Merge branch 'main' into favoretti/watcher_flow_log

CHANGELOG.md

@@ -1,27 +1,63 @@
-## 4.10.0 (Unreleased)
+## 4.11.0 (Unreleased)
+
+ENHANCEMENTS:
+
+* `batch` - upgrade api version to `2024-07-01` [GH-27982]
+* `containerregistry` - upgrade api version to `2023-11-01-preview` [GH-27983]
+* `azurerm_application_gateway` - `1.1` is now accepted as a valid `rule_set_version` in the `waf_configuration` block [GH-28039]
+* `azurerm_arc_machine` - add support for the `identity` and `tags` properties [GH-27987]
+* `azurerm_subnet` - `Informatica.DataManagement/organizations` is a valid `service_delegation` [GH-27993]
+* `azurerm_virtual_network` - `Informatica.DataManagement/organizations` is a valid `service_delegation` [GH-27993]
+* `azurerm_web_application_firewall_policy` - `1.1` is now accepted as a valid `version` for `Microsoft_BotManagerRuleSet` rule types [GH-28039]
+
+BUG:
+
+* `azurerm_api_management_diagnostic` - raise and error when `operation_name_format` is used with and `identity` that is not `applicationinsights` [GH-27630]
+* `azurerm_api_management_api_diagnostic` - raise and error when `operation_name_format` is used with and `identity` that is not `applicationinsights` [GH-27630]
+* `azurerm_container_registry_token_password` - correctly mark as gone if container registry token doesn't exist [GH-27232]
+
+FEATURES:
+
+* **New Resource**: `azurerm_eventgrid_namespace` [GH-27682]
+
+## 4.10.0 (November 14, 2024)
 
 BREAKING CHANGES:
 
-* dependencies - update `cognitive` to `2024-10-01`, due to a behavioural change in this version of the API, the `primary_access_key` and `secondary_access_key` can not be retrieved if `local_authentication_enabled` has been set to `false`. These properties that may have had values previously will now be empty. This has affected the `azurerm_ai_services` and `azurerm_cognitive_account` resources as well as the `azurerm_cognitive_account` data source [GH-27851]
+* dependencies - update `cognitive` to `2024-10-01`, due to a behavioural change in this version of the API, the `primary_access_key` and `secondary_access_key` can not be retrieved if `local_authentication_enabled` has been set to `false`. These properties that may have had values previously will now be empty. This has affected the `azurerm_ai_services` and `azurerm_cognitive_account` resources as well as the `azurerm_cognitive_account` data source ([#27851](https://github.com/hashicorp/terraform-provider-azurerm/issues/27851))
+
+FEATURES:
+
+* **New Data Source**: `azurerm_key_vault_managed_hardware_security_module_key` ([#27827](https://github.com/hashicorp/terraform-provider-azurerm/issues/27827))
+* **New Resource**: `azurerm_netapp_backup_vault` ([#27188](https://github.com/hashicorp/terraform-provider-azurerm/issues/27188))
+* **New Resource**: `azurerm_netapp_backup_policy` ([#27188](https://github.com/hashicorp/terraform-provider-azurerm/issues/27188))
 
 ENHANCEMENTS:
 
-* dependencies: update `terraform-plugin-framework` to version `v1.13.0` [GH-27936]
-* dependencies: update `terraform-plugin-framework-validators` to version `v0.14.0` [GH-27936]
-* dependencies: update `terraform-plugin-go` to version `v0.25.0` [GH-27936]
-* dependencies: update `terraform-plugin-mux` to version `v0.17.0` [GH-27936]
-* dependencies: update `terraform-plugin-sdk/v2` to version `v2.35.0` [GH-27936]
-* Data Source: `azurerm_bastion_host` - add support for the `zones` property [GH-27909]
-* `azurerm_application_gateway` - support more values for the `status_code` property [GH-27535]
-* `azurerm_bastion_host` - support for the `zones` property [GH-27909]
-* `azurerm_communication_service` - support for `usgov` region [GH-27919]
-* `azurerm_email_communication_service` - support for `usgov` region added [GH-27919]
+* dependencies: update `terraform-plugin-framework` to version `v1.13.0` ([#27936](https://github.com/hashicorp/terraform-provider-azurerm/issues/27936))
+* dependencies: update `terraform-plugin-framework-validators` to version `v0.14.0` ([#27936](https://github.com/hashicorp/terraform-provider-azurerm/issues/27936))
+* dependencies: update `terraform-plugin-go` to version `v0.25.0` ([#27936](https://github.com/hashicorp/terraform-provider-azurerm/issues/27936))
+* dependencies: update `terraform-plugin-mux` to version `v0.17.0` ([#27936](https://github.com/hashicorp/terraform-provider-azurerm/issues/27936))
+* dependencies: update `terraform-plugin-sdk/v2` to version `v2.35.0` ([#27936](https://github.com/hashicorp/terraform-provider-azurerm/issues/27936))
+* Data Source: `azurerm_bastion_host` - add support for the `zones` property ([#27909](https://github.com/hashicorp/terraform-provider-azurerm/issues/27909))
+* `azurerm_application_gateway` - support more values for the `status_code` property ([#27535](https://github.com/hashicorp/terraform-provider-azurerm/issues/27535))
+* `azurerm_bastion_host` - support for the `zones` property ([#27909](https://github.com/hashicorp/terraform-provider-azurerm/issues/27909))
+* `azurerm_communication_service` - support for `usgov` region ([#27919](https://github.com/hashicorp/terraform-provider-azurerm/issues/27919))
+* `azurerm_email_communication_service` - support for `usgov` region added ([#27919](https://github.com/hashicorp/terraform-provider-azurerm/issues/27919))
+* `azurerm_linux_function_app` - support for .NET 9  ([#27879](https://github.com/hashicorp/terraform-provider-azurerm/issues/27879))
+* `azurerm_linux_function_app_slot` - support for .NET 9  ([#27879](https://github.com/hashicorp/terraform-provider-azurerm/issues/27879))
+* `azurerm_linux_web_app` - support for .NET 9  ([#27879](https://github.com/hashicorp/terraform-provider-azurerm/issues/27879))
+* `azurerm_linux_web_app_slot` - support for .NET 9  ([#27879](https://github.com/hashicorp/terraform-provider-azurerm/issues/27879))
+* `azurerm_windows_web_app` - support for .NET 9  ([#27879](https://github.com/hashicorp/terraform-provider-azurerm/issues/27879))
+* `azurerm_windows_web_app_slot` - support for .NET 9  ([#27879](https://github.com/hashicorp/terraform-provider-azurerm/issues/27879))
+* `azurerm_windows_function_app` - support for .NET 9  ([#27879](https://github.com/hashicorp/terraform-provider-azurerm/issues/27879))
+* `azurerm_windows_function_app_slot` - support for .NET 9  ([#27879](https://github.com/hashicorp/terraform-provider-azurerm/issues/27879))
 
 BUG FIXES:
 
-* `azurerm_log_analytics_workspace_table` - use the subscription from workspace ID [GH-27590]
-* `azurerm_traffic_manager_external_endpoint` - the value for `priority` will be dynamically assigned by the API [GH-27966]
-* `azurerm_traffic_manager_azure_endpoint` - the value for `priority` will be dynamically assigned by the API [GH-27966]
+* `azurerm_log_analytics_workspace_table` - use the subscription from workspace ID ([#27590](https://github.com/hashicorp/terraform-provider-azurerm/issues/27590))
+* `azurerm_traffic_manager_external_endpoint` - the value for `priority` will be dynamically assigned by the API ([#27966](https://github.com/hashicorp/terraform-provider-azurerm/issues/27966))
+* `azurerm_traffic_manager_azure_endpoint` - the value for `priority` will be dynamically assigned by the API ([#27966](https://github.com/hashicorp/terraform-provider-azurerm/issues/27966))
 
 
 ## 4.9.0 (November 08, 2024)

CODEOWNERS

@@ -1 +1 @@
-* @katbyte @hashicorp/terraform-azure
+* @hashicorp/terraform-azure

examples/netapp/nfsv3_volume_with_backup_policy/README.md

@@ -0,0 +1,5 @@
+## Example: Azure NetApp Files Volume with Backup Policy enabled
+
+This example shows how to create an Azure NetApp volume with Backup policy enabled.
+
+For more information, please refer to [Understand Azure NetApp Files backup](https://learn.microsoft.com/en-us/azure/azure-netapp-files/backup-introduction).

examples/netapp/nfsv3_volume_with_backup_policy/main.tf

@@ -0,0 +1,103 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+provider "azurerm" {
+  features {
+    netapp {
+      prevent_volume_destruction = false
+      delete_backups_on_backup_vault_destroy = true
+    }
+  }
+}
+
+resource "azurerm_resource_group" "example" {
+  name     = "${var.prefix}-resources"
+  location = var.location
+}
+
+resource "azurerm_virtual_network" "example" {
+  name                = "${var.prefix}-virtualnetwork"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+  address_space       = ["10.0.0.0/16"]
+}
+
+resource "azurerm_subnet" "example" {
+  name                 = "${var.prefix}-subnet"
+  resource_group_name  = azurerm_resource_group.example.name
+  virtual_network_name = azurerm_virtual_network.example.name
+  address_prefixes     = ["10.0.2.0/24"]
+
+  delegation {
+    name = "testdelegation"
+
+    service_delegation {
+      name    = "Microsoft.Netapp/volumes"
+      actions = ["Microsoft.Network/networkinterfaces/*", "Microsoft.Network/virtualNetworks/subnets/join/action"]
+    }
+  }
+}
+
+resource "azurerm_netapp_account" "example" {
+  name                = "${var.prefix}-netappaccount"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+}
+
+resource "azurerm_netapp_backup_vault" "example" {
+  name                = "${var.prefix}-netappbackupvault"
+  resource_group_name = azurerm_resource_group.example.name
+  location            = azurerm_resource_group.example.location
+  account_name        = azurerm_netapp_account.example.name
+}
+
+resource "azurerm_netapp_backup_policy" "example" {
+  name                    = "${var.prefix}-netappbackuppolicy"
+  resource_group_name     = azurerm_resource_group.example.name
+  location                = azurerm_resource_group.example.location
+  account_name            = azurerm_netapp_account.example.name
+  daily_backups_to_keep   = 2
+  weekly_backups_to_keep  = 2
+  monthly_backups_to_keep = 2
+  enabled = true
+}
+
+resource "azurerm_netapp_pool" "example" {
+  name                = "${var.prefix}-netapppool"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+  account_name        = azurerm_netapp_account.example.name
+  service_level       = "Standard"
+  size_in_tb          = 4
+}
+
+resource "azurerm_netapp_volume" "example" {
+  lifecycle {
+    prevent_destroy = true
+  }
+
+  name                = "${var.prefix}-netappvolume"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+  account_name        = azurerm_netapp_account.example.name
+  pool_name           = azurerm_netapp_pool.example.name
+  volume_path         = "${var.prefix}-netappvolume"
+  service_level       = "Standard"
+  protocols           = ["NFSv3"]
+  network_features    = "Basic"
+  subnet_id           = azurerm_subnet.example.id
+  storage_quota_in_gb = 100
+
+  data_protection_backup_policy {
+    backup_vault_id  = azurerm_netapp_backup_vault.example.id
+    backup_policy_id = azurerm_netapp_backup_policy.example.id
+    policy_enabled   = true
+  }
+
+  export_policy_rule {
+    rule_index = 1
+    allowed_clients = ["0.0.0.0/0"]
+    protocols_enabled = ["NFSv3"]
+    unix_read_write = true
+  }
+}

examples/netapp/nfsv3_volume_with_backup_policy/variables.tf

@@ -0,0 +1,10 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+variable "location" {
+  description = "The Azure location where all resources in this example should be created."
+}
+
+variable "prefix" {
+  description = "The prefix used for all resources used by this example"
+}

internal/acceptance/helpers/is_not_resource_action.go

@@ -64,7 +64,7 @@ func (e isNotResourceAction) CheckPlan(ctx context.Context, req plancheck.CheckP
 			}
 		case plancheck.ResourceActionReplace:
 			if rc.Change.Actions.Replace() {
-				resp.Error = fmt.Errorf("'%s' - expected action to not be %s, path: %v", rc.Address, e.actionType, rc.Change.ReplacePaths)
+				resp.Error = fmt.Errorf("'%s' - expected action to not be %s, path: %v tried to update a value that is ForceNew", rc.Address, e.actionType, rc.Change.ReplacePaths)
 				return
 			}
 		default:

internal/acceptance/testcase.go

@@ -168,7 +168,7 @@ func RunTestsInSequence(t *testing.T, tests map[string]map[string]func(t *testin
 
 func (td TestData) runAcceptanceTest(t *testing.T, testCase resource.TestCase) {
 	testCase.ExternalProviders = td.externalProviders()
-	testCase.ProtoV5ProviderFactories = framework.ProtoV5ProviderFactoriesInit(context.Background(), "azurerm")
+	testCase.ProtoV5ProviderFactories = framework.ProtoV5ProviderFactoriesInit(context.Background(), "azurerm", "azurerm-alt")
 
 	resource.ParallelTest(t, testCase)
 }

internal/clients/client.go

@@ -14,7 +14,6 @@ import (
 	azurestackhci_v2024_01_01 "github.com/hashicorp/go-azure-sdk/resource-manager/azurestackhci/2024-01-01"
 	datadog_v2021_03_01 "github.com/hashicorp/go-azure-sdk/resource-manager/datadog/2021-03-01"
 	dns_v2018_05_01 "github.com/hashicorp/go-azure-sdk/resource-manager/dns/2018-05-01"
-	eventgrid_v2022_06_15 "github.com/hashicorp/go-azure-sdk/resource-manager/eventgrid/2022-06-15"
 	fluidrelay_2022_05_26 "github.com/hashicorp/go-azure-sdk/resource-manager/fluidrelay/2022-05-26"
 	hdinsight_v2021_06_01 "github.com/hashicorp/go-azure-sdk/resource-manager/hdinsight/2021-06-01"
 	nginx_2024_06_01_preview "github.com/hashicorp/go-azure-sdk/resource-manager/nginx/2024-06-01-preview"
@@ -206,7 +205,7 @@ type Client struct {
 	Dynatrace                         *dynatrace.Client
 	Elastic                           *elastic.Client
 	ElasticSan                        *elasticsan.Client
-	EventGrid                         *eventgrid_v2022_06_15.Client
+	EventGrid                         *eventgrid.Client
 	Eventhub                          *eventhub.Client
 	ExtendedLocation                  *extendedlocation.Client
 	FluidRelay                        *fluidrelay_2022_05_26.Client

internal/common/client_options.go

@@ -98,9 +98,6 @@ func userAgent(userAgent, tfVersion, partnerID string, disableTerraformPartnerID
 	tfUserAgent := fmt.Sprintf("HashiCorp Terraform/%s (+https://www.terraform.io)", tfVersion)
 
 	providerUserAgent := fmt.Sprintf("%s terraform-provider-azurerm/%s", tfUserAgent, version.ProviderVersion)
-	if features.FourPointOhBeta() {
-		providerUserAgent = fmt.Sprintf("%s terraform-provider-azurerm/%s+4.0-beta", tfUserAgent, version.ProviderVersion)
-	}
 	if features.FivePointOhBeta() {
 		providerUserAgent = fmt.Sprintf("%s terraform-provider-azurerm/%s+5.0-beta", tfUserAgent, version.ProviderVersion)
 	}

internal/features/defaults.go

@@ -78,5 +78,9 @@ func Default() UserFeatures {
 			VMBackupStopProtectionAndRetainDataOnDestroy: false,
 			PurgeProtectedItemsFromVaultOnDestroy:        false,
 		},
+		NetApp: NetAppFeatures{
+			DeleteBackupsOnBackupVaultDestroy: false,
+			PreventVolumeDestruction:          true,
+		},
 	}
 }

internal/features/user_flags.go

@@ -21,6 +21,7 @@ type UserFeatures struct {
 	PostgresqlFlexibleServer PostgresqlFlexibleServerFeatures
 	MachineLearning          MachineLearningFeatures
 	RecoveryService          RecoveryServiceFeatures
+	NetApp                   NetAppFeatures
 }
 
 type CognitiveAccountFeatures struct {
@@ -109,3 +110,8 @@ type RecoveryServiceFeatures struct {
 	VMBackupStopProtectionAndRetainDataOnDestroy bool
 	PurgeProtectedItemsFromVaultOnDestroy        bool
 }
+
+type NetAppFeatures struct {
+	DeleteBackupsOnBackupVaultDestroy bool
+	PreventVolumeDestruction          bool
+}

internal/provider/features.go

@@ -387,6 +387,28 @@ func schemaFeatures(supportLegacyTestSuite bool) *pluginsdk.Schema {
 				},
 			},
 		},
+
+		"netapp": {
+			Type:     pluginsdk.TypeList,
+			Optional: true,
+			MaxItems: 1,
+			Elem: &pluginsdk.Resource{
+				Schema: map[string]*pluginsdk.Schema{
+					"delete_backups_on_backup_vault_destroy": {
+						Description: "When enabled, backups will be deleted when the `azurerm_netapp_backup_vault` resource is destroyed",
+						Type:        pluginsdk.TypeBool,
+						Optional:    true,
+						Default:     false,
+					},
+					"prevent_volume_destruction": {
+						Description: "When enabled, the volume will not be destroyed, safeguarding from severe data loss",
+						Type:        pluginsdk.TypeBool,
+						Optional:    true,
+						Default:     true,
+					},
+				},
+			},
+		},
 	}
 
 	// this is a temporary hack to enable us to gradually add provider blocks to test configurations
@@ -648,5 +670,18 @@ func expandFeatures(input []interface{}) features.UserFeatures {
 		}
 	}
 
+	if raw, ok := val["netapp"]; ok {
+		items := raw.([]interface{})
+		if len(items) > 0 {
+			netappRaw := items[0].(map[string]interface{})
+			if v, ok := netappRaw["delete_backups_on_backup_vault_destroy"]; ok {
+				featuresMap.NetApp.DeleteBackupsOnBackupVaultDestroy = v.(bool)
+			}
+			if v, ok := netappRaw["prevent_volume_destruction"]; ok {
+				featuresMap.NetApp.PreventVolumeDestruction = v.(bool)
+			}
+		}
+	}
+
 	return featuresMap
 }