azurerm_cosmosdb_account add minimal_tls_version #24966
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…#24879) * azurerm_data_factory - allow the git_url to be blank/empty * update docs
* Initial Check-in... * Add regression test case... * Change fix design... * Address PR comments... * Updated description of the regression test case...
…orchestra… (hashicorp#24292) * hashicorp#24282: Support additional_unattend_content part of azurerm_orchestrated_virtual_machine_scale_set * hashicorp#24282: Changes as per review * hashicorp#24282: Fix errors and tests * hashicorp#24282: terrafmt
…_certificates data sources (hashicorp#24857) It can be useful when looking up secrets/certificates in Azure Key Vault to find them by tags instead of by names. Currently if you want to achieve this, you have to use the list (e.g. azurerm_key_vault_secrets) data source, and then pull in the actual data (e.g. azurerm_key_vault_secret) to be able to find secrets/certs by tags. This also results in the (secret) values for every secret/cert in the Key Vault being pulled in to the state file to achieve the behaviour, which is not necessarily ideal. This change allows accessing the tags of the secrets/certs without necessarily needing to pull in all the secret values.
* add context with deadline to tests * add context with deadline to tests * sort imports * add context with deadline
… for total_retention_in_days ValidateFunc (hashicorp#24888) * fix: azurerm_log_analytics_workspace_table - set correct max integer value for retention ValidateFunc * fix: azurerm_log_analytics_workspace_table: set max int for interactive logs to 730
…_pool resource (hashicorp#24369) * hashicorp#24358: Support vmTemplate for azurerm_virtual_desktop_host_pool resource * hashicorp#24358: Changes as per review comments * hashicorp#24358: Fix error * hashicorp#24358: Adding testcase for vm_template
…c subscription_id (hashicorp#24258) * Add subscription_id scope to cost anomaly alert * Update formatting * Cleanup update logic * Set subscription_id to optional * Apply suggestions from code review Co-authored-by: kt <[email protected]> * Tidy up test --------- Co-authored-by: kt <[email protected]>
…ic_network_access_enabled` is set to `false` (hashicorp#23823)
…p/go-azure-sdk` (hashicorp#24912) * update go-azure-sdk to v0.20240215.1143935 * add err msgs
mbfrahry
requested changes
Feb 27, 2024
| @@ -929,6 +938,15 @@ func resourceCosmosDbAccountCreate(d *pluginsdk.ResourceData, meta interface{}) | |||
| return fmt.Errorf("creating %s: %+v", id, err) | |||
| } | |||
|
|
|||
| // NOTE: this is to work around the issue here: https://github.com/Azure/azure-rest-api-specs/issues/27596 | |||
| // Once the above issue is resolved we shouldn't need this check and update anymore | |||
| if d.Get("create_mode").(string) == string(cosmosdb.CreateModeRestore) { | |||
There was a problem hiding this comment.
Is it easy to add a test for this? I think it might be better to pull this out into it's own PR
There was a problem hiding this comment.
It would be difficult to pull out into it's own PR because it requires minimal_tls_version to be implemented first, otherwise the check wouldn't have purpose. The check just re-sends the original payload so that the TLS version is set correctly on the backend.
It's kind of a chicken/egg scenario, since without Minimal TLS, there's no action to be taken because the value won't be in the state.
So far as writing a test, I believe might it is possible(checking state twice within a single action?) , but we would be checking for the presence of a bug. It would just be checking that the TLS version was first incorrectly set, then correctly set. This might work, but as soon as MS fixes it on their end, that test would break.
| @@ -224,6 +224,21 @@ func TestAccCosmosDBAccount_updateTagsWithUserAssignedDefaultIdentity(t *testing | |||
| }) | |||
| } | |||
|
|
|||
| func TestAccCosmosDBAccount_minimalTlsVersion(t *testing.T) { | |||
There was a problem hiding this comment.
This value is update-able so we should test update in this test
There was a problem hiding this comment.
Added a test for updates
| @@ -242,6 +242,14 @@ func resourceCosmosDbAccount() *pluginsdk.Resource { | |||
| }, | |||
| }, | |||
|
|
|||
| // per Microsoft's documentation, as of April 1 2023 the default minimal TLS version for all new accounts is 1.2 | |||
There was a problem hiding this comment.
Can we add a todo for 4.0 to add this in as a default?
mbfrahry
reviewed
Feb 27, 2024
| @@ -4166,7 +4221,15 @@ resource "azurerm_cosmosdb_mongo_collection" "test" { | |||
|
|
|||
| index { | |||
| keys = ["_id"] | |||
| unique = true | |||
There was a problem hiding this comment.
Can you share why this was flipped from true to false? It looks like the following is needed but I'm wondering why this needed to be flipped in the first place
// indices can cause test to be inconsistent
// I believe there is a bug within the azurerm_cosmosdb_mongo_collection that causes inconsistent results on read
lifecycle {
ignore_changes = [
index
]
There was a problem hiding this comment.
My mistake for altering the original value.
In the context of the test, it doesn't make a difference. The test itself fails due toazurerm_cosmosdb_mongo_collection flagging changes on the indices during the import phase. This occurs whether set to true or false.
Terraform will perform the following actions:
# azurerm_cosmosdb_mongo_collection.test will be updated in-place
~ resource "azurerm_cosmosdb_mongo_collection" "test" {
id = "/subscriptions/...."
name = "acctest-mongodb-coll-240227125500374571"
# (6 unchanged attributes hidden)
- index {
- keys = [
- "_id",
] -> null
- unique = true -> null
}
+ index {
+ keys = [
+ "_id",
]
+ unique = false
}
}
I known @rizkybiz as well as @katbyte both ran into issues on this particular test as well.
Risking this PR becoming stuck due to another resource misbehaving, I opted to ignore the changing property.
There was a problem hiding this comment.
So weird! But it does look it's not failing because of these changes! Thanks for following up!
mbfrahry
added a commit
that referenced
this pull request
Feb 27, 2024
rizkybiz
added a commit
to rizkybiz/terraform-provider-azurerm
that referenced
this pull request
Feb 29, 2024
rizkybiz
pushed a commit
to rizkybiz/terraform-provider-azurerm
that referenced
this pull request
Feb 29, 2024
lemeurherve
pushed a commit
to jenkins-infra/azure
that referenced
this pull request
Mar 11, 2024
<Actions>
<action
id="f410411e63aff4bb73a81c2aec1d373cf8a903e63b30dee2006b0030d8a94cc8">
<h3>Bump Terraform `azurerm` provider version</h3>
<details
id="1d9343c012f5434ac9fe8a98135bae3667b399259be16d9b14302ea3bd424a24">
<summary>Update Terraform lock file</summary>
<p>changes detected:
	"hashicorp/azurerm" updated from
"3.93.0" to "3.94.0" in file
".terraform.lock.hcl"</p>
<details>
<summary>3.94.0</summary>
<pre>Changelog retrieved
from:
	https://github.com/hashicorp/terraform-provider-azurerm/releases/tag/v3.94.0
FEATURES:

*
**New Resource**: `azurerm_kubernetes_fleet_update_run`
([#24813](https://github.com/hashicorp/terraform-provider-azurerm/issues/24813))

ENHANCEMENTS:

*
dependencies: updating to `v0.20240228.1142829` of
`github.com/hashicorp/go-azure-sdk`
([#25081](hashicorp/terraform-provider-azurerm#25081
`servicefabric`: updating to use the transport layer from
`hashicorp/go-azure-sdk` rather than `Azure/go-autorest`
([#25002](hashicorp/terraform-provider-azurerm#25002
`springcloud`: updating to API Version `2024-01-01-preview`
([#24937](hashicorp/terraform-provider-azurerm#24937
`securitycenter`: updating to use the transport layer from
`hashicorp/go-azure-sdk` rather than `Azure/go-autorest`
([#25081](hashicorp/terraform-provider-azurerm#25081
Data Source: `azurerm_storage_table_entities` - support for `select`
([#24987](hashicorp/terraform-provider-azurerm#24987
Data Source: `azurerm_netapp_volume` - support for the
`smb_access_based_enumeration` and `smb_non_browsable` properties
([#24514](hashicorp/terraform-provider-azurerm#24514
`azurerm_cosmosdb_account` - add support for the `minimal_tls_version`
property
([#24966](hashicorp/terraform-provider-azurerm#24966
`azurerm_federated_identity_credential` - the federated credentials can
now be changed without creating a new resource
([#25003](hashicorp/terraform-provider-azurerm#25003
`azurerm_kubernetes_cluster` - support for the
`current_kubernetes_version` property
([#25079](hashicorp/terraform-provider-azurerm#25079
`azurerm_kubernetes_cluster` - private DNS is now allowed for the
`web_app_routing` property
([#25038](hashicorp/terraform-provider-azurerm#25038
`azurerm_kubernetes_cluster` - migration between different
`outbound_type`s is now allowed
([#25021](hashicorp/terraform-provider-azurerm#25021
`azurerm_mssql_database` - support for the `recovery_point_id` and
`restore_long_term_retention_backup_id` properties
([#24904](hashicorp/terraform-provider-azurerm#24904
`azurerm_linux_virtual_machine` - support for the
`automatic_upgrade_enabled`, `disk_controller_type`,
`os_image_notification`, `treat_failure_as_deployment_failure_enabled`,
and `vm_agent_platform_updates_enabled`properties
([#23394](hashicorp/terraform-provider-azurerm#23394
`azurerm_nginx_deployment` - support for the `automatic_upgrade_channel`
property
([#24867](hashicorp/terraform-provider-azurerm#24867
`azurerm_netapp_volume` - support for the `smb_access_based_enumeration`
and `smb_non_browsable` properties
([#24514](hashicorp/terraform-provider-azurerm#24514
`azurerm_netapp_pool` - support for the `encryption_type` property
([#24993](hashicorp/terraform-provider-azurerm#24993
`azurerm_role_definition` - upgrade to the API version
`2022-05-01-preview`
([#25008](hashicorp/terraform-provider-azurerm#25008
`azurerm_redis_cache` - allow AAD auth for all SKUs
([#25006](hashicorp/terraform-provider-azurerm#25006
`azurerm_sql_managed_instance` - support for the
`zone_redundant_enabled` property
([#25089](hashicorp/terraform-provider-azurerm#25089
`azurerm_spring_cloud_gateway` - support for the
`application_performance_monitoring_ids` property
([#24919](hashicorp/terraform-provider-azurerm#24919
`azurerm_spring_cloud_configuration_service` - support for the
`refresh_interval_in_seconds` property
([#25009](hashicorp/terraform-provider-azurerm#25009
`azurerm_synapse_workspace` - support for using the
`user_assigned_identity_id` property within the `customer_managed_key`
block
([#25027](hashicorp/terraform-provider-azurerm#25027
`azurerm_windows_virtual_machine` - support for the
`automatic_upgrade_enabled`, `disk_controller_type`,
`os_image_notification`, `treat_failure_as_deployment_failure_enabled`,
and `vm_agent_platform_updates_enabled`properties
([#23394](https://github.com/hashicorp/terraform-provider-azurerm/issues/23394))

BUG
FIXES:

* `azurerm_api_management_notification_recipient_email`
- fixing an issue where response pages weren't iterated over
correctly
([#25055](hashicorp/terraform-provider-azurerm#25055
`azurerm_api_management_notification_recipient_user` - fixing an issue
where response pages weren't iterated over correctly
([#25055](hashicorp/terraform-provider-azurerm#25055
`azurerm_batch_pool` - fix setting the `extension.settings_json`
property
([#24976](hashicorp/terraform-provider-azurerm#24976
`azurerm_key_vault_key` - `expiration_date` can be updated if newer date
is ahead
([#25000](hashicorp/terraform-provider-azurerm#25000
`azurerm_pim_active_role_assignment` - fix an isue where the resource
would disappear or fail to import after 45 days
([#24524](hashicorp/terraform-provider-azurerm#24524
`azurerm_pim_eligible_role_assignment` - fix an isue where the resource
would disappear or fail to import after 45 days
([#24524](hashicorp/terraform-provider-azurerm#24524
`azurerm_recovery_services_vault` - validate that
`use_system_assigned_identity` and `user_assigned_identity_id` cannot be
set at the same time
([#24091](hashicorp/terraform-provider-azurerm#24091
`azurerm_recovery_vaults` will now create properly with
`SystemAssigned,UserAssigned` identity
([#24978](hashicorp/terraform-provider-azurerm#24978
`azurerm_subscription` - fixing an issue where response pages
weren't iterated over correctly
([#25055](https://github.com/hashicorp/terraform-provider-azurerm/issues/25055))


</pre>
</details>
<details>
<summary>3.95.0</summary>
<pre>Changelog retrieved
from:
	https://github.com/hashicorp/terraform-provider-azurerm/releases/tag/v3.95.0
FEATURES:

*
New Resource: `azurerm_container_app_custom_domain`
([#24421](hashicorp/terraform-provider-azurerm#24421
New Resource:
`azurerm_data_protection_backup_instance_kubernetes_cluster`
([#24940](hashicorp/terraform-provider-azurerm#24940
New Resource: `azurerm_static_web_app`
([#25117](hashicorp/terraform-provider-azurerm#25117
New resource: `azurerm_static_web_app_custom_domain`
([#25117](hashicorp/terraform-provider-azurerm#25117
New resource:
`azurerm_system_center_virtual_machine_manager_availability_set`
([#24975](hashicorp/terraform-provider-azurerm#24975
New Resource: `azurerm_workloads_sap_three_tier_virtual_instance`
([#24384](hashicorp/terraform-provider-azurerm#24384
New Resource: `azurerm_workloads_sap_single_node_virtual_instance`
([#24331](https://github.com/hashicorp/terraform-provider-azurerm/issues/24331))

ENHANCEMENTS:

*
`dependencies`: updating to v0.20240229.1102109 of
`github.com/hashicorp/go-azure-sdk`
([#25102](hashicorp/terraform-provider-azurerm#25102
`monitor`: updating to use the transport layer from
`hashicorp/go-azure-sdk` rather than `Azure/go-autorest`
[GH-#25102]
* `network`: updating to API Version `2023-09-01`
([#25095](hashicorp/terraform-provider-azurerm#25095
`azurerm_data_factory_integration_runtime_managed` - support for the
`credential_name` property
([#25033](hashicorp/terraform-provider-azurerm#25033
`azurerm_linux_function_app` - support for the `description` property in
the `ip_restriction` block
([#24527](hashicorp/terraform-provider-azurerm#24527
`azurerm_linux_function_app` - support for the
`ip_restriction_default_action` and `scm_ip_restriction_default_action`
properties
([#25131](hashicorp/terraform-provider-azurerm#25131
`azurerm_linux_function_app_slot` - support for the `description`
property in the `ip_restriction` block
([#24527](hashicorp/terraform-provider-azurerm#24527
`azurerm_linux_function_app_slot` - support for the
`ip_restriction_default_action` and `scm_ip_restriction_default_action`
properties
([#25131](hashicorp/terraform-provider-azurerm#25131
`azurerm_linux_web_app` - support for the `description` property in the
`ip_restriction` block
([#24527](hashicorp/terraform-provider-azurerm#24527
`azurerm_linux_web_app` - support for the
`ip_restriction_default_action` and `scm_ip_restriction_default_action`
properties
([#25131](hashicorp/terraform-provider-azurerm#25131
`azurerm_linux_web_app_slot` - support for the `description` property in
the `ip_restriction` block
([#24527](hashicorp/terraform-provider-azurerm#24527
`azurerm_linux_web_app_slot` - support for the
`ip_restriction_default_action` and `scm_ip_restriction_default_action`
properties
([#25131](hashicorp/terraform-provider-azurerm#25131
`azurerm_mysql_flexible_server` - setting the `storage.size_gb` property
to a smaller value now forces a new resource to be created
([#25074](hashicorp/terraform-provider-azurerm#25074
`azurerm_orbital_contact_profile` - changing the `channels` property no
longer creates a new resource
([#25129](hashicorp/terraform-provider-azurerm#25129
`azurerm_private_dns_resolver_inbound_endpoint` - the
`private_ip_address` property is no longer required when
`private_ip_allocation_method` is `Dynamic`
([#25035](hashicorp/terraform-provider-azurerm#25035
`stream_analytics_output_blob` - support for the `blob_write_mode`
property
([#25127](hashicorp/terraform-provider-azurerm#25127
`azurerm_windows_function_app` - support for the `description` property
in the `ip_restriction` block
([#24527](hashicorp/terraform-provider-azurerm#24527
`azurerm_windows_function_app` - support for the
`ip_restriction_default_action` and `scm_ip_restriction_default_action`
properties
([#25131](hashicorp/terraform-provider-azurerm#25131
`azurerm_windows_function_app_slot` - support for the `description`
property in the `ip_restriction` block
([#24527](hashicorp/terraform-provider-azurerm#24527
`azurerm_windows_function_app_slot` - support for the
`ip_restriction_default_action` and `scm_ip_restriction_default_action`
properties
([#25131](hashicorp/terraform-provider-azurerm#25131
`azurerm_windows_web_app` - support for the `description` property in
the `ip_restriction` block
([#24527](hashicorp/terraform-provider-azurerm#24527
`azurerm_windows_web_app` - support for the
`ip_restriction_default_action` and `scm_ip_restriction_default_action`
properties
([#25131](hashicorp/terraform-provider-azurerm#25131
`azurerm_windows_web_app_slot` - support for the `description` property
in the `ip_restriction` block
([#24527](hashicorp/terraform-provider-azurerm#24527
`azurerm_windows_web_app_slot` - support for the
`ip_restriction_default_action` and `scm_ip_restriction_default_action`
properties
([#25131](https://github.com/hashicorp/terraform-provider-azurerm/issues/25131))

