From ddcdf949eb1a9c0a6eee9565063eabfc511595b9 Mon Sep 17 00:00:00 2001 From: Taylor Chaparro Date: Mon, 21 Oct 2019 07:50:40 -0700 Subject: [PATCH] add suppport for zones to firewall --- azurerm/helpers/azure/zones.go | 24 ++++++++ azurerm/resource_arm_firewall.go | 8 +++ azurerm/resource_arm_firewall_test.go | 80 +++++++++++++++++++++++++++ website/docs/r/firewall.html.markdown | 4 ++ 4 files changed, 116 insertions(+) diff --git a/azurerm/helpers/azure/zones.go b/azurerm/helpers/azure/zones.go index be956a54c2dd..fe467f9e06e4 100644 --- a/azurerm/helpers/azure/zones.go +++ b/azurerm/helpers/azure/zones.go @@ -25,6 +25,18 @@ func SchemaSingleZone() *schema.Schema { } } +func SchemaMultipleZones() *schema.Schema { + return &schema.Schema{ + Type: schema.TypeList, + Optional: true, + ForceNew: true, + MinItems: 1, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + } +} + func SchemaZonesComputed() *schema.Schema { return &schema.Schema{ Type: schema.TypeList, @@ -47,3 +59,15 @@ func ExpandZones(v []interface{}) *[]string { return nil } } + +func FlattenZones(v *[]string) []interface{} { + zones := make([]interface{}, 0) + if v == nil { + return zones + } + + for _, s := range *v { + zones = append(zones, s) + } + return zones +} diff --git a/azurerm/resource_arm_firewall.go b/azurerm/resource_arm_firewall.go index af6d97175c75..cc42f797d587 100644 --- a/azurerm/resource_arm_firewall.go +++ b/azurerm/resource_arm_firewall.go @@ -89,6 +89,8 @@ func resourceArmFirewall() *schema.Resource { }, }, + "zones": azure.SchemaMultipleZones(), + "tags": tags.Schema(), }, } @@ -120,6 +122,7 @@ func resourceArmFirewallCreateUpdate(d *schema.ResourceData, meta interface{}) e location := azure.NormalizeLocation(d.Get("location").(string)) t := d.Get("tags").(map[string]interface{}) ipConfigs, subnetToLock, vnetToLock, err := expandArmFirewallIPConfigurations(d) + zones := azure.ExpandZones(d.Get("zones").([]interface{})) if err != nil { return fmt.Errorf("Error Building list of Azure Firewall IP Configurations: %+v", err) } @@ -139,6 +142,7 @@ func resourceArmFirewallCreateUpdate(d *schema.ResourceData, meta interface{}) e AzureFirewallPropertiesFormat: &network.AzureFirewallPropertiesFormat{ IPConfigurations: ipConfigs, }, + Zones: zones, } if !d.IsNewResource() { @@ -217,6 +221,10 @@ func resourceArmFirewallRead(d *schema.ResourceData, meta interface{}) error { } } + if err := d.Set("zones", azure.FlattenZones(read.Zones)); err != nil { + return fmt.Errorf("Error setting `zones`: %+v", err) + } + return tags.FlattenAndSet(d, read.Tags) } diff --git a/azurerm/resource_arm_firewall_test.go b/azurerm/resource_arm_firewall_test.go index 4f26ab2b825d..47976a6396cb 100644 --- a/azurerm/resource_arm_firewall_test.go +++ b/azurerm/resource_arm_firewall_test.go @@ -176,6 +176,40 @@ func TestAccAzureRMFirewall_withTags(t *testing.T) { }) } +func TestAccAzureRMFirewall_withZones(t *testing.T) { + resourceName := "azurerm_firewall.test" + rInt := tf.AccRandTimeInt() + location := testLocation() + zones := []string{"1"} + zonesUpdate := []string{"1", "3"} + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMFirewallDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMFirewall_withZones(rInt, location, zones), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMFirewallExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "zones.#", "1"), + resource.TestCheckResourceAttr(resourceName, "zones.0", "1"), + ), + }, + { + Config: testAccAzureRMFirewall_withZones(rInt, location, zonesUpdate), + Check: resource.ComposeTestCheckFunc( + + testCheckAzureRMFirewallExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "zones.#", "2"), + resource.TestCheckResourceAttr(resourceName, "zones.0", "1"), + resource.TestCheckResourceAttr(resourceName, "zones.1", "3"), + ), + }, + }, + }) +} + func TestAccAzureRMFirewall_disappears(t *testing.T) { resourceName := "azurerm_firewall.test" ri := tf.AccRandTimeInt() @@ -481,3 +515,49 @@ resource "azurerm_firewall" "test" { } `, rInt, location, rInt, rInt, rInt) } + +func testAccAzureRMFirewall_withZones(rInt int, location string, zones []string) string { + zoneString := strings.Join(zones, ",") + return fmt.Sprintf(` +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +resource "azurerm_virtual_network" "test" { + name = "acctestvirtnet%d" + address_space = ["10.0.0.0/16"] + location = "${azurerm_resource_group.test.location}" + resource_group_name = "${azurerm_resource_group.test.name}" +} + +resource "azurerm_subnet" "test" { + name = "AzureFirewallSubnet" + resource_group_name = "${azurerm_resource_group.test.name}" + virtual_network_name = "${azurerm_virtual_network.test.name}" + address_prefix = "10.0.1.0/24" +} + +resource "azurerm_public_ip" "test" { + name = "acctestpip%d" + location = "${azurerm_resource_group.test.location}" + resource_group_name = "${azurerm_resource_group.test.name}" + allocation_method = "Static" + sku = "Standard" +} + +resource "azurerm_firewall" "test" { + name = "acctestfirewall%d" + location = "${azurerm_resource_group.test.location}" + resource_group_name = "${azurerm_resource_group.test.name}" + + ip_configuration { + name = "configuration" + subnet_id = "${azurerm_subnet.test.id}" + public_ip_address_id = "${azurerm_public_ip.test.id}" + } + + zones = [%s] +} +`, rInt, location, rInt, rInt, rInt, zoneString) +} diff --git a/website/docs/r/firewall.html.markdown b/website/docs/r/firewall.html.markdown index 78b258edeb94..08901691fa51 100644 --- a/website/docs/r/firewall.html.markdown +++ b/website/docs/r/firewall.html.markdown @@ -66,6 +66,10 @@ The following arguments are supported: * `ip_configuration` - (Required) A `ip_configuration` block as documented below. +* `zones` - (Optional) Specifies the availability zones in which the Azure Firewall should be created. + +-> **Please Note**: Availability Zones are [only supported in several regions at this time](https://docs.microsoft.com/en-us/azure/availability-zones/az-overview). + * `tags` - (Optional) A mapping of tags to assign to the resource. ---