From ce9d86bc275157671d8ab70b5d0ff0548f009730 Mon Sep 17 00:00:00 2001 From: Dapeng Zhang Date: Tue, 7 Apr 2020 14:36:57 +0800 Subject: [PATCH 1/3] Add azurerm_servicebus_namespace_network_rule --- .../services/servicebus/parse/namespace.go | 33 ++ .../parse/namespace_network_rule.go | 38 +++ .../parse/namespace_network_rule_test.go | 87 +++++ .../servicebus/parse/namespace_test.go | 74 +++++ .../services/servicebus/registration.go | 7 +- .../resource_arm_servicebus_namespace.go | 22 +- ...e_arm_servicebus_namespace_network_rule.go | 308 ++++++++++++++++++ ..._servicebus_namespace_network_rule_test.go | 252 ++++++++++++++ .../services/servicebus/validate/namespace.go | 38 +++ .../validate/namespace_network_rule.go | 34 ++ website/azurerm.erb | 4 + .../docs/r/servicebus_namespace.html.markdown | 6 +- ...cebus_namespace_network_rule.html.markdown | 111 +++++++ 13 files changed, 999 insertions(+), 15 deletions(-) create mode 100644 azurerm/internal/services/servicebus/parse/namespace.go create mode 100644 azurerm/internal/services/servicebus/parse/namespace_network_rule.go create mode 100644 azurerm/internal/services/servicebus/parse/namespace_network_rule_test.go create mode 100644 azurerm/internal/services/servicebus/parse/namespace_test.go create mode 100644 azurerm/internal/services/servicebus/resource_arm_servicebus_namespace_network_rule.go create mode 100644 azurerm/internal/services/servicebus/tests/resource_arm_servicebus_namespace_network_rule_test.go create mode 100644 azurerm/internal/services/servicebus/validate/namespace.go create mode 100644 azurerm/internal/services/servicebus/validate/namespace_network_rule.go create mode 100644 website/docs/r/servicebus_namespace_network_rule.html.markdown diff --git a/azurerm/internal/services/servicebus/parse/namespace.go b/azurerm/internal/services/servicebus/parse/namespace.go new file mode 100644 index 000000000000..e8cdeccce452 --- /dev/null +++ b/azurerm/internal/services/servicebus/parse/namespace.go @@ -0,0 +1,33 @@ +package parse + +import ( + "fmt" + + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" +) + +type ServiceBusNamespaceId struct { + Name string + ResourceGroup string +} + +func ServiceBusNamespaceID(input string) (*ServiceBusNamespaceId, error) { + id, err := azure.ParseAzureResourceID(input) + if err != nil { + return nil, fmt.Errorf("unable to parse Service Bus Namespace ID %q: %+v", input, err) + } + + namespace := ServiceBusNamespaceId{ + ResourceGroup: id.ResourceGroup, + } + + if namespace.Name, err = id.PopSegment("namespaces"); err != nil { + return nil, fmt.Errorf("unable to parse Service Bus Namespace ID %q: %+v", input, err) + } + + if err := id.ValidateNoEmptySegments(input); err != nil { + return nil, fmt.Errorf("unable to parse Service Bus Namespace ID %q: %+v", input, err) + } + + return &namespace, nil +} diff --git a/azurerm/internal/services/servicebus/parse/namespace_network_rule.go b/azurerm/internal/services/servicebus/parse/namespace_network_rule.go new file mode 100644 index 000000000000..7a42aafec960 --- /dev/null +++ b/azurerm/internal/services/servicebus/parse/namespace_network_rule.go @@ -0,0 +1,38 @@ +package parse + +import ( + "fmt" + + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" +) + +type ServiceBusNamespaceNetworkRuleId struct { + Name string + NamespaceName string + ResourceGroup string +} + +func ServiceBusNamespaceNetworkRuleID(input string) (*ServiceBusNamespaceNetworkRuleId, error) { + id, err := azure.ParseAzureResourceID(input) + if err != nil { + return nil, fmt.Errorf("unable to parse Service Bus Namespace Network Rule ID %q: %+v", input, err) + } + + rule := ServiceBusNamespaceNetworkRuleId{ + ResourceGroup: id.ResourceGroup, + } + + if rule.Name, err = id.PopSegment("networkrulesets"); err != nil { + return nil, fmt.Errorf("unable to parse Service Bus Namespace Network Rule ID %q: %+v", input, err) + } + + if rule.NamespaceName, err = id.PopSegment("namespaces"); err != nil { + return nil, fmt.Errorf("unable to parse Service Bus Namespace Network Rule ID %q: %+v", input, err) + } + + if err := id.ValidateNoEmptySegments(input); err != nil { + return nil, fmt.Errorf("unable to parse Service Bus Namespace Network Rule ID %q: %+v", input, err) + } + + return &rule, nil +} diff --git a/azurerm/internal/services/servicebus/parse/namespace_network_rule_test.go b/azurerm/internal/services/servicebus/parse/namespace_network_rule_test.go new file mode 100644 index 000000000000..853513eebc60 --- /dev/null +++ b/azurerm/internal/services/servicebus/parse/namespace_network_rule_test.go @@ -0,0 +1,87 @@ +package parse + +import "testing" + +func TestServiceBusNamespaceNetworkRuleID(t *testing.T) { + testData := []struct { + Name string + Input string + Error bool + Expected *ServiceBusNamespaceNetworkRuleId + }{ + { + Name: "Empty", + Input: "", + Error: true, + }, + { + Name: "No Resource Groups Segment", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000", + Error: true, + }, + { + Name: "No Resource Groups Value", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/", + Error: true, + }, + { + Name: "Resource Group ID", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/foo/", + Error: true, + }, + { + Name: "Missing Service Bus Namespace Name", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.ServiceBus/namespaces/", + Error: true, + }, + { + Name: "Service Bus Namespace ID", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.ServiceBus/namespaces/namespace1", + Error: true, + }, + { + Name: "Missing Network Rule Name", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.ServiceBus/namespaces/namespace1/networkrulesets/", + Error: true, + }, + { + Name: "Service Bus Namespace Network Rule ID", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.ServiceBus/namespaces/namespace1/networkrulesets/default", + Expected: &ServiceBusNamespaceNetworkRuleId{ + Name: "default", + NamespaceName: "namespace1", + ResourceGroup: "resGroup1", + }, + }, + { + Name: "Wrong casing", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.ServiceBus/Namespaces/namespace1", + Error: true, + }, + } + + for _, v := range testData { + t.Logf("[DEBUG] Testing %q", v.Name) + + actual, err := ServiceBusNamespaceNetworkRuleID(v.Input) + if err != nil { + if v.Error { + continue + } + + t.Fatalf("Expected a value but got an error: %s", err) + } + + if actual.Name != v.Expected.Name { + t.Fatalf("Expected %q but got %q for Name", v.Expected.Name, actual.Name) + } + + if actual.NamespaceName != v.Expected.NamespaceName { + t.Fatalf("Expected %q but got %q for Name", v.Expected.NamespaceName, actual.NamespaceName) + } + + if actual.ResourceGroup != v.Expected.ResourceGroup { + t.Fatalf("Expected %q but got %q for Resource Group", v.Expected.ResourceGroup, actual.ResourceGroup) + } + } +} diff --git a/azurerm/internal/services/servicebus/parse/namespace_test.go b/azurerm/internal/services/servicebus/parse/namespace_test.go new file mode 100644 index 000000000000..98d154e8767d --- /dev/null +++ b/azurerm/internal/services/servicebus/parse/namespace_test.go @@ -0,0 +1,74 @@ +package parse + +import ( + "testing" +) + +func TestServiceBusNamespaceID(t *testing.T) { + testData := []struct { + Name string + Input string + Error bool + Expected *ServiceBusNamespaceId + }{ + { + Name: "Empty", + Input: "", + Error: true, + }, + { + Name: "No Resource Groups Segment", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000", + Error: true, + }, + { + Name: "No Resource Groups Value", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/", + Error: true, + }, + { + Name: "Resource Group ID", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/foo/", + Error: true, + }, + { + Name: "Missing Service Bus Namespace Name", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.ServiceBus/namespaces/", + Error: true, + }, + { + Name: "Service Bus Namespace ID", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.ServiceBus/namespaces/namespace1", + Expected: &ServiceBusNamespaceId{ + ResourceGroup: "resGroup1", + Name: "namespace1", + }, + }, + { + Name: "Wrong casing", + Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.ServiceBus/Namespaces/namespace1", + Error: true, + }, + } + + for _, v := range testData { + t.Logf("[DEBUG] Testing %q", v.Name) + + actual, err := ServiceBusNamespaceID(v.Input) + if err != nil { + if v.Error { + continue + } + + t.Fatalf("Expected a value but got an error: %s", err) + } + + if actual.Name != v.Expected.Name { + t.Fatalf("Expected %q but got %q for Name", v.Expected.Name, actual.Name) + } + + if actual.ResourceGroup != v.Expected.ResourceGroup { + t.Fatalf("Expected %q but got %q for Resource Group", v.Expected.ResourceGroup, actual.ResourceGroup) + } + } +} diff --git a/azurerm/internal/services/servicebus/registration.go b/azurerm/internal/services/servicebus/registration.go index 71d7f529a671..e2f7bec5e7d1 100644 --- a/azurerm/internal/services/servicebus/registration.go +++ b/azurerm/internal/services/servicebus/registration.go @@ -31,12 +31,13 @@ func (r Registration) SupportedDataSources() map[string]*schema.Resource { // SupportedResources returns the supported Resources supported by this Service func (r Registration) SupportedResources() map[string]*schema.Resource { return map[string]*schema.Resource{ - "azurerm_servicebus_namespace_authorization_rule": resourceArmServiceBusNamespaceAuthorizationRule(), "azurerm_servicebus_namespace": resourceArmServiceBusNamespace(), - "azurerm_servicebus_queue_authorization_rule": resourceArmServiceBusQueueAuthorizationRule(), + "azurerm_servicebus_namespace_authorization_rule": resourceArmServiceBusNamespaceAuthorizationRule(), + "azurerm_servicebus_namespace_network_rule": resourceServiceBusNamespaceNetworkRule(), "azurerm_servicebus_queue": resourceArmServiceBusQueue(), - "azurerm_servicebus_subscription_rule": resourceArmServiceBusSubscriptionRule(), + "azurerm_servicebus_queue_authorization_rule": resourceArmServiceBusQueueAuthorizationRule(), "azurerm_servicebus_subscription": resourceArmServiceBusSubscription(), + "azurerm_servicebus_subscription_rule": resourceArmServiceBusSubscriptionRule(), "azurerm_servicebus_topic_authorization_rule": resourceArmServiceBusTopicAuthorizationRule(), "azurerm_servicebus_topic": resourceArmServiceBusTopic(), } diff --git a/azurerm/internal/services/servicebus/resource_arm_servicebus_namespace.go b/azurerm/internal/services/servicebus/resource_arm_servicebus_namespace.go index a9c9fc624e52..175cedc43090 100644 --- a/azurerm/internal/services/servicebus/resource_arm_servicebus_namespace.go +++ b/azurerm/internal/services/servicebus/resource_arm_servicebus_namespace.go @@ -3,7 +3,6 @@ package servicebus import ( "fmt" "log" - "regexp" "strings" "time" @@ -16,7 +15,10 @@ import ( "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/features" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/servicebus/parse" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/servicebus/validate" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tags" + azSchema "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/schema" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" ) @@ -32,9 +34,10 @@ func resourceArmServiceBusNamespace() *schema.Resource { Update: resourceArmServiceBusNamespaceCreateUpdate, Delete: resourceArmServiceBusNamespaceDelete, - Importer: &schema.ResourceImporter{ - State: schema.ImportStatePassthrough, - }, + Importer: azSchema.ValidateResourceIDPriorToImport(func(id string) error { + _, err := parse.ServiceBusNamespaceID(id) + return err + }), MigrateState: ResourceAzureRMServiceBusNamespaceMigrateState, SchemaVersion: 1, @@ -48,13 +51,10 @@ func resourceArmServiceBusNamespace() *schema.Resource { Schema: map[string]*schema.Schema{ "name": { - Type: schema.TypeString, - Required: true, - ForceNew: true, - ValidateFunc: validation.StringMatch( - regexp.MustCompile("^[a-zA-Z][-a-zA-Z0-9]{0,100}[a-zA-Z0-9]$"), - "The namespace can contain only letters, numbers, and hyphens. The namespace must start with a letter, and it must end with a letter or number.", - ), + Type: schema.TypeString, + Required: true, + ForceNew: true, + ValidateFunc: validate.ServiceBusNamespaceName, }, "location": azure.SchemaLocation(), diff --git a/azurerm/internal/services/servicebus/resource_arm_servicebus_namespace_network_rule.go b/azurerm/internal/services/servicebus/resource_arm_servicebus_namespace_network_rule.go new file mode 100644 index 000000000000..ed707013778d --- /dev/null +++ b/azurerm/internal/services/servicebus/resource_arm_servicebus_namespace_network_rule.go @@ -0,0 +1,308 @@ +package servicebus + +import ( + "fmt" + "log" + "time" + + "github.com/Azure/azure-sdk-for-go/services/preview/servicebus/mgmt/2018-01-01-preview/servicebus" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/helper/validation" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/set" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/suppress" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" + validateNetwork "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/network/validate" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/servicebus/parse" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/servicebus/validate" + azSchema "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/schema" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" +) + +func resourceServiceBusNamespaceNetworkRule() *schema.Resource { + return &schema.Resource{ + Create: resourceServiceBusNamespaceNetworkRuleCreateUpdate, + Read: resourceServiceBusNamespaceNetworkRuleRead, + Update: resourceServiceBusNamespaceNetworkRuleCreateUpdate, + Delete: resourceServiceBusNamespaceNetworkRuleDelete, + + Importer: azSchema.ValidateResourceIDPriorToImport(func(id string) error { + _, err := parse.ServiceBusNamespaceNetworkRuleID(id) + return err + }), + + Timeouts: &schema.ResourceTimeout{ + Create: schema.DefaultTimeout(30 * time.Minute), + Read: schema.DefaultTimeout(5 * time.Minute), + Update: schema.DefaultTimeout(30 * time.Minute), + Delete: schema.DefaultTimeout(30 * time.Minute), + }, + + Schema: map[string]*schema.Schema{ + "resource_group_name": azure.SchemaResourceGroupName(), + + "namespace_name": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + ValidateFunc: validate.ServiceBusNamespaceName, + }, + + "default_action": { + Type: schema.TypeString, + Optional: true, + Default: string(servicebus.Allow), + ValidateFunc: validation.StringInSlice([]string{ + string(servicebus.Allow), + string(servicebus.Deny), + }, false), + }, + + "ip_masks": { + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + + "network_rules": { + Type: schema.TypeSet, + Optional: true, + Set: networkRuleHash, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "subnet_id": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validateNetwork.SubnetID, + // The subnet ID returned from the service will have `resourceGroup/{resourceGroupName}` all in lower cases... + DiffSuppressFunc: suppress.CaseDifference, + }, + "ignore_missing_vnet_service_endpoint": { + Type: schema.TypeBool, + Optional: true, + Default: false, + }, + }, + }, + }, + }, + } +} + +func resourceServiceBusNamespaceNetworkRuleCreateUpdate(d *schema.ResourceData, meta interface{}) error { + client := meta.(*clients.Client).ServiceBus.NamespacesClientPreview + ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d) + defer cancel() + + resourceGroup := d.Get("resource_group_name").(string) + namespaceName := d.Get("namespace_name").(string) + + if d.IsNewResource() { + existing, err := client.GetNetworkRuleSet(ctx, resourceGroup, namespaceName) + if err != nil { + if !utils.ResponseWasNotFound(existing.Response) { + return fmt.Errorf("failed to check for presence of existing Service Bus Namespace Network Rule (Namespace %q / Resource Group %q): %+v", namespaceName, resourceGroup, err) + } + } + + // This resource is unique to the corresponding service bus namespace. + // It will be created automatically along with the namespace, therefore we check whether this resource is identical to a "deleted" one + if !CheckNetworkRuleNullified(existing) { + return tf.ImportAsExistsError("azurerm_servicebus_namespace_network_rule", *existing.ID) + } + } + + parameters := servicebus.NetworkRuleSet{ + NetworkRuleSetProperties: &servicebus.NetworkRuleSetProperties{ + DefaultAction: servicebus.DefaultAction(d.Get("default_action").