Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for managed virtual networking in azure data factory #10542

Closed
dgcaron opened this issue Feb 11, 2021 · 10 comments · Fixed by #12343
Closed

Support for managed virtual networking in azure data factory #10542

dgcaron opened this issue Feb 11, 2021 · 10 comments · Fixed by #12343

Comments

@dgcaron
Copy link

dgcaron commented Feb 11, 2021

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

When you create an Azure data factory you can specify that the Integration Runtime needs to be placed on a dedicated VNET (managed virtual network)

image

it would be helpfull if we can express this setting while creating the data factory. As of right now, we need to create a second IR that has this setting.

New or Affected Resource(s)

azurerm_data_factory

Potential Terraform Configuration

The property would be named similarly to Azure Synapse Workspace (azurerm_synapse_workspace)

resource "azurerm_data_factory" "example" {
  name                = "example"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  managed_virtual_network_enabled  = true
}

References

@ghost
Copy link

ghost commented Feb 15, 2021

This also needs to be supported in the resource "azurerm_data_factory_integration_runtime_azure". If you do not specify this when creating the data factory, you can create an Azure Managed Virtual Network Integration runtime.

image

@drjwelch
Copy link
Contributor

drjwelch commented Feb 15, 2021

I am facing this issue right now yet it appears to be the recommended architecture for almost 1 year (https://medium.com/microsoftazure/azure-sql-database-network-settings-private-link-vnet-service-endpoint-and-azure-data-factory-b0f72b5d2af2)

When you say "As of right now, we need to create a second IR that has this setting." - do you mean this must be done in the portal? I can see no way to enable this setting via terraform.

@ghost
Copy link

ghost commented Feb 15, 2021

I am also facing this issue now and yes, I create it in the portal and import it into Terraform. Terraform doesn't detect the Managed Virtual Network configuration so the plan is clean. The portal will not allow you to change from the default Public to Managed Virtual Network so you can not create the runtime with Terraform and edit it in the portal. It must be created in the portal.

I also see no way to create the necessary Managed Private Endpoints other than the portal.

image

@cbellee
Copy link
Contributor

cbellee commented Mar 29, 2021

Hi All, I’ll look into implementing the managed virtual network & managed private endpoint capabilities. On initial inspection the required resource types are available in Azure Go SDK.

@willfell
Copy link

willfell commented Apr 5, 2021

This would make life a lot easier at the moment.

@dkutetsky
Copy link

dkutetsky commented Apr 16, 2021

@mark-b-greene , @drjwelch for time being, you can use azurerm_resource_group_template_deployment resource and ARM templates (it could be exported from azure data factory UI).

Some sort of this:

ADF managed vnet:

resource "azurerm_resource_group_template_deployment" "azure_managed_virtual_network" {
  name = "adf-managed-vnet-runtime"
  resource_group_name = "resource-group-name"
  deployment_mode = "Incremental"

  template_content = file("${path.module}/templates/azure_vnet_managed_runtime.json")

  parameters_content = jsonencode({
    "factoryName" = {
      value = "factory-name"
    },
    "runtimeName" = {
      value = "adf-managed-vnet-runtime"
    }
    "runtimeLocation" = {
      value = "runtime location"
    }
  })
}

azure_vnet_managed_runtime.json:

azure_vnet_managed_runtime.json:
{
  "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "factoryName": {
      "type": "String",
      "metadata": "ADF name"
    },
    "runtimeName": {
      "type": "String",
      "metadata": "ADF runtime name"
    },
    "runtimeLocation": {
      "type": "String",
      "metadata": "ADF runtime location"
    }
  },
  "variables": {
    "factoryId": "[concat('Microsoft.DataFactory/factories/', parameters('factoryName'))]"
  },
  "resources": [
    {
      "name": "[concat(parameters('factoryName'), '/', parameters('runtimeName'))]",
      "type": "Microsoft.DataFactory/factories/integrationRuntimes",
      "apiVersion": "2018-06-01",
      "properties": {
        "type": "Managed",
        "typeProperties": {
          "computeProperties": {
            "location": "[parameters('runtimeLocation')]",
            "dataFlowProperties": {
              "computeType": "General",
              "coreCount": 8,
              "timeToLive": 10,
              "cleanup": true
            }
          }
        },
        "managedVirtualNetwork": {
          "type": "ManagedVirtualNetworkReference",
          "referenceName": "default"
        }
      },
      "dependsOn": [
        "[concat(variables('factoryId'), '/managedVirtualNetworks/default')]"
      ]
    },
    {
      "name": "[concat(parameters('factoryName'), '/default')]",
      "type": "Microsoft.DataFactory/factories/managedVirtualNetworks",
      "apiVersion": "2018-06-01",
      "properties": {
        "preventDataExfiltration": false
      },
      "dependsOn": []
    }
  ]
}

Managed endpoint:

resource "azurerm_resource_group_template_deployment" "private_endpoint" {
  name = "private-endpoint"
  resource_group_name = "resource_group_name"
  deployment_mode = "Incremental"

  template_content = file("${path.module}/templates/adf_managed_endpoint.json")

  parameters_content = jsonencode({
    "name" = {
      value = "<private-endpoint>"
    },
    "factoryName" = {
      value = "<factory-name>"
    }
    "linkedResourceId" = {
      value = "<linked-resource-id>"
    }
    "linkedResourceGroupId" = {
      value = "blob"
    }
    "linkedResourceFqdn" = {
      value = ["<linked-resource-fqdn>"]
    }
  })

  depends_on = [azurerm_resource_group_template_deployment.azure_managed_virtual_network]
}

adf_managed_endpoint.json:

{
  "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "factoryName": {
      "type": "String",
      "metadata": "ADF name"
    },
    "name": {
      "type": "String",
      "metadata": "Managed private endpoint name"
    },
    "linkedResourceId": {
      "type": "String",
      "metadata": "The linked resource id"
    },
    "linkedResourceGroupId": {
      "type": "String",
      "metadata": "The GroupId of the linked resource"
    },
    "linkedFqdn": {
      "type": "Array",
      "metadata": "The linked resource FQDN"
    }
  },
  "resources": [
    {
      "name": "[concat(parameters('factoryName'), '/default/', parameters('name'))]",
      "type": "Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints",
      "apiVersion": "2018-06-01",
      "properties": {
        "privateLinkResourceId": "[parameters('linkedResourceId')]",
        "groupId": "[parameters('linkedResourceGroupId')]",
        "fqdns": "[parameters('linkedFqdn')]"
      }
    }
  ]
}

@github-actions
Copy link

This functionality has been released in v2.68.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@dkutetsky
Copy link

This actually, doesn't work - created Integrated Runtime has Virtual network configuration=Disable.

resource "azurerm_data_factory" "adf" {
  name                   = "some-adf"
  location               = "westeurope"
  resource_group_name    = azurerm_resource_group.rg.name
  public_network_enabled = false
  managed_virtual_network_enabled  = true

  identity {
    type = "SystemAssigned"
  }
}

resource "azurerm_resource_group" "rg" {
  name     = "adf-rg"
  location = "westeurope"
}

image

yupwei68 pushed a commit to yupwei68/terraform-provider-azurerm that referenced this issue Jul 26, 2021
sdkv2 shim - storage (#11952)

Fix app service ase name check (#11891)

Add note to avoid conflicts when enabling AGIC (#11954)

update

dependencies: vendoring the generated AppConfig SDK

appconfiguration: refactoring to use the generated sdk

sdk/appconfig: making the methods private

golangci-lint: upping the max chars for a naked func to 40

The SDK should always be 38 chars, but this gives a little wiggle room
upping from the existing value of 30

linting: fixing the whitespace

updating to include #11959

`azurerm_kubernetes_cluster`: fix spelling

sdkv2 shim - cosmos

Oranize and dedupe imports

refactor: updating the remaining importers to use Plugin SDKv2 wrappers (#11963)

* refactor: updating the remaining importers to use Plugin SDKv2 wrappers

* linting: removing an overridden context

update `make goimports` step and tidy all go imports (#11953)

