Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Resource azurerm_postgresql_flexible_server_configuration #12294

Merged
merged 3 commits into from
Jul 14, 2021

Conversation

wasfree
Copy link
Contributor

@wasfree wasfree commented Jun 21, 2021

This PR adds new resource azurerm_postgresql_flexible_server_configuration which is part of request #11538

Copy link
Contributor

@manicminer manicminer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @wasfree, many thanks for this PR. This is mostly looking great, I have a few comments/suggestions inline. If you can take a look at these, and the tests pass, this should be good to merge!

wasfree pushed a commit to wasfree/terraform-provider-azurerm that referenced this pull request Jun 23, 2021
- use server_id instead of server_name in postgresql_flexible_server_configuration resource
- construct id for d.SetId(id.ID()) by FlexibleServerConfigurationId in
update func
- remove error prefix of error messages
- improve error messages while update, delete, wait
- use state.ID in tests and rename test func according to convention
- update documentation remove resource group and server_name, add server_id

Signed-off-by: Nick Metz <nick.metz@ptvgroup.com>
wasfree pushed a commit to wasfree/terraform-provider-azurerm that referenced this pull request Jun 23, 2021
- use server_id instead of server_name in postgresql_flexible_server_configuration resource
- construct id for d.SetId(id.ID()) by FlexibleServerConfigurationId in
update func
- remove error prefix of error messages
- improve error messages while update, delete, wait
- use state.ID in tests and rename test func according to convention
- update documentation remove resource group and server_name, add server_id

Signed-off-by: Nick Metz <nick.metz@ptvgroup.com>
@wasfree wasfree force-pushed the f/postgres-flex-configuration branch from c223fe5 to 62bd318 Compare June 23, 2021 09:39
wasfree pushed a commit to wasfree/terraform-provider-azurerm that referenced this pull request Jun 23, 2021
- use server_id instead of server_name in postgresql_flexible_server_configuration resource
- construct id for d.SetId(id.ID()) by FlexibleServerConfigurationId in
update func
- remove error prefix of error messages
- improve error messages while update, delete, wait
- use state.ID in tests and rename test func according to convention
- update documentation remove resource group and server_name, add server_id

Signed-off-by: Nick Metz <nick.metz@ptvgroup.com>
@wasfree wasfree force-pushed the f/postgres-flex-configuration branch from 62bd318 to ebf040b Compare June 23, 2021 09:45
wasfree pushed a commit to wasfree/terraform-provider-azurerm that referenced this pull request Jun 23, 2021
- use server_id instead of server_name in postgresql_flexible_server_configuration resource
- construct id for d.SetId(id.ID()) by FlexibleServerConfigurationId in
update func
- remove error prefix of error messages
- improve error messages while update, delete, wait
- use state.ID in tests and rename test func according to convention
- update documentation remove resource group and server_name, add server_id

Signed-off-by: Nick Metz <nick.metz@ptvgroup.com>
@wasfree wasfree force-pushed the f/postgres-flex-configuration branch from ebf040b to 5e373e8 Compare June 23, 2021 09:58
@wasfree wasfree requested a review from manicminer June 23, 2021 10:25
@tombuildsstuff tombuildsstuff modified the milestones: v2.65.0, v2.66.0 Jun 25, 2021
@manicminer
Copy link
Contributor

Hi @wasfree, after looking at this in more detail, and considering the user experience along with how the portal presents these settings, I think it would be better to inline these settings in a server_parameters block in the azurerm_postgresql_flexible_server resource.

This would mean specifying each setting in the schema, which is more work upfront, but would provide for nicer configurations - instead of having a long list of azurerm_postgresql_flexible_server_configuration resources, they would just be additional attributes on the server resource. Our documentation would also be much improved, listing each parameters with its description rather than leaving it to the user to work them out one by one. The portal does a good job of listing all the parameters (of which there are admittedly quite a few) and the validation for them. WDYT?

@wasfree
Copy link
Contributor Author

wasfree commented Jun 29, 2021

Hi @manicminer, sure we can also put this settings into azurerm_postgresql_flexible_server resource. The main reason why i put this in a separated resource was to keep it equal with other database configuration resources such as azurerm_mysql_configuration and azurerm_postgresql_configuration. As you already mentioned specifying each setting in the schema potentially required more maintenance, documentation and validation work.

But before adding server_parameters to azurerm_postgresql_flexible_server resource i would like to update the API version from 2020-02-14-preview to 2021-06-01 (stable) see Azure/azure-sdk-for-go#14914. This will allow us to use postgres version 13 and adding postgresql flexible server database resource in parallel.

Copy link
Contributor

@yupwei68 yupwei68 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think overall this looks good to me, excepts some tiny concerns.
Besides, service team uses "PUT" instead of "PATCH" in their GA release, which would be better fit in the resource.

@manicminer manicminer self-assigned this Jul 7, 2021
@wasfree
Copy link
Contributor Author

wasfree commented Jul 7, 2021

@manicminer i was looking further into your suggestion to put azurerm_postgresql_flexible_server_configuration into postgresql flexible server resource, there are a few concerns.

In azure-go-sdk we're only able to update one server parameter at a time. Which means to me, we have to loop over all parameters intended to change. I haven't seen such approach in other azurerm resources so far.

In addition to loop over all parameters Azure Postgres Flexserver has three available postgres versions 11, 12 and 13. Not all versions support all parameters which would require further validation. There are also minor versions (which Azure will automatically update over time in maintenance_window). This could be the reason why server parameters are not typed in azure-go-sdk.

I understand it would be a great benefit for users to lookup all available server parameters in terraform documentation. On other hand there is a lot of complexity, implementation and maintenance work todo.

@manicminer @yupwei68 What is your opinion about this?

katbyte pushed a commit that referenced this pull request Jul 8, 2021
…ersion to 2021-06-01 (#12405)

Changes:

Update flexserver api version to 2021-06-01
Complete flexserver tests use postgres version 13 now
Noteworthy Changes:

cmk_enabled (byokEnforcement) is not exposed in 2021-06-01 anymore
Postgres version 13 also available now
effected resources

azurerm_postgresql_flexible_server
azurerm_postgresql_flexible_server_firewall_rule
Datasource: azurerm_postgresql_flexible_server
This PR address:

Support PostgreSQL Flexible Server Version 13 #12375
New Resource azurerm_postgresql_flexible_server_configuration #12294
Support for postgresql flexible server database, configuration and firewall_rule #11538
@katbyte katbyte removed this from the v2.67.0 milestone Jul 9, 2021
@katbyte katbyte added this to the v2.68.0 milestone Jul 9, 2021
wasfree pushed a commit to wasfree/terraform-provider-azurerm that referenced this pull request Jul 10, 2021
- use server_id instead of server_name in postgresql_flexible_server_configuration resource
- construct id for d.SetId(id.ID()) by FlexibleServerConfigurationId in
update func
- remove error prefix of error messages
- improve error messages while update, delete, wait
- use state.ID in tests and rename test func according to convention
- update documentation remove resource group and server_name, add server_id
- validate name and value is not empty
- remove checking resource not found at deletion

Signed-off-by: Nick Metz <nick.metz@ptvgroup.com>
@wasfree wasfree force-pushed the f/postgres-flex-configuration branch from 5e373e8 to d9b070c Compare July 10, 2021 09:04
wasfree pushed a commit to wasfree/terraform-provider-azurerm that referenced this pull request Jul 10, 2021
- use server_id instead of server_name in postgresql_flexible_server_configuration resource
- construct id for d.SetId(id.ID()) by FlexibleServerConfigurationId in
update func
- remove error prefix of error messages
- improve error messages while update, delete, wait
- use state.ID in tests and rename test func according to convention
- update documentation remove resource group and server_name, add server_id
- validate name and value is not empty
- remove checking resource not found at deletion

Signed-off-by: Nick Metz <nick.metz@ptvgroup.com>
@wasfree wasfree force-pushed the f/postgres-flex-configuration branch from d9b070c to 2e447c1 Compare July 10, 2021 09:05
wasfree pushed a commit to wasfree/terraform-provider-azurerm that referenced this pull request Jul 10, 2021
- use server_id instead of server_name in postgresql_flexible_server_configuration resource
- construct id for d.SetId(id.ID()) by FlexibleServerConfigurationId in
update func
- remove error prefix of error messages
- improve error messages while update, delete, wait
- use state.ID in tests and rename test func according to convention
- update documentation remove resource group and server_name, add server_id
- validate name and value is not empty
- remove checking resource not found at deletion

Signed-off-by: Nick Metz <nick.metz@ptvgroup.com>
@wasfree wasfree force-pushed the f/postgres-flex-configuration branch from 2e447c1 to 13ee08a Compare July 10, 2021 09:19
- use server_id instead of server_name in postgresql_flexible_server_configuration resource
- construct id for d.SetId(id.ID()) by FlexibleServerConfigurationId in
update func
- remove error prefix of error messages
- improve error messages while update, delete, wait
- use state.ID in tests and rename test func according to convention
- update documentation remove resource group and server_name, add server_id
- validate name and value is not empty
- remove checking resource not found at deletion

Signed-off-by: Nick Metz <nick.metz@ptvgroup.com>
@wasfree wasfree force-pushed the f/postgres-flex-configuration branch from 13ee08a to 08c5ccd Compare July 10, 2021 09:24
@wasfree
Copy link
Contributor Author

wasfree commented Jul 10, 2021

Rebased, this PR is ready to merge if we stick to the current approach

@manicminer
Copy link
Contributor

@wasfree Whilst I still think it would be nice to adopt the settings into the resource schema, given the emerging complexity there, I think it would be challenging for us to keep up with changes to the settings over time and I agree it's probably better to keep this approach and make them free-form.

I pushed a small change to rename the resource files and tidy up the error messages. The tests pass and this looks good to merge.

Copy link
Contributor

@manicminer manicminer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Screenshot 2021-07-14 at 11 58 56

@manicminer manicminer merged commit 7f24850 into hashicorp:master Jul 14, 2021
manicminer added a commit that referenced this pull request Jul 14, 2021
@github-actions
Copy link

This functionality has been released in v2.68.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

yupwei68 pushed a commit to yupwei68/terraform-provider-azurerm that referenced this pull request Jul 26, 2021
sdkv2 shim - storage (#11952)

Fix app service ase name check (#11891)

Add note to avoid conflicts when enabling AGIC (#11954)

update

dependencies: vendoring the generated AppConfig SDK

appconfiguration: refactoring to use the generated sdk

sdk/appconfig: making the methods private

golangci-lint: upping the max chars for a naked func to 40

The SDK should always be 38 chars, but this gives a little wiggle room
upping from the existing value of 30

linting: fixing the whitespace

updating to include #11959

`azurerm_kubernetes_cluster`: fix spelling

sdkv2 shim - cosmos

Oranize and dedupe imports

refactor: updating the remaining importers to use Plugin SDKv2 wrappers (#11963)

* refactor: updating the remaining importers to use Plugin SDKv2 wrappers

* linting: removing an overridden context

update `make goimports` step and tidy all go imports (#11953)

`azurerm_storage_account_network_rules` and `azurerm_storage_account` - `private_link_access` supports more values (#11957)

Update changelog for #11957

`storage`: Fix ID for `storage_share_resource_manager` (#11828)

Update changelog for #11828

`azurerm_synapse_spark_pool` - `spark_version` now supports 3.0 #11972

Update changelog for #11972

r/(linux|windows)_virtual_machine(_scale_set): support for Force Delete (#11216)

Co-authored-by: kt <kt@katbyte.me>
Fixes #11089

CHANGELOG.md for #11216

Fix acctest `TestAccMsSqlVirtualMachine_storageConfiguration` (#11956)

`azurerm_key_vault_certificate_data`: Support certificate bundles and add support for ECDSA keys (#11974)

Potentially fixes #10909

CHANGELOG.md for #11974

fix(devspaces): remove devspaces provider auto-registration (#11822)

Remove DevSpaces provider auto-registration.
Closes #11821

changelog md for #11822

Update CHANGELOG.md

sdk: vendoring the generated eventhub sdk

eventhub: refactoring atop the generated sdk

sdk: downgrading to the `2017-04-01` API for some sdks

r/eventhub_authorization_rule: fixing a logic error

sdk/eventhub: switching consumergroups to using API Version 2017-04-01

sdk/eventhubs: downgrading checknameavailabilitydisasterrecoveryconfigs to API version 2017-04-01

refactor: DisasterRecoveryNameAvailableClient  -> DisasterRecoveryNameAvailabilityClient

r/eventhub_cluster: nil-checking capacity

linting fixes

r/eventhub_cluster: using the poller's http response

vendoring v0.16.3 of github.com/hashicorp/go-azure-helpers

go mod tidy

updating to include #11973

v2.61.0

sdkv2 shim - compute (#11969)

adding a placeholder for 2.62.0

`azurerm_container_registry`: support for  versionless encryption keys for ACR (#11856)

Update changelog for #11856

sdkv2 shim - containers (#11990)

sdkv2 shim - eventhub (#11993)

sdkv2 - One more wrap (#11995)

Fix markdown bullet rendered as header (#12010)

Add sensitive to instrumentation_key docs (#12015)

revert

Migrate most GitHub HashiBot behaviors to GitHub Actions (#12030)

Reference: https://github.com/terraform-providers/.hashibot/blob/master/.hashibot.hcl

The `terraform-providers` organization-level configuration for these behaviors will be removed after this repository change. The `pull_request_size_labeler` and `release_commenter` behaviors will be handled in later changes.

`kubernetes_cluster`: Support for `gateway_name` for Application Gateway add-on (#11984)

Update changelog for #11984

New resource `azurerm_postgresql_flexible_server_firewall_rule` (#11834)

New resource azurerm_postgresql_flexible_server_firewall_rule #11834

CHANGELOG.md for #11834

New resource `azurerm_vmware_express_route_authorization` (#11812)

Fix:#9283

--- PASS: TestAccVmwareAuthorization_basic (15817.58s)
--- PASS: TestAccVmwareAuthorization_requiresImport (15908.18s)

CHANGELOG.md for #11812

r/azurerm_api_management_api_subscription: support for `api_id` (#12025)

Fixes #12016 .

Enables the configuration of subscriptions per API.

The test passed:

CHANGELOG.md for #12025

Set `active_directory` in `azurerm_storage_account` Computed (#12022)

Fix #11997

Local test has passed.

refactor "azurerm_data_factory" to use generated resource id (#12014)

`azurerm_machine_learning_inference_cluster` - update to allow use of Microsoft ssl certificates (add `leaf_domain_label`) (#11830)

Co-authored-by: Michael Gross <michaelgross@Michaels-iMac.fritz.box>

CHANGELOG.md for #11830

Add ID attribute to postgres server data source (#12005)

Fix `containerDeleteRetentionPolicy` and `lastAccessTimeTrackingPolicy` are not supported in AzureUSGovernment (#11960)

FIx #11772

--- PASS: TestAccStorageAccount_blobProperties_containerAndLastAccessTimeDisabled (252.05s)

CHANGELOG.md for #11960

"azurerm_role_assignment" supports property "delegated_managed_identity_resource_id" (#11848)

* "azurerm_role_assignment" supports property "delegated_managed_identity_resource_id"

* update

* update

Co-authored-by: kt <kt@katbyte.me>

CHANGELOG.md for #11848

`azurerm_kubernetes_cluster`: Support update of `azure_rbac_enabled` (#12029)

Update changelog for #12029

`azurem_kubernetes_cluster`/`azurerm_kubernetes_cluster_node_pool`: support for `node_public_ip_prefix_id` (#11635)

Update changelog for #11635

`azurerm_kubernetes_cluster`: docs regarding Public Preview `azure_rbac_enabled` removed #12040

CHANGELOG.md for #11670

Update app_service_certificate_binding.html.markdown (#12051)

New resource `azurerm_storage_object_replication_policy` (#11744)

Fix: #8647

--- PASS: TestAccStorageObjectReplicationPolicy_basic (205.37s)
--- PASS: TestAccStorageObjectReplicationPolicy_requiresImport (222.11s)
--- PASS: TestAccStorageObjectReplicationPolicy_complete (200.17s)
-- PASS: TestAccStorageObjectReplicationPolicy_update (562.02s)

CHANGELOG.md for #11744

add resource azurerm_data_protection_backup_vault (#11955)

CHANGELOG.md for #11955

`postgres_server`: Update Postgres server admin password only on change (#12008)

Fixes #12007

@reviewer:

Do we consider this as a breaking change or not?
Should we introduce a test to check this behaviour?

CHANGELOG.md for #12008

azurerm_app_service_environment - support for `internal_ip_address`, `service_ip_address`, `outbound_ip_addresses` (#12026)

Return the VipInfo for the ASE on create. This is required for configuration of external Azure resources (e.g. App Gateway WAF). Using the data provider will cause failures if the resource doesn't exist. This is the preferred solution.

CHANGELOG.md for #12026

v2.62.0

Fix acctests for `azurerm_api_management` (#12056)

update network sdk to 2020-11-01 (#11627)

Co-authored-by: jackofallops <ste@hashicorp.com>

CHANGELOG.md for #11627

Support for `UserAssignedIdentity` in `azurerm_storage_account` (#11752)

Fix #11751

--- PASS: TestAccStorageAccount_systemAssignedIdentity (160.00s)
--- PASS: TestAccStorageAccount_userAssignedIdentity (171.82s)
--- PASS: TestAccStorageAccount_systemAssignedUserAssignedIdentity (171.53s)
--- PASS: TestAccStorageAccount_updateResourceByEnablingIdentity (421.15s)

CHANGELOG.md for #11752

fix a crash when body format changed (#11847)

To address this issue #5163

After deploying tf configs, user can edit it on azure portal, although user may not change any codes in code view, but if user click save button, then the attribute body's format will be changed to json object, then it caused crash.

Refactor `azurerm_network_watcher_flow_log` and add supports for `location` and `tags` (#11670)

This refactors the azurerm_network_watcher_flow_log to using its own separate endpoint - rather than using the configureFlowLog endpoint of the Network Watcher (more details here)

This PR is implemented in a way to avoid breaking changes on the existing instances and ensure backward compatiblility (locally tested).

Besides, I've modified the test cases to make them sequential - the prior implementation actually are still running in parallel at the end.

Fixes: #11587

CHANGELOG.md fix for #11670

BUG: Read on tags incorrectly sets all tag values to last value in EventHub and AppConfiguration (#12062)

Update CHANGELOG.md for #12062

`azurerm_kubernetes_cluster`: Support migration of `service_principal` to `identity` (#12049)

Update changelog for #12049

`monitor_autoscale_setting.html.markdown` - mark `rule` block as optional (#12067)

fix spelling of compatibility in GitHub workflows (#12075)

`azurerm_subscription` - fix ability to specify `DevTest` as `workload` (#12066)

Co-authored-by: Tom Bamford <tbamford@hashicorp.com>

Update CHANGELOG.md for #12066

`api_management_subscription.html.markdown` - added `primary_key` and `secondary_key` to docs (#12092)

`azurerm_kubernetes_cluster`: Support for BYO `kubelet_identity` (#12037)

Update changelog for #12037

Support for Debuggable Provider Binaries (#11855)

fix error creating zone-redundant ip in central us euap (#12080)

The constant [1,2,3] is used to create zone-redundant resource, however, in location Central US EUAP, the available zones are [1,2], then it will throw an exception like the following

error: Code="InvalidAvailabilityZone" Message="The zone(s) '3' for
resource 'Microsoft.Network/publicIPAddresses/acctestpublicip-henglu-02' is not supported. The supported zones for location 'centraluseuap' are '1,2'
It can be easily fixed by using [1,2], it can create zone-redundant resources in Central US EUAP and other locations.

`data.azurerm_synapse_workspace`: Add `identity` attribute #12098

Update changelog for #12098

`azurerm_role_assignment`: Fix assignments to resources (#12076)

Fixes  #12074
Fixes  #12060
Fixes  #12057
Fixes #12079
Fixes #12078
Fixes #12087

Related to/similar for [go-azure-helpers](https://github.com/hashicorp/go-azure-helpers): [this PR](https://github.com/hashicorp/go-azure-helpers/pull/79)

dependencies: vendoring v0.16.5 of github.com/hashicorp/go-azure-helpers (#12116)

* dependencies: vendoring v0.16.4 of github.com/hashicorp/go-azure-helpers

* update to v0.16.5

* go mod tidy

Co-authored-by: kt <kt@katbyte.me>

testing: running tests using Terraform 1.0 (#12118)

docs: update start_date to make example valid (#12121)

if time_grain is "Monthly", then there are 2 conditions
start_date for monthly time grain should not be prior to current month
start_date of the budget cannot be more than 1 year into the future
this fix makes the example valid for a year

`azurerm_data_factory_linked_service_sql_server`: add `key_vault_connection_string` argument (#12117)

* `azurerm_data_factory_linked_service_sql_server`: add `key_vault_connection_string` argument

* Redo the logic a bit

* Add block docs to docs

* And sort those alphabetically

* Address feedback

Update to include #12117

Update CHANGELOG.md for Hotfix release 2.62.1

Guest config docs (#12120)

Co-authored-by: Mark Gray <mark,gray@microsoft.com>

`role_definition.html.markdown` - Swap description for `id` and `role_definition_id` (#12144)

`azurerm_data_factory_linked_service_azure_sql_database`: add `key_vault_connection_string_property` (#12139)

Update changelog for #12139

Support for `composite_index` and `partition_key_version` in `azurerm_cosmosdb_gremlin_graph` (#11693)

CHANGELOG.md for #11693

azurerm_virtual_network_gateway - mark `peering_addresses` as O+C (#11789)

Fixes #11758

remove duplicate property (#12165)

docs: fix allowed values by moving them to name (#12123)

azurerm_data_factory_dataset_azure_blob - support dynamic_filename_enabled & dynamic_path_enabled (#12034)

part of issue #10081 both fold and filename could be dynamic content

CHANGELOG.md for #12034

"azurerm_sentinel_alert_rule_scheduled" - Fix query frequency validation (#12164)

Azure Sentinel have recently expand the query_frequency parameter to support up to fourteen days rather than a 24 hours. Quick bugfix reflects this.

Resolves #12031

Self tested and validated. Can add a test specifically for this if required.

CHANGELOG.md for #12164

"azurerm_virtual_desktop_* version upgrade: 2019-12-10-preview -> 2020-11-02-preview & azurerm_virtual_desktop_host_pool - suppot start_vm_on_connect (#12160)

Upgrade of sdk for "azurerm_virtual_desktop_* + added support for field start_vm_on_connect in "azurerm_virtual_desktop_host_pool"

CHANGELOG.md for #12160

azurerm_data_factory_dataset_delimited_text - supports the `azure_blob_fs_location` property (#12041)

CHANGELOG.md for #12041

Add support for status property of azurerm_eventhub (#12043)

CHANGELOG.md for #12043

streamanalytics version upgrade: 2016-03-01 -> 2020-03-01-preview (#12133)

CHANGELOG.md for #12133

`azurerm_storage_account_customer_managed_key` - allow use of keys from key vaults in remote subscription (#12142)

fixes #6298

CHANGELOG.md for #12142

new resource "azurerm_data_factory_linked_service_kusto" (#12152)

CHANGELOG.md for #12152

new resource "azurerm_data_factory_linked_service_azure_search" (#12122)

CHANGELOG.md for #12122

"azurerm_data_factory_linked_service_data_lake_storage_gen2" - supports property "storage_account_key" (#12136)

this linked service supports three authentication: storage_account_key, service principal, managed identity

this PR add supports for storage_account_key authentication.

Besides, according to docs.microsoft.com/en-us/azure/data-factory/connector-azure-data-lake-storage#linked-service-properties.

url, accountKey is required when using Account key authentication. accountKey not returned in response.
url, servicePrincipalId, servicePrincipalCredential, tenant is required when using service principal authentication
url is needed when using msi authentication.

So I added some limitation for tenant schema.
because accountKey is not returned in response, in the read function, it's hard to know whether users are using Account key authentication or msi authentication. So I removed the d.set("use_use_managed_identity", xxx).

CHANGELOG.md for #12136

Add support for multiple auth types for azurerm_vpn_server_configuration (#12085)

CHANGELOG.md for #12085

AKS azure_policy, StorageAccount min_tls_version, and StorageAccount allow_blob_public_access now supported in Azure China (#12097)

"azurerm_kusto_cluster_customer_managed_key" - supports property "user_identity" (#12135)

CHANGELOG.md for #12135

v2.63.0

Update CHANGELOG.md

Support for `spatial_index` in `azurerm_cosmosdb_sql_container` (#11625)

Fix #8817

--- PASS: TestAccCosmosDbSqlContainer_indexing_policy (1559.79s)

CHANGELOG.md for #11625

Fix acctests in api management (#12173)

.github/workflows: Fix waiting-response label removal (#12188)

`azurerm_monitor_metric_alert`: Support `StartsWith` dimension operator (#12181)

Update changelog for #12181

Migrate GitHub HashiBot release_commenter behavior to GitHub Actions (#12094)

GitHub HashiBot is in the process of being decommissioned in preference of GitHub Actions.

