diff --git a/internal/services/securitycenter/migration/security_center_setting_v0_to_v1.go b/internal/services/securitycenter/migration/security_center_setting_v0_to_v1.go new file mode 100644 index 000000000000..2114bab85c70 --- /dev/null +++ b/internal/services/securitycenter/migration/security_center_setting_v0_to_v1.go @@ -0,0 +1,46 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package migration + +import ( + "context" + "log" + "strings" + + "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" +) + +var _ pluginsdk.StateUpgrade = SecurityCenterSettingsV0ToV1{} + +type SecurityCenterSettingsV0ToV1 struct{} + +func (SecurityCenterSettingsV0ToV1) Schema() map[string]*pluginsdk.Schema { + return map[string]*pluginsdk.Schema{ + "enabled": { + Required: true, + Type: pluginsdk.TypeBool, + }, + "setting_name": { + Required: true, + Type: pluginsdk.TypeString, + }, + } +} + +func (SecurityCenterSettingsV0ToV1) UpgradeFunc() pluginsdk.StateUpgraderFunc { + return func(ctx context.Context, rawState map[string]interface{}, meta interface{}) (map[string]interface{}, error) { + log.Println("[DEBUG] Migrating Security Center Settings from v0 to v1 format") + oldId := strings.Split(rawState["id"].(string), "/") + if oldId[len(oldId)-1] == "SENTINEL" { + oldId[len(oldId)-1] = "Sentinel" + } + newId := strings.Join(oldId, "/") + + log.Printf("[DEBUG] Updating ID from %q to %q", oldId, newId) + + rawState["id"] = newId + + return rawState, nil + } +} diff --git a/internal/services/securitycenter/security_center_setting_resource.go b/internal/services/securitycenter/security_center_setting_resource.go index 219c9dd7c5c3..6f6408351481 100644 --- a/internal/services/securitycenter/security_center_setting_resource.go +++ b/internal/services/securitycenter/security_center_setting_resource.go @@ -8,11 +8,14 @@ import ( "time" "github.com/hashicorp/go-azure-sdk/resource-manager/security/2022-05-01/settings" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-azurerm/helpers/tf" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" "github.com/hashicorp/terraform-provider-azurerm/internal/features" + "github.com/hashicorp/terraform-provider-azurerm/internal/services/securitycenter/migration" "github.com/hashicorp/terraform-provider-azurerm/internal/services/securitycenter/parse" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" + "github.com/hashicorp/terraform-provider-azurerm/internal/tf/suppress" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation" "github.com/hashicorp/terraform-provider-azurerm/internal/timeouts" ) @@ -46,11 +49,23 @@ func resourceSecurityCenterSetting() *pluginsdk.Resource { Delete: pluginsdk.DefaultTimeout(10 * time.Minute), }, + SchemaVersion: 1, + StateUpgraders: pluginsdk.StateUpgrades(map[int]pluginsdk.StateUpgrade{ + 0: migration.SecurityCenterSettingsV0ToV1{}, + }), + Schema: map[string]*pluginsdk.Schema{ "setting_name": { - Type: pluginsdk.TypeString, - Required: true, - ForceNew: true, + Type: pluginsdk.TypeString, + Required: true, + ForceNew: true, + DiffSuppressFunc: func() func(string, string, string, *schema.ResourceData) bool { + // This is a workaround for `SENTINEL` value. + if !features.FourPointOhBeta() { + return suppress.CaseDifference + } + return nil + }(), ValidateFunc: validation.StringInSlice(validSettingName, false), }, "enabled": { @@ -67,7 +82,13 @@ func resourceSecurityCenterSettingUpdate(d *pluginsdk.ResourceData, meta interfa ctx, cancel := timeouts.ForUpdate(meta.(*clients.Client).StopContext, d) defer cancel() - id := settings.NewSettingID(subscriptionId, settings.SettingName(d.Get("setting_name").(string))) + settingName := d.Get("setting_name").(string) + + if !features.FourPointOhBeta() && settingName == "SENTINEL" { + settingName = "Sentinel" + } + + id := settings.NewSettingID(subscriptionId, settings.SettingName(settingName)) if d.IsNewResource() { existing, err := client.Get(ctx, id) diff --git a/internal/services/securitycenter/security_center_setting_resource_test.go b/internal/services/securitycenter/security_center_setting_resource_test.go index 4552f7b84a56..f846e30ca5a5 100644 --- a/internal/services/securitycenter/security_center_setting_resource_test.go +++ b/internal/services/securitycenter/security_center_setting_resource_test.go @@ -12,6 +12,7 @@ import ( "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance" "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" + "github.com/hashicorp/terraform-provider-azurerm/internal/features" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" "github.com/hashicorp/terraform-provider-azurerm/utils" ) @@ -33,7 +34,7 @@ func testAccSecurityCenterSetting_update(t *testing.T) { r := SecurityCenterSettingResource{} // lintignore:AT001 - data.ResourceSequentialTest(t, r, []acceptance.TestStep{ + testcases := []acceptance.TestStep{ { Config: r.cfg("MCAS", true), Check: acceptance.ComposeTestCheckFunc( @@ -78,7 +79,18 @@ func testAccSecurityCenterSetting_update(t *testing.T) { Check: acceptance.ComposeTestCheckFunc(), }, data.ImportStep(), - }) + } + + if !features.FourPointOhBeta() { + testcases = append(testcases, []acceptance.TestStep{{ + Config: r.cfg("SENTINEL", true), + Check: acceptance.ComposeTestCheckFunc(), + }, { + Config: r.cfg("SENTINEL", false), + Check: acceptance.ComposeTestCheckFunc(), + }}...) + } + data.ResourceSequentialTest(t, r, testcases) } func testAccSecurityCenterSetting_requiresImport(t *testing.T) {