`azurerm_storage_account_network_rules` and `azurerm_storage_account` - `private_link_access` supports more values (#11957)

Update changelog for #11957

`storage`: Fix ID for `storage_share_resource_manager` (#11828)

Update changelog for #11828

`azurerm_synapse_spark_pool` - `spark_version` now supports 3.0 #11972

Update changelog for #11972

r/(linux|windows)_virtual_machine(_scale_set): support for Force Delete (#11216)

Co-authored-by: kt <[email protected]>
Fixes #11089

CHANGELOG.md for #11216

Fix acctest `TestAccMsSqlVirtualMachine_storageConfiguration` (#11956)

`azurerm_key_vault_certificate_data`: Support certificate bundles and add support for ECDSA keys (#11974)

Potentially fixes #10909

CHANGELOG.md for #11974

fix(devspaces): remove devspaces provider auto-registration (#11822)

Remove DevSpaces provider auto-registration.
Closes #11821

changelog md for #11822

Update CHANGELOG.md

sdk: vendoring the generated eventhub sdk

eventhub: refactoring atop the generated sdk

sdk: downgrading to the `2017-04-01` API for some sdks

r/eventhub_authorization_rule: fixing a logic error

sdk/eventhub: switching consumergroups to using API Version 2017-04-01

sdk/eventhubs: downgrading checknameavailabilitydisasterrecoveryconfigs to API version 2017-04-01

refactor: DisasterRecoveryNameAvailableClient  -> DisasterRecoveryNameAvailabilityClient

r/eventhub_cluster: nil-checking capacity

linting fixes

r/eventhub_cluster: using the poller's http response

vendoring v0.16.3 of github.com/hashicorp/go-azure-helpers

go mod tidy

updating to include #11973

v2.61.0

sdkv2 shim - compute (#11969)

adding a placeholder for 2.62.0

`azurerm_container_registry`: support for  versionless encryption keys for ACR (#11856)

Update changelog for #11856

sdkv2 shim - containers (#11990)

sdkv2 shim - eventhub (#11993)

sdkv2 - One more wrap (#11995)

Fix markdown bullet rendered as header (#12010)

Add sensitive to instrumentation_key docs (#12015)

revert

Migrate most GitHub HashiBot behaviors to GitHub Actions (#12030)

Reference: https://github.com/terraform-providers/.hashibot/blob/master/.hashibot.hcl

The `terraform-providers` organization-level configuration for these behaviors will be removed after this repository change. The `pull_request_size_labeler` and `release_commenter` behaviors will be handled in later changes.

`kubernetes_cluster`: Support for `gateway_name` for Application Gateway add-on (#11984)

Update changelog for #11984

New resource `azurerm_postgresql_flexible_server_firewall_rule` (#11834)

New resource azurerm_postgresql_flexible_server_firewall_rule #11834

CHANGELOG.md for #11834

New resource `azurerm_vmware_express_route_authorization` (#11812)

Fix:#9283

--- PASS: TestAccVmwareAuthorization_basic (15817.58s)
--- PASS: TestAccVmwareAuthorization_requiresImport (15908.18s)

CHANGELOG.md for #11812

r/azurerm_api_management_api_subscription: support for `api_id` (#12025)

Fixes #12016 .

Enables the configuration of subscriptions per API.

The test passed:

CHANGELOG.md for #12025

Set `active_directory` in `azurerm_storage_account` Computed (#12022)

Fix #11997

Local test has passed.

refactor "azurerm_data_factory" to use generated resource id (#12014)

`azurerm_machine_learning_inference_cluster` - update to allow use of Microsoft ssl certificates (add `leaf_domain_label`) (#11830)

Co-authored-by: Michael Gross <[email protected]>

CHANGELOG.md for #11830

Add ID attribute to postgres server data source (#12005)

Fix `containerDeleteRetentionPolicy` and `lastAccessTimeTrackingPolicy` are not supported in AzureUSGovernment (#11960)

FIx #11772

--- PASS: TestAccStorageAccount_blobProperties_containerAndLastAccessTimeDisabled (252.05s)

CHANGELOG.md for #11960

"azurerm_role_assignment" supports property "delegated_managed_identity_resource_id" (#11848)

* "azurerm_role_assignment" supports property "delegated_managed_identity_resource_id"

* update

* update

Co-authored-by: kt <[email protected]>

CHANGELOG.md for #11848

`azurerm_kubernetes_cluster`: Support update of `azure_rbac_enabled` (#12029)

Update changelog for #12029

`azurem_kubernetes_cluster`/`azurerm_kubernetes_cluster_node_pool`: support for `node_public_ip_prefix_id` (#11635)

Update changelog for #11635

`azurerm_kubernetes_cluster`: docs regarding Public Preview `azure_rbac_enabled` removed #12040

CHANGELOG.md for #11670

Update app_service_certificate_binding.html.markdown (#12051)

New resource `azurerm_storage_object_replication_policy` (#11744)

Fix: #8647

--- PASS: TestAccStorageObjectReplicationPolicy_basic (205.37s)
--- PASS: TestAccStorageObjectReplicationPolicy_requiresImport (222.11s)
--- PASS: TestAccStorageObjectReplicationPolicy_complete (200.17s)
-- PASS: TestAccStorageObjectReplicationPolicy_update (562.02s)

CHANGELOG.md for #11744

add resource azurerm_data_protection_backup_vault (#11955)

CHANGELOG.md for #11955

`postgres_server`: Update Postgres server admin password only on change (#12008)

Fixes #12007

@reviewer:

Do we consider this as a breaking change or not?
Should we introduce a test to check this behaviour?

CHANGELOG.md for #12008

azurerm_app_service_environment - support for `internal_ip_address`, `service_ip_address`, `outbound_ip_addresses` (#12026)

Return the VipInfo for the ASE on create. This is required for configuration of external Azure resources (e.g. App Gateway WAF). Using the data provider will cause failures if the resource doesn't exist. This is the preferred solution.

CHANGELOG.md for #12026

v2.62.0

Fix acctests for `azurerm_api_management` (#12056)

update network sdk to 2020-11-01 (#11627)

Co-authored-by: jackofallops <[email protected]>

CHANGELOG.md for #11627

Support for `UserAssignedIdentity` in `azurerm_storage_account` (#11752)

Fix #11751

--- PASS: TestAccStorageAccount_systemAssignedIdentity (160.00s)
--- PASS: TestAccStorageAccount_userAssignedIdentity (171.82s)
--- PASS: TestAccStorageAccount_systemAssignedUserAssignedIdentity (171.53s)
--- PASS: TestAccStorageAccount_updateResourceByEnablingIdentity (421.15s)

CHANGELOG.md for #11752

fix a crash when body format changed (#11847)

To address this issue #5163

After deploying tf configs, user can edit it on azure portal, although user may not change any codes in code view, but if user click save button, then the attribute body's format will be changed to json object, then it caused crash.

Refactor `azurerm_network_watcher_flow_log` and add supports for `location` and `tags` (#11670)

This refactors the azurerm_network_watcher_flow_log to using its own separate endpoint - rather than using the configureFlowLog endpoint of the Network Watcher (more details here)

This PR is implemented in a way to avoid breaking changes on the existing instances and ensure backward compatiblility (locally tested).

Besides, I've modified the test cases to make them sequential - the prior implementation actually are still running in parallel at the end.

Fixes: #11587

CHANGELOG.md fix for #11670

BUG: Read on tags incorrectly sets all tag values to last value in EventHub and AppConfiguration (#12062)

Update CHANGELOG.md for #12062

`azurerm_kubernetes_cluster`: Support migration of `service_principal` to `identity` (#12049)

Update changelog for #12049

`monitor_autoscale_setting.html.markdown` - mark `rule` block as optional (#12067)

fix spelling of compatibility in GitHub workflows (#12075)

`azurerm_subscription` - fix ability to specify `DevTest` as `workload` (#12066)

Co-authored-by: Tom Bamford <[email protected]>

Update CHANGELOG.md for #12066

`api_management_subscription.html.markdown` - added `primary_key` and `secondary_key` to docs (#12092)

`azurerm_kubernetes_cluster`: Support for BYO `kubelet_identity` (#12037)

Update changelog for #12037

Support for Debuggable Provider Binaries (#11855)

fix error creating zone-redundant ip in central us euap (#12080)

The constant [1,2,3] is used to create zone-redundant resource, however, in location Central US EUAP, the available zones are [1,2], then it will throw an exception like the following

error: Code="InvalidAvailabilityZone" Message="The zone(s) '3' for
resource 'Microsoft.Network/publicIPAddresses/acctestpublicip-henglu-02' is not supported. The supported zones for location 'centraluseuap' are '1,2'
It can be easily fixed by using [1,2], it can create zone-redundant resources in Central US EUAP and other locations.

