-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Key Vault secret from azurerm_api_management_named_value #10416
Comments
Hi, When I wrote this feature request, I was able to finalize the Key Vault configuration with Named Values in GUI, and next plan didn't have any issue to detect this drift. I'm not sure why I got this error on new plan now, I didn't upgrade providers since last time IIRC but not 100% sure. I link new named values for a 2nd dedicated Key Vault, it's the main change that I did recently. By the way, it could be very nice to have this feature ^^ Regards |
Where did you took this from? keyvault_enabled doesn't exists and as of "hashicorp" documentation, now there is no possibility to do this. Please provide more details as I really need this on my project these days. Regards, |
Hi @imiacat , Thank you for your response. I got this error when I just start a tf plan with refresh. The only workaround that I have is to disable refresh. In more, i've the same error if I use PowerShell ARM with a cmdlet like Get-AzApiManagementNamedValueSecretValue. What do you need as more details ? I'm working in this project too, and the this tf project is almost broken, and very active. So i can give you further details and more debug logs if need, just let me know exactly what you need. Regards |
Hi @alex-3sr, thank you for reply. |
Perhaps for the implementation support for both the id value and the versionless_id value would be possible to allow control over the refresh functionality to be handled by the end-user.
Example: resource "azurerm_api_management_named_value" "apim_namedvalue_example1" {
name = "example-1"
resource_group_name = azurerm_resource_group.rg.name
api_management_name = azurerm_api_management.apim.name
display_name = "example-1"
value = azurerm_key_vault_secret.kvsecret_example1.versionless_id
secret = true
keyvault_enabled = true
} |
Hi! |
Hi, I think that will be in short time, the PR seem to be ok -> #12309 |
This functionality has been released in v2.68.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
sdkv2 shim - storage (#11952) Fix app service ase name check (#11891) Add note to avoid conflicts when enabling AGIC (#11954) update dependencies: vendoring the generated AppConfig SDK appconfiguration: refactoring to use the generated sdk sdk/appconfig: making the methods private golangci-lint: upping the max chars for a naked func to 40 The SDK should always be 38 chars, but this gives a little wiggle room upping from the existing value of 30 linting: fixing the whitespace updating to include #11959 `azurerm_kubernetes_cluster`: fix spelling sdkv2 shim - cosmos Oranize and dedupe imports refactor: updating the remaining importers to use Plugin SDKv2 wrappers (#11963) * refactor: updating the remaining importers to use Plugin SDKv2 wrappers * linting: removing an overridden context update `make goimports` step and tidy all go imports (#11953) `azurerm_storage_account_network_rules` and `azurerm_storage_account` - `private_link_access` supports more values (#11957) Update changelog for #11957 `storage`: Fix ID for `storage_share_resource_manager` (#11828) Update changelog for #11828 `azurerm_synapse_spark_pool` - `spark_version` now supports 3.0 #11972 Update changelog for #11972 r/(linux|windows)_virtual_machine(_scale_set): support for Force Delete (#11216) Co-authored-by: kt <[email protected]> Fixes #11089 CHANGELOG.md for #11216 Fix acctest `TestAccMsSqlVirtualMachine_storageConfiguration` (#11956) `azurerm_key_vault_certificate_data`: Support certificate bundles and add support for ECDSA keys (#11974) Potentially fixes #10909 CHANGELOG.md for #11974 fix(devspaces): remove devspaces provider auto-registration (#11822) Remove DevSpaces provider auto-registration. Closes #11821 changelog md for #11822 Update CHANGELOG.md sdk: vendoring the generated eventhub sdk eventhub: refactoring atop the generated sdk sdk: downgrading to the `2017-04-01` API for some sdks r/eventhub_authorization_rule: fixing a logic error sdk/eventhub: switching consumergroups to using API Version 2017-04-01 sdk/eventhubs: downgrading checknameavailabilitydisasterrecoveryconfigs to API version 2017-04-01 refactor: DisasterRecoveryNameAvailableClient -> DisasterRecoveryNameAvailabilityClient r/eventhub_cluster: nil-checking capacity linting fixes r/eventhub_cluster: using the poller's http response vendoring v0.16.3 of github.com/hashicorp/go-azure-helpers go mod tidy updating to include #11973 v2.61.0 sdkv2 shim - compute (#11969) adding a placeholder for 2.62.0 `azurerm_container_registry`: support for versionless encryption keys for ACR (#11856) Update changelog for #11856 sdkv2 shim - containers (#11990) sdkv2 shim - eventhub (#11993) sdkv2 - One more wrap (#11995) Fix markdown bullet rendered as header (#12010) Add sensitive to instrumentation_key docs (#12015) revert Migrate most GitHub HashiBot behaviors to GitHub Actions (#12030) Reference: https://github.com/terraform-providers/.hashibot/blob/master/.hashibot.hcl The `terraform-providers` organization-level configuration for these behaviors will be removed after this repository change. The `pull_request_size_labeler` and `release_commenter` behaviors will be handled in later changes. `kubernetes_cluster`: Support for `gateway_name` for Application Gateway add-on (#11984) Update changelog for #11984 New resource `azurerm_postgresql_flexible_server_firewall_rule` (#11834) New resource azurerm_postgresql_flexible_server_firewall_rule #11834 CHANGELOG.md for #11834 New resource `azurerm_vmware_express_route_authorization` (#11812) Fix:#9283 --- PASS: TestAccVmwareAuthorization_basic (15817.58s) --- PASS: TestAccVmwareAuthorization_requiresImport (15908.18s) CHANGELOG.md for #11812 r/azurerm_api_management_api_subscription: support for `api_id` (#12025) Fixes #12016 . Enables the configuration of subscriptions per API. The test passed: CHANGELOG.md for #12025 Set `active_directory` in `azurerm_storage_account` Computed (#12022) Fix #11997 Local test has passed. refactor "azurerm_data_factory" to use generated resource id (#12014) `azurerm_machine_learning_inference_cluster` - update to allow use of Microsoft ssl certificates (add `leaf_domain_label`) (#11830) Co-authored-by: Michael Gross <[email protected]> CHANGELOG.md for #11830 Add ID attribute to postgres server data source (#12005) Fix `containerDeleteRetentionPolicy` and `lastAccessTimeTrackingPolicy` are not supported in AzureUSGovernment (#11960) FIx #11772 --- PASS: TestAccStorageAccount_blobProperties_containerAndLastAccessTimeDisabled (252.05s) CHANGELOG.md for #11960 "azurerm_role_assignment" supports property "delegated_managed_identity_resource_id" (#11848) * "azurerm_role_assignment" supports property "delegated_managed_identity_resource_id" * update * update Co-authored-by: kt <[email protected]> CHANGELOG.md for #11848 `azurerm_kubernetes_cluster`: Support update of `azure_rbac_enabled` (#12029) Update changelog for #12029 `azurem_kubernetes_cluster`/`azurerm_kubernetes_cluster_node_pool`: support for `node_public_ip_prefix_id` (#11635) Update changelog for #11635 `azurerm_kubernetes_cluster`: docs regarding Public Preview `azure_rbac_enabled` removed #12040 CHANGELOG.md for #11670 Update app_service_certificate_binding.html.markdown (#12051) New resource `azurerm_storage_object_replication_policy` (#11744) Fix: #8647 --- PASS: TestAccStorageObjectReplicationPolicy_basic (205.37s) --- PASS: TestAccStorageObjectReplicationPolicy_requiresImport (222.11s) --- PASS: TestAccStorageObjectReplicationPolicy_complete (200.17s) -- PASS: TestAccStorageObjectReplicationPolicy_update (562.02s) CHANGELOG.md for #11744 add resource azurerm_data_protection_backup_vault (#11955) CHANGELOG.md for #11955 `postgres_server`: Update Postgres server admin password only on change (#12008) Fixes #12007 @reviewer: Do we consider this as a breaking change or not? Should we introduce a test to check this behaviour? CHANGELOG.md for #12008 azurerm_app_service_environment - support for `internal_ip_address`, `service_ip_address`, `outbound_ip_addresses` (#12026) Return the VipInfo for the ASE on create. This is required for configuration of external Azure resources (e.g. App Gateway WAF). Using the data provider will cause failures if the resource doesn't exist. This is the preferred solution. CHANGELOG.md for #12026 v2.62.0 Fix acctests for `azurerm_api_management` (#12056) update network sdk to 2020-11-01 (#11627) Co-authored-by: jackofallops <[email protected]> CHANGELOG.md for #11627 Support for `UserAssignedIdentity` in `azurerm_storage_account` (#11752) Fix #11751 --- PASS: TestAccStorageAccount_systemAssignedIdentity (160.00s) --- PASS: TestAccStorageAccount_userAssignedIdentity (171.82s) --- PASS: TestAccStorageAccount_systemAssignedUserAssignedIdentity (171.53s) --- PASS: TestAccStorageAccount_updateResourceByEnablingIdentity (421.15s) CHANGELOG.md for #11752 fix a crash when body format changed (#11847) To address this issue #5163 After deploying tf configs, user can edit it on azure portal, although user may not change any codes in code view, but if user click save button, then the attribute body's format will be changed to json object, then it caused crash. Refactor `azurerm_network_watcher_flow_log` and add supports for `location` and `tags` (#11670) This refactors the azurerm_network_watcher_flow_log to using its own separate endpoint - rather than using the configureFlowLog endpoint of the Network Watcher (more details here) This PR is implemented in a way to avoid breaking changes on the existing instances and ensure backward compatiblility (locally tested). Besides, I've modified the test cases to make them sequential - the prior implementation actually are still running in parallel at the end. Fixes: #11587 CHANGELOG.md fix for #11670 BUG: Read on tags incorrectly sets all tag values to last value in EventHub and AppConfiguration (#12062) Update CHANGELOG.md for #12062 `azurerm_kubernetes_cluster`: Support migration of `service_principal` to `identity` (#12049) Update changelog for #12049 `monitor_autoscale_setting.html.markdown` - mark `rule` block as optional (#12067) fix spelling of compatibility in GitHub workflows (#12075) `azurerm_subscription` - fix ability to specify `DevTest` as `workload` (#12066) Co-authored-by: Tom Bamford <[email protected]> Update CHANGELOG.md for #12066 `api_management_subscription.html.markdown` - added `primary_key` and `secondary_key` to docs (#12092) `azurerm_kubernetes_cluster`: Support for BYO `kubelet_identity` (#12037) Update changelog for #12037 Support for Debuggable Provider Binaries (#11855) fix error creating zone-redundant ip in central us euap (#12080) The constant [1,2,3] is used to create zone-redundant resource, however, in location Central US EUAP, the available zones are [1,2], then it will throw an exception like the following error: Code="InvalidAvailabilityZone" Message="The zone(s) '3' for resource 'Microsoft.Network/publicIPAddresses/acctestpublicip-henglu-02' is not supported. The supported zones for location 'centraluseuap' are '1,2' It can be easily fixed by using [1,2], it can create zone-redundant resources in Central US EUAP and other locations. `data.azurerm_synapse_workspace`: Add `identity` attribute #12098 Update changelog for #12098 `azurerm_role_assignment`: Fix assignments to resources (#12076) Fixes #12074 Fixes #12060 Fixes #12057 Fixes #12079 Fixes #12078 Fixes #12087 Related to/similar for [go-azure-helpers](https://github.com/hashicorp/go-azure-helpers): [this PR](https://github.com/hashicorp/go-azure-helpers/pull/79) dependencies: vendoring v0.16.5 of github.com/hashicorp/go-azure-helpers (#12116) * dependencies: vendoring v0.16.4 of github.com/hashicorp/go-azure-helpers * update to v0.16.5 * go mod tidy Co-authored-by: kt <[email protected]> testing: running tests using Terraform 1.0 (#12118) docs: update start_date to make example valid (#12121) if time_grain is "Monthly", then there are 2 conditions start_date for monthly time grain should not be prior to current month start_date of the budget cannot be more than 1 year into the future this fix makes the example valid for a year `azurerm_data_factory_linked_service_sql_server`: add `key_vault_connection_string` argument (#12117) * `azurerm_data_factory_linked_service_sql_server`: add `key_vault_connection_string` argument * Redo the logic a bit * Add block docs to docs * And sort those alphabetically * Address feedback Update to include #12117 Update CHANGELOG.md for Hotfix release 2.62.1 Guest config docs (#12120) Co-authored-by: Mark Gray <mark,[email protected]> `role_definition.html.markdown` - Swap description for `id` and `role_definition_id` (#12144) `azurerm_data_factory_linked_service_azure_sql_database`: add `key_vault_connection_string_property` (#12139) Update changelog for #12139 Support for `composite_index` and `partition_key_version` in `azurerm_cosmosdb_gremlin_graph` (#11693) CHANGELOG.md for #11693 azurerm_virtual_network_gateway - mark `peering_addresses` as O+C (#11789) Fixes #11758 remove duplicate property (#12165) docs: fix allowed values by moving them to name (#12123) azurerm_data_factory_dataset_azure_blob - support dynamic_filename_enabled & dynamic_path_enabled (#12034) part of issue #10081 both fold and filename could be dynamic content CHANGELOG.md for #12034 "azurerm_sentinel_alert_rule_scheduled" - Fix query frequency validation (#12164) Azure Sentinel have recently expand the query_frequency parameter to support up to fourteen days rather than a 24 hours. Quick bugfix reflects this. Resolves #12031 Self tested and validated. Can add a test specifically for this if required. CHANGELOG.md for #12164 "azurerm_virtual_desktop_* version upgrade: 2019-12-10-preview -> 2020-11-02-preview & azurerm_virtual_desktop_host_pool - suppot start_vm_on_connect (#12160) Upgrade of sdk for "azurerm_virtual_desktop_* + added support for field start_vm_on_connect in "azurerm_virtual_desktop_host_pool" CHANGELOG.md for #12160 azurerm_data_factory_dataset_delimited_text - supports the `azure_blob_fs_location` property (#12041) CHANGELOG.md for #12041 Add support for status property of azurerm_eventhub (#12043) CHANGELOG.md for #12043 streamanalytics version upgrade: 2016-03-01 -> 2020-03-01-preview (#12133) CHANGELOG.md for #12133 `azurerm_storage_account_customer_managed_key` - allow use of keys from key vaults in remote subscription (#12142) fixes #6298 CHANGELOG.md for #12142 new resource "azurerm_data_factory_linked_service_kusto" (#12152) CHANGELOG.md for #12152 new resource "azurerm_data_factory_linked_service_azure_search" (#12122) CHANGELOG.md for #12122 "azurerm_data_factory_linked_service_data_lake_storage_gen2" - supports property "storage_account_key" (#12136) this linked service supports three authentication: storage_account_key, service principal, managed identity this PR add supports for storage_account_key authentication. Besides, according to docs.microsoft.com/en-us/azure/data-factory/connector-azure-data-lake-storage#linked-service-properties. url, accountKey is required when using Account key authentication. accountKey not returned in response. url, servicePrincipalId, servicePrincipalCredential, tenant is required when using service principal authentication url is needed when using msi authentication. So I added some limitation for tenant schema. because accountKey is not returned in response, in the read function, it's hard to know whether users are using Account key authentication or msi authentication. So I removed the d.set("use_use_managed_identity", xxx). CHANGELOG.md for #12136 Add support for multiple auth types for azurerm_vpn_server_configuration (#12085) CHANGELOG.md for #12085 AKS azure_policy, StorageAccount min_tls_version, and StorageAccount allow_blob_public_access now supported in Azure China (#12097) "azurerm_kusto_cluster_customer_managed_key" - supports property "user_identity" (#12135) CHANGELOG.md for #12135 v2.63.0 Update CHANGELOG.md Support for `spatial_index` in `azurerm_cosmosdb_sql_container` (#11625) Fix #8817 --- PASS: TestAccCosmosDbSqlContainer_indexing_policy (1559.79s) CHANGELOG.md for #11625 Fix acctests in api management (#12173) .github/workflows: Fix waiting-response label removal (#12188) `azurerm_monitor_metric_alert`: Support `StartsWith` dimension operator (#12181) Update changelog for #12181 Migrate GitHub HashiBot release_commenter behavior to GitHub Actions (#12094) GitHub HashiBot is in the process of being decommissioned in preference of GitHub Actions. Migrate from GitHub HashiBot pull_request_size_labeler behavior to GitHub Actions (#12189) new resource - `azurerm_machine_learning_compute_cluster` (#11675) Fixes #11254 CHANGELOG.md for #11675 `synapse`: Upgrade API to `2021-03-01` and add `data_exfiltration_protection_enabled` argument (#12183) Fixes #12182 CHANGELOG.md for #12183 Upgrade Go-SDK version to v55.2 (#12153) CHANGELOG.md for #12153 refactor: moving new components over to the shim refactor: removing an unused migration scripts: adding an alias for structure refactor: migrating `structure` usages over to `pluginsdk` updating the todo reverting: LB uses the unaliased importer I could have sworn I'd done this.. refactor: updating the mssql state upgrader to use the alias removing a duplicate import add resource "azurerm_data_protection_backup_policy_postgresql" (#12072) CHANGELOG.md for #12072 migrate `azurerm_synapse_role_assignment` to support new roles and scopes (#11690) Co-authored-by: kt <[email protected]> fix #10141 in old api version, the only supported role is Workspace Admin, Sql Admin and Apache Spark Admin. The scope is workspace. in new api version, exsiting roles are renamed and new roles are added, Users could also specify different scope: workspace, spark pool or others (not suported in terraform, so not added in this PR) . CHANGELOG.md for #11690 New resource: azurerm_eventhub_namespace_customer_managed_key (#12159) Currently, The EventHub Namespace resource doesn't support to enable customer-managed key encryption. So I submitted this PR to implement it. The encryption property only can be set on an existing resource. --- PASS: TestAccEventHubNamespaceCustomerManagedKey_basic (15164.75s) --- PASS: TestAccEventHubNamespaceCustomerManagedKey_complete (15168.92s) --- PASS: TestAccEventHubNamespaceCustomerManagedKey_update (15377.69s) --- PASS: TestAccEventHubNamespaceCustomerManagedKey_requiresImport (15387.40s) API Reference: Azure/azure-rest-api-specs@d3a5ab5/specification/eventhub/resource-manager/Microsoft.EventHub/preview/2021-01-01-preview/namespaces-preview.json#L662 CHANGELOG.md for #12159 Support for `client_certificate_enabled`, `gateway_disabled`, `min_api_version` and `zones` in `azurerm_api_management` (#12125) Fix #8529 CHANGELOG.md for #12125 `azurerm_data_factory` - support for `global_parameter` (#12178) Update changelog for #12178 azurerm_postgresql_flexible_server - Remove invalid possible value for the `zone` argument (#12218) "azurerm_kubernetes_cluster" and "azurerm_kubernetes_cluster_node_pool" supports "kubelet_config", "linux_os_config" (#11119) Co-authored-by: Matthew Frahry <[email protected]> two new blocks in node pool: kubelet_config and linux_os_config linux_os_config contains a sub block "sysctl_config", which could set the the kernel parameters, could refer to kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster this two blocks are forcenew fields, if we try to update it, the rest api will report error code: CustomKubeletConfigOrCustomLinuxOSConfigCanNotBeChanged. CHANGELOG.md for #11119 New Resource - `azurerm_kubernetes_cluster_pod_identity` (#11492) * new resource "azurerm_kubernetes_cluster_pod_identity" * update * rebase and refactor the codes * update * add link to terraform plugin sdk issue * rebase Update CHANGELOG.md for #11429 `azurerm_stream_analytics_job` - add supports for `identity` (#12171) Fixes #12096 CHANGELOG.md for #12171 Support for `spatial_index` in `azurerm_cosmos_gremlin_graph` (#12176) CHANGELOG.md for #12176] Revert "New Resource - `azurerm_kubernetes_cluster_pod_identity` (#11492)" This reverts commit db2d2a109f0d18f5fe325d1db6777a271226d1e1. reverting #11429 New Resource: `azurerm_data_factory_linked_service_odata` (#11556) Update changelog for #11556 `azurerm_lb` - fix zone behaviour bug introduced in recent API upgrade (#12208) * fix zone behavior change for loadbalancer * add test for availability_zone * add test for single zone * Apply document suggestions from code review Co-authored-by: WS <[email protected]> * fix acctest test * add todo for replacing hardcode with getting zone list by resource api * remove comments Co-authored-by: WS <[email protected]> Update CHANGELOG.md for #12208 azurerm_container_registry - Support for zone_redundancy_enabled for both the ACR and each georeplications block Co-Authored-By: Tom Bamford <[email protected]> container_registry_resource: add nil checks and minor doc wording Changelog for #11706 Updated link to ignore_changes documentation (#12239) New datasource: `azurerm_key_vault_secrets` (#12147) Co-authored-by: kt <[email protected] Fixes #12146 CHANGELOG.md for #12147 Fix reference to data source in outputs block (#12248) Issue is described in #12249 Azure does not support changing a load balancer ID on an existing resource. Resource needs to be recreated to update this value. I have tested this locally and confirmed the desired result: CHANGELOG.md for #12250 Support for `share_properties` in `azurerm_storage_account` (#12103) Fix #7115 All tests have passed. CHANGELOG.md for #12103 New resource `azurerm_api_management_redis_cache` (#12174) Fix #4765 --- PASS: TestAccApiManagementCache_basic (1980.64s) --- PASS: TestAccApiManagementCache_requiresImport (2013.39s) --- PASS: TestAccApiManagementCache_complete (1991.81s) --- PASS: TestAccApiManagementCache_update (2277.54s) CHANGELOG.md for #12174 New Resource `azurerm_virtual_desktop_application` (#12077) Co-authored-by: Alex Wilcox <[email protected]> Co-authored-by: Alex W <[email protected]> Resolves #11722 I'll mark this no longer a draft when I have tests and documentation in place. Also do I need the schema migration functions? I added them as all the other desktop virtualization resources have one but I wasn't sure if this is needed for a brand new resource? Thanks CHANGELOG.md for #12077 azurerm_application_gateway - correctly poopulat the `identity` block (#12226) This PR fixes the helper flatten/expand functionality of the userAssigned identity in the identity package. Meanwhile, also fixes the only place that the prior errorneous user assigned identity is used, namely the azurerm_application_gateway data source. CHANGELOG.md for #12226 Update to azurerm virtual machine boot diagnostic block (#12206) Fix missing schema definition in terraform state (#12039) Add support for Swagger based schema definitions. Additional changes: add checks in test that verify, that state includes requested schema wait in resourceApiManagementApiSchemaCreateUpdate until resource is created to avoid race with following GET, which results in inconsistent state (resource created but not present in state) add suppress.JsonDiff for suppression of non-essential changes in JSON's Fixes #12002. CHANGELOG.md for #12039 Update CHANGELOG.md CHANGELOG.md for #11690 improve docs for virtual WAN resources (#12259) Co-authored-by: kt <[email protected]> v2.64.0 update Go SDK to v55.3.0 extend the `azurerm_security_center_server_vulnerability_assessment` delete timeout updating to include #12263 "azurerm_data_factory" - migrate to the correct ID format when resource name is in upper case data_factory: use uppercase in test resource names Changelog for #12128 refactor: updating the imports for Plugin SDK2 dependencies: vendoring v2.6.1 of github.com/hashicorp/terraform-plugin-sdk refactor: minimum viable changes necessary for PluginSDK2 to work updating the task list removing the azuread provider go mod vendor refactor: removing the dependency on github.com/hashicorp/terraform-plugin-sdk/acctest removing github.com/hashicorp/terraform-plugin-sdk/helper/acctest updating the todo's typed resources: support for diagnostics updating github.com/Azure/go-autorest to latest reverting a couple of replacement issues sdk: fixing the unit tests Plugin SDKv2 now correctly outputs the `%` value which was omitted from Plugin SDK v1 so patching the tests to account for it refactor: updating WaitForState to use WaitForStateContext linting fixes linting provider: usign the passed-in context r/data_factory_linked_service_odata: refactoring to use Plugin SDKv2 dataprotection: upgrading to Plugin SDKv2 synapse: upgrading to Plugin SDKv2 r/api_management_redis_cache: updating to use the pluginsdk alias provider: matching the behaviour of AAD removing the plugin sdk2 todo Update azurerm/internal/acceptance/testcase.go Co-authored-by: Tom Bamford <[email protected]> Update azurerm/internal/provider/provider.go Co-authored-by: Tom Bamford <[email protected]> Update azurerm/internal/provider/provider.go Co-authored-by: Tom Bamford <[email protected]> Update azurerm/internal/sdk/wrapper_resource.go Co-authored-by: Tom Bamford <[email protected]> fixing the linting updating to include #12209 Fix backup_policy_vm documentation (#12270) sdk: upgrading the Eventhub SDK to 2021-01-01-preview eventhub: updating to the latest sdk changes updating to include #12290 linting: ignoring the RetryError funcs for the moment (#12275) Fix `long_term_retention_policy` validation and expansion (#12198) Policy Definition Groups Update on when changed (#12279) testing: registering the AzureAD Provider Turns out in Plugin SDK2 that providers which aren't imported need to be registered, as such this commit does that - so that those tests pass again. Add support for the categories property of azurerm_security_center_assessment_metadata (#12278) Currently, azurerm_security_center_assessment_metadata cannot set the categories of resource that is at risk when the Security Center Assessment is unhealthy. So submitted this PR to support it. --- PASS: TestAccSecurityCenterAssessmentMetadata_complete (164.20s) --- PASS: TestAccSecurityCenterAssessmentMetadata_basic (165.24s) --- PASS: TestAccSecurityCenterAssessmentMetadata_categories (166.01s) --- PASS: TestAccSecurityCenterAssessmentMetadata_update (270.68s) CHANGELOG.md for #12278 azurerm_express_route_circuit_peering - support for bandwidth_in_gbps, express_route_port_id (#12289) Co-authored-by: neil-yechenwei <[email protected]> Co-authored-by: xuzhang3 <Zhangxu894765> CHANGELOG.md for #12289 Support for azurerm_kusto_iothub_data_connection missing table_name, mapping_rule_name, data_format (#12293) Changelog for #12293 New Resource - `azurerm_hpc_cache_blob_nfs_target` (#11671) CHANGLOG.md for #11671 New resource: `azurerm_nat_gateway_public_ip_prefix_association` (#12353) In order to align behavior between Public IP association and Public IP Prefix association to NAT Gateway I'd like to introduce a new virtual resource (similar to the one added in #6450 and #7106). At the same time adding deprecation warning to public_ip_prefix_ids in NAT Gateway. CHANGELOG.md for #12353 Update `azurerm_linux|windows_virtual_machine` - enable update for `proximity_placement_group_id` (#11790) Fixes #11515 CHANGELOG.md for #11790 identity - support `SystemAssignedUserAssigned` (#12230) fix: wrong order of arguments and attributes (#12350) CHANGELOG.md for #12220 add resource "azurerm_data_protection_backup_instance_postgresql" rename policy_id to backup_policy_id fix acc test Add StateChangeConf support plugin sdk v2 replace deprecated func fix bug remove response.WasNotFound check remove vault_name, use valut_id Update website/docs/r/data_protection_backup_instance_postgresql.html.markdown v2.65.0 empty changelog for 2.66.0 Fix migrating-to-azuread guide documentation (#12365) Markdown issue for `Updating the Provider block` subheading. azurerm_hdinsight_kafka_cluster no longer panics from an empty component_version (#12261) Co-authored-by: Xiaochuan Gong <[email protected]> CHNAGELOG>md for #12261 "azurerm_lighthouse_definition" - supports block "plan" (#12360) this "plan" property is used to bind a marketplace plan. It needs the permission of partner center. Users could refer to docs.microsoft.com/en-us/azure/lighthouse/concepts/managed-services-offers. to run the acctest, we need to pass the variables about marketplace offer through env CHNAGELOG.md for #12360 `azurerm_app_service` - fix app_setting and SCM setting ordering (#12280) Update CHANGELOG.md for #12280 Updated Azure Hybrid Benefit Link (#12397) Fix acctest "TestAccAzureRMApiManagementGroupUser" (#12382) fixed azurerm_spatial_anchors_account tags argument always forces replacement of spatial_anchors_account resource #11037 (#11985) CHANGELOG.md for #11985 Fix issue labelling (#12393) new resource "azurerm_data_factory_linked_custom_service" (#12224) fix #9860 fix #9431 a generic resource for data factory linked service. Users could use a json string and construct a specific type linked service. the same with azure cli implementation docs.microsoft.com/en-us/cli/azure/datafactory/linked-service?view=azure-cli-latest#az_datafactory_linked_service_create there are some sensitive properties in property_json not returned in the response, so not set it in read function and no supressDiff func. CHANGELOG.md for #12224 New resource `azurerm_api_management_api_operation_tag` (#12384) CHANGELOG.md for #12384 Support for `client_certificate_id` in `azurerm_api_management_backend` (#12402) CHANGELOG.md for #12402 `azurerm_site_recovery_replicated_vm` - Add support for `target_disk_encryption_set_id` in `managed_disk` (#12374) Update changelog for #12374 azurerm_batch_account - support for public_network_access_enabled (#12401) CHANGELOG.md for #12401 r/cognitive_services: updating to API Version `2021-04-30` & conditionally purging soft deleted accounts during deletion (#12281) Fixes #12258 CHANGELOG.md for #12281 New resource: azurerm_express_route_connection (#11320) CHANGELOG.md for #11320 Support for `revision_description`, `version_description` and `source_api_id` in `azurerm_api_management_api` (#12266) Fix #12265 CHANGELOG.md for #12266 new resource "azurerm_data_factory_trigger_blob_event" (#12330) fix #7574 CHANGELOG.md for #12330 Fix `Default value must be present in the list of values` when defaultValue is not set in `azurerm_api_management_api_operation` (#12306) Fix #12295 New resource azurerm_express_route_circuit_connection (#11303) Co-authored-by: xuzhang3 <Zhangxu894765> Co-authored-by: neil-yechenwei <[email protected]> CHANGELOG.xmd for #11303 Add None to compression types (#12409) In the Azure UI Compression type includes the option None from the dropdown. Not sure why it's not an available option. Fix typo in docs (#12404) dependencies: upgrading github.com/hashicorp/terraform-plugin-sdk to 2.7.0 (#12427) Required to test with Terraform 1.0.1 (which is now installed in Github Actions by default) policy: fixing and superseding `azurerm_policy_assignment` (#12349) Update changelog for #12349 "azurerm_kubernetes_cluster" supports "fips_enabled", "kubelet_disk_type", "license" and "azurerm_kubernetes_cluster_node_pool" supports "fips_enabled", "kubelet_disk_type" (#11835) CHANGELOG.md for #11835 New resource: azurerm_tenant_configuration (#11697) Update CHANGELOG.md for #11697 Data Source: `azurerm_app_service_environment_v3` - fix id processing for Read (#12436) Update CHANGELOG.md for #12436 Add missing advanced filter operators * add string_not_ends_with, string_not_begins_with, string_not_contains Add missing advanced filter operators * add is_not_null, is_null_or_undefined, number_in_range, number_not_in_range fix lint findings Fix whitespace Test and documentation for azurerm_eventgrid_system_topic_event_subscription Fix panic due to invalid conversion * Fix interface conversion * Fix invalid address error on number_not_in_range Split test resources for eventgrid subscription filters to avoid maximum value count imposed by API. Add customizediff function to catch at plan time. Changelog for #12167 tests/provider: Fix tfproviderlint R006 ignore comments (#12446) The heuristics within `tfproviderlint` cannot determine that `github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/pluginsdk.RetryableError` is equivalent to `github.com/hashicorp/terraform-plugin-sdk/helper/resource.RetryableError` for the `R006` pass. Until an enhancement can potentially be made to allow passing an alias package path, this fixes the ignore comment to be at the end of the anonymous function definition since it is within a wrapping function call and allows the report to be properly skipped. `azurerm_traffic_manager_endpoint` - supports for `min_child_endpoints_ipv4` and `min_child_endpoints_ipv6` (#12400) CHANGELOG.md for #12400 v2.66.0 docs: rename monitor_action_group to fix refs (#12457) Updated storage share directory name regex to allow underscore (#12454) * updated storage share directory name regex to allow underscore * updated storage share directory name regex to allow underscore update changelog.md for #12454 Update security_center_subscription_pricing docs (#12481) Updated changelog for #12481 `azurerm_storage_management_policy` - fix panic in slice/array return (#12487) update CHANGELOG.md for #12487 docs: constraint on contacts in notification block (#12471) azurerm_storage_account - add ForceNew to account_replication_type (#12479) * update account_replication_type property in storage_account_resource with ForceNew true * Updated azurerm_storage_account doc Updated changelog for #12479 service/kusto: fix APRACHEAVRO data_format validation (#12480) Updated changelog for 12480 make additional locations not ForceNew add additional locations update test goimports sorting Changelog for #12468 azurerm_network_watcher_flow_log - document update import directives (#12498) adding #12497 * Rename resource and deprecate the old one * Raise the undead code... Updating to include #12497 Use Consumption_0 to speed up tests `azurerm_api_management_gateway`: new resource/data source (#12297) * `azurerm_api_management_gateway`: resource and data source * fix test double quote * Update azurerm/internal/services/apimanagement/api_management_gateway_resource.go * Update azurerm/internal/services/apimanagement/api_management_gateway_resource.go * Update azurerm/internal/services/apimanagement/api_management_gateway_resource.go * Update azurerm/internal/services/apimanagement/api_management_gateway_resource.go * Update website/docs/d/api_management_gateway.html.markdown * Update website/docs/d/api_management_gateway.html.markdown * Update website/docs/d/api_management_gateway.html.markdown Co-authored-by: Tom Bamford <[email protected]> Changelog for #12297 `azurerm_site_recovery_replicated_vm ` - Fix potential crash in reading `managed_disk` properties (#12509) Update CHANGELOG.md for #12509 `azurerm_automation_dsc_nodeconfiguration` - fix typo in config (#12517) Fix azurerm_automation_variable type parsing logic (#12511) Update CHANGELOG.md for #12511 Avoid panic if RG or ASE do not exist when creating an App Service (#12518) Since the `Get` function of the `AppServices` client does not return an error if the resource is not found, the code behaves as if everything is fine and attempts to access fields of a struct that have not been un-marshalled, since the API responded with 404. Update CHANGELOG.md for #12518 azurerm_data_factory_dataset_parquet - azure_blob_storage_location.filename is now optional (#12414) CHANGELOG.md for #12414 Add support for the categories property of azurerm_security_center_assessment_policy (#12383) The PR 12278 has been merged for supporting "categories" in azurerm_security_center_assessment_metadata. Seems I also need to add support for the categories property in azurerm_security_center_assessment_policy. Could you help have an another review? Thanks in advance. --- PASS: TestAccSecurityCenterAssessmentPolicy_categories (181.28s) --- PASS: TestAccSecurityCenterAssessmentPolicy_complete (182.80s) --- PASS: TestAccSecurityCenterAssessmentPolicy_basic (183.52s) --- PASS: TestAccSecurityCenterAssessmentPolicy_update (285.11s) CHANGELOG.md for #12383 `azurerm_postgresql_flexible_server` update postgres flexserver api version to 2021-06-01 (#12405) Changes: Update flexserver api version to 2021-06-01 Complete flexserver tests use postgres version 13 now Noteworthy Changes: cmk_enabled (byokEnforcement) is not exposed in 2021-06-01 anymore Postgres version 13 also available now effected resources azurerm_postgresql_flexible_server azurerm_postgresql_flexible_server_firewall_rule Datasource: azurerm_postgresql_flexible_server This PR address: Support PostgreSQL Flexible Server Version 13 #12375 New Resource azurerm_postgresql_flexible_server_configuration #12294 Support for postgresql flexible server database, configuration and firewall_rule #11538 CHANGELOG.md for #12405 add deprecation meesage for "azurerm_data_factory_integration_runtime_managed" (#12499) Use d.GetOk to set the parameters property of azurerm_bot_connection (#12500) Currently, the TCs related with BotService Connection are failed. After investigated, seems currently the API behavior would fail to create bot connection when the parameters property is []. After checked, seems currently this property is optional and it would be set as [] in TF when it isn't specified in tfconfig. I assume we should use d.GetOk() for this optional property. So I submitted this PR to fix this issue. backup_policy_vm_resource - Corrected error message (#12526) azurerm_hdinsight_kafka_cluster - corrected property name to tls_min_version in docs (#12525) fixes #10183 api_management - Removed policy block from api_management docs example (#12524) fixes #9908 azurerm_kusto_eventhub_data_connection - Add $Default as a valid name for consumer_group (#12523) fixes #11958 Remove validation for null_value (#12410) Co-authored-by: kt <[email protected]> Updated azurerm_machine_learning_compute_cluster documentation (#12508) * Updated documentation * Reverted documentation change for subnet resource id. Change will be done in separate PR. include fix for #9785 * Current progress * Enable CMK working * Add validation for cmk * Add nil check for amlWorkspaceID * Attempt to fix complete test case * remove maxitems from storage_account_identity * Fix lint errors * Modify test TestAccDatabricksWorkspace_update * Remove the set for ui_definition_uri * Update test cases * Add test cases for new attributes * Fixing test again * Commenting out unused test code for now * Update azurerm/internal/services/databricks/databricks_workspace_resource.go Co-authored-by: kt <[email protected]> * Update azurerm/internal/services/databricks/databricks_workspace_resource.go Co-authored-by: kt <[email protected]> * Update azurerm/internal/services/databricks/databricks_workspace_resource.go Co-authored-by: kt <[email protected]> * Address PR comments... * Update validation checks * Fix lint error * Refactoring validation for readability * Refactor the world * Fixing my dyslexia in my uber comment... * Update tests * Bug fix * Moved managed CMK code * Remove computed from custom_parameters * Revert update to custom_parameters * Enable CMK tests * Middle of massive refactor to new resource * Moved to new resource * terrafmt documentation * Fix test case * Add new step to test case * Update import test * Update import test * Update importer setId * Additional test updates * Fix lint errors * Import fix * moved cmk out of custom params * terrafmt * Another terrafmt * Update tests to validate parent resource * Update CMK to always pass all custom params * Fixing my dyslexia again * Update delete to pass all params * Add dependency on CMK for access policy * Wait a minute... Strike that. Reverse it. * no_public_ip cannot be changed once set * Fix invalid update and infra tests * Fix test cleanup configurations * Fix update test as everything is force new * Trying unhook the associations so destroy works * Remove just the subnet delegation * Delete the NSG first the the delegation * Remove assoc order * Modify step one of cleanup * Disable no public ip in clean up * remove deprecated attributes from tests * Documentation update only... * Remove the local specific URL from the docs... * Address PR comments * Force databricks deletion first * Remove fix for broken tests * add workspace dependency on nsg * Strike that, reverse it... * Not the NSG the NSGA Co-authored-by: kt <[email protected]> update to include #12331 adjust keyvault url validation (#12529) fix typo and acctest for `azurerm_data_factory_integration_runtime_self_hosted` (#12532) v2.67.0 empty changelog for 2.68.0 Update BotService SDK to 2021-03-01 (#12449) Update BotService SDK to 2021-03-01. Mainly in order to support new introduced properties and resources. I've rerun the TCs to avoid regression issue. Below is the test result and it's same with the test result which doesn't involve this PR. So although there is failed tc in test result, but I think it isn't related with this PR. CHANGELOG.md for #12449 azurerm_cognitive_account supports identity storage disable_local_auth fqdns public_network_access_enabled and restrict_outbound_network_access (#12469) azurerm_cognitive_account supports identity storage disable_local_auth fqdns public_network_access_enabled and restrict_outbound_network_access The tests are listed as the followings. CHANGELOG.md for #12469 Changelog for #12309 Support for `data_masking` in `azurerm_api_management_api_diagnostic` (#12419) Fix #12418 CHANGELOG.md for #12419 Fix breaking change of requiring `private_dns_zone_id` in `azurerm_postgresql_flexible_server` (#12288) Fix #12053 CHANGELOG.md for #12288 Support for `value_from_key_vault` in `azurerm_api_management_named_value` (#12309) Fix #10416 Fix windows function apps on premium plans (#12553) The settings WEBSITE_CONTENTAZUREFILECONNECTIONSTRING and WEBSITE_CONTENTSHARE are required for windows function apps on Premium V1/V2/V3 plans. Currently Terraform removes these settings when functions are hosted on premium plans rendering the function useless as it can't find its code. This PR checks for the prefix of premium to handle the case when further premium plans are released. Ref: docs.microsoft.com/en-us/azure/azure-functions/functions-app-settings#website_contentazurefileconnectionstring Ref: docs.microsoft.com/en-us/azure/azure-functions/functions-app-settings#website_contentshare fix tflint errors (#12554) network_watcher_flow_log - truncate name in case length larger than 80 (#12533) This PR "silently" truncate the name of the network watcher flow log (which is now constructed by combining the resource group name and the NSG name) to be less than 80 in length, which is required by the flow log API. This might be needed since otherwise the users will have to tune the length of the resource group name or the NSG name, in order to make the flow log API happy, which is kind of weired. However, there are some further concerns: If the name pattern of the resource group name or the NSG name doesn't conform to the flow log pattern, there is nothing can be done in the provider code to work around that Before the refactoring in Refactor azurerm_network_watcher_flow_log and add supports for location and tags #11670, the configureFlowLog endpoint is used to create the flow log. The created flow log CAN has name longer than 80 in length. This means if we merge this PR, it will break the users who created a long name flow log prior to Refactor azurerm_network_watcher_flow_log and add supports for location and tags #11670, and wants to use the latest provider to import that resource. Once we are in v3, we can remove all these hairy code and expose the name property, adding any constraint (length, pattern) on the name. Fix #12460 (blocking an enterprise customer). Upgrade Go-SDK to v55.5.0 (#12435) CHANGELOG.md for #12435 Tooling: TeamCity cron based scheduling (#12549) azurerm_powerbi_embedded - add mode attribute to support Gen2 (#12394) * Update PBI SDK to 2021-01-01 * mode for powrebi embedded * Doc * Linting * Tidy up powerbi tests * Fix tflint Co-authored-by: Tom Bamford <[email protected]> Changelog for #12394 New Resource `azurerm_postgresql_flexible_server_configuration` (#12294) * Add New Resource azurerm_postgresql_flexible_server_configuration (#11538) Signed-off-by: Nick Metz <[email protected]> * PR: #12294 - use server_id instead of server_name in postgresql_flexible_server_configuration resource - construct id for d.SetId(id.ID()) by FlexibleServerConfigurationId in update func - remove error prefix of error messages - improve error messages while update, delete, wait - use state.ID in tests and rename test func according to convention - update documentation remove resource group and server_name, add server_id - validate name and value is not empty - remove checking resource not found at deletion Signed-off-by: Nick Metz <[email protected]> * Rename resource files, tidy up error messages Co-authored-by: Tom Bamford <[email protected]> Changelog for #12294 Don't allow license_type to be set for serverless SQL databases (#12555) Serverless databases do not support a license type[0]. When we pull the database information from the API, `licenseType` is set to `null`, which causes plans to always have a pending change when users set `license_type`. This change causes the provider to throw an error before creating (or updating) the resource. [0]: https://docs.microsoft.com/en-us/azure/azure-sql/azure-hybrid-benefit Changelog for #12555 azurerm_redis_cache: support the maintenance_window property (#12472) Changelog for #12472 Add os_type validation string for Windows function app, where input is an empty string azurerm_function_app: default value for `os_type` Changelog for #12482 `azurerm_databricks_workspace` - Add test case for API regression (#12601) AccTests: update cron days (#12602) Fix un-necessary VMSS instance rolling request (#12590) Rolling VMSS instances when upgrade mode is set to `Automatic` is only allowed of the image version is set to `latest`, otherwise we get the following error: ``` The OS Rolling Upgrade API cannot be used on a Virtual Machine Scale Set unless the Virtual Machine Scale Set has some unprotected instances which have imageReference.version set to latest. ``` This change makes sure we only roll instances if the image version is `latest`. The VMSS will roll instances on its own for non-latest images as long as upgrade_type is set to `Automatic`. Changelog for #12590 New resource `azurerm_api_management_api_release` (#12562) Changelog for #12562 new resource "azurerm_synapse_private_link_hub" (#12495) * Add support for Synapse Private Link Hub resources Signed-off-by: Owen Farrell <[email protected]> * Apply suggestions from code review Co-authored-by: Tom Bamford <[email protected]> * Apply acceptance test suggestions from code review Co-authored-by: Tom Bamford <[email protected]> * Autogenerate Synapse Private Link Hub ID source Signed-off-by: Owen Farrell <[email protected]> * Test import of Synapse Private Link Hub Signed-off-by: Owen Farrell <[email protected]> Co-authored-by: Tom Bamford <[email protected]> Changelog for #12495 `azurerm_subnet_network_security_group_association` fix potential deadlock when using multiple association resources. (#12267) Update CHANGELOG.md for #12267 Fix issue triage labelling and waiting-response handling repo-token should be github_token remove labels individually azurerm_container_registry: allowing the principal_id and tenant_id to be exported (#12378) This is to help issue #9955 by adding support to expose the prinicpal_id and tenant_id from the container registry identity block with systemAssigned managed identities. CHANGELOG.md for #12378 add resource "azurerm_data_protection_backup_policy_disk" (#12361) To address this issue: #11768 The tests are listed as the following. CHANGELOG.md for #12361 Data source - Added for azurerm_local_network_gateway (#12579) fixes #10834 CHANGELOG.md for #12579 azurerm_cognitive_account supports ignore_missing_vnet_service_endpoint (#12600) CHANGELOG.md for #12600 Update CHANGELOG.md new resource "azurerm_data_factory_custom_dataset" (#12484) generic resource about dataset notes: according to the service team, structure is deprecated and schema is prefered. So in this resource, I didn't imeplement structure property. schema is type interface, according to the service team, it could be either a object or an array. So I also made it a json string. In the acctest, both cases are covered. CHANGELOG.md for #12484 Support for `user_assigned_identity_id` in `azurerm_storage_account_customer_managed_key` (#12516) Close #12489 CHANGELOG.md for #12516 Update `azurerm_maintenance_configuration` / New resource `azurerm_maintenance_assignment_virtual_machine_scale_set` (#12273) Update to the latest maintenance API version Add support for visibility, window and properties New resource azurerm_maintenance_assignment_virtual_machine_scale_set CHANGELOG>md for #12273 Don't force new resource when modifying additional subnet IDs of azurerm_api_management (#12611) Adding and removing subnet IDs (via the additional_locations block) should not result in a new api management resource. CHANGELOG.md for #12611 `azurerm_key_vault_access_policy`: Extra nil check to prevent crash (#12576) (#12616) Fixes #12576 CHANGELOG.md for #12616 Infrastructure Encryption Fix (#12614) "azurerm_data_factory" - supports property "managed_virtual_network_enabled" (#12343) fix #10542 CHANGELOG.md for #12343 `azurerm_data_factory_dataset_binary`: New resource (#12369) CHANGELOG.md for #12369 r/`machine_learning_compute_cluster`: make `subnet_resource_id` optional (#12558) PR to address complaint in #12508 that subnet_resource_id is not really optional. CHANGELOG>md for #12558 v2.68.0 `make goimports` support Linux (make `sed` option OS-aware) (#12571) * make the sed OS-aware in goimport-file.sh & run it * refine * refine per review Bump azure-sdk to 55.6 (#12565) Co-authored-by: xuzhang3 <Zhangxu894765> Update CHANGELOG.md for #12565 policy: fix typo in example usage (#12634) Support for `high_availability` in `azurerm_postgresql_flexible_server` (#12587) * update * revert * update * update * Fix unneeded dereference * update Co-authored-by: Tom Bamford <[email protected]> Changelog for #12587 Rename Private Link Hub source files per convention Signed-off-by: Owen Farrell <[email protected]> azurerm_data_factory_integration_runtime_azure_ssis - support public_ips, express_custom_setup, package_store, proxy (#12545) * enhancement for `azurerm_data_factory_integration_runtime_azure_ssis` * remove unnecessary trailing newline * update * refactor "env" to "environment" CHANGELOG>md for #12545 "azurerm_data_factory_integration_runtime_azure" - supports property "virtual_network_enabled" (#12619) CHANGELOG.md for #12619 Support azurerm_api_management_named_value. updating to include #12641 r/eventhub_authorization_rule: only returning an error when there's an error This fixes #12387 by conditionally returning the error rather than always when this is nil. updating to include #12642 New resource - `azurerm_batch_job` (#12573) Fixes #7862. CHANGELOG.md for #12573 azurerm_bot_channels_registration - support for cmk_key_vault_url, description, icon_url, isolated_network_enabled (#12560) CHANGELOG.md for #12560 add resource "azurerm_data_protection_backup_policy_blob_storage" (#12362) To address issue : #12318 and #12389 CHANGELOG.MD FOR #12362 new resource "azurerm_data_factory_managed_private_endpoint" (#12618) fix #12364 CHANGELOG.md for #12618 updating to use Go 1.16.6 `azurerm_kubernetes_cluster`: Support for downgrade `sku_tier` remove default `sku_tier` value from testcase updating to include #12651 synapse: embedding a Track1 Data Plane SDK Return an error when ssl policy is not properly configured (#12647) Azure does not allow setting disabled protocols when using a custom or a predefined policy type. Up until now when a user supplied both the provider silently ignored the policy type changed and kept only the disabled protocols configuration. This change throws an error durring the planning phase instead and asks the user to fix their configuration. Changelog for #12647 cosmosdb sql function docs fix (#12662) * cosmosdb sql function docs fix * rename the file to the correct value Add support for maintenanceWindow property of azurerm_redis_cache data source (#12666) * Add support for maintenanceWindow property of azurerm_redis_cache data source * update code Changelog for #12666 fix additional properties for Changelog for #12664 fix crash when create compute cluster without specifying subnetId (#12658) * fix crash when create machine learning compute cluster without specifying subnetId * add nil-check on props Changelog for #12658 "azurerm_data_factory_integration_runtime_azure_ssis" - supports "key_vault_password", "key_vault_license" for "express_custom_setup" (#12659) for the "express_custom_setup", "command_key" and "component" supports key vault secret reference, this PR adds support for this feature. CHANGELOG.md for #12659 New Resource: azurerm_signalr_service_network_acl (#12434) Currently, azurerm_signalr_service doesn't support to set network access control for SignalR. After investigated, I think we cannot implement the networkACL property in azurerrm_signalr_service. Because service team confirmed that we must create private endpoint (Here private endpoint is created by azurerm_private_endpoint) which is referencing the existing SignalR resource (Here signalr resource is created by azurerm_signalr_service) first before updating the networkACL.privateEndpoint property of the existing SignalR resource. If we implement networkACL.privateEndpoint in azurerm_signalr_service, it would cause the issue of circular reference between azurerm_private_endpoint and azurerm_signalr_service. So we have to make this property as a separate resource. Overview: docs.microsoft.com/en-us/azure/azure-signalr/howto-network-access-control CHANGELOG.md for #12434 New Resource: azurerm_bot_channel_web_chat (#12672) CHANGELOG.md for #12672 GHA: disable whitespace linter and update job params (#12690) Updated account_replication_type validation (#12645) Updated changelog for #12645 Enabling advanced_filtering_on_arrays_enabled (#12609) * enabling advanced_filtering_on_arrays_enabled * fixing the pointer instead of bool * updated test case `advanced_filtering_on_arrays_enabled` * fixing the bool assignment * default to false * Enabling advanced_filtering_on_arrays_enabled on event grid system subscription * Fixing format by terrafmt fmt * fixing golint * Resolving wordings for doc Co-authored-by: Tom Bamford <[email protected]> * Resolving wordings for doc Co-authored-by: Tom Bamford <[email protected]> Co-authored-by: Tom Bamford <[email protected]> Changelog for #12609 support for Azure Event Hubs Namespace Premium tier (#12695) Adds support for the Premium tier of the event hubs namespace resource. It is not possible to actually move from/to that tier so setting the sku to `Premium` forces the resource to be re-created. This will also throw an error if someone attempts to create a premium namespace without setting zone_redundant to true. Changelog for #12695 New resource: azurerm_virtual_network_dns_servers New resources: azurerm_active_directory_domain_service and azurerm_active_directory_domain_service_replica_set Documentation for azurerm_active_directory_domain_service Review: use common base64 string validation func in log_analytics_storage_insights resource Review: trim attribute naming boilerplate, add a comment rationalising the test Remove DONOTDELETE tag from test configs, change resource group name prefix Remove support for the `resource_forest` block until we have a way to test it aadds: improve wording for filtered_sync property Note in docs clarifying the supported operation modes for Domain Services Changelog for #10782 Adding #12687 * azurerm_kusto_eventgrid_data_connection Adding validation support for ORC * Adding all other data formats support for EventGrid according to https://github.com/Azure/azure-rest-api-specs/blob/master/specification/azure-kusto/resource-manager/Microsoft.Kusto/stable/2020-09-18/kusto.json * adding supported format to the documentation Updating to include #12687 New resource: azurerm_api_management_gateway_api (#12398) * added the azurerm gateway and azurerm gateway api resource Signed-off-by: Paul Plavetzki <[email protected]> * fixed some linting errors Signed-off-by: Paul Plavetzki <[email protected]> * removed dups Signed-off-by: Paul Plavetzki <[email protected]> * updating the tests Signed-off-by: Paul Plavetzki <[email protected]> * updated test script Signed-off-by: Paul Plavetzki <[email protected]> * fixed import issues Signed-off-by: Paul Plavetzki <[email protected]> * updated based on feedback from pr Signed-off-by: Paul Plavetzki <[email protected]> * updated tests Signed-off-by: Paul Plavetzki <[email protected]> * fixed all tests Signed-off-by: Paul Plavetzki <[email protected]> Changelog for #12398 v2.69.0 eventhubs: removing direct usages on the Azure SDK for Eventhub r/eventhub_namespace: removing the old azure sdk usage dependencies: removing the old eventhubs sdk Add reference to official databricks provider Update active_directory_domain_service.html.markdown `name` is deprecated in `azuread_group` - replaced with `display_name` `r/logic_app_workflow`: add extra nil checking `azurerm_eventgrid_event_subscription` docs: Add missing newline (#12712) msi: vendoring the embedded sdk msi: porting over to use the embedded sdk msi: adding an alias since this is commonly used across the codebase dependencies: removing the old azure sdk for managed identity updating to include #12715 Update active_directory_domain_service.html.markdown `location` can not be set in `initial_replica_set` - docs (below) does not contain it either maps: vendoring the embedded accounts sdk maps: refactoring to use the existing ID Parser maps: refactoring to use the ID Parsers from the SDK maps: refactoring to use the embedded sdk updating to include #12716 update docs - make the dns_prefix in azurerm_kubernetes_cluster to be… (#12724) Closes dns_prefix argument is required for k8s cluster declarations, despite docs saying it's optional #12649 Updating the docs accordingly to what @manicminer say in the comments in the issues. Make the dns_prefix a mandatory field in the azurerm_kubernetes_cluster. update Revert "update" This reverts commit 617dad277a0893f021992b5e82236a4265992f43.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Description
Hi All,
Recently, now APIM Named Values support sensitive data directly from Key Vault, like we can have from other services as webapp, functionapp, ... It can be really useful to support it directly on azurerm_api_management_named_value
New or Affected Resource(s)
Potential Terraform Configuration
The code could like as purposed above, with just add keyvault_enabled as True/False boolean, and on value to use the uri Id of key vaul secrets reference. If keyvault_enabled is set to False, the value is set as string, else as Key Vault references.
References
MS Article about this feature in APIM :
Rest API Refernce for create Named Value referencing a Key Vault Secret :
Thanks, and have a nice day
Regards
Alexandre
The text was updated successfully, but these errors were encountered: