Merge branch 'master' of github.com:terraform-providers/terraform-pro…

…vider-azurerm * 'master' of github.com:terraform-providers/terraform-provider-azurerm: (68 commits) Update changelog for hashicorp#11164 `azurerm_cognitive_account` - Add support for `network_acls` (hashicorp#11164) Update CHANGELOG.md for hashicorp#11069 New Resource: `azurerm_management_group_subscription_association` (hashicorp#11069) tests: limit running VMware tests in teamcity (hashicorp#11167) CHANGELOG.md for hashicorp#10627 azurerm_firewall: support for private_ip_ranges (hashicorp#10627) Update CHANGELOG.md for hashicorp#11083 Upgrade hpc cache API version to 2021-03-01 (hashicorp#11083) CHANGELOG.md for hashicorp#10724 new resource: azurerm_media_live_event (hashicorp#10724) CHANGELOG.md for hashicorp#11108 upgrade go sdk to v52.6.0 (hashicorp#11108) CHANGELOG.md for hashicorp#11139 azurerm_api_management: make certificate_password optional (hashicorp#11139) CHANGELOG.md for hashicorp#10830 r/azurerm_data_factory_linked_service_azure_blob_storage: Fixing managed identity implementation (hashicorp#10830) CHANGELOG.md for hashicorp#11131 azurerm_storage_account - support for 'container_delete_retention_policy' (hashicorp#11131) CHANGELOG.md for hashicorp#11106 ...
rm-hull · Mar 31, 2021 · 2a85d3a · 2a85d3a
2 parents 0576c6c + 19c81ef
commit 2a85d3a
Show file tree

Hide file tree

Showing 265 changed files with 26,239 additions and 3,665 deletions.
diff --git a/.teamcity/components/settings.kt b/.teamcity/components/settings.kt
@@ -49,5 +49,8 @@ var serviceTestConfigurationOverrides = mapOf(
         "signalr" to testConfiguration(1, defaultStartHour),
 
         // Spring Cloud only allows a max of 10 provisioned
-        "springcloud" to testConfiguration(5, defaultStartHour)
+        "springcloud" to testConfiguration(5, defaultStartHour),
+
+        // Currently have a quota of 10 nodes, 3 nodes required per test so lets limit it to 3
+        "vmware" to testConfiguration(3, defaultStartHour)
 )
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,13 +1,59 @@
-## 2.53.0 (Unreleased)
+## 2.54.0 (Unreleased)
+
+FEATURES:
+
+* **New Resource:** `azurerm_hpc_cache_access_policy` [GH-11083]
+* **New Resource:** `azurerm_management_group_subscription_association` [GH-11069]
+* **New Resource:** `azurerm_media_live_event` [GH-10724]
+
+ENHANCEMENTS:
+
+* dependencies: updating to `v52.6.0` of `github.com/Azure/azure-sdk-for-go` [GH-11108]
+* dependencies: updating `storage` to API version `2021-01-01` [GH-11094]
+* dependencies: updating `storagecache` (a.k.a `hpc`) to API version `2021-03-01` [GH-11083]
+* `azurerm_cognitive_account` - Add support for `network_acls` [GH-11164]
+* `azurerm_container_registry` - support for the `quarantine_policy_enabled` property [GH-11011]
+* `azurerm_firewall` - support for the `private_ip_ranges` property [pGH-10627]
+* `azurerm_spring_cloud_service` - supports for the `sample_rate` property [GH-11106]
+* `azurerm_storage_account` - support for the `container_delete_retention_policy` property [GH-11131]
+
+BUG FIXES:
+
+* `azurerm_api_management` - the `certificate_password` property is now optional [GH-11139]
+* `azurerm_data_factory_linked_service_azure_blob_storage` - correct managed identity implementation by implementing the `service_endpoint` property [GH-10830]
+* `azurerm_machine_learning_workspace` - deprecate the `Enterprise` sku as it has been deprecated by Azure [GH-11063]
+* `azurerm_machine_learning_workspace` - support container registries in other subscriptions [GH-11065]
+* `azurerm_site_recovery_fabric` - Fixes error in checking for existing resource [GH-11130]
+* `azurerm_spring_cloud_custom_domain` - `thumbprint` is required when specifying `certificate_name` [GH-11145]
+* `azurerm_subscription` - fixes broken timeout on destroy [GH-11124]
+
+## 2.53.0 (March 26, 2021)
+
+FEATURES:
+
+* **New Resource:** `azurerm_management_group_template_deployment` ([#10603](https://github.com/terraform-providers/terraform-provider-azurerm/issues/10603))
+* **New Resource:** `azurerm_tenant_template_deployment` ([#10603](https://github.com/terraform-providers/terraform-provider-azurerm/issues/10603))
+* **New Data Source:** `azurerm_template_spec_version` ([#10603](https://github.com/terraform-providers/terraform-provider-azurerm/issues/10603))
 
