From 4f7f6b789333c3b1d0fcedc773831ba0e3a01573 Mon Sep 17 00:00:00 2001 From: Vladimir Lazarenko Date: Thu, 5 Dec 2024 07:46:19 +0100 Subject: [PATCH] `azurerm_network_watcher_flow_log`: Add 2 more resource types to `target_resource_id` (#28177) * `azurerm_network_watcher_flow_log`: Add 2 more resource types to `target_resource_id` Added NIC and subnet as accepted value types for `target_resource_id`. Fixes #28175 * fmt --- .../network_watcher_flow_log_resource.go | 6 + .../network_watcher_flow_log_resource_test.go | 112 ++++++++++++++++++ .../network/network_watcher_resource_test.go | 2 + .../d/mssql_managed_database.html.markdown | 2 +- .../r/network_watcher_flow_log.html.markdown | 6 +- 5 files changed, 124 insertions(+), 4 deletions(-) diff --git a/internal/services/network/network_watcher_flow_log_resource.go b/internal/services/network/network_watcher_flow_log_resource.go index cf755d3105c9..aea81409cc1f 100644 --- a/internal/services/network/network_watcher_flow_log_resource.go +++ b/internal/services/network/network_watcher_flow_log_resource.go @@ -79,6 +79,8 @@ func resourceNetworkWatcherFlowLog() *pluginsdk.Resource { ValidateFunc: validation.Any( networksecuritygroups.ValidateNetworkSecurityGroupID, commonids.ValidateVirtualNetworkID, + commonids.ValidateSubnetID, + commonids.ValidateNetworkInterfaceID, ), }, @@ -422,6 +424,10 @@ func resourceNetworkWatcherFlowLogRead(d *pluginsdk.ResourceData, meta interface targetIsNSG = true } else if vnetId, err := commonids.ParseVirtualNetworkIDInsensitively(props.TargetResourceId); err == nil { targetResourceId = vnetId.ID() + } else if subnetId, err := commonids.ParseSubnetIDInsensitively(props.TargetResourceId); err == nil { + targetResourceId = subnetId.ID() + } else if nicId, err := commonids.ParseNetworkInterfaceIDInsensitively(props.TargetResourceId); err == nil { + targetResourceId = nicId.ID() } if !features.FivePointOhBeta() && targetIsNSG { diff --git a/internal/services/network/network_watcher_flow_log_resource_test.go b/internal/services/network/network_watcher_flow_log_resource_test.go index 8fda8ef2ee43..fb351e2dd115 100644 --- a/internal/services/network/network_watcher_flow_log_resource_test.go +++ b/internal/services/network/network_watcher_flow_log_resource_test.go @@ -49,6 +49,36 @@ func testAccNetworkWatcherFlowLog_basicWithVirtualNetwork(t *testing.T) { }) } +func testAccNetworkWatcherFlowLog_basicWithSubnet(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_network_watcher_flow_log", "test") + r := NetworkWatcherFlowLogResource{} + + data.ResourceSequentialTest(t, r, []acceptance.TestStep{ + { + Config: r.basicConfigWithSubnet(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + }) +} + +func testAccNetworkWatcherFlowLog_basicWithNIC(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_network_watcher_flow_log", "test") + r := NetworkWatcherFlowLogResource{} + + data.ResourceSequentialTest(t, r, []acceptance.TestStep{ + { + Config: r.basicConfigWithNIC(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + }) +} + func testAccNetworkWatcherFlowLog_requiresImport(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_network_watcher_flow_log", "test") r := NetworkWatcherFlowLogResource{} @@ -396,6 +426,88 @@ resource "azurerm_network_watcher_flow_log" "test" { `, r.prerequisites(data), data.RandomInteger, data.RandomInteger) } +func (r NetworkWatcherFlowLogResource) basicConfigWithSubnet(data acceptance.TestData) string { + return fmt.Sprintf(` +%s + +resource "azurerm_virtual_network" "test" { + name = "acctestvn-%d" + address_space = ["10.0.0.0/16"] + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name +} + +resource "azurerm_subnet" "test" { + name = "acctestsubnet-%d" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefixes = ["10.0.1.0/24"] +} + +resource "azurerm_network_watcher_flow_log" "test" { + network_watcher_name = azurerm_network_watcher.test.name + resource_group_name = azurerm_resource_group.test.name + name = "flowlog-%d" + + target_resource_id = azurerm_subnet.test.id + storage_account_id = azurerm_storage_account.test.id + enabled = true + + retention_policy { + enabled = false + days = 0 + } +} +`, r.prerequisites(data), data.RandomInteger, data.RandomInteger, data.RandomInteger) +} + +func (r NetworkWatcherFlowLogResource) basicConfigWithNIC(data acceptance.TestData) string { + return fmt.Sprintf(` +%s + +resource "azurerm_virtual_network" "test" { + name = "acctestvn-%d" + address_space = ["10.0.0.0/16"] + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name +} + +resource "azurerm_subnet" "test" { + name = "acctestsubnet-%d" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefixes = ["10.0.1.0/24"] +} + +resource "azurerm_network_interface" "test" { + name = "acctestnic-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + + ip_configuration { + name = "internal" + subnet_id = azurerm_subnet.test.id + private_ip_address_allocation = "Dynamic" + } +} + +resource "azurerm_network_watcher_flow_log" "test" { + network_watcher_name = azurerm_network_watcher.test.name + resource_group_name = azurerm_resource_group.test.name + name = "flowlog-%d" + + target_resource_id = azurerm_network_interface.test.id + storage_account_id = azurerm_storage_account.test.id + enabled = true + + retention_policy { + enabled = false + days = 0 + } +} +`, r.prerequisites(data), data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger) +} + func (r NetworkWatcherFlowLogResource) requiresImport(data acceptance.TestData) string { if !features.FivePointOhBeta() { return fmt.Sprintf(` diff --git a/internal/services/network/network_watcher_resource_test.go b/internal/services/network/network_watcher_resource_test.go index 01f4ec4eba96..720c480fdcdc 100644 --- a/internal/services/network/network_watcher_resource_test.go +++ b/internal/services/network/network_watcher_resource_test.go @@ -79,6 +79,8 @@ func TestAccNetworkWatcher(t *testing.T) { "FlowLog": { "basic": testAccNetworkWatcherFlowLog_basic, "basicWithVirtualNetwork": testAccNetworkWatcherFlowLog_basicWithVirtualNetwork, + "basicWithSubnet": testAccNetworkWatcherFlowLog_basicWithSubnet, + "basicWithNIC": testAccNetworkWatcherFlowLog_basicWithNIC, "requiresImport": testAccNetworkWatcherFlowLog_requiresImport, "disabled": testAccNetworkWatcherFlowLog_disabled, "reenabled": testAccNetworkWatcherFlowLog_reenabled, diff --git a/website/docs/d/mssql_managed_database.html.markdown b/website/docs/d/mssql_managed_database.html.markdown index 4c5e4ec594df..823eb51ff058 100644 --- a/website/docs/d/mssql_managed_database.html.markdown +++ b/website/docs/d/mssql_managed_database.html.markdown @@ -70,4 +70,4 @@ A `point_in_time_restore` block exports the following: The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/language/resources/syntax#operation-timeouts) for certain actions: -* `read` - (Defaults to 5 minutes) Used when retrieving the Azure SQL Azure Managed Database. \ No newline at end of file +* `read` - (Defaults to 5 minutes) Used when retrieving the Azure SQL Azure Managed Database. diff --git a/website/docs/r/network_watcher_flow_log.html.markdown b/website/docs/r/network_watcher_flow_log.html.markdown index b6814eb543e9..a735772fa78e 100644 --- a/website/docs/r/network_watcher_flow_log.html.markdown +++ b/website/docs/r/network_watcher_flow_log.html.markdown @@ -56,9 +56,9 @@ resource "azurerm_network_watcher_flow_log" "test" { resource_group_name = azurerm_resource_group.example.name name = "example-log" - network_security_group_id = azurerm_network_security_group.test.id - storage_account_id = azurerm_storage_account.test.id - enabled = true + target_resource_id = azurerm_network_security_group.test.id + storage_account_id = azurerm_storage_account.test.id + enabled = true retention_policy { enabled = true