-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG:] azurerm_mssql_elasticpool
/azurerm_mssql_database
- update the behavior of the enclave_type
field.
#25508
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Aside from one comment LGTM 🔩
<Actions> <action id="f410411e63aff4bb73a81c2aec1d373cf8a903e63b30dee2006b0030d8a94cc8"> <h3>Bump Terraform `azurerm` provider version</h3> <details id="1d9343c012f5434ac9fe8a98135bae3667b399259be16d9b14302ea3bd424a24"> <summary>Update Terraform lock file</summary> <p>changes detected:
	"hashicorp/azurerm" updated from "3.97.1" to "3.98.0" in file ".terraform.lock.hcl"</p> <details> <summary>3.98.0</summary> <pre>Changelog retrieved from:
	https://github.com/hashicorp/terraform-provider-azurerm/releases/tag/v3.98.0
FEATURES:

* New Resource: `azurerm_static_web_app_function_app_registration` ([#25331](hashicorp/terraform-provider-azurerm#25331 New Resource: `azurerm_system_center_virtual_machine_manager_inventory_items` ([#25110](hashicorp/terraform-provider-azurerm#25110 New Resource: `azurerm_workloads_sap_discovery_virtual_instance` ([#24342](hashicorp/terraform-provider-azurerm#24342 New Resource: `azurerm_redis_cache_policy` ([#25477](hashicorp/terraform-provider-azurerm#25477 New Resource: `azurerm_redis_cache_policy_assignment` ([#25477](https://github.com/hashicorp/terraform-provider-azurerm/issues/25477))

ENHANCEMENTS:

