From 6dd4d5d1b303c916420ef8498966e1f11c10acb7 Mon Sep 17 00:00:00 2001 From: Dylan Morley <5038454+dylanmorley@users.noreply.github.com> Date: Fri, 22 Oct 2021 10:18:18 +0100 Subject: [PATCH 1/4] Support allow_trusted_services --- ...rvicebus_namespace_network_rule_set_resource.go | 14 +++++++++++--- ...bus_namespace_network_rule_set_resource_test.go | 2 ++ ...icebus_namespace_network_rule_set.html.markdown | 3 +++ 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/internal/services/servicebus/servicebus_namespace_network_rule_set_resource.go b/internal/services/servicebus/servicebus_namespace_network_rule_set_resource.go index 35bf8a93a457..2fc225885849 100644 --- a/internal/services/servicebus/servicebus_namespace_network_rule_set_resource.go +++ b/internal/services/servicebus/servicebus_namespace_network_rule_set_resource.go @@ -70,6 +70,12 @@ func resourceServiceBusNamespaceNetworkRuleSet() *pluginsdk.Resource { }, }, + "allow_trusted_services": { + Type: pluginsdk.TypeBool, + Optional: true, + Default: false, + }, + "network_rules": { Type: pluginsdk.TypeSet, Optional: true, @@ -119,9 +125,10 @@ func resourceServiceBusNamespaceNetworkRuleSetCreateUpdate(d *pluginsdk.Resource parameters := servicebus.NetworkRuleSet{ NetworkRuleSetProperties: &servicebus.NetworkRuleSetProperties{ - DefaultAction: servicebus.DefaultAction(d.Get("default_action").(string)), - VirtualNetworkRules: expandServiceBusNamespaceVirtualNetworkRules(d.Get("network_rules").(*pluginsdk.Set).List()), - IPRules: expandServiceBusNamespaceIPRules(d.Get("ip_rules").(*pluginsdk.Set).List()), + DefaultAction: servicebus.DefaultAction(d.Get("default_action").(string)), + VirtualNetworkRules: expandServiceBusNamespaceVirtualNetworkRules(d.Get("network_rules").(*pluginsdk.Set).List()), + IPRules: expandServiceBusNamespaceIPRules(d.Get("ip_rules").(*pluginsdk.Set).List()), + TrustedServiceAccessEnabled: d.Get("allow_trusted_services").(bool), }, } @@ -158,6 +165,7 @@ func resourceServiceBusNamespaceNetworkRuleSetRead(d *pluginsdk.ResourceData, me if props := resp.NetworkRuleSetProperties; props != nil { d.Set("default_action", string(props.DefaultAction)) + d.Set("allow_trusted_services", props.TrustedServiceAccessEnabled) if err := d.Set("network_rules", pluginsdk.NewSet(networkRuleHash, flattenServiceBusNamespaceVirtualNetworkRules(props.VirtualNetworkRules))); err != nil { return fmt.Errorf("failed to set `network_rules`: %+v", err) diff --git a/internal/services/servicebus/servicebus_namespace_network_rule_set_resource_test.go b/internal/services/servicebus/servicebus_namespace_network_rule_set_resource_test.go index 57a754763f1e..e6ec7b23a269 100644 --- a/internal/services/servicebus/servicebus_namespace_network_rule_set_resource_test.go +++ b/internal/services/servicebus/servicebus_namespace_network_rule_set_resource_test.go @@ -40,6 +40,7 @@ func TestAccServiceBusNamespaceNetworkRule_complete(t *testing.T) { Config: r.complete(data), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("allow_trusted_services").HasValue("true"), ), }, data.ImportStep(), @@ -131,6 +132,7 @@ resource "azurerm_servicebus_namespace_network_rule_set" "test" { resource_group_name = azurerm_resource_group.test.name default_action = "Deny" + allow_trusted_services = true network_rules { subnet_id = azurerm_subnet.test.id diff --git a/website/docs/r/servicebus_namespace_network_rule_set.html.markdown b/website/docs/r/servicebus_namespace_network_rule_set.html.markdown index 00bcfb10b992..14a83f359ca5 100644 --- a/website/docs/r/servicebus_namespace_network_rule_set.html.markdown +++ b/website/docs/r/servicebus_namespace_network_rule_set.html.markdown @@ -75,6 +75,9 @@ The following arguments are supported: * `default_action` - (Optional) Specifies the