`data.azurerm_synapse_workspace`: Add `identity` attribute #12098

Update changelog for #12098

`azurerm_role_assignment`: Fix assignments to resources (#12076)

Fixes  #12074
Fixes  #12060
Fixes  #12057
Fixes #12079
Fixes #12078
Fixes #12087

Related to/similar for [go-azure-helpers](https://github.com/hashicorp/go-azure-helpers): [this PR](https://github.com/hashicorp/go-azure-helpers/pull/79)

dependencies: vendoring v0.16.5 of github.com/hashicorp/go-azure-helpers (#12116)

* dependencies: vendoring v0.16.4 of github.com/hashicorp/go-azure-helpers

* update to v0.16.5

* go mod tidy

Co-authored-by: kt <[email protected]>

testing: running tests using Terraform 1.0 (#12118)

docs: update start_date to make example valid (#12121)

if time_grain is "Monthly", then there are 2 conditions
start_date for monthly time grain should not be prior to current month
start_date of the budget cannot be more than 1 year into the future
this fix makes the example valid for a year

`azurerm_data_factory_linked_service_sql_server`: add `key_vault_connection_string` argument (#12117)

* `azurerm_data_factory_linked_service_sql_server`: add `key_vault_connection_string` argument

* Redo the logic a bit

* Add block docs to docs

* And sort those alphabetically

* Address feedback

Update to include #12117

Update CHANGELOG.md for Hotfix release 2.62.1

Guest config docs (#12120)

Co-authored-by: Mark Gray <mark,[email protected]>

`role_definition.html.markdown` - Swap description for `id` and `role_definition_id` (#12144)

`azurerm_data_factory_linked_service_azure_sql_database`: add `key_vault_connection_string_property` (#12139)

Update changelog for #12139

Support for `composite_index` and `partition_key_version` in `azurerm_cosmosdb_gremlin_graph` (#11693)

CHANGELOG.md for #11693

azurerm_virtual_network_gateway - mark `peering_addresses` as O+C (#11789)

Fixes #11758

remove duplicate property (#12165)

docs: fix allowed values by moving them to name (#12123)

azurerm_data_factory_dataset_azure_blob - support dynamic_filename_enabled & dynamic_path_enabled (#12034)

part of issue #10081 both fold and filename could be dynamic content

CHANGELOG.md for #12034

"azurerm_sentinel_alert_rule_scheduled" - Fix query frequency validation (#12164)

Azure Sentinel have recently expand the query_frequency parameter to support up to fourteen days rather than a 24 hours. Quick bugfix reflects this.

Resolves #12031

Self tested and validated. Can add a test specifically for this if required.

CHANGELOG.md for #12164

"azurerm_virtual_desktop_* version upgrade: 2019-12-10-preview -> 2020-11-02-preview & azurerm_virtual_desktop_host_pool - suppot start_vm_on_connect (#12160)

Upgrade of sdk for "azurerm_virtual_desktop_* + added support for field start_vm_on_connect in "azurerm_virtual_desktop_host_pool"

CHANGELOG.md for #12160

azurerm_data_factory_dataset_delimited_text - supports the `azure_blob_fs_location` property (#12041)

CHANGELOG.md for #12041

Add support for status property of azurerm_eventhub (#12043)

CHANGELOG.md for #12043

streamanalytics version upgrade: 2016-03-01 -> 2020-03-01-preview (#12133)

CHANGELOG.md for #12133

`azurerm_storage_account_customer_managed_key` - allow use of keys from key vaults in remote subscription (#12142)

fixes #6298

CHANGELOG.md for #12142

new resource "azurerm_data_factory_linked_service_kusto" (#12152)

CHANGELOG.md for #12152

new resource "azurerm_data_factory_linked_service_azure_search" (#12122)

CHANGELOG.md for #12122

"azurerm_data_factory_linked_service_data_lake_storage_gen2" - supports property "storage_account_key" (#12136)

this linked service supports three authentication: storage_account_key, service principal, managed identity

this PR add supports for storage_account_key authentication.

Besides, according to docs.microsoft.com/en-us/azure/data-factory/connector-azure-data-lake-storage#linked-service-properties.

url, accountKey is required when using Account key authentication. accountKey not returned in response.
url, servicePrincipalId, servicePrincipalCredential, tenant is required when using service principal authentication
url is needed when using msi authentication.

So I added some limitation for tenant schema.
because accountKey is not returned in response, in the read function, it's hard to know whether users are using Account key authentication or msi authentication. So I removed the d.set("use_use_managed_identity", xxx).

CHANGELOG.md for #12136

Add support for multiple auth types for azurerm_vpn_server_configuration (#12085)

CHANGELOG.md for #12085

AKS azure_policy, StorageAccount min_tls_version, and StorageAccount allow_blob_public_access now supported in Azure China (#12097)

"azurerm_kusto_cluster_customer_managed_key" - supports property "user_identity" (#12135)

CHANGELOG.md for #12135

v2.63.0

Update CHANGELOG.md

Support for `spatial_index` in `azurerm_cosmosdb_sql_container` (#11625)

Fix #8817

--- PASS: TestAccCosmosDbSqlContainer_indexing_policy (1559.79s)

CHANGELOG.md for #11625

Fix acctests in api management (#12173)

.github/workflows: Fix waiting-response label removal (#12188)

`azurerm_monitor_metric_alert`: Support `StartsWith` dimension operator (#12181)

Update changelog for #12181

Migrate GitHub HashiBot release_commenter behavior to GitHub Actions (#12094)

GitHub HashiBot is in the process of being decommissioned in preference of GitHub Actions.

Migrate from GitHub HashiBot pull_request_size_labeler behavior to GitHub Actions (#12189)

new resource - `azurerm_machine_learning_compute_cluster` (#11675)

Fixes #11254

CHANGELOG.md for #11675

`synapse`: Upgrade API to `2021-03-01` and add `data_exfiltration_protection_enabled` argument (#12183)

Fixes #12182

CHANGELOG.md for #12183

Upgrade Go-SDK version to v55.2 (#12153)

CHANGELOG.md for #12153

refactor: moving new components over to the shim

refactor: removing an unused migration

scripts: adding an alias for structure

refactor: migrating `structure` usages over to `pluginsdk`

updating the todo

reverting: LB uses the unaliased importer

I could have sworn I'd done this..

refactor: updating the mssql state upgrader to use the alias

removing a duplicate import

add resource "azurerm_data_protection_backup_policy_postgresql" (#12072)

CHANGELOG.md for #12072

migrate `azurerm_synapse_role_assignment` to support new roles and scopes (#11690)

Co-authored-by: kt <[email protected]>
fix #10141

in old api version, the only supported role is Workspace Admin, Sql Admin and Apache Spark Admin. The scope is workspace.

in new api version, exsiting roles are renamed and new roles are added, Users could also specify different scope: workspace, spark pool or others (not suported in terraform, so not added in this PR) .

CHANGELOG.md for #11690

New resource: azurerm_eventhub_namespace_customer_managed_key (#12159)

Currently, The EventHub Namespace resource doesn't support to enable customer-managed key encryption. So I submitted this PR to implement it.

The encryption property only can be set on an existing resource.

