Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_firewall - dns_settings block to fix dns_servers, dns_proxy_enabled logic #20519

Merged
merged 2 commits into from
Dec 7, 2023

Conversation

wuxu92
Copy link
Contributor

@wuxu92 wuxu92 commented Feb 17, 2023

resolves: #20500 , resolves: #9184, resolves: #12084

image

@github-actions
Copy link

Build failure

Found new usages of deprecated functionality:

https://github.com/hashicorp/terraform-provider-azurerm/actions/runs/4290183876

@wuxu92 wuxu92 force-pushed the fw/dnsproxyenabled branch from 3752e2b to 36cffd3 Compare March 6, 2023 07:56
@wuxu92 wuxu92 marked this pull request as ready for review March 10, 2023 03:19
},
},

"proxy_enabled": {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we could just move this to the to level instead of creating a new block?

Copy link
Contributor Author

@wuxu92 wuxu92 Apr 3, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your suggestion. i have tried to move it to the top level, but then it is not compatiable with what Portal does. for portal there is a separate switch to turn off/on the DNS configurations:

Before Turn On
image

After Turn On
image

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i don't understand why its not compatible ? you can leave the existing servers property and then add a dns_proxy_enabled property instead of creating a new block?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

with a top-level dns_proxy_enabled property, no matter the value is true or false, the DNS settings will be Enabled. then how can we set the DNS Setting to Disabled?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we are already passing in the custom servers?

i don't follow how it will be a problem to have it outside the block vs in? the radio option "enabling disabling" it in the portal appears to be purely cosmetic

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

here we set the dns_proxy_enabled as top level:

	"dns_servers": {
		Type:     pluginsdk.TypeList,
		Optional: true,
		MinItems: 1,
		Elem: &pluginsdk.Schema{
			Type:         pluginsdk.TypeString,
			ValidateFunc: validation.IsIPAddress,
		},
	},

	"dns_proxy_enabled": {
		Type:     pluginsdk.TypeBool,
		Optional: true,
		Computed: true,
	},

then with tf configuration like below will also Enable the DNS Settings and set the DNS Proxy to Disabled. it may action just the same as not enable DNS settings. but i guess it makes a diff between terraform-provider and portal and it could lead to issues down the line.

resource "azurerm_firewall" "test" {
  name                = "acctestfirewall"
  location            = azurerm_resource_group.test.location
  resource_group_name = azurerm_resource_group.test.name
  sku_name            = "AZFW_VNet"
  sku_tier            = "Standard"
}

i have actually implemented the desing of make dns_proxy_enabled as a top-level and have tested that it works for current version. i can push it if you are ok with it.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What "enables dns settings" in the api? from the screenshot all it seems to do is allow you to configure those two options?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there is no specific field in the API to enable DNS Settings, but just set fields to a map as field AdditionalProperties as below:

AdditionalProperties["Network.DNS.EnableProxy"] = "true"
AdditionalProperties["Network.DNS.Servers"] = "1.1.1.1,2.2.2.2"

from the screenshot below and API requests in the Portal, when Disabled selected, we should not set the AdditionalProperties fields. but as previous discusstion as top-level dns_proxy_enabled property, we'll always set the AdditionalProperties["Network.DNS.EnableProxy"] field.

image

code of how AdditionalProperties is set:
https://github.com/hashicorp/terraform-provider-azurerm/pull/20519/files#diff-9b29e7d553e1b06cad14665d2ee767d5ffeefad32821d783e74f7372fbcde3d0R861-R865

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what you can do is only set it if the proxy is enabled

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in my test on Azure Portal, if only set AdditionalProperties["Network.DNS.EnableProxy"] = "true" it will just set the proxy is enabled (which means DNS Servers use the Default (Azure provided)) and this is what #9184 want.

Copy link
Collaborator

@katbyte katbyte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

test failures:

------- Stdout: -------
=== RUN   TestAccFirewall_privateRanges
=== PAUSE TestAccFirewall_privateRanges
=== CONT  TestAccFirewall_privateRanges
    testcase.go:110: Step 6/6 error running import: ImportStateVerify attributes not equivalent. Difference is shown below. The - symbol indicates attributes missing after import.
        
          map[string]string{
        - 	"dns_proxy_enabled": "false",
          }
--- FAIL: TestAccFirewall_privateRanges (1179.90s)
FAIL

