New Resource: azurerm_automanage_configuration_profile

[liuwuliuyun]

This is a brand new resource azurerm_automanage_configuration_profile with new RP Autotmanage

Current swagger link:
https://github.com/Azure/azure-rest-api-specs/blob/main/specification/automanage/resource-manager/Microsoft.Automanage/stable/2022-05-04/automanage.json

Overview doc link: https://microsoft.sharepoint.com/:w:/t/AutomationConfigAll/EbQgLvuRu8RMjcoQoyEoZo4BO58xhyMDmcQLgQlAR5Z2YA?e=kjHdP4&wdOrigin=TEAMS-ELECTRON.p2p.bim&wdExp=TEAMS-TREATMENT&wdhostclicktime=1652200808743

[liuwuliuyun]

GOROOT=C:\Program Files\Go #gosetup
GOPATH=C:\Users\yunliu1\go #gosetup
"C:\Program Files\Go\bin\go.exe" test -c -o C:\Users\yunliu1\AppData\Local\Temp\GoLand___go_test_github_com_hashicorp_terraform_provider_azurerm_internal_services_automanage.test.exe github.com/hashicorp/terraform-provider-azurerm/internal/services/automanage #gosetup
"C:\Program Files\Go\bin\go.exe" tool test2json -t C:\Users\yunliu1\AppData\Local\Temp\GoLand___go_test_github_com_hashicorp_terraform_provider_azurerm_internal_services_automanage.test.exe -test.v -test.paniconexit0 #gosetup
=== RUN TestAccAutoManageConfigurationProfile_basic
=== PAUSE TestAccAutoManageConfigurationProfile_basic
=== CONT TestAccAutoManageConfigurationProfile_basic
--- PASS: TestAccAutoManageConfigurationProfile_basic (133.55s)
=== RUN TestAccAutoManageConfigurationProfile_requiresImport
=== PAUSE TestAccAutoManageConfigurationProfile_requiresImport
=== CONT TestAccAutoManageConfigurationProfile_requiresImport
--- PASS: TestAccAutoManageConfigurationProfile_requiresImport (75.75s)
=== RUN TestAccAutoManageConfigurationProfile_complete
=== PAUSE TestAccAutoManageConfigurationProfile_complete
=== CONT TestAccAutoManageConfigurationProfile_complete
--- PASS: TestAccAutoManageConfigurationProfile_complete (135.67s)
=== RUN TestAccAutoManageConfigurationProfile_update
=== PAUSE TestAccAutoManageConfigurationProfile_update
=== CONT TestAccAutoManageConfigurationProfile_update
--- PASS: TestAccAutoManageConfigurationProfile_update (167.86s)
PASS

Process finished with the exit code 0

[liuwuliuyun]

GOROOT=C:\Program Files\Go #gosetup
GOPATH=C:\Users\yunliu1\go #gosetup
"C:\Program Files\Go\bin\go.exe" test -c -o C:\Users\yunliu1\AppData\Local\Temp\GoLand___go_test_github_com_hashicorp_terraform_provider_azurerm_internal_services_automanage.test.exe github.com/hashicorp/terraform-provider-azurerm/internal/services/automanage #gosetup
"C:\Program Files\Go\bin\go.exe" tool test2json -t C:\Users\yunliu1\AppData\Local\Temp\GoLand___go_test_github_com_hashicorp_terraform_provider_azurerm_internal_services_automanage.test.exe -test.v -test.paniconexit0 #gosetup
=== RUN TestAccAutoManageConfigurationProfile_basic
=== PAUSE TestAccAutoManageConfigurationProfile_basic
=== CONT TestAccAutoManageConfigurationProfile_basic
--- PASS: TestAccAutoManageConfigurationProfile_basic (144.44s)
=== RUN TestAccAutoManageConfigurationProfile_requiresImport
=== PAUSE TestAccAutoManageConfigurationProfile_requiresImport
=== CONT TestAccAutoManageConfigurationProfile_requiresImport
--- PASS: TestAccAutoManageConfigurationProfile_requiresImport (83.68s)
=== RUN TestAccAutoManageConfigurationProfile_complete
=== PAUSE TestAccAutoManageConfigurationProfile_complete
=== CONT TestAccAutoManageConfigurationProfile_complete
--- PASS: TestAccAutoManageConfigurationProfile_complete (141.47s)
=== RUN TestAccAutoManageConfigurationProfile_update
=== PAUSE TestAccAutoManageConfigurationProfile_update
=== CONT TestAccAutoManageConfigurationProfile_update
--- PASS: TestAccAutoManageConfigurationProfile_update (174.85s)
PASS

Process finished with the exit code 0

[stephybun]

Thanks for this PR @liuwuliuyun, this is off to a good start but there are two issues that need to be addressed. I've pointed these out in-line. Once those have been fixed up we can take another look through this.

[stephybun]

These should be exposed as individual properties instead of relying on the user to provide a valid json config.

[liuwuliuyun]

I agree that making this as individual properties would make it more user friendly. However, this part of property is not specified in swagger. Which means service team could protentially change this. For example, they could add/delete supported properties in the same API version. If that happens, we will introduce breaking change to customers without knowing.

[liuwuliuyun]

I have meet this multiple times and it is painful to resolve this kind of issue. Here is a recent example: Azure/azure-rest-api-specs#21553 . Plus, jsonencode is a terraform supported function and it is more flexible in this case.

[tombuildsstuff]

@JeffreyRichter any chance you could comment on the design of this API? We've seen instances of this previously where the API has been defined in this manner which have ultimately had a number of breaking changes to the API contract/payload (e.g. AKS/Kusto) - as such I'm wondering what consistency guarantees are available for the API here, as exposing this as JSON both isn't a good user experience and leaves this pretty brittle.

My understanding was that these "generic settings" API's were not recommended, so I'm kinda surprised to see the API version 2022-05-04 include this approach?

[JeffreyRichter]

I agree with Tom that this looks very suspicious. I don't have the full context here, but it also seems surprising to me that an open-ended JSON object would have passed by the ARM review board (I'll contact someone on that team and refer them to this). If the Azure service teams knows what can go here, then it should be in the swagger.

[rkmanda]

I tracked down the original PR where this was introduced and looks like it did go through an ARM review. I think it was either some lack of understanding on the part of the reviewer or a genuine miss. We have already recognized the need for a blocking linter rule for catching this issue in future and we are actively working on plugging this hole. After this automation is put in place, any PR with a "generic setting" will be blocked until either the change is reverted or an exception is granted explicitly.

[liuwuliuyun]

Hi @stephybun and @tombuildsstuff , I just got the complete list supported by the json input from service developers and there are a dozen of them. Do we still need to change each one of them to seperate property so that adding ~20 new properties to this resource? Plus, this does have possibility to change in the future according to the developers.

            "Alerts/AutomanageStatusChanges/Enable": "true", 
            "Antimalware/Enable": "true",
            "Antimalware/EnableRealTimeProtection": "true",
            "Antimalware/RunScheduledScan": "true",
            "Antimalware/ScanType": "Quick",
            "Antimalware/ScanDay": "7",
            "Antimalware/ScanTimeInMinutes": "120",
            "Backup/Enable": "true",
            "Backup/PolicyName": "dailyBackupPolicy",
            "Backup/TimeZone": "UTC",   
            "Backup/InstantRpRetentionRangeInDays": 2,
            "Backup/SchedulePolicy/ScheduleRunFrequency": "Daily",
            "Backup/SchedulePolicy/ScheduleRunTimes": [
                "2017-01-26T00:00:00Z"
            ],
            "Backup/SchedulePolicy/SchedulePolicyType": "SimpleSchedulePolicy",
            "Backup/RetentionPolicy/RetentionPolicyType": "LongTermRetentionPolicy",
            "Backup/RetentionPolicy/DailySchedule/RetentionTimes": [
                "2017-01-26T00:00:00Z"
            ],
            "Backup/RetentionPolicy/DailySchedule/RetentionDuration/Count": "180",
            "Backup/RetentionPolicy/DailySchedule/RetentionDuration/DurationType": "Days",
            "VMInsights/Enable": "true",
            "AzureSecurityCenter/Enable": "true",
            "DefenderForCloud/Enable": "true",
            "UpdateManagement/Enable": "true",
            "ChangeTrackingAndInventory/Enable": "true",
            "GuestConfiguration/Enable": "true",
            "LogAnalytics/Enable": "true",
            "BootDiagnostics/Enable": "true"

[liuwuliuyun]

Close this PR for now till further discussion.

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.