--- PASS: TestAccEventHubNamespaceCustomerManagedKey_basic (15164.75s)
--- PASS: TestAccEventHubNamespaceCustomerManagedKey_complete (15168.92s)
--- PASS: TestAccEventHubNamespaceCustomerManagedKey_update (15377.69s)
--- PASS: TestAccEventHubNamespaceCustomerManagedKey_requiresImport (15387.40s)

API Reference:
Azure/azure-rest-api-specs@d3a5ab5/specification/eventhub/resource-manager/Microsoft.EventHub/preview/2021-01-01-preview/namespaces-preview.json#L662

CHANGELOG.md for #12159

Support for `client_certificate_enabled`, `gateway_disabled`, `min_api_version` and `zones` in `azurerm_api_management` (#12125)

Fix #8529

CHANGELOG.md for #12125

`azurerm_data_factory` - support for `global_parameter` (#12178)

Update changelog for #12178

azurerm_postgresql_flexible_server - Remove invalid possible value for the `zone` argument (#12218)

"azurerm_kubernetes_cluster" and "azurerm_kubernetes_cluster_node_pool" supports "kubelet_config", "linux_os_config" (#11119)

Co-authored-by: Matthew Frahry <[email protected]>
two new blocks in node pool: kubelet_config and linux_os_config

linux_os_config contains a sub block "sysctl_config", which could set the the kernel parameters, could refer to kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster

this two blocks are forcenew fields, if we try to update it, the rest api will report error code: CustomKubeletConfigOrCustomLinuxOSConfigCanNotBeChanged.

CHANGELOG.md for #11119

New Resource - `azurerm_kubernetes_cluster_pod_identity` (#11492)

* new resource "azurerm_kubernetes_cluster_pod_identity"

* update

* rebase and refactor the codes

* update

* add link to terraform plugin sdk issue

* rebase

Update CHANGELOG.md for #11429

`azurerm_stream_analytics_job` - add supports for `identity` (#12171)

Fixes #12096

CHANGELOG.md for #12171

Support for `spatial_index` in `azurerm_cosmos_gremlin_graph` (#12176)

CHANGELOG.md for #12176]

Revert "New Resource - `azurerm_kubernetes_cluster_pod_identity` (#11492)"

This reverts commit db2d2a109f0d18f5fe325d1db6777a271226d1e1.

reverting #11429

New Resource: `azurerm_data_factory_linked_service_odata` (#11556)

Update changelog for #11556

`azurerm_lb` - fix zone behaviour bug introduced in recent API upgrade (#12208)

* fix zone behavior change for loadbalancer

* add test for availability_zone

* add test for single zone

* Apply document suggestions from code review

Co-authored-by: WS <[email protected]>

* fix acctest test

* add todo for replacing hardcode with getting zone list by resource api

* remove comments

Co-authored-by: WS <[email protected]>

Update CHANGELOG.md for #12208

azurerm_container_registry - Support for zone_redundancy_enabled for both the ACR and each georeplications block

Co-Authored-By: Tom Bamford <[email protected]>

container_registry_resource: add nil checks and minor doc wording

Changelog for #11706

Updated link to ignore_changes documentation (#12239)

New datasource: `azurerm_key_vault_secrets` (#12147)

Co-authored-by: kt <[email protected]
Fixes #12146

CHANGELOG.md for #12147

Fix reference to data source in outputs block (#12248)

Issue is described in #12249

Azure does not support changing a load balancer ID on an existing resource.
Resource needs to be recreated to update this value.

I have tested this locally and confirmed the desired result:

CHANGELOG.md for #12250

Support for `share_properties` in `azurerm_storage_account` (#12103)

Fix #7115

All tests have passed.

CHANGELOG.md for #12103

New resource `azurerm_api_management_redis_cache` (#12174)

Fix #4765

--- PASS: TestAccApiManagementCache_basic (1980.64s)
--- PASS: TestAccApiManagementCache_requiresImport (2013.39s)
--- PASS: TestAccApiManagementCache_complete (1991.81s)
--- PASS: TestAccApiManagementCache_update (2277.54s)

CHANGELOG.md for #12174

New Resource `azurerm_virtual_desktop_application` (#12077)

Co-authored-by: Alex Wilcox <[email protected]>
Co-authored-by: Alex W <[email protected]>

Resolves #11722

I'll mark this no longer a draft when I have tests and documentation in place.
Also do I need the schema migration functions? I added them as all the other desktop virtualization resources have one but I wasn't sure if this is needed for a brand new resource?

Thanks

CHANGELOG.md for #12077

azurerm_application_gateway  - correctly poopulat the `identity` block (#12226)

This PR fixes the helper flatten/expand functionality of the userAssigned identity in the identity package. Meanwhile, also fixes the only place that the prior errorneous user assigned identity is used, namely the azurerm_application_gateway data source.

CHANGELOG.md for #12226

Update to azurerm virtual machine boot diagnostic block (#12206)

Fix missing schema definition in terraform state (#12039)

Add support for Swagger based schema definitions.

Additional changes:

add checks in test that verify, that state includes requested schema
wait in resourceApiManagementApiSchemaCreateUpdate until resource is created to avoid race with following GET, which results in inconsistent state (resource created but not present in state)
add suppress.JsonDiff for suppression of non-essential changes in JSON's
Fixes #12002.

CHANGELOG.md for #12039

Update CHANGELOG.md

CHANGELOG.md for #11690

improve docs for virtual WAN resources (#12259)

Co-authored-by: kt <[email protected]>

v2.64.0

update Go SDK to v55.3.0

extend the `azurerm_security_center_server_vulnerability_assessment` delete timeout

updating to include #12263

"azurerm_data_factory" - migrate to the correct ID format when resource name is in upper case

data_factory: use uppercase in test resource names

Changelog for #12128

refactor: updating the imports for Plugin SDK2

dependencies: vendoring v2.6.1 of github.com/hashicorp/terraform-plugin-sdk

refactor: minimum viable changes necessary for PluginSDK2 to work

updating the task list

removing the azuread provider

go mod vendor

refactor: removing the dependency on github.com/hashicorp/terraform-plugin-sdk/acctest

removing github.com/hashicorp/terraform-plugin-sdk/helper/acctest

updating the todo's

typed resources: support for diagnostics

updating github.com/Azure/go-autorest to latest

reverting a couple of replacement issues

sdk: fixing the unit tests

Plugin SDKv2 now correctly outputs the `%` value which was omitted from Plugin SDK v1
so patching the tests to account for it

refactor: updating WaitForState to use WaitForStateContext

linting fixes

linting

provider: usign the passed-in context

r/data_factory_linked_service_odata: refactoring to use Plugin SDKv2

dataprotection: upgrading to Plugin SDKv2

synapse: upgrading to Plugin SDKv2

r/api_management_redis_cache: updating to use the pluginsdk alias

provider: matching the behaviour of AAD

removing the plugin sdk2 todo

Update azurerm/internal/acceptance/testcase.go

Co-authored-by: Tom Bamford <[email protected]>

Update azurerm/internal/provider/provider.go

Co-authored-by: Tom Bamford <[email protected]>

Update azurerm/internal/provider/provider.go

Co-authored-by: Tom Bamford <[email protected]>

Update azurerm/internal/sdk/wrapper_resource.go

Co-authored-by: Tom Bamford <[email protected]>

fixing the linting

updating to include #12209

Fix backup_policy_vm documentation (#12270)

sdk: upgrading the Eventhub SDK to 2021-01-01-preview

eventhub: updating to the latest sdk changes

updating to include #12290

linting: ignoring the RetryError funcs for the moment (#12275)

Fix `long_term_retention_policy` validation and expansion (#12198)

Policy Definition Groups Update on when changed (#12279)

testing: registering the AzureAD Provider

Turns out in Plugin SDK2 that providers which aren't imported need to be registered,
as such this commit does that - so that those tests pass again.

Add support for the categories property of azurerm_security_center_assessment_metadata (#12278)

Currently, azurerm_security_center_assessment_metadata cannot set the categories of resource that is at risk when the Security Center Assessment is unhealthy. So submitted this PR to support it.

