azurerm_network_watcher_flow_log: Add 2 more resource types to `tar…

…get_resource_id` Added NIC and subnet as accepted value types for `target_resource_id`. Fixes hashicorp#28175
favoretti · Dec 4, 2024 · 65078d5 · 65078d5
1 parent 6ba6882
commit 65078d5
Show file tree

Hide file tree

Showing 5 changed files with 124 additions and 4 deletions.
diff --git a/internal/services/network/network_watcher_flow_log_resource.go b/internal/services/network/network_watcher_flow_log_resource.go
@@ -79,6 +79,8 @@ func resourceNetworkWatcherFlowLog() *pluginsdk.Resource {
 				ValidateFunc: validation.Any(
 					networksecuritygroups.ValidateNetworkSecurityGroupID,
 					commonids.ValidateVirtualNetworkID,
+					commonids.ValidateSubnetID,
+					commonids.ValidateNetworkInterfaceID,
 				),
 			},
 
@@ -422,6 +424,10 @@ func resourceNetworkWatcherFlowLogRead(d *pluginsdk.ResourceData, meta interface
 				targetIsNSG = true
 			} else if vnetId, err := commonids.ParseVirtualNetworkIDInsensitively(props.TargetResourceId); err == nil {
 				targetResourceId = vnetId.ID()
+			} else if subnetId, err := commonids.ParseSubnetIDInsensitively(props.TargetResourceId); err == nil {
+				targetResourceId = subnetId.ID()
+			} else if nicId, err := commonids.ParseNetworkInterfaceIDInsensitively(props.TargetResourceId); err == nil {
+				targetResourceId = nicId.ID()
 			}
 
 			if !features.FivePointOhBeta() && targetIsNSG {

diff --git a/internal/services/network/network_watcher_flow_log_resource_test.go b/internal/services/network/network_watcher_flow_log_resource_test.go
@@ -49,6 +49,36 @@ func testAccNetworkWatcherFlowLog_basicWithVirtualNetwork(t *testing.T) {
 	})
 }
 
+func testAccNetworkWatcherFlowLog_basicWithSubnet(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_network_watcher_flow_log", "test")
+	r := NetworkWatcherFlowLogResource{}
+
+	data.ResourceSequentialTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.basicConfigWithSubnet(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
+func testAccNetworkWatcherFlowLog_basicWithNIC(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_network_watcher_flow_log", "test")
+	r := NetworkWatcherFlowLogResource{}
+
+	data.ResourceSequentialTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.basicConfigWithNIC(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
 func testAccNetworkWatcherFlowLog_requiresImport(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azurerm_network_watcher_flow_log", "test")
 	r := NetworkWatcherFlowLogResource{}
@@ -396,6 +426,88 @@ resource "azurerm_network_watcher_flow_log" "test" {
 `, r.prerequisites(data), data.RandomInteger, data.RandomInteger)
 }
 
+func (r NetworkWatcherFlowLogResource) basicConfigWithSubnet(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+%s
+
+resource "azurerm_virtual_network" "test" {
+  name                = "acctestvn-%d"
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+}
+
+resource "azurerm_subnet" "test" {
+  name                 = "acctestsubnet-%d"
+  resource_group_name  = azurerm_resource_group.test.name
+  virtual_network_name = azurerm_virtual_network.test.name
+  address_prefixes     = ["10.0.1.0/24"]
+}
+
+resource "azurerm_network_watcher_flow_log" "test" {
+  network_watcher_name = azurerm_network_watcher.test.name
+  resource_group_name  = azurerm_resource_group.test.name
+  name                 = "flowlog-%d"
+
+  target_resource_id = azurerm_subnet.test.id
+  storage_account_id = azurerm_storage_account.test.id
+  enabled            = true
+
+  retention_policy {
+    enabled = false
+    days    = 0
+  }
+}
+`, r.prerequisites(data), data.RandomInteger, data.RandomInteger, data.RandomInteger)
+}
+
+func (r NetworkWatcherFlowLogResource) basicConfigWithNIC(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+%s
+
+resource "azurerm_virtual_network" "test" {
+  name                = "acctestvn-%d"
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+}
+
+resource "azurerm_subnet" "test" {
+  name                 = "acctestsubnet-%d"
+  resource_group_name  = azurerm_resource_group.test.name
+  virtual_network_name = azurerm_virtual_network.test.name
+  address_prefixes     = ["10.0.1.0/24"]
+}
+
+resource "azurerm_network_interface" "test" {
+  name                = "acctestnic-%d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+
+  ip_configuration {
+    name                          = "internal"
+    subnet_id                     = azurerm_subnet.test.id
+    private_ip_address_allocation = "Dynamic"
+  }
+}
+
+resource "azurerm_network_watcher_flow_log" "test" {
+  network_watcher_name = azurerm_network_watcher.test.name
+  resource_group_name  = azurerm_resource_group.test.name
+  name                 = "flowlog-%d"
+
+  target_resource_id = azurerm_network_interface.test.id
+  storage_account_id = azurerm_storage_account.test.id
+  enabled            = true
+
+  retention_policy {
+    enabled = false
+    days    = 0
+  }
+}
+`, r.prerequisites(data), data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger)
+}
+
 func (r NetworkWatcherFlowLogResource) requiresImport(data acceptance.TestData) string {
 	if !features.FivePointOhBeta() {
 		return fmt.Sprintf(`

diff --git a/internal/services/network/network_watcher_resource_test.go b/internal/services/network/network_watcher_resource_test.go
@@ -79,6 +79,8 @@ func TestAccNetworkWatcher(t *testing.T) {
 		"FlowLog": {
 			"basic":                   testAccNetworkWatcherFlowLog_basic,
 			"basicWithVirtualNetwork": testAccNetworkWatcherFlowLog_basicWithVirtualNetwork,
+			"basicWithSubnet":         testAccNetworkWatcherFlowLog_basicWithSubnet,
+			"basicWithNIC":            testAccNetworkWatcherFlowLog_basicWithNIC,
 			"requiresImport":          testAccNetworkWatcherFlowLog_requiresImport,
 			"disabled":                testAccNetworkWatcherFlowLog_disabled,
 			"reenabled":               testAccNetworkWatcherFlowLog_reenabled,

diff --git a/website/docs/d/mssql_managed_database.html.markdown b/website/docs/d/mssql_managed_database.html.markdown
@@ -70,4 +70,4 @@ A `point_in_time_restore` block exports the following:
 
 The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/language/resources/syntax#operation-timeouts) for certain actions:
 
-* `read` - (Defaults to 5 minutes) Used when retrieving the Azure SQL Azure Managed Database.
+* `read` - (Defaults to 5 minutes) Used when retrieving the Azure SQL Azure Managed Database.
diff --git a/website/docs/r/network_watcher_flow_log.html.markdown b/website/docs/r/network_watcher_flow_log.html.markdown
@@ -56,9 +56,9 @@ resource "azurerm_network_watcher_flow_log" "test" {
   resource_group_name  = azurerm_resource_group.example.name
   name                 = "example-log"
 
-  network_security_group_id = azurerm_network_security_group.test.id
-  storage_account_id        = azurerm_storage_account.test.id
-  enabled                   = true
+  target_resource_id  = azurerm_network_security_group.test.id
+  storage_account_id  = azurerm_storage_account.test.id
+  enabled             = true
 
   retention_policy {
     enabled = true
Original file line number	Diff line number	Diff line change
Expand Up		@@ -70,4 +70,4 @@ A `point_in_time_restore` block exports the following:

		The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/language/resources/syntax#operation-timeouts) for certain actions:

		* `read` - (Defaults to 5 minutes) Used when retrieving the Azure SQL Azure Managed Database.
		* `read` - (Defaults to 5 minutes) Used when retrieving the Azure SQL Azure Managed Database.