azurerm_cosmosdb_account - support ignore_missing_vnet_service_endpoi…

…nt (#7348) Added support for ignore_missing_vnet_service_endpoint in virtual_network_rule within azurerm_cosmosdb_account. Added new test case for this specific case and updated documentation. fixes #6712
hashicorp · Jul 9, 2020 · 4904b93 · 4904b93
1 parent 94b54f8
commit 4904b93
Show file tree

Hide file tree

Showing 3 changed files with 114 additions and 2 deletions.
diff --git a/azurerm/internal/services/cosmos/cosmosdb_account_resource.go b/azurerm/internal/services/cosmos/cosmosdb_account_resource.go
@@ -204,6 +204,11 @@ func resourceArmCosmosDbAccount() *schema.Resource {
 							Required:     true,
 							ValidateFunc: azure.ValidateResourceID,
 						},
+						"ignore_missing_vnet_service_endpoint": {
+							Type:     schema.TypeBool,
+							Optional: true,
+							Default:  false,
+						},
 					},
 				},
 				Set: resourceAzureRMCosmosDBAccountVirtualNetworkRuleHash,
@@ -813,7 +818,10 @@ func expandAzureRmCosmosDBAccountVirtualNetworkRules(d *schema.ResourceData) *[]
 	s := make([]documentdb.VirtualNetworkRule, len(virtualNetworkRules))
 	for i, r := range virtualNetworkRules {
 		m := r.(map[string]interface{})
-		s[i] = documentdb.VirtualNetworkRule{ID: utils.String(m["id"].(string))}
+		s[i] = documentdb.VirtualNetworkRule{
+			ID:                               utils.String(m["id"].(string)),
+			IgnoreMissingVNetServiceEndpoint: utils.Bool(m["ignore_missing_vnet_service_endpoint"].(bool)),
+		}
 	}
 	return &s
 }
@@ -889,7 +897,8 @@ func flattenAzureRmCosmosDBAccountVirtualNetworkRules(rules *[]documentdb.Virtua
 	if rules != nil {
 		for _, r := range *rules {
 			rule := map[string]interface{}{
-				"id": *r.ID,
+				"id":                                   *r.ID,
+				"ignore_missing_vnet_service_endpoint": *r.IgnoreMissingVNetServiceEndpoint,
 			}
 			results.Add(rule)
 		}

diff --git a/azurerm/internal/services/cosmos/tests/cosmosdb_account_resource_test.go b/azurerm/internal/services/cosmos/tests/cosmosdb_account_resource_test.go
@@ -375,6 +375,27 @@ func TestAccAzureRMCosmosDBAccount_geoLocationsUpdate(t *testing.T) {
 	})
 }
 
+func TestAccAzureRMCosmosDBAccount_vNetFilters(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_cosmosdb_account", "test")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMCosmosDBAccountDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMCosmosDBAccount_vNetFilters(data),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testCheckAzureRMCosmosDBAccountExists(data.ResourceName),
+					resource.TestCheckResourceAttr(data.ResourceName, "is_virtual_network_filter_enabled", "true"),
+					resource.TestCheckResourceAttr(data.ResourceName, "virtual_network_rule.#", "2"),
+				),
+			},
+			data.ImportStep(),
+		},
+	})
+}
+
 func testCheckAzureRMCosmosDBAccountDestroy(s *terraform.State) error {
 	conn := acceptance.AzureProvider.Meta().(*clients.Client).Cosmos.DatabaseClient
 	ctx := acceptance.AzureProvider.Meta().(*clients.Client).StopContext
@@ -712,6 +733,87 @@ resource "azurerm_cosmosdb_account" "test" {
 `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, string(kind), string(consistency), data.Locations.Secondary)
 }
 
+func testAccAzureRMCosmosDBAccount_vNetFiltersPreReqs(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-cosmos-%[1]d"
+  location = "%[2]s"
+}
+
+resource "azurerm_virtual_network" "test" {
+  name                = "acctest-VNET-%[1]d"
+  resource_group_name = azurerm_resource_group.test.name
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.test.location
+  dns_servers         = ["10.0.0.4", "10.0.0.5"]
+}
+
+resource "azurerm_subnet" "subnet1" {
+  name                                           = "acctest-SN1-%[1]d-1"
+  resource_group_name                            = azurerm_resource_group.test.name
+  virtual_network_name                           = azurerm_virtual_network.test.name
+  address_prefixes                               = ["10.0.1.0/24"]
+  enforce_private_link_endpoint_network_policies = false
+  enforce_private_link_service_network_policies  = false
+}
+
+resource "azurerm_subnet" "subnet2" {
+  name                                           = "acctest-SN2-%[1]d-2"
+  resource_group_name                            = azurerm_resource_group.test.name
+  virtual_network_name                           = azurerm_virtual_network.test.name
+  address_prefixes                               = ["10.0.2.0/24"]
+  service_endpoints                              = ["Microsoft.AzureCosmosDB"]
+  enforce_private_link_endpoint_network_policies = false
+  enforce_private_link_service_network_policies  = false
+}
+`, data.RandomInteger, data.Locations.Primary)
+}
+
+func testAccAzureRMCosmosDBAccount_vNetFilters(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+%[1]s
+
+resource "azurerm_cosmosdb_account" "test" {
+  name                = "acctest-ca-%[2]d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+  offer_type          = "Standard"
+  kind                = "GlobalDocumentDB"
+
+  enable_multiple_write_locations = false
+  enable_automatic_failover       = false
+
+  consistency_policy {
+    consistency_level       = "Eventual"
+    max_interval_in_seconds = 5
+    max_staleness_prefix    = 100
+  }
+
+  is_virtual_network_filter_enabled = true
+  ip_range_filter                   = ""
+
+  virtual_network_rule {
+    id                                   = azurerm_subnet.subnet1.id
+    ignore_missing_vnet_service_endpoint = true
+  }
+
+  virtual_network_rule {
+    id                                   = azurerm_subnet.subnet2.id
+    ignore_missing_vnet_service_endpoint = false
+  }
+
+  geo_location {
+    location          = azurerm_resource_group.test.location
+    failover_priority = 0
+  }
+}
+`, testAccAzureRMCosmosDBAccount_vNetFiltersPreReqs(data), data.RandomInteger)
+}
+
 func checkAccAzureRMCosmosDBAccount_basic(data acceptance.TestData, consistency documentdb.DefaultConsistencyLevel, locationCount int) resource.TestCheckFunc {
 	return resource.ComposeTestCheckFunc(
 		testCheckAzureRMCosmosDBAccountExists(data.ResourceName),

diff --git a/website/docs/r/cosmosdb_account.html.markdown b/website/docs/r/cosmosdb_account.html.markdown
@@ -106,6 +106,7 @@ The following arguments are supported:
 `virtual_network_rule` Configures the virtual network subnets allowed to access this Cosmos DB account and supports the following:
 
 * `id` - (Required) The ID of the virtual network subnet.
+* `ignore_missing_vnet_service_endpoint` - (Optional) If set to true, the specified subnet will be added as a virtual network rule even if its CosmosDB service endpoint is not active. Defaults to `false`.
 
 ## Attributes Reference