Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Resource/Data Source: azurerm_private_link_service, Data Source: azurerm_private_link_service_endpoint_connections and expose in azurerm_lb and azurerm_subnet #4426

Merged
merged 49 commits into from
Nov 22, 2019

Conversation

WodansSon
Copy link
Collaborator

@WodansSon WodansSon commented Sep 25, 2019

(fixes #4701 )

@WodansSon WodansSon changed the title New Resource/Data Source: azurerm_private_link_service and expose in azurerm_lb and azurerm_subnet [WIP]New Resource/Data Source: azurerm_private_link_service and expose in azurerm_lb and azurerm_subnet Sep 25, 2019
Copy link
Collaborator

@katbyte katbyte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @WodansSon, i've left some comments inline that need to be addressed before merge.

ValidateFunc: validate.NoEmptyStrings,
},

"location": azure.SchemaLocation(),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be azure.SchemaLocationForDataSource ?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.


"location": azure.SchemaLocation(),

"resource_group_name": azure.SchemaResourceGroupNameDiffSuppress(),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Whats the reasoning behind suppressing case difference here?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Defensive programming, Azure tends to not be very consistent with casing... I removed it and switched it to SchemaResourceGroupNameForDataSource

Computed: true,
},
"location": azure.SchemaLocationForDataSource(),
"tags": tagsForDataSourceSchema(),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should use the new tags.SchemaForDataSource function

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

@@ -99,6 +101,7 @@ The following attributes are exported:
* `resource_group_name` - The name of the resource group in which the subnet is created in.
* `virtual_network_name` - The name of the virtual network in which the subnet is created in
* `address_prefix` - The address prefix for the subnet
* `private_link_service_network_policies` - Enable or Disable apply network policies on private link service in the subnet.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need this as it is in the above docs?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This setting is only for subnet resource.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

line 62 describes this?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same question

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know how to explain it other than what is said here, what exactly are you expecting here?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We only added one property to the schema, yet there are two new properties in the docs? was one already existing?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes that was the original attribute name, I missed that one.

@@ -59,6 +59,8 @@ The following arguments are supported:

* `address_prefix` - (Required) The address prefix to use for the subnet.

* `private_link_service_network_policies` - (Optional) Enable or Disable apply network policies on private link service in the subnet.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we word this to be more consistent with the rest of the docs:

Suggested change
* `private_link_service_network_policies` - (Optional) Enable or Disable apply network policies on private link service in the subnet.
* `private_link_service_network_policies` - (Optional) Are network policies enabled on private links in this subnet?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a string? What are the valid options? shouldn't this be a bool?

Comment on lines 183 to 203
func testAccAzureRMPrivateLinkService_basic(rInt int, location string) string {
standardResources := testAccAzureRMPrivateLinkServiceTemplate_standardResources(rInt, location)
privateLink := testAccAzureRMPrivateLinkServiceTemplate_basic(rInt)

return testAccAzureRMPrivateLinkServiceTemplate("", standardResources, privateLink)
}

func testAccAzureRMPrivateLinkService_update(rInt int, location string) string {
standardResources := testAccAzureRMPrivateLinkServiceTemplate_standardResources(rInt, location)
privateLink := testAccAzureRMPrivateLinkServiceTemplate_update(rInt)

return testAccAzureRMPrivateLinkServiceTemplate("", standardResources, privateLink)
}

func testAccAzureRMPrivateLinkService_complete(rInt int, location string) string {
subscriptionDataSource := testAccAzureRMPrivateLinkServiceTemplate_subscriptionDataSource()
standardResources := testAccAzureRMPrivateLinkServiceTemplate_standardResources(rInt, location)
privateLink := testAccAzureRMPrivateLinkServiceTemplate_complete(rInt)

return testAccAzureRMPrivateLinkServiceTemplate(subscriptionDataSource, standardResources, privateLink)
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see the value in this, we could just include subscriptionDataSource bit in the standardResources and call it a day

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed.

`, rInt, rInt)
}

func testAccAzureRMPrivateLinkServiceTemplate_complete(rInt int) string {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could we just use this and add the standard resources in here?

Suggested change
func testAccAzureRMPrivateLinkServiceTemplate_complete(rInt int) string {
func testAccAzureRMPrivateLinkService_complete(rInt int) string {

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed.

azurerm/resource_arm_private_link_service_test.go Outdated Show resolved Hide resolved
`, rInt, rInt)
}

func testAccAzureRMPrivateLinkServiceTemplate_update(rInt int) string {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we just use the standard resources template in here?

Suggested change
func testAccAzureRMPrivateLinkServiceTemplate_update(rInt int) string {
func testAccAzureRMPrivateLinkService_update(rInt int) string {

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

Copy link
Collaborator

@katbyte katbyte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(duplicate)

@tombuildsstuff tombuildsstuff modified the milestones: v1.35.0, v1.36.0 Oct 2, 2019
return fmt.Errorf("Error checking for present of existing Private Link Service %q (Resource Group %q): %+v", name, resourceGroup, err)
}
}
if !utils.ResponseWasNotFound(resp.Response) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be

Suggested change
if !utils.ResponseWasNotFound(resp.Response) {
if if existing.ID != nil && *existing.ID != "" { {

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

Copy link
Collaborator

@katbyte katbyte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the revisions @WodansSon,

Just a couple comments left that should be addressed

"auto_approval_subscription_ids": {
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{Type: schema.TypeString},
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we validate these are IDs?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

"visibility_subscription_ids": {
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{Type: schema.TypeString},
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we validate these are IDs?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

"load_balancer_frontend_ip_configuration_ids": {
Type: schema.TypeSet,
Required: true,
Elem: &schema.Schema{Type: schema.TypeString},
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we validate these are IDs?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

"network_interface_ids": {
Type: schema.TypeSet,
Computed: true,
Elem: &schema.Schema{Type: schema.TypeString},
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we validate these are IDs?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.


if props := resp.PrivateLinkServiceProperties; props != nil {
d.Set("alias", props.Alias)
if props.AutoApproval != nil {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the glatten function will deal with nil

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

return fmt.Errorf("Error setting `auto_approval_subscription_ids`: %+v", err)
}
}
if props.Visibility != nil {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the glatten function will deal with nil

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

resource.TestCheckResourceAttr(resourceName, "load_balancer_frontend_ip_configuration_ids.#", "1"),
resource.TestCheckResourceAttrSet(resourceName, "load_balancer_frontend_ip_configuration_ids.0"),
),
},
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the import step is still missing?

@WodansSon WodansSon added this to the v1.37.0 milestone Nov 21, 2019
@WodansSon
Copy link
Collaborator Author

image

@tombuildsstuff tombuildsstuff modified the milestones: v1.37.0, v1.38.0 Nov 21, 2019
Copy link
Collaborator

@katbyte katbyte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @WodansSon, LGTM now! 🚀

@WodansSon WodansSon modified the milestones: v1.38.0, v1.37.0 Nov 22, 2019
@WodansSon WodansSon merged commit a154848 into master Nov 22, 2019
@WodansSon WodansSon deleted the nr_private-link-service branch November 22, 2019 00:45
WodansSon added a commit that referenced this pull request Nov 22, 2019
@ghost
Copy link

ghost commented Nov 26, 2019

This has been released in version 1.37.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 1.37.0"
}
# ... other configuration ...

@sfc-gh-emonsef
Copy link

sfc-gh-emonsef commented Dec 13, 2019

Is there a plan to add properties.enableProxyProtocol feature to privatelink service.
https://docs.microsoft.com/en-us/rest/api/virtualnetwork/privatelinkservices/createorupdate
I even tried to add it manually via powershell like below:

$privateLinkService = Get-AzPrivateLinkService -Name mypvilnkservice -ResourceGroupName resourcegroupname
$privateLinkService.enableProxyProtocol = $true
$privateLinkService = Get-AzPrivateLinkService -Name  mypvilnkservice -ResourceGroupName resourcegroupname $enableProxyProtocol = $true | Set-AzPrivateLinkService

but then terraform apply would reset enableProxyProtocol back to False again.

@tombuildsstuff
Copy link
Contributor

tombuildsstuff commented Dec 16, 2019

@esymonsef mind opening a new feature request to track that? PR: #5178

@ghost
Copy link

ghost commented Dec 22, 2019

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked and limited conversation to collaborators Dec 22, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Azure private-link resource creation via terraform?
5 participants