From f5fe85af74640a8a725ccafa57fdf811ad7011e4 Mon Sep 17 00:00:00 2001 From: "Yun Liu (from Dev Box)" Date: Tue, 17 Dec 2024 14:33:44 +0800 Subject: [PATCH] Add `bypass` to `azurerm_cognitive_account` --- .../cognitive/cognitive_account_resource.go | 13 +++++++++++++ .../cognitive/cognitive_account_resource_test.go | 6 ++++-- website/docs/r/cognitive_account.html.markdown | 2 ++ 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/internal/services/cognitive/cognitive_account_resource.go b/internal/services/cognitive/cognitive_account_resource.go index 822ac9e597d9..6c3db2e54e2e 100644 --- a/internal/services/cognitive/cognitive_account_resource.go +++ b/internal/services/cognitive/cognitive_account_resource.go @@ -9,6 +9,7 @@ import ( "log" "time" + "github.com/hashicorp/go-azure-helpers/lang/pointer" "github.com/hashicorp/go-azure-helpers/lang/response" "github.com/hashicorp/go-azure-helpers/resourcemanager/commonids" "github.com/hashicorp/go-azure-helpers/resourcemanager/commonschema" @@ -209,6 +210,13 @@ func resourceCognitiveAccount() *pluginsdk.Resource { string(cognitiveservicesaccounts.NetworkRuleActionDeny), }, false), }, + + "bypass": { + Type: pluginsdk.TypeString, + Optional: true, + ValidateFunc: validation.StringInSlice(cognitiveservicesaccounts.PossibleValuesForByPassSelection(), false), + }, + "ip_rules": { Type: pluginsdk.TypeSet, Optional: true, @@ -671,6 +679,7 @@ func expandCognitiveAccountNetworkAcls(d *pluginsdk.ResourceData) (*cognitiveser v := input[0].(map[string]interface{}) + bypass := cognitiveservicesaccounts.ByPassSelection(v["bypass"].(string)) defaultAction := cognitiveservicesaccounts.NetworkRuleAction(v["default_action"].(string)) ipRulesRaw := v["ip_rules"].(*pluginsdk.Set) @@ -697,6 +706,7 @@ func expandCognitiveAccountNetworkAcls(d *pluginsdk.ResourceData) (*cognitiveser } ruleSet := cognitiveservicesaccounts.NetworkRuleSet{ + Bypass: &bypass, DefaultAction: &defaultAction, IPRules: &ipRules, VirtualNetworkRules: &networkRules, @@ -779,6 +789,8 @@ func flattenCognitiveAccountNetworkAcls(input *cognitiveservicesaccounts.Network return []interface{}{} } + bypass := string(pointer.From(input.Bypass)) + ipRules := make([]interface{}, 0) if input.IPRules != nil { for _, v := range *input.IPRules { @@ -803,6 +815,7 @@ func flattenCognitiveAccountNetworkAcls(input *cognitiveservicesaccounts.Network } return []interface{}{map[string]interface{}{ + "bypass": bypass, "default_action": input.DefaultAction, "ip_rules": pluginsdk.NewSet(pluginsdk.HashString, ipRules), "virtual_network_rules": virtualNetworkRules, diff --git a/internal/services/cognitive/cognitive_account_resource_test.go b/internal/services/cognitive/cognitive_account_resource_test.go index 96a8ac43715d..05a9344aa772 100644 --- a/internal/services/cognitive/cognitive_account_resource_test.go +++ b/internal/services/cognitive/cognitive_account_resource_test.go @@ -889,12 +889,13 @@ resource "azurerm_cognitive_account" "test" { name = "acctestcogacc-%d" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name - kind = "Face" + kind = "OpenAI" sku_name = "S0" custom_subdomain_name = "acctestcogacc-%d" network_acls { default_action = "Deny" + bypass = "None" virtual_network_rules { subnet_id = azurerm_subnet.test_a.id } @@ -913,12 +914,13 @@ resource "azurerm_cognitive_account" "test" { name = "acctestcogacc-%d" location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name - kind = "Face" + kind = "OpenAI" sku_name = "S0" custom_subdomain_name = "acctestcogacc-%d" network_acls { default_action = "Allow" + bypass = "AzureServices" ip_rules = ["123.0.0.101"] virtual_network_rules { subnet_id = azurerm_subnet.test_a.id diff --git a/website/docs/r/cognitive_account.html.markdown b/website/docs/r/cognitive_account.html.markdown index 67bbcec3f894..73a9761751e4 100644 --- a/website/docs/r/cognitive_account.html.markdown +++ b/website/docs/r/cognitive_account.html.markdown @@ -100,6 +100,8 @@ A `network_acls` block supports the following: * `default_action` - (Required) The Default Action to use when no rules match from `ip_rules` / `virtual_network_rules`. Possible values are `Allow` and `Deny`. +* `bypass` - (Optional) Specifies the bypass rule for Azure services. Possible values are `AzureServices` and `None`. Defaults to `AzureServices`. + * `ip_rules` - (Optional) One or more IP Addresses, or CIDR Blocks which should be able to access the Cognitive Account. * `virtual_network_rules` - (Optional) A `virtual_network_rules` block as defined below.