Update azurerm_security_center_subscription_pricing
#8549
Conversation
beandrad
changed the title
azurerm_security_center_subscription_pricing Issue #4846azurerm_security_center_subscription_pricing
beandrad
force-pushed
the
issue-4846
branch
5 times, most recently
from
e3fd8b1 to
f9e2dcd
Compare
|
If you are changing a resource schema you need to change the schema version and do a schema update script. Instructions on how to do that can be found here I would also change the way that the |
beandrad
force-pushed
the
issue-4846
branch
from
f9e2dcd to
a207786
Compare
|
|
LGTM
There was a problem hiding this comment.
Hi @beandrad
Thanks for this PR, it's off to a good start.
We try to avoid using multiple API versions for a service wherever possible. I've had a quick scan over the service and I think this should be possible here without too much difficulty. Since the changes you are targeting in the resource are pretty much required for the API bump could you update to just using v3.0? I've put some other comments in below that will also need addressing. We can help you out as needed, and if you're not already joined the community slack, there are instructions for joining in the project readme.
azurerm/internal/services/securitycenter/resource_arm_security_center_subscription_pricing.go
Outdated
Show resolved
Hide resolved
| @@ -44,17 +58,39 @@ func resourceArmSecurityCenterSubscriptionPricing() *schema.Resource { | |||
| string(security.Standard), | |||
| }, false), | |||
| }, | |||
| "resource_type": { | |||
| Type: schema.TypeString, | |||
| Required: true, | |||
There was a problem hiding this comment.
This will need to be Optional to avoid the breaking change. Setting a default value here (of default as before, or VirtualMachines if that replaces it?) would be appropriate.
There was a problem hiding this comment.
default is not allowed in the new version of the API, VirtualMachines replaces it. I guess in this case, I can remove the StateUpgraders. The reasons I made it a required parameter are (1) in the rest API is required and it's nice to keep a consistent behaviour and (2) not having an explicit resource type can be misleading (when reviewing the code the reader may think that the pricing tier affects all the resources within the subscription).
There was a problem hiding this comment.
@jackofallops do you still think that there should be a default value?
There was a problem hiding this comment.
If the previous API used Default, and only actually referred to VirtualMachines, then I think perhaps this should be the default? It also means the state upgrader will need to update the resource ID for existing resources as these will all end in \default for the pricings segment.
azurerm/internal/services/securitycenter/resource_arm_security_center_subscription_pricing.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/securitycenter/resource_arm_security_center_subscription_pricing.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/securitycenter/resource_arm_security_center_subscription_pricing.go
Outdated
Show resolved
Hide resolved
beandrad
force-pushed
the
issue-4846
branch
7 times, most recently
from
c69d063 to
c776112
Compare
There was a problem hiding this comment.
Hi @beandrad
Thanks for the updates and changes. I've left a few more comments below, but looking really good so far.
| @@ -44,17 +58,39 @@ func resourceArmSecurityCenterSubscriptionPricing() *schema.Resource { | |||
| string(security.Standard), | |||
| }, false), | |||
| }, | |||
| "resource_type": { | |||
| Type: schema.TypeString, | |||
| Required: true, | |||
There was a problem hiding this comment.
If the previous API used Default, and only actually referred to VirtualMachines, then I think perhaps this should be the default? It also means the state upgrader will need to update the resource ID for existing resources as these will all end in \default for the pricings segment.
...ernal/services/securitycenter/resource_arm_security_center_subscription_pricing_migration.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/securitycenter/resource_arm_security_center_workspace.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/securitycenter/resource_arm_security_center_workspace.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/securitycenter/resource_arm_security_center_workspace.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/securitycenter/resource_arm_security_center_subscription_pricing.go
Show resolved
Hide resolved
At the moment, only Virtual Machines are set with the security center standard or free pricing tiers when using `azurerm_security_center_subscription_pricing`. This change adds the field `resource_type`, which allows to specify the resource type for which we want to update the pricing tier. The v1 security center pricing client only allows to get the pricing tier of the default resource type (Virtual Machines) to check whether the subscription has standard or free security center pricing tier. However, a partial standard pricing tier (where one or more resource types have standar tier enabled) allows for a security center workspace to be created. This commit changes the client to v3 and checks if any resource type in the subscription has standard pricing tier enabled, and if so, it allows the creation of a security center workspace.
To avoid using multiple versions of the API.
Since these messages are already prefixed with `Error:`.
There was a problem hiding this comment.
Hi @beandrad - Thanks for the continued great work here. The changes of API have broken a couple of the acceptnce tests, if you could fix those up also, I think we're good to merge.
For context, TestAccAzureRMSecurityCenter_pricingAndWorkspace and TestAccAzureRMSecurityCenter_contact are both still using default.
Thanks!
azurerm/internal/services/securitycenter/resource_arm_security_center_subscription_pricing.go
Show resolved
Hide resolved
|
Tests passing (failures unrelated to change) |
|
This has been released in version 2.31.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: provider "azurerm" {
version = "~> 2.31.0"
}
# ... other configuration ... |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
ghost
locked as resolved and limited conversation to collaborators
Adds
resource_typetoazurerm_security_center_subscription_pricingto allow setting pricing tier (Free or Standard) per resource type. At the moment only VirtualMachines are affected by this resource.The problem with the current code is that is using the v1 pricing client, which only allows specifying
defaultas resource type, which seems to map to Virtual Machines resource type.Fixes: #4846