New Application Gateway Resource / New Terraform Provider structure [MS] #120
Conversation
Incorporated changes from https://github.com/brandontosch/terraform/tree/brandontosch/GH-8670 Also made slight change of 'app' gateway to 'application' gateway throughout code
…tAccAzureRMApplicationGateway_basic and accept int as parameter
There was a problem hiding this comment.
Hey @isaacsgi
Apologies for the delay in reviewing this!
I've reviewed and left some comments in-line, but this is generally looking good. Besides the comments, would it be possible to add some Documentation (and a link in the sidebar) for this resource? In order for this to resource to be usable, it also needs to be added to the provider.go file
One observation - I was initially hoping that we could break this out into smaller sub-resources rather than referencing ID's all over the place (see: how Terraform implemented Load Balancers) - however it doesn't look like this is feasible based on the Required fields. It might be just me, but it feels like this is internal API logic which is being exposed in the SDK rather than within the API; as such do you think it's worth reaching out to the API team to see if splitting this out is on the roadmap? (e.g. create an Application Gateway, then add a SSL cert as a separate API call)
Thanks!
| "backend_address_pool": { | ||
| Type: schema.TypeList, | ||
| Required: true, | ||
| MinItems: 1, |
There was a problem hiding this comment.
minor this MinItems can be removed as it's required :)
| "frontend_port": { | ||
| Type: schema.TypeList, | ||
| Required: true, | ||
| MinItems: 1, |
There was a problem hiding this comment.
minor MinItems: 1 can be removed since it's required
| "gateway_ip_configuration": { | ||
| Type: schema.TypeList, | ||
| Required: true, | ||
| MinItems: 1, |
There was a problem hiding this comment.
minor MinItems: 1 can be removed (it's inferred) because Required is true :)
| d.SetId(*read.ID) | ||
|
|
||
| log.Printf("[DEBUG] Waiting for ApplicationGateway (%s) to become available", name) | ||
| stateConf := &resource.StateChangeConf{ |
There was a problem hiding this comment.
do we need to poll for this, or does the Azure SDK for Go handle this automatically?
There was a problem hiding this comment.
It looks like the Terraform helper + Go SDK does this - so removed the extra code.
| Timeout: 60 * time.Minute, | ||
| } | ||
| if _, err := stateConf.WaitForState(); err != nil { | ||
| return fmt.Errorf("Error waiting for ApplicationGateway (%s) to become available: %s", name, err) |
There was a problem hiding this comment.
the second one here needs to be %+v to display the error and not just a string
| } | ||
|
|
||
| resource "azurerm_virtual_network" "test" { | ||
| name = "vnet" |
There was a problem hiding this comment.
can we give this a unique name? (we run these tests in parallel, which can cause issues)
| } | ||
|
|
||
| resource "azurerm_public_ip" "test" { | ||
| name = "public-ip" |
There was a problem hiding this comment.
can we give this a unique name?
| ] | ||
|
|
||
| gateway_ip_configuration { | ||
| # id = computed |
There was a problem hiding this comment.
I think we can remove these comments?
| name = "probe-1" | ||
| protocol = "Https" | ||
| path = "/test" | ||
| host = "azure.com" |
There was a problem hiding this comment.
out of interest does this need to match this list?
There was a problem hiding this comment.
sorry - this link doesn't seem to take me to a list?
There was a problem hiding this comment.
sorry, wrong link. I was referring to the fqdn_list on the backend_address_pool
| } | ||
|
|
||
| resource "azurerm_virtual_network" "test" { | ||
| name = "vnet" |
There was a problem hiding this comment.
(same as above) can we make this a unique network name? (we tend to prefix them with acctest - which will become more important in the near future)
|
@tombuildsstuff thanks for the feedback! ... I was pulled into another initiative for a couple days - reviewing now .. |
There was a problem hiding this comment.
Hey @isaacsgi
Thanks for pushing those updates - sorry for the delayed reply here. I've taken a look and left some more comments in-line but this is looking good.
Regarding the test certificate - as discussed in DM we can use static data for this for the moment, it'd be good to switch it over to a dynamically generated one in the future once the tls provider support this.
In addition regarding the comments around Set/List - that needs input from the developers of Terraform Core, so I've flagged them for input
Thanks!
| "log" | ||
| "net/http" | ||
| "path" | ||
| // "time" |
There was a problem hiding this comment.
minor can we remove this unused import?
| }, | ||
| }, | ||
| }, | ||
| Set: hashApplicationGatewaySku, |
There was a problem hiding this comment.