(string)), + VirtualNetworkRules: expandServiceBusNamespaceVirtualNetworkRules(d.Get("network_rules").(*schema.Set).List()), + IPRules: expandServiceBusNamespaceIPRules(d.Get("ip_masks").(*schema.Set).List()), + }, + } + + if _, err := client.CreateOrUpdateNetworkRuleSet(ctx, resourceGroup, namespaceName, parameters); err != nil { + return fmt.Errorf("failed to create Service Bus Namespace Network Rule (Namespace %q / Resource Group %q): %+v", namespaceName, resourceGroup, err) + } + + resp, err := client.GetNetworkRuleSet(ctx, resourceGroup, namespaceName) + if err != nil { + return fmt.Errorf("failed to retrieve Service Bus Namespace Network Rule (Namespace %q / Resource Group %q): %+v", namespaceName, resourceGroup, err) + } + if resp.ID == nil || *resp.ID == "" { + return fmt.Errorf("cannot read Service Bus Namespace Network Rule (Namespace %q / Resource Group %q) ID", namespaceName, resourceGroup) + } + d.SetId(*resp.ID) + + return resourceServiceBusNamespaceNetworkRuleRead(d, meta) +} + +func resourceServiceBusNamespaceNetworkRuleRead(d *schema.ResourceData, meta interface{}) error { + client := meta.(*clients.Client).ServiceBus.NamespacesClientPreview + ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) + defer cancel() + + id, err := parse.ServiceBusNamespaceNetworkRuleID(d.Id()) + if err != nil { + return err + } + + resp, err := client.GetNetworkRuleSet(ctx, id.ResourceGroup, id.NamespaceName) + if err != nil { + if utils.ResponseWasNotFound(resp.Response) { + log.Printf("[INFO] Service Bus Namespace Network Rule %q does not exist - removing from state", d.Id()) + d.SetId("") + return nil + } + return fmt.Errorf("failed to read Service Bus Namespace Network Rule %q (Namespace %q / Resource Group %q): %+v", id.Name, id.NamespaceName, id.ResourceGroup, err) + } + + d.Set("namespace_name", id.NamespaceName) + d.Set("resource_group_name", id.ResourceGroup) + + if props := resp.NetworkRuleSetProperties; props != nil { + d.Set("default_action", string(props.DefaultAction)) + + if err := d.Set("network_rules", schema.NewSet(networkRuleHash, flattenServiceBusNamespaceVirtualNetworkRules(props.VirtualNetworkRules))); err != nil { + return fmt.Errorf("failed to set `network_rules`: %+v", err) + } + + if err := d.Set("ip_masks", flattenServiceBusNamespaceIPRules(props.IPRules)); err != nil { + return fmt.Errorf("failed to set `ip_masks`: %+v", err) + } + } + + return nil +} + +func resourceServiceBusNamespaceNetworkRuleDelete(d *schema.ResourceData, meta interface{}) error { + client := meta.(*clients.Client).ServiceBus.NamespacesClientPreview + ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d) + defer cancel() + + id, err := parse.ServiceBusNamespaceNetworkRuleID(d.Id()) + if err != nil { + return err + } + + // A network rule is unique to a namespace, this rule cannot be deleted. + // Therefore we here are just disabling it by setting the default_action to allow and remove all its rules and masks + + parameters := servicebus.NetworkRuleSet{ + NetworkRuleSetProperties: &servicebus.NetworkRuleSetProperties{ + DefaultAction: servicebus.Deny, + }, + } + + if _, err := client.CreateOrUpdateNetworkRuleSet(ctx, id.ResourceGroup, id.NamespaceName, parameters); err != nil { + return fmt.Errorf("failed to delete Service Bus Namespace Network Rule %q (Namespace %q / Resource Group %q): %+v", id.Name, id.NamespaceName, id.ResourceGroup, err) + } + + return nil +} + +func expandServiceBusNamespaceVirtualNetworkRules(input []interface{}) *[]servicebus.NWRuleSetVirtualNetworkRules { + if len(input) == 0 { + return nil + } + + result := make([]servicebus.NWRuleSetVirtualNetworkRules, 0) + for _, v := range input { + raw := v.(map[string]interface{}) + result = append(result, servicebus.NWRuleSetVirtualNetworkRules{ + Subnet: &servicebus.Subnet{ + ID: utils.String(raw["subnet_id"].(string)), + }, + IgnoreMissingVnetServiceEndpoint: utils.Bool(raw["ignore_missing_vnet_service_endpoint"].(bool)), + }) + } + + return &result +} + +func flattenServiceBusNamespaceVirtualNetworkRules(input *[]servicebus.NWRuleSetVirtualNetworkRules) []interface{} { + result := make([]interface{}, 0) + if input == nil { + return result + } + + for _, v := range *input { + subnetId := "" + if v.Subnet != nil && v.Subnet.ID != nil { + subnetId = *v.Subnet.ID + } + + ignore := false + if v.IgnoreMissingVnetServiceEndpoint != nil { + ignore = *v.IgnoreMissingVnetServiceEndpoint + } + + result = append(result, map[string]interface{}{ + "subnet_id": subnetId, + "ignore_missing_vnet_service_endpoint": ignore, + }) + } + + return result +} + +func expandServiceBusNamespaceIPRules(input []interface{}) *[]servicebus.NWRuleSetIPRules { + if len(input) == 0 { + return nil + } + + result := make([]servicebus.NWRuleSetIPRules, 0) + for _, v := range input { + result = append(result, servicebus.NWRuleSetIPRules{ + IPMask: utils.String(v.(string)), + Action: servicebus.NetworkRuleIPActionAllow, + }) + } + + return &result +} + +func flattenServiceBusNamespaceIPRules(input *[]servicebus.NWRuleSetIPRules) []interface{} { + result := make([]interface{}, 0) + if input == nil || len(*input) == 0 { + return result + } + + for _, v := range *input { + if v.IPMask != nil { + result = append(result, *v.IPMask) + } + } + + return result +} + +func networkRuleHash(input interface{}) int { + v := input.(map[string]interface{}) + + // we are just taking subnet_id into the hash function and ignore the ignore_missing_vnet_service_endpoint to ensure there would be no duplicates of subnet id + // the service returns this ID with segment resourceGroup and resource group name all in lower cases, to avoid unnecessary diff, we extract this ID and reconstruct this hash code + return set.HashStringIgnoreCase(v["subnet_id"]) +} + +func CheckNetworkRuleNullified(resp servicebus.NetworkRuleSet) bool { + if resp.ID == nil || *resp.ID == "" { + return true + } + if resp.NetworkRuleSetProperties == nil { + return true + } + if resp.DefaultAction != servicebus.Deny { + return false + } + if resp.VirtualNetworkRules != nil && len(*resp.VirtualNetworkRules) > 0 { + return false + } + if resp.IPRules != nil && len(*resp.IPRules) > 0 { + return false + } + return true +} diff --git a/azurerm/internal/services/servicebus/tests/resource_arm_servicebus_namespace_network_rule_test.go b/azurerm/internal/services/servicebus/tests/resource_arm_servicebus_namespace_network_rule_test.go new file mode 100644 index 000000000000..36e6e6812337 --- /dev/null +++ b/azurerm/internal/services/servicebus/tests/resource_arm_servicebus_namespace_network_rule_test.go @@ -0,0 +1,252 @@ +package tests + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/servicebus" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/servicebus/parse" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" +) + +func TestAccAzureRMServiceBusNamespaceNetworkRule_basic(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_servicebus_namespace_network_rule", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMServiceBusNamespaceNetworkRuleDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMServiceBusNamespaceNetworkRule_basic(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMServiceBusNamespaceNetworkRuleExists(data.ResourceName), + ), + }, + data.ImportStep(), + }, + }) +} + +func TestAccAzureRMServiceBusNamespaceNetworkRule_complete(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_servicebus_namespace_network_rule", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMServiceBusNamespaceNetworkRuleDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMServiceBusNamespaceNetworkRule_complete(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMServiceBusNamespaceNetworkRuleExists(data.ResourceName), + ), + }, + data.ImportStep(), + }, + }) +} + +func TestAccAzureRMServiceBusNamespaceNetworkRule_update(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_servicebus_namespace_network_rule", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMServiceBusNamespaceNetworkRuleDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMServiceBusNamespaceNetworkRule_basic(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMServiceBusNamespaceNetworkRuleExists(data.ResourceName), + ), + }, + data.ImportStep(), + { + Config: testAccAzureRMServiceBusNamespaceNetworkRule_complete(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMServiceBusNamespaceNetworkRuleExists(data.ResourceName), + ), + }, + data.ImportStep(), + { + Config: testAccAzureRMServiceBusNamespaceNetworkRule_basic(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMServiceBusNamespaceNetworkRuleExists(data.ResourceName), + ), + }, + data.ImportStep(), + }, + }) +} + +func TestAccAzureRMServiceBusNamespaceNetworkRule_requiresImport(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_servicebus_namespace_network_rule", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMServiceBusNamespaceNetworkRuleDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMServiceBusNamespaceNetworkRule_basic(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMServiceBusNamespaceNetworkRuleExists(data.ResourceName), + ), + }, + data.RequiresImportErrorStep(testAccAzureRMServiceBusNamespaceNetworkRule_requiresImport), + }, + }) +} + +func testCheckAzureRMServiceBusNamespaceNetworkRuleExists(resourceName string) resource.TestCheckFunc { + return func(s *terraform.State) error { + client := acceptance.AzureProvider.Meta().(*clients.Client).ServiceBus.NamespacesClientPreview + ctx := acceptance.AzureProvider.Meta().(*clients.Client).StopContext + + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return fmt.Errorf("Service Bus Namespace Network Rule not found: %s", resourceName) + } + + id, err := parse.ServiceBusNamespaceNetworkRuleID(rs.Primary.ID) + if err != nil { + return err + } + + if resp, err := client.GetNetworkRuleSet(ctx, id.ResourceGroup, id.NamespaceName); err != nil { + if utils.ResponseWasNotFound(resp.Response) { + return fmt.Errorf("Service Bus Namespace Network Rule (Namespace %q / Resource Group %q) does not exist", id.NamespaceName, id.ResourceGroup) + } + return fmt.Errorf("failed to GetNetworkRuleSet on ServiceBus.NamespacesClientPreview: %+v", err) + } + + return nil + } +} + +func testCheckAzureRMServiceBusNamespaceNetworkRuleDestroy(s *terraform.State) error { + client := acceptance.AzureProvider.Meta().(*clients.Client).ServiceBus.NamespacesClientPreview + ctx := acceptance.AzureProvider.Meta().(*clients.Client).StopContext + + for _, rs := range s.RootModule().Resources { + if rs.Type != "azurerm_servicebus_namespace_network_rule" { + continue + } + + id, err := parse.ServiceBusNamespaceNetworkRuleID(rs.Primary.ID) + if err != nil { + return err + } + + // this resource cannot be deleted, instead, we check if this setting was set back to empty + resp, err := client.GetNetworkRuleSet(ctx, id.ResourceGroup, id.NamespaceName) + if err != nil { + if !utils.ResponseWasNotFound(resp.Response) { + return fmt.Errorf("failed to GetNetworkRuleSet on ServiceBus.NamespacesClientPreview: %+v", err) + } + return nil + } + + if !servicebus.CheckNetworkRuleNullified(resp) { + return fmt.Errorf("the Service Bus Namespace Network Rule (Namespace %q / Resource Group %q) still exists", id.NamespaceName, id.ResourceGroup) + } + } + + return nil +} + +func testAccAzureRMServiceBusNamespaceNetworkRule_basic(data acceptance.TestData) string { + template := testAccAzureRMServiceBusNamespaceNetworkRule_template(data) + return fmt.Sprintf(` +%s + +resource "azurerm_servicebus_namespace_network_rule" "test" { + namespace_name = azurerm_servicebus_namespace.test.name + resource_group_name = azurerm_resource_group.test.name + + default_action = "Deny" + + network_rules { + subnet_id = azurerm_subnet.test.id + ignore_missing_vnet_service_endpoint = false + } +} +`, template) +} + +func testAccAzureRMServiceBusNamespaceNetworkRule_complete(data acceptance.TestData) string { + template := testAccAzureRMServiceBusNamespaceNetworkRule_template(data) + return fmt.Sprintf(` +%s + +resource "azurerm_servicebus_namespace_network_rule" "test" { + namespace_name = azurerm_servicebus_namespace.test.name + resource_group_name = azurerm_resource_group.test.name + + default_action = "Deny" + + network_rules { + subnet_id = azurerm_subnet.test.id + ignore_missing_vnet_service_endpoint = false + } + + ip_masks = ["1.1.1.1"] +} +`, template) +} + +func testAccAzureRMServiceBusNamespaceNetworkRule_template(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-sb-%[1]d" + location = "%[2]s" +} + +resource "azurerm_servicebus_namespace" "test" { + name = "acctest-sb-namespace-%[1]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + sku = "Premium" + + capacity = 1 +} + +resource "azurerm_virtual_network" "test" { + name = "acctest-vnet-%[1]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + address_space = ["172.17.0.0/16"] + dns_servers = ["10.0.0.4", "10.0.0.5"] +} + +resource "azurerm_subnet" "test" { + name = "${azurerm_virtual_network.test.name}-default" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefix = "172.17.0.0/24" + + service_endpoints = ["Microsoft.ServiceBus"] +} +`, data.RandomInteger, data.Locations.Primary) +} + +func testAccAzureRMServiceBusNamespaceNetworkRule_requiresImport(data acceptance.TestData) string { + template := testAccAzureRMServiceBusNamespaceNetworkRule_basic(data) + return fmt.Sprintf(` +%s + +resource "azurerm_servicebus_namespace_network_rule" "import" { + namespace_name = azurerm_servicebus_namespace_network_rule.test.namespace_name + resource_group_name = azurerm_servicebus_namespace_network_rule.test.resource_group_name +} +`, template) +} diff --git a/azurerm/internal/services/servicebus/validate/namespace.go b/azurerm/internal/services/servicebus/validate/namespace.go new file mode 100644 index 000000000000..fb488f0c6909 --- /dev/null +++ b/azurerm/internal/services/servicebus/validate/namespace.go @@ -0,0 +1,38 @@ +package validate + +import ( + "fmt" + "regexp" + + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/servicebus/parse" +) + +func ServiceBusNamespaceID(i interface{}, k string) (warnings []string, errors []error) { + v, ok := i.(string) + if !ok { + errors = append(errors, fmt.Errorf("expected type of %q to be string", k)) + return + } + + if _, err := parse.ServiceBusNamespaceID(v); err != nil { + errors = append(errors, fmt.Errorf("cannot parse %q as a Service Bus Namespace ID: %+v", k, err)) + return + } + + return warnings, errors +} + +func ServiceBusNamespaceName(i interface{}, k string) (warnings []string, errors []error) { + v, ok := i.(string) + if !ok { + errors = append(errors, fmt.Errorf("expected type of %q to be string", k)) + return + } + + if matched := regexp.MustCompile("^[a-zA-Z][-a-zA-Z0-9]{0,100}[a-zA-Z0-9]$").MatchString(v); !matched { + errors = append(errors, fmt.Errorf("%q can contain only letters, numbers, and hyphens. The namespace must start with a letter, and it must end with a letter or number", k)) + return + } + + return warnings, errors +} diff --git a/azurerm/internal/services/servicebus/validate/namespace_network_rule.go b/azurerm/internal/services/servicebus/validate/namespace_network_rule.go new file mode 100644 index 000000000000..a75ebb6e4829 --- /dev/null +++ b/azurerm/internal/services/servicebus/validate/namespace_network_rule.go @@ -0,0 +1,34 @@ +package validate + +import ( + "fmt" + + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/servicebus/parse" +) + +func ServiceBusNamespaceNetworkRuleID(i interface{}, k string) (warnings []string, errors []error) { + v, ok := i.(string) + if !ok { + errors = append(errors, fmt.Errorf("expected type of %q to be string", k)) + return + } + + if _, err := parse.ServiceBusNamespaceNetworkRuleID(v); err != nil { + errors = append(errors, fmt.Errorf("cannot parse %q as a Service Bus Namespace Network Rule ID: %+v", k, err)) + return + } + + return warnings, errors +} + +func ServiceBusNamespaceNetworkRuleName(i interface{}, k string) (warnings []string, errors []error) { + _, ok := i.(string) + if !ok { + errors = append(errors, fmt.Errorf("expected type of %q to be string", k)) + return + } + + // TODO -- investigate the naming rule + + return warnings, errors +} diff --git a/website/azurerm.erb b/website/azurerm.erb index 23ac113f0ef8..d61f58f18942 100644 --- a/website/azurerm.erb +++ b/website/azurerm.erb @@ -1787,6 +1787,10 @@ azurerm_servicebus_namespace_authorization_rule +