--- PASS: TestAccSecurityCenterAssessmentMetadata_complete (164.20s)
--- PASS: TestAccSecurityCenterAssessmentMetadata_basic (165.24s)
--- PASS: TestAccSecurityCenterAssessmentMetadata_categories (166.01s)
--- PASS: TestAccSecurityCenterAssessmentMetadata_update (270.68s)

CHANGELOG.md for #12278

azurerm_express_route_circuit_peering -  support for bandwidth_in_gbps, express_route_port_id (#12289)

Co-authored-by: neil-yechenwei <[email protected]>
Co-authored-by: xuzhang3 <Zhangxu894765>

CHANGELOG.md for #12289

Support for azurerm_kusto_iothub_data_connection missing table_name, mapping_rule_name, data_format (#12293)

Changelog for #12293

New Resource - `azurerm_hpc_cache_blob_nfs_target` (#11671)

CHANGLOG.md for #11671

New resource: `azurerm_nat_gateway_public_ip_prefix_association` (#12353)

In order to align behavior between Public IP association and Public IP
Prefix association to NAT Gateway I'd like to introduce a new virtual
resource (similar to the one added in #6450 and #7106).

At the same time adding deprecation warning to public_ip_prefix_ids in
NAT Gateway.

CHANGELOG.md for #12353

Update `azurerm_linux|windows_virtual_machine` - enable update for `proximity_placement_group_id` (#11790)

Fixes #11515

CHANGELOG.md for #11790

identity - support `SystemAssignedUserAssigned` (#12230)

fix: wrong order of arguments and attributes (#12350)

CHANGELOG.md for #12220

add resource "azurerm_data_protection_backup_instance_postgresql"

rename policy_id to backup_policy_id

fix acc test

Add StateChangeConf

support plugin sdk v2

replace deprecated func

fix bug

remove response.WasNotFound check

remove vault_name, use valut_id

Update website/docs/r/data_protection_backup_instance_postgresql.html.markdown

v2.65.0

empty changelog for 2.66.0

Fix migrating-to-azuread guide documentation (#12365)

Markdown issue for `Updating the Provider block` subheading.

azurerm_hdinsight_kafka_cluster no longer panics from an empty component_version (#12261)

Co-authored-by: Xiaochuan Gong <[email protected]>

CHNAGELOG>md for #12261

"azurerm_lighthouse_definition" - supports block "plan" (#12360)

this "plan" property is used to bind a marketplace plan. It needs the permission of partner center. Users could refer to docs.microsoft.com/en-us/azure/lighthouse/concepts/managed-services-offers.

to run the acctest, we need to pass the variables about marketplace offer through env

CHNAGELOG.md for #12360

`azurerm_app_service` - fix app_setting and SCM setting ordering (#12280)

Update CHANGELOG.md for #12280

Updated Azure Hybrid Benefit Link (#12397)

Fix acctest "TestAccAzureRMApiManagementGroupUser" (#12382)

fixed azurerm_spatial_anchors_account tags argument always forces replacement of spatial_anchors_account resource #11037 (#11985)

CHANGELOG.md for #11985

Fix issue labelling (#12393)

new resource "azurerm_data_factory_linked_custom_service" (#12224)

fix #9860
fix #9431

a generic resource for data factory linked service. Users could use a json string and construct a specific type linked service.
the same with azure cli implementation docs.microsoft.com/en-us/cli/azure/datafactory/linked-service?view=azure-cli-latest#az_datafactory_linked_service_create

there are some sensitive properties in property_json not returned in the response, so not set it in read function and no supressDiff func.

CHANGELOG.md for #12224

New resource `azurerm_api_management_api_operation_tag` (#12384)

CHANGELOG.md for #12384

Support for `client_certificate_id` in `azurerm_api_management_backend` (#12402)

CHANGELOG.md for #12402

`azurerm_site_recovery_replicated_vm` - Add support for `target_disk_encryption_set_id` in `managed_disk` (#12374)

Update changelog for #12374

azurerm_batch_account - support for public_network_access_enabled (#12401)

CHANGELOG.md for #12401

r/cognitive_services: updating to API Version `2021-04-30` & conditionally purging soft deleted accounts during deletion (#12281)

Fixes #12258

CHANGELOG.md for #12281

New resource: azurerm_express_route_connection (#11320)

CHANGELOG.md for #11320

Support for `revision_description`, `version_description` and `source_api_id` in `azurerm_api_management_api` (#12266)

Fix #12265

CHANGELOG.md for #12266

new resource "azurerm_data_factory_trigger_blob_event" (#12330)

fix #7574

CHANGELOG.md for #12330

Fix `Default value must be present in the list of values` when defaultValue is not set in `azurerm_api_management_api_operation` (#12306)

Fix #12295

New resource azurerm_express_route_circuit_connection (#11303)

Co-authored-by: xuzhang3 <Zhangxu894765>
Co-authored-by: neil-yechenwei <[email protected]>

CHANGELOG.xmd for #11303

Add None to compression types (#12409)

In the Azure UI Compression type includes the option None from the dropdown. Not sure why it's not an available option.

Fix typo in docs (#12404)

dependencies: upgrading github.com/hashicorp/terraform-plugin-sdk to 2.7.0 (#12427)

Required to test with Terraform 1.0.1 (which is now installed in Github Actions by default)

policy: fixing and superseding `azurerm_policy_assignment` (#12349)

Update changelog for #12349

"azurerm_kubernetes_cluster" supports "fips_enabled", "kubelet_disk_type", "license" and "azurerm_kubernetes_cluster_node_pool" supports "fips_enabled", "kubelet_disk_type" (#11835)

CHANGELOG.md for #11835

New resource: azurerm_tenant_configuration (#11697)

Update CHANGELOG.md for #11697

Data Source: `azurerm_app_service_environment_v3` - fix id processing for Read (#12436)

Update CHANGELOG.md for #12436

Add missing advanced filter operators

* add string_not_ends_with, string_not_begins_with, string_not_contains

Add missing advanced filter operators

* add is_not_null, is_null_or_undefined, number_in_range, number_not_in_range

fix lint findings

Fix whitespace

Test and documentation for azurerm_eventgrid_system_topic_event_subscription

Fix panic due to invalid conversion

* Fix interface conversion
* Fix invalid address error on number_not_in_range

Split test resources for eventgrid subscription filters to avoid maximum value count imposed by API. Add customizediff function to catch at plan time.

Changelog for #12167

tests/provider: Fix tfproviderlint R006 ignore comments (#12446)

The heuristics within `tfproviderlint` cannot determine that `github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/pluginsdk.RetryableError` is equivalent to `github.com/hashicorp/terraform-plugin-sdk/helper/resource.RetryableError` for the `R006` pass. Until an enhancement can potentially be made to allow passing an alias package path, this fixes the ignore comment to be at the end of the anonymous function definition since it is within a wrapping function call and allows the report to be properly skipped.

`azurerm_traffic_manager_endpoint` - supports for `min_child_endpoints_ipv4` and `min_child_endpoints_ipv6` (#12400)

CHANGELOG.md for #12400

v2.66.0

docs: rename monitor_action_group to fix refs (#12457)

Updated storage share directory name regex to allow underscore (#12454)

* updated storage share directory name regex to allow underscore

* updated storage share directory name regex to allow underscore

update changelog.md for #12454

Update security_center_subscription_pricing docs (#12481)

Updated changelog for #12481

`azurerm_storage_management_policy` - fix panic in slice/array return (#12487)

update CHANGELOG.md for #12487

docs: constraint on contacts in notification block (#12471)

azurerm_storage_account - add ForceNew to account_replication_type (#12479)

* update account_replication_type property in storage_account_resource with ForceNew true

* Updated azurerm_storage_account doc

Updated changelog for #12479

service/kusto: fix APRACHEAVRO data_format validation (#12480)

Updated changelog for 12480

make additional locations not ForceNew

add additional locations update test

goimports sorting

Changelog for #12468

azurerm_network_watcher_flow_log - document update import directives (#12498)

adding #12497

* Rename resource and deprecate the old one

* Raise the undead code...

Updating to include #12497

Use Consumption_0 to speed up tests

`azurerm_api_management_gateway`: new resource/data source (#12297)

* `azurerm_api_management_gateway`: resource and data source

* fix test double quote

* Update azurerm/internal/services/apimanagement/api_management_gateway_resource.go

* Update azurerm/internal/services/apimanagement/api_management_gateway_resource.go

* Update azurerm/internal/services/apimanagement/api_management_gateway_resource.go

* Update azurerm/internal/services/apimanagement/api_management_gateway_resource.go

* Update website/docs/d/api_management_gateway.html.markdown

* Update website/docs/d/api_management_gateway.html.markdown

* Update website/docs/d/api_management_gateway.html.markdown

Co-authored-by: Tom Bamford <[email protected]>

Changelog for #12297

`azurerm_site_recovery_replicated_vm ` - Fix potential crash in reading `managed_disk` properties (#12509)

Update CHANGELOG.md for #12509

`azurerm_automation_dsc_nodeconfiguration` - fix typo in config (#12517)

Fix azurerm_automation_variable type parsing logic (#12511)

Update CHANGELOG.md for #12511

Avoid panic if RG or ASE do not exist when creating an App Service (#12518)

Since the `Get` function of the `AppServices` client does not return an
error if the resource is not found, the code behaves as if everything is
fine and attempts to access fields of a struct that have not been
un-marshalled, since the API responded with 404.

Update CHANGELOG.md for #12518

azurerm_data_factory_dataset_parquet - azure_blob_storage_location.filename is now optional (#12414)

CHANGELOG.md for #12414

Add support for the categories property of azurerm_security_center_assessment_policy (#12383)

The PR 12278 has been merged for supporting "categories" in azurerm_security_center_assessment_metadata. Seems I also need to add support for the categories property in azurerm_security_center_assessment_policy. Could you help have an another review? Thanks in advance.

--- PASS: TestAccSecurityCenterAssessmentPolicy_categories (181.28s)
--- PASS: TestAccSecurityCenterAssessmentPolicy_complete (182.80s)
--- PASS: TestAccSecurityCenterAssessmentPolicy_basic (183.52s)
--- PASS: TestAccSecurityCenterAssessmentPolicy_update (285.11s)

CHANGELOG.md for #12383

`azurerm_postgresql_flexible_server` update postgres flexserver api version to 2021-06-01 (#12405)

Changes:

Update flexserver api version to 2021-06-01
Complete flexserver tests use postgres version 13 now
Noteworthy Changes:

cmk_enabled (byokEnforcement) is not exposed in 2021-06-01 anymore
Postgres version 13 also available now
effected resources

azurerm_postgresql_flexible_server
azurerm_postgresql_flexible_server_firewall_rule
Datasource: azurerm_postgresql_flexible_server
This PR address:

Support PostgreSQL Flexible Server Version 13 #12375
New Resource azurerm_postgresql_flexible_server_configuration #12294
Support for postgresql flexible server database, configuration and firewall_rule #11538

CHANGELOG.md for #12405

add deprecation meesage for "azurerm_data_factory_integration_runtime_managed" (#12499)

Use d.GetOk to set the parameters property of azurerm_bot_connection (#12500)

Currently, the TCs related with BotService Connection are failed. After investigated, seems currently the API behavior would fail to create bot connection when the parameters property is []. After checked, seems currently this property is optional and it would be set as [] in TF when it isn't specified in tfconfig. I assume we should use d.GetOk() for this optional property. So I submitted this PR to fix this issue.

backup_policy_vm_resource - Corrected error message (#12526)

azurerm_hdinsight_kafka_cluster - corrected property name to tls_min_version in docs (#12525)

fixes #10183

api_management - Removed policy block from api_management docs example (#12524)

fixes #9908

azurerm_kusto_eventhub_data_connection - Add $Default as a valid name for consumer_group (#12523)

fixes #11958

Remove validation for null_value (#12410)

Co-authored-by: kt <[email protected]>

Updated azurerm_machine_learning_compute_cluster documentation (#12508)

* Updated documentation

* Reverted documentation change for subnet resource id. Change will be done in separate PR.

include fix for #9785

* Current progress

* Enable CMK working

* Add validation for cmk

* Add nil check for amlWorkspaceID

* Attempt to fix complete test case

* remove maxitems from storage_account_identity

* Fix lint errors

* Modify test TestAccDatabricksWorkspace_update

* Remove the set for ui_definition_uri

* Update test cases

* Add test cases for new attributes

* Fixing test again

* Commenting out unused test code for now

* Update azurerm/internal/services/databricks/databricks_workspace_resource.go

Co-authored-by: kt <[email protected]>

* Update azurerm/internal/services/databricks/databricks_workspace_resource.go

Co-authored-by: kt <[email protected]>

* Update azurerm/internal/services/databricks/databricks_workspace_resource.go

Co-authored-by: kt <[email protected]>

* Address PR comments...

* Update validation checks

* Fix lint error

* Refactoring validation for readability

* Refactor the world

* Fixing my dyslexia in my uber comment...

* Update tests

* Bug fix

* Moved managed CMK code

* Remove computed from custom_parameters

* Revert update to custom_parameters

* Enable CMK tests

* Middle of massive refactor to new resource

* Moved to new resource

* terrafmt documentation

* Fix test case

* Add new step to test case

* Update import test

* Update import test

* Update importer setId

* Additional test updates

* Fix lint errors

* Import fix

* moved cmk out of custom params

* terrafmt

* Another terrafmt

* Update tests to validate parent resource

* Update CMK to always pass all custom params

* Fixing my dyslexia again

* Update delete to pass all params

* Add dependency on CMK for access policy

* Wait a minute... Strike that. Reverse it.

* no_public_ip cannot be changed once set

* Fix invalid update and infra tests

* Fix test cleanup configurations

* Fix update test as everything is force new

* Trying unhook the associations so destroy works

* Remove just the subnet delegation

* Delete the NSG first the the delegation

* Remove assoc order

* Modify step one of cleanup

* Disable no public ip in clean up

* remove deprecated attributes from tests

* Documentation update only...

* Remove the local specific URL from the docs...

* Address PR comments

* Force databricks deletion first

* Remove fix for broken tests

* add workspace dependency on nsg

* Strike that, reverse it...

* Not the NSG the NSGA

Co-authored-by: kt <[email protected]>

update to include #12331

adjust keyvault url validation (#12529)

fix typo and acctest for `azurerm_data_factory_integration_runtime_self_hosted` (#12532)

v2.67.0

empty changelog for 2.68.0

Update BotService SDK to 2021-03-01 (#12449)

Update BotService SDK to 2021-03-01. Mainly in order to support new introduced properties and resources.

I've rerun the TCs to avoid regression issue. Below is the test result and it's same with the test result which doesn't involve this PR. So although there is failed tc in test result, but I think it isn't related with this PR.

CHANGELOG.md for #12449

azurerm_cognitive_account supports identity storage disable_local_auth fqdns public_network_access_enabled and restrict_outbound_network_access (#12469)

azurerm_cognitive_account supports identity storage disable_local_auth fqdns public_network_access_enabled and restrict_outbound_network_access

The tests are listed as the followings.

CHANGELOG.md for #12469

Changelog for #12309

Support for `data_masking` in `azurerm_api_management_api_diagnostic` (#12419)

Fix #12418

CHANGELOG.md for #12419

Fix breaking change of  requiring `private_dns_zone_id` in `azurerm_postgresql_flexible_server` (#12288)

Fix #12053

CHANGELOG.md for #12288

Support for `value_from_key_vault` in `azurerm_api_management_named_value` (#12309)

Fix #10416

Fix windows function apps on premium plans (#12553)

The settings WEBSITE_CONTENTAZUREFILECONNECTIONSTRING and WEBSITE_CONTENTSHARE are required for windows function apps on Premium V1/V2/V3 plans. Currently Terraform removes these settings when functions are hosted on premium plans rendering the function useless as it can't find its code.

This PR checks for the prefix of premium to handle the case when further premium plans are released.

Ref: docs.microsoft.com/en-us/azure/azure-functions/functions-app-settings#website_contentazurefileconnectionstring
Ref: docs.microsoft.com/en-us/azure/azure-functions/functions-app-settings#website_contentshare

fix tflint errors (#12554)

network_watcher_flow_log - truncate name in case length larger than 80 (#12533)

This PR "silently" truncate the name of the network watcher flow log (which is now constructed by combining the resource group name and the NSG name) to be less than 80 in length, which is required by the flow log API. This might be needed since otherwise the users will have to tune the length of the resource group name or the NSG name, in order to make the flow log API happy, which is kind of weired.

However, there are some further concerns:

If the name pattern of the resource group name or the NSG name doesn't conform to the flow log pattern, there is nothing can be done in the provider code to work around that
Before the refactoring in Refactor azurerm_network_watcher_flow_log and add supports for location and tags #11670, the configureFlowLog endpoint is used to create the flow log. The created flow log CAN has name longer than 80 in length. This means if we merge this PR, it will break the users who created a long name flow log prior to Refactor azurerm_network_watcher_flow_log and add supports for location and tags #11670, and wants to use the latest provider to import that resource.
Once we are in v3, we can remove all these hairy code and expose the name property, adding any constraint (length, pattern) on the name.

Fix #12460 (blocking an enterprise customer).

Upgrade Go-SDK to v55.5.0 (#12435)

CHANGELOG.md for #12435

Tooling: TeamCity cron based scheduling (#12549)

azurerm_powerbi_embedded - add mode attribute to support Gen2 (#12394)

* Update PBI SDK to 2021-01-01

* mode for powrebi embedded

* Doc

* Linting

* Tidy up powerbi tests

* Fix tflint

Co-authored-by: Tom Bamford <[email protected]>

Changelog for #12394

New Resource `azurerm_postgresql_flexible_server_configuration` (#12294)

* Add New Resource azurerm_postgresql_flexible_server_configuration (#11538)

Signed-off-by: Nick Metz <[email protected]>

* PR: #12294
- use server_id instead of server_name in postgresql_flexible_server_configuration resource
- construct id for d.SetId(id.ID()) by FlexibleServerConfigurationId in
update func
- remove error prefix of error messages
- improve error messages while update, delete, wait
- use state.ID in tests and rename test func according to convention
- update documentation remove resource group and server_name, add server_id
- validate name and value is not empty
- remove checking resource not found at deletion

Signed-off-by: Nick Metz <[email protected]>

* Rename resource files, tidy up error messages

Co-authored-by: Tom Bamford <[email protected]>

Changelog for #12294

Don't allow license_type to be set for serverless SQL databases (#12555)

Serverless databases do not support a license type[0]. When we pull the
database information from the API, `licenseType` is set to `null`, which
causes plans to always have a pending change when users set
`license_type`.

This change causes the provider to throw an error before creating (or
updating) the resource.

[0]: https://docs.microsoft.com/en-us/azure/azure-sql/azure-hybrid-benefit

Changelog for #12555

azurerm_redis_cache: support the maintenance_window property (#12472)

Changelog for #12472

Add os_type validation string for Windows function app, where input is an empty string

azurerm_function_app: default value for `os_type`

Changelog for #12482

`azurerm_databricks_workspace` - Add test case for API regression (#12601)

AccTests: update cron days (#12602)

Fix un-necessary VMSS instance rolling request (#12590)

Rolling VMSS instances when upgrade mode is set to `Automatic` is only
allowed of the image version is set to `latest`, otherwise we get the
following error:

```
The OS Rolling Upgrade API cannot be used on a Virtual Machine Scale Set unless the Virtual Machine Scale Set has some unprotected instances which have imageReference.version set to latest.
```

This change makes sure we only roll instances if the image version is
`latest`. The VMSS will roll instances on its own for non-latest images
as long as upgrade_type is set to `Automatic`.

Changelog for #12590

New resource `azurerm_api_management_api_release` (#12562)

Changelog for #12562

new resource "azurerm_synapse_private_link_hub" (#12495)

* Add support for Synapse Private Link Hub resources

Signed-off-by: Owen Farrell <[email protected]>

* Apply suggestions from code review

Co-authored-by: Tom Bamford <[email protected]>

* Apply acceptance test suggestions from code review

Co-authored-by: Tom Bamford <[email protected]>

* Autogenerate Synapse Private Link Hub ID source

Signed-off-by: Owen Farrell <[email protected]>

* Test import of Synapse Private Link Hub

Signed-off-by: Owen Farrell <[email protected]>

Co-authored-by: Tom Bamford <[email protected]>

Changelog for #12495

`azurerm_subnet_network_security_group_association` fix potential deadlock when using multiple association resources. (#12267)

Update CHANGELOG.md for #12267

Fix issue triage labelling and waiting-response handling

repo-token should be github_token

remove labels individually

azurerm_container_registry: allowing the principal_id and tenant_id to be exported (#12378)

This is to help issue #9955 by adding support to expose the prinicpal_id and tenant_id from the container registry identity block with systemAssigned managed identities.

CHANGELOG.md for #12378

add resource "azurerm_data_protection_backup_policy_disk" (#12361)

To address this issue: #11768
The tests are listed as the following.

CHANGELOG.md for #12361

Data source - Added for azurerm_local_network_gateway (#12579)

fixes #10834

CHANGELOG.md for #12579

azurerm_cognitive_account supports ignore_missing_vnet_service_endpoint (#12600)

CHANGELOG.md for #12600

Update CHANGELOG.md

new resource "azurerm_data_factory_custom_dataset" (#12484)

generic resource about dataset

notes:

according to the service team, structure is deprecated and schema is prefered. So in this resource, I didn't imeplement structure property.
schema is type interface, according to the service team, it could be either a object or an array. So I also made it a json string. In the acctest, both cases are covered.

CHANGELOG.md for #12484

Support for `user_assigned_identity_id` in `azurerm_storage_account_customer_managed_key` (#12516)

Close #12489

CHANGELOG.md for #12516

Update `azurerm_maintenance_configuration` / New resource `azurerm_maintenance_assignment_virtual_machine_scale_set` (#12273)

Update to the latest maintenance API version
Add support for visibility, window and properties
New resource azurerm_maintenance_assignment_virtual_machine_scale_set

CHANGELOG>md for #12273

Don't force new resource when modifying additional subnet IDs of azurerm_api_management (#12611)

Adding and removing subnet IDs (via the additional_locations block)
should not result in a new api management resource.

CHANGELOG.md for #12611

`azurerm_key_vault_access_policy`: Extra nil check to prevent crash  (#12576) (#12616)

Fixes #12576

CHANGELOG.md for #12616

Infrastructure Encryption Fix (#12614)

"azurerm_data_factory" - supports property "managed_virtual_network_enabled" (#12343)

fix #10542

CHANGELOG.md for #12343

`azurerm_data_factory_dataset_binary`: New resource (#12369)

CHANGELOG.md for #12369

r/`machine_learning_compute_cluster`: make `subnet_resource_id` optional (#12558)

PR to address complaint in #12508 that subnet_resource_id is not really optional.

CHANGELOG>md for #12558

v2.68.0

`make goimports` support Linux (make `sed` option OS-aware) (#12571)

* make the sed OS-aware in goimport-file.sh & run it

* refine

* refine per review

Bump azure-sdk to 55.6 (#12565)

Co-authored-by: xuzhang3 <Zhangxu894765>

Update CHANGELOG.md for #12565

policy: fix typo in example usage (#12634)

Support for `high_availability` in `azurerm_postgresql_flexible_server` (#12587)

* update

* revert

* update

* update

* Fix unneeded dereference

* update

Co-authored-by: Tom Bamford <[email protected]>

Changelog for #12587

Rename Private Link Hub source files per convention

Signed-off-by: Owen Farrell <[email protected]>

azurerm_data_factory_integration_runtime_azure_ssis - support public_ips, express_custom_setup, package_store, proxy (#12545)

* enhancement for `azurerm_data_factory_integration_runtime_azure_ssis`

* remove unnecessary trailing newline

* update

* refactor "env" to "environment"

CHANGELOG>md for #12545

"azurerm_data_factory_integration_runtime_azure" - supports property "virtual_network_enabled" (#12619)

CHANGELOG.md for #12619

Support azurerm_api_management_named_value.

updating to include #12641

r/eventhub_authorization_rule: only returning an error when there's an error

This fixes #12387 by conditionally returning the error rather than always when
this is nil.

updating to include #12642

New resource - `azurerm_batch_job` (#12573)

Fixes #7862.