* dependencies: updating to `v0.20240402.1085733` of `github.com/hashicorp/go-azure-sdk` ([#25482](hashicorp/terraform-provider-azurerm#25482 dependencies: updating to `v0.67.0` of `github.com/hashicorp/go-azure-helpers` ([#25446](hashicorp/terraform-provider-azurerm#25446 dependencies: updating to `v0.25.4` of `github.com/tombuildsstuff/giovanni` ([#25404](hashicorp/terraform-provider-azurerm#25404 `alertsmanagement` - updating remaining resources to use `hashicorp/go-azure-sdk` ([#25486](hashicorp/terraform-provider-azurerm#25486 `applicationinsights` - updating remaining resources to use `hashicorp/go-azure-sdk` ([#25376](hashicorp/terraform-provider-azurerm#25376 `compute` - update to API version `2024-03-01` ([#25436](hashicorp/terraform-provider-azurerm#25436 `compute` - update shared image resources and data sources to use `hashicorp/go-azure-sdk` ([#25503](hashicorp/terraform-provider-azurerm#25503 `containerinstance` - update to use the transport layer from `hashicorp/go-azure-sdk` rather than `Azure/go-autorest` ([#25416](hashicorp/terraform-provider-azurerm#25416 `maintenance` - updating to API Version `2023-04-01` ([#25388](hashicorp/terraform-provider-azurerm#25388 `recovery_services` - Add `recovery_service` block to the provider that supports `vm_backup_stop_protection_and_retain_data_on_destroy` and `purge_protected_items_from_vault_on_destroy`([#25515](hashicorp/terraform-provider-azurerm#25515 `storage` - the Storage Account cache is now populated using `hashicorp/go-azure-sdk` ([#25437](hashicorp/terraform-provider-azurerm#25437 `azurerm_bot_service_azure_bot` - support for the `cmk_key_vault_key_url` property ([#23640](hashicorp/terraform-provider-azurerm#23640 `azurerm_capacity_reservation` - update validation for `capacity` ([#25471](hashicorp/terraform-provider-azurerm#25471 `azurerm_container_app` - add support for `key_vault_id` and `identity` properties in the `secret` block ([#24773](hashicorp/terraform-provider-azurerm#24773 `azurerm_databricks_workspace` - expose `managed_services_cmk_key_vault_id` and `managed_disk_cmk_key_vault_id and key_vault_id` to support cross subscription CMK's. ([#25091](hashicorp/terraform-provider-azurerm#25091 `azurerm_databricks_workspace_root_dbfs_customer_managed_key` - expose `key_vault_id` to support cross subscription CMK's. ([#25091](hashicorp/terraform-provider-azurerm#25091 `azurerm_managed_hsm_role_*_ids` - use specific resource id to replace generic nested item id ([#25323](hashicorp/terraform-provider-azurerm#25323 `azurerm_mssql_database` - add support for `secondary_type` ([#25360](hashicorp/terraform-provider-azurerm#25360 `azurerm_monitor_scheduled_query_rules_alert_v2` - support for the `identity` block ([#25365](hashicorp/terraform-provider-azurerm#25365 `azurerm_mssql_server_extended_auditing_policy` - support for `audit_actions_and_groups` and `predicate_expression` ([#25425](hashicorp/terraform-provider-azurerm#25425 `azurerm_netapp_account` - can now be imported ([#25384](hashicorp/terraform-provider-azurerm#25384 `azurerm_netapp_volume` - support for the `kerberos_enabled`, `smb_continuous_availability_enabled`, `kerberos_5_read_only_enabled`, `kerberos_5_read_write_enabled`, `kerberos_5i_read_only_enabled`, `kerberos_5i_read_write_enabled`, `kerberos_5p_read_only_enabled`, and `kerberos_5p_read_write_enabled` properties ([#25385](hashicorp/terraform-provider-azurerm#25385 `azurerm_recovery_services_vault` - upgrading to version `2024-01-01` ([#25325](hashicorp/terraform-provider-azurerm#25325 `azurerm_stack_hci_cluster` - the `client_id` property is now optional ([#25407](hashicorp/terraform-provider-azurerm#25407 `azurerm_storage_encryption_scope` - refactoring to use `hashicorp/go-azure-sdk` rather than `Azure/azure-sdk-for-go` ([#25437](hashicorp/terraform-provider-azurerm#25437 `azurerm_mssql_elasticpool` - the `maintenance_configuration_name` property now supports values `SQL_SouthAfricaNorth_DB_1`, `SQL_SouthAfricaNorth_DB_2`, `SQL_WestUS3_DB_1` and `SQL_WestUS3_DB_2` ([#25500](hashicorp/terraform-provider-azurerm#25500 `azurerm_lighthouse_assignment` - updating API Version from `2019-06-01` to `2022-10-01` ([#25473](https://github.com/hashicorp/terraform-provider-azurerm/issues/25473))

BUG FIXES:

* `network` - updating the `GatewaySubnet` validation to show the Subnet Name when the validation fails ([#25484](hashicorp/terraform-provider-azurerm#25484 `azurerm_function_app_hybrid_connection` - fix an issue during creation when `send_key_name` is specified ([#25379](hashicorp/terraform-provider-azurerm#25379 `azurerm_linux_web_app_slot` - fix a crash when upgrading the provider to v3.88.0 or later ([#25406](hashicorp/terraform-provider-azurerm#25406 `azurerm_mssql_database` - update the behavior of the `enclave_type` field. ([#25508](hashicorp/terraform-provider-azurerm#25508 `azurerm_mssql_elasticpool` - update the behavior of the `enclave_type` field. ([#25508](hashicorp/terraform-provider-azurerm#25508 `azurerm_network_manager_deployment` - add locking ([#25368](hashicorp/terraform-provider-azurerm#25368 `azurerm_resource_group_template_deployment` - changes to `parameters_content` and `template_content` now force `output_content` to be updated in the plan ([#25403](hashicorp/terraform-provider-azurerm#25403 `azurerm_storage_blob` - fix a potential crash when the endpoint is unreachable ([#25404](hashicorp/terraform-provider-azurerm#25404 `azurerm_storage_container` - fix a potential crash when the endpoint is unreachable ([#25404](hashicorp/terraform-provider-azurerm#25404 `azurerm_storage_data_lake_gen2_filesystem` - fix a potential crash when the endpoint is unreachable ([#25404](hashicorp/terraform-provider-azurerm#25404 `azurerm_storage_data_lake_gen2_filesystem_path` - fix a potential crash when the endpoint is unreachable ([#25404](hashicorp/terraform-provider-azurerm#25404 `azurerm_storage_queue` - fix a potential crash when the endpoint is unreachable ([#25404](hashicorp/terraform-provider-azurerm#25404 `azurerm_storage_share` - fix a potential crash when the endpoint is unreachable ([#25404](hashicorp/terraform-provider-azurerm#25404 `azurerm_storage_share_directory` - fix a potential crash when the endpoint is unreachable ([#25404](hashicorp/terraform-provider-azurerm#25404 `azurerm_storage_share_directory` - resolve an issue where directories might fail to destroy ([#25404](hashicorp/terraform-provider-azurerm#25404 `azurerm_storage_share_file` - fix a potential crash when the endpoint is unreachable ([#25404](hashicorp/terraform-provider-azurerm#25404 `azurerm_storage_share_file` - fix several bugs with path handling when creating files in subdirectories ([#25404](hashicorp/terraform-provider-azurerm#25404 `azurerm_web_app_hybrid_connection` - fix an issue during creation when `send_key_name` is specified ([#25379](hashicorp/terraform-provider-azurerm#25379 `azurerm_windows_web_app` - prevent a panic during resource upgrade ([#25509](https://github.com/hashicorp/terraform-provider-azurerm/issues/25509))


</pre> </details> </details> <a href="https://infra.ci.jenkins.io/job/updatecli/job/azure/job/main/88/">Jenkins pipeline link</a> </action> </Actions> --- <table> <tr> <td width="77"> <img src="https://www.updatecli.io/images/updatecli.png" alt="Updatecli logo" width="50" height="50"> </td> <td> <p> Created automatically by <a href="https://www.updatecli.io/">Updatecli</a> </p> <details><summary>Options:</summary> <br /> <p>Most of Updatecli configuration is done via <a href="https://www.updatecli.io/docs/prologue/quick-start/">its manifest(s)</a>.</p> <ul> <li>If you close this pull request, Updatecli will automatically reopen it, the next time it runs.</li> <li>If you close this pull request and delete the base branch, Updatecli will automatically recreate it, erasing all previous commits made.</li> </ul> <p> Feel free to report any issues at <a href="https://github.com/updatecli/updatecli/issues">github.com/updatecli/updatecli</a>.<br /> If you find this tool useful, do not hesitate to star <a href="https://github.com/updatecli/updatecli/stargazers">our GitHub repository</a> as a sign of appreciation, and/or to tell us directly on our <a href="https://matrix.to/#/#Updatecli_community:gitter.im">chat</a>! </p> </details> </td> </tr> </table> Co-authored-by: Jenkins Infra Bot (updatecli) <[email protected]>
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
Community Note
Description
The current implementation of the
enclave_type
field is incorrect, currently if the field is excluded from the configuration file Terraform always sets the value toDefault
. The way the feature should have been implemented is if theenclave_type
field is not specified in the configuration file it shouldn’t be passed as part of the ARM API request for databases/elastic pools.Each of the below
enclaveType
values have specific meaning and in case nothing is specified we shouldn’t pass that parameter to the ARM API request:Default
: enable default enclave functionality on the database, which can be VBS if capacity is available and no enclave if capacity is not available.VBS
: enable VBS enclave on the database.Passing
preferredEnclaveType: Default
to the ARM API when the field does not exist in the configuration file is causing a lot of customer support cases as theenclave
is getting enabled in their databases/elastic pools without their knowledge. This causes end users to get an error when they attempt to add a newly created database to a pre-existing elastic pool, which doesn’t have anenclave
type defined.PR Checklist
Test Results
Change Log
Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.
azurerm_mssql_elasticpool
- update the behavior of theenclave_type
field.azurerm_mssql_database
- update the behavior of theenclave_type
field.