  • + azurerm_servicebus_namespace_network_rule +
    • +
  • azurerm_servicebus_queue
    • diff --git a/website/docs/r/servicebus_namespace.html.markdown b/website/docs/r/servicebus_namespace.html.markdown index 72f44a81d3b6..f0da7e9ca3bc 100644 --- a/website/docs/r/servicebus_namespace.html.markdown +++ b/website/docs/r/servicebus_namespace.html.markdown @@ -13,13 +13,17 @@ Manages a ServiceBus Namespace. ## Example Usage ```hcl +provider "azurerm" { + features {} +} + resource "azurerm_resource_group" "example" { name = "terraform-servicebus" location = "West Europe" } resource "azurerm_servicebus_namespace" "example" { - name = "tfex_servicebus_namespace" + name = "tfex-servicebus-namespace" location = azurerm_resource_group.example.location resource_group_name = azurerm_resource_group.example.name sku = "Standard" diff --git a/website/docs/r/servicebus_namespace_network_rule.html.markdown b/website/docs/r/servicebus_namespace_network_rule.html.markdown new file mode 100644 index 000000000000..823b173f2c82 --- /dev/null +++ b/website/docs/r/servicebus_namespace_network_rule.html.markdown @@ -0,0 +1,111 @@ +--- +subcategory: "Messaging" +layout: "azurerm" +page_title: "Azure Resource Manager: azurerm_servicebus_namespace_network_rule" +description: |- + Manages a ServiceBus Namespace Network Rule. +--- + +# azurerm_servicebus_namespace_network_rule + +Manages a ServiceBus Namespace Network Rule. + +## Example Usage + +```hcl +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "example" { + name = "example-resources" + location = "West Europe" +} + +resource "azurerm_servicebus_namespace" "example" { + name = "example-sb-namespace" + location = azurerm_resource_group.example.location + resource_group_name = azurerm_resource_group.example.name + sku = "Premium" + + capacity = 1 +} + +resource "azurerm_virtual_network" "example" { + name = "example-vnet" + location = azurerm_resource_group.example.location + resource_group_name = azurerm_resource_group.example.name + address_space = ["172.17.0.0/16"] + dns_servers = ["10.0.0.4", "10.0.0.5"] +} + +resource "azurerm_subnet" "example" { + name = "default" + resource_group_name = azurerm_resource_group.example.name + virtual_network_name = azurerm_virtual_network.example.name + address_prefix = "172.17.0.0/24" + + service_endpoints = ["Microsoft.ServiceBus"] +} + +resource "azurerm_servicebus_namespace_network_rule" "example" { + namespace_name = azurerm_servicebus_namespace.example.name + resource_group_name = azurerm_resource_group.example.name + + default_action = "Deny" + + network_rules { + subnet_id = azurerm_subnet.example.id + ignore_missing_vnet_service_endpoint = false + } + + ip_masks = ["1.1.1.1"] +} +``` + +## Argument Reference + +The following arguments are supported: + +* `resource_group_name` - (Required) Specifies the name of the Resource Group where the ServiceBus Namespace Network Rule should exist. Changing this forces a new resource to be created. + +* `namespace_name` - (Required) Specifies the ServiceBus Namespace name to which to attach the ServiceBus Namespace Network Rule. Changing this forces a new resource to be created. + +~> **NOTE:** The ServiceBus Namespace must be `Premium` in order to attach a ServiceBus Namespace Network Rule. + +* `default_action` - (Optional) Specifies the default action for the ServiceBus Namespace Network Rule. Possible values are `Allow` and `Deny`. Defaults to `Deny`. + +* `ip_masks` - (Optional) A list of IP filter masks that are added to allow access to the ServiceBus Namespace. + +* `network_rules` - (Optional) One or more `network_rules` blocks defined below. + +--- + +A `network_rules` block supports the following: + +* `subnet_id` - (Required) The ID of the subnet you want to allow to access the corresponding ServiceBus Namespace. + +* `ignore_missing_vnet_service_endpoint` - (Optional) Should the ServiceBus Namespace Network Rule ignore missing Virtual Network Service Endpoint option in the Subnet? Defaults to `false`. + +## Attributes Reference + +The following attributes are exported: + +* `id` - The ID of the ServiceBus Namespace Network Rule. + +## Timeouts + +The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions: + +* `create` - (Defaults to 30 minutes) Used when creating the ServiceBus Namespace Network Rule. +* `update` - (Defaults to 30 minutes) Used when updating the ServiceBus Namespace Network Rule. +* `read` - (Defaults to 5 minutes) Used when retrieving the ServiceBus Namespace Network Rule. +* `delete` - (Defaults to 30 minutes) Used when deleting the ServiceBus Namespace Network Rule. + +## Import + +Service Bus Namespace can be imported using the `resource id`, e.g. + +```shell +terraform import azurerm_servicebus_namespace_network_rule.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Servicebus/namespaces/sbns1/networkrulesets/default +``` From be98e95cc86556f541c86e63fb96a482f6a41f27 Mon Sep 17 00:00:00 2001 From: Dapeng Zhang Date: Wed, 15 Apr 2020 11:18:42 +0800 Subject: [PATCH 2/3] Rename ip_masks -> ip_rules, azurerm_servicebus_namespace_network_rule -> azurerm_servicebus_namespace_network_rule_set --- ..._rule.go => namespace_network_rule_set.go} | 14 +++--- ....go => namespace_network_rule_set_test.go} | 6 +-- .../services/servicebus/registration.go | 2 +- ..._servicebus_namespace_network_rule_set.go} | 48 +++++++++---------- ...icebus_namespace_network_rule_set_test.go} | 32 ++++++------- .../validate/namespace_network_rule.go | 34 ------------- .../validate/namespace_network_rule_set.go | 22 +++++++++ website/azurerm.erb | 2 +- ..._namespace_network_rule_set.html.markdown} | 36 +++++++------- 9 files changed, 92 insertions(+), 104 deletions(-) rename azurerm/internal/services/servicebus/parse/{namespace_network_rule.go => namespace_network_rule_set.go} (68%) rename azurerm/internal/services/servicebus/parse/{namespace_network_rule_test.go => namespace_network_rule_set_test.go} (93%) rename azurerm/internal/services/servicebus/{resource_arm_servicebus_namespace_network_rule.go => resource_arm_servicebus_namespace_network_rule_set.go} (83%) rename azurerm/internal/services/servicebus/tests/{resource_arm_servicebus_namespace_network_rule_test.go => resource_arm_servicebus_namespace_network_rule_set_test.go} (88%) delete mode 100644 azurerm/internal/services/servicebus/validate/namespace_network_rule.go create mode 100644 azurerm/internal/services/servicebus/validate/namespace_network_rule_set.go rename website/docs/r/{servicebus_namespace_network_rule.html.markdown => servicebus_namespace_network_rule_set.html.markdown} (69%) diff --git a/azurerm/internal/services/servicebus/parse/namespace_network_rule.go b/azurerm/internal/services/servicebus/parse/namespace_network_rule_set.go similarity index 68% rename from azurerm/internal/services/servicebus/parse/namespace_network_rule.go rename to azurerm/internal/services/servicebus/parse/namespace_network_rule_set.go index 7a42aafec960..7ea545d014b5 100644 --- a/azurerm/internal/services/servicebus/parse/namespace_network_rule.go +++ b/azurerm/internal/services/servicebus/parse/namespace_network_rule_set.go @@ -6,32 +6,32 @@ import ( "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" ) -type ServiceBusNamespaceNetworkRuleId struct { +type ServiceBusNamespaceNetworkRuleSetId struct { Name string NamespaceName string ResourceGroup string } -func ServiceBusNamespaceNetworkRuleID(input string) (*ServiceBusNamespaceNetworkRuleId, error) { +func ServiceBusNamespaceNetworkRuleSetID(input string) (*ServiceBusNamespaceNetworkRuleSetId, error) { id, err := azure.ParseAzureResourceID(input) if err != nil { - return nil, fmt.Errorf("unable to parse Service Bus Namespace Network Rule ID %q: %+v", input, err) + return nil, fmt.Errorf("unable to parse Service Bus Namespace Network Rule Set ID %q: %+v", input, err) } - rule := ServiceBusNamespaceNetworkRuleId{ + rule := ServiceBusNamespaceNetworkRuleSetId{ ResourceGroup: id.ResourceGroup, } if rule.Name, err = id.PopSegment("networkrulesets"); err != nil { - return nil, fmt.Errorf("unable to parse Service Bus Namespace Network Rule ID %q: %+v", input, err) + return nil, fmt.Errorf("unable to parse Service Bus Namespace Network Rule Set ID %q: %+v", input, err) } if rule.NamespaceName, err = id.PopSegment("namespaces"); err != nil { - return nil, fmt.Errorf("unable to parse Service Bus Namespace Network Rule ID %q: %+v", input, err) + return nil, fmt.Errorf("unable to parse Service Bus Namespace Network Rule Set ID %q: %+v", input, err) } if err := id.ValidateNoEmptySegments(input); err != nil { - return nil, fmt.Errorf("unable to parse Service Bus Namespace Network Rule ID %q: %+v", input, err) + return nil, fmt.Errorf("unable to parse Service Bus Namespace Network Rule Set ID %q: %+v", input, err) } return &rule, nil diff --git a/azurerm/internal/services/servicebus/parse/namespace_network_rule_test.go b/azurerm/internal/services/servicebus/parse/namespace_network_rule_set_test.go similarity index 93% rename from azurerm/internal/services/servicebus/parse/namespace_network_rule_test.go rename to azurerm/internal/services/servicebus/parse/namespace_network_rule_set_test.go index 853513eebc60..26b099011a39 100644 --- a/azurerm/internal/services/servicebus/parse/namespace_network_rule_test.go +++ b/azurerm/internal/services/servicebus/parse/namespace_network_rule_set_test.go @@ -7,7 +7,7 @@ func TestServiceBusNamespaceNetworkRuleID(t *testing.T) { Name string Input string Error bool - Expected *ServiceBusNamespaceNetworkRuleId + Expected *ServiceBusNamespaceNetworkRuleSetId }{ { Name: "Empty", @@ -47,7 +47,7 @@ func TestServiceBusNamespaceNetworkRuleID(t *testing.T) { { Name: "Service Bus Namespace Network Rule ID", Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.ServiceBus/namespaces/namespace1/networkrulesets/default", - Expected: &ServiceBusNamespaceNetworkRuleId{ + Expected: &ServiceBusNamespaceNetworkRuleSetId{ Name: "default", NamespaceName: "namespace1", ResourceGroup: "resGroup1", @@ -63,7 +63,7 @@ func TestServiceBusNamespaceNetworkRuleID(t *testing.T) { for _, v := range testData { t.Logf("[DEBUG] Testing %q", v.Name) - actual, err := ServiceBusNamespaceNetworkRuleID(v.Input) + actual, err := ServiceBusNamespaceNetworkRuleSetID(v.Input) if err != nil { if v.Error { continue diff --git a/azurerm/internal/services/servicebus/registration.go b/azurerm/internal/services/servicebus/registration.go index e2f7bec5e7d1..71be9e539770 100644 --- a/azurerm/internal/services/servicebus/registration.go +++ b/azurerm/internal/services/servicebus/registration.go @@ -33,7 +33,7 @@ func (r Registration) SupportedResources() map[string]*schema.Resource { return map[string]*schema.Resource{ "azurerm_servicebus_namespace": resourceArmServiceBusNamespace(), "azurerm_servicebus_namespace_authorization_rule": resourceArmServiceBusNamespaceAuthorizationRule(), - "azurerm_servicebus_namespace_network_rule": resourceServiceBusNamespaceNetworkRule(), + "azurerm_servicebus_namespace_network_rule_set": resourceServiceBusNamespaceNetworkRuleSet(), "azurerm_servicebus_queue": resourceArmServiceBusQueue(), "azurerm_servicebus_queue_authorization_rule": resourceArmServiceBusQueueAuthorizationRule(), "azurerm_servicebus_subscription": resourceArmServiceBusSubscription(), diff --git a/azurerm/internal/services/servicebus/resource_arm_servicebus_namespace_network_rule.go b/azurerm/internal/services/servicebus/resource_arm_servicebus_namespace_network_rule_set.go similarity index 83% rename from azurerm/internal/services/servicebus/resource_arm_servicebus_namespace_network_rule.go rename to azurerm/internal/services/servicebus/resource_arm_servicebus_namespace_network_rule_set.go index ed707013778d..266d33d44ab7 100644 --- a/azurerm/internal/services/servicebus/resource_arm_servicebus_namespace_network_rule.go +++ b/azurerm/internal/services/servicebus/resource_arm_servicebus_namespace_network_rule_set.go @@ -21,15 +21,15 @@ import ( "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" ) -func resourceServiceBusNamespaceNetworkRule() *schema.Resource { +func resourceServiceBusNamespaceNetworkRuleSet() *schema.Resource { return &schema.Resource{ - Create: resourceServiceBusNamespaceNetworkRuleCreateUpdate, - Read: resourceServiceBusNamespaceNetworkRuleRead, - Update: resourceServiceBusNamespaceNetworkRuleCreateUpdate, - Delete: resourceServiceBusNamespaceNetworkRuleDelete, + Create: resourceServiceBusNamespaceNetworkRuleSetCreateUpdate, + Read: resourceServiceBusNamespaceNetworkRuleSetRead, + Update: resourceServiceBusNamespaceNetworkRuleSetCreateUpdate, + Delete: resourceServiceBusNamespaceNetworkRuleSetDelete, Importer: azSchema.ValidateResourceIDPriorToImport(func(id string) error { - _, err := parse.ServiceBusNamespaceNetworkRuleID(id) + _, err := parse.ServiceBusNamespaceNetworkRuleSetID(id) return err }), @@ -60,7 +60,7 @@ func resourceServiceBusNamespaceNetworkRule() *schema.Resource { }, false), }, - "ip_masks": { + "ip_rules": { Type: schema.TypeSet, Optional: true, Elem: &schema.Schema{ @@ -93,7 +93,7 @@ func resourceServiceBusNamespaceNetworkRule() *schema.Resource { } } -func resourceServiceBusNamespaceNetworkRuleCreateUpdate(d *schema.ResourceData, meta interface{}) error { +func resourceServiceBusNamespaceNetworkRuleSetCreateUpdate(d *schema.ResourceData, meta interface{}) error { client := meta.(*clients.Client).ServiceBus.NamespacesClientPreview ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d) defer cancel() @@ -105,14 +105,14 @@ func resourceServiceBusNamespaceNetworkRuleCreateUpdate(d *schema.ResourceData, existing, err := client.GetNetworkRuleSet(ctx, resourceGroup, namespaceName) if err != nil { if !utils.ResponseWasNotFound(existing.Response) { - return fmt.Errorf("failed to check for presence of existing Service Bus Namespace Network Rule (Namespace %q / Resource Group %q): %+v", namespaceName, resourceGroup, err) + return fmt.Errorf("failed to check for presence of existing Service Bus Namespace Network Rule Set (Namespace %q / Resource Group %q): %+v", namespaceName, resourceGroup, err) } } // This resource is unique to the corresponding service bus namespace. // It will be created automatically along with the namespace, therefore we check whether this resource is identical to a "deleted" one if !CheckNetworkRuleNullified(existing) { - return tf.ImportAsExistsError("azurerm_servicebus_namespace_network_rule", *existing.ID) + return tf.ImportAsExistsError("azurerm_servicebus_namespace_network_rule_set", *existing.ID) } } @@ -120,32 +120,32 @@ func resourceServiceBusNamespaceNetworkRuleCreateUpdate(d *schema.ResourceData, NetworkRuleSetProperties: &servicebus.NetworkRuleSetProperties{ DefaultAction: servicebus.DefaultAction(d.Get("default_action").(string)), VirtualNetworkRules: expandServiceBusNamespaceVirtualNetworkRules(d.Get("network_rules").(*schema.Set).List()), - IPRules: expandServiceBusNamespaceIPRules(d.Get("ip_masks").(*schema.Set).List()), + IPRules: expandServiceBusNamespaceIPRules(d.Get("ip_rules").