New Resource: azurerm_virtual_hub_connection

[neil-yechenwei]

This PR is to improve the code as the issue #5613 is saying.

[tombuildsstuff]

hi @neil-yechenwei

Thanks for this PR.

Due to the way the Networking API's work, the last time we looked at this it appeared that this functionality wanted splitting out into it's own virtual resource (azurerm_virtual_hub_connection) rather than being nested within the azurerm_virtual_hub resource. There's a branch tracking this functionality pushed here however the API was broken the last time we took a look at this - would you be able to confirm if this has been fixed?

If so rather than nesting this within the azurerm_virtual_hub resource could we instead switch to using a Virtual Resource instead as in the other branch? This approach allows us to better represent the behaviour of the Networking API's.

Thanks!

[neil-yechenwei]

hi @tombuildsstuff , seems I misunderstood your meaning before.
Previously I assume we should make "virtual hub connection" as separate resource like "resource_arm_virtual_network_gateway_connection.go" with independent "connection client" like "https://github.com/terraform-providers/terraform-provider-azurerm/blob/9aa32daf9a440fa94996d255e056f11edb8415d1/azurerm/internal/services/network/resource_arm_virtual_network_gateway_connection.go#L257". So I found the independent "HubVirtualNetworkConnectionClient" (https://github.com/Azure/azure-sdk-for-go/blob/090dc0ee4d8d2d60e2a9525774d967a4111a2b0c/services/network/mgmt/2019-11-01/network/hubvirtualnetworkconnections.go#L50) for virtual hub doesn't support create/update operation. According by your commit "6b49836", seems that I should still use "VirtualHubClient" to update "virtual hub connection" in independent virtual resource. Thanks for your suggestion. I will update this PR to make "virtual hub connection" as separate virtual resource following the commit 6b49836 .

[neil-yechenwei]

@tombuildsstuff , I've updated this PR according by your commit 6b49836

[katbyte]

thanks for the PR @neil-yechenwei,

i've given this a quick review and most of my comments are minor or around naming.

[katbyte]

Could we change this to

Suggested change

	"enable_internet_security": {
	"internet_security_enabled": {

[neil-yechenwei]

Updated

[katbyte]

COuld we expand on wha internet security is a little here?

[neil-yechenwei]

Updated

[katbyte]

Suggested change

	* `allow_remote_vnet_to_use_hub_vnet_gateways` - (Optional) Allow the Remote Virtual Network to transit use the Hub's Virtual Network Gateway's? Changing this forces a new resource to be created.
	* `allow_remote_vnet_to_use_hub_gateways` - (Optional) Is Remote Virtual Network traffic allowed to transit the Hub's Virtual Network Gateway's? Changing this forces a new resource to be created.

[neil-yechenwei]

Updated

[katbyte]

We don't need to assign these to locals?

[neil-yechenwei]

Updated

[katbyte]

I don't think we need to assign these to locals?

[neil-yechenwei]

Updated

[katbyte]

could we define two virtual hubs for the complete test, and then have another update test where we go basic -> compelte -> basic to ensure we correctly handel multiple?

[neil-yechenwei]

updated

[katbyte]

We should be able to get the primary ID and parse it as a virtual_hub_connection id?

[neil-yechenwei]

Here is getting virtual_hub_id not virtual hub connection id. so won't fix.

[katbyte]

You should be able to get everything require from ParseVirtualHubConnectionID as we do on read/delete

[katbyte]

same here

[neil-yechenwei]

Here is getting virtual_hub_id not virtual hub connection id. so won't fix.

[katbyte]

as above

[neil-yechenwei]

@katbyte , Thanks for your comments. I've updated code.

[katbyte]

Thanks for the revisions @neil-yechenwei, i have left a number of formatting and style comments inline that should be adressed

[katbyte]

You should be able to get everything require from ParseVirtualHubConnectionID as we do on read/delete

[katbyte]

as above

[katbyte]

I think if you moved the checks into the find function and took the vhub this would be much more clear

Suggested change

	if virtualHub.VirtualHubProperties == nil {
	return fmt.Errorf("Error retrieving Virtual Hub %q (Resource Group %q): `properties` was nil", id.Name, resourceGroup)
	}
	if virtualHub.VirtualHubProperties.VirtualNetworkConnections == nil {
	return fmt.Errorf("Error retrieving Virtual Hub %q (Resource Group %q): `properties.VirtualNetworkConnections` was nil", id.Name, resourceGroup)
	}
	connections = *virtualHub.VirtualHubProperties.VirtualNetworkConnections
	newConnection, _ := findVirtualHubConnection(name, connections)
	newConnection, _ := findVirtualHubConnection(name, virtualHub)

[neil-yechenwei]

Updated

[katbyte]

Could we be consistent with other resources

Suggested change

	if connection.HubVirtualNetworkConnectionProperties == nil {
	return fmt.Errorf("Error retrieving Connection %q (Virtual Hub %q / Resource Group %q): `properties` was nil`", id.Name, virtualHubName, resourceGroup)
	}
	props := *connection.HubVirtualNetworkConnectionProperties
	d.Set("name", id.Name)
	d.Set("virtual_hub_id", virtualHub.ID)
	d.Set("hub_to_vitual_network_traffic_allowed", props.AllowHubToRemoteVnetTransit)
	d.Set("vitual_network_to_hub_gateways_traffic_allowed", props.AllowRemoteVnetToUseHubVnetGateways)
	d.Set("internet_security_enabled", props.EnableInternetSecurity)
	remoteVirtualNetworkId := ""
	if props.RemoteVirtualNetwork != nil && props.RemoteVirtualNetwork.ID != nil {
	remoteVirtualNetworkId = *props.RemoteVirtualNetwork.ID
	}
	d.Set("remote_virtual_network_id", remoteVirtualNetworkId)
	if connection.HubVirtualNetworkConnectionProperties == nil {
	return fmt.Errorf("Error retrieving Connection %q (Virtual Hub %q / Resource Group %q): `properties` was nil`", id.Name, virtualHubName, resourceGroup)
	}
	d.Set("name", id.Name)
	d.Set("virtual_hub_id", virtualHub.ID)
	if props := connection.HubVirtualNetworkConnectionProperties; props != nil {
	d.Set("hub_to_vitual_network_traffic_allowed", props.AllowHubToRemoteVnetTransit)
	d.Set("vitual_network_to_hub_gateways_traffic_allowed", props.AllowRemoteVnetToUseHubVnetGateways)
	d.Set("internet_security_enabled", props.EnableInternetSecurity)
	remoteVirtualNetworkId := ""
	if props.RemoteVirtualNetwork != nil && props.RemoteVirtualNetwork.ID != nil {
	remoteVirtualNetworkId = *props.RemoteVirtualNetwork.ID
	}
	d.Set("remote_virtual_network_id", remoteVirtualNetworkId)
	}

[neil-yechenwei]

Updated

[katbyte]

I didn't notice the index used anywhere

Suggested change

	func findVirtualHubConnection(name string, connections []network.HubVirtualNetworkConnection) (conn *network.HubVirtualNetworkConnection, index int) {
	func findVirtualHubConnection(name string, connections []network.HubVirtualNetworkConnection) *network.HubVirtualNetworkConnection {

[neil-yechenwei]

Updated

[katbyte]

Suggested change

	conn = &connection
	index = i
	return
	return &connection

[neil-yechenwei]

Updated

[neil-yechenwei]

@katbyte , I've updated code. Thanks for your comments.

[katbyte]

Thanks for the updates @neil-yechenwei! LGTM now 👍

[ghost]

This has been released in version 2.2.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.2.0"
}
# ... other configuration ...

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!