default action for the ServiceBus Namespace Network Rule Set. Possible values are `Allow` and `Deny`. Defaults to `Deny`. + +* `allow_trusted_services` - (Optional) If True, then Azure Services that are known and trusted for this resource type are allowed to bypass firewall configuration. See [Trusted Microsoft Services](https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/service-bus-messaging/includes/service-bus-trusted-services.md) + * `ip_rules` - (Optional) One or more IP Addresses, or CIDR Blocks which should be able to access the ServiceBus Namespace. * `network_rules` - (Optional) One or more `network_rules` blocks as defined below. From 66c681c0d115855347c4ef3a41e2201e176ec5ff Mon Sep 17 00:00:00 2001 From: Dylan Morley <5038454+dylanmorley@users.noreply.github.com> Date: Fri, 22 Oct 2021 12:07:48 +0100 Subject: [PATCH 2/4] Fixed up bool reference --- .../servicebus_namespace_network_rule_set_resource.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/services/servicebus/servicebus_namespace_network_rule_set_resource.go b/internal/services/servicebus/servicebus_namespace_network_rule_set_resource.go index 0f612f5df7f7..2d4e116c0e24 100644 --- a/internal/services/servicebus/servicebus_namespace_network_rule_set_resource.go +++ b/internal/services/servicebus/servicebus_namespace_network_rule_set_resource.go @@ -128,7 +128,7 @@ func resourceServiceBusNamespaceNetworkRuleSetCreateUpdate(d *pluginsdk.Resource DefaultAction: servicebus.DefaultAction(d.Get("default_action").(string)), VirtualNetworkRules: expandServiceBusNamespaceVirtualNetworkRules(d.Get("network_rules").(*pluginsdk.Set).List()), IPRules: expandServiceBusNamespaceIPRules(d.Get("ip_rules").(*pluginsdk.Set).List()), - TrustedServiceAccessEnabled: d.Get("allow_trusted_services").(bool), + TrustedServiceAccessEnabled: utils.Bool(d.Get("allow_trusted_services").(bool)), }, } From 03e8f45e1356ed49bdd5afb4963aa2ed90902e94 Mon Sep 17 00:00:00 2001 From: Dylan Morley <5038454+dylanmorley@users.noreply.github.com> Date: Fri, 22 Oct 2021 12:32:56 +0100 Subject: [PATCH 3/4] Fixed HCL formatting --- .../servicebus_namespace_network_rule_set_resource_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/services/servicebus/servicebus_namespace_network_rule_set_resource_test.go b/internal/services/servicebus/servicebus_namespace_network_rule_set_resource_test.go index ad4a52f4616c..acd6317d85a2 100644 --- a/internal/services/servicebus/servicebus_namespace_network_rule_set_resource_test.go +++ b/internal/services/servicebus/servicebus_namespace_network_rule_set_resource_test.go @@ -131,7 +131,7 @@ resource "azurerm_servicebus_namespace_network_rule_set" "test" { namespace_name = azurerm_servicebus_namespace.test.name resource_group_name = azurerm_resource_group.test.name - default_action = "Deny" + default_action = "Deny" allow_trusted_services = true network_rules { From ec0f67b4213a57ea66369401ff00a8c947be822d Mon Sep 17 00:00:00 2001 From: Dylan Morley <5038454+dylanmorley@users.noreply.github.com> Date: Mon, 25 Oct 2021 20:55:01 +0100 Subject: [PATCH 4/4] Renamed property name to trusted_services_allowed --- .../servicebus_namespace_network_rule_set_resource.go | 6 +++--- .../servicebus_namespace_network_rule_set_resource_test.go | 6 +++--- .../r/servicebus_namespace_network_rule_set.html.markdown | 3 +-- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/internal/services/servicebus/servicebus_namespace_network_rule_set_resource.go b/internal/services/servicebus/servicebus_namespace_network_rule_set_resource.go index 2d4e116c0e24..a787f23cc92e 100644 --- a/internal/services/servicebus/servicebus_namespace_network_rule_set_resource.go +++ b/internal/services/servicebus/servicebus_namespace_network_rule_set_resource.go @@ -70,7 +70,7 @@ func resourceServiceBusNamespaceNetworkRuleSet() *pluginsdk.Resource { }, }, - "allow_trusted_services": { + "trusted_services_allowed": { Type: pluginsdk.TypeBool, Optional: true, Default: false, @@ -128,7 +128,7 @@ func resourceServiceBusNamespaceNetworkRuleSetCreateUpdate(d *pluginsdk.Resource DefaultAction: servicebus.DefaultAction(d.Get("default_action").(string)), VirtualNetworkRules: expandServiceBusNamespaceVirtualNetworkRules(d.Get("network_rules").(*pluginsdk.Set).List()), IPRules: expandServiceBusNamespaceIPRules(d.Get("ip_rules").(*pluginsdk.Set).List()), - TrustedServiceAccessEnabled: utils.Bool(d.Get("allow_trusted_services").(bool)), + TrustedServiceAccessEnabled: utils.Bool(d.Get("trusted_services_allowed").(bool)), }, } @@ -165,7 +165,7 @@ func resourceServiceBusNamespaceNetworkRuleSetRead(d *pluginsdk.ResourceData, me if props := resp.NetworkRuleSetProperties; props != nil { d.Set("default_action", string(props.DefaultAction)) - d.Set("allow_trusted_services", props.TrustedServiceAccessEnabled) + d.Set("trusted_services_allowed", props.TrustedServiceAccessEnabled) if err := d.Set("network_rules", pluginsdk.NewSet(networkRuleHash, flattenServiceBusNamespaceVirtualNetworkRules(props.VirtualNetworkRules))); err != nil { return fmt.Errorf("failed to set `network_rules`: %+v", err) diff --git a/internal/services/servicebus/servicebus_namespace_network_rule_set_resource_test.go b/internal/services/servicebus/servicebus_namespace_network_rule_set_resource_test.go index acd6317d85a2..6898e76018f1 100644 --- a/internal/services/servicebus/servicebus_namespace_network_rule_set_resource_test.go +++ b/internal/services/servicebus/servicebus_namespace_network_rule_set_resource_test.go @@ -40,7 +40,7 @@ func TestAccServiceBusNamespaceNetworkRule_complete(t *testing.T) { Config: r.complete(data), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), - check.That(data.ResourceName).Key("allow_trusted_services").HasValue("true"), + check.That(data.ResourceName).Key("trusted_services_allowed").HasValue("true"), ), }, data.ImportStep(), @@ -131,8 +131,8 @@ resource "azurerm_servicebus_namespace_network_rule_set" "test" { namespace_name = azurerm_servicebus_namespace.test.name resource_group_name = azurerm_resource_group.test.name - default_action = "Deny" - allow_trusted_services = true + default_action = "Deny" + trusted_services_allowed = true network_rules { subnet_id = azurerm_subnet.test.id diff --git a/website/docs/r/servicebus_namespace_network_rule_set.html.markdown b/website/docs/r/servicebus_namespace_network_rule_set.html.markdown index 14a83f359ca5..9f6466c1f704 100644 --- a/website/docs/r/servicebus_namespace_network_rule_set.html.markdown +++ b/website/docs/r/servicebus_namespace_network_rule_set.html.markdown @@ -75,8 +75,7 @@ The following arguments are supported: * `default_action` - (Optional) Specifies the default action for the ServiceBus Namespace Network Rule Set. Possible values are `Allow` and `Deny`. Defaults to `Deny`. - -* `allow_trusted_services` - (Optional) If True, then Azure Services that are known and trusted for this resource type are allowed to bypass firewall configuration. See [Trusted Microsoft Services](https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/service-bus-messaging/includes/service-bus-trusted-services.md) +* `trusted_services_allowed` - (Optional) If True, then Azure Services that are known and trusted for this resource type are allowed to bypass firewall configuration. See [Trusted Microsoft Services](https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/service-bus-messaging/includes/service-bus-trusted-services.md) * `ip_rules` - (Optional) One or more IP Addresses, or CIDR Blocks which should be able to access the ServiceBus Namespace.