Migrate from GitHub HashiBot pull_request_size_labeler behavior to GitHub Actions (#12189)

new resource - `azurerm_machine_learning_compute_cluster` (#11675)

Fixes #11254

CHANGELOG.md for #11675

`synapse`: Upgrade API to `2021-03-01` and add `data_exfiltration_protection_enabled` argument (#12183)

Fixes #12182

CHANGELOG.md for #12183

Upgrade Go-SDK version to v55.2 (#12153)

CHANGELOG.md for #12153

refactor: moving new components over to the shim

refactor: removing an unused migration

scripts: adding an alias for structure

refactor: migrating `structure` usages over to `pluginsdk`

updating the todo

reverting: LB uses the unaliased importer

I could have sworn I'd done this..

refactor: updating the mssql state upgrader to use the alias

removing a duplicate import

add resource "azurerm_data_protection_backup_policy_postgresql" (#12072)

CHANGELOG.md for #12072

migrate `azurerm_synapse_role_assignment` to support new roles and scopes (#11690)

Co-authored-by: kt <kt@katbyte.me>
fix #10141

in old api version, the only supported role is Workspace Admin, Sql Admin and Apache Spark Admin. The scope is workspace.

in new api version, exsiting roles are renamed and new roles are added, Users could also specify different scope: workspace, spark pool or others (not suported in terraform, so not added in this PR) .

CHANGELOG.md for #11690

New resource: azurerm_eventhub_namespace_customer_managed_key (#12159)

Currently, The EventHub Namespace resource doesn't support to enable customer-managed key encryption. So I submitted this PR to implement it.

The encryption property only can be set on an existing resource.

--- PASS: TestAccEventHubNamespaceCustomerManagedKey_basic (15164.75s)
--- PASS: TestAccEventHubNamespaceCustomerManagedKey_complete (15168.92s)
--- PASS: TestAccEventHubNamespaceCustomerManagedKey_update (15377.69s)
--- PASS: TestAccEventHubNamespaceCustomerManagedKey_requiresImport (15387.40s)

API Reference:
Azure/azure-rest-api-specs@d3a5ab5/specification/eventhub/resource-manager/Microsoft.EventHub/preview/2021-01-01-preview/namespaces-preview.json#L662

CHANGELOG.md for #12159

Support for `client_certificate_enabled`, `gateway_disabled`, `min_api_version` and `zones` in `azurerm_api_management` (#12125)

Fix #8529

CHANGELOG.md for #12125

`azurerm_data_factory` - support for `global_parameter` (#12178)

Update changelog for #12178

azurerm_postgresql_flexible_server - Remove invalid possible value for the `zone` argument (#12218)

"azurerm_kubernetes_cluster" and "azurerm_kubernetes_cluster_node_pool" supports "kubelet_config", "linux_os_config" (#11119)

Co-authored-by: Matthew Frahry <mbfrahry@gmail.com>
two new blocks in node pool: kubelet_config and linux_os_config

linux_os_config contains a sub block "sysctl_config", which could set the the kernel parameters, could refer to kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster

this two blocks are forcenew fields, if we try to update it, the rest api will report error code: CustomKubeletConfigOrCustomLinuxOSConfigCanNotBeChanged.

CHANGELOG.md for #11119

New Resource - `azurerm_kubernetes_cluster_pod_identity` (#11492)

* new resource "azurerm_kubernetes_cluster_pod_identity"

* update

* rebase and refactor the codes

* update

* add link to terraform plugin sdk issue

* rebase

Update CHANGELOG.md for #11429

`azurerm_stream_analytics_job` - add supports for `identity` (#12171)

Fixes #12096

CHANGELOG.md for #12171

Support for `spatial_index` in `azurerm_cosmos_gremlin_graph` (#12176)

CHANGELOG.md for #12176]

Revert "New Resource - `azurerm_kubernetes_cluster_pod_identity` (#11492)"

This reverts commit db2d2a109f0d18f5fe325d1db6777a271226d1e1.

reverting #11429

New Resource: `azurerm_data_factory_linked_service_odata` (#11556)

Update changelog for #11556

`azurerm_lb` - fix zone behaviour bug introduced in recent API upgrade (#12208)

* fix zone behavior change for loadbalancer

* add test for availability_zone

* add test for single zone

* Apply document suggestions from code review

Co-authored-by: WS <20408400+WodansSon@users.noreply.github.com>

* fix acctest test

* add todo for replacing hardcode with getting zone list by resource api

* remove comments

Co-authored-by: WS <20408400+WodansSon@users.noreply.github.com>

Update CHANGELOG.md for #12208

azurerm_container_registry - Support for zone_redundancy_enabled for both the ACR and each georeplications block

Co-Authored-By: Tom Bamford <tom@bamford.io>

container_registry_resource: add nil checks and minor doc wording

Changelog for #11706

Updated link to ignore_changes documentation (#12239)

New datasource: `azurerm_key_vault_secrets` (#12147)

Co-authored-by: kt <kt@katbyte.me
Fixes #12146

CHANGELOG.md for #12147

Fix reference to data source in outputs block (#12248)

Issue is described in #12249

Azure does not support changing a load balancer ID on an existing resource.
Resource needs to be recreated to update this value.

I have tested this locally and confirmed the desired result:

CHANGELOG.md for #12250

Support for `share_properties` in `azurerm_storage_account` (#12103)

Fix #7115

All tests have passed.

CHANGELOG.md for #12103

New resource `azurerm_api_management_redis_cache` (#12174)

Fix #4765

--- PASS: TestAccApiManagementCache_basic (1980.64s)
--- PASS: TestAccApiManagementCache_requiresImport (2013.39s)
--- PASS: TestAccApiManagementCache_complete (1991.81s)
--- PASS: TestAccApiManagementCache_update (2277.54s)

CHANGELOG.md for #12174

New Resource `azurerm_virtual_desktop_application` (#12077)

Co-authored-by: Alex Wilcox <alex.wilcox@cloudsecure.ltd>
Co-authored-by: Alex W <alex54456@gchq.gov.uk>

Resolves #11722

I'll mark this no longer a draft when I have tests and documentation in place.
Also do I need the schema migration functions? I added them as all the other desktop virtualization resources have one but I wasn't sure if this is needed for a brand new resource?

Thanks

CHANGELOG.md for #12077

azurerm_application_gateway  - correctly poopulat the `identity` block (#12226)

This PR fixes the helper flatten/expand functionality of the userAssigned identity in the identity package. Meanwhile, also fixes the only place that the prior errorneous user assigned identity is used, namely the azurerm_application_gateway data source.

CHANGELOG.md for #12226

Update to azurerm virtual machine boot diagnostic block (#12206)

Fix missing schema definition in terraform state (#12039)

Add support for Swagger based schema definitions.

Additional changes:

add checks in test that verify, that state includes requested schema
wait in resourceApiManagementApiSchemaCreateUpdate until resource is created to avoid race with following GET, which results in inconsistent state (resource created but not present in state)
add suppress.JsonDiff for suppression of non-essential changes in JSON's
Fixes #12002.

CHANGELOG.md for #12039

Update CHANGELOG.md

CHANGELOG.md for #11690

improve docs for virtual WAN resources (#12259)

Co-authored-by: kt <kt@katbyte.me>

v2.64.0

update Go SDK to v55.3.0

extend the `azurerm_security_center_server_vulnerability_assessment` delete timeout

updating to include #12263

"azurerm_data_factory" - migrate to the correct ID format when resource name is in upper case

data_factory: use uppercase in test resource names

Changelog for #12128

refactor: updating the imports for Plugin SDK2

dependencies: vendoring v2.6.1 of github.com/hashicorp/terraform-plugin-sdk

refactor: minimum viable changes necessary for PluginSDK2 to work

updating the task list

removing the azuread provider

go mod vendor

refactor: removing the dependency on github.com/hashicorp/terraform-plugin-sdk/acctest

removing github.com/hashicorp/terraform-plugin-sdk/helper/acctest

updating the todo's

typed resources: support for diagnostics

updating github.com/Azure/go-autorest to latest

reverting a couple of replacement issues

sdk: fixing the unit tests

Plugin SDKv2 now correctly outputs the `%` value which was omitted from Plugin SDK v1
so patching the tests to account for it

refactor: updating WaitForState to use WaitForStateContext

linting fixes

linting

provider: usign the passed-in context

r/data_factory_linked_service_odata: refactoring to use Plugin SDKv2

dataprotection: upgrading to Plugin SDKv2

synapse: upgrading to Plugin SDKv2

r/api_management_redis_cache: updating to use the pluginsdk alias

provider: matching the behaviour of AAD

removing the plugin sdk2 todo

Update azurerm/internal/acceptance/testcase.go

Co-authored-by: Tom Bamford <tbamford@hashicorp.com>

Update azurerm/internal/provider/provider.go

Co-authored-by: Tom Bamford <tbamford@hashicorp.com>

Update azurerm/internal/provider/provider.go

Co-authored-by: Tom Bamford <tbamford@hashicorp.com>

Update azurerm/internal/sdk/wrapper_resource.go

Co-authored-by: Tom Bamford <tbamford@hashicorp.com>

fixing the linting

updating to include #12209

Fix backup_policy_vm documentation (#12270)

sdk: upgrading the Eventhub SDK to 2021-01-01-preview

eventhub: updating to the latest sdk changes

updating to include #12290

linting: ignoring the RetryError funcs for the moment (#12275)

Fix `long_term_retention_policy` validation and expansion (#12198)

Policy Definition Groups Update on when changed (#12279)

testing: registering the AzureAD Provider

Turns out in Plugin SDK2 that providers which aren't imported need to be registered,
as such this commit does that - so that those tests pass again.

Add support for the categories property of azurerm_security_center_assessment_metadata (#12278)

Currently, azurerm_security_center_assessment_metadata cannot set the categories of resource that is at risk when the Security Center Assessment is unhealthy. So submitted this PR to support it.

--- PASS: TestAccSecurityCenterAssessmentMetadata_complete (164.20s)
--- PASS: TestAccSecurityCenterAssessmentMetadata_basic (165.24s)
--- PASS: TestAccSecurityCenterAssessmentMetadata_categories (166.01s)
--- PASS: TestAccSecurityCenterAssessmentMetadata_update (270.68s)

CHANGELOG.md for #12278

azurerm_express_route_circuit_peering -  support for bandwidth_in_gbps, express_route_port_id (#12289)

Co-authored-by: neil-yechenwei <yechenwei2007@126.com>
Co-authored-by: xuzhang3 <Zhangxu894765>

CHANGELOG.md for #12289

Support for azurerm_kusto_iothub_data_connection missing table_name, mapping_rule_name, data_format (#12293)

Changelog for #12293

New Resource - `azurerm_hpc_cache_blob_nfs_target` (#11671)

CHANGLOG.md for #11671

New resource: `azurerm_nat_gateway_public_ip_prefix_association` (#12353)

In order to align behavior between Public IP association and Public IP
Prefix association to NAT Gateway I'd like to introduce a new virtual
resource (similar to the one added in #6450 and #7106).

At the same time adding deprecation warning to public_ip_prefix_ids in
NAT Gateway.

CHANGELOG.md for #12353

Update `azurerm_linux|windows_virtual_machine` - enable update for `proximity_placement_group_id` (#11790)

Fixes #11515

CHANGELOG.md for #11790

identity - support `SystemAssignedUserAssigned` (#12230)

fix: wrong order of arguments and attributes (#12350)

CHANGELOG.md for #12220

add resource "azurerm_data_protection_backup_instance_postgresql"

rename policy_id to backup_policy_id

fix acc test

Add StateChangeConf

support plugin sdk v2

replace deprecated func

fix bug

remove response.WasNotFound check

remove vault_name, use valut_id

Update website/docs/r/data_protection_backup_instance_postgresql.html.markdown

v2.65.0

empty changelog for 2.66.0

Fix migrating-to-azuread guide documentation (#12365)

Markdown issue for `Updating the Provider block` subheading.

azurerm_hdinsight_kafka_cluster no longer panics from an empty component_version (#12261)

Co-authored-by: Xiaochuan Gong <xiaochuan.gong@grabtaxi.com>

CHNAGELOG>md for #12261

"azurerm_lighthouse_definition" - supports block "plan" (#12360)

this "plan" property is used to bind a marketplace plan. It needs the permission of partner center. Users could refer to docs.microsoft.com/en-us/azure/lighthouse/concepts/managed-services-offers.

to run the acctest, we need to pass the variables about marketplace offer through env

CHNAGELOG.md for #12360

`azurerm_app_service` - fix app_setting and SCM setting ordering (#12280)

Update CHANGELOG.md for #12280

Updated Azure Hybrid Benefit Link (#12397)

Fix acctest "TestAccAzureRMApiManagementGroupUser" (#12382)

fixed azurerm_spatial_anchors_account tags argument always forces replacement of spatial_anchors_account resource #11037 (#11985)

CHANGELOG.md for #11985

Fix issue labelling (#12393)

new resource "azurerm_data_factory_linked_custom_service" (#12224)

fix #9860
fix #9431

a generic resource for data factory linked service. Users could use a json string and construct a specific type linked service.
the same with azure cli implementation docs.microsoft.com/en-us/cli/azure/datafactory/linked-service?view=azure-cli-latest#az_datafactory_linked_service_create

there are some sensitive properties in property_json not returned in the response, so not set it in read function and no supressDiff func.

CHANGELOG.md for #12224

New resource `azurerm_api_management_api_operation_tag` (#12384)

CHANGELOG.md for #12384

Support for `client_certificate_id` in `azurerm_api_management_backend` (#12402)

CHANGELOG.md for #12402

`azurerm_site_recovery_replicated_vm` - Add support for `target_disk_encryption_set_id` in `managed_disk` (#12374)

Update changelog for #12374

azurerm_batch_account - support for public_network_access_enabled (#12401)

CHANGELOG.md for #12401

r/cognitive_services: updating to API Version `2021-04-30` & conditionally purging soft deleted accounts during deletion (#12281)

Fixes #12258

CHANGELOG.md for #12281

New resource: azurerm_express_route_connection (#11320)

CHANGELOG.md for #11320

Support for `revision_description`, `version_description` and `source_api_id` in `azurerm_api_management_api` (#12266)

Fix #12265

CHANGELOG.md for #12266

new resource "azurerm_data_factory_trigger_blob_event" (#12330)

fix #7574

CHANGELOG.md for #12330

Fix `Default value must be present in the list of values` when defaultValue is not set in `azurerm_api_management_api_operation` (#12306)

Fix #12295

New resource azurerm_express_route_circuit_connection (#11303)

Co-authored-by: xuzhang3 <Zhangxu894765>
Co-authored-by: neil-yechenwei <yechenwei2007@126.com>

CHANGELOG.xmd for #11303

Add None to compression types (#12409)

In the Azure UI Compression type includes the option None from the dropdown. Not sure why it's not an available option.

Fix typo in docs (#12404)

dependencies: upgrading github.com/hashicorp/terraform-plugin-sdk to 2.7.0 (#12427)

Required to test with Terraform 1.0.1 (which is now installed in Github Actions by default)

policy: fixing and superseding `azurerm_policy_assignment` (#12349)

Update changelog for #12349

"azurerm_kubernetes_cluster" supports "fips_enabled", "kubelet_disk_type", "license" and "azurerm_kubernetes_cluster_node_pool" supports "fips_enabled", "kubelet_disk_type" (#11835)

CHANGELOG.md for #11835

New resource: azurerm_tenant_configuration (#11697)

Update CHANGELOG.md for #11697

Data Source: `azurerm_app_service_environment_v3` - fix id processing for Read (#12436)

Update CHANGELOG.md for #12436

Add missing advanced filter operators

* add string_not_ends_with, string_not_begins_with, string_not_contains

Add missing advanced filter operators

* add is_not_null, is_null_or_undefined, number_in_range, number_not_in_range

fix lint findings

Fix whitespace

Test and documentation for azurerm_eventgrid_system_topic_event_subscription

Fix panic due to invalid conversion

* Fix interface conversion
* Fix invalid address error on number_not_in_range

Split test resources for eventgrid subscription filters to avoid maximum value count imposed by API. Add customizediff function to catch at plan time.

Changelog for #12167

tests/provider: Fix tfproviderlint R006 ignore comments (#12446)

The heuristics within `tfproviderlint` cannot determine that `github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/pluginsdk.RetryableError` is equivalent to `github.com/hashicorp/terraform-plugin-sdk/helper/resource.RetryableError` for the `R006` pass. Until an enhancement can potentially be made to allow passing an alias package path, this fixes the ignore comment to be at the end of the anonymous function definition since it is within a wrapping function call and allows the report to be properly skipped.

`azurerm_traffic_manager_endpoint` - supports for `min_child_endpoints_ipv4` and `min_child_endpoints_ipv6` (#12400)

CHANGELOG.md for #12400

v2.66.0

docs: rename monitor_action_group to fix refs (#12457)

Updated storage share directory name regex to allow underscore (#12454)

* updated storage share directory name regex to allow underscore

* updated storage share directory name regex to allow underscore

update changelog.md for #12454

Update security_center_subscription_pricing docs (#12481)

Updated changelog for #12481

`azurerm_storage_management_policy` - fix panic in slice/array return (#12487)

update CHANGELOG.md for #12487

docs: constraint on contacts in notification block (#12471)

azurerm_storage_account - add ForceNew to account_replication_type (#12479)

* update account_replication_type property in storage_account_resource with ForceNew true

* Updated azurerm_storage_account doc

Updated changelog for #12479

service/kusto: fix APRACHEAVRO data_format validation (#12480)

Updated changelog for 12480

make additional locations not ForceNew

add additional locations update test

goimports sorting

Changelog for #12468

azurerm_network_watcher_flow_log - document update import directives (#12498)

adding #12497

* Rename resource and deprecate the old one

* Raise the undead code...

Updating to include #12497

Use Consumption_0 to speed up tests

`azurerm_api_management_gateway`: new resource/data source (#12297)

* `azurerm_api_management_gateway`: resource and data source

* fix test double quote

* Update azurerm/internal/services/apimanagement/api_management_gateway_resource.go

* Update azurerm/internal/services/apimanagement/api_management_gateway_resource.go

* Update azurerm/internal/services/apimanagement/api_management_gateway_resource.go

* Update azurerm/internal/services/apimanagement/api_management_gateway_resource.go

* Update website/docs/d/api_management_gateway.html.markdown

* Update website/docs/d/api_management_gateway.html.markdown

* Update website/docs/d/api_management_gateway.html.markdown

Co-authored-by: Tom Bamford <tom@bamford.io>

Changelog for #12297

`azurerm_site_recovery_replicated_vm ` - Fix potential crash in reading `managed_disk` properties (#12509)

Update CHANGELOG.md for #12509

`azurerm_automation_dsc_nodeconfiguration` - fix typo in config (#12517)

Fix azurerm_automation_variable type parsing logic (#12511)

Update CHANGELOG.md for #12511

Avoid panic if RG or ASE do not exist when creating an App Service (#12518)

Since the `Get` function of the `AppServices` client does not return an
error if the resource is not found, the code behaves as if everything is
fine and attempts to access fields of a struct that have not been
un-marshalled, since the API responded with 404.

Update CHANGELOG.md for #12518

azurerm_data_factory_dataset_parquet - azure_blob_storage_location.filename is now optional (#12414)

CHANGELOG.md for #12414

Add support for the categories property of azurerm_security_center_assessment_policy (#12383)

The PR 12278 has been merged for supporting "categories" in azurerm_security_center_assessment_metadata. Seems I also need to add support for the categories property in azurerm_security_center_assessment_policy. Could you help have an another review? Thanks in advance.

--- PASS: TestAccSecurityCenterAssessmentPolicy_categories (181.28s)
--- PASS: TestAccSecurityCenterAssessmentPolicy_complete (182.80s)
--- PASS: TestAccSecurityCenterAssessmentPolicy_basic (183.52s)
--- PASS: TestAccSecurityCenterAssessmentPolicy_update (285.11s)

CHANGELOG.md for #12383

`azurerm_postgresql_flexible_server` update postgres flexserver api version to 2021-06-01 (#12405)

Changes:

Update flexserver api version to 2021-06-01
Complete flexserver tests use postgres version 13 now
Noteworthy Changes:

cmk_enabled (byokEnforcement) is not exposed in 2021-06-01 anymore
Postgres version 13 also available now
effected resources

azurerm_postgresql_flexible_server
azurerm_postgresql_flexible_server_firewall_rule
Datasource: azurerm_postgresql_flexible_server
This PR address:

Support PostgreSQL Flexible Server Version 13 #12375
New Resource azurerm_postgresql_flexible_server_configuration #12294
Support for postgresql flexible server database, configuration and firewall_rule #11538

CHANGELOG.md for #12405

add deprecation meesage for "azurerm_data_factory_integration_runtime_managed" (#12499)

Use d.GetOk to set the parameters property of azurerm_bot_connection (#12500)

Currently, the TCs related with BotService Connection are failed. After investigated, seems currently the API behavior would fail to create bot connection when the parameters property is []. After checked, seems currently this property is optional and it would be set as [] in TF when it isn't specified in tfconfig. I assume we should use d.GetOk() for this optional property. So I submitted this PR to fix this issue.

backup_policy_vm_resource - Corrected error message (#12526)

azurerm_hdinsight_kafka_cluster - corrected property name to tls_min_version in docs (#12525)

fixes #10183

api_management - Removed policy block from api_management docs example (#12524)

fixes #9908

azurerm_kusto_eventhub_data_connection - Add $Default as a valid name for consumer_group (#12523)

fixes #11958

Remove validation for null_value (#12410)

Co-authored-by: kt <kt@katbyte.me>

Updated azurerm_machine_learning_compute_cluster documentation (#12508)

* Updated documentation

* Reverted documentation change for subnet resource id. Change will be done in separate PR.

include fix for #9785

* Current progress

* Enable CMK working

* Add validation for cmk

* Add nil check for amlWorkspaceID

* Attempt to fix complete test case

* remove maxitems from storage_account_identity

* Fix lint errors

* Modify test TestAccDatabricksWorkspace_update

* Remove the set for ui_definition_uri

* Update test cases

* Add test cases for new attributes

* Fixing test again

* Commenting out unused test code for now

* Update azurerm/internal/services/databricks/databricks_workspace_resource.go

Co-authored-by: kt <kt@katbyte.me>

* Update azurerm/internal/services/databricks/databricks_workspace_resource.go

Co-authored-by: kt <kt@katbyte.me>

* Update azurerm/internal/services/databricks/databricks_workspace_resource.go

Co-authored-by: kt <kt@katbyte.me>

* Address PR comments...

* Update validation checks

* Fix lint error

* Refactoring validation for readability

* Refactor the world

* Fixing my dyslexia in my uber comment...

* Update tests

* Bug fix

* Moved managed CMK code

* Remove computed from custom_parameters

* Revert update to custom_parameters

* Enable CMK tests

* Middle of massive refactor to new resource

* Moved to new resource

* terrafmt documentation

* Fix test case

* Add new step to test case

* Update import test

* Update import test

* Update importer setId

* Additional test updates

* Fix lint errors

* Import fix

* moved cmk out of custom params

* terrafmt

* Another terrafmt

* Update tests to validate parent resource

* Update CMK to always pass all custom params

* Fixing my dyslexia again

* Update delete to pass all params

* Add dependency on CMK for access policy

* Wait a minute... Strike that. Reverse it.

* no_public_ip cannot be changed once set

* Fix invalid update and infra tests

* Fix test cleanup configurations

* Fix update test as everything is force new

* Trying unhook the associations so destroy works

* Remove just the subnet delegation

* Delete the NSG first the the delegation

* Remove assoc order

* Modify step one of cleanup

* Disable no public ip in clean up

* remove deprecated attributes from tests

* Documentation update only...

* Remove the local specific URL from the docs...

* Address PR comments

* Force databricks deletion first

* Remove fix for broken tests

* add workspace dependency on nsg

* Strike that, reverse it...

* Not the NSG the NSGA

Co-authored-by: kt <kt@katbyte.me>

update to include #12331

adjust keyvault url validation (#12529)

fix typo and acctest for `azurerm_data_factory_integration_runtime_self_hosted` (#12532)

v2.67.0

empty changelog for 2.68.0

Update BotService SDK to 2021-03-01 (#12449)

Update BotService SDK to 2021-03-01. Mainly in order to support new introduced properties and resources.

I've rerun the TCs to avoid regression issue. Below is the test result and it's same with the test result which doesn't involve this PR. So although there is failed tc in test result, but I think it isn't related with this PR.

CHANGELOG.md for #12449

azurerm_cognitive_account supports identity storage disable_local_auth fqdns public_network_access_enabled and restrict_outbound_network_access (#12469)

azurerm_cognitive_account supports identity storage disable_local_auth fqdns public_network_access_enabled and restrict_outbound_network_access

The tests are listed as the followings.

CHANGELOG.md for #12469

Changelog for #12309

Support for `data_masking` in `azurerm_api_management_api_diagnostic` (#12419)

Fix #12418

CHANGELOG.md for #12419

Fix breaking change of  requiring `private_dns_zone_id` in `azurerm_postgresql_flexible_server` (#12288)

Fix #12053

CHANGELOG.md for #12288

Support for `value_from_key_vault` in `azurerm_api_management_named_value` (#12309)

Fix #10416

Fix windows function apps on premium plans (#12553)

The settings WEBSITE_CONTENTAZUREFILECONNECTIONSTRING and WEBSITE_CONTENTSHARE are required for windows function apps on Premium V1/V2/V3 plans. Currently Terraform removes these settings when functions are hosted on premium plans rendering the function useless as it can't find its code.

This PR checks for the prefix of premium to handle the case when further premium plans are released.

Ref: docs.microsoft.com/en-us/azure/azure-functions/functions-app-settings#website_contentazurefileconnectionstring
Ref: docs.microsoft.com/en-us/azure/azure-functions/functions-app-settings#website_contentshare

fix tflint errors (#12554)

network_watcher_flow_log - truncate name in case length larger than 80 (#12533)

This PR "silently" truncate the name of the network watcher flow log (which is now constructed by combining the resource group name and the NSG name) to be less than 80 in length, which is required by the flow log API. This might be needed since otherwise the users will have to tune the length of the resource group name or the NSG name, in order to make the flow log API happy, which is kind of weired.

However, there are some further concerns:

If the name pattern of the resource group name or the NSG name doesn't conform to the flow log pattern, there is nothing can be done in the provider code to work around that
Before the refactoring in Refactor azurerm_network_watcher_flow_log and add supports for location and tags #11670, the configureFlowLog endpoint is used to create the flow log. The created flow log CAN has name longer than 80 in length. This means if we merge this PR, it will break the users who created a long name flow log prior to Refactor azurerm_network_watcher_flow_log and add supports for location and tags #11670, and wants to use the latest provider to import that resource.
Once we are in v3, we can remove all these hairy code and expose the name property, adding any constraint (length, pattern) on the name.

Fix #12460 (blocking an enterprise customer).

Upgrade Go-SDK to v55.5.0 (#12435)

CHANGELOG.md for #12435

Tooling: TeamCity cron based scheduling (#12549)

azurerm_powerbi_embedded - add mode attribute to support Gen2 (#12394)

* Update PBI SDK to 2021-01-01

* mode for powrebi embedded

* Doc

* Linting

* Tidy up powerbi tests

* Fix tflint

Co-authored-by: Tom Bamford <tom@bamford.io>

Changelog for #12394

New Resource `azurerm_postgresql_flexible_server_configuration` (#12294)

* Add New Resource azurerm_postgresql_flexible_server_configuration (#11538)

Signed-off-by: Nick Metz <nick.metz@ptvgroup.com>

* PR: #12294
- use server_id instead of server_name in postgresql_flexible_server_configuration resource
- construct id for d.SetId(id.ID()) by FlexibleServerConfigurationId in
update func
- remove error prefix of error messages
- improve error messages while update, delete, wait
- use state.ID in tests and rename test func according to convention
- update documentation remove resource group and server_name, add server_id
- validate name and value is not empty
- remove checking resource not found at deletion

Signed-off-by: Nick Metz <nick.metz@ptvgroup.com>

* Rename resource files, tidy up error messages

Co-authored-by: Tom Bamford <tom@bamford.io>

Changelog for #12294

Don't allow license_type to be set for serverless SQL databases (#12555)

Serverless databases do not support a license type[0]. When we pull the
database information from the API, `licenseType` is set to `null`, which
causes plans to always have a pending change when users set
`license_type`.

This change causes the provider to throw an error before creating (or
updating) the resource.

[0]: https://docs.microsoft.com/en-us/azure/azure-sql/azure-hybrid-benefit

Changelog for #12555

azurerm_redis_cache: support the maintenance_window property (#12472)

Changelog for #12472

Add os_type validation string for Windows function app, where input is an empty string

azurerm_function_app: default value for `os_type`

Changelog for #12482

`azurerm_databricks_workspace` - Add test case for API regression (#12601)

AccTests: update cron days (#12602)

Fix un-necessary VMSS instance rolling request (#12590)

Rolling VMSS instances when upgrade mode is set to `Automatic` is only
allowed of the image version is set to `latest`, otherwise we get the
following error:

```
The OS Rolling Upgrade API cannot be used on a Virtual Machine Scale Set unless the Virtual Machine Scale Set has some unprotected instances which have imageReference.version set to latest.
```

This change makes sure we only roll instances if the image version is
`latest`. The VMSS will roll instances on its own for non-latest images
as long as upgrade_type is set to `Automatic`.

Changelog for #12590

New resource `azurerm_api_management_api_release` (#12562)

Changelog for #12562

new resource "azurerm_synapse_private_link_hub" (#12495)

* Add support for Synapse Private Link Hub resources

Signed-off-by: Owen Farrell <owen.farrell@gmail.com>

* Apply suggestions from code review

Co-authored-by: Tom Bamford <tom@bamford.io>

* Apply acceptance test suggestions from code review

Co-authored-by: Tom Bamford <tom@bamford.io>

* Autogenerate Synapse Private Link Hub ID source

Signed-off-by: Owen Farrell <owen.farrell@gmail.com>

* Test import of Synapse Private Link Hub

Signed-off-by: Owen Farrell <owen.farrell@gmail.com>

Co-authored-by: Tom Bamford <tom@bamford.io>

Changelog for #12495

`azurerm_subnet_network_security_group_association` fix potential deadlock when using multiple association resources. (#12267)

Update CHANGELOG.md for #12267

Fix issue triage labelling and waiting-response handling

repo-token should be github_token

remove labels individually

azurerm_container_registry: allowing the principal_id and tenant_id to be exported (#12378)

This is to help issue #9955 by adding support to expose the prinicpal_id and tenant_id from the container registry identity block with systemAssigned managed identities.

CHANGELOG.md for #12378

add resource "azurerm_data_protection_backup_policy_disk" (#12361)

To address this issue: #11768
The tests are listed as the following.

CHANGELOG.md for #12361

Data source - Added for azurerm_local_network_gateway (#12579)

fixes #10834

CHANGELOG.md for #12579

azurerm_cognitive_account supports ignore_missing_vnet_service_endpoint (#12600)

CHANGELOG.md for #12600

Update CHANGELOG.md

new resource "azurerm_data_factory_custom_dataset" (#12484)

generic resource about dataset

notes:

according to the service team, structure is deprecated and schema is prefered. So in this resource, I didn't imeplement structure property.
schema is type interface, according to the service team, it could be either a object or an array. So I also made it a json string. In the acctest, both cases are covered.

CHANGELOG.md for #12484

Support for `user_assigned_identity_id` in `azurerm_storage_account_customer_managed_key` (#12516)

Close #12489

CHANGELOG.md for #12516

Update `azurerm_maintenance_configuration` / New resource `azurerm_maintenance_assignment_virtual_machine_scale_set` (#12273)

Update to the latest maintenance API version
Add support for visibility, window and properties
New resource azurerm_maintenance_assignment_virtual_machine_scale_set

CHANGELOG>md for #12273

Don't force new resource when modifying additional subnet IDs of azurerm_api_management (#12611)

Adding and removing subnet IDs (via the additional_locations block)
should not result in a new api management resource.

CHANGELOG.md for #12611

`azurerm_key_vault_access_policy`: Extra nil check to prevent crash  (#12576) (#12616)

Fixes #12576

CHANGELOG.md for #12616

Infrastructure Encryption Fix (#12614)

"azurerm_data_factory" - supports property "managed_virtual_network_enabled" (#12343)

fix #10542

CHANGELOG.md for #12343

`azurerm_data_factory_dataset_binary`: New resource (#12369)

CHANGELOG.md for #12369

r/`machine_learning_compute_cluster`: make `subnet_resource_id` optional (#12558)

PR to address complaint in #12508 that subnet_resource_id is not really optional.

CHANGELOG>md for #12558

v2.68.0

`make goimports` support Linux (make `sed` option OS-aware) (#12571)

* make the sed OS-aware in goimport-file.sh & run it

* refine

* refine per review

Bump azure-sdk to 55.6 (#12565)

Co-authored-by: xuzhang3 <Zhangxu894765>

Update CHANGELOG.md for #12565

policy: fix typo in example usage (#12634)

Support for `high_availability` in `azurerm_postgresql_flexible_server` (#12587)

* update

* revert

* update

* update

* Fix unneeded dereference

* update

Co-authored-by: Tom Bamford <tom@bamford.io>

Changelog for #12587

Rename Private Link Hub source files per convention

Signed-off-by: Owen Farrell <owen.farrell@gmail.com>

azurerm_data_factory_integration_runtime_azure_ssis - support public_ips, express_custom_setup, package_store, proxy (#12545)

* enhancement for `azurerm_data_factory_integration_runtime_azure_ssis`

* remove unnecessary trailing newline

* update

* refactor "env" to "environment"

CHANGELOG>md for #12545

"azurerm_data_factory_integration_runtime_azure" - supports property "virtual_network_enabled" (#12619)

CHANGELOG.md for #12619

Support azurerm_api_management_named_value.

updating to include #12641

r/eventhub_authorization_rule: only returning an error when there's an error

This fixes #12387 by conditionally returning the error rather than always when
this is nil.

updating to include #12642

New resource - `azurerm_batch_job` (#12573)

Fixes #7862.

CHANGELOG.md for #12573

azurerm_bot_channels_registration - support for cmk_key_vault_url, description, icon_url, isolated_network_enabled (#12560)

CHANGELOG.md for #12560

add resource "azurerm_data_protection_backup_policy_blob_storage" (#12362)

To address issue : #12318 and #12389

CHANGELOG.MD FOR #12362

new resource "azurerm_data_factory_managed_private_endpoint" (#12618)

fix #12364

CHANGELOG.md for #12618

updating to use Go 1.16.6

`azurerm_kubernetes_cluster`: Support for downgrade `sku_tier`

remove default `sku_tier` value from testcase

updating to include #12651

synapse: embedding a Track1 Data Plane SDK

Return an error when ssl policy is not properly configured (#12647)

Azure does not allow setting disabled protocols when using a custom or a
predefined policy type. Up until now when a user supplied both the
provider silently ignored the policy type changed and kept only the
disabled protocols configuration.

This change throws an error durring the planning phase instead and asks
the user to fix their configuration.

Changelog for #12647

cosmosdb sql function docs fix (#12662)

* cosmosdb sql function docs fix

* rename the file to the correct value

Add support for maintenanceWindow property of azurerm_redis_cache data source (#12666)

* Add support for maintenanceWindow property of azurerm_redis_cache data source

* update code

Changelog for #12666

fix additional properties for

Changelog for #12664

fix crash when create compute cluster without specifying subnetId (#12658)

* fix crash when create machine learning compute cluster without specifying subnetId

* add nil-check on props

Changelog for #12658

"azurerm_data_factory_integration_runtime_azure_ssis" - supports "key_vault_password", "key_vault_license" for "express_custom_setup" (#12659)

for the "express_custom_setup", "command_key" and "component" supports key vault secret reference, this PR adds support for this feature.

CHANGELOG.md for #12659

New Resource: azurerm_signalr_service_network_acl (#12434)

Currently, azurerm_signalr_service doesn't support to set network access control for SignalR.

After investigated, I think we cannot implement the networkACL property in azurerrm_signalr_service. Because service team confirmed that we must create private endpoint (Here private endpoint is created by azurerm_private_endpoint) which is referencing the existing SignalR resource (Here signalr resource is created by azurerm_signalr_service) first before updating the networkACL.privateEndpoint property of the existing SignalR resource. If we implement networkACL.privateEndpoint in azurerm_signalr_service, it would cause the issue of circular reference between azurerm_private_endpoint and azurerm_signalr_service. So we have to make this property as a separate resource.

Overview:
docs.microsoft.com/en-us/azure/azure-signalr/howto-network-access-control

CHANGELOG.md for #12434

New Resource: azurerm_bot_channel_web_chat (#12672)

CHANGELOG.md for #12672

GHA: disable whitespace linter and update job params (#12690)

Updated account_replication_type validation (#12645)

Updated changelog for #12645

Enabling advanced_filtering_on_arrays_enabled (#12609)

* enabling advanced_filtering_on_arrays_enabled

* fixing the pointer instead of bool

* updated test case `advanced_filtering_on_arrays_enabled`

* fixing the bool assignment

* default to false

* Enabling advanced_filtering_on_arrays_enabled on event grid system subscription

* Fixing format by terrafmt fmt

* fixing golint

* Resolving wordings for doc

Co-authored-by: Tom Bamford <tom@bamford.io>

* Resolving wordings for doc

Co-authored-by: Tom Bamford <tom@bamford.io>

Co-authored-by: Tom Bamford <tom@bamford.io>

Changelog for #12609

support for Azure Event Hubs Namespace Premium tier (#12695)

Adds support for the Premium tier of the event hubs namespace resource.
It is not possible to actually move from/to that tier so setting the sku
to `Premium` forces the resource to be re-created.

This will also throw an error if someone attempts to create a premium
namespace without setting zone_redundant to true.

Changelog for #12695

New resource: azurerm_virtual_network_dns_servers

New resources: azurerm_active_directory_domain_service and azurerm_active_directory_domain_service_replica_set

Documentation for azurerm_active_directory_domain_service

Review: use common base64 string validation func in log_analytics_storage_insights resource

Review: trim attribute naming boilerplate, add a comment rationalising the test

Remove DONOTDELETE tag from test configs, change resource group name prefix

Remove support for the `resource_forest` block until we have a way to test it

aadds: improve wording for filtered_sync property

Note in docs clarifying the supported operation modes for Domain Services

Changelog for #10782

Adding #12687

* azurerm_kusto_eventgrid_data_connection
Adding validation support for ORC

* Adding all other data formats support for EventGrid
according to
https://github.com/Azure/azure-rest-api-specs/blob/master/specification/azure-kusto/resource-manager/Microsoft.Kusto/stable/2020-09-18/kusto.json

* adding supported format to the documentation

Updating to include #12687

New resource: azurerm_api_management_gateway_api (#12398)

* added the azurerm gateway and azurerm gateway api resource

Signed-off-by: Paul Plavetzki <paul@pareidolia.io>

* fixed some linting errors

Signed-off-by: Paul Plavetzki <paul@pareidolia.io>

* removed dups

Signed-off-by: Paul Plavetzki <paul@pareidolia.io>

* updating the tests

Signed-off-by: Paul Plavetzki <paul@pareidolia.io>

* updated test script

Signed-off-by: Paul Plavetzki <paul@pareidolia.io>

* fixed import issues

Signed-off-by: Paul Plavetzki <paul@pareidolia.io>

* updated based on feedback from pr

Signed-off-by: Paul Plavetzki <paul@pareidolia.io>

* updated tests

Signed-off-by: Paul Plavetzki <paul@pareidolia.io>

* fixed all tests

Signed-off-by: Paul Plavetzki <paul@pareidolia.io>

Changelog for #12398

v2.69.0

eventhubs: removing direct usages on the Azure SDK for Eventhub

r/eventhub_namespace: removing the old azure sdk usage

dependencies: removing the old eventhubs sdk

Add reference to official databricks provider

Update active_directory_domain_service.html.markdown

`name` is deprecated in `azuread_group` - replaced with `display_name`

`r/logic_app_workflow`: add extra nil checking

`azurerm_eventgrid_event_subscription` docs: Add missing newline (#12712)

msi: vendoring the embedded sdk

msi: porting over to use the embedded sdk

msi: adding an alias since this is commonly used across the codebase

dependencies: removing the old azure sdk for managed identity

updating to include #12715

Update active_directory_domain_service.html.markdown

`location` can not be set in `initial_replica_set` - docs (below) does not contain it either

maps: vendoring the embedded accounts sdk

maps: refactoring to use the existing ID Parser

maps: refactoring to use the ID Parsers from the SDK

maps: refactoring to use the embedded sdk

updating to include #12716

update docs - make the dns_prefix in azurerm_kubernetes_cluster to be… (#12724)

Closes dns_prefix argument is required for k8s cluster declarations, despite docs saying it's optional #12649
Updating the docs accordingly to what @manicminer say in the comments in the issues.

Make the dns_prefix a mandatory field in the azurerm_kubernetes_cluster.

update

Revert "update"

This reverts commit 617dad277a0893f021992b5e82236a4265992f43.
yupwei68 pushed a commit to yupwei68/terraform-provider-azurerm that referenced this pull request Jul 26, 2021
…ersion to 2021-06-01 (hashicorp#12405)

Changes:

Update flexserver api version to 2021-06-01
Complete flexserver tests use postgres version 13 now
Noteworthy Changes:

cmk_enabled (byokEnforcement) is not exposed in 2021-06-01 anymore
Postgres version 13 also available now
effected resources

azurerm_postgresql_flexible_server
azurerm_postgresql_flexible_server_firewall_rule
Datasource: azurerm_postgresql_flexible_server
This PR address:

Support PostgreSQL Flexible Server Version 13 hashicorp#12375
New Resource azurerm_postgresql_flexible_server_configuration hashicorp#12294
Support for postgresql flexible server database, configuration and firewall_rule hashicorp#11538
yupwei68 pushed a commit to yupwei68/terraform-provider-azurerm that referenced this pull request Jul 26, 2021
…icorp#12294)

* Add New Resource azurerm_postgresql_flexible_server_configuration (hashicorp#11538)

Signed-off-by: Nick Metz <nick.metz@ptvgroup.com>

* PR: hashicorp#12294
- use server_id instead of server_name in postgresql_flexible_server_configuration resource
- construct id for d.SetId(id.ID()) by FlexibleServerConfigurationId in
update func
- remove error prefix of error messages
- improve error messages while update, delete, wait
- use state.ID in tests and rename test func according to convention
- update documentation remove resource group and server_name, add server_id
- validate name and value is not empty
- remove checking resource not found at deletion

Signed-off-by: Nick Metz <nick.metz@ptvgroup.com>

* Rename resource files, tidy up error messages

Co-authored-by: Tom Bamford <tom@bamford.io>
yupwei68 pushed a commit to yupwei68/terraform-provider-azurerm that referenced this pull request Jul 26, 2021
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 16, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants