Add support for vnet rules to CosmosDB accounts.

[pgavlin]

These changes add support for virtual network filters to CosmosDB
accounts. Using these filters requires two new properties:

• is_virtual_network_filter_enabled, which enables virutal network
  filters for the account
• virtual_network_rule, which specifies the subnets that are allowed
  to access the account

Fixes #1342.

[katbyte]

Hi @pgavlin,

Thank you for this resource, it mostly LGTM outside some missing nil checks. I do wonder if it is worth simplifying the schema as mentioned in my comment. Really all we are after is a set of ID strings. What do you think?

[katbyte]

Would this make more sense as a simple set of strings virtual_network_rule_subnet_ids rather then a set of blocks containing id?

virtual_network_rule_subnet_ids  =[
"${azurerm_subnet.subnet1.id}",
"${azurerm_subnet.subnet2.id}",
]

[pgavlin]

I think that we should err on the side of leaving this as-is: if the Azure API adds additional fields to these rules in the future, having a resource here rather than a simple ID makes such a change easier to accommodate. This would also align better with a future cosmosdb_account_virtual_network_rule resource as suggested in #1342.

[katbyte]

Good points 👍

[katbyte]

@pgavlin,

Thank you for the PR updates, LGTM now 💯

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!