diff --git a/azurerm/internal/services/sentinel/resource_arm_sentinel_alert_rule_ms_security_incident.go b/azurerm/internal/services/sentinel/resource_arm_sentinel_alert_rule_ms_security_incident.go index 2a540ffa271e..e7d63cbaf1af 100644 --- a/azurerm/internal/services/sentinel/resource_arm_sentinel_alert_rule_ms_security_incident.go +++ b/azurerm/internal/services/sentinel/resource_arm_sentinel_alert_rule_ms_security_incident.go @@ -97,10 +97,25 @@ func resourceArmSentinelAlertRuleMsSecurityIncident() *schema.Resource { Default: true, }, + "display_name_filter": { + Type: schema.TypeSet, + Optional: true, + Computed: true, // remove in 3.0 + MinItems: 1, + ConflictsWith: []string{"text_whitelist"}, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringIsNotEmpty, + }, + }, + "text_whitelist": { - Type: schema.TypeSet, - Optional: true, - MinItems: 1, + Type: schema.TypeSet, + Optional: true, + Computed: true, // remove in 3.0 + MinItems: 1, + ConflictsWith: []string{"display_name_filter"}, + Deprecated: "this property has been renamed to display_name_filter to better match the SDK & API", Elem: &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringIsNotEmpty, @@ -146,8 +161,10 @@ func resourceArmSentinelAlertRuleMsSecurityIncidentCreateUpdate(d *schema.Resour }, } - if whitelist, ok := d.GetOk("text_whitelist"); ok { - param.DisplayNamesFilter = utils.ExpandStringSlice(whitelist.(*schema.Set).List()) + if dnf, ok := d.GetOk("display_name_filter"); ok { + param.DisplayNamesFilter = utils.ExpandStringSlice(dnf.(*schema.Set).List()) + } else if dnf, ok := d.GetOk("text_whitelist"); ok { + param.DisplayNamesFilter = utils.ExpandStringSlice(dnf.(*schema.Set).List()) } // Service avoid concurrent update of this resource via checking the "etag" to guarantee it is the same value as last Read. @@ -223,6 +240,9 @@ func resourceArmSentinelAlertRuleMsSecurityIncidentRead(d *schema.ResourceData, if err := d.Set("text_whitelist", utils.FlattenStringSlice(prop.DisplayNamesFilter)); err != nil { return fmt.Errorf(`setting "text_whitelist": %+v`, err) } + if err := d.Set("display_name_filter", utils.FlattenStringSlice(prop.DisplayNamesFilter)); err != nil { + return fmt.Errorf(`setting "display_name_filter": %+v`, err) + } if err := d.Set("severity_filter", flattenAlertRuleMsSecurityIncidentSeverityFilter(prop.SeveritiesFilter)); err != nil { return fmt.Errorf(`setting "severity_filter": %+v`, err) } diff --git a/azurerm/internal/services/sentinel/tests/resource_arm_sentinel_alert_rule_ms_security_incident_test.go b/azurerm/internal/services/sentinel/tests/resource_arm_sentinel_alert_rule_ms_security_incident_test.go index 4ccffb66fb64..eadbf2d94c65 100644 --- a/azurerm/internal/services/sentinel/tests/resource_arm_sentinel_alert_rule_ms_security_incident_test.go +++ b/azurerm/internal/services/sentinel/tests/resource_arm_sentinel_alert_rule_ms_security_incident_test.go @@ -181,7 +181,7 @@ resource "azurerm_sentinel_alert_rule_ms_security_incident" "test" { display_name = "updated rule" severity_filter = ["High", "Low"] description = "this is a alert rule" - text_whitelist = ["alert"] + display_name_filter = ["alert"] } `, template, data.RandomInteger) } diff --git a/azurerm/internal/services/web/app_service_environment_resource.go b/azurerm/internal/services/web/app_service_environment_resource.go index e55d689975e4..5e4a571f37cb 100644 --- a/azurerm/internal/services/web/app_service_environment_resource.go +++ b/azurerm/internal/services/web/app_service_environment_resource.go @@ -93,9 +93,23 @@ func resourceArmAppServiceEnvironment() *schema.Resource { }, false), }, + "allowed_user_ip_cidrs": { + Type: schema.TypeSet, + Optional: true, + Computed: true, // remove in 3.0 + ConflictsWith: []string{"user_whitelisted_ip_ranges"}, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: helpersValidate.CIDR, + }, + }, + "user_whitelisted_ip_ranges": { - Type: schema.TypeSet, - Optional: true, + Type: schema.TypeSet, + Optional: true, + Computed: true, // remove in 3.0 + ConflictsWith: []string{"allowed_user_ip_cidrs"}, + Deprecated: "this property has been renamed to `allowed_user_ip_cidrs` better reflect the expected ip range format", Elem: &schema.Schema{ Type: schema.TypeString, ValidateFunc: helpersValidate.CIDR, @@ -126,6 +140,9 @@ func resourceArmAppServiceEnvironmentCreate(d *schema.ResourceData, meta interfa internalLoadBalancingMode := d.Get("internal_load_balancing_mode").(string) t := d.Get("tags").(map[string]interface{}) userWhitelistedIPRangesRaw := d.Get("user_whitelisted_ip_ranges").(*schema.Set).List() + if v, ok := d.GetOk("allowed_user_ip_cidrs"); ok { + userWhitelistedIPRangesRaw = v.(*schema.Set).List() + } subnetId := d.Get("subnet_id").(string) subnet, err := networkParse.SubnetID(subnetId) @@ -222,32 +239,34 @@ func resourceArmAppServiceEnvironmentUpdate(d *schema.ResourceData, meta interfa return err } - environment := web.AppServiceEnvironmentPatchResource{ + e := web.AppServiceEnvironmentPatchResource{ AppServiceEnvironment: &web.AppServiceEnvironment{}, } if d.HasChange("internal_load_balancing_mode") { v := d.Get("internal_load_balancing_mode").(string) - environment.AppServiceEnvironment.InternalLoadBalancingMode = web.InternalLoadBalancingMode(v) + e.AppServiceEnvironment.InternalLoadBalancingMode = web.InternalLoadBalancingMode(v) } if d.HasChange("front_end_scale_factor") { v := d.Get("front_end_scale_factor").(int) - environment.AppServiceEnvironment.FrontEndScaleFactor = utils.Int32(int32(v)) + e.AppServiceEnvironment.FrontEndScaleFactor = utils.Int32(int32(v)) } if d.HasChange("pricing_tier") { v := d.Get("pricing_tier").(string) v = convertFromIsolatedSKU(v) - environment.AppServiceEnvironment.MultiSize = utils.String(v) + e.AppServiceEnvironment.MultiSize = utils.String(v) } - if d.HasChange("user_whitelisted_ip_ranges") { - v := d.Get("user_whitelisted_ip_ranges").(*schema.Set).List() - environment.UserWhitelistedIPRanges = utils.ExpandStringSlice(v) + if d.HasChanges("user_whitelisted_ip_ranges", "allowed_user_ip_cidrs") { + e.UserWhitelistedIPRanges = utils.ExpandStringSlice(d.Get("user_whitelisted_ip_ranges").(*schema.Set).List()) + if v, ok := d.GetOk("user_whitelisted_ip_ranges"); ok { + e.UserWhitelistedIPRanges = utils.ExpandStringSlice(v.(*schema.Set).List()) + } } - if _, err := client.Update(ctx, id.ResourceGroup, id.Name, environment); err != nil { + if _, err := client.Update(ctx, id.ResourceGroup, id.Name, e); err != nil { return fmt.Errorf("Error updating App Service Environment %q (Resource Group %q): %+v", id.Name, id.ResourceGroup, err) } @@ -306,6 +325,7 @@ func resourceArmAppServiceEnvironmentRead(d *schema.ResourceData, meta interface } d.Set("pricing_tier", pricingTier) d.Set("user_whitelisted_ip_ranges", props.UserWhitelistedIPRanges) + d.Set("allowed_user_ip_cidrs", props.UserWhitelistedIPRanges) } return tags.FlattenAndSet(d, existing.Tags) diff --git a/azurerm/internal/services/web/tests/app_service_environment_resource_test.go b/azurerm/internal/services/web/tests/app_service_environment_resource_test.go index 94b571467460..33d42cd46280 100644 --- a/azurerm/internal/services/web/tests/app_service_environment_resource_test.go +++ b/azurerm/internal/services/web/tests/app_service_environment_resource_test.go @@ -411,7 +411,7 @@ resource "azurerm_app_service_environment" "test" { pricing_tier = "I1" front_end_scale_factor = 5 internal_load_balancing_mode = "Web, Publishing" - user_whitelisted_ip_ranges = ["11.22.33.44/32", "55.66.77.0/24"] + allowed_user_ip_cidrs = ["11.22.33.44/32", "55.66.77.0/24"] } `, template, data.RandomInteger) } diff --git a/website/docs/r/app_service_environment.html.markdown b/website/docs/r/app_service_environment.html.markdown index 5b3a7b5a2446..d884f70738b2 100644 --- a/website/docs/r/app_service_environment.html.markdown +++ b/website/docs/r/app_service_environment.html.markdown @@ -46,7 +46,7 @@ resource "azurerm_app_service_environment" "example" { pricing_tier = "I2" front_end_scale_factor = 10 internal_load_balancing_mode = "Web, Publishing" - user_whitelisted_ip_ranges = ["11.22.33.44/32", "55.66.77.0/24"] + allowed_user_ip_cidrs = ["11.22.33.44/32", "55.66.77.0/24"] } ``` @@ -65,9 +65,9 @@ resource "azurerm_app_service_environment" "example" { * `front_end_scale_factor` - (Optional) Scale factor for front end instances. Possible values are between `5` and `15`. Defaults to `15`. -* `user_whitelisted_ip_ranges` - (Optional) User added IP ranges to whitelist on ASE db. Use the addresses you want to set as the explicit egress address ranges. Use CIDR format. +* `allowed_user_ip_cidrs` - (Optional) Allowed user added IP ranges on the ASE database. Use the addresses you want to set as the explicit egress address ranges. -~> **NOTE:** `user_whitelisted_ip_ranges` The addresses that will be used for all outbound traffic from your App Service Environment to the internet to avoid asymmetric routing challenge. If you're routing the traffic on premises, these addresses are your NATs or gateway IPs. If you want to route the App Service Environment outbound traffic through an NVA, the egress address is the public IP of the NVA. Please visit [Create your ASE with the egress addresses](https://docs.microsoft.com/en-us/azure/app-service/environment/forced-tunnel-support#add-your-own-ips-to-the-ase-azure-sql-firewall) +~> **NOTE:** `allowed_user_ip_cidrs` The addresses that will be used for all outbound traffic from your App Service Environment to the internet to avoid asymmetric routing challenge. If you're routing the traffic on premises, these addresses are your NATs or gateway IPs. If you want to route the App Service Environment outbound traffic through an NVA, the egress address is the public IP of the NVA. Please visit [Create your ASE with the egress addresses](https://docs.microsoft.com/en-us/azure/app-service/environment/forced-tunnel-support#add-your-own-ips-to-the-ase-azure-sql-firewall) * `resource_group_name` - (Optional) The name of the Resource Group where the App Service Environment exists. Defaults to the Resource Group of the Subnet (specified by `subnet_id`). diff --git a/website/docs/r/blueprint_assignment.html.markdown b/website/docs/r/blueprint_assignment.html.markdown index f2046a0c73ef..0055a87146c5 100644 --- a/website/docs/r/blueprint_assignment.html.markdown +++ b/website/docs/r/blueprint_assignment.html.markdown @@ -162,4 +162,4 @@ Azure Blueprint Assignments can be imported using the `resource id`, e.g. ```shell terraform import azurerm_blueprint_assignment.example "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint" -``` \ No newline at end of file +``` diff --git a/website/docs/r/sentinel_alert_rule_ms_security_incident.html.markdown b/website/docs/r/sentinel_alert_rule_ms_security_incident.html.markdown index a6727975d786..d2abd030b510 100644 --- a/website/docs/r/sentinel_alert_rule_ms_security_incident.html.markdown +++ b/website/docs/r/sentinel_alert_rule_ms_security_incident.html.markdown @@ -60,7 +60,7 @@ The following arguments are supported: * `enabled` - (Optional) Should this Sentinel MS Security Incident Alert Rule be enabled? Defaults to `true`. -* `text_whitelist` - (Optional) Only create incidents from alerts when alert name contain text in this list. No filter will happen if this field is absent. +* `display_name_filter` - (Optional) Only create incidents when the alert display name contain text from this list, leave empty to apply no filter. ## Attributes Reference