update dns proxy enable logic

internal/services/firewall/firewall_data_source.go

@@ -197,11 +197,11 @@ func firewallDataSourceRead(d *pluginsdk.ResourceData, meta interface{}) error {
 
 		d.Set("threat_intel_mode", string(props.ThreatIntelMode))
 
-		dnsSettings := flattenFirewallAdditionalProps(props.AdditionalProperties)
-		if err := d.Set("dns_proxy_enabled", dnsSettings.ProxyEnabled); err != nil {
+		dnsProxyEnabeld, dnsServers := flattenFirewallAdditionalProperty(props.AdditionalProperties)
+		if err := d.Set("dns_proxy_enabled", dnsProxyEnabeld); err != nil {
 			return fmt.Errorf("setting `dns_proxy_enabled`: %+v", err)
 		}
-		if err := d.Set("dns_servers", dnsSettings.toTFServers()); err != nil {
+		if err := d.Set("dns_servers", dnsServers); err != nil {
 			return fmt.Errorf("setting `dns_servers`: %+v", err)
 		}
 

internal/services/firewall/firewall_data_source_test.go

@@ -7,7 +7,6 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/hashicorp/go-azure-helpers/lang/pointer"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check"
 )
@@ -154,7 +153,7 @@ data "azurerm_firewall" "test" {
   name                = azurerm_firewall.test.name
   resource_group_name = azurerm_resource_group.test.name
 }
-`, FirewallResource{}.enableDNS(data, pointer.To(true), dnsServers...))
+`, FirewallResource{}.enableDNS(data, true, dnsServers...))
 }
 
 func (FirewallDataSource) withManagementIp(data acceptance.TestData) string {

internal/services/firewall/firewall_network_rule_collection_resource_test.go

@@ -9,7 +9,6 @@ import (
 	"regexp"
 	"testing"
 
-	"github.com/hashicorp/go-azure-helpers/lang/pointer"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
@@ -876,7 +875,7 @@ resource "azurerm_firewall_network_rule_collection" "test" {
     ]
   }
 }
-`, FirewallResource{}.enableDNS(data, pointer.To(true), "1.1.1.1", "8.8.8.8"))
+`, FirewallResource{}.enableDNS(data, true, "1.1.1.1", "8.8.8.8"))
 }
 
 func (r FirewallNetworkRuleCollectionResource) noSource(data acceptance.TestData) string {

internal/services/firewall/firewall_resource.go

@@ -20,7 +20,6 @@ import (
 	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/locks"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/services/firewall/azuresdkhacks"
-	"github.com/hashicorp/terraform-provider-azurerm/internal/services/firewall/migration"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/services/firewall/parse"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/services/firewall/validate"
 	networkValidate "github.com/hashicorp/terraform-provider-azurerm/internal/services/network/validate"
@@ -52,11 +51,6 @@ func resourceFirewall() *pluginsdk.Resource {
 			Delete: pluginsdk.DefaultTimeout(90 * time.Minute),
 		},
 
-		SchemaVersion: 1,
-		StateUpgraders: pluginsdk.StateUpgrades(map[int]pluginsdk.StateUpgrade{
-			0: migration.FirewallV0ToV1{},
-		}),
-
 		Schema: map[string]*pluginsdk.Schema{
 			"name": {
 				Type:         pluginsdk.TypeString,
@@ -181,6 +175,7 @@ func resourceFirewall() *pluginsdk.Resource {
 			"dns_proxy_enabled": {
 				Type:     pluginsdk.TypeBool,
 				Optional: true,
+				Computed: true,
 			},
 
 			"private_ip_ranges": {
@@ -338,8 +333,7 @@ func resourceFirewallCreateUpdate(d *pluginsdk.ResourceData, meta interface{}) e
 		parameters.Sku.Tier = network.AzureFirewallSkuTier(skuTier)
 	}
 
-	dnsSettings := encodeFirewallAdditionalProperty(d)
-	if dnsServerSetting := dnsSettings.toSDKModel(); dnsServerSetting != nil {
+	if dnsServerSetting := expandFirewallDNSServers(d); dnsServerSetting != nil {
 		for k, v := range dnsServerSetting {
 			parameters.AdditionalProperties[k] = v
 		}
@@ -439,11 +433,11 @@ func resourceFirewallRead(d *pluginsdk.ResourceData, meta interface{}) error {
 
 		d.Set("threat_intel_mode", string(props.ThreatIntelMode))
 
-		dnsSettings := flattenFirewallAdditionalProps(props.AdditionalProperties)
-		if err := d.Set("dns_proxy_enabled", dnsSettings.ProxyEnabled); err != nil {
+		dnsProxyEnabled, dnsServers := flattenFirewallAdditionalProperty(props.AdditionalProperties)
+		if err := d.Set("dns_proxy_enabled", dnsProxyEnabled); err != nil {
 			return fmt.Errorf("setting `dns_proxy_enabled`: %+v", err)
 		}
-		if err := d.Set("dns_servers", dnsSettings.toTFServers()); err != nil {
+		if err := d.Set("dns_servers", dnsServers); err != nil {
 			return fmt.Errorf("setting `dns_servers`: %+v", err)
 		}
 
@@ -642,6 +636,43 @@ func flattenFirewallIPConfigurations(input *[]network.AzureFirewallIPConfigurati
 	return result
 }
 
+func expandFirewallDNSServers(d *pluginsdk.ResourceData) map[string]*string {
+	if d == nil {
+		return nil
+	}
+	var res = map[string]*string{}
+	if servers := d.Get("dns_servers").([]interface{}); len(servers) > 0 {
+		var servs []string
+		for _, server := range servers {
+			servs = append(servs, server.(string))
+		}
+		res["Network.DNS.EnableProxy"] = pointer.To("true")
+		res["Network.DNS.Servers"] = pointer.To(strings.Join(servs, ","))
+	}
+	if enabled := d.Get("dns_proxy_enabled").(bool); enabled {
+		res["Network.DNS.EnableProxy"] = pointer.To("true")
+	}
+	// Swagger issue asking finalize these properties: https://github.com/Azure/azure-rest-api-specs/issues/11278
+	return res
+}
+
+func flattenFirewallAdditionalProperty(input map[string]*string) (enabled interface{}, servers []interface{}) {
+	if len(input) == 0 {
+		return nil, nil
+	}
+
+	if enabledPtr := input["Network.DNS.EnableProxy"]; enabledPtr != nil {
+		enabled = *enabledPtr == "true"
+
+		if serversPtr := input["Network.DNS.Servers"]; serversPtr != nil {
+			for _, val := range strings.Split(*serversPtr, ",") {
+				servers = append(servers, val)
+			}
+		}
+	}
+	return
+}
+
 func expandFirewallPrivateIpRange(input []interface{}) map[string]*string {
 	if len(input) == 0 {
 		return nil
@@ -780,72 +811,3 @@ func validateFirewallIPConfigurationSettings(configs []interface{}) error {
 
 	return nil
 }
-
-type firewallAdditionalProperty struct {
-	ProxyEnabled  bool     `tfschema:"dns_proxy_enabled"`
-	CustomServers []string `tfschema:"custom_servers"`
-}
-
-func (f *firewallAdditionalProperty) addDNSServer(name string) {
-	f.CustomServers = append(f.CustomServers, name)
-}
-
-func encodeFirewallAdditionalProperty(d *pluginsdk.ResourceData) *firewallAdditionalProperty {
-	var res firewallAdditionalProperty
-	val := d.Get("dns_proxy_enabled").(bool)
-	res.ProxyEnabled = val
-
-	if servers, ok := d.Get("dns_servers").([]interface{}); ok && len(servers) > 0 {
-		// res.ProxyEnabled = true // honer the `dns_proxy_enabled` configuration
-		for _, v := range servers {
-			res.addDNSServer(v.(string))
-		}
-	}
-	return &res
-}
-
-func flattenFirewallAdditionalProps(input map[string]*string) (settings firewallAdditionalProperty) {
-	if len(input) == 0 {
-		return
-	}
-
-	if enabledPtr := input["Network.DNS.EnableProxy"]; enabledPtr != nil {
-		proxyEnabled := *enabledPtr == "true"
-		settings.ProxyEnabled = proxyEnabled
-	}
-
-	if serversPtr := input["Network.DNS.Servers"]; serversPtr != nil {
-		settings.CustomServers = strings.Split(*serversPtr, ",")
-	}
-	return
-}
-
-func (f *firewallAdditionalProperty) toTFServers() (res []interface{}) {
-	if f != nil && len(f.CustomServers) > 0 {
-		for _, v := range f.CustomServers {
-			res = append(res, v)
-		}
-	}
-	return res
-}
-
-func (f *firewallAdditionalProperty) toSDKModel() map[string]*string {
-	if f == nil || (!f.ProxyEnabled && f.CustomServers == nil) {
-		return nil
-	}
-
-	res := map[string]*string{}
-	proxyEnabled := "false"
-	// to not break existing behavior, set this key when proxy is enabled or custom dns servers are set
-	if f.ProxyEnabled {
-		proxyEnabled = "true"
-	}
-	res["Network.DNS.EnableProxy"] = pointer.To(proxyEnabled)
-
-	if len(f.CustomServers) > 0 {
-		// if not set custom dns servers, then do not set this key to use default azure provided servers
-		res["Network.DNS.Servers"] = pointer.To(strings.Join(f.CustomServers, ","))
-	}
-
-	return res
-}

internal/services/firewall/firewall_resource_test.go

@@ -10,7 +10,6 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/hashicorp/go-azure-helpers/lang/pointer"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
@@ -69,21 +68,21 @@ func TestAccFirewall_enableDNS(t *testing.T) {
 		},
 		data.ImportStep(),
 		{
-			Config: r.enableDNS(data, pointer.To(true), "1.1.1.1"),
+			Config: r.enableDNS(data, true, "1.1.1.1"),
 			Check: acceptance.ComposeTestCheckFunc(
 				check.That(data.ResourceName).ExistsInAzure(r),
 			),
 		},
 		data.ImportStep(),
 		{
-			Config: r.enableDNS(data, pointer.To(true)),
+			Config: r.enableDNS(data, true),
 			Check: acceptance.ComposeTestCheckFunc(
 				check.That(data.ResourceName).ExistsInAzure(r),
 			),
 		},
 		data.ImportStep(),
 		{
-			Config: r.enableDNS(data, pointer.To(false)),
+			Config: r.enableDNS(data, false),
 			Check: acceptance.ComposeTestCheckFunc(
 				check.That(data.ResourceName).ExistsInAzure(r),
 			),
@@ -515,7 +514,7 @@ resource "azurerm_firewall" "test" {
 `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger)
 }
 
-func (FirewallResource) enableDNS(data acceptance.TestData, enableProxy *bool, dnsServers ...string) string {
+func (FirewallResource) enableDNS(data acceptance.TestData, enableProxy bool, dnsServers ...string) string {
 	dnsServersStr := ""
 	if len(dnsServers) > 0 {
 		servers := make([]string, len(dnsServers))
@@ -525,12 +524,10 @@ func (FirewallResource) enableDNS(data acceptance.TestData, enableProxy *bool, d
 		dnsServersStr = fmt.Sprintf("dns_servers = [%s]", strings.Join(servers, ", "))
 	}
 	enableProxyStr := ""
-	if enableProxy != nil {
-		if *enableProxy {
-			enableProxyStr = "dns_proxy_enabled = true"
-		} else {
-			enableProxyStr = "dns_proxy_enabled = false"
-		}
+	if enableProxy {
+		enableProxyStr = "dns_proxy_enabled = true"
+	} else {
+		enableProxyStr = "dns_proxy_enabled = false"
 	}
 
 	return fmt.Sprintf(`