From e1e2d211ec104aaf0398385cda381defbbe0dca9 Mon Sep 17 00:00:00 2001 From: Steve Jones Date: Thu, 9 May 2019 07:55:43 +0100 Subject: [PATCH 1/3] Added validation for firewall subnet name and forced new resource on change in subnet ID --- azurerm/resource_arm_firewall.go | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/azurerm/resource_arm_firewall.go b/azurerm/resource_arm_firewall.go index 533d58527169..7399d4a085e5 100644 --- a/azurerm/resource_arm_firewall.go +++ b/azurerm/resource_arm_firewall.go @@ -2,8 +2,10 @@ package azurerm import ( "fmt" + "github.com/hashicorp/terraform/helper/validation" "log" "regexp" + "strings" "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2018-12-01/network" "github.com/hashicorp/terraform/helper/schema" @@ -51,7 +53,11 @@ func resourceArmFirewall() *schema.Resource { "subnet_id": { Type: schema.TypeString, Required: true, - ValidateFunc: azure.ValidateResourceID, + ForceNew: true, + ValidateFunc: validation.All( + azure.ValidateResourceID, + validateAzureFirewallSubnetName, + ), }, "internal_public_ip_address_id": { Type: schema.TypeString, @@ -379,3 +385,12 @@ func validateAzureFirewallName(v interface{}, k string) (warnings []string, erro return warnings, errors } + +func validateAzureFirewallSubnetName(v interface{}, k string) (warnings []string, errors []error) { + value := strings.Split(v.(string), "/") + if value[len(value)-1] != "AzureFirewallSubnet" { + errors = append(errors, fmt.Errorf("%q must have the name 'AzureFirewallSubnet' to be used for the Azure Firewall resource", k)) + } + + return warnings, errors +} From 9cbcba1e7511c8ce6bcd88a23ef46c3df2d8cba7 Mon Sep 17 00:00:00 2001 From: Steve Jones Date: Thu, 9 May 2019 08:15:23 +0100 Subject: [PATCH 2/3] Missed go fmt --- azurerm/resource_arm_firewall.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/azurerm/resource_arm_firewall.go b/azurerm/resource_arm_firewall.go index 7399d4a085e5..de47efb463c5 100644 --- a/azurerm/resource_arm_firewall.go +++ b/azurerm/resource_arm_firewall.go @@ -51,9 +51,9 @@ func resourceArmFirewall() *schema.Resource { ValidateFunc: validate.NoEmptyStrings, }, "subnet_id": { - Type: schema.TypeString, - Required: true, - ForceNew: true, + Type: schema.TypeString, + Required: true, + ForceNew: true, ValidateFunc: validation.All( azure.ValidateResourceID, validateAzureFirewallSubnetName, From 6673a65c9e4315611503a089b10c9db09f15fe5a Mon Sep 17 00:00:00 2001 From: Steve Jones Date: Fri, 10 May 2019 07:53:38 +0100 Subject: [PATCH 3/3] Updated validation method as suggested to use provider builtin func --- azurerm/resource_arm_firewall.go | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/azurerm/resource_arm_firewall.go b/azurerm/resource_arm_firewall.go index de47efb463c5..37619aef4ad8 100644 --- a/azurerm/resource_arm_firewall.go +++ b/azurerm/resource_arm_firewall.go @@ -2,17 +2,14 @@ package azurerm import ( "fmt" - "github.com/hashicorp/terraform/helper/validation" - "log" - "regexp" - "strings" - "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2018-12-01/network" "github.com/hashicorp/terraform/helper/schema" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" + "log" + "regexp" ) var azureFirewallResourceName = "azurerm_firewall" @@ -51,13 +48,10 @@ func resourceArmFirewall() *schema.Resource { ValidateFunc: validate.NoEmptyStrings, }, "subnet_id": { - Type: schema.TypeString, - Required: true, - ForceNew: true, - ValidateFunc: validation.All( - azure.ValidateResourceID, - validateAzureFirewallSubnetName, - ), + Type: schema.TypeString, + Required: true, + ForceNew: true, + ValidateFunc: validateAzureFirewallSubnetName, }, "internal_public_ip_address_id": { Type: schema.TypeString, @@ -387,9 +381,15 @@ func validateAzureFirewallName(v interface{}, k string) (warnings []string, erro } func validateAzureFirewallSubnetName(v interface{}, k string) (warnings []string, errors []error) { - value := strings.Split(v.(string), "/") - if value[len(value)-1] != "AzureFirewallSubnet" { - errors = append(errors, fmt.Errorf("%q must have the name 'AzureFirewallSubnet' to be used for the Azure Firewall resource", k)) + parsed, err := parseAzureResourceID(v.(string)) + if err != nil { + errors = append(errors, fmt.Errorf("Error parsing Azure Resource ID %q", v.(string))) + return warnings, errors + } + subnetName := parsed.Path["subnets"] + if subnetName != "AzureFirewallSubnet" { + errors = append(errors, fmt.Errorf("The name of the Subnet for %q must be exactly 'AzureFirewallSubnet' to be used for the Azure Firewall resource", k)) + } return warnings, errors