diff --git a/internal/services/network/bastion_host_resource.go b/internal/services/network/bastion_host_resource.go index 9210eb41b9ff..9c480f0ded8f 100644 --- a/internal/services/network/bastion_host_resource.go +++ b/internal/services/network/bastion_host_resource.go @@ -1,6 +1,7 @@ package network import ( + "context" "fmt" "log" "time" @@ -20,6 +21,11 @@ import ( "github.com/tombuildsstuff/kermit/sdk/network/2022-07-01/network" ) +var skuWeight = map[string]int8{ + "Basic": 1, + "Standard": 2, +} + func resourceBastionHost() *pluginsdk.Resource { return &pluginsdk.Resource{ Create: resourceBastionHostCreateUpdate, @@ -134,6 +140,16 @@ func resourceBastionHost() *pluginsdk.Resource { "tags": tags.Schema(), }, + + CustomizeDiff: pluginsdk.CustomDiffWithAll( + pluginsdk.ForceNewIfChange("sku", func(ctx context.Context, old, new, meta interface{}) bool { + // downgrade the SKU is not supported, recreate the resource + if old.(string) != "" && new.(string) != "" { + return skuWeight[old.(string)] > skuWeight[new.(string)] + } + return false + }), + ), } } diff --git a/internal/services/network/bastion_host_resource_test.go b/internal/services/network/bastion_host_resource_test.go index 4229ea634d40..8c723dccea35 100644 --- a/internal/services/network/bastion_host_resource_test.go +++ b/internal/services/network/bastion_host_resource_test.go @@ -98,6 +98,28 @@ func TestAccBastionHost_scaleUnits(t *testing.T) { }) } +func TestAccBastionHost_sku(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_bastion_host", "test") + r := BastionHostResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.sku(data, "Basic"), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + { + Config: r.sku(data, "Standard"), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + }) +} + func (BastionHostResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) { id, err := parse.BastionHostID(state.ID) if err != nil { @@ -328,3 +350,51 @@ resource "azurerm_bastion_host" "test" { } `, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomInteger, data.RandomString, scaleUnits) } + +func (BastionHostResource) sku(data acceptance.TestData, sku string) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-bastion-%d" + location = "%s" +} + +resource "azurerm_virtual_network" "test" { + name = "acctestVNet%s" + address_space = ["192.168.1.0/24"] + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name +} + +resource "azurerm_subnet" "test" { + name = "AzureBastionSubnet" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefixes = ["192.168.1.224/27"] +} + +resource "azurerm_public_ip" "test" { + name = "acctestBastionPIP%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + allocation_method = "Static" + sku = "Standard" +} + +resource "azurerm_bastion_host" "test" { + name = "acctestBastion%s" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + sku = "%s" + + ip_configuration { + name = "ip-configuration" + subnet_id = azurerm_subnet.test.id + public_ip_address_id = azurerm_public_ip.test.id + } +} +`, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomInteger, data.RandomString, sku) +} diff --git a/website/docs/r/bastion_host.html.markdown b/website/docs/r/bastion_host.html.markdown index 4dcbc3063846..eb7041832363 100644 --- a/website/docs/r/bastion_host.html.markdown +++ b/website/docs/r/bastion_host.html.markdown @@ -74,6 +74,8 @@ The following arguments are supported: * `sku` - (Optional) The SKU of the Bastion Host. Accepted values are `Basic` and `Standard`. Defaults to `Basic`. +~> **Note** Downgrading the SKU will force a new resource to be created. + * `ip_configuration` - (Optional) A `ip_configuration` block as defined below. Changing this forces a new resource to be created. * `ip_connect_enabled` - (Optional) Is IP Connect feature enabled for the Bastion Host. Defaults to `false`.