-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
azurerm_postgresql_flexible_server - mark public_network_access_enabled as optional #25812
Changes from 15 commits
7168d14
0ef5691
ca141dc
e2b2a52
3ab28ee
97087eb
c5971c5
8fe8a0b
ea8f0dd
a20a509
7555138
d1fea46
66efd11
a4f67cc
7c5f48e
de337e5
a4bd274
853cc27
19ae87e
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
@@ -278,6 +278,7 @@ func resourcePostgresqlFlexibleServer() *pluginsdk.Resource { | |||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
"public_network_access_enabled": { | ||||||||||||||||||||||||||||||
Type: pluginsdk.TypeBool, | ||||||||||||||||||||||||||||||
Optional: true, | ||||||||||||||||||||||||||||||
Computed: true, | ||||||||||||||||||||||||||||||
}, | ||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
|
@@ -767,7 +768,7 @@ func resourcePostgresqlFlexibleServerUpdate(d *pluginsdk.ResourceData, meta inte | |||||||||||||||||||||||||||||
} | ||||||||||||||||||||||||||||||
} | ||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
if d.HasChange("private_dns_zone_id") { | ||||||||||||||||||||||||||||||
if d.HasChange("private_dns_zone_id") || d.HasChange("public_network_access_enabled") { | ||||||||||||||||||||||||||||||
parameters.Properties.Network = expandArmServerNetwork(d) | ||||||||||||||||||||||||||||||
} | ||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
|
@@ -964,6 +965,15 @@ func expandArmServerNetwork(d *pluginsdk.ResourceData) *servers.Network { | |||||||||||||||||||||||||||||
network.PrivateDnsZoneArmResourceId = utils.String(v.(string)) | ||||||||||||||||||||||||||||||
} | ||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
// `d.GetOk()` cannot identify if the bool property `public_network_access_enabled` is set or not in the tf config since d.GetOk() always returns `false` when `public_network_access_enabled` is set to `false` and `public_network_access_enabled` isn't set in the tf config | ||||||||||||||||||||||||||||||
if !pluginsdk.IsExplicitlyNullInConfig(d, "public_network_access_enabled") { | ||||||||||||||||||||||||||||||
publicNetworkAccessEnabled := servers.ServerPublicNetworkAccessStateDisabled | ||||||||||||||||||||||||||||||
if d.Get("public_network_access_enabled").(bool) { | ||||||||||||||||||||||||||||||
publicNetworkAccessEnabled = servers.ServerPublicNetworkAccessStateEnabled | ||||||||||||||||||||||||||||||
} | ||||||||||||||||||||||||||||||
network.PublicNetworkAccess = pointer.To(publicNetworkAccessEnabled) | ||||||||||||||||||||||||||||||
} | ||||||||||||||||||||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. By defaulting this in the Read we can just pull from the config:
Suggested change
Note: since the Azure API defaults this to There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. As I above mentioned, I assume that we can't simply hard-code the default value for public_network_access_enabled. So I may not apply this suggestion. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes, we can. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Updated |
||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
return &network | ||||||||||||||||||||||||||||||
} | ||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
|
Original file line number | Diff line number | Diff line change | ||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
@@ -116,6 +116,12 @@ The following arguments are supported: | |||||||||
|
||||||||||
~> **Note:** There will be a breaking change from upstream service at 15th July 2021, the `private_dns_zone_id` will be required when setting a `delegated_subnet_id`. For existing flexible servers who don't want to be recreated, you need to provide the `private_dns_zone_id` to the service team to manually migrate to the specified private DNS zone. The `azurerm_private_dns_zone` should end with suffix `.postgres.database.azure.com`. | ||||||||||
|
||||||||||
* `public_network_access_enabled` - (Optional) Is public network access enabled? | ||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. As I above mentioned, I assume that we can't simply hard-code the default value for public_network_access_enabled. So I may not add "Defaults to There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Updated |
||||||||||
|
||||||||||
~> **Note:** When `delegated_subnet_id` and `private_dns_zone_id` are set, the default value of `public_network_access_enabled` is `false`. | ||||||||||
|
||||||||||
~> **Note:** When `delegated_subnet_id` and `private_dns_zone_id` aren't set, the default value of `public_network_access_enabled` is `true`. | ||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. By defaulting this on our side, we can make this informational:
Suggested change
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. As I above mentioned, I assume that we can't simply hard-code the default value for public_network_access_enabled. So I may not apply this suggestion. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Updated |
||||||||||
|
||||||||||
* `high_availability` - (Optional) A `high_availability` block as defined below. | ||||||||||
|
||||||||||
* `identity` - (Optional) An `identity` block as defined below. | ||||||||||
|
@@ -245,8 +251,6 @@ In addition to the Arguments listed above - the following Attributes are exporte | |||||||||
|
||||||||||
* `fqdn` - The FQDN of the PostgreSQL Flexible Server. | ||||||||||
|
||||||||||
* `public_network_access_enabled` - Is public network access enabled? | ||||||||||
|
||||||||||
## Timeouts | ||||||||||
|
||||||||||
The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/language/resources/syntax#operation-timeouts) for certain actions: | ||||||||||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this shouldn't be Computed, but defaulted to
true
:There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I assume that we can't simply set the default value to "true" in the schema based on below reasons.
Error Message:
delegated_subnet_id
andprivate_dns_zone_id
, the value of public_network_access_enabled returned by service is false, then TF would cause difference since the default value is set to true in the schema.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, users would need to set the value to
false
in their configs when they configure eitherdelegated_subnet_id
orprivate_dns_zone_id
, that's expected.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated