Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: improve some property names #7499

Merged
merged 5 commits into from
Jun 27, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -97,10 +97,25 @@ func resourceArmSentinelAlertRuleMsSecurityIncident() *schema.Resource {
Default: true,
},

"display_name_filter": {
Type: schema.TypeSet,
Optional: true,
Computed: true, // remove in 3.0
MinItems: 1,
ConflictsWith: []string{"text_whitelist"},
Elem: &schema.Schema{
Type: schema.TypeString,
ValidateFunc: validation.StringIsNotEmpty,
},
},

"text_whitelist": {
Type: schema.TypeSet,
Optional: true,
MinItems: 1,
Type: schema.TypeSet,
Optional: true,
Computed: true, // remove in 3.0
MinItems: 1,
ConflictsWith: []string{"display_name_filter"},
Deprecated: "this property has been renamed to display_name_filter to better match the SDK & API",
Elem: &schema.Schema{
Type: schema.TypeString,
ValidateFunc: validation.StringIsNotEmpty,
Expand Down Expand Up @@ -146,8 +161,10 @@ func resourceArmSentinelAlertRuleMsSecurityIncidentCreateUpdate(d *schema.Resour
},
}

if whitelist, ok := d.GetOk("text_whitelist"); ok {
param.DisplayNamesFilter = utils.ExpandStringSlice(whitelist.(*schema.Set).List())
if dnf, ok := d.GetOk("display_name_filter"); ok {
param.DisplayNamesFilter = utils.ExpandStringSlice(dnf.(*schema.Set).List())
} else if dnf, ok := d.GetOk("text_whitelist"); ok {
param.DisplayNamesFilter = utils.ExpandStringSlice(dnf.(*schema.Set).List())
}

// Service avoid concurrent update of this resource via checking the "etag" to guarantee it is the same value as last Read.
Expand Down Expand Up @@ -223,6 +240,9 @@ func resourceArmSentinelAlertRuleMsSecurityIncidentRead(d *schema.ResourceData,
if err := d.Set("text_whitelist", utils.FlattenStringSlice(prop.DisplayNamesFilter)); err != nil {
return fmt.Errorf(`setting "text_whitelist": %+v`, err)
}
if err := d.Set("display_name_filter", utils.FlattenStringSlice(prop.DisplayNamesFilter)); err != nil {
return fmt.Errorf(`setting "display_name_filter": %+v`, err)
}
if err := d.Set("severity_filter", flattenAlertRuleMsSecurityIncidentSeverityFilter(prop.SeveritiesFilter)); err != nil {
return fmt.Errorf(`setting "severity_filter": %+v`, err)
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,7 @@ resource "azurerm_sentinel_alert_rule_ms_security_incident" "test" {
display_name = "updated rule"
severity_filter = ["High", "Low"]
description = "this is a alert rule"
text_whitelist = ["alert"]
display_name_filter = ["alert"]
}
`, template, data.RandomInteger)
}
Expand Down
40 changes: 30 additions & 10 deletions azurerm/internal/services/web/app_service_environment_resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -93,9 +93,23 @@ func resourceArmAppServiceEnvironment() *schema.Resource {
}, false),
},

"allowed_user_ip_cidrs": {
Type: schema.TypeSet,
Optional: true,
Computed: true, // remove in 3.0
ConflictsWith: []string{"user_whitelisted_ip_ranges"},
Elem: &schema.Schema{
Type: schema.TypeString,
ValidateFunc: helpersValidate.CIDR,
},
},

"user_whitelisted_ip_ranges": {
Type: schema.TypeSet,
Optional: true,
Type: schema.TypeSet,
Optional: true,
Computed: true, // remove in 3.0
ConflictsWith: []string{"allowed_user_ip_cidrs"},
Deprecated: "this property has been renamed to `allowed_user_ip_cidrs` better reflect the expected ip range format",
Elem: &schema.Schema{
Type: schema.TypeString,
ValidateFunc: helpersValidate.CIDR,
Expand Down Expand Up @@ -126,6 +140,9 @@ func resourceArmAppServiceEnvironmentCreate(d *schema.ResourceData, meta interfa
internalLoadBalancingMode := d.Get("internal_load_balancing_mode").(string)
t := d.Get("tags").(map[string]interface{})
userWhitelistedIPRangesRaw := d.Get("user_whitelisted_ip_ranges").(*schema.Set).List()
if v, ok := d.GetOk("allowed_user_ip_cidrs"); ok {
userWhitelistedIPRangesRaw = v.(*schema.Set).List()
}

subnetId := d.Get("subnet_id").(string)
subnet, err := networkParse.SubnetID(subnetId)
Expand Down Expand Up @@ -222,32 +239,34 @@ func resourceArmAppServiceEnvironmentUpdate(d *schema.ResourceData, meta interfa
return err
}

environment := web.AppServiceEnvironmentPatchResource{
e := web.AppServiceEnvironmentPatchResource{
AppServiceEnvironment: &web.AppServiceEnvironment{},
}

if d.HasChange("internal_load_balancing_mode") {
v := d.Get("internal_load_balancing_mode").(string)
environment.AppServiceEnvironment.InternalLoadBalancingMode = web.InternalLoadBalancingMode(v)
e.AppServiceEnvironment.InternalLoadBalancingMode = web.InternalLoadBalancingMode(v)
}

if d.HasChange("front_end_scale_factor") {
v := d.Get("front_end_scale_factor").(int)
environment.AppServiceEnvironment.FrontEndScaleFactor = utils.Int32(int32(v))
e.AppServiceEnvironment.FrontEndScaleFactor = utils.Int32(int32(v))
}

if d.HasChange("pricing_tier") {
v := d.Get("pricing_tier").(string)
v = convertFromIsolatedSKU(v)
environment.AppServiceEnvironment.MultiSize = utils.String(v)
e.AppServiceEnvironment.MultiSize = utils.String(v)
}

if d.HasChange("user_whitelisted_ip_ranges") {
v := d.Get("user_whitelisted_ip_ranges").(*schema.Set).List()
environment.UserWhitelistedIPRanges = utils.ExpandStringSlice(v)
if d.HasChanges("user_whitelisted_ip_ranges", "allowed_user_ip_cidrs") {
e.UserWhitelistedIPRanges = utils.ExpandStringSlice(d.Get("user_whitelisted_ip_ranges").(*schema.Set).List())
if v, ok := d.GetOk("user_whitelisted_ip_ranges"); ok {
e.UserWhitelistedIPRanges = utils.ExpandStringSlice(v.(*schema.Set).List())
}
}

if _, err := client.Update(ctx, id.ResourceGroup, id.Name, environment); err != nil {
if _, err := client.Update(ctx, id.ResourceGroup, id.Name, e); err != nil {
return fmt.Errorf("Error updating App Service Environment %q (Resource Group %q): %+v", id.Name, id.ResourceGroup, err)
}

Expand Down Expand Up @@ -306,6 +325,7 @@ func resourceArmAppServiceEnvironmentRead(d *schema.ResourceData, meta interface
}
d.Set("pricing_tier", pricingTier)
d.Set("user_whitelisted_ip_ranges", props.UserWhitelistedIPRanges)
d.Set("allowed_user_ip_cidrs", props.UserWhitelistedIPRanges)
}

return tags.FlattenAndSet(d, existing.Tags)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -411,7 +411,7 @@ resource "azurerm_app_service_environment" "test" {
pricing_tier = "I1"
front_end_scale_factor = 5
internal_load_balancing_mode = "Web, Publishing"
user_whitelisted_ip_ranges = ["11.22.33.44/32", "55.66.77.0/24"]
allowed_user_ip_cidrs = ["11.22.33.44/32", "55.66.77.0/24"]
}
`, template, data.RandomInteger)
}
6 changes: 3 additions & 3 deletions website/docs/r/app_service_environment.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ resource "azurerm_app_service_environment" "example" {
pricing_tier = "I2"
front_end_scale_factor = 10
internal_load_balancing_mode = "Web, Publishing"
user_whitelisted_ip_ranges = ["11.22.33.44/32", "55.66.77.0/24"]
allowed_user_ip_cidrs = ["11.22.33.44/32", "55.66.77.0/24"]
}

```
Expand All @@ -65,9 +65,9 @@ resource "azurerm_app_service_environment" "example" {

* `front_end_scale_factor` - (Optional) Scale factor for front end instances. Possible values are between `5` and `15`. Defaults to `15`.

* `user_whitelisted_ip_ranges` - (Optional) User added IP ranges to whitelist on ASE db. Use the addresses you want to set as the explicit egress address ranges. Use CIDR format.
* `allowed_user_ip_cidrs` - (Optional) Allowed user added IP ranges on the ASE database. Use the addresses you want to set as the explicit egress address ranges.

~> **NOTE:** `user_whitelisted_ip_ranges` The addresses that will be used for all outbound traffic from your App Service Environment to the internet to avoid asymmetric routing challenge. If you're routing the traffic on premises, these addresses are your NATs or gateway IPs. If you want to route the App Service Environment outbound traffic through an NVA, the egress address is the public IP of the NVA. Please visit [Create your ASE with the egress addresses](https://docs.microsoft.com/en-us/azure/app-service/environment/forced-tunnel-support#add-your-own-ips-to-the-ase-azure-sql-firewall)
~> **NOTE:** `allowed_user_ip_cidrs` The addresses that will be used for all outbound traffic from your App Service Environment to the internet to avoid asymmetric routing challenge. If you're routing the traffic on premises, these addresses are your NATs or gateway IPs. If you want to route the App Service Environment outbound traffic through an NVA, the egress address is the public IP of the NVA. Please visit [Create your ASE with the egress addresses](https://docs.microsoft.com/en-us/azure/app-service/environment/forced-tunnel-support#add-your-own-ips-to-the-ase-azure-sql-firewall)

* `resource_group_name` - (Optional) The name of the Resource Group where the App Service Environment exists. Defaults to the Resource Group of the Subnet (specified by `subnet_id`).

Expand Down
2 changes: 1 addition & 1 deletion website/docs/r/blueprint_assignment.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -162,4 +162,4 @@ Azure Blueprint Assignments can be imported using the `resource id`, e.g.

```shell
terraform import azurerm_blueprint_assignment.example "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint"
```
```
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ The following arguments are supported:

* `enabled` - (Optional) Should this Sentinel MS Security Incident Alert Rule be enabled? Defaults to `true`.

* `text_whitelist` - (Optional) Only create incidents from alerts when alert name contain text in this list. No filter will happen if this field is absent.
* `display_name_filter` - (Optional) Only create incidents when the alert display name contain text from this list, leave empty to apply no filter.

## Attributes Reference

Expand Down