From 6ae267a3a13bc813ae0baff4795256f022e44fbf Mon Sep 17 00:00:00 2001 From: kt Date: Thu, 25 Jun 2020 10:49:09 -0700 Subject: [PATCH 1/5] cleanup some property name ux --- ...entinel_alert_rule_ms_security_incident.go | 24 +++++++++++- ...el_alert_rule_ms_security_incident_test.go | 2 +- .../web/app_service_environment_resource.go | 38 ++++++++++++++----- .../app_service_environment_resource_test.go | 2 +- .../r/app_service_environment.html.markdown | 6 +-- ...rt_rule_ms_security_incident.html.markdown | 2 +- 6 files changed, 57 insertions(+), 17 deletions(-) diff --git a/azurerm/internal/services/sentinel/resource_arm_sentinel_alert_rule_ms_security_incident.go b/azurerm/internal/services/sentinel/resource_arm_sentinel_alert_rule_ms_security_incident.go index 2a540ffa271e..da7ba60828ed 100644 --- a/azurerm/internal/services/sentinel/resource_arm_sentinel_alert_rule_ms_security_incident.go +++ b/azurerm/internal/services/sentinel/resource_arm_sentinel_alert_rule_ms_security_incident.go @@ -97,10 +97,25 @@ func resourceArmSentinelAlertRuleMsSecurityIncident() *schema.Resource { Default: true, }, + "display_name_filter": { + Type: schema.TypeSet, + Optional: true, + Computed:true, // remove in 3.0 + MinItems: 1, + ConflictsWith: []string{"text_whitelist"}, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringIsNotEmpty, + }, + }, + "text_whitelist": { Type: schema.TypeSet, Optional: true, + Computed:true, // remove in 3.0 MinItems: 1, + ConflictsWith: []string{"display_name_filter"}, + Deprecated: "this property has been renamed to display_name_filter to better match the SDK & API", Elem: &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringIsNotEmpty, @@ -146,8 +161,10 @@ func resourceArmSentinelAlertRuleMsSecurityIncidentCreateUpdate(d *schema.Resour }, } - if whitelist, ok := d.GetOk("text_whitelist"); ok { - param.DisplayNamesFilter = utils.ExpandStringSlice(whitelist.(*schema.Set).List()) + if dnf, ok := d.GetOk("display_name_filter"); ok { + param.DisplayNamesFilter = utils.ExpandStringSlice(dnf.(*schema.Set).List()) + } else if dnf, ok := d.GetOk("text_whitelist"); ok { + param.DisplayNamesFilter = utils.ExpandStringSlice(dnf.(*schema.Set).List()) } // Service avoid concurrent update of this resource via checking the "etag" to guarantee it is the same value as last Read. @@ -223,6 +240,9 @@ func resourceArmSentinelAlertRuleMsSecurityIncidentRead(d *schema.ResourceData, if err := d.Set("text_whitelist", utils.FlattenStringSlice(prop.DisplayNamesFilter)); err != nil { return fmt.Errorf(`setting "text_whitelist": %+v`, err) } + if err := d.Set("display_name_filter", utils.FlattenStringSlice(prop.DisplayNamesFilter)); err != nil { + return fmt.Errorf(`setting "display_name_filter": %+v`, err) + } if err := d.Set("severity_filter", flattenAlertRuleMsSecurityIncidentSeverityFilter(prop.SeveritiesFilter)); err != nil { return fmt.Errorf(`setting "severity_filter": %+v`, err) } diff --git a/azurerm/internal/services/sentinel/tests/resource_arm_sentinel_alert_rule_ms_security_incident_test.go b/azurerm/internal/services/sentinel/tests/resource_arm_sentinel_alert_rule_ms_security_incident_test.go index 4ccffb66fb64..eadbf2d94c65 100644 --- a/azurerm/internal/services/sentinel/tests/resource_arm_sentinel_alert_rule_ms_security_incident_test.go +++ b/azurerm/internal/services/sentinel/tests/resource_arm_sentinel_alert_rule_ms_security_incident_test.go @@ -181,7 +181,7 @@ resource "azurerm_sentinel_alert_rule_ms_security_incident" "test" { display_name = "updated rule" severity_filter = ["High", "Low"] description = "this is a alert rule" - text_whitelist = ["alert"] + display_name_filter = ["alert"] } `, template, data.RandomInteger) } diff --git a/azurerm/internal/services/web/app_service_environment_resource.go b/azurerm/internal/services/web/app_service_environment_resource.go index e55d689975e4..20a82b2a3603 100644 --- a/azurerm/internal/services/web/app_service_environment_resource.go +++ b/azurerm/internal/services/web/app_service_environment_resource.go @@ -93,9 +93,23 @@ func resourceArmAppServiceEnvironment() *schema.Resource { }, false), }, + "allowed_user_ip_cidrs": { + Type: schema.TypeSet, + Optional: true, + Computed:true, // remove in 3.0 + ConflictsWith: []string{"user_whitelisted_ip_ranges"}, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: helpersValidate.CIDR, + }, + }, + "user_whitelisted_ip_ranges": { Type: schema.TypeSet, Optional: true, + Computed:true, // remove in 3.0 + ConflictsWith: []string{"allowed_user_ip_cidrs"}, + Deprecated: "this property has been renamed to `allowed_user_ip_cidrs` better reflect the expected ip range format", Elem: &schema.Schema{ Type: schema.TypeString, ValidateFunc: helpersValidate.CIDR, @@ -126,6 +140,9 @@ func resourceArmAppServiceEnvironmentCreate(d *schema.ResourceData, meta interfa internalLoadBalancingMode := d.Get("internal_load_balancing_mode").(string) t := d.Get("tags").(map[string]interface{}) userWhitelistedIPRangesRaw := d.Get("user_whitelisted_ip_ranges").(*schema.Set).List() + if v, ok := d.GetOk("user_whitelisted_ip_ranges"); ok { + userWhitelistedIPRangesRaw = v.(*schema.Set).List() + } subnetId := d.Get("subnet_id").(string) subnet, err := networkParse.SubnetID(subnetId) @@ -222,32 +239,34 @@ func resourceArmAppServiceEnvironmentUpdate(d *schema.ResourceData, meta interfa return err } - environment := web.AppServiceEnvironmentPatchResource{ + e := web.AppServiceEnvironmentPatchResource{ AppServiceEnvironment: &web.AppServiceEnvironment{}, } if d.HasChange("internal_load_balancing_mode") { v := d.Get("internal_load_balancing_mode").(string) - environment.AppServiceEnvironment.InternalLoadBalancingMode = web.InternalLoadBalancingMode(v) + e.AppServiceEnvironment.InternalLoadBalancingMode = web.InternalLoadBalancingMode(v) } if d.HasChange("front_end_scale_factor") { v := d.Get("front_end_scale_factor").(int) - environment.AppServiceEnvironment.FrontEndScaleFactor = utils.Int32(int32(v)) + e.AppServiceEnvironment.FrontEndScaleFactor = utils.Int32(int32(v)) } if d.HasChange("pricing_tier") { v := d.Get("pricing_tier").(string) v = convertFromIsolatedSKU(v) - environment.AppServiceEnvironment.MultiSize = utils.String(v) + e.AppServiceEnvironment.MultiSize = utils.String(v) } - if d.HasChange("user_whitelisted_ip_ranges") { - v := d.Get("user_whitelisted_ip_ranges").(*schema.Set).List() - environment.UserWhitelistedIPRanges = utils.ExpandStringSlice(v) + if d.HasChange("user_whitelisted_ip_ranges") || d.HasChange("allowed_user_ip_cidrs") { + e.UserWhitelistedIPRanges = utils.ExpandStringSlice(d.Get("user_whitelisted_ip_ranges").(*schema.Set).List()) + if v, ok := d.GetOk("user_whitelisted_ip_ranges"); ok { + e.UserWhitelistedIPRanges = utils.ExpandStringSlice(v.(*schema.Set).List()) + } } - - if _, err := client.Update(ctx, id.ResourceGroup, id.Name, environment); err != nil { + + if _, err := client.Update(ctx, id.ResourceGroup, id.Name, e); err != nil { return fmt.Errorf("Error updating App Service Environment %q (Resource Group %q): %+v", id.Name, id.ResourceGroup, err) } @@ -306,6 +325,7 @@ func resourceArmAppServiceEnvironmentRead(d *schema.ResourceData, meta interface } d.Set("pricing_tier", pricingTier) d.Set("user_whitelisted_ip_ranges", props.UserWhitelistedIPRanges) + d.Set("allowed_user_ip_cidrs", props.UserWhitelistedIPRanges) } return tags.FlattenAndSet(d, existing.Tags) diff --git a/azurerm/internal/services/web/tests/app_service_environment_resource_test.go b/azurerm/internal/services/web/tests/app_service_environment_resource_test.go index 94b571467460..f9300c4eb860 100644 --- a/azurerm/internal/services/web/tests/app_service_environment_resource_test.go +++ b/azurerm/internal/services/web/tests/app_service_environment_resource_test.go @@ -411,7 +411,7 @@ resource "azurerm_app_service_environment" "test" { pricing_tier = "I1" front_end_scale_factor = 5 internal_load_balancing_mode = "Web, Publishing" - user_whitelisted_ip_ranges = ["11.22.33.44/32", "55.66.77.0/24"] + allowed_user_ip_cidrs = ["11.22.33.44/32", "55.66.77.0/24"] } `, template, data.RandomInteger) } diff --git a/website/docs/r/app_service_environment.html.markdown b/website/docs/r/app_service_environment.html.markdown index 5b3a7b5a2446..d884f70738b2 100644 --- a/website/docs/r/app_service_environment.html.markdown +++ b/website/docs/r/app_service_environment.html.markdown @@ -46,7 +46,7 @@ resource "azurerm_app_service_environment" "example" { pricing_tier = "I2" front_end_scale_factor = 10 internal_load_balancing_mode = "Web, Publishing" - user_whitelisted_ip_ranges = ["11.22.33.44/32", "55.66.77.0/24"] + allowed_user_ip_cidrs = ["11.22.33.44/32", "55.66.77.0/24"] } ``` @@ -65,9 +65,9 @@ resource "azurerm_app_service_environment" "example" { * `front_end_scale_factor` - (Optional) Scale factor for front end instances. Possible values are between `5` and `15`. Defaults to `15`. -* `user_whitelisted_ip_ranges` - (Optional) User added IP ranges to whitelist on ASE db. Use the addresses you want to set as the explicit egress address ranges. Use CIDR format. +* `allowed_user_ip_cidrs` - (Optional) Allowed user added IP ranges on the ASE database. Use the addresses you want to set as the explicit egress address ranges. -~> **NOTE:** `user_whitelisted_ip_ranges` The addresses that will be used for all outbound traffic from your App Service Environment to the internet to avoid asymmetric routing challenge. If you're routing the traffic on premises, these addresses are your NATs or gateway IPs. If you want to route the App Service Environment outbound traffic through an NVA, the egress address is the public IP of the NVA. Please visit [Create your ASE with the egress addresses](https://docs.microsoft.com/en-us/azure/app-service/environment/forced-tunnel-support#add-your-own-ips-to-the-ase-azure-sql-firewall) +~> **NOTE:** `allowed_user_ip_cidrs` The addresses that will be used for all outbound traffic from your App Service Environment to the internet to avoid asymmetric routing challenge. If you're routing the traffic on premises, these addresses are your NATs or gateway IPs. If you want to route the App Service Environment outbound traffic through an NVA, the egress address is the public IP of the NVA. Please visit [Create your ASE with the egress addresses](https://docs.microsoft.com/en-us/azure/app-service/environment/forced-tunnel-support#add-your-own-ips-to-the-ase-azure-sql-firewall) * `resource_group_name` - (Optional) The name of the Resource Group where the App Service Environment exists. Defaults to the Resource Group of the Subnet (specified by `subnet_id`). diff --git a/website/docs/r/sentinel_alert_rule_ms_security_incident.html.markdown b/website/docs/r/sentinel_alert_rule_ms_security_incident.html.markdown index a6727975d786..d2abd030b510 100644 --- a/website/docs/r/sentinel_alert_rule_ms_security_incident.html.markdown +++ b/website/docs/r/sentinel_alert_rule_ms_security_incident.html.markdown @@ -60,7 +60,7 @@ The following arguments are supported: * `enabled` - (Optional) Should this Sentinel MS Security Incident Alert Rule be enabled? Defaults to `true`. -* `text_whitelist` - (Optional) Only create incidents from alerts when alert name contain text in this list. No filter will happen if this field is absent. +* `display_name_filter` - (Optional) Only create incidents when the alert display name contain text from this list, leave empty to apply no filter. ## Attributes Reference From 26ecd2d8aa185f4c828c3ee79a88bc64f13d2171 Mon Sep 17 00:00:00 2001 From: kt Date: Thu, 25 Jun 2020 10:50:03 -0700 Subject: [PATCH 2/5] make fmt --- ...sentinel_alert_rule_ms_security_incident.go | 18 +++++++++--------- .../web/app_service_environment_resource.go | 18 +++++++++--------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/azurerm/internal/services/sentinel/resource_arm_sentinel_alert_rule_ms_security_incident.go b/azurerm/internal/services/sentinel/resource_arm_sentinel_alert_rule_ms_security_incident.go index da7ba60828ed..e7d63cbaf1af 100644 --- a/azurerm/internal/services/sentinel/resource_arm_sentinel_alert_rule_ms_security_incident.go +++ b/azurerm/internal/services/sentinel/resource_arm_sentinel_alert_rule_ms_security_incident.go @@ -98,10 +98,10 @@ func resourceArmSentinelAlertRuleMsSecurityIncident() *schema.Resource { }, "display_name_filter": { - Type: schema.TypeSet, - Optional: true, - Computed:true, // remove in 3.0 - MinItems: 1, + Type: schema.TypeSet, + Optional: true, + Computed: true, // remove in 3.0 + MinItems: 1, ConflictsWith: []string{"text_whitelist"}, Elem: &schema.Schema{ Type: schema.TypeString, @@ -110,12 +110,12 @@ func resourceArmSentinelAlertRuleMsSecurityIncident() *schema.Resource { }, "text_whitelist": { - Type: schema.TypeSet, - Optional: true, - Computed:true, // remove in 3.0 - MinItems: 1, + Type: schema.TypeSet, + Optional: true, + Computed: true, // remove in 3.0 + MinItems: 1, ConflictsWith: []string{"display_name_filter"}, - Deprecated: "this property has been renamed to display_name_filter to better match the SDK & API", + Deprecated: "this property has been renamed to display_name_filter to better match the SDK & API", Elem: &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringIsNotEmpty, diff --git a/azurerm/internal/services/web/app_service_environment_resource.go b/azurerm/internal/services/web/app_service_environment_resource.go index 20a82b2a3603..53884e9d97c8 100644 --- a/azurerm/internal/services/web/app_service_environment_resource.go +++ b/azurerm/internal/services/web/app_service_environment_resource.go @@ -94,9 +94,9 @@ func resourceArmAppServiceEnvironment() *schema.Resource { }, "allowed_user_ip_cidrs": { - Type: schema.TypeSet, - Optional: true, - Computed:true, // remove in 3.0 + Type: schema.TypeSet, + Optional: true, + Computed: true, // remove in 3.0 ConflictsWith: []string{"user_whitelisted_ip_ranges"}, Elem: &schema.Schema{ Type: schema.TypeString, @@ -105,11 +105,11 @@ func resourceArmAppServiceEnvironment() *schema.Resource { }, "user_whitelisted_ip_ranges": { - Type: schema.TypeSet, - Optional: true, - Computed:true, // remove in 3.0 + Type: schema.TypeSet, + Optional: true, + Computed: true, // remove in 3.0 ConflictsWith: []string{"allowed_user_ip_cidrs"}, - Deprecated: "this property has been renamed to `allowed_user_ip_cidrs` better reflect the expected ip range format", + Deprecated: "this property has been renamed to `allowed_user_ip_cidrs` better reflect the expected ip range format", Elem: &schema.Schema{ Type: schema.TypeString, ValidateFunc: helpersValidate.CIDR, @@ -259,13 +259,13 @@ func resourceArmAppServiceEnvironmentUpdate(d *schema.ResourceData, meta interfa e.AppServiceEnvironment.MultiSize = utils.String(v) } - if d.HasChange("user_whitelisted_ip_ranges") || d.HasChange("allowed_user_ip_cidrs") { + if d.HasChange("user_whitelisted_ip_ranges") || d.HasChange("allowed_user_ip_cidrs") { e.UserWhitelistedIPRanges = utils.ExpandStringSlice(d.Get("user_whitelisted_ip_ranges").(*schema.Set).List()) if v, ok := d.GetOk("user_whitelisted_ip_ranges"); ok { e.UserWhitelistedIPRanges = utils.ExpandStringSlice(v.(*schema.Set).List()) } } - + if _, err := client.Update(ctx, id.ResourceGroup, id.Name, e); err != nil { return fmt.Errorf("Error updating App Service Environment %q (Resource Group %q): %+v", id.Name, id.ResourceGroup, err) } From 4d1f08a78085c6b3e2e74cc12767301c3aea983c Mon Sep 17 00:00:00 2001 From: kt Date: Thu, 25 Jun 2020 11:18:10 -0700 Subject: [PATCH 3/5] minor fix --- .../internal/services/web/app_service_environment_resource.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azurerm/internal/services/web/app_service_environment_resource.go b/azurerm/internal/services/web/app_service_environment_resource.go index 53884e9d97c8..5b2ad57347e9 100644 --- a/azurerm/internal/services/web/app_service_environment_resource.go +++ b/azurerm/internal/services/web/app_service_environment_resource.go @@ -259,7 +259,7 @@ func resourceArmAppServiceEnvironmentUpdate(d *schema.ResourceData, meta interfa e.AppServiceEnvironment.MultiSize = utils.String(v) } - if d.HasChange("user_whitelisted_ip_ranges") || d.HasChange("allowed_user_ip_cidrs") { + if d.HasChanges("user_whitelisted_ip_ranges", "allowed_user_ip_cidrs") { e.UserWhitelistedIPRanges = utils.ExpandStringSlice(d.Get("user_whitelisted_ip_ranges").(*schema.Set).List()) if v, ok := d.GetOk("user_whitelisted_ip_ranges"); ok { e.UserWhitelistedIPRanges = utils.ExpandStringSlice(v.(*schema.Set).List()) From e214bcde357f783ec6e019a52e4d53b68e20d25e Mon Sep 17 00:00:00 2001 From: kt Date: Thu, 25 Jun 2020 12:51:45 -0700 Subject: [PATCH 4/5] make terrafmt --- .../services/web/tests/app_service_environment_resource_test.go | 2 +- website/docs/r/blueprint_assignment.html.markdown | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/azurerm/internal/services/web/tests/app_service_environment_resource_test.go b/azurerm/internal/services/web/tests/app_service_environment_resource_test.go index f9300c4eb860..33d42cd46280 100644 --- a/azurerm/internal/services/web/tests/app_service_environment_resource_test.go +++ b/azurerm/internal/services/web/tests/app_service_environment_resource_test.go @@ -411,7 +411,7 @@ resource "azurerm_app_service_environment" "test" { pricing_tier = "I1" front_end_scale_factor = 5 internal_load_balancing_mode = "Web, Publishing" - allowed_user_ip_cidrs = ["11.22.33.44/32", "55.66.77.0/24"] + allowed_user_ip_cidrs = ["11.22.33.44/32", "55.66.77.0/24"] } `, template, data.RandomInteger) } diff --git a/website/docs/r/blueprint_assignment.html.markdown b/website/docs/r/blueprint_assignment.html.markdown index f2046a0c73ef..0055a87146c5 100644 --- a/website/docs/r/blueprint_assignment.html.markdown +++ b/website/docs/r/blueprint_assignment.html.markdown @@ -162,4 +162,4 @@ Azure Blueprint Assignments can be imported using the `resource id`, e.g. ```shell terraform import azurerm_blueprint_assignment.example "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint" -``` \ No newline at end of file +``` From 93243c159a35db27ce1576fef357a3e920632c49 Mon Sep 17 00:00:00 2001 From: kt Date: Fri, 26 Jun 2020 08:54:15 -0700 Subject: [PATCH 5/5] fix small bug --- .../internal/services/web/app_service_environment_resource.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azurerm/internal/services/web/app_service_environment_resource.go b/azurerm/internal/services/web/app_service_environment_resource.go index 5b2ad57347e9..5e4a571f37cb 100644 --- a/azurerm/internal/services/web/app_service_environment_resource.go +++ b/azurerm/internal/services/web/app_service_environment_resource.go @@ -140,7 +140,7 @@ func resourceArmAppServiceEnvironmentCreate(d *schema.ResourceData, meta interfa internalLoadBalancingMode := d.Get("internal_load_balancing_mode").(string) t := d.Get("tags").(map[string]interface{}) userWhitelistedIPRangesRaw := d.Get("user_whitelisted_ip_ranges").(*schema.Set).List() - if v, ok := d.GetOk("user_whitelisted_ip_ranges"); ok { + if v, ok := d.GetOk("allowed_user_ip_cidrs"); ok { userWhitelistedIPRangesRaw = v.(*schema.Set).List() }