRMSubnet_networkSecurityGroupDetached(data), + Config: testAccAzureRMSubnet_enforcePrivateLinkServiceNetworkPolicies(data, false), Check: resource.ComposeTestCheckFunc( testCheckAzureRMSubnetExists(data.ResourceName), - resource.TestCheckResourceAttr(data.ResourceName, "network_security_group_id", ""), ), }, data.ImportStep(), - }, - }) -} - -func TestAccAzureRMSubnet_bug7986(t *testing.T) { - data := acceptance.BuildTestData(t, "azurerm_subnet", "test") - - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { acceptance.PreCheck(t) }, - Providers: acceptance.SupportedProviders, - CheckDestroy: testCheckAzureRMSubnetDestroy, - Steps: []resource.TestStep{ { - Config: testAccAzureRMSubnet_bug7986(data), + Config: testAccAzureRMSubnet_enforcePrivateLinkServiceNetworkPolicies(data, true), Check: resource.ComposeTestCheckFunc( - testCheckAzureRMSubnetExists("azurerm_subnet.first"), - testCheckAzureRMSubnetExists("azurerm_subnet.second"), + testCheckAzureRMSubnetExists(data.ResourceName), ), }, + data.ImportStep(), }, }) } -func TestAccAzureRMSubnet_bug15204(t *testing.T) { +func TestAccAzureRMSubnet_serviceEndpoints(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_subnet", "test") resource.ParallelTest(t, resource.TestCase{ @@ -206,55 +195,39 @@ func TestAccAzureRMSubnet_bug15204(t *testing.T) { CheckDestroy: testCheckAzureRMSubnetDestroy, Steps: []resource.TestStep{ { - Config: testAccAzureRMSubnet_bug15204(data), + Config: testAccAzureRMSubnet_serviceEndpoints(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMSubnetExists(data.ResourceName), ), }, - }, - }) -} - -func TestAccAzureRMSubnet_disappears(t *testing.T) { - data := acceptance.BuildTestData(t, "azurerm_subnet", "test") - - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { acceptance.PreCheck(t) }, - Providers: acceptance.SupportedProviders, - CheckDestroy: testCheckAzureRMSubnetDestroy, - Steps: []resource.TestStep{ + data.ImportStep(), { + Config: testAccAzureRMSubnet_serviceEndpointsUpdated(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMSubnetExists(data.ResourceName), + ), + }, + data.ImportStep(), + { + // remove them Config: testAccAzureRMSubnet_basic(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMSubnetExists(data.ResourceName), - testCheckAzureRMSubnetDisappears(data.ResourceName), ), - ExpectNonEmptyPlan: true, }, - }, - }) -} - -func TestAccAzureRMSubnet_serviceEndpoints(t *testing.T) { - data := acceptance.BuildTestData(t, "azurerm_subnet", "test") - - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { acceptance.PreCheck(t) }, - Providers: acceptance.SupportedProviders, - CheckDestroy: testCheckAzureRMSubnetDestroy, - Steps: []resource.TestStep{ + data.ImportStep(), { Config: testAccAzureRMSubnet_serviceEndpoints(data), Check: resource.ComposeTestCheckFunc( - testCheckAzureRMSubnetExists("azurerm_subnet.test"), - resource.TestCheckResourceAttr(data.ResourceName, "service_endpoints.#", "2"), + testCheckAzureRMSubnetExists(data.ResourceName), ), }, + data.ImportStep(), }, }) } -func TestAccAzureRMSubnet_serviceEndpointsVNetUpdate(t *testing.T) { +func TestAccAzureRMSubnet_updateAddressPrefix(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_subnet", "test") resource.ParallelTest(t, resource.TestCase{ @@ -263,19 +236,19 @@ func TestAccAzureRMSubnet_serviceEndpointsVNetUpdate(t *testing.T) { CheckDestroy: testCheckAzureRMSubnetDestroy, Steps: []resource.TestStep{ { - Config: testAccAzureRMSubnet_serviceEndpoints(data), + Config: testAccAzureRMSubnet_basic(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMSubnetExists(data.ResourceName), - resource.TestCheckResourceAttr(data.ResourceName, "service_endpoints.#", "2"), ), }, + data.ImportStep(), { - Config: testAccAzureRMSubnet_serviceEndpointsVNetUpdate(data), + Config: testAccAzureRMSubnet_updatedAddressPrefix(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMSubnetExists(data.ResourceName), - resource.TestCheckResourceAttr(data.ResourceName, "service_endpoints.#", "2"), ), }, + data.ImportStep(), }, }) } @@ -313,57 +286,6 @@ func testCheckAzureRMSubnetExists(resourceName string) resource.TestCheckFunc { } } -func testCheckAzureRMSubnetRouteTableExists(resourceName string, routeTableId string) resource.TestCheckFunc { - return func(s *terraform.State) error { - networksClient := acceptance.AzureProvider.Meta().