Hey @isaacsgi I have - however I feel this is better answered by of the Terraform Core developers (@apparentlymart / @jbardin) who are in a better position to answer this (I see Martin's already replied)
| Type: schema.TypeString, | ||
| Required: true, | ||
| DiffSuppressFunc: ignoreCaseDiffSuppressFunc, | ||
| ValidateFunc: validation.StringInSlice([]string{"OWASP"}, true), |
There was a problem hiding this comment.
are there constants available in the SDK for this value?
There was a problem hiding this comment.
strangely - not for this constant. It's a good action for the SDK folks that I'll chase down - thanks.
There was a problem hiding this comment.
(fwiw this isn't a blocker by any means - so we can merge with this string for now and switch it out once it's added 😄)
| DiffSuppressFunc: ignoreCaseDiffSuppressFunc, | ||
| ValidateFunc: validation.StringInSlice([]string{"2.2.9", "3.0"}, true), | ||
| }, | ||
| }, |
There was a problem hiding this comment.
are there constants available in the SDK for these values?
There was a problem hiding this comment.
same as previous - doesn't seem to be, but I'll chase this down as well.
There was a problem hiding this comment.
+1 here - this isn't a blocker by any means; so we can run with this string for now 😄
|
|
||
| resp, err := client.Get(resGroup, name) | ||
| if err != nil { | ||
| if resp.StatusCode == http.StatusNotFound { |
There was a problem hiding this comment.
there's a new helper method for this which checks for nil values, can we switch this to using:
if responseWasNotFound(resp.Response) {
...
}
| } | ||
|
|
||
| if config.ApplicationGatewayURLPathMapPropertiesFormat.DefaultBackendAddressPool != nil { | ||
| pathMap["default_backend_address_pool_name"] = path.Base(*config.ApplicationGatewayURLPathMapPropertiesFormat.DefaultBackendAddressPool.ID) |
There was a problem hiding this comment.
we're assuming here the name will be at the end - can we switch this to using the parseAzureResourceID function to parse the values out of the URL to guarantee that this is the case?
| } | ||
|
|
||
| if config.ApplicationGatewayURLPathMapPropertiesFormat.DefaultBackendHTTPSettings != nil { | ||
| pathMap["default_backend_http_settings_name"] = path.Base(*config.ApplicationGatewayURLPathMapPropertiesFormat.DefaultBackendHTTPSettings.ID) |
There was a problem hiding this comment.
we're assuming here the name will be at the end - can we switch this to using the parseAzureResourceID function to parse the values out of the URL to guarantee that this is the case?
| } | ||
|
|
||
| if pathRuleConfig.ApplicationGatewayPathRulePropertiesFormat.BackendAddressPool != nil { | ||
| rule["backend_address_pool_name"] = path.Base(*pathRuleConfig.ApplicationGatewayPathRulePropertiesFormat.BackendAddressPool.ID) |
There was a problem hiding this comment.
we're assuming here the name will be at the end - can we switch this to using the parseAzureResourceID function to parse the values out of the URL to guarantee that this is the case?
| } | ||
|
|
||
| if pathRuleConfig.ApplicationGatewayPathRulePropertiesFormat.BackendHTTPSettings != nil { | ||
| rule["backend_http_settings_name"] = path.Base(*pathRuleConfig.ApplicationGatewayPathRulePropertiesFormat.BackendHTTPSettings.ID) |
There was a problem hiding this comment.
we're assuming here the name will be at the end - can we switch this to using the parseAzureResourceID function to parse the values out of the URL to guarantee that this is the case?
| certConfig := map[string]interface{}{ | ||
| "id": *config.ID, | ||
| "name": *config.Name, | ||
| "public_cert_data": *config.ApplicationGatewaySslCertificatePropertiesFormat.PublicCertData, |
There was a problem hiding this comment.
do we need to add a check for if config.ApplicationGatewaySslCertificatePropertiesFormat != nil here?
There was a problem hiding this comment.
@tombuildsstuff maybe I'm missing something, but I don't see how we would be in the for loop if there was nil data? Is the idea to error check the Azure API data population?
There was a problem hiding this comment.
Hey @isaacsgi,
Looks to me like the for loop iterates over the *certs object, but doesn't hold a firm contract that every field in that struct will be populated.
Basically, if we add a simple conditional check if the ApplicationGatewaySslCertificatePropertiesFormat is not nil, we can potentially catch any nil pointer dereference panics that may occur if, for whatever reason, that field inside the struct we're iterating over isn't populated.
|
@isaacsgi @tombuildsstuff Is the PR ready? I'm also interested about the application gateway resource. |
Fix referenced names in application gateway doc
|
Closing this in favour of #357 (which has been rebased) |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
ghost
locked and limited conversation to collaborators
Incorporated changes from https://github.com/brandontosch/terraform/tree/brandontosch/GH-8670
Also made slight change of 'app' gateway to 'application' gateway throughout code