(*schema.Set).List()), }, } if _, err := client.CreateOrUpdateNetworkRuleSet(ctx, resourceGroup, namespaceName, parameters); err != nil { - return fmt.Errorf("failed to create Service Bus Namespace Network Rule (Namespace %q / Resource Group %q): %+v", namespaceName, resourceGroup, err) + return fmt.Errorf("failed to create Service Bus Namespace Network Rule Set (Namespace %q / Resource Group %q): %+v", namespaceName, resourceGroup, err) } resp, err := client.GetNetworkRuleSet(ctx, resourceGroup, namespaceName) if err != nil { - return fmt.Errorf("failed to retrieve Service Bus Namespace Network Rule (Namespace %q / Resource Group %q): %+v", namespaceName, resourceGroup, err) + return fmt.Errorf("failed to retrieve Service Bus Namespace Network Rule Set (Namespace %q / Resource Group %q): %+v", namespaceName, resourceGroup, err) } if resp.ID == nil || *resp.ID == "" { - return fmt.Errorf("cannot read Service Bus Namespace Network Rule (Namespace %q / Resource Group %q) ID", namespaceName, resourceGroup) + return fmt.Errorf("cannot read Service Bus Namespace Network Rule Set (Namespace %q / Resource Group %q) ID", namespaceName, resourceGroup) } d.SetId(*resp.ID) - return resourceServiceBusNamespaceNetworkRuleRead(d, meta) + return resourceServiceBusNamespaceNetworkRuleSetRead(d, meta) } -func resourceServiceBusNamespaceNetworkRuleRead(d *schema.ResourceData, meta interface{}) error { +func resourceServiceBusNamespaceNetworkRuleSetRead(d *schema.ResourceData, meta interface{}) error { client := meta.(*clients.Client).ServiceBus.NamespacesClientPreview ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() - id, err := parse.ServiceBusNamespaceNetworkRuleID(d.Id()) + id, err := parse.ServiceBusNamespaceNetworkRuleSetID(d.Id()) if err != nil { return err } @@ -153,11 +153,11 @@ func resourceServiceBusNamespaceNetworkRuleRead(d *schema.ResourceData, meta int resp, err := client.GetNetworkRuleSet(ctx, id.ResourceGroup, id.NamespaceName) if err != nil { if utils.ResponseWasNotFound(resp.Response) { - log.Printf("[INFO] Service Bus Namespace Network Rule %q does not exist - removing from state", d.Id()) + log.Printf("[INFO] Service Bus Namespace Network Rule Set %q does not exist - removing from state", d.Id()) d.SetId("") return nil } - return fmt.Errorf("failed to read Service Bus Namespace Network Rule %q (Namespace %q / Resource Group %q): %+v", id.Name, id.NamespaceName, id.ResourceGroup, err) + return fmt.Errorf("failed to read Service Bus Namespace Network Rule Set %q (Namespace %q / Resource Group %q): %+v", id.Name, id.NamespaceName, id.ResourceGroup, err) } d.Set("namespace_name", id.NamespaceName) @@ -170,20 +170,20 @@ func resourceServiceBusNamespaceNetworkRuleRead(d *schema.ResourceData, meta int return fmt.Errorf("failed to set `network_rules`: %+v", err) } - if err := d.Set("ip_masks", flattenServiceBusNamespaceIPRules(props.IPRules)); err != nil { - return fmt.Errorf("failed to set `ip_masks`: %+v", err) + if err := d.Set("ip_rules", flattenServiceBusNamespaceIPRules(props.IPRules)); err != nil { + return fmt.Errorf("failed to set `ip_rules`: %+v", err) } } return nil } -func resourceServiceBusNamespaceNetworkRuleDelete(d *schema.ResourceData, meta interface{}) error { +func resourceServiceBusNamespaceNetworkRuleSetDelete(d *schema.ResourceData, meta interface{}) error { client := meta.(*clients.Client).ServiceBus.NamespacesClientPreview ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d) defer cancel() - id, err := parse.ServiceBusNamespaceNetworkRuleID(d.Id()) + id, err := parse.ServiceBusNamespaceNetworkRuleSetID(d.Id()) if err != nil { return err } @@ -198,7 +198,7 @@ func resourceServiceBusNamespaceNetworkRuleDelete(d *schema.ResourceData, meta i } if _, err := client.CreateOrUpdateNetworkRuleSet(ctx, id.ResourceGroup, id.NamespaceName, parameters); err != nil { - return fmt.Errorf("failed to delete Service Bus Namespace Network Rule %q (Namespace %q / Resource Group %q): %+v", id.Name, id.NamespaceName, id.ResourceGroup, err) + return fmt.Errorf("failed to delete Service Bus Namespace Network Rule Set %q (Namespace %q / Resource Group %q): %+v", id.Name, id.NamespaceName, id.ResourceGroup, err) } return nil diff --git a/azurerm/internal/services/servicebus/tests/resource_arm_servicebus_namespace_network_rule_test.go b/azurerm/internal/services/servicebus/tests/resource_arm_servicebus_namespace_network_rule_set_test.go similarity index 88% rename from azurerm/internal/services/servicebus/tests/resource_arm_servicebus_namespace_network_rule_test.go rename to azurerm/internal/services/servicebus/tests/resource_arm_servicebus_namespace_network_rule_set_test.go index 36e6e6812337..1fd1da172ed3 100644 --- a/azurerm/internal/services/servicebus/tests/resource_arm_servicebus_namespace_network_rule_test.go +++ b/azurerm/internal/services/servicebus/tests/resource_arm_servicebus_namespace_network_rule_set_test.go @@ -14,7 +14,7 @@ import ( ) func TestAccAzureRMServiceBusNamespaceNetworkRule_basic(t *testing.T) { - data := acceptance.BuildTestData(t, "azurerm_servicebus_namespace_network_rule", "test") + data := acceptance.BuildTestData(t, "azurerm_servicebus_namespace_network_rule_set", "test") resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acceptance.PreCheck(t) }, @@ -33,7 +33,7 @@ func TestAccAzureRMServiceBusNamespaceNetworkRule_basic(t *testing.T) { } func TestAccAzureRMServiceBusNamespaceNetworkRule_complete(t *testing.T) { - data := acceptance.BuildTestData(t, "azurerm_servicebus_namespace_network_rule", "test") + data := acceptance.BuildTestData(t, "azurerm_servicebus_namespace_network_rule_set", "test") resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acceptance.PreCheck(t) }, @@ -52,7 +52,7 @@ func TestAccAzureRMServiceBusNamespaceNetworkRule_complete(t *testing.T) { } func TestAccAzureRMServiceBusNamespaceNetworkRule_update(t *testing.T) { - data := acceptance.BuildTestData(t, "azurerm_servicebus_namespace_network_rule", "test") + data := acceptance.BuildTestData(t, "azurerm_servicebus_namespace_network_rule_set", "test") resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acceptance.PreCheck(t) }, @@ -85,7 +85,7 @@ func TestAccAzureRMServiceBusNamespaceNetworkRule_update(t *testing.T) { } func TestAccAzureRMServiceBusNamespaceNetworkRule_requiresImport(t *testing.T) { - data := acceptance.BuildTestData(t, "azurerm_servicebus_namespace_network_rule", "test") + data := acceptance.BuildTestData(t, "azurerm_servicebus_namespace_network_rule_set", "test") resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acceptance.PreCheck(t) }, @@ -110,17 +110,17 @@ func testCheckAzureRMServiceBusNamespaceNetworkRuleExists(resourceName string) r rs, ok := s.RootModule().Resources[resourceName] if !ok { - return fmt.Errorf("Service Bus Namespace Network Rule not found: %s", resourceName) + return fmt.Errorf("Service Bus Namespace Network Rule Set not found: %s", resourceName) } - id, err := parse.ServiceBusNamespaceNetworkRuleID(rs.Primary.ID) + id, err := parse.ServiceBusNamespaceNetworkRuleSetID(rs.Primary.ID) if err != nil { return err } if resp, err := client.GetNetworkRuleSet(ctx, id.ResourceGroup, id.NamespaceName); err != nil { if utils.ResponseWasNotFound(resp.Response) { - return fmt.Errorf("Service Bus Namespace Network Rule (Namespace %q / Resource Group %q) does not exist", id.NamespaceName, id.ResourceGroup) + return fmt.Errorf("Service Bus Namespace Network Rule Set (Namespace %q / Resource Group %q) does not exist", id.NamespaceName, id.ResourceGroup) } return fmt.Errorf("failed to GetNetworkRuleSet on ServiceBus.NamespacesClientPreview: %+v", err) } @@ -134,11 +134,11 @@ func testCheckAzureRMServiceBusNamespaceNetworkRuleDestroy(s *terraform.State) e ctx := acceptance.AzureProvider.Meta().