From c43d388b8348ce2a5b1f69aa968760e0fddeb971 Mon Sep 17 00:00:00 2001 From: Vladimir Lazarenko Date: Fri, 17 May 2024 23:32:07 +0200 Subject: [PATCH] `azurerm_network_watcher_flow_log`: Property changes `network_security_group_id` is superseded by `target_resource_id` Fixes #25982 --- .../network_watcher_flow_log_resource.go | 73 ++++++++++--------- .../r/network_watcher_flow_log.html.markdown | 4 + 2 files changed, 43 insertions(+), 34 deletions(-) diff --git a/internal/services/network/network_watcher_flow_log_resource.go b/internal/services/network/network_watcher_flow_log_resource.go index 77452c84818c..b1189f72b72d 100644 --- a/internal/services/network/network_watcher_flow_log_resource.go +++ b/internal/services/network/network_watcher_flow_log_resource.go @@ -14,7 +14,6 @@ import ( "github.com/hashicorp/go-azure-helpers/resourcemanager/commonschema" "github.com/hashicorp/go-azure-helpers/resourcemanager/location" "github.com/hashicorp/go-azure-helpers/resourcemanager/tags" - "github.com/hashicorp/go-azure-sdk/resource-manager/network/2023-11-01/networksecuritygroups" "github.com/hashicorp/go-azure-sdk/resource-manager/network/2024-03-01/flowlogs" "github.com/hashicorp/go-azure-sdk/resource-manager/network/2024-03-01/networkwatchers" "github.com/hashicorp/terraform-provider-azurerm/helpers/azure" @@ -72,11 +71,13 @@ func resourceNetworkWatcherFlowLog() *pluginsdk.Resource { ValidateFunc: validate.NetworkWatcherFlowLogName, }, - "network_security_group_id": { - Type: pluginsdk.TypeString, - Required: true, - ForceNew: true, - ValidateFunc: networksecuritygroups.ValidateNetworkSecurityGroupID, + "target_resource_id": { + Type: pluginsdk.TypeString, + Required: true, + ForceNew: true, + ValidateFunc: validation.Any( + validate.VirtualNetworkID, + ), }, "storage_account_id": { @@ -172,12 +173,13 @@ func resourceNetworkWatcherFlowLog() *pluginsdk.Resource { }, } - if !features.FourPointOhBeta() { - resource.Schema["version"] = &pluginsdk.Schema{ - Type: pluginsdk.TypeInt, - Optional: true, - Computed: true, - ValidateFunc: validation.IntBetween(1, 2), + if !features.FivePointOh() { + resource.Schema["network_security_group_id"] = &pluginsdk.Schema{ + Required: true, + ForceNew: true, + ValidateFunc: azure.ValidateResourceID, + Deprecated: "The property `network_security_group_id` has been superseded by `target_resource_id` and will be removed in version 5.0 of the AzureRM Provider.", + ConflictsWith: []string{"target_resource_id"}, } } @@ -203,10 +205,14 @@ func resourceNetworkWatcherFlowLogCreate(d *pluginsdk.ResourceData, meta interfa defer cancel() id := flowlogs.NewFlowLogID(subscriptionId, d.Get("resource_group_name").(string), d.Get("network_watcher_name").(string), d.Get("name").(string)) - nsgId, err := networksecuritygroups.ParseNetworkSecurityGroupID(d.Get("network_security_group_id").(string)) - if err != nil { - return err + + var targetResourceId string + if !features.FivePointOh() { + if v, ok := d.GetOk("network_security_group_id"); ok { + targetResourceId = v.(string) + } } + targetResourceId = d.Get("target_resource_id").(string) // For newly created resources, the "name" is required, it is set as Optional and Computed is merely for the existing ones for the sake of backward compatibility. if id.NetworkWatcherName == "" { @@ -224,8 +230,8 @@ func resourceNetworkWatcherFlowLogCreate(d *pluginsdk.ResourceData, meta interfa return tf.ImportAsExistsError("azurerm_network_watcher_flow_log", id.ID()) } - locks.ByID(nsgId.ID()) - defer locks.UnlockByID(nsgId.ID()) + locks.ByID(targetResourceId) + defer locks.UnlockByID(targetResourceId) loc := d.Get("location").(string) if loc == "" { @@ -244,7 +250,7 @@ func resourceNetworkWatcherFlowLogCreate(d *pluginsdk.ResourceData, meta interfa parameters := flowlogs.FlowLog{ Location: utils.String(location.Normalize(loc)), Properties: &flowlogs.FlowLogPropertiesFormat{ - TargetResourceId: nsgId.ID(), + TargetResourceId: targetResourceId, StorageId: d.Get("storage_account_id").(string), Enabled: pointer.To(d.Get("enabled").(bool)), RetentionPolicy: expandNetworkWatcherFlowLogRetentionPolicy(d.Get("retention_policy").([]interface{})), @@ -297,12 +303,14 @@ func resourceNetworkWatcherFlowLogUpdate(d *pluginsdk.ResourceData, meta interfa payload := existing.Model - nsgId, err := networksecuritygroups.ParseNetworkSecurityGroupID(d.Get("network_security_group_id").(string)) - if err != nil { - return err + var targetResourceId string + if !features.FivePointOh() { + targetResourceId = d.Get("network_security_group_id").(string) } - locks.ByID(nsgId.ID()) - defer locks.UnlockByID(nsgId.ID()) + targetResourceId = d.Get("target_resource_id").(string) + + locks.ByID(targetResourceId) + defer locks.UnlockByID(targetResourceId) if d.HasChange("storage_account_id") { payload.Properties.StorageId = d.Get("storage_account_id").(string) @@ -389,12 +397,12 @@ func resourceNetworkWatcherFlowLogRead(d *pluginsdk.ResourceData, meta interface d.Set("storage_account_id", props.StorageId) } - networkSecurityGroupId := "" - nsgId, err := networksecuritygroups.ParseNetworkSecurityGroupIDInsensitively(props.TargetResourceId) - if err == nil { - networkSecurityGroupId = nsgId.ID() + targetResourceId := "" + if !features.FourPointOhBeta() { + d.Set("network_security_group_id", targetResourceId) } - d.Set("network_security_group_id", networkSecurityGroupId) + + d.Set("target_resource_id", targetResourceId) if err := d.Set("retention_policy", flattenNetworkWatcherFlowLogRetentionPolicy(props.RetentionPolicy)); err != nil { return fmt.Errorf("setting `retention_policy`: %+v", err) @@ -425,13 +433,10 @@ func resourceNetworkWatcherFlowLogDelete(d *pluginsdk.ResourceData, meta interfa return fmt.Errorf("retreiving %s: `properties` or `properties.TargetResourceID` was nil", id) } - networkSecurityGroupId, err := networksecuritygroups.ParseNetworkSecurityGroupIDInsensitively(resp.Model.Properties.TargetResourceId) - if err != nil { - return fmt.Errorf("parsing %q as a Network Security Group ID: %+v", resp.Model.Properties.TargetResourceId, err) - } + targetResourceId := resp.Model.Properties.TargetResourceId - locks.ByID(networkSecurityGroupId.ID()) - defer locks.UnlockByID(networkSecurityGroupId.ID()) + locks.ByID(targetResourceId) + defer locks.UnlockByID(targetResourceId) if err := client.DeleteThenPoll(ctx, *id); err != nil { return fmt.Errorf("deleting %s: %v", id, err) diff --git a/website/docs/r/network_watcher_flow_log.html.markdown b/website/docs/r/network_watcher_flow_log.html.markdown index 2241e12a3e0a..1dd0e153e474 100644 --- a/website/docs/r/network_watcher_flow_log.html.markdown +++ b/website/docs/r/network_watcher_flow_log.html.markdown @@ -87,6 +87,10 @@ The following arguments are supported: * `network_security_group_id` - (Required) The ID of the Network Security Group for which to enable flow logs for. Changing this forces a new resource to be created. +~> **NOTE:** `network_security_group_id` is deprecated and will be removed in favour of the property `target_resource_id` in version 4.0 of the AzureRM Provider. + +* `target_resource_id` - (Required) The ID of the Resource for which to enable flow logs for. Changing this forces a new resource to be created. + * `storage_account_id` - (Required) The ID of the Storage Account where flow logs are stored. * `enabled` - (Required) Should Network Flow Logging be Enabled?