(*clients.Client).Network.VnetClient - subnetsClient := acceptance.AzureProvider.Meta().(*clients.Client).Network.SubnetsClient - ctx := acceptance.AzureProvider.Meta().(*clients.Client).StopContext - - // Ensure we have enough information in state to look up in API - rs, ok := s.RootModule().Resources[resourceName] - if !ok { - return fmt.Errorf("Not found: %s", resourceName) - } - - log.Printf("[INFO] Checking Subnet update.") - - subnetName := rs.Primary.Attributes["name"] - vnetName := rs.Primary.Attributes["virtual_network_name"] - resourceGroup, hasResourceGroup := rs.Primary.Attributes["resource_group_name"] - if !hasResourceGroup { - return fmt.Errorf("Bad: no resource group found in state for subnet: %s", subnetName) - } - - vnetResp, vnetErr := networksClient.Get(ctx, resourceGroup, vnetName, "") - if vnetErr != nil { - return fmt.Errorf("Bad: Get on vnetClient: %+v", vnetErr) - } - - if vnetResp.Subnets == nil { - return fmt.Errorf("Bad: Vnet %q (resource group: %q) does not have subnets after update", vnetName, resourceGroup) - } - - resp, err := subnetsClient.Get(ctx, resourceGroup, vnetName, subnetName, "") - if err != nil { - if utils.ResponseWasNotFound(resp.Response) { - return fmt.Errorf("Bad: Subnet %q (resource group: %q) does not exist", subnetName, resourceGroup) - } - - return fmt.Errorf("Bad: Get on subnetClient: %+v", err) - } - - if resp.RouteTable == nil { - return fmt.Errorf("Bad: Subnet %q (resource group: %q) does not contain route tables after update", subnetName, resourceGroup) - } - - if !strings.Contains(*resp.RouteTable.ID, routeTableId) { - return fmt.Errorf("Bad: Subnet %q (resource group: %q) does not have route table %q", subnetName, resourceGroup, routeTableId) - } - - return nil - } -} - func testCheckAzureRMSubnetDisappears(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { client := acceptance.AzureProvider.Meta().(*clients.Client).Network.SubnetsClient @@ -423,451 +345,162 @@ func testCheckAzureRMSubnetDestroy(s *terraform.State) error { } func testAccAzureRMSubnet_basic(data acceptance.TestData) string { + template := testAccAzureRMSubnet_template(data) return fmt.Sprintf(` -resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" -} - -resource "azurerm_virtual_network" "test" { - name = "acctestvirtnet%d" - address_space = ["10.0.0.0/16"] - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" -} +%s resource "azurerm_subnet" "test" { - name = "acctestsubnet%d" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" + name = "internal" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name address_prefix = "10.0.2.0/24" } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) -} - -func testAccAzureRMSubnet_requiresImport(data acceptance.TestData) string { - template := testAccAzureRMSubnet_basic(data) - return fmt.Sprintf(` -%s - -resource "azurerm_subnet" "import" { - name = "${azurerm_subnet.test.name}" - resource_group_name = "${azurerm_subnet.test.resource_group_name}" - virtual_network_name = "${azurerm_subnet.test.virtual_network_name}" - address_prefix = "${azurerm_subnet.test.address_prefix}" -} `, template) } func testAccAzureRMSubnet_delegation(data acceptance.TestData) string { + template := testAccAzureRMSubnet_template(data) return fmt.Sprintf(` -resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" -} - -resource "azurerm_virtual_network" "test" { - name = "acctestvirtnet%d" - address_space = ["10.0.0.0/16"] - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" -} +%s resource "azurerm_subnet" "test" { - name = "acctestsubnet%d" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" + name = "internal" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name address_prefix = "10.0.2.0/24" delegation { - name = "acctestdelegation" + name = "first" service_delegation { - name = "Microsoft.ContainerInstance/containerGroups" - actions = ["Microsoft.Network/virtualNetworks/subnets/action"] + name = "Microsoft.ContainerInstance/containerGroups" + actions = [ + "Microsoft.Network/virtualNetworks/subnets/action", + ] } } } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) +`, template) } -func testAccAzureRMSubnet_delegationComputedActions(data acceptance.TestData) string { +func testAccAzureRMSubnet_delegationUpdated(data acceptance.TestData) string { + template := testAccAzureRMSubnet_template(data) return fmt.Sprintf(` -resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" -} - -resource "azurerm_virtual_network" "test" { - name = "acctestvirtnet%d" - address_space = ["10.0.0.0/16"] - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" -} +%s resource "azurerm_subnet" "test" { - name = "acctestsubnet%d" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" + name = "internal" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name address_prefix = "10.0.2.0/24" delegation { - name = "acctestdelegation" + name = "first" service_delegation { - name = "Microsoft.Sql/managedInstances" + name = "Microsoft.Databricks/workspaces" + actions = [ + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action", + "Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action", + ] } } } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) -} - -func testAccAzureRMSubnet_routeTable(data acceptance.TestData) string { - return fmt.Sprintf(` -resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" -} - -resource "azurerm_virtual_network" "test" { - name = "acctestvirtnet%d" - address_space = ["10.0.0.0/16"] - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" -} - -resource "azurerm_subnet" "test" { - name = "acctestsubnet%d" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" - address_prefix = "10.0.2.0/24" - route_table_id = "${azurerm_route_table.test.id}" -} - -resource "azurerm_route_table" "test" { - name = "acctest-%d" - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" - - route { - name = "acctest-%d" - address_prefix = "10.100.0.0/14" - next_hop_type = "VirtualAppliance" - next_hop_in_ip_address = "10.10.1.1" - } -} -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger) +`, template) } -func testAccAzureRMSubnet_routeTableUnlinked(data acceptance.TestData) string { +func testAccAzureRMSubnet_enforcePrivateLinkEndpointNetworkPolicies(data acceptance.TestData, enabled bool) string { + template := testAccAzureRMSubnet_template(data) return fmt.Sprintf(` -resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" -} - -resource "azurerm_virtual_network" "test" { - name = "acctestvirtnet%d" - address_space = ["10.0.0.0/16"] - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" -} +%s resource "azurerm_subnet" "test" { - name = "acctestsubnet%d" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" + name = "internal" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name address_prefix = "10.0.2.0/24" - route_table_id = "" -} - -resource "azurerm_route_table" "test" { - name = "acctest-%d" - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" - route { - name = "acctest-%d" - address_prefix = "10.100.0.0/14" - next_hop_type = "VirtualAppliance" - next_hop_in_ip_address = "10.10.1.1" - } + enforce_private_link_endpoint_network_policies = %t } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger) +`, template, enabled) } -func testAccAzureRMSubnet_updatedRouteTable(data acceptance.TestData) string { +func testAccAzureRMSubnet_enforcePrivateLinkServiceNetworkPolicies(data acceptance.TestData, enabled bool) string { + template := testAccAzureRMSubnet_template(data) return fmt.Sprintf(` -resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" - - tags = { - environment = "Testing" - } -} - -resource "azurerm_network_security_group" "test_secgroup" { - name = "acctest-%d" - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" - - security_rule { - name = "acctest-%d" - priority = 100 - direction = "Inbound" - access = "Allow" - protocol = "Tcp" - source_port_range = "*" - destination_port_range = "*" - source_address_prefix = "*" - destination_address_prefix = "*" - } - - tags = { - environment = "Testing" - } -} - -resource "azurerm_virtual_network" "test" { - name = "acctestvirtnet%d" - address_space = ["10.0.0.0/16"] - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" - - tags = { - environment = "Testing" - } -} +%s resource "azurerm_subnet" "test" { - name = "acctestsubnet%d" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" + name = "internal" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name address_prefix = "10.0.2.0/24" - route_table_id = "${azurerm_route_table.test.id}" -} - -resource "azurerm_route_table" "test" { - name = "acctest-%d" - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" - route { - name = "acctest-%d" - address_prefix = "10.100.0.0/14" - next_hop_type = "VirtualAppliance" - next_hop_in_ip_address = "10.10.1.1" - } - - tags = { - environment = "Testing" - } + enforce_private_link_service_network_policies = %t } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger) +`, template, enabled) } -func testAccAzureRMSubnet_networkSecurityGroup(data acceptance.TestData) string { +func testAccAzureRMSubnet_requiresImport(data acceptance.TestData) string { + template := testAccAzureRMSubnet_basic(data) return fmt.Sprintf(` -resource "azurerm_resource_group" "test" { - name = "acctest%d-rg" - location = "%s" -} - -resource "azurerm_network_security_group" "test" { - name = "acctestnsg%d" - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" - - security_rule { - name = "test123" - priority = 100 - direction = "Inbound" - access = "Allow" - protocol = "Tcp" - source_port_range = "*" - destination_port_range = "*" - source_address_prefix = "*" - destination_address_prefix = "*" - } -} - -resource "azurerm_virtual_network" "test" { - name = "acctest%d-vn" - address_space = ["10.0.0.0/16"] - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" -} +%s -resource "azurerm_subnet" "test" { - name = "acctest%d-private" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" - address_prefix = "10.0.0.0/24" - network_security_group_id = "${azurerm_network_security_group.test.id}" +resource "azurerm_subnet" "import" { + name = azurerm_subnet.test.name + resource_group_name = azurerm_subnet.test.resource_group_name + virtual_network_name = azurerm_subnet.test.virtual_network_name + address_prefix = azurerm_subnet.test.address_prefix } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger) +`, template) } -func testAccAzureRMSubnet_networkSecurityGroupDetached(data acceptance.TestData) string { +func testAccAzureRMSubnet_serviceEndpoints(data acceptance.TestData) string { + template := testAccAzureRMSubnet_template(data) return fmt.Sprintf(` -resource "azurerm_resource_group" "test" { - name = "acctest%d-rg" - location = "%s" -} - -resource "azurerm_network_security_group" "test" { - name = "acctestnsg%d" - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" - - security_rule { - name = "test123" - priority = 100 - direction = "Inbound" - access = "Allow" - protocol = "Tcp" - source_port_range = "*" - destination_port_range = "*" - source_address_prefix = "*" - destination_address_prefix = "*" - } -} - -resource "azurerm_virtual_network" "test" { - name = "acctest%d-vn" - address_space = ["10.0.0.0/16"] - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" -} +%s resource "azurerm_subnet" "test" { - name = "acctest%d-private" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" - address_prefix = "10.0.0.0/24" -} -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger) -} - -func testAccAzureRMSubnet_bug7986(data acceptance.TestData) string { - return fmt.Sprintf(` -resource "azurerm_resource_group" "test" { - name = "acctest%d-rg" - location = "%s" -} - -resource "azurerm_virtual_network" "test" { - name = "acctest%d-vn" - address_space = ["10.0.0.0/16"] - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" -} - -resource "azurerm_route_table" "first" { - name = "acctest%d-private-1" - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" - - route { - name = "acctest%d-private-1" - address_prefix = "0.0.0.0/0" - next_hop_type = "None" - } -} - -resource "azurerm_subnet" "first" { - name = "acctest%d-private-1" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" - address_prefix = "10.0.0.0/24" - route_table_id = "${azurerm_route_table.first.id}" -} - -resource "azurerm_route_table" "second" { - name = "acctest%d-private-2" - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" - - route { - name = "acctest%d-private-2" - address_prefix = "0.0.0.0/0" - next_hop_type = "None" - } -} - -resource "azurerm_subnet" "second" { - name = "acctest%d-private-2" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" - address_prefix = "10.0.1.0/24" - route_table_id = "${azurerm_route_table.second.id}" + name = "internal" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefix = "10.0.2.0/24" + service_endpoints = ["Microsoft.Sql"] } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger) +`, template) } -func