(*clients.Client).StopContext for _, rs := range s.RootModule().Resources { - if rs.Type != "azurerm_servicebus_namespace_network_rule" { + if rs.Type != "azurerm_servicebus_namespace_network_rule_set" { continue } - id, err := parse.ServiceBusNamespaceNetworkRuleID(rs.Primary.ID) + id, err := parse.ServiceBusNamespaceNetworkRuleSetID(rs.Primary.ID) if err != nil { return err } @@ -153,7 +153,7 @@ func testCheckAzureRMServiceBusNamespaceNetworkRuleDestroy(s *terraform.State) e } if !servicebus.CheckNetworkRuleNullified(resp) { - return fmt.Errorf("the Service Bus Namespace Network Rule (Namespace %q / Resource Group %q) still exists", id.NamespaceName, id.ResourceGroup) + return fmt.Errorf("the Service Bus Namespace Network Rule Set (Namespace %q / Resource Group %q) still exists", id.NamespaceName, id.ResourceGroup) } } @@ -165,7 +165,7 @@ func testAccAzureRMServiceBusNamespaceNetworkRule_basic(data acceptance.TestData return fmt.Sprintf(` %s -resource "azurerm_servicebus_namespace_network_rule" "test" { +resource "azurerm_servicebus_namespace_network_rule_set" "test" { namespace_name = azurerm_servicebus_namespace.test.name resource_group_name = azurerm_resource_group.test.name @@ -184,7 +184,7 @@ func testAccAzureRMServiceBusNamespaceNetworkRule_complete(data acceptance.TestD return fmt.Sprintf(` %s -resource "azurerm_servicebus_namespace_network_rule" "test" { +resource "azurerm_servicebus_namespace_network_rule_set" "test" { namespace_name = azurerm_servicebus_namespace.test.name resource_group_name = azurerm_resource_group.test.name @@ -195,7 +195,7 @@ resource "azurerm_servicebus_namespace_network_rule" "test" { ignore_missing_vnet_service_endpoint = false } - ip_masks = ["1.1.1.1"] + ip_rules = ["1.1.1.1"] } `, template) } @@ -244,9 +244,9 @@ func testAccAzureRMServiceBusNamespaceNetworkRule_requiresImport(data acceptance return fmt.Sprintf(` %s -resource "azurerm_servicebus_namespace_network_rule" "import" { - namespace_name = azurerm_servicebus_namespace_network_rule.test.namespace_name - resource_group_name = azurerm_servicebus_namespace_network_rule.test.resource_group_name +resource "azurerm_servicebus_namespace_network_rule_set" "import" { + namespace_name = azurerm_servicebus_namespace_network_rule_set.test.namespace_name + resource_group_name = azurerm_servicebus_namespace_network_rule_set.test.resource_group_name } `, template) } diff --git a/azurerm/internal/services/servicebus/validate/namespace_network_rule.go b/azurerm/internal/services/servicebus/validate/namespace_network_rule.go deleted file mode 100644 index a75ebb6e4829..000000000000 --- a/azurerm/internal/services/servicebus/validate/namespace_network_rule.go +++ /dev/null @@ -1,34 +0,0 @@ -package validate - -import ( - "fmt" - - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/servicebus/parse" -) - -func ServiceBusNamespaceNetworkRuleID(i interface{}, k string) (warnings []string, errors []error) { - v, ok := i.(string) - if !ok { - errors = append(errors, fmt.Errorf("expected type of %q to be string", k)) - return - } - - if _, err := parse.ServiceBusNamespaceNetworkRuleID(v); err != nil { - errors = append(errors, fmt.Errorf("cannot parse %q as a Service Bus Namespace Network Rule ID: %+v", k, err)) - return - } - - return warnings, errors -} - -func ServiceBusNamespaceNetworkRuleName(i interface{}, k string) (warnings []string, errors []error) { - _, ok := i.(string) - if !ok { - errors = append(errors, fmt.Errorf("expected type of %q to be string", k)) - return - } - - // TODO -- investigate the naming rule - - return warnings, errors -} diff --git a/azurerm/internal/services/servicebus/validate/namespace_network_rule_set.go b/azurerm/internal/services/servicebus/validate/namespace_network_rule_set.go new file mode 100644 index 000000000000..5c7700a4802e --- /dev/null +++ b/azurerm/internal/services/servicebus/validate/namespace_network_rule_set.go @@ -0,0 +1,22 @@ +package validate + +import ( + "fmt" + + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/servicebus/parse" +) + +func ServiceBusNamespaceNetworkRuleSetID(i interface{}, k string) (warnings []string, errors []error) { + v, ok := i.(string) + if !ok { + errors = append(errors, fmt.Errorf("expected type of %q to be string", k)) + return + } + + if _, err := parse.ServiceBusNamespaceNetworkRuleSetID(v); err != nil { + errors = append(errors, fmt.Errorf("cannot parse %q as a Service Bus Namespace Network Rule Set ID: %+v", k, err)) + return + } + + return warnings, errors +} diff --git a/website/azurerm.erb b/website/azurerm.erb index d61f58f18942..5a2c9495b5ea 100644 --- a/website/azurerm.erb +++ b/website/azurerm.erb @@ -1788,7 +1788,7 @@
  • - azurerm_servicebus_namespace_network_rule + azurerm_servicebus_namespace_network_rule_set
  • diff --git a/website/docs/r/servicebus_namespace_network_rule.html.markdown b/website/docs/r/servicebus_namespace_network_rule_set.html.markdown similarity index 69% rename from website/docs/r/servicebus_namespace_network_rule.html.markdown rename to website/docs/r/servicebus_namespace_network_rule_set.html.markdown index 823b173f2c82..921739bd499e 100644 --- a/website/docs/r/servicebus_namespace_network_rule.html.markdown +++ b/website/docs/r/servicebus_namespace_network_rule_set.html.markdown @@ -1,14 +1,14 @@ --- subcategory: "Messaging" layout: "azurerm" -page_title: "Azure Resource Manager: azurerm_servicebus_namespace_network_rule" +page_title: "Azure Resource Manager: azurerm_servicebus_namespace_network_rule_set" description: |- - Manages a ServiceBus Namespace Network Rule. + Manages a ServiceBus Namespace Network Rule Set Set. --- -# azurerm_servicebus_namespace_network_rule +# azurerm_servicebus_namespace_network_rule_set -Manages a ServiceBus Namespace Network Rule. +Manages a ServiceBus Namespace Network Rule Set Set. ## Example Usage @@ -48,7 +48,7 @@ resource "azurerm_subnet" "example" { service_endpoints = ["Microsoft.ServiceBus"] } -resource "azurerm_servicebus_namespace_network_rule" "example" { +resource "azurerm_servicebus_namespace_network_rule_set" "example" { namespace_name = azurerm_servicebus_namespace.example.name resource_group_name = azurerm_resource_group.example.name @@ -59,7 +59,7 @@ resource "azurerm_servicebus_namespace_network_rule" "example" { ignore_missing_vnet_service_endpoint = false } - ip_masks = ["1.1.1.1"] + ip_rules = ["1.1.1.1"] } ``` @@ -67,15 +67,15 @@ resource "azurerm_servicebus_namespace_network_rule" "example" { The following arguments are supported: -* `resource_group_name` - (Required) Specifies the name of the Resource Group where the ServiceBus Namespace Network Rule should exist. Changing this forces a new resource to be created. +* `resource_group_name` - (Required) Specifies the name of the Resource Group where the ServiceBus Namespace Network Rule Set should exist. Changing this forces a new resource to be created. -* `namespace_name` - (Required) Specifies the ServiceBus Namespace name to which to attach the ServiceBus Namespace Network Rule. Changing this forces a new resource to be created. +* `namespace_name` - (Required) Specifies the ServiceBus Namespace name to which to attach the ServiceBus Namespace Network Rule Set. Changing this forces a new resource to be created. -~> **NOTE:** The ServiceBus Namespace must be `Premium` in order to attach a ServiceBus Namespace Network Rule. +~> **NOTE:** The ServiceBus Namespace must be `Premium` in order to attach a ServiceBus Namespace Network Rule Set. -* `default_action` - (Optional) Specifies the default action for the ServiceBus Namespace Network Rule. Possible values are `Allow` and `Deny`. Defaults to `Deny`. +* `default_action` - (Optional) Specifies the default action for the ServiceBus Namespace Network Rule Set. Possible values are `Allow` and `Deny`. Defaults to `Deny`. -* `ip_masks` - (Optional) A list of IP filter masks that are added to allow access to the ServiceBus Namespace. +* `ip_rules` - (Optional) A list of IP filter masks that are added to allow access to the ServiceBus Namespace. * `network_rules` - (Optional) One or more `network_rules` blocks defined below. @@ -85,27 +85,27 @@ A `network_rules` block supports the following: * `subnet_id` - (Required) The ID of the subnet you want to allow to access the corresponding ServiