New Resource & Data Source: azurerm_app_service_virtual_network_connection_gateway

[njuCZ]

Add new resource and data source for Gateway Required App Service Virtual Network Connection
(fix [#4333, #4332])

[katbyte]

Hi @njuCZ,

I started reviewing this and have left a bunch of comments inline. While going through the create function it appears we are calling a bunch of different APIs. Would this resource make more sense a a few individual ones that combine for the same affect? possible a virtual_network_gateway_connection and a virtual_network_gateway_connection_app_service_association resource?

[njuCZ]

Hi @njuCZ,

I started reviewing this and have left a bunch of comments inline. While going through the create function it appears we are calling a bunch of different APIs. Would this resource make more sense a a few individual ones that combine for the same affect? possible a virtual_network_gateway_connection and a virtual_network_gateway_connection_app_service_association resource?

this resource is to intergrate an app service with a virtual network. It's one whole function in the azure portal, though it needs call two different api. there is no need to separate into two different resources

[njuCZ]

@katbyte I have modified my codes according to your suggestion, could you kindly review my codes once more?

[katbyte]

Thanks for the revisions @njuCZ,

In addition to the comments i've left i'm wondering if it makes sense to export all those properties? are they available via the app service or vnet resource/data sources? because if they are it might make sense to leave them out with a comment stating as such and users can just instead use those, wdyt?

[katbyte]

Also we are getting test failures:

------- Stdout: -------
=== RUN   TestAccDataSourceAzureRMAppServiceVirtualNetworkConnection_basic
=== PAUSE TestAccDataSourceAzureRMAppServiceVirtualNetworkConnection_basic
=== CONT  TestAccDataSourceAzureRMAppServiceVirtualNetworkConnection_basic
--- FAIL: TestAccDataSourceAzureRMAppServiceVirtualNetworkConnection_basic (2946.44s)
    testing.go:569: Step 0 error: errors during apply:
        
        Error: error add certificate for gateway "example": error adding cerfiticate for gateway "example" (Resource Group "acctestRG-191114233037998613"): network.VirtualNetworkGatewaysClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: autorest/azure: Service returned an error. Status=<nil> Code="AnotherOperationInProgress" Message="Another operation on this or dependent resource is in progress. To retrieve status of the operation use uri: https://management.azure.com/subscriptions/1a6092a6-137e-4025-9a7c-ef77f76f2c02/providers/Microsoft.Network/locations/westeurope/operations/a672b118-fb92-4de0-911a-2bdd5a3c3050?api-version=2019-06-01." Details=[]

[njuCZ]

@katbyte thank you for your suggestion, I have fixed them

[katbyte]

thanks for the updates @njuCZ, i've left some more comments inline that need to be addressed before merge.

[njuCZ]

hi @katbyte I have refactored to azurerm_app_service_virtual_network_connection_gateway

[katbyte]

Hi @njuCZ,

I've given this another review and left my comments inline. I'd really like some additional detail in comments about the workflow of the create function and the steps its taking. Thanks!

[katbyte]

Could we get some comments explaining what the workflow is here and these function calls aredoing?

[njuCZ]

I have left some comments in the codes for the steps. At first I want to find the virtual network gateway from the virtual network, now we have both parameters: virtual_network_id and virtual_network_gateway_id, so I first check whether they are related. (thus virtual network gateway should located in a gateway subnet in the virtual network)

[katbyte]

Why are we ignoring lifecycle changes on this property? it might want to be computed if its being updated externally now

[njuCZ]

Because the steps are

1. CreateOrUpdateVnetConnection
2. result of step 1 contains cert infomation, we should set the cert to virtual network gateway (check duplicate)
3. generate vpn package uri
4. CreateOrUpdateVnetConnectionGateway using step 3's result

a gateway required virtual network integration needs these four steps. In this process, we need update certificate of the virtual network gateway.
I think there is no means to split this process.

I have added computed: true in the newest codes for virtual network gateway

[katbyte]

these are exported so could we word them as such?

[njuCZ]

@katbyte sorry for late reply. I have refined my codes.
The logic is a little complex for this function, you can mainly refer to this script
https://gallery.technet.microsoft.com/scriptcenter/Connect-an-app-in-Azure-ab7527e3

Thanks again for your patience reviewing this PR!

[jackofallops]

Hi @njuCZ
I've been working through this PR to see how we can get it progressed.

It feels like things are confused (and confusing) as there should be two resources (with data sources) here, azurerm_app_service_network_connection and azurerm_app_service_network_connection_gateway?

I think a redesign into 2 will simplify things, give better focus to each part, and help us get this through. WDYT?

[tombuildsstuff]

Based on this comment there's some design questions which need to be addressed here - rather than leaving this open whilst that's happening I'm going to close this PR for the moment, but once those have been resolved we can circle back around and take another look here

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!