 ENHANCEMENTS:
 
-* dependencies: updating to `v52.5.0` of `github.com/Azure/azure-sdk-for-go` [GH-11015]
+* dependencies: updating to `v52.5.0` of `github.com/Azure/azure-sdk-for-go` ([#11015](https://github.com/terraform-providers/terraform-provider-azurerm/issues/11015))
+* Data Source: `azurerm_key_vault_secret` - support for the `versionless_id` attribute ([#11091](https://github.com/terraform-providers/terraform-provider-azurerm/issues/11091))
+* `azurerm_container_registry` - support for the `public_network_access_enabled` property ([#10969](https://github.com/terraform-providers/terraform-provider-azurerm/issues/10969))
+* `azurerm_kusto_eventhub_data_connection` - support for the `event_system_properties` block ([#11006](https://github.com/terraform-providers/terraform-provider-azurerm/issues/11006))
+* `azurerm_logic_app_trigger_recurrence` - Add support for `schedule`  ([#11055](https://github.com/terraform-providers/terraform-provider-azurerm/issues/11055))
+* `azurerm_resource_group_template_deployment` - add support for `template_spec_version_id` property ([#10603](https://github.com/terraform-providers/terraform-provider-azurerm/issues/10603))
+* `azurerm_role_definition` - the `permissions` block is now optional ([#9850](https://github.com/terraform-providers/terraform-provider-azurerm/issues/9850))
+* `azurerm_subscription_template_deployment` - add support for `template_spec_version_id` property ([#10603](https://github.com/terraform-providers/terraform-provider-azurerm/issues/10603))
+
 
 BUG FIXES:
 
-* `azurerm_resource_group_template_deployment` - always sending `parameters_content` during an update [GH-11001]
-* `azurerm_subscription_template_deployment` - always sending `parameters_content` during an update [GH-11001]
+* `azurerm_frontdoor_custom_https_configuration` - fixing a crash during update ([#11046](https://github.com/terraform-providers/terraform-provider-azurerm/issues/11046))
+* `azurerm_resource_group_template_deployment` - always sending `parameters_content` during an update ([#11001](https://github.com/terraform-providers/terraform-provider-azurerm/issues/11001))
+* `azurerm_role_definition` - fixing crash when permissions are empty ([#9850](https://github.com/terraform-providers/terraform-provider-azurerm/issues/9850))
+* `azurerm_subscription_template_deployment` - always sending `parameters_content` during an update ([#11001](https://github.com/terraform-providers/terraform-provider-azurerm/issues/11001))
+* `azurerm_spring_cloud_app` - supports for the `tls_enabled` property ([#11064](https://github.com/terraform-providers/terraform-provider-azurerm/issues/11064))
 
 ## 2.52.0 (March 18, 2021)
 

diff --git a/GNUmakefile b/GNUmakefile
@@ -26,7 +26,7 @@ build: fmtcheck generate
 
 build-docker:
 	mkdir -p bin
-	docker run --rm -v $$(pwd)/bin:/go/bin -v $$(pwd):/go/src/github.com/terraform-providers/terraform-provider-azurerm -w /go/src/github.com/terraform-providers/terraform-provider-azurerm -e GOOS golang:1.13 make build
+	docker run --rm -v $$(pwd)/bin:/go/bin -v $$(pwd):/go/src/github.com/terraform-providers/terraform-provider-azurerm -w /go/src/github.com/terraform-providers/terraform-provider-azurerm -e GOOS golang:1.16 make build
 
 fmt:
 	@echo "==> Fixing source code with gofmt..."

diff --git a/azurerm/internal/acceptance/testcase.go b/azurerm/internal/acceptance/testcase.go
@@ -24,6 +24,7 @@ func (td TestData) DataSourceTest(t *testing.T, steps []resource.TestStep) {
 	td.runAcceptanceTest(t, testCase)
 }
 
+// lintignore:AT001
 func (td TestData) DataSourceTestInSequence(t *testing.T, steps []resource.TestStep) {
 	// DataSources don't need a check destroy - however since this is a wrapper function
 	// and not matching the ignore pattern `XXX_data_source_test.go`, this needs to be explicitly opted out

diff --git a/azurerm/internal/services/apimanagement/api_management_resource.go b/azurerm/internal/services/apimanagement/api_management_resource.go
@@ -221,7 +221,7 @@ func resourceApiManagementService() *schema.Resource {
 
 						"certificate_password": {
 							Type:      schema.TypeString,
-							Required:  true,
+							Optional:  true,
 							Sensitive: true,
 						},
 
@@ -1111,13 +1111,15 @@ func expandAzureRmApiManagementCertificates(d *schema.ResourceData) *[]apimanage
 		config := v.(map[string]interface{})
 
 		certBase64 := config["encoded_certificate"].(string)
-		certificatePassword := config["certificate_password"].(string)
 		storeName := apimanagement.StoreName(config["store_name"].(string))
 
 		cert := apimanagement.CertificateConfiguration{
-			EncodedCertificate:  utils.String(certBase64),
-			CertificatePassword: utils.String(certificatePassword),
-			StoreName:           storeName,
+			EncodedCertificate: utils.String(certBase64),
+			StoreName:          storeName,
+		}
+
+		if certPassword := config["certificate_password"]; certPassword != nil {
+			cert.CertificatePassword = utils.String(certPassword.(string))
 		}
 
 		results = append(results, cert)

diff --git a/azurerm/internal/services/apimanagement/api_management_resource_test.go b/azurerm/internal/services/apimanagement/api_management_resource_test.go
@@ -810,6 +810,16 @@ resource "azurerm_api_management" "test" {
     store_name           = "Root"
   }
 
+  certificate {
+    encoded_certificate = filebase64("testdata/api_management_api_test.cer")
+    store_name          = "Root"
+  }
+
+  certificate {
+    encoded_certificate = filebase64("testdata/api_management_api_test.cer")
+    store_name          = "CertificateAuthority"
+  }
+
   protocols {
     enable_http2 = true
   }

diff --git a/azurerm/internal/services/apimanagement/testdata/api_management_api_test.cer b/azurerm/internal/services/apimanagement/testdata/api_management_api_test.cer
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsjCCAZoCCQCMdt7DvygPtDANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBh
+cGkudGVycmFmb3JtLmlvMB4XDTE4MDcwNTEwMzMzMFoXDTI4MDcwMjEwMzMzMFow
+GzEZMBcGA1UEAwwQYXBpLnRlcnJhZm9ybS5pbzCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAKQW332Ol28CsidAheD1aL9Ul8JWnKLdaVxKZ3ssl5CXjPDO
+mM7IXk0SgbQnUC8lIlPFZiDGbQ1sB6OTMun6ZZ4ipLp80dtl0roCLtCnDQOBGzCN
+ArCYAoXRurjkXEY7tpD0wwtU72+37h3HQ4g0VS6VItJCqJ9QADV+HO2ZWuZTez70
+MhoL6OLfZP7HGYdJDKgfEVNF5XlbVzNAGkDIJFdhjNxyGGu5Nfsm1pfQhAyunkk7
+JVamjUg5IojRdo63IS9wwzMOdeGSAbBcsJfYeCfVg2kupR8q0TmZ+x93RmmOlbSi
+66kEYxRzZ9YCQeHJmn1YfJ92BpCUiy9A6Z1iaKUCAwEAATANBgkqhkiG9w0BAQsF
+AAOCAQEAJ7JhlecP7J48wI2QHTMbAMkkWBv/iWq1/QIF4ugH3Zb5PorOv+NfhQ0L
+lWiw/SzN8Ae95vUixAGYHMSa28oumM5K1OsqKEkVIo1AoBH8nBz+VcTpRD/mHXot
+AHPAZt9j5LqeHX+enR6RbINAf3jn+YU3MdVe0MsADdFASVDfjmQP2R7o9aJb/QqO
+g3bZBWsiBDEISfyaH2+pgUM7wtwEoFWmEMlgjLK1MRBs1cDZXqnHaCd/rs+NmWV9
+naEu7x5fyQOk4HozkpweR+Jx1sBlTRsa49/qSHt/6ULKfO01/cTs4iF71ykXPbh3
+Kj9cI2uo9aYtXkxkhKrGyUpA7FJqWw==
+-----END CERTIFICATE-----
diff --git a/azurerm/internal/services/authorization/azuresdkhacks/definitions.go b/azurerm/internal/services/authorization/azuresdkhacks/definitions.go
@@ -0,0 +1,154 @@
+package azuresdkhacks
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/Azure/azure-sdk-for-go/services/preview/authorization/mgmt/2020-04-01-preview/authorization"
+	"github.com/Azure/go-autorest/autorest"
+	"github.com/Azure/go-autorest/autorest/azure"
+)
+
+type RoleDefinitionsWorkaroundClient struct {
+	sdkClient *authorization.RoleDefinitionsClient
+}
+
+func NewRoleDefinitionsWorkaroundClient(client *authorization.RoleDefinitionsClient) RoleDefinitionsWorkaroundClient {
+	return RoleDefinitionsWorkaroundClient{
+		sdkClient: client,
+	}
+}
+
+// CreateOrUpdate creates or updates a role definition.
+// Parameters:
+// scope - the scope of the role definition.
+// roleDefinitionID - the ID of the role definition.
+// roleDefinition - the values for the role definition.
+func (client RoleDefinitionsWorkaroundClient) CreateOrUpdate(ctx context.Context, scope string, roleDefinitionID string, roleDefinition authorization.RoleDefinition) (result RoleDefinitionUpdateResponse, err error) {
+	req, err := client.sdkClient.CreateOrUpdatePreparer(ctx, scope, roleDefinitionID, roleDefinition)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "CreateOrUpdate", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.sdkClient.CreateOrUpdateSender(req)
+	if err != nil {
+		result.Response = autorest.Response{Response: resp}
+		err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "CreateOrUpdate", resp, "Failure sending request")
+		return
+	}
+
+	result, err = client.CreateOrUpdateResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "CreateOrUpdate", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always
+// closes the http.Response Body.
+func (client RoleDefinitionsWorkaroundClient) CreateOrUpdateResponder(resp *http.Response) (result RoleDefinitionUpdateResponse, err error) {
+	err = autorest.Respond(
+		resp,
+		azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated),
+		autorest.ByUnmarshallingJSON(&result),
+		autorest.ByClosing())
+	result.Response = autorest.Response{Response: resp}
+	return
+}
+
+// Get get role definition by name (GUID).
+// Parameters:
+// scope - the scope of the role definition.
+// roleDefinitionID - the ID of the role definition.
+func (client RoleDefinitionsWorkaroundClient) Get(ctx context.Context, scope string, roleDefinitionID string) (result RoleDefinitionGetResponse, err error) {
+	req, err := client.sdkClient.GetPreparer(ctx, scope, roleDefinitionID)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "Get", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.sdkClient.GetSender(req)
+	if err != nil {
+		result.Response = autorest.Response{Response: resp}
+		err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "Get", resp, "Failure sending request")
+		return
+	}
+
+	result, err = client.GetResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "authorization.RoleDefinitionsClient", "Get", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// GetResponder handles the response to the Get request. The method always
+// closes the http.Response Body.
+func (client RoleDefinitionsWorkaroundClient) GetResponder(resp *http.Response) (result RoleDefinitionGetResponse, err error) {
+	err = autorest.Respond(
+		resp,
+		azure.WithErrorUnlessStatusCode(http.StatusOK),
+		autorest.ByUnmarshallingJSON(&result),
+		autorest.ByClosing())
+	result.Response = autorest.Response{Response: resp}
+	return
+}
+
+// RoleDefinition role definition.
+type RoleDefinitionGetResponse struct {
+	autorest.Response `json:"-"`
+	// ID - READ-ONLY; The role definition ID.
+	ID *string `json:"id,omitempty"`
+	// Name - READ-ONLY; The role definition name.
+	Name *string `json:"name,omitempty"`
+	// Type - READ-ONLY; The role definition type.
+	Type *string `json:"type,omitempty"`
+	// RoleDefinitionProperties - Role definition properties.
+	*RoleDefinitionProperties `json:"properties,omitempty"`
+}
+
+type RoleDefinitionUpdateResponse struct {
+	autorest.Response `json:"-"`
+	// ID - READ-ONLY; The role definition ID.
+	ID *string `json:"id,omitempty"`
+	// Name - READ-ONLY; The role definition name.
+	Name *string `json:"name,omitempty"`
+	// Type - READ-ONLY; The role definition type.
+	Type *string `json:"type,omitempty"`
+	// RoleDefinitionProperties - Role definition properties.
+	*RoleDefinitionProperties `json:"properties,omitempty"`
+}
+
+// RoleDefinitionProperties role definition properties.
+type RoleDefinitionProperties struct {
+	// RoleName - The role name.
+	RoleName *string `json:"roleName,omitempty"`
+	// Description - The role definition description.
+	Description *string `json:"description,omitempty"`
+	// RoleType - The role type.
+	RoleType *string `json:"type,omitempty"`
+	// Permissions - Role definition permissions.
+	Permissions *[]Permission `json:"permissions,omitempty"`
+	// AssignableScopes - Role definition assignable scopes.
+	AssignableScopes *[]string `json:"assignableScopes,omitempty"`
+
+	// not exposed in the sdk
+	CreatedOn *string `json:"createdOn,omitempty"`
+	UpdatedOn *string `json:"updatedOn,omitempty"`
+	CreatedBy *string `json:"createdBy,omitempty"`
+	UpdatedBy *string `json:"updatedBy,omitempty"`
+}
+
+// Permission role definition permissions.
+type Permission struct {
+	// Actions - Allowed actions.
+	Actions *[]string `json:"actions,omitempty"`
+	// NotActions - Denied actions.
+	NotActions *[]string `json:"notActions,omitempty"`
+	// DataActions - Allowed Data actions.
+	DataActions *[]string `json:"dataActions,omitempty"`
+	// NotDataActions - Denied Data actions.
+	NotDataActions *[]string `json:"notDataActions,omitempty"`
+}
diff --git a/azurerm/internal/services/authorization/role_assignment_resource_test.go b/azurerm/internal/services/authorization/role_assignment_resource_test.go
@@ -39,7 +39,7 @@ func TestAccRoleAssignment_roleName(t *testing.T) {
 
 	r := RoleAssignmentResource{}
 
-	data.ResourceTest(t, r, []resource.TestStep{
+	data.ResourceSequentialTest(t, r, []resource.TestStep{
 		{
 			Config: r.roleNameConfig(id),
 			Check: resource.ComposeTestCheckFunc(
@@ -58,7 +58,7 @@ func TestAccRoleAssignment_requiresImport(t *testing.T) {
 
 	r := RoleAssignmentResource{}
 
-	data.ResourceTest(t, r, []resource.TestStep{
+	data.ResourceSequentialTest(t, r, []resource.TestStep{
 		{
 			Config: r.roleNameConfig(id),
 			Check: resource.ComposeTestCheckFunc(