CHANGELOG.md for #12573

azurerm_bot_channels_registration - support for cmk_key_vault_url, description, icon_url, isolated_network_enabled (#12560)

CHANGELOG.md for #12560

add resource "azurerm_data_protection_backup_policy_blob_storage" (#12362)

To address issue : #12318 and #12389

CHANGELOG.MD FOR #12362

new resource "azurerm_data_factory_managed_private_endpoint" (#12618)

fix #12364

CHANGELOG.md for #12618

updating to use Go 1.16.6

`azurerm_kubernetes_cluster`: Support for downgrade `sku_tier`

remove default `sku_tier` value from testcase

updating to include #12651

synapse: embedding a Track1 Data Plane SDK

Return an error when ssl policy is not properly configured (#12647)

Azure does not allow setting disabled protocols when using a custom or a
predefined policy type. Up until now when a user supplied both the
provider silently ignored the policy type changed and kept only the
disabled protocols configuration.

This change throws an error durring the planning phase instead and asks
the user to fix their configuration.

Changelog for #12647

cosmosdb sql function docs fix (#12662)

* cosmosdb sql function docs fix

* rename the file to the correct value

Add support for maintenanceWindow property of azurerm_redis_cache data source (#12666)

* Add support for maintenanceWindow property of azurerm_redis_cache data source

* update code

Changelog for #12666

fix additional properties for

Changelog for #12664

fix crash when create compute cluster without specifying subnetId (#12658)

* fix crash when create machine learning compute cluster without specifying subnetId

* add nil-check on props

Changelog for #12658

"azurerm_data_factory_integration_runtime_azure_ssis" - supports "key_vault_password", "key_vault_license" for "express_custom_setup" (#12659)

for the "express_custom_setup", "command_key" and "component" supports key vault secret reference, this PR adds support for this feature.

CHANGELOG.md for #12659

New Resource: azurerm_signalr_service_network_acl (#12434)

Currently, azurerm_signalr_service doesn't support to set network access control for SignalR.

After investigated, I think we cannot implement the networkACL property in azurerrm_signalr_service. Because service team confirmed that we must create private endpoint (Here private endpoint is created by azurerm_private_endpoint) which is referencing the existing SignalR resource (Here signalr resource is created by azurerm_signalr_service) first before updating the networkACL.privateEndpoint property of the existing SignalR resource. If we implement networkACL.privateEndpoint in azurerm_signalr_service, it would cause the issue of circular reference between azurerm_private_endpoint and azurerm_signalr_service. So we have to make this property as a separate resource.

Overview:
docs.microsoft.com/en-us/azure/azure-signalr/howto-network-access-control

CHANGELOG.md for #12434

New Resource: azurerm_bot_channel_web_chat (#12672)

CHANGELOG.md for #12672

GHA: disable whitespace linter and update job params (#12690)

Updated account_replication_type validation (#12645)

Updated changelog for #12645

Enabling advanced_filtering_on_arrays_enabled (#12609)

* enabling advanced_filtering_on_arrays_enabled

* fixing the pointer instead of bool

* updated test case `advanced_filtering_on_arrays_enabled`

* fixing the bool assignment

* default to false

* Enabling advanced_filtering_on_arrays_enabled on event grid system subscription

* Fixing format by terrafmt fmt

* fixing golint

* Resolving wordings for doc

Co-authored-by: Tom Bamford <[email protected]>

* Resolving wordings for doc

Co-authored-by: Tom Bamford <[email protected]>

Co-authored-by: Tom Bamford <[email protected]>

Changelog for #12609

support for Azure Event Hubs Namespace Premium tier (#12695)

Adds support for the Premium tier of the event hubs namespace resource.
It is not possible to actually move from/to that tier so setting the sku
to `Premium` forces the resource to be re-created.

This will also throw an error if someone attempts to create a premium
namespace without setting zone_redundant to true.

Changelog for #12695

New resource: azurerm_virtual_network_dns_servers

New resources: azurerm_active_directory_domain_service and azurerm_active_directory_domain_service_replica_set

Documentation for azurerm_active_directory_domain_service

Review: use common base64 string validation func in log_analytics_storage_insights resource

Review: trim attribute naming boilerplate, add a comment rationalising the test

Remove DONOTDELETE tag from test configs, change resource group name prefix

Remove support for the `resource_forest` block until we have a way to test it

aadds: improve wording for filtered_sync property

Note in docs clarifying the supported operation modes for Domain Services

Changelog for #10782

Adding #12687

* azurerm_kusto_eventgrid_data_connection
Adding validation support for ORC

* Adding all other data formats support for EventGrid
according to
https://github.com/Azure/azure-rest-api-specs/blob/master/specification/azure-kusto/resource-manager/Microsoft.Kusto/stable/2020-09-18/kusto.json

* adding supported format to the documentation

Updating to include #12687

New resource: azurerm_api_management_gateway_api (#12398)

* added the azurerm gateway and azurerm gateway api resource

Signed-off-by: Paul Plavetzki <[email protected]>

* fixed some linting errors

Signed-off-by: Paul Plavetzki <[email protected]>

* removed dups

Signed-off-by: Paul Plavetzki <[email protected]>

* updating the tests

Signed-off-by: Paul Plavetzki <[email protected]>

* updated test script

Signed-off-by: Paul Plavetzki <[email protected]>

* fixed import issues

Signed-off-by: Paul Plavetzki <[email protected]>

* updated based on feedback from pr

Signed-off-by: Paul Plavetzki <[email protected]>

* updated tests

Signed-off-by: Paul Plavetzki <[email protected]>

* fixed all tests

Signed-off-by: Paul Plavetzki <[email protected]>

Changelog for #12398

v2.69.0

eventhubs: removing direct usages on the Azure SDK for Eventhub

r/eventhub_namespace: removing the old azure sdk usage

dependencies: removing the old eventhubs sdk

Add reference to official databricks provider

Update active_directory_domain_service.html.markdown

`name` is deprecated in `azuread_group` - replaced with `display_name`

`r/logic_app_workflow`: add extra nil checking

`azurerm_eventgrid_event_subscription` docs: Add missing newline (#12712)

msi: vendoring the embedded sdk

msi: porting over to use the embedded sdk

msi: adding an alias since this is commonly used across the codebase

dependencies: removing the old azure sdk for managed identity

updating to include #12715

Update active_directory_domain_service.html.markdown

`location` can not be set in `initial_replica_set` - docs (below) does not contain it either

maps: vendoring the embedded accounts sdk

maps: refactoring to use the existing ID Parser

maps: refactoring to use the ID Parsers from the SDK

maps: refactoring to use the embedded sdk

updating to include #12716

update docs - make the dns_prefix in azurerm_kubernetes_cluster to be… (#12724)

Closes dns_prefix argument is required for k8s cluster declarations, despite docs saying it's optional #12649
Updating the docs accordingly to what @manicminer say in the comments in the issues.

Make the dns_prefix a mandatory field in the azurerm_kubernetes_cluster.

update

Revert "update"

This reverts commit 617dad277a0893f021992b5e82236a4265992f43.
yupwei68 pushed a commit to yupwei68/terraform-provider-azurerm that referenced this issue Jul 26, 2021
@michael-kolpin-bt
Copy link

This actually, doesn't work - created Integrated Runtime has Virtual network configuration=Disable.

resource "azurerm_data_factory" "adf" {
  name                   = "some-adf"
  location               = "westeurope"
  resource_group_name    = azurerm_resource_group.rg.name
  public_network_enabled = false
  managed_virtual_network_enabled  = true

  identity {
    type = "SystemAssigned"
  }
}

resource "azurerm_resource_group" "rg" {
  name     = "adf-rg"
  location = "westeurope"
}

image

This still seems to be wrongly deploying the ADF instance. Should this ticket be opened again or is there already a fix to be deployed?

@github-actions
Copy link

github-actions bot commented Sep 3, 2021

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 3, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
7 participants