BUG
FIXES:

* Data Source: `azurerm_function_app_host_keys` -
correctly set `event_grid_extension_key` by searching for the renamed
property in the API response
([#25108](hashicorp/terraform-provider-azurerm#25108
`azurerm_app_service_public_certificate` - fix issue where certificate
information was not being set correctly in the read
([#24943](hashicorp/terraform-provider-azurerm#24943
`azurerm_container_registry` - prevent recreation of the resource when
the `georeplication.tags` are updated
([#24994](hashicorp/terraform-provider-azurerm#24994
`azurerm_firewall_policy_rule_collection_group` - fix issue where the
client subscription ID was used to construct the `firewall_policy_id`
([#25145](hashicorp/terraform-provider-azurerm#25145
`azurerm_function_app_hybrid_connection` - fix issue where
`SendKeyValue` was not populated in the API payload
([#23761](hashicorp/terraform-provider-azurerm#23761
`azurerm_orbital_contact_profile` - fix creation of the resource when
`event_hub_uri` is not specified
([#25128](hashicorp/terraform-provider-azurerm#25128
`azurerm_recovery_services_vault` - prevent a panic when `immutability`
is updated
([#25132](hashicorp/terraform-provider-azurerm#25132
`azurerm_storage_account` - fix issue where the queue encryption key
type was set as the table encryption key type
([#25046](hashicorp/terraform-provider-azurerm#25046
`azurerm_web_app_hybrid_connection` - fix issue where `SendKeyValue` was
not populated in the API payload
([#23761](hashicorp/terraform-provider-azurerm#23761
`azurerm_mssql_database` - fix incorrect error due to typo when using
`restore_long_term_retention_backup_id`
([#25180](https://github.com/hashicorp/terraform-provider-azurerm/issues/25180))

DEPRECATIONS:

*
Deprecated Resource: `azurerm_static_site`
([#25117](hashicorp/terraform-provider-azurerm#25117
Deprecated Resource: `azurerm_static_site_custom_domain`
([#25117](hashicorp/terraform-provider-azurerm#25117
`azurerm_kubernetes_fleet_manager` - the `hub_profile` property has been
deprecated
([#25010](https://github.com/hashicorp/terraform-provider-azurerm/issues/25010))


</pre>
</details>
</details>
<a
href="https://infra.ci.jenkins.io/job/updatecli/job/azure/job/main/40/">Jenkins
pipeline link</a>
</action>
</Actions>
---
<table>
<tr>
<td width="77">
<img src="https://www.updatecli.io/images/updatecli.png" alt="Updatecli
logo" width="50" height="50">
</td>
<td>
<p>
Created automatically by <a
href="https://www.updatecli.io/">Updatecli</a>
</p>
<details><summary>Options:</summary>
<br />
<p>Most of Updatecli configuration is done via <a
href="https://www.updatecli.io/docs/prologue/quick-start/">its
manifest(s)</a>.</p>
<ul>
<li>If you close this pull request, Updatecli will automatically reopen
it, the next time it runs.</li>
<li>If you close this pull request and delete the base branch, Updatecli
will automatically recreate it, erasing all previous commits made.</li>
</ul>
<p>
Feel free to report any issues at <a
href="https://github.com/updatecli/updatecli/issues">github.com/updatecli/updatecli</a>.<br
/>
If you find this tool useful, do not hesitate to star <a
href="https://github.com/updatecli/updatecli/stargazers">our GitHub
repository</a> as a sign of appreciation, and/or to tell us directly on
our <a
href="https://matrix.to/#/#Updatecli_community:gitter.im">chat</a>!
</p>
</details>
</td>
</tr>
</table>
---------
Co-authored-by: Jenkins Infra Bot (updatecli) <[email protected]>
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
resolves #21295