azurerm_private_endpoint - ensure update does not remove azurerm_priv…

…ate_endpoint_application_security_group_association
hashicorp · Feb 12, 2024 · 6a26a4c · 6a26a4c
1 parent ce69c45
commit 6a26a4c
Show file tree

Hide file tree

Showing 2 changed files with 68 additions and 0 deletions.
diff --git a/internal/services/network/private_endpoint_application_security_group_association_test.go b/internal/services/network/private_endpoint_application_security_group_association_test.go
@@ -37,6 +37,26 @@ func TestAccPrivateEndpointApplicationSecurityGroupAssociationResource_basic(t *
 	})
 }
 
+func TestAccPrivateEndpointApplicationSecurityGroupAssociationResource_updatePrivateEndpoint(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_private_endpoint_application_security_group_association", "test")
+	r := PrivateEndpointApplicationSecurityGroupAssociationResource{}
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		// Ensure a subsequent update to the PrivateEndpoint does not affect the association
+		{
+			Config: r.basic(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		{
+			Config: r.basicUpdate(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+	})
+}
+
 func TestAccPrivateEndpointApplicationSecurityGroupAssociationResource_requiresImport(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azurerm_private_endpoint_application_security_group_association", "test")
 	r := PrivateEndpointApplicationSecurityGroupAssociationResource{}
@@ -145,6 +165,40 @@ resource "azurerm_private_endpoint_application_security_group_association" "test
 `, r.template(data, r.serviceAutoApprove(data)), data.RandomInteger, data.RandomInteger)
 }
 
+func (r PrivateEndpointApplicationSecurityGroupAssociationResource) basicUpdate(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+%s
+
+resource "azurerm_private_endpoint" "test" {
+  name                = "acctest-privatelink-%d"
+  resource_group_name = azurerm_resource_group.test.name
+  location            = azurerm_resource_group.test.location
+  subnet_id           = azurerm_subnet.endpoint.id
+
+  private_service_connection {
+    name                           = azurerm_private_link_service.test.name
+    is_manual_connection           = false
+    private_connection_resource_id = azurerm_private_link_service.test.id
+  }
+
+  tags = {
+    "test" = "value1"
+  }
+}
+
+resource "azurerm_application_security_group" "test" {
+  name                = "acctest-%d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+}
+
+resource "azurerm_private_endpoint_application_security_group_association" "test" {
+  private_endpoint_id           = azurerm_private_endpoint.test.id
+  application_security_group_id = azurerm_application_security_group.test.id
+}
+`, r.template(data, r.serviceAutoApprove(data)), data.RandomInteger, data.RandomInteger)
+}
+
 func (r PrivateEndpointApplicationSecurityGroupAssociationResource) serviceAutoApprove(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 

diff --git a/internal/services/network/private_endpoint_resource.go b/internal/services/network/private_endpoint_resource.go
@@ -468,6 +468,19 @@ func resourcePrivateEndpointUpdate(d *pluginsdk.ResourceData, meta interface{})
 		return fmt.Errorf("validating the configuration for %s: %+v", id, err)
 	}
 
+	// Ensure we don't overwrite the existing ApplicationSecurityGroups
+	existing, err := client.Get(ctx, *id, privateendpoints.DefaultGetOperationOptions())
+	if err != nil {
+		return fmt.Errorf("retrieving existing %s: %+v", *id, err)
+	}
+	if existing.Model == nil {
+		return fmt.Errorf("retrieving existing %s: `model` was nil", *id)
+	}
+	if existing.Model.Properties == nil {
+		return fmt.Errorf("retrieving existing %s: `model.Properties` was nil", *id)
+	}
+
+	applicationSecurityGroupAssociation := existing.Model.Properties.ApplicationSecurityGroups
 	location := azure.NormalizeLocation(d.Get("location").(string))
 	privateDnsZoneGroup := d.Get("private_dns_zone_group").([]interface{})
 	privateServiceConnections := d.Get("private_service_connection").([]interface{})
@@ -479,6 +492,7 @@ func resourcePrivateEndpointUpdate(d *pluginsdk.ResourceData, meta interface{})
 	parameters := privateendpoints.PrivateEndpoint{
 		Location: utils.String(location),
 		Properties: &privateendpoints.PrivateEndpointProperties{
+			ApplicationSecurityGroups:           applicationSecurityGroupAssociation,
 			PrivateLinkServiceConnections:       expandPrivateLinkEndpointServiceConnection(privateServiceConnections, false),
 			ManualPrivateLinkServiceConnections: expandPrivateLinkEndpointServiceConnection(privateServiceConnections, true),
 			Subnet: &privateendpoints.Subnet{