Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_cognitive_account supports ignore_missing_vnet_service_endpoint #12600

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 63 additions & 15 deletions azurerm/internal/services/cognitive/cognitive_account_resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -226,10 +226,36 @@ func resourceCognitiveAccount() *pluginsdk.Resource {
},
Set: set.HashIPv4AddressOrCIDR,
},
// TODO 3.0 - Remove below property
"virtual_network_subnet_ids": {
Type: pluginsdk.TypeSet,
Optional: true,
Elem: &pluginsdk.Schema{Type: pluginsdk.TypeString},
Type: pluginsdk.TypeSet,
Optional: true,
Computed: true,
ConflictsWith: []string{"network_acls.0.virtual_network_rules"},
Deprecated: "Deprecated in favour of `virtual_network_rules`",
Elem: &pluginsdk.Schema{Type: pluginsdk.TypeString},
},

"virtual_network_rules": {
Type: pluginsdk.TypeSet,
Optional: true,
Computed: true, // TODO -- remove this when deprecation resolves
ConflictsWith: []string{"network_acls.0.virtual_network_subnet_ids"},
ConfigMode: pluginsdk.SchemaConfigModeAttr, // TODO -- remove in 3.0, because this property is optional and computed, it has to be declared as empty array to remove existed values
Elem: &pluginsdk.Resource{
Schema: map[string]*pluginsdk.Schema{
"subnet_id": {
Type: pluginsdk.TypeString,
Required: true,
},

"ignore_missing_vnet_service_endpoint": {
Type: pluginsdk.TypeBool,
Optional: true,
Default: false,
},
},
},
},
},
},
Expand Down Expand Up @@ -322,7 +348,7 @@ func resourceCognitiveAccountCreate(d *pluginsdk.ResourceData, meta interface{})
return fmt.Errorf("expanding sku_name for %s: %v", id, err)
}

networkAcls, subnetIds := expandCognitiveAccountNetworkAcls(d.Get("network_acls").([]interface{}))
networkAcls, subnetIds := expandCognitiveAccountNetworkAcls(d)

// also lock on the Virtual Network ID's since modifications in the networking stack are exclusive
virtualNetworkNames := make([]string, 0)
Expand Down Expand Up @@ -407,7 +433,7 @@ func resourceCognitiveAccountUpdate(d *pluginsdk.ResourceData, meta interface{})
return fmt.Errorf("error expanding sku_name for %s: %+v", *id, err)
}

networkAcls, subnetIds := expandCognitiveAccountNetworkAcls(d.Get("network_acls").([]interface{}))
networkAcls, subnetIds := expandCognitiveAccountNetworkAcls(d)

// also lock on the Virtual Network ID's since modifications in the networking stack are exclusive
virtualNetworkNames := make([]string, 0)
Expand Down Expand Up @@ -620,7 +646,8 @@ func cognitiveAccountStateRefreshFunc(ctx context.Context, client *cognitiveserv
}
}

func expandCognitiveAccountNetworkAcls(input []interface{}) (*cognitiveservices.NetworkRuleSet, []string) {
func expandCognitiveAccountNetworkAcls(d *pluginsdk.ResourceData) (*cognitiveservices.NetworkRuleSet, []string) {
input := d.Get("network_acls").([]interface{})
subnetIds := make([]string, 0)
if len(input) == 0 || input[0] == nil {
return nil, subnetIds
Expand All @@ -640,15 +667,30 @@ func expandCognitiveAccountNetworkAcls(input []interface{}) (*cognitiveservices.
ipRules = append(ipRules, rule)
}

networkRulesRaw := v["virtual_network_subnet_ids"].(*pluginsdk.Set)
networkRules := make([]cognitiveservices.VirtualNetworkRule, 0)
for _, v := range networkRulesRaw.List() {
rawId := v.(string)
subnetIds = append(subnetIds, rawId)
rule := cognitiveservices.VirtualNetworkRule{
ID: utils.String(rawId),
if d.HasChange("network_acls.0.virtual_network_subnet_ids") {
networkRulesRaw := v["virtual_network_subnet_ids"]
for _, v := range networkRulesRaw.(*pluginsdk.Set).List() {
rawId := v.(string)
subnetIds = append(subnetIds, rawId)
rule := cognitiveservices.VirtualNetworkRule{
ID: utils.String(rawId),
}
networkRules = append(networkRules, rule)
}
}
if d.HasChange("network_acls.0.virtual_network_rules") {
networkRulesRaw := v["virtual_network_rules"]
for _, v := range networkRulesRaw.(*pluginsdk.Set).List() {
value := v.(map[string]interface{})
subnetId := value["subnet_id"].(string)
subnetIds = append(subnetIds, subnetId)
rule := cognitiveservices.VirtualNetworkRule{
ID: utils.String(subnetId),
IgnoreMissingVnetServiceEndpoint: utils.Bool(value["ignore_missing_vnet_service_endpoint"].(bool)),
}
networkRules = append(networkRules, rule)
}
networkRules = append(networkRules, rule)
}

ruleSet := cognitiveservices.NetworkRuleSet{
Expand Down Expand Up @@ -768,6 +810,7 @@ func flattenCognitiveAccountNetworkAcls(input *cognitiveservices.NetworkRuleSet)
}
}

virtualNetworkSubnetIds := make([]interface{}, 0)
virtualNetworkRules := make([]interface{}, 0)
if input.VirtualNetworkRules != nil {
for _, v := range *input.VirtualNetworkRules {
Expand All @@ -781,14 +824,19 @@ func flattenCognitiveAccountNetworkAcls(input *cognitiveservices.NetworkRuleSet)
id = subnetId.ID()
}

virtualNetworkRules = append(virtualNetworkRules, id)
virtualNetworkSubnetIds = append(virtualNetworkSubnetIds, id)
virtualNetworkRules = append(virtualNetworkRules, map[string]interface{}{
"subnet_id": id,
"ignore_missing_vnet_service_endpoint": *v.IgnoreMissingVnetServiceEndpoint,
})
}
}
return []interface{}{
map[string]interface{}{
"default_action": string(input.DefaultAction),
"ip_rules": pluginsdk.NewSet(pluginsdk.HashString, ipRules),
"virtual_network_subnet_ids": pluginsdk.NewSet(pluginsdk.HashString, virtualNetworkRules),
"virtual_network_subnet_ids": pluginsdk.NewSet(pluginsdk.HashString, virtualNetworkSubnetIds),
"virtual_network_rules": virtualNetworkRules,
},
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -214,6 +214,28 @@ func TestAccCognitiveAccount_withMultipleCognitiveAccounts(t *testing.T) {
})
}

func TestAccCognitiveAccount_networkAclsVirtualNetworkRules(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_cognitive_account", "test")
r := CognitiveAccountResource{}

data.ResourceTest(t, r, []acceptance.TestStep{
{
Config: r.networkAclsVirtualNetworkRules(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
),
},
data.ImportStep(),
{
Config: r.networkAclsVirtualNetworkRulesUpdated(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
),
},
data.ImportStep(),
})
}

func TestAccCognitiveAccount_networkAcls(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_cognitive_account", "test")
r := CognitiveAccountResource{}
Expand Down Expand Up @@ -684,6 +706,56 @@ resource "azurerm_cognitive_account" "test" {
`, r.networkAclsTemplate(data), data.RandomInteger, data.RandomInteger)
}

func (r CognitiveAccountResource) networkAclsVirtualNetworkRules(data acceptance.TestData) string {
return fmt.Sprintf(`
%s

resource "azurerm_cognitive_account" "test" {
name = "acctestcogacc-%d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
kind = "Face"
sku_name = "S0"
custom_subdomain_name = "acctestcogacc-%d"

network_acls {
default_action = "Deny"
virtual_network_rules {
subnet_id = azurerm_subnet.test_a.id
}
virtual_network_rules {
subnet_id = azurerm_subnet.test_b.id
ignore_missing_vnet_service_endpoint = true
}

}
}
`, r.networkAclsTemplate(data), data.RandomInteger, data.RandomInteger)
}

func (r CognitiveAccountResource) networkAclsVirtualNetworkRulesUpdated(data acceptance.TestData) string {
return fmt.Sprintf(`
%s
resource "azurerm_cognitive_account" "test" {
name = "acctestcogacc-%d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
kind = "Face"
sku_name = "S0"
custom_subdomain_name = "acctestcogacc-%d"

network_acls {
default_action = "Allow"
ip_rules = ["123.0.0.101"]
virtual_network_rules {
subnet_id = azurerm_subnet.test_a.id
ignore_missing_vnet_service_endpoint = true
}
}
}
`, r.networkAclsTemplate(data), data.RandomInteger, data.RandomInteger)
}

func (CognitiveAccountResource) networkAclsTemplate(data acceptance.TestData) string {
return fmt.Sprintf(`
provider "azurerm" {
Expand Down
8 changes: 7 additions & 1 deletion website/docs/r/cognitive_account.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,13 @@ A `network_acls` block supports the following:

* `ip_rules` - (Optional) One or more IP Addresses, or CIDR Blocks which should be able to access the Cognitive Account.

* `virtual_network_subnet_ids` - (Optional) One or more Subnet ID's which should be able to access this Cognitive Account.
* `virtual_network_rules` - (Optional) A `virtual_network_rules` block as defined below.

A `virtual_network_rules` block supports the following:

* `subnet_id` - (Required) The ID of the subnet which should be able to access this Cognitive Account.

* `ignore_missing_vnet_service_endpoint` - (Optional) Whether ignore missing vnet service endpoint or not. Default to `false`.

---

Expand Down