Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_private_endpoint - ensure update does not remove azurerm_private_endpoint_application_security_group_association (#24843) #24846

Conversation

bPhysicist
Copy link
Contributor

@bPhysicist bPhysicist commented Feb 10, 2024

Fixes #24843

Bug summary

A subsequent update of a azurerm_private_endpoint removes all ApplicationSecurityGroupAssociations. This conflicts with azurerm_private_endpoint_application_security_group_association as it removes it without any warning or error message.

Solution description

I added a get request to the update method of the azurerm_private_endpoint resource in order to fetch ApplicationSecurityGroupAssociations and attach them to the update request.
The added TestCase catches this bug.

Test outpus

$ make acctests SERVICE=network TESTARGS='-run="^(TestAccDataSourcePrivateEndpointConnection|TestAccPrivateEndpointApplic
ationSecurityGroupAssociationResource|TestAccPrivateEndpoint)"' TESTTIMEOUT='60m'
==> Checking that code complies with gofmt requirements...
==> Checking that Custom Timeouts are used...
==> Checking that acceptance test packages are used...
TF_ACC=1 go test -v ./internal/services/network -run="^(TestAccDataSourcePrivateEndpointConnection|TestAccPrivateEndpointApplicationSecurityGroupAssociationResource|TestAccPrivateEndpoint)" -timeout 60m -ldflags="-X=github.com/hashicorp/terraform-provider-azurerm/version.ProviderVersion=acc"
=== RUN   TestAccPrivateEndpointApplicationSecurityGroupAssociationResource_basic
=== PAUSE TestAccPrivateEndpointApplicationSecurityGroupAssociationResource_basic
=== RUN   TestAccPrivateEndpointApplicationSecurityGroupAssociationResource_updatePrivateEndpoint
=== PAUSE TestAccPrivateEndpointApplicationSecurityGroupAssociationResource_updatePrivateEndpoint
=== RUN   TestAccPrivateEndpointApplicationSecurityGroupAssociationResource_requiresImport
=== PAUSE TestAccPrivateEndpointApplicationSecurityGroupAssociationResource_requiresImport
=== RUN   TestAccPrivateEndpointApplicationSecurityGroupAssociationResource_deleted
=== PAUSE TestAccPrivateEndpointApplicationSecurityGroupAssociationResource_deleted
=== RUN   TestAccDataSourcePrivateEndpointConnection_complete
=== PAUSE TestAccDataSourcePrivateEndpointConnection_complete
=== RUN   TestAccPrivateEndpoint_basic
=== PAUSE TestAccPrivateEndpoint_basic
=== RUN   TestAccPrivateEndpoint_updateTag
=== PAUSE TestAccPrivateEndpoint_updateTag
=== RUN   TestAccPrivateEndpoint_updateNicName
=== PAUSE TestAccPrivateEndpoint_updateNicName
=== RUN   TestAccPrivateEndpoint_requestMessage
=== PAUSE TestAccPrivateEndpoint_requestMessage
=== RUN   TestAccPrivateEndpoint_privateDnsZoneGroup
=== PAUSE TestAccPrivateEndpoint_privateDnsZoneGroup
=== RUN   TestAccPrivateEndpoint_privateDnsZoneRename
=== PAUSE TestAccPrivateEndpoint_privateDnsZoneRename
=== RUN   TestAccPrivateEndpoint_privateDnsZoneUpdate
=== PAUSE TestAccPrivateEndpoint_privateDnsZoneUpdate
=== RUN   TestAccPrivateEndpoint_statiIpAddress
=== PAUSE TestAccPrivateEndpoint_statiIpAddress