testAccAzureRMSubnet_bug15204(data acceptance.TestData) string { +func testAccAzureRMSubnet_serviceEndpointsUpdated(data acceptance.TestData) string { + template := testAccAzureRMSubnet_template(data) return fmt.Sprintf(` -resource "azurerm_resource_group" "test" { - name = "acctest-%d" - location = "%s" -} - -resource "azurerm_virtual_network" "test" { - name = "acctestvn-%d" - address_space = ["10.85.0.0/16"] - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" -} - -resource "azurerm_network_security_group" "test" { - name = "acctestnsg-%d" - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" -} - -resource "azurerm_route_table" "test" { - name = "acctestrt-%d" - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" -} +%s resource "azurerm_subnet" "test" { - name = "acctestsubnet-%d" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" - address_prefix = "10.85.9.0/24" - route_table_id = "${azurerm_route_table.test.id}" - network_security_group_id = "${azurerm_network_security_group.test.id}" + name = "internal" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefix = "10.0.2.0/24" + service_endpoints = ["Microsoft.Sql", "Microsoft.Storage"] } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger) +`, template) } -func testAccAzureRMSubnet_serviceEndpoints(data acceptance.TestData) string { +func testAccAzureRMSubnet_updatedAddressPrefix(data acceptance.TestData) string { + template := testAccAzureRMSubnet_template(data) return fmt.Sprintf(` -resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" -} - -resource "azurerm_virtual_network" "test" { - name = "acctestvirtnet%d" - address_space = ["10.0.0.0/16"] - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" -} +%s resource "azurerm_subnet" "test" { - name = "acctestsubnet%d" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" - address_prefix = "10.0.2.0/24" - service_endpoints = ["Microsoft.Sql", "Microsoft.Storage"] + name = "internal" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefix = "10.0.3.0/24" } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) +`, template) } -func testAccAzureRMSubnet_serviceEndpointsVNetUpdate(data acceptance.TestData) string { +func testAccAzureRMSubnet_template(data acceptance.TestData) string { return fmt.Sprintf(` resource "azurerm_resource_group" "test" { name = "acctestRG-%d" @@ -877,20 +510,8 @@ resource "azurerm_resource_group" "test" { resource "azurerm_virtual_network" "test" { name = "acctestvirtnet%d" address_space = ["10.0.0.0/16"] - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" - - tags = { - Environment = "Staging" - } -} - -resource "azurerm_subnet" "test" { - name = "acctestsubnet%d" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" - address_prefix = "10.0.2.0/24" - service_endpoints = ["Microsoft.Sql", "Microsoft.Storage"] + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger) } diff --git a/azurerm/internal/services/network/tests/resource_arm_virtual_network_test.go b/azurerm/internal/services/network/tests/resource_arm_virtual_network_test.go index 353cda16a364..f146d9492512 100644 --- a/azurerm/internal/services/network/tests/resource_arm_virtual_network_test.go +++ b/azurerm/internal/services/network/tests/resource_arm_virtual_network_test.go @@ -163,24 +163,6 @@ func TestAccAzureRMVirtualNetwork_withTags(t *testing.T) { }) } -func TestAccAzureRMVirtualNetwork_bug373(t *testing.T) { - data := acceptance.BuildTestData(t, "azurerm_virtual_network", "test") - - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { acceptance.PreCheck(t) }, - Providers: acceptance.SupportedProviders, - CheckDestroy: testCheckAzureRMVirtualNetworkDestroy, - Steps: []resource.TestStep{ - { - Config: testAccAzureRMVirtualNetwork_bug373(data), - Check: resource.ComposeTestCheckFunc( - testCheckAzureRMVirtualNetworkExists(data.ResourceName), - ), - }, - }, - }) -} - func testCheckAzureRMVirtualNetworkExists(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { client := acceptance.AzureProvider.Meta().(*clients.Client).Network.VnetClient @@ -416,69 +398,3 @@ resource "azurerm_virtual_network" "test" { } `, data.RandomInteger, data.Locations.Primary, data.RandomInteger) } - -func testAccAzureRMVirtualNetwork_bug373(data acceptance.TestData) string { - return fmt.Sprintf(` -variable "environment" { - default = "TestVirtualNetworkBug373" -} - -variable "network_cidr" { - default = "10.0.0.0/16" -} - -resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" -} - -resource "azurerm_virtual_network" "test" { - name = "${azurerm_resource_group.test.name}-vnet" - resource_group_name = "${azurerm_resource_group.test.name}" - address_space = ["${var.network_cidr}"] - location = "${azurerm_resource_group.test.location}" - - tags = { - environment = "${var.environment}" - } -} - -resource "azurerm_subnet" "public" { - name = "${azurerm_resource_group.test.name}-subnet-public" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" - address_prefix = "10.0.1.0/24" - network_security_group_id = "${azurerm_network_security_group.test.id}" -} - -resource "azurerm_subnet" "private" { - name = "${azurerm_resource_group.test.name}-subnet-private" - resource_group_name = "${azurerm_resource_group.test.name}" - virtual_network_name = "${azurerm_virtual_network.test.name}" - address_prefix = "10.0.2.0/24" - network_security_group_id = "${azurerm_network_security_group.test.id}" -} - -resource "azurerm_network_security_group" "test" { - name = "default-network-sg" - location = "${azurerm_resource_group.test.location}" - resource_group_name = "${azurerm_resource_group.test.name}" - - security_rule { - name = "default-allow-all" - priority = 100 - direction = "Inbound" - access = "Allow" - protocol = "*" - source_port_range = "*" - destination_port_range = "*" - source_address_prefix = "${var.network_cidr}" - destination_address_prefix = "*" - } - - tags = { - environment = "${var.environment}" - } -} -`, data.RandomInteger, data.Locations.Primary) -} diff --git a/examples/kubernetes/advanced-networking-calico-policy/main.tf b/examples/kubernetes/advanced-networking-calico-policy/main.tf index b14d95b0cc48..cf95062ee80c 100644 --- a/examples/kubernetes/advanced-networking-calico-policy/main.tf +++ b/examples/kubernetes/advanced-networking-calico-policy/main.tf @@ -28,9 +28,6 @@ resource "azurerm_subnet" "test" { resource_group_name = "${azurerm_resource_group.test.name}" address_prefix = "10.1.0.0/24" virtual_network_name = "${azurerm_virtual_network.test.name}" - - # this field is deprecated and will be removed in 2.0 - but is required until then - route_table_id = "${azurerm_route_table.test.id}" } resource "azurerm_subnet_route_table_association" "test" { diff --git a/examples/kubernetes/advanced-networking-multiple-agentpool/main.tf b/examples/kubernetes/advanced-networking-multiple-agentpool/main.tf index a30e57432b88..bb3c463d167e 100644 --- a/examples/kubernetes/advanced-networking-multiple-agentpool/main.tf +++ b/examples/kubernetes/advanced-networking-multiple-agentpool/main.tf @@ -28,9 +28,6 @@ resource "azurerm_subnet" "example" { resource_group_name = "${azurerm_resource_group.example.name}" address_prefix = "10.1.0.0/24" virtual_network_name = "${azurerm_virtual_network.example.name}" - - # this field is deprecated and will be removed in 2.0 - but is required until then - route_table_id = "${azurerm_route_table.example.id}" } resource "azurerm_subnet_route_table_association" "example" { diff --git a/examples/kubernetes/advanced-networking/main.tf b/examples/kubernetes/advanced-networking/main.tf index c778f7fb952a..762b4db9718d 100644 --- a/examples/kubernetes/advanced-networking/main.tf +++ b/examples/kubernetes/advanced-networking/main.tf @@ -28,9 +28,6 @@ resource "azurerm_subnet" "example" { resource_group_name = "${azurerm_resource_group.example.name}" address_prefix = "10.1.0.0/22" virtual_network_name = "${azurerm_virtual_network.example.name}" - - # this field is deprecated and will be removed in 2.0 - but is required until then - route_table_id = "${azurerm_route_table.example.id}" } resource "azurerm_subnet_route_table_association" "example" { diff --git a/examples/virtual-networks/azure-firewall/main.tf b/examples/virtual-networks/azure-firewall/main.tf index 90b4f7089677..1aaf9e8033a6 100644 --- a/examples/virtual-networks/azure-firewall/main.tf +++ b/examples/virtual-networks/azure-firewall/main.tf @@ -89,7 +89,6 @@ resource "azurerm_subnet" "azusubnet" { resource_group_name = "${azurerm_resource_group.azurg.name}" virtual_network_name = "${azurerm_virtual_network.azuvnet.name}" address_prefix = "10.0.2.0/24" - route_table_id = "${azurerm_route_table.azurt.id}" } resource "azurerm_subnet_route_table_association" "azurtassoc" { diff --git a/website/docs/d/subnet.html.markdown b/website/docs/d/subnet.html.markdown index 60d911819d0c..73ea02db1300 100644 --- a/website/docs/d/subnet.html.markdown +++ b/website/docs/d/subnet.html.markdown @@ -37,7 +37,6 @@ output "subnet_id" { * `enforce_private_link_service_network_policies` - Enable or Disable network policies on private link service in the subnet. * `network_security_group_id` - The ID of the Network Security Group associated with the subnet. * `route_table_id` - The ID of the Route Table associated with this subnet. -* `ip_configurations` - The collection of IP Configurations with IPs within this subnet. * `service_endpoints` - A list of Service Endpoints within this subnet. * `enforce_private_link_endpoint_network_policies` - Enable or Disable network policies for the private link endpoint on the subnet. * `enforce_private_link_service_network_policies` - Enable or Disable network policies for the private link service on the subnet. diff --git a/website/docs/r/subnet.html.markdown b/website/docs/r/subnet.html.markdown index b23e95f7d5be..8b0f2b293da8 100644 --- a/website/docs/r/subnet.html.markdown +++ b/website/docs/r/subnet.html.markdown @@ -59,25 +59,19 @@ The following arguments are supported: * `address_prefix` - (Required) The address prefix to use for the subnet. -* `network_security_group_id` - (Optional / **Deprecated**) The ID of the Network Security Group to associate with the subnet. - --> **NOTE:** At this time Subnet `<->` Network Security Group associations need to be configured both using this field (which is now Deprecated) and using the `azurerm_subnet_network_security_group_association` resource. This field is deprecated and will be removed in favour of that resource in the next major version (2.0) of the AzureRM Provider. - -* `route_table_id` - (Optional / **Deprecated**) The ID of the Route Table to associate with the subnet. - --> **NOTE:** At this time Subnet `<->` Route Table associations need to be configured both using this field (which is now Deprecated) and using the `azurerm_subnet_route_table_association` resource. This field is deprecated and will be removed in favour of that resource in the next major version (2.0) of the AzureRM Provider. - -* `service_endpoints` - (Optional) The list of Service endpoints to associate with the subnet. Possible values include: `Microsoft.AzureActiveDirectory`, `Microsoft.AzureCosmosDB`, `Microsoft.ContainerRegistry`, `Microsoft.EventHub`, `Microsoft.KeyVault`, `Microsoft.ServiceBus`, `Microsoft.Sql`, `Microsoft.Storage` and `Microsoft.Web`. +--- * `delegation` - (Optional) One or more `delegation` blocks as defined below. * `enforce_private_link_endpoint_network_policies` - (Optional) Enable or Disable network policies for the private link endpoint on the subnet. Default valule is `false`. Conflicts with enforce_private_link_service_network_policies. --> **NOTE:** Network policies, like network security groups (NSG), are not supported for Private Link Endpoints or Private Link Services. In order to deploy a Private Link Endpoint on a given subnet, you must set the `enforce_private_link_endpoint_network_policies` attribute to `true`. This setting is only applicable for the Private Link Endpoint, for all other resources in the subnet access is controlled based on the `network_security_group_id`. +-> **NOTE:** Network policies, like network security groups (NSG), are not supported for Private Link Endpoints or Private Link Services. In order to deploy a Private Link Endpoint on a given subnet, you must set the `enforce_private_link_endpoint_network_policies` attribute to `true`. This setting is only applicable for the Private Link Endpoint, for all other resources in the subnet access is controlled based via the Network Security Group which can be configured using the `azurerm_subnet_network_security_group_association` resource. -* `enforce_private_link_service_network_policies` - (Optional) Enable or Disable network policies for the private link service on the subnet. Default valule is `false`. Conflicts with enforce_private_link_endpoint_network_policies. +* `enforce_private_link_service_network_policies` - (Optional) Enable or Disable network policies for the private link service on the subnet. Default valule is `false`. Conflicts with `enforce_private_link_endpoint_network_policies`. --> **NOTE:** In order to deploy a Private Link Service on a given subnet, you must set the `enforce_private_link_service_network_policies` attribute to `true`. This setting is only applicable for the Private Link Service, for all other resources in the subnet access is controlled based on the `network_security_group_id`. +-> **NOTE:** In order to deploy a Private Link Service on a given subnet, you must set the `enforce_private_link_service_network_policies` attribute to `true`. This setting is only applicable for the Private Link Service, for all other resources in the subnet access is controlled based on the Network Security Group which can be configured using the `azurerm_subnet_network_security_group_association` resource. + +* `service_endpoints` - (Optional) The list of Service endpoints to associate with the subnet. Possible values include: `Microsoft.AzureActiveDirectory`, `Microsoft.AzureCosmosDB`, `Microsoft.ContainerRegistry`, `Microsoft.EventHub`, `Microsoft.KeyVault`, `Microsoft.ServiceBus`, `Microsoft.Sql`, `Microsoft.Storage` and `Microsoft.Web`. --- @@ -104,7 +98,6 @@ A `service_delegation` block supports the following: The following attributes are exported: * `id` - The subnet ID. -* `ip_configurations` - The collection of IP Configurations with IPs within this subnet. * `name` - The name of the subnet. * `resource_group_name` - The name of the resource group in which the subnet is created in. * `virtual_network_name` - The name of the virtual network in which the subnet is created in diff --git a/website/docs/r/subnet_network_security_group_association.html.markdown b/website/docs/r/subnet_network_security_group_association.html.markdown index 7872e2b1642a..c172e3428613 100644 --- a/website/docs/r/subnet_network_security_group_association.html.markdown +++ b/website/docs/r/subnet_network_security_group_association.html.markdown @@ -11,8 +11,6 @@ description: |- Associates a [Network Security Group](network_security_group.html) with a [Subnet](subnet.html) within a [Virtual Network](virtual_network.html). --> **NOTE:** Subnet `<->` Network Security Group associations currently need to be configured on both this resource and using the `network_security_group_id` field on the `azurerm_subnet` resource. The next major version of the AzureRM Provider (2.0) will remove the `network_security_group_id` field from the `azurerm_subnet` resource such that this resource is used to link resources in future. - ## Example Usage ```hcl @@ -29,11 +27,10 @@ resource "azurerm_virtual_network" "example" { } resource "azurerm_subnet" "example" { - name = "frontend" - resource_group_name = azurerm_resource_group.example.name - virtual_network_name = azurerm_virtual_network.example.name - address_prefix = "10.0.2.0/24" - network_security_group_id = azurerm_network_security_group.example.id + name = "frontend" + resource_group_name = azurerm_resource_group.example.name + virtual_network_name = azurerm_virtual_network.example.name + address_prefix = "10.0.2.0/24" } resource "azurerm_network_security_group" "example" { diff --git a/website/docs/r/subnet_route_table_association.html.markdown b/website/docs/r/subnet_route_table_association.html.markdown index c0076e37aab7..8a2f294f2c93 100644 --- a/website/docs/r/subnet_route_table_association.html.markdown +++ b/website/docs/r/subnet_route_table_association.html.markdown @@ -11,8 +11,6 @@ description: |- Associates a [Route Table](route_table.html) with a [Subnet](subnet.html) within a [Virtual Network](virtual_network.html). --> **NOTE:** Subnet `<->` Route Table associations currently need to be configured on both this resource and using the `route_table_id` field on the `azurerm_subnet` resource. The next major version of the AzureRM Provider (2.0) will remove the `route_table_id` field from the `azurerm_subnet` resource such that this resource is used to link resources in future. - ## Example Usage ```hcl @@ -33,7 +31,6 @@ resource "azurerm_subnet" "example" { resource_group_name = azurerm_resource_group.example.name virtual_network_name = azurerm_virtual_network.example.name address_prefix = "10.0.2.0/24" - route_table_id = azurerm_route_table.example.id } resource "azurerm_route_table" "example" {