Skip to content

Commit

Permalink
Merge pull request #4670 from notchairmk/firewall-zones
Browse files Browse the repository at this point in the history
azure firewall - support for zones
  • Loading branch information
tombuildsstuff authored Oct 21, 2019

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
2 parents f0e18fe + ddcdf94 commit e885f77
Showing 4 changed files with 116 additions and 0 deletions.
24 changes: 24 additions & 0 deletions azurerm/helpers/azure/zones.go
Original file line number Diff line number Diff line change
@@ -25,6 +25,18 @@ func SchemaSingleZone() *schema.Schema {
}
}

func SchemaMultipleZones() *schema.Schema {
return &schema.Schema{
Type: schema.TypeList,
Optional: true,
ForceNew: true,
MinItems: 1,
Elem: &schema.Schema{
Type: schema.TypeString,
},
}
}

func SchemaZonesComputed() *schema.Schema {
return &schema.Schema{
Type: schema.TypeList,
@@ -47,3 +59,15 @@ func ExpandZones(v []interface{}) *[]string {
return nil
}
}

func FlattenZones(v *[]string) []interface{} {
zones := make([]interface{}, 0)
if v == nil {
return zones
}

for _, s := range *v {
zones = append(zones, s)
}
return zones
}
8 changes: 8 additions & 0 deletions azurerm/resource_arm_firewall.go
Original file line number Diff line number Diff line change
@@ -89,6 +89,8 @@ func resourceArmFirewall() *schema.Resource {
},
},

"zones": azure.SchemaMultipleZones(),

"tags": tags.Schema(),
},
}
@@ -120,6 +122,7 @@ func resourceArmFirewallCreateUpdate(d *schema.ResourceData, meta interface{}) e
location := azure.NormalizeLocation(d.Get("location").(string))
t := d.Get("tags").(map[string]interface{})
ipConfigs, subnetToLock, vnetToLock, err := expandArmFirewallIPConfigurations(d)
zones := azure.ExpandZones(d.Get("zones").([]interface{}))
if err != nil {
return fmt.Errorf("Error Building list of Azure Firewall IP Configurations: %+v", err)
}
@@ -139,6 +142,7 @@ func resourceArmFirewallCreateUpdate(d *schema.ResourceData, meta interface{}) e
AzureFirewallPropertiesFormat: &network.AzureFirewallPropertiesFormat{
IPConfigurations: ipConfigs,
},
Zones: zones,
}

if !d.IsNewResource() {
@@ -217,6 +221,10 @@ func resourceArmFirewallRead(d *schema.ResourceData, meta interface{}) error {
}
}

if err := d.Set("zones", azure.FlattenZones(read.Zones)); err != nil {
return fmt.Errorf("Error setting `zones`: %+v", err)
}

return tags.FlattenAndSet(d, read.Tags)
}

80 changes: 80 additions & 0 deletions azurerm/resource_arm_firewall_test.go
Original file line number Diff line number Diff line change
@@ -176,6 +176,40 @@ func TestAccAzureRMFirewall_withTags(t *testing.T) {
})
}

func TestAccAzureRMFirewall_withZones(t *testing.T) {
resourceName := "azurerm_firewall.test"
rInt := tf.AccRandTimeInt()
location := testLocation()
zones := []string{"1"}
zonesUpdate := []string{"1", "3"}

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testCheckAzureRMFirewallDestroy,
Steps: []resource.TestStep{
{
Config: testAccAzureRMFirewall_withZones(rInt, location, zones),
Check: resource.ComposeTestCheckFunc(
testCheckAzureRMFirewallExists(resourceName),
resource.TestCheckResourceAttr(resourceName, "zones.#", "1"),
resource.TestCheckResourceAttr(resourceName, "zones.0", "1"),
),
},
{
Config: testAccAzureRMFirewall_withZones(rInt, location, zonesUpdate),
Check: resource.ComposeTestCheckFunc(

testCheckAzureRMFirewallExists(resourceName),
resource.TestCheckResourceAttr(resourceName, "zones.#", "2"),
resource.TestCheckResourceAttr(resourceName, "zones.0", "1"),
resource.TestCheckResourceAttr(resourceName, "zones.1", "3"),
),
},
},
})
}

func TestAccAzureRMFirewall_disappears(t *testing.T) {
resourceName := "azurerm_firewall.test"
ri := tf.AccRandTimeInt()
@@ -481,3 +515,49 @@ resource "azurerm_firewall" "test" {
}
`, rInt, location, rInt, rInt, rInt)
}

func testAccAzureRMFirewall_withZones(rInt int, location string, zones []string) string {
zoneString := strings.Join(zones, ",")
return fmt.Sprintf(`
resource "azurerm_resource_group" "test" {
name = "acctestRG-%d"
location = "%s"
}
resource "azurerm_virtual_network" "test" {
name = "acctestvirtnet%d"
address_space = ["10.0.0.0/16"]
location = "${azurerm_resource_group.test.location}"
resource_group_name = "${azurerm_resource_group.test.name}"
}
resource "azurerm_subnet" "test" {
name = "AzureFirewallSubnet"
resource_group_name = "${azurerm_resource_group.test.name}"
virtual_network_name = "${azurerm_virtual_network.test.name}"
address_prefix = "10.0.1.0/24"
}
resource "azurerm_public_ip" "test" {
name = "acctestpip%d"
location = "${azurerm_resource_group.test.location}"
resource_group_name = "${azurerm_resource_group.test.name}"
allocation_method = "Static"
sku = "Standard"
}
resource "azurerm_firewall" "test" {
name = "acctestfirewall%d"
location = "${azurerm_resource_group.test.location}"
resource_group_name = "${azurerm_resource_group.test.name}"
ip_configuration {
name = "configuration"
subnet_id = "${azurerm_subnet.test.id}"
public_ip_address_id = "${azurerm_public_ip.test.id}"
}
zones = [%s]
}
`, rInt, location, rInt, rInt, rInt, zoneString)
}
4 changes: 4 additions & 0 deletions website/docs/r/firewall.html.markdown
Original file line number Diff line number Diff line change
@@ -66,6 +66,10 @@ The following arguments are supported:

* `ip_configuration` - (Required) A `ip_configuration` block as documented below.

* `zones` - (Optional) Specifies the availability zones in which the Azure Firewall should be created.

-> **Please Note**: Availability Zones are [only supported in several regions at this time](https://docs.microsoft.com/en-us/azure/availability-zones/az-overview).

* `tags` - (Optional) A mapping of tags to assign to the resource.

---

0 comments on commit e885f77

Please sign in to comment.