=== RUN   TestAccPrivateEndpoint_privateDnsZoneRemove
=== PAUSE TestAccPrivateEndpoint_privateDnsZoneRemove
=== RUN   TestAccPrivateEndpoint_privateConnectionAlias
=== PAUSE TestAccPrivateEndpoint_privateConnectionAlias
=== RUN   TestAccPrivateEndpoint_updateToPrivateConnectionAlias
=== PAUSE TestAccPrivateEndpoint_updateToPrivateConnectionAlias
=== RUN   TestAccPrivateEndpoint_multipleInstances
=== PAUSE TestAccPrivateEndpoint_multipleInstances
=== RUN   TestAccPrivateEndpoint_multipleIpConfigurations
=== PAUSE TestAccPrivateEndpoint_multipleIpConfigurations
=== CONT  TestAccPrivateEndpointApplicationSecurityGroupAssociationResource_basic
=== CONT  TestAccPrivateEndpoint_privateDnsZoneGroup
=== CONT  TestAccPrivateEndpoint_privateConnectionAlias
=== CONT  TestAccPrivateEndpoint_statiIpAddress
=== CONT  TestAccPrivateEndpoint_basic
=== CONT  TestAccPrivateEndpoint_privateDnsZoneRemove
=== CONT  TestAccPrivateEndpoint_privateDnsZoneUpdate
=== CONT  TestAccPrivateEndpoint_requestMessage
--- PASS: TestAccPrivateEndpoint_requestMessage (193.96s)
=== CONT  TestAccPrivateEndpoint_multipleInstances
--- PASS: TestAccPrivateEndpointApplicationSecurityGroupAssociationResource_basic (200.63s)
=== CONT  TestAccPrivateEndpoint_multipleIpConfigurations
--- PASS: TestAccPrivateEndpoint_statiIpAddress (225.51s)
=== CONT  TestAccPrivateEndpoint_updateToPrivateConnectionAlias
--- PASS: TestAccPrivateEndpoint_basic (250.09s)
=== CONT  TestAccPrivateEndpointApplicationSecurityGroupAssociationResource_deleted
--- PASS: TestAccPrivateEndpoint_privateConnectionAlias (254.07s)
=== CONT  TestAccDataSourcePrivateEndpointConnection_complete
--- PASS: TestAccPrivateEndpoint_privateDnsZoneGroup (316.61s)
=== CONT  TestAccPrivateEndpoint_updateNicName
--- PASS: TestAccPrivateEndpoint_privateDnsZoneRemove (432.17s)
=== CONT  TestAccPrivateEndpoint_updateTag
--- PASS: TestAccDataSourcePrivateEndpointConnection_complete (184.93s)
=== CONT  TestAccPrivateEndpointApplicationSecurityGroupAssociationResource_requiresImport
--- PASS: TestAccPrivateEndpointApplicationSecurityGroupAssociationResource_deleted (281.48s)
=== CONT  TestAccPrivateEndpoint_privateDnsZoneRename
--- PASS: TestAccPrivateEndpoint_privateDnsZoneUpdate (553.56s)
=== CONT  TestAccPrivateEndpointApplicationSecurityGroupAssociationResource_updatePrivateEndpoint
--- PASS: TestAccPrivateEndpoint_multipleIpConfigurations (368.32s)
--- PASS: TestAccPrivateEndpoint_updateToPrivateConnectionAlias (355.73s)
--- PASS: TestAccPrivateEndpoint_multipleInstances (408.95s)
--- PASS: TestAccPrivateEndpoint_updateTag (258.91s)
--- PASS: TestAccPrivateEndpointApplicationSecurityGroupAssociationResource_requiresImport (252.10s)
--- PASS: TestAccPrivateEndpoint_updateNicName (390.63s)
--- PASS: TestAccPrivateEndpointApplicationSecurityGroupAssociationResource_updatePrivateEndpoint (290.58s)
--- PASS: TestAccPrivateEndpoint_privateDnsZoneRename (351.74s)
PASS
ok      github.com/hashicorp/terraform-provider-azurerm/internal/services/network      883.344s

and

$ make acctests SERVICE=network TESTARGS='-run="^(TestAccDataSourcePrivateLinkServiceEndpointConnections|TestAccPrivateLinkService|TestAccDataSourcePrivateLinkService)"'
==> Checking that code complies with gofmt requirements...
==> Checking that Custom Timeouts are used...
==> Checking that acceptance test packages are used...
TF_ACC=1 go test -v ./internal/services/network -run="^(TestAccDataSourcePrivateLinkServiceEndpointConnections|TestAccPrivateLinkService|TestAccDataSourcePrivateLinkService)" -timeout 180m -ldflags="-X=github.com/hashicorp/terraform-provider-azurerm/version.ProviderVersion=acc"
=== RUN   TestAccDataSourcePrivateLinkService_complete
=== PAUSE TestAccDataSourcePrivateLinkService_complete
=== RUN   TestAccDataSourcePrivateLinkServiceEndpointConnections_complete
=== PAUSE TestAccDataSourcePrivateLinkServiceEndpointConnections_complete
=== RUN   TestAccPrivateLinkService_basic
=== PAUSE TestAccPrivateLinkService_basic
=== RUN   TestAccPrivateLinkService_requiresImport
=== PAUSE TestAccPrivateLinkService_requiresImport
=== RUN   TestAccPrivateLinkService_update
=== PAUSE TestAccPrivateLinkService_update
=== RUN   TestAccPrivateLinkService_move
=== PAUSE TestAccPrivateLinkService_move
=== RUN   TestAccPrivateLinkService_enableProxyProtocol
=== PAUSE TestAccPrivateLinkService_enableProxyProtocol
=== RUN   TestAccPrivateLinkService_complete
=== PAUSE TestAccPrivateLinkService_complete
=== RUN   TestAccPrivateLinkService_withAlias
=== PAUSE TestAccPrivateLinkService_withAlias
=== CONT  TestAccDataSourcePrivateLinkService_complete
=== CONT  TestAccPrivateLinkService_move
=== CONT  TestAccPrivateLinkService_requiresImport
=== CONT  TestAccPrivateLinkService_basic
=== CONT  TestAccPrivateLinkService_complete
=== CONT  TestAccPrivateLinkService_enableProxyProtocol
=== CONT  TestAccPrivateLinkService_withAlias
=== CONT  TestAccDataSourcePrivateLinkServiceEndpointConnections_complete
--- PASS: TestAccPrivateLinkService_basic (118.27s)
=== CONT  TestAccPrivateLinkService_update
--- PASS: TestAccPrivateLinkService_requiresImport (119.27s)
--- PASS: TestAccPrivateLinkService_complete (126.41s)
--- PASS: TestAccDataSourcePrivateLinkService_complete (136.07s)
--- PASS: TestAccDataSourcePrivateLinkServiceEndpointConnections_complete (182.51s)
--- PASS: TestAccPrivateLinkService_withAlias (193.27s)
--- PASS: TestAccPrivateLinkService_enableProxyProtocol (237.17s)
--- PASS: TestAccPrivateLinkService_move (284.80s)
--- PASS: TestAccPrivateLinkService_update (222.62s)
PASS
ok      github.com/hashicorp/terraform-provider-azurerm/internal/services/network       340.920s

@bPhysicist bPhysicist changed the title azurerm_private_endpoint - ensure update does not remove azurerm_private_endpoint_application_security_group_association (#24843) azurerm_private_endpoint - ensure update does not remove azurerm_private_endpoint_application_security_group_association (#24843) Feb 10, 2024
@bPhysicist bPhysicist force-pushed the bugfix/azurerm_private_endpoint/24843 branch from 68f2c0c to e8bd1b4 Compare February 11, 2024 18:30
@bPhysicist
Copy link
Contributor Author

I added my signature in the subsequent force push.

…ate_endpoint_application_security_group_association
@bPhysicist bPhysicist force-pushed the bugfix/azurerm_private_endpoint/24843 branch from e8bd1b4 to 6a26a4c Compare February 12, 2024 14:21
Copy link
Contributor

@tombuildsstuff tombuildsstuff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - thanks for this @bPhysicist

@tombuildsstuff tombuildsstuff added this to the v3.92.0 milestone Feb 13, 2024
@tombuildsstuff tombuildsstuff merged commit 7f268ff into hashicorp:main Feb 13, 2024
30 checks passed
tombuildsstuff added a commit that referenced this pull request Feb 13, 2024
Warwick-Allen pushed a commit to Warwick-Allen/oritain-terraform-provider-azurerm that referenced this pull request Feb 14, 2024
dduportal added a commit to jenkins-infra/azure that referenced this pull request Feb 19, 2024
<Actions>
<action
id="f410411e63aff4bb73a81c2aec1d373cf8a903e63b30dee2006b0030d8a94cc8">
        <h3>Bump Terraform `azurerm` provider version</h3>
<details
id="1d9343c012f5434ac9fe8a98135bae3667b399259be16d9b14302ea3bd424a24">
            <summary>Update Terraform lock file</summary>
<p>changes detected:&#xA;&#x9;&#34;hashicorp/azurerm&#34; updated from
&#34;3.91.0&#34; to &#34;3.92.0&#34; in file
&#34;.terraform.lock.hcl&#34;</p>
            <details>
                <summary>3.92.0</summary>
<pre>Changelog retrieved
from:&#xA;&#x9;https://github.com/hashicorp/terraform-provider-azurerm/releases/tag/v3.92.0&#xA;FEATURES:&#xA;&#xA;*
**New Data Source**: `azurerm_virtual_desktop_application_group`
([#24771](https://github.com/hashicorp/terraform-provider-azurerm/issues/24771))&#xA;&#xA;ENHANCEMENTS:&#xA;&#xA;*
provider: support for the feature flag
`postgresql_flexible_server.restart_server_on_configuration_value_change
property`
([#23811](hashicorp/terraform-provider-azurerm#23811
dependencies: updating to v0.20240214.1142753 of
`github.com/hashicorp/go-azure-sdk`
([#24889](hashicorp/terraform-provider-azurerm#24889
`automation`: updating to use the transport layer from
`hashicorp/go-azure-sdk` rather than `Azure/go-autorest`
([#24858](hashicorp/terraform-provider-azurerm#24858
`maintenance`: updating to use the transport layer from
`hashicorp/go-azure-sdk` rather than `Azure/go-autorest`
([#24819](hashicorp/terraform-provider-azurerm#24819
`containerapps`: updating to use the transport layer from
`hashicorp/go-azure-sdk` rather than `Azure/go-autorest`
([#24862](hashicorp/terraform-provider-azurerm#24862
`containerservices`: updating to use the transport layer from
`hashicorp/go-azure-sdk` rather than `Azure/go-autorest`
([#24872](hashicorp/terraform-provider-azurerm#24872
`timeseriesinsights`: updating to use the transport layer from
`hashicorp/go-azure-sdk` rather than `Azure/go-autorest`
([#24889](hashicorp/terraform-provider-azurerm#24889
`azurerm_container_app_environment`: support for the
`infrastructure_resource_group_name` property
([#24361](hashicorp/terraform-provider-azurerm#24361
`azurerm_cost_anomaly_alert` - support for the `subscription_id`
property
([#24258](hashicorp/terraform-provider-azurerm#24258
`azurerm_cosmosdb_account` - add default values for the
`consistency_policy` code block
([#24830](hashicorp/terraform-provider-azurerm#24830
`azurerm_dashboard_grafana` - support for the `smtp` block
([#24717](hashicorp/terraform-provider-azurerm#24717
`azurerm_key_vault_certificates` - support for the `tags` property
([#24857](hashicorp/terraform-provider-azurerm#24857
`azurerm_key_vault_secrets` - support for the `tags` property
([#24857](hashicorp/terraform-provider-azurerm#24857
`azurerm_orchestrated_virtual_machine_scale_set` - support for the
`additional_unattend_content` block
([#24292](hashicorp/terraform-provider-azurerm#24292
`azurerm_virtual_desktop_host_pool` - support for the `vm_template`
property
([#24369](https://github.com/hashicorp/terraform-provider-azurerm/issues/24369))&#xA;&#xA;BUG
FIXES:&#xA;&#xA;* `azurerm_container_app_environment`: avoid unwanted
changes when updating and using `log_analytics_workspace_id`
([#24303](hashicorp/terraform-provider-azurerm#24303
`azurerm_cosmosdb_account` - fixed regression in the `backup` code block
([#24830](hashicorp/terraform-provider-azurerm#24830
`azurerm_data_factory` - allow the `git_url` property to be blank/empty
([#24879](hashicorp/terraform-provider-azurerm#24879
`azurerm_linux_web_app_slot` - the `worker_count` property now works
correctly in the `site_config` block
([#24515](hashicorp/terraform-provider-azurerm#24515
`azurerm_linux_web_app` - support `off` for the `file_system_level`
property
([#24877](hashicorp/terraform-provider-azurerm#24877
`azurerm_linux_web_app_slot` - support `off` for the `file_system_level`
property
([#24877](hashicorp/terraform-provider-azurerm#24877
`azurerm_private_endpoint` - fixing an issue where updating the Private
Endpoint would remove any Application Security Group Association
([#24846](hashicorp/terraform-provider-azurerm#24846
`azurerm_search_service` - fixed the update function to adjust for
changed API behaviour
([#24837](hashicorp/terraform-provider-azurerm#24837
`azurerm_search_service` - fixed the update function to adjust for
changed API behaviour
([#24903](hashicorp/terraform-provider-azurerm#24903
`azurerm_windows_web_app` - support `off` for the `file_system_level`
property
([#24877](hashicorp/terraform-provider-azurerm#24877
`azurerm_windows_web_app_slot` - support `off` for the
`file_system_level` property
([#24877](https://github.com/hashicorp/terraform-provider-azurerm/issues/24877))&#xA;&#xA;&#xA;</pre>
            </details>
        </details>
<a
href="https://infra.ci.jenkins.io/job/updatecli/job/azure/job/main/3/">Jenkins
pipeline link</a>
    </action>
</Actions>

---

<table>
  <tr>
    <td width="77">
<img src="https://www.updatecli.io/images/updatecli.png" alt="Updatecli
logo" width="50" height="50">
    </td>
    <td>
      <p>
Created automatically by <a
href="https://www.updatecli.io/">Updatecli</a>
      </p>
      <details><summary>Options:</summary>
        <br />
<p>Most of Updatecli configuration is done via <a
href="https://www.updatecli.io/docs/prologue/quick-start/">its
manifest(s)</a>.</p>
        <ul>
<li>If you close this pull request, Updatecli will automatically reopen
it, the next time it runs.</li>
<li>If you close this pull request and delete the base branch, Updatecli
will automatically recreate it, erasing all previous commits made.</li>
        </ul>
        <p>
Feel free to report any issues at <a
href="https://github.com/updatecli/updatecli/issues">github.com/updatecli/updatecli</a>.<br
/>
If you find this tool useful, do not hesitate to star <a
href="https://github.com/updatecli/updatecli/stargazers">our GitHub
repository</a> as a sign of appreciation, and/or to tell us directly on
our <a
href="https://matrix.to/#/#Updatecli_community:gitter.im">chat</a>!
        </p>
      </details>
    </td>
  </tr>
</table>

Co-authored-by: Jenkins Infra Bot (updatecli) <60776566+jenkins-infra-bot@users.noreply.github.com>
Co-authored-by: Damien Duportal <damien.duportal@gmail.com>
rizkybiz pushed a commit to rizkybiz/terraform-provider-azurerm that referenced this pull request Feb 29, 2024
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 24, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

azurerm_private_endpoint removes asg_association after update of tags on private endpoint
2 participants