From 9f7f620f52197b942ea7416089cda9d868ebf058 Mon Sep 17 00:00:00 2001 From: Matthew Date: Tue, 13 Dec 2022 13:12:26 -0800 Subject: [PATCH 1/4] azurerm_mssql_database - storage can be empty when configuring threat detection policies --- internal/services/mssql/mssql_database_resource.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/services/mssql/mssql_database_resource.go b/internal/services/mssql/mssql_database_resource.go index 556db42995e2..68cf6045ed77 100644 --- a/internal/services/mssql/mssql_database_resource.go +++ b/internal/services/mssql/mssql_database_resource.go @@ -742,10 +742,10 @@ func expandMsSqlServerSecurityAlertPolicy(d *pluginsdk.ResourceData) sql.Databas if v, ok := securityAlert["retention_days"]; ok { properties.RetentionDays = utils.Int32(int32(v.(int))) } - if v, ok := securityAlert["storage_account_access_key"]; ok { + if v, ok := securityAlert["storage_account_access_key"]; ok && v.(string) != "" { properties.StorageAccountAccessKey = utils.String(v.(string)) } - if v, ok := securityAlert["storage_endpoint"]; ok { + if v, ok := securityAlert["storage_endpoint"]; ok && v.(string) != "" { properties.StorageEndpoint = utils.String(v.(string)) } From 870abbd3cb94f225b0b7862a2006d3becafd66c9 Mon Sep 17 00:00:00 2001 From: Matthew Date: Tue, 13 Dec 2022 16:06:50 -0800 Subject: [PATCH 2/4] Add test --- .../mssql/mssql_database_resource_test.go | 49 ++++++++++++++++++- 1 file changed, 48 insertions(+), 1 deletion(-) diff --git a/internal/services/mssql/mssql_database_resource_test.go b/internal/services/mssql/mssql_database_resource_test.go index 1859b7328836..73d2cc1102ac 100644 --- a/internal/services/mssql/mssql_database_resource_test.go +++ b/internal/services/mssql/mssql_database_resource_test.go @@ -471,7 +471,7 @@ func TestAccMsSqlDatabase_storageAccountType(t *testing.T) { }) } -func TestAccMsSqlDatabase_threatDetectionPolicy(t *testing.T) { +func TestAccMsSqlDatabase_threatDetectionPolicy1(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_mssql_database", "test") r := MsSqlDatabaseResource{} @@ -500,6 +500,26 @@ func TestAccMsSqlDatabase_threatDetectionPolicy(t *testing.T) { }) } +func TestAccMsSqlDatabase_threatDetectionPolicyNoStorage(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_mssql_database", "test") + r := MsSqlDatabaseResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.threatDetectionPolicyNoStorage(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("threat_detection_policy.#").HasValue("1"), + check.That(data.ResourceName).Key("threat_detection_policy.0.state").HasValue("Enabled"), + check.That(data.ResourceName).Key("threat_detection_policy.0.retention_days").HasValue("15"), + check.That(data.ResourceName).Key("threat_detection_policy.0.disabled_alerts.#").HasValue("1"), + check.That(data.ResourceName).Key("threat_detection_policy.0.email_account_admins").HasValue("Enabled"), + ), + }, + data.ImportStep("sample_name", "threat_detection_policy.0.storage_account_access_key"), + }) +} + func TestAccMsSqlDatabase_updateSku(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_mssql_database", "test") r := MsSqlDatabaseResource{} @@ -1294,6 +1314,33 @@ resource "azurerm_mssql_database" "test" { `, r.template(data), data.RandomInteger, state) } +func (r MsSqlDatabaseResource) threatDetectionPolicyNoStorage(data acceptance.TestData) string { + return fmt.Sprintf(` +%[1]s + +resource "azurerm_mssql_database" "test" { + name = "acctest-db-%[2]d" + server_id = azurerm_mssql_server.test.id + collation = "SQL_AltDiction_CP850_CI_AI" + license_type = "BasePrice" + max_size_gb = 1 + sample_name = "AdventureWorksLT" + sku_name = "GP_Gen5_2" + + threat_detection_policy { + retention_days = 15 + state = "Enabled" + disabled_alerts = ["Sql_Injection"] + email_account_admins = "Enabled" + } + + tags = { + ENV = "Test" + } +} +`, r.template(data), data.RandomInteger) +} + func (r MsSqlDatabaseResource) updateSku(data acceptance.TestData) string { return fmt.Sprintf(` %[1]s From 6ffe7bdf87135ea33d3d6ce29acc809a14f542ba Mon Sep 17 00:00:00 2001 From: Matthew Date: Tue, 13 Dec 2022 16:09:36 -0800 Subject: [PATCH 3/4] Revert test --- internal/services/mssql/mssql_database_resource_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/services/mssql/mssql_database_resource_test.go b/internal/services/mssql/mssql_database_resource_test.go index 73d2cc1102ac..304fa4af94e1 100644 --- a/internal/services/mssql/mssql_database_resource_test.go +++ b/internal/services/mssql/mssql_database_resource_test.go @@ -471,7 +471,7 @@ func TestAccMsSqlDatabase_storageAccountType(t *testing.T) { }) } -func TestAccMsSqlDatabase_threatDetectionPolicy1(t *testing.T) { +func TestAccMsSqlDatabase_threatDetectionPolicy(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_mssql_database", "test") r := MsSqlDatabaseResource{} From 7352b7985fa490e76836bdc701973fa686d4bbd8 Mon Sep 17 00:00:00 2001 From: Matthew Date: Wed, 14 Dec 2022 11:08:39 -0800 Subject: [PATCH 4/4] Address review --- .../mssql/mssql_database_resource_test.go | 24 +++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/internal/services/mssql/mssql_database_resource_test.go b/internal/services/mssql/mssql_database_resource_test.go index 304fa4af94e1..0b93b0371d89 100644 --- a/internal/services/mssql/mssql_database_resource_test.go +++ b/internal/services/mssql/mssql_database_resource_test.go @@ -510,13 +510,29 @@ func TestAccMsSqlDatabase_threatDetectionPolicyNoStorage(t *testing.T) { Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), check.That(data.ResourceName).Key("threat_detection_policy.#").HasValue("1"), - check.That(data.ResourceName).Key("threat_detection_policy.0.state").HasValue("Enabled"), - check.That(data.ResourceName).Key("threat_detection_policy.0.retention_days").HasValue("15"), - check.That(data.ResourceName).Key("threat_detection_policy.0.disabled_alerts.#").HasValue("1"), - check.That(data.ResourceName).Key("threat_detection_policy.0.email_account_admins").HasValue("Enabled"), + check.That(data.ResourceName).Key("threat_detection_policy.0.storage_account_access_key").IsEmpty(), + check.That(data.ResourceName).Key("threat_detection_policy.0.storage_endpoint").IsEmpty(), ), }, data.ImportStep("sample_name", "threat_detection_policy.0.storage_account_access_key"), + { + Config: r.threatDetectionPolicy(data, "Enabled"), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("threat_detection_policy.#").HasValue("1"), + check.That(data.ResourceName).Key("threat_detection_policy.0.storage_account_access_key").IsSet(), + check.That(data.ResourceName).Key("threat_detection_policy.0.storage_endpoint").IsSet(), + ), + }, + { + Config: r.threatDetectionPolicyNoStorage(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("threat_detection_policy.#").HasValue("1"), + check.That(data.ResourceName).Key("threat_detection_policy.0.storage_account_access_key").IsEmpty(), + check.That(data.ResourceName).Key("threat_detection_policy.0.storage_endpoint").IsEmpty(), + ), + }, }) }