<div class="rightBlock expandedDetails" style="float: right; background-color: rgba(245, 245, 245, 0.81); border-left: 5px solid rgb(255, 255, 255); border-bottom: 5px solid rgb(255, 255, 255); color: rgb(31, 35, 38); font-family: system-ui, -apple-system, &quot;system-ui&quot;, &quot;Segoe UI&quot;, Roboto, Oxygen, Ubuntu, Cantarell, &quot;Droid Sans&quot;, &quot;Helvetica Neue&quot;, Arial, sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;"><div class="relatedBuildsWrapper" style="border-right: 3px solid white; float: right;"><br class="Apple-interchange-newline">

  | First failure: | refs/pull/20519/merge | #752 | Changes (10) | 06 Apr 23 16:35
-- | -- | -- | -- | -- | --


<div id="div_iaa_187751c0fbb"></div></div></div><div class="testMetadata" id="testMetadata_tdi_187751c0fb9" style="color: rgb(31, 35, 38); font-family: system-ui, -apple-system, &quot;system-ui&quot;, &quot;Segoe UI&quot;, Roboto, Oxygen, Ubuntu, Cantarell, &quot;Droid Sans&quot;, &quot;Helvetica Neue&quot;, Arial, sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;"></div><pre class="fullStacktrace" id="fullStacktrace_388440_2930815752523330276" style="font: 400 12px / 1.2em Menlo, &quot;Bitstream Vera Sans Mono&quot;, &quot;Ubuntu Mono&quot;, Consolas, &quot;Courier New&quot;, Courier, monospace; padding: 3px 3px 0px; color: darkred; margin-top: 0.5em; margin-bottom: 0.5em; white-space: pre-wrap; overflow-wrap: break-word; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">------- Stdout: -------
=== RUN   TestAccFirewallNetworkRuleCollection_fqdns
=== PAUSE TestAccFirewallNetworkRuleCollection_fqdns
=== CONT  TestAccFirewallNetworkRuleCollection_fqdns
    testcase.go:110: Step 1/2 error: Error running apply: exit status 1
        
        Error: waiting for creation/update of Network Rule Collection "acctestnrc" of Firewall "acctestfirewall230406170629416797" (Resource Group "acctestRG-230406170629416797"): Code="AzureFirewallDNSProxyMustBeEnabled" Message="DNS Proxy must be enabled in order to use DestinationFqdns in Network Rules. See rule rule1 in network rule collection acctestnrc" Details=[]
        
          with azurerm_firewall_network_rule_collection.test,
          on terraform_plugin_test.tf line 63, in resource "azurerm_firewall_network_rule_collection" "test":
          63: resource "azurerm_firewall_network_rule_collection" "test" {
        
--- FAIL: TestAccFirewallNetworkRuleCollection_fqdns (671.31s)
FAIL</pre>First failure: 	refs/pull/20519/merge	[#752 ](https://ci-oss.hashicorp.engineering/viewLog.html?buildId=388440&tab=buildResultsDiv&buildTypeId=TerraformOpenSource_TerraformProviders_AzureRMPublic_AZURERM_SERVICE_PUBLIC_FIREWALL) 	[Changes (10)](https://ci-oss.hashicorp.engineering/viewLog.html?buildId=388440&tab=buildChangesDiv&buildTypeId=TerraformOpenSource_TerraformProviders_AzureRMPublic_AZURERM_SERVICE_PUBLIC_FIREWALL) 	06 Apr 23 16:35
------- Stdout: -------
=== RUN   TestAccFirewallNetworkRuleCollection_fqdns
=== PAUSE TestAccFirewallNetworkRuleCollection_fqdns
=== CONT  TestAccFirewallNetworkRuleCollection_fqdns
    testcase.go:110: Step 1/2 error: Error running apply: exit status 1
        
        Error: waiting for creation/update of Network Rule Collection "acctestnrc" of Firewall "acctestfirewall230406170629416797" (Resource Group "acctestRG-230406170629416797"): Code="AzureFirewallDNSProxyMustBeEnabled" Message="DNS Proxy must be enabled in order to use DestinationFqdns in Network Rules. See rule rule1 in network rule collection acctestnrc" Details=[]
        
          with azurerm_firewall_network_rule_collection.test,
          on terraform_plugin_test.tf line 63, in resource "azurerm_firewall_network_rule_collection" "test":
          63: resource "azurerm_firewall_network_rule_collection" "test" {
        
--- FAIL: TestAccFirewallNetworkRuleCollection_fqdns (671.31s)
FAIL

website/docs/d/firewall.html.markdown Outdated Show resolved Hide resolved
website/docs/r/firewall.html.markdown Outdated Show resolved Hide resolved
Copy link
Collaborator

@katbyte katbyte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we have some test failures:

image

@katbyte
Copy link
Collaborator

katbyte commented Jun 8, 2023

i am still seeing a test failued:

# azurerm_firewall.test will be updated in-place
          ~ resource "azurerm_firewall" "test" {
              ~ dns_proxy_enabled   = true -> false
                id                  = "/subscriptions/*******/resourceGroups/acctestRG-230608033252412082/providers/Microsoft.Network/azureFirewalls/acctestfirewall230608033252412082"
                name                = "acctestfirewall230608033252412082"
                # (6 unchanged attributes hidden)
        
                # (1 unchanged block hidden)
            }

@wuxu92 wuxu92 force-pushed the fw/dnsproxyenabled branch from 28050a4 to a044ddb Compare June 30, 2023 02:49
@github-actions github-actions bot added size/L and removed size/XL labels Jun 30, 2023
@wuxu92
Copy link
Contributor Author

wuxu92 commented Jun 30, 2023

update the PR with an optional dns_proxy_enabled property. but this will cause an update to an existing firewall resource with dns_servers. because the current provider will set dns_proxy_enabled to true automatically. so the user have to set dns_proxy_enabled = true or add a ignore_changes = [dns_proxy_enabled] manually. WDYT @katbyte

Copy link
Collaborator

@katbyte katbyte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still have a test failure:

------- Stdout: -------
=== RUN   TestAccFirewallPolicy_updatePremium
=== PAUSE TestAccFirewallPolicy_updatePremium
=== CONT  TestAccFirewallPolicy_updatePremium
    testing_new.go:86: Error running post-test destroy, there may be dangling resources: exit status 1
        
        Error: deleting IP Group "acctestIpGroupForFirewallNetworkRulesDestination" (Resource Group "acctestRG-networkfw-230706183105166294"): network.IPGroupsClient#Delete: Failure sending request: StatusCode=400 -- Original Error: Code="IpGroupsHasFirewallPolicyReferences" Message="IpGroups '/subscriptions/*******/resourceGroups/acctestRG-networkfw-230706183105166294/providers/Microsoft.Network/ipGroups/acctestIpGroupForFirewallNetworkRulesDestination' cannot be deleted since there are firewall policies using this resource."
        
--- FAIL: TestAccFirewallPolicy_updatePremium (334.52s)
FAIL

for now we can make the property computed?

Copy link
Collaborator

@katbyte katbyte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@wuxu92 - we still see test failures:

------- Stdout: -------
=== RUN   TestAccFirewallPolicy_complete
=== PAUSE TestAccFirewallPolicy_complete
=== CONT  TestAccFirewallPolicy_complete
    testcase.go:113: Step 1/2 error: Error running apply: exit status 1
        
        Error: creating/updating Firewall Policy: (Name "acctest-networkfw-Policy-231106214108497927" / Resource Group "acctestRG-networkfw-231106214108497927"): network.FirewallPoliciesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="FirewallPolicyExplicitProxyPacFileSasUrlInvalid" Message="Firewall Policy /subscriptions/*******/resourceGroups/acctestRG-networkfw-231106214108497927/providers/Microsoft.Network/firewallPolicies/acctest-networkfw-Policy-231106214108497927 Pac file Sas Url is invalid"
        
          with azurerm_firewall_policy.test,
          on terraform_plugin_test.tf line 26, in resource "azurerm_firewall_policy" "test":
          26: resource "azurerm_firewall_policy" "test" {
        
--- FAIL: TestAccFirewallPolicy_complete (96.13s)
FAIL

multiple with that

@wuxu92
Copy link
Contributor Author

wuxu92 commented Nov 15, 2023

@katbyte The test should pass now, but the TestAccFirewallPolicy_updatePremium case is not consistently successful in the main branch due to occasional failures caused by a strange Provider produced inconsistent result after apply issue. I am still investigating it in the main branch.

image

Copy link
Collaborator

@katbyte katbyte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚥

@katbyte katbyte merged commit 0968b94 into hashicorp:main Dec 7, 2023
23 checks passed
@github-actions github-actions bot added this to the v3.84.0 milestone Dec 7, 2023
katbyte added a commit that referenced this pull request Dec 7, 2023
@wuxu92 wuxu92 deleted the fw/dnsproxyenabled branch December 11, 2023 02:39
dduportal added a commit to jenkins-infra/azure that referenced this pull request Dec 12, 2023
<Actions>
<action
id="f410411e63aff4bb73a81c2aec1d373cf8a903e63b30dee2006b0030d8a94cc8">
        <h3>Bump Terraform `azurerm` provider version</h3>
<details
id="1d9343c012f5434ac9fe8a98135bae3667b399259be16d9b14302ea3bd424a24">
            <summary>Update Terraform lock file</summary>
<p>&#34;hashicorp/azurerm&#34; updated from &#34;3.82.0&#34; to
&#34;3.83.0&#34; in file &#34;.terraform.lock.hcl&#34;</p>
            <details>
                <summary>3.83.0</summary>
<pre>Changelog retrieved
from:&#xA;&#x9;https://github.com/hashicorp/terraform-provider-azurerm/releases/tag/v3.83.0&#xA;UPGRADE
NOTES&#xA;&#xA;* Key Vaults are now loaded using [the
`ListBySubscription` API within the Key Vault Resource
Provider](https://learn.microsoft.com/en-us/rest/api/keyvault/keyvault/vaults/list-by-subscription?view=rest-keyvault-keyvault-2022-07-01&amp;tabs=HTTP)
rather than [the Resources
API](https://learn.microsoft.com/en-us/rest/api/keyvault/keyvault/vaults/list?view=rest-keyvault-keyvault-2022-07-01&amp;tabs=HTTP).
This change means that the Provider now caches the list of Key Vaults
available within a Subscription, rather than loading these piecemeal to
workaround stale data returned from the Resources API
([#24019](https://github.com/hashicorp/terraform-provider-azurerm/issues/24019))&#xA;&#xA;FEATURES:&#xA;&#xA;*
New Data Source: `azurerm_stack_hci_cluster`
([#24032](https://github.com/hashicorp/terraform-provider-azurerm/issues/24032))&#xA;&#xA;ENHANCEMENTS:&#xA;&#xA;*
dependencies: updating to `v0.20231129.1103252` of
`github.com/hashicorp/go-azure-sdk`
([#24063](hashicorp/terraform-provider-azurerm#24063
`automation`: updating to API Version `2023-11-01`
([#24017](hashicorp/terraform-provider-azurerm#24017
`keyvault`: the cache is now populated using the `ListBySubscription`
endpoint on the KeyVault Resource Provider rather than via the
`Resources` API
([#24019](hashicorp/terraform-provider-azurerm#24019
`keyvault`: updating the cache to populate all Key Vaults available
within the Subscription to reduce the number of API calls
([#24019](hashicorp/terraform-provider-azurerm#24019
Data Source `azurerm_private_dns_zone`: refactoring to use the
`ListBySubscription` API rather than the Resources API when
`resource_group_name` is omitted
([#24024](hashicorp/terraform-provider-azurerm#24024
`azurerm_dashboard_grafana` - support for `grafana_major_version`
([#24014](hashicorp/terraform-provider-azurerm#24014
`azurerm_linux_web_app` - add support for dotnet 8
([#23893](hashicorp/terraform-provider-azurerm#23893
`azurerm_linux_web_app_slot` - add support for dotnet 8
([#23893](hashicorp/terraform-provider-azurerm#23893
`azurerm_media_transform` - deprecate `face_detector_preset` and
`video_analyzer_preset`
([#24002](hashicorp/terraform-provider-azurerm#24002
`azurerm_postgresql_database` - update the validation of `collation` to
include `Norwegian_Norway.1252`
([#24070](hashicorp/terraform-provider-azurerm#24070
`azurerm_postgresql_flexible_server` - updating to API Version
`2023-06-01-preview`
([#24016](hashicorp/terraform-provider-azurerm#24016
`azurerm_redis_cache` - support for the
`active_directory_authentication_enabled` property
([#23976](hashicorp/terraform-provider-azurerm#23976
`azurerm_windows_web_app` - add support for dotnet 8
([#23893](hashicorp/terraform-provider-azurerm#23893
`azurerm_windows_web_app_slot` - add support for dotnet 8
([#23893](hashicorp/terraform-provider-azurerm#23893
`azurerm_storage_account` - add `name` validation in custom diff
([#23799](https://github.com/hashicorp/terraform-provider-azurerm/issues/23799))&#xA;&#xA;BUG
FIXES:&#xA;&#xA;* authentication: fix a bug where auxiliary tenants were
not correctly authorized
([#24063](hashicorp/terraform-provider-azurerm#24063
`azurerm_app_configuration` - normalize location in `replica` block
([#24074](hashicorp/terraform-provider-azurerm#24074
`azurerm_cosmosdb_account` - cosmosdb version and capabilities can now
be updated at the same time
([#24029](hashicorp/terraform-provider-azurerm#24029
`azurerm_data_factory_flowlet_data_flow` - `source` and `sink`
properties are now optional
([#23987](hashicorp/terraform-provider-azurerm#23987
`azurerm_datadog_monitor_tag_rule` - correctly handle default rule
([#22806](hashicorp/terraform-provider-azurerm#22806
`azurerm_ip_group`: fixing a crash when `firewall_ids` and
`firewall_policy_ids` weren&#39;t parsed correctly from the API Response
([#24031](hashicorp/terraform-provider-azurerm#24031
`azurerm_nginx_deployment` - add default value of `20` for `capacity`
([#24033](https://github.com/hashicorp/terraform-provider-azurerm/issues/24033))&#xA;&#xA;&#xA;</pre>
            </details>
            <details>
                <summary>3.84.0</summary>
<pre>Changelog retrieved
from:&#xA;&#x9;https://github.com/hashicorp/terraform-provider-azurerm/releases/tag/v3.84.0&#xA;FEATURES:&#xA;&#xA;*
**New Data Source:** `azurerm_storage_containers`
([#24061](hashicorp/terraform-provider-azurerm#24061
**New Resource:** `azurerm_elastic_san`
([#23619](hashicorp/terraform-provider-azurerm#23619
**New Resource:**
`azurerm_key_vault_managed_hardware_security_module_role_assignment`
([#22332](hashicorp/terraform-provider-azurerm#22332
**New Resource:**
`azurerm_key_vault_managed_hardware_security_module_role_definition`
([#22332](https://github.com/hashicorp/terraform-provider-azurerm/issues/22332))&#xA;&#xA;ENHANCEMENTS:&#xA;&#xA;*
dependencies: updating mssql elasticpools from `v5.0` to
`2023-05-01-preview`&#xA;* dependencies: updating to
`v0.20231207.1122031` of `github.com/hashicorp/go-azure-sdk`
([#24149](hashicorp/terraform-provider-azurerm#24149
Data Source: `azurerm_storage_account` - export the primary and
secondary internet and microsoft hostnames for blobs, dfs, files,
queues, tables and web
([#23517](hashicorp/terraform-provider-azurerm#23517
Data Source: `azurerm_cosmosdb_account` - export the
`connection_strings`, `primary_sql_connection_string`,
`secondary_sql_connection_string`,
`primary_readonly_sql_connection_string`,
`secondary_readonly_sql_connection_string`,
`primary_mongodb_connection_string`,
`secondary_mongodb_connection_string`,
`primary_readonly_mongodb_connection_string`, and
`secondary_readonly_mongodb_connection_string` attributes
([#24129](hashicorp/terraform-provider-azurerm#24129
`azurerm_bot_service_azure_bot` - support for the
`public_network_access_enabled` property
([#24125](hashicorp/terraform-provider-azurerm#24125
`azurerm_container_app_environment` - support for the `workload_profile`
property
([#23478](hashicorp/terraform-provider-azurerm#23478
`azurerm_cosmosdb_cassandra_datacenter` - support for the
`seed_node_ip_addresses` property
([#24076](hashicorp/terraform-provider-azurerm#24076
`azurerm_firewall` - support for the `dns_proxy_enabled` property
([#20519](hashicorp/terraform-provider-azurerm#20519
`azurerm_kubernetes_cluster` - support for the `support_plan` property
and the `sku_tier` `Premium`
([#23970](hashicorp/terraform-provider-azurerm#23970
`azurerm_mssql_database` - support for `enclave_type` field
([#24054](hashicorp/terraform-provider-azurerm#24054
`azurerm_mssql_elasticpool` - support for `enclave_type` field
([#24054](hashicorp/terraform-provider-azurerm#24054
`azurerm_mssql_managed_instance` - support for more `vcores`: `6`, `10`,
`12`, `20`, `48`, `56`, `96`, `128`
([#24085](hashicorp/terraform-provider-azurerm#24085
`azurerm_redis_linked_server` - support for the property
`geo_replicated_primary_host_name`
([#23984](hashicorp/terraform-provider-azurerm#23984
`azurerm_storage_account` - expose the primary and secondary internet
and microsoft hostnames for blobs, dfs, files, queues, tables and web
([#23517](hashicorp/terraform-provider-azurerm#23517
`azurerm_synapse_role_assignment` - support for the `principal_type`
property
([#24089](hashicorp/terraform-provider-azurerm#24089
`azurerm_spring_cloud_build_deployment` - support for the
`application_performance_monitoring_ids` property
([#23969](hashicorp/terraform-provider-azurerm#23969
`azurerm_virtual_network_gateway` - support for the
`bgp_route_translation_for_nat_enabled`, `dns_forwarding_enabled`,
`ip_sec_replay_protection_enabled`, `remote_vnet_traffic_enabled`,
`virtual_wan_traffic_enabled`, `radius_server`,
`virtual_network_gateway_client_connection`, `policy_group`, and
`ipsec_policy` property
([#23220](https://github.com/hashicorp/terraform-provider-azurerm/issues/23220))&#xA;&#xA;BUG
FIXES:&#xA;&#xA;* `azurerm_application_insights_api_key` - prevent a bug
where multiple keys couldn&#39;t be created for an Application Insights
instance
([#23463](hashicorp/terraform-provider-azurerm#23463
`azurerm_container_registry` - the `network_rule_set.virtual_network`
property has been deprecated
([#24140](hashicorp/terraform-provider-azurerm#24140
`azurerm_hdinsight_hadoop_cluster` - set
`roles.edge_node.install_script_action.parameters` into state by
retrieving the value provided in the user config since this property
isn&#39;t returned by the API
([#23971](hashicorp/terraform-provider-azurerm#23971
`azurerm_kubernetes_cluster` - prevent a bug where maintenance window
start date was always recalculated and sent to the API
([#23985](hashicorp/terraform-provider-azurerm#23985
`azurerm_mssql_database` - will no longer send all long retention values
in payload unless set
([#24124](hashicorp/terraform-provider-azurerm#24124
`azurerm_mssql_managed_database` - will no longer send all long
retention values in payload unless set
([#24124](hashicorp/terraform-provider-azurerm#24124
`azurerm_mssql_server_microsoft_support_auditing_policy` - only include
storage endpoint in payload if set
([#24122](hashicorp/terraform-provider-azurerm#24122
`azurerm_mobile_network_packet_core_control_plane` - prevent a panic if
the HTTP Response is nil
([#24083](hashicorp/terraform-provider-azurerm#24083
`azurerm_storage_account` - revert plan time name validation `(#23799)`
([#24142](hashicorp/terraform-provider-azurerm#24142
`azurerm_web_application_firewall_policy` - split create and update
function to fix lifecycle - ignore changes
([#23412](https://github.com/hashicorp/terraform-provider-azurerm/issues/23412))&#xA;&#xA;&#xA;</pre>
            </details>
        </details>
<a
href="https://infra.ci.jenkins.io/job/terraform-jobs/job/azure/job/main/931/">Jenkins
pipeline link</a>
    </action>
</Actions>

---

<table>
  <tr>
    <td width="77">
<img src="https://www.updatecli.io/images/updatecli.png" alt="Updatecli
logo" width="50" height="50">
    </td>
    <td>
      <p>
Created automatically by <a
href="https://www.updatecli.io/">Updatecli</a>
      </p>
      <details><summary>Options:</summary>
        <br />
<p>Most of Updatecli configuration is done via <a
href="https://www.updatecli.io/docs/prologue/quick-start/">its
manifest(s)</a>.</p>
        <ul>
<li>If you close this pull request, Updatecli will automatically reopen
it, the next time it runs.</li>
<li>If you close this pull request and delete the base branch, Updatecli
will automatically recreate it, erasing all previous commits made.</li>
        </ul>
        <p>
Feel free to report any issues at <a
href="https://github.com/updatecli/updatecli/issues">github.com/updatecli/updatecli</a>.<br
/>
If you find this tool useful, do not hesitate to star <a
href="https://github.com/updatecli/updatecli/stargazers">our GitHub
repository</a> as a sign of appreciation, and/or to tell us directly on
our <a
href="https://matrix.to/#/#Updatecli_community:gitter.im">chat</a>!
        </p>
      </details>
    </td>
  </tr>
</table>

---------

Co-authored-by: Jenkins Infra Bot (updatecli) <[email protected]>
Co-authored-by: Damien Duportal <[email protected]>
Copy link

github-actions bot commented May 4, 2024

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 4, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.