Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azurerm_key_vault_managed_hardware_security_module: remove ForceNew for public_network_access_enabled #26075

Merged
merged 3 commits into from
May 30, 2024
Merged

azurerm_key_vault_managed_hardware_security_module: remove ForceNew for public_network_access_enabled #26075

merged 3 commits into from
May 30, 2024

Conversation

wuxu92
Copy link
Contributor

@wuxu92 wuxu92 commented May 23, 2024

Community Note

  • Please vote on this PR by adding a 👍 reaction to the original PR to help the community and maintainers prioritize for review
  • Please do not leave "+1" or "me too" comments, they generate extra noise for PR followers and do not help prioritize for review

Description

The public_network_access_enabled should support update for manged HSM.

PR Checklist

  • I have followed the guidelines in our Contributing Documentation.
  • I have checked to ensure there aren't other open Pull Requests for the same update/change.
  • I have checked if my changes close any open issues. If so please include appropriate closing keywords below.
  • I have updated/added Documentation as required written in a helpful and kind way to assist users that may be unfamiliar with the resource / data source.
  • I have used a meaningful PR title to help maintainers and other users understand this change and help prevent duplicate work.
    For example: “resource_name_here - description of change e.g. adding property new_property_name_here

Changes to existing Resource / Data Source

  • I have added an explanation of what my changes do and why I'd like you to include them (This may be covered by linking to an issue above, but may benefit from additional explanation).
  • I have written new tests for my resource or datasource changes & updated any relevent documentation.
  • I have successfully run tests with my changes locally. If not, please provide details on testing challenges that prevented you running the tests.
  • (For changes that include a state migration only). I have manually tested the migration path between relevant versions of the provider.

Testing

  • My submission includes Test coverage as described in the Contribution Guide and the tests pass. (if this is not possible for any reason, please include details of why you did or could not add test coverage)
--- PASS: TestAccKeyVaultManagedHardwareSecurityModule (1572.95s)
    --- PASS: TestAccKeyVaultManagedHardwareSecurityModule/resource (1572.95s)
        --- PASS: TestAccKeyVaultManagedHardwareSecurityModule/resource/update (1572.95s)
PASS

Change Log

Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.

  • azurerm_key_vault_managed_hardware_security_module - support update public_network_access_enabled property

This is a (please select all that apply):

  • Bug Fix
  • New Feature (ie adding a service, resource, or data source)
  • Enhancement
  • Breaking Change

Related Issue(s)

Fixes #26044

Note

If this PR changes meaningfully during the course of review please update the title and description as required.

stephybun
stephybun requested changes May 27, 2024
View reviewed changes
Copy link
Member

@stephybun stephybun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @wuxu92. This looks mostly fine, but we need to use a different test to validate the update of this property. The basic test configs should only contain required properties.

internal/services/managedhsm/key_vault_managed_hardware_security_module_resource_test.go Outdated
tenant_id = data.azurerm_client_config.current.tenant_id
admin_object_ids = [data.azurerm_client_config.current.object_id]
purge_protection_enabled = false
public_network_access_enabled = true
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the config for the basic test which shouldn't have Optional properties in it. Can you please find another config/test to use to validate this case?

Suggested change
public_network_access_enabled = true

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, the public_network_access_enabled property is actually set to True by default. Therefore, I can simply remove this line from the basic config. However, can we still use basicUpdate to test the update of this property? Since most of the required properties of MSHM are also ForceNew, the basicUpdate config actually updates other non-required properties such as tags and network_acls.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, that's acceptable!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

removed from basic.

internal/services/managedhsm/key_vault_managed_hardware_security_module_resource_test.go
tenant_id = data.azurerm_client_config.current.tenant_id
admin_object_ids = [data.azurerm_client_config.current.object_id]
purge_protection_enabled = false
public_network_access_enabled = false
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here, from the name of the config this is only checking whether the required properties are updateable.

Suggested change
public_network_access_enabled = false

@stephybun
Copy link
Member

Thanks @wuxu92, the Terraform Schema Linting check just needs to be addressed now.

@wuxu92
Copy link
Contributor Author

wuxu92 commented May 28, 2024

Thanks @stephybun linting issue addressed.

stephybun
stephybun approved these changes May 30, 2024
View reviewed changes
Copy link
Member

@stephybun stephybun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @wuxu92 LGTM 👍

@stephybun stephybun merged commit bcee340 into hashicorp:main May 30, 2024
30 checks passed
@github-actions github-actions bot added this to the v3.106.0 milestone May 30, 2024
stephybun added a commit that referenced this pull request May 30, 2024
@stephybun
Update for #26052 #26075 #26137
713d813
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 1, 2024

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 1, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@stephybun stephybun stephybun approved these changes

Assignees
No one assigned
Labels
enhancement service/managed-hsm size/XS
Projects
None yet
Milestone
v3.106.0
Development

Successfully merging this pull request may close these issues.

Azure Managed HSM - Resource re-creation upon modification of the network configuration
2 participants
@wuxu92 @stephybun