diff --git a/internal/services/firewall/firewall_resource.go b/internal/services/firewall/firewall_resource.go index 6624a11d54c0..288d3a3db59e 100644 --- a/internal/services/firewall/firewall_resource.go +++ b/internal/services/firewall/firewall_resource.go @@ -77,7 +77,6 @@ func resourceFirewall() *pluginsdk.Resource { "sku_tier": { Type: pluginsdk.TypeString, Required: true, - ForceNew: true, ValidateFunc: validation.StringInSlice([]string{ string(network.AzureFirewallSkuTierPremium), string(network.AzureFirewallSkuTierStandard), diff --git a/internal/services/firewall/firewall_resource_test.go b/internal/services/firewall/firewall_resource_test.go index a4b9b8a095ac..84b5ebdf6ccc 100644 --- a/internal/services/firewall/firewall_resource_test.go +++ b/internal/services/firewall/firewall_resource_test.go @@ -16,6 +16,9 @@ import ( type FirewallResource struct{} +const premium = "Premium" +const standard = "Standard" + func TestAccFirewall_basic(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_firewall", "test") r := FirewallResource{} @@ -194,6 +197,31 @@ func TestAccFirewall_withZones(t *testing.T) { }) } +func TestAccFirewall_skuTierUpdate(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_firewall", "test") + r := FirewallResource{} + skuTier := standard + skuTierUpdate := premium + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withSkuTier(data, skuTier), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("sku_tier").HasValue("Standard"), + ), + }, + { + Config: r.withSkuTier(data, skuTierUpdate), + Check: acceptance.ComposeTestCheckFunc( + + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("sku_tier").HasValue("Premium"), + ), + }, + }) +} + func TestAccFirewall_withoutZone(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_firewall", "test") r := FirewallResource{} @@ -764,6 +792,58 @@ resource "azurerm_firewall" "test" { `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger) } +func (FirewallResource) withSkuTier(data acceptance.TestData, skuTier string) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-fw-%d" + location = "%s" +} + +resource "azurerm_virtual_network" "test" { + name = "acctestvirtnet%d" + address_space = ["10.0.0.0/16"] + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name +} + +resource "azurerm_subnet" "test" { + name = "AzureFirewallSubnet" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefixes = ["10.0.1.0/24"] +} + +resource "azurerm_public_ip" "test" { + name = "acctestpip%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + allocation_method = "Static" + sku = "Standard" + zones = [] +} + +resource "azurerm_firewall" "test" { + name = "acctestfirewall%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + sku_name = "AZFW_VNet" + sku_tier = "%s" + + ip_configuration { + name = "configuration" + subnet_id = azurerm_subnet.test.id + public_ip_address_id = azurerm_public_ip.test.id + } + + zones = [] +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger, skuTier) +} + func (FirewallResource) withZones(data acceptance.TestData, zones []string) string { zoneString := strings.Join(zones, ",") return fmt.Sprintf(` diff --git a/website/docs/r/firewall.html.markdown b/website/docs/r/firewall.html.markdown index db006c50d7d8..15071f52acb3 100644 --- a/website/docs/r/firewall.html.markdown +++ b/website/docs/r/firewall.html.markdown @@ -68,7 +68,7 @@ The following arguments are supported: * `sku_name` - (Required) SKU name of the Firewall. Possible values are `AZFW_Hub` and `AZFW_VNet`. Changing this forces a new resource to be created. -* `sku_tier` - (Required) SKU tier of the Firewall. Possible values are `Premium` and `Standard`. Changing this forces a new resource to be created. +* `sku_tier` - (Required) SKU tier of the Firewall. Possible values are `Premium` and `Standard`. * `firewall_policy_id` - (Optional) The ID of the Firewall Policy applied to this Firewall.