Merge branch 'main' into prometheus-rule-group-doc-fix

.teamcity/components/build_azure.kt

@@ -42,6 +42,5 @@ fun ParametrizedWithType.ConfigureAzureSpecificTestParameters(environment: Strin
     hiddenVariable("env.ARM_TEST_LOCATION", locationsForEnv.primary, "The Primary region which should be used for testing")
     hiddenVariable("env.ARM_TEST_LOCATION_ALT", locationsForEnv.secondary, "The Secondary region which should be used for testing")
     hiddenVariable("env.ARM_TEST_LOCATION_ALT2", locationsForEnv.tertiary, "The Tertiary region which should be used for testing")
-    hiddenVariable("env.ARM_THREEPOINTZERO_BETA", "true", "Opt into the use of 3.0 beta resources")
-    hiddenVariable("env.ARM_FOURPOINTZERO_BETA", "true", "Opt into the use of 4.0 beta resources")
+    hiddenVariable("env.ARM_FIVEPOINTZERO_BETA", "false", "Opt into the 5.0 beta")
 }

CHANGELOG.md

@@ -1,3 +1,24 @@
+## 4.5.0 (Unreleased)
+
+BUG FIXES:
+
+* `azurerm_mssql_database` - now creates successfully when elastic pool is hyperscale [GH-27505]
+
+## 4.4.0 (October 04, 2024)
+
+ENHANCEMENTS: 
+
+* dependencies - update `github.com/hashicorp/go-azure-sdk` to `v0.20240923.1151247` ([#27491](https://github.com/hashicorp/terraform-provider-azurerm/issues/27491))
+* `azurerm_site_recovery_replicated_vm` - support for the `target_virtual_machine_size` property ([#27480](https://github.com/hashicorp/terraform-provider-azurerm/issues/27480))
+
+BUG FIXES:
+
+* `azurerm_app_service_certificate` - `key_vault_secret_id` can now be versionless ([#27537](https://github.com/hashicorp/terraform-provider-azurerm/issues/27537))
+* `azurerm_linux_virtual_machine_scale_set` - prevent crash when `auto_upgrade_minor_version_enabled` is nil ([#27353](https://github.com/hashicorp/terraform-provider-azurerm/issues/27353))
+* `azurerm_role_assignment` - correctly parse ID when it's a root or provider scope ([#27237](https://github.com/hashicorp/terraform-provider-azurerm/issues/27237))
+* `azurerm_storage_blob` - `source_content` is now ForceNew ([#27508](https://github.com/hashicorp/terraform-provider-azurerm/issues/27508))
+* `azurerm_virtual_network_gateway_connection` - revert `shared_key` to Optional and Computed ([#27560](https://github.com/hashicorp/terraform-provider-azurerm/issues/27560))
+
 ## 4.3.0 (September 19, 2024)
 
 FEATURES:

examples/sql-azure/sql_server_auditing_log_analytics/main.tf

@@ -32,25 +32,16 @@ resource "azurerm_monitor_diagnostic_setting" "example" {
   target_resource_id         = "${azurerm_mssql_server.example.id}/databases/master"
   log_analytics_workspace_id = azurerm_log_analytics_workspace.example.id
 
-  log {
+  enabled_log {
     category = "SQLSecurityAuditEvents"
-    enabled  = true
-
-    retention_policy {
-      enabled = false
-    }
   }
 
   metric {
     category = "AllMetrics"
-
-    retention_policy {
-      enabled = false
-    }
   }
 
   lifecycle {
-    ignore_changes = [log, metric]
+    ignore_changes = [enabled_log, metric]
   }
 }
 

go.mod

@@ -17,8 +17,8 @@ require (
 	github.com/google/go-cmp v0.6.0
 	github.com/google/uuid v1.6.0
 	github.com/hashicorp/go-azure-helpers v0.70.1
-	github.com/hashicorp/go-azure-sdk/resource-manager v0.20240906.1232634
-	github.com/hashicorp/go-azure-sdk/sdk v0.20240906.1232634
+	github.com/hashicorp/go-azure-sdk/resource-manager v0.20240923.1151247
+	github.com/hashicorp/go-azure-sdk/sdk v0.20240923.1151247
 	github.com/hashicorp/go-hclog v1.6.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-uuid v1.0.3

go.sum

@@ -93,10 +93,10 @@ github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-azure-helpers v0.70.1 h1:7hlnRrZobMZxpOzdlNEsayzAayj/KRG4wpDS1jgo4GM=
 github.com/hashicorp/go-azure-helpers v0.70.1/go.mod h1:BmbF4JDYXK5sEmFeU5hcn8Br21uElcqLfdQxjatwQKw=
-github.com/hashicorp/go-azure-sdk/resource-manager v0.20240906.1232634 h1:hsjAS5gcfhn5FdCiZ08nuAsvQJtlTEsGxJDxqBT6zoA=
-github.com/hashicorp/go-azure-sdk/resource-manager v0.20240906.1232634/go.mod h1:0IyF1dmWLHTZak+t9eQeg0VZ7rA/5du4swTm99NX+6I=
-github.com/hashicorp/go-azure-sdk/sdk v0.20240906.1232634 h1:FGtv7+jcrx2m35qEKjK177zRXoBmPn3WntuqtqjcHwM=
-github.com/hashicorp/go-azure-sdk/sdk v0.20240906.1232634/go.mod h1:dMKF6bXrgGmy1d3pLzkmBpG2JIHgSAV2/OMSCEgyMwE=
+github.com/hashicorp/go-azure-sdk/resource-manager v0.20240923.1151247 h1:G0gRbm6sT00wzkQeCexQzdH58QO6Liwd19V0wJSoVCA=
+github.com/hashicorp/go-azure-sdk/resource-manager v0.20240923.1151247/go.mod h1:JBcndQhypLhEDHUK7HNmM2e8WrEAnEua7SiJuw/z/po=
+github.com/hashicorp/go-azure-sdk/sdk v0.20240923.1151247 h1:kzNr/Oqfn72C+k9rL5/G/T3maNo1d87u1aAgjNsKOEQ=
+github.com/hashicorp/go-azure-sdk/sdk v0.20240923.1151247/go.mod h1:dMKF6bXrgGmy1d3pLzkmBpG2JIHgSAV2/OMSCEgyMwE=
 github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU=
 github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg=
 github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=

internal/features/five_point_oh.go

@@ -3,9 +3,14 @@
 
 package features
 
+import (
+	"os"
+	"strings"
+)
+
 // nolint gocritic
 // DeprecatedInFivePointOh returns the deprecation message if the provider
-// is running in 4.0 mode - otherwise is returns an empty string (such that
+// is running in 5.0 mode - otherwise returns an empty string (such that
 // this deprecation should be ignored).
 // This can be used for the following scenarios:
 //   - Signify resources which will be Deprecated in 5.0, but not Removed (which will happen in a later release).
@@ -18,7 +23,7 @@ func DeprecatedInFivePointOh(deprecationMessage string) string {
 	return deprecationMessage
 }
 
-// FourPointOh returns whether this provider is running in 5.0 mode
+// FivePointOh returns whether this provider is running in 5.0 mode
 // that is to say - the final 5.0 release
 //
 // This exists to allow breaking changes to be piped through the provider
@@ -32,6 +37,13 @@ func FivePointOh() bool {
 //
 // This exists to allow breaking changes to be piped through the provider
 // during the development of 4.x until 5.0 is ready.
+//
+// The environment variable `ARM_FIVEPOINTZERO_BETA` has been added
+// to facilitate testing. But it should be noted that
+// `ARM_FIVEPOINTZERO_BETA` is ** NOT READY FOR PUBLIC USE ** and
+// ** SHOULD NOT BE SET IN PRODUCTION ENVIRONMENTS **
+// Setting `ARM_FIVEPOINTZERO_BETA` will cause irreversible changes
+// to your state.
 func FivePointOhBeta() bool {
-	return FivePointOh() || false
+	return FivePointOh() || strings.EqualFold(os.Getenv("ARM_FIVEPOINTZERO_BETA"), "true")
 }

internal/services/authorization/models.go

@@ -0,0 +1,36 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package authorization
+
+import "github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2020-10-01/rolemanagementpolicies"
+
+var _ rolemanagementpolicies.RoleManagementPolicyRule = RoleManagementPolicyRule{}
+
+// RoleManagementPolicyRule is a temporary workaround because the child models for rolemanagementpolicies.RoleManagementPolicyRule
+// do not yet exist, due to issues resolving these child types in the Pandora importer.
+// TODO: replace this type with the correct child models from the SDK package, once they are implemented
+type RoleManagementPolicyRule struct {
+	Id       *string                                             `json:"id,omitempty"`
+	RuleType rolemanagementpolicies.RoleManagementPolicyRuleType `json:"ruleType"`
+
+	ClaimValue                 *string                `json:"claimValue,omitempty"`
+	EnabledRules               *[]string              `json:"enabledRules,omitempty"`
+	IsDefaultRecipientsEnabled *bool                  `json:"isDefaultRecipientsEnabled"`
+	IsEnabled                  *bool                  `json:"isEnabled,omitempty"`
+	IsExpirationRequired       *bool                  `json:"isExpirationRequired,omitempty"`
+	MaximumDuration            *string                `json:"maximumDuration,omitempty"`
+	NotificationLevel          *string                `json:"notificationLevel"`
+	NotificationRecipients     *[]string              `json:"notificationRecipients"`
+	NotificationType           *string                `json:"notificationType"`
+	RecipientType              *string                `json:"recipientType"`
+	Setting                    map[string]interface{} `json:"setting,omitempty"`
+	Target                     map[string]interface{} `json:"target,omitempty"`
+}
+
+func (r RoleManagementPolicyRule) RoleManagementPolicyRule() rolemanagementpolicies.BaseRoleManagementPolicyRuleImpl {
+	return rolemanagementpolicies.BaseRoleManagementPolicyRuleImpl{
+		Id:       r.Id,
+		RuleType: r.RuleType,
+	}
+}

internal/services/authorization/parse/role_assignment.go

@@ -96,8 +96,18 @@ func (id RoleAssignmentId) AzureResourceID() string {
 		return fmt.Sprintf(fmtString, id.Name)
 	}
 
-	fmtString := "/subscriptions/%s/providers/Microsoft.Authorization/roleAssignments/%s"
-	return fmt.Sprintf(fmtString, id.SubscriptionID, id.Name)
+	if id.SubscriptionID != "" {
+		fmtString := "/subscriptions/%s/providers/Microsoft.Authorization/roleAssignments/%s"
+		return fmt.Sprintf(fmtString, id.SubscriptionID, id.Name)
+	}
+
+	if id.ResourceProvider != "" {
+		fmtString := "/providers/%s/providers/Microsoft.Authorization/roleAssignments/%s"
+		return fmt.Sprintf(fmtString, id.ResourceProvider, id.Name)
+	}
+
+	fmtString := "/providers/Microsoft.Authorization/roleAssignments/%s"
+	return fmt.Sprintf(fmtString, id.Name)
 }
 
 func (id RoleAssignmentId) ID() string {
@@ -179,6 +189,22 @@ func RoleAssignmentID(input string) (*RoleAssignmentId, error) {
 		}
 		roleAssignmentId.Name = idParts[1]
 		roleAssignmentId.ManagementGroup = strings.TrimPrefix(idParts[0], "/providers/Microsoft.Management/managementGroups/")
+	case strings.HasPrefix(input, "/providers/") && !strings.HasPrefix(input, "/providers/Microsoft.Authorization/roleAssignments"):
+		idParts := strings.Split(input, "/providers/Microsoft.Authorization/roleAssignments/")
+		if len(idParts) != 2 {
+			return nil, fmt.Errorf("could not parse Role Assignment ID %q for Resource Provider", input)
+		}
+		if idParts[1] == "" {
+			return nil, fmt.Errorf("ID was missing a value for the roleAssignments element")
+		}
+		roleAssignmentId.Name = idParts[1]
+		roleAssignmentId.ResourceProvider = strings.TrimPrefix(idParts[0], "/providers/")
+	case strings.HasPrefix(input, "/providers/Microsoft.Authorization/roleAssignments"):
+		name := strings.TrimPrefix(input, "/providers/Microsoft.Authorization/roleAssignments/")
+		if name == "" {
+			return nil, fmt.Errorf("ID was missing a value for the roleAssignments element")
+		}
+		roleAssignmentId.Name = name
 	default:
 		return nil, fmt.Errorf("could not parse Role Assignment ID %q", input)
 	}

internal/services/authorization/parse/role_assignment_test.go

@@ -255,6 +255,30 @@ func TestRoleAssignmentID(t *testing.T) {
 				TenantId:         "34567812-3456-7653-6742-345678901234",
 			},
 		},
+		{
+			Input: "/providers/Microsoft.Capacity/providers/Microsoft.Authorization/roleAssignments/23456781-2349-8764-5631-234567890121",
+			Expected: &RoleAssignmentId{
+				SubscriptionID:   "",
+				ResourceGroup:    "",
+				ResourceProvider: "Microsoft.Capacity",
+				ResourceScope:    "",
+				ManagementGroup:  "",
+				Name:             "23456781-2349-8764-5631-234567890121",
+				TenantId:         "34567812-3456-7653-6742-345678901234",
+			},
+		},
+		{
+			Input: "/providers/Microsoft.Authorization/roleAssignments/23456781-2349-8764-5631-234567890121",
+			Expected: &RoleAssignmentId{
+				SubscriptionID:   "",
+				ResourceGroup:    "",
+				ResourceProvider: "",
+				ResourceScope:    "",
+				ManagementGroup:  "",
+				Name:             "23456781-2349-8764-5631-234567890121",
+				TenantId:         "34567812-3456-7653-6742-345678901234",
+			},
+		},
 	}
 
 	for _, v := range testData {

internal/services/authorization/role_management_policy.go

@@ -103,12 +103,12 @@ func buildRoleManagementPolicyForUpdate(metadata *sdk.ResourceMetaData, rolePoli
 				target = targetRaw.(map[string]interface{})
 			}
 
-			updatedRules = append(updatedRules, map[string]interface{}{
-				"id":                   id,
-				"ruleType":             ruleType,
-				"target":               target,
-				"isExpirationRequired": expirationRequired,
-				"maximumDuration":      maximumDuration,
+			updatedRules = append(updatedRules, RoleManagementPolicyRule{
+				Id:                   pointer.To(id),
+				RuleType:             rolemanagementpolicies.RoleManagementPolicyRuleType(ruleType),
+				Target:               target,
+				IsExpirationRequired: pointer.To(expirationRequired),
+				MaximumDuration:      pointer.To(maximumDuration),
 			})
 		}
 	}
@@ -143,11 +143,11 @@ func buildRoleManagementPolicyForUpdate(metadata *sdk.ResourceMetaData, rolePoli
 				target = targetRaw.(map[string]interface{})
 			}
 
-			updatedRules = append(updatedRules, map[string]interface{}{
-				"id":           id,
-				"ruleType":     ruleType,
-				"target":       target,
-				"enabledRules": enabledRules,
+			updatedRules = append(updatedRules, RoleManagementPolicyRule{
+				Id:           pointer.To(id),
+				RuleType:     rolemanagementpolicies.RoleManagementPolicyRuleType(ruleType),
+				Target:       target,
+				EnabledRules: pointer.To(enabledRules),
 			})
 		}
 	}
@@ -187,12 +187,12 @@ func buildRoleManagementPolicyForUpdate(metadata *sdk.ResourceMetaData, rolePoli
 				target = targetRaw.(map[string]interface{})
 			}
 
-			updatedRules = append(updatedRules, map[string]interface{}{
-				"id":                   id,
-				"ruleType":             ruleType,
-				"target":               target,
-				"isExpirationRequired": expirationRequired,
-				"maximumDuration":      maximumDuration,
+			updatedRules = append(updatedRules, RoleManagementPolicyRule{
+				Id:                   pointer.To(id),
+				RuleType:             rolemanagementpolicies.RoleManagementPolicyRuleType(ruleType),
+				Target:               target,
+				IsExpirationRequired: pointer.To(expirationRequired),
+				MaximumDuration:      pointer.To(maximumDuration),
 			})
 		}
 	}
@@ -214,11 +214,11 @@ func buildRoleManagementPolicyForUpdate(metadata *sdk.ResourceMetaData, rolePoli
 				maximumDuration = model.ActivationRules[0].MaximumDuration
 			}
 
-			updatedRules = append(updatedRules, map[string]interface{}{
-				"id":              id,
-				"ruleType":        ruleType,
-				"target":          target,
-				"maximumDuration": maximumDuration,
+			updatedRules = append(updatedRules, RoleManagementPolicyRule{
+				Id:              pointer.To(id),
+				RuleType:        rolemanagementpolicies.RoleManagementPolicyRuleType(ruleType),
+				Target:          target,
+				MaximumDuration: pointer.To(maximumDuration),
 			})
 		}
 	}
@@ -288,11 +288,11 @@ func buildRoleManagementPolicyForUpdate(metadata *sdk.ResourceMetaData, rolePoli
 				target = targetRaw.(map[string]interface{})
 			}
 
-			updatedRules = append(updatedRules, map[string]interface{}{
-				"id":       id,
-				"ruleType": ruleType,
-				"target":   target,
-				"setting": map[string]interface{}{
+			updatedRules = append(updatedRules, RoleManagementPolicyRule{
+				Id:       pointer.To(id),
+				RuleType: rolemanagementpolicies.RoleManagementPolicyRuleType(ruleType),
+				Target:   target,
+				Setting: map[string]interface{}{
 					"isApprovalRequired": approvalReqd,
 					"approvalStages":     approvalStages,
 				},
@@ -327,12 +327,12 @@ func buildRoleManagementPolicyForUpdate(metadata *sdk.ResourceMetaData, rolePoli
 				target = targetRaw.(map[string]interface{})
 			}
 
-			updatedRules = append(updatedRules, map[string]interface{}{
-				"id":         id,
-				"ruleType":   ruleType,
-				"target":     target,
-				"isEnabled":  isEnabled,
-				"claimValue": claimValue,
+			updatedRules = append(updatedRules, RoleManagementPolicyRule{
+				Id:         pointer.To(id),
+				RuleType:   rolemanagementpolicies.RoleManagementPolicyRuleType(ruleType),
+				Target:     target,
+				IsEnabled:  pointer.To(isEnabled),
+				ClaimValue: pointer.To(claimValue),
 			})
 		}
 	}
@@ -366,11 +366,11 @@ func buildRoleManagementPolicyForUpdate(metadata *sdk.ResourceMetaData, rolePoli
 				target = targetRaw.(map[string]interface{})
 			}
 
-			updatedRules = append(updatedRules, map[string]interface{}{
-				"id":           id,
-				"ruleType":     ruleType,
-				"target":       target,
-				"enabledRules": enabledRules,
+			updatedRules = append(updatedRules, RoleManagementPolicyRule{
+				Id:           pointer.To(id),
+				RuleType:     rolemanagementpolicies.RoleManagementPolicyRuleType(ruleType),
+				Target:       target,
+				EnabledRules: pointer.To(enabledRules),
 			})
 		}
 	}
@@ -595,15 +595,15 @@ func expandNotificationSettings(rule rolemanagementpolicies.RawRoleManagementPol
 		notificationType = notificationTypeRaw.(string)
 	}
 
-	return map[string]interface{}{
-		"id":                         id,
-		"ruleType":                   ruleType,
-		"target":                     target,
-		"recipientType":              recipientType,
-		"notificationType":           notificationType,
-		"notificationLevel":          level,
-		"isDefaultRecipientsEnabled": defaultRecipients,
-		"notificationRecipients":     additionalRecipients,
+	return RoleManagementPolicyRule{
+		Id:                         pointer.To(id),
+		RuleType:                   rolemanagementpolicies.RoleManagementPolicyRuleType(ruleType),
+		Target:                     target,
+		RecipientType:              pointer.To(recipientType),
+		NotificationType:           pointer.To(notificationType),
+		NotificationLevel:          pointer.To(level),
+		IsDefaultRecipientsEnabled: pointer.To(defaultRecipients),
+		NotificationRecipients:     pointer.To(additionalRecipients),
 	}
 }
 

internal/services/azurestackhci/stack_hci_deployment_setting_resource.go

@@ -1,3 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
 package azurestackhci
 
 import (