azurerm_network_watcher_flow_log - support for version (#5419)

Fixes #5403

Adds the version argument for the azurerm_network_watcher_flow_log resource.

azurerm/internal/services/network/resource_arm_network_watcher_flow_log.go

@@ -145,6 +145,13 @@ func resourceArmNetworkWatcherFlowLog() *schema.Resource {
 					},
 				},
 			},
+
+			"version": {
+				Type:         schema.TypeInt,
+				Optional:     true,
+				Computed:     true,
+				ValidateFunc: validation.IntBetween(1, 2),
+			},
 		},
 	}
 }
@@ -185,6 +192,14 @@ func resourceArmNetworkWatcherFlowLogCreateUpdate(d *schema.ResourceData, meta i
 		parameters.FlowAnalyticsConfiguration = expandAzureRmNetworkWatcherFlowLogTrafficAnalytics(d)
 	}
 
+	if version, ok := d.GetOk("version"); ok {
+		format := &network.FlowLogFormatParameters{
+			Version: utils.Int32(int32(version.(int))),
+		}
+
+		parameters.FlowLogProperties.Format = format
+	}
+
 	future, err := client.SetFlowLogConfiguration(ctx, resourceGroupName, networkWatcherName, parameters)
 	if err != nil {
 		return fmt.Errorf("Error setting Flow Log Configuration for target %q (Network Watcher %q / Resource Group %q): %+v", networkSecurityGroupID, networkWatcherName, resourceGroupName, err)
@@ -254,6 +269,10 @@ func resourceArmNetworkWatcherFlowLogRead(d *schema.ResourceData, meta interface
 	if props := fli.FlowLogProperties; props != nil {
 		d.Set("enabled", props.Enabled)
 
+		if format := props.Format; format != nil {
+			d.Set("version", format.Version)
+		}
+
 		// Azure API returns "" when flow log is disabled
 		// Don't overwrite to prevent storage account ID diff when that is the case
 		if props.StorageID != nil && *props.StorageID != "" {

azurerm/internal/services/network/tests/resource_arm_network_watcher_flow_log_test.go

@@ -267,6 +267,34 @@ func testAccAzureRMNetworkWatcherFlowLog_trafficAnalytics(t *testing.T) {
 	})
 }
 
+func testAccAzureRMNetworkWatcherFlowLog_version(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_network_watcher_flow_log", "test")
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMNetworkWatcherDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMNetworkWatcherFlowLog_versionConfig(data, 1),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMNetworkWatcherFlowLogExists(data.ResourceName),
+					resource.TestCheckResourceAttr(data.ResourceName, "version", "1"),
+				),
+			},
+			data.ImportStep(),
+			{
+				Config: testAccAzureRMNetworkWatcherFlowLog_versionConfig(data, 2),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMNetworkWatcherFlowLogExists(data.ResourceName),
+					resource.TestCheckResourceAttr(data.ResourceName, "version", "2"),
+				),
+			},
+			data.ImportStep(),
+		},
+	})
+}
+
 func testCheckAzureRMNetworkWatcherFlowLogExists(name string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		client := acceptance.AzureProvider.Meta().(*clients.Client).Network.WatcherClient
@@ -493,3 +521,38 @@ resource "azurerm_network_watcher_flow_log" "test" {
 }
 `, testAccAzureRMNetworkWatcherFlowLog_prerequisites(data), data.RandomInteger)
 }
+
+func testAccAzureRMNetworkWatcherFlowLog_versionConfig(data acceptance.TestData, version int) string {
+	return fmt.Sprintf(`
+%s
+
+resource "azurerm_log_analytics_workspace" "test" {
+  name                = "acctestLAW-%d"
+  location            = "${azurerm_resource_group.test.location}"
+  resource_group_name = "${azurerm_resource_group.test.name}"
+  sku                 = "PerGB2018"
+}
+
+resource "azurerm_network_watcher_flow_log" "test" {
+  network_watcher_name = "${azurerm_network_watcher.test.name}"
+  resource_group_name  = "${azurerm_resource_group.test.name}"
+
+  network_security_group_id = "${azurerm_network_security_group.test.id}"
+  storage_account_id        = "${azurerm_storage_account.test.id}"
+  enabled                   = true
+  version                   = %d
+
+  retention_policy {
+    enabled = true
+    days    = 7
+  }
+
+  traffic_analytics {
+    enabled               = true
+    workspace_id          = "${azurerm_log_analytics_workspace.test.workspace_id}"
+    workspace_region      = "${azurerm_log_analytics_workspace.test.location}"
+    workspace_resource_id = "${azurerm_log_analytics_workspace.test.id}"
+  }
+}
+`, testAccAzureRMNetworkWatcherFlowLog_prerequisites(data), data.RandomInteger, version)
+}

azurerm/internal/services/network/tests/resource_arm_network_watcher_test.go

@@ -73,6 +73,7 @@ func TestAccAzureRMNetworkWatcher(t *testing.T) {
 			"retentionPolicy":      testAccAzureRMNetworkWatcherFlowLog_retentionPolicy,
 			"updateStorageAccount": testAccAzureRMNetworkWatcherFlowLog_updateStorageAccount,
 			"trafficAnalytics":     testAccAzureRMNetworkWatcherFlowLog_trafficAnalytics,
+			"version":              testAccAzureRMNetworkWatcherFlowLog_version,
 		},
 	}
 

website/docs/r/network_watcher_flow_log.html.markdown

@@ -88,6 +88,8 @@ The following arguments are supported:
 
 * `traffic_analytics` - (Optional) A `traffic_analytics` block as documented below.
 
+* `version` - (Optional) The version (revision) of the flow log. Possible values are `1` and `2`.
+
 ---
 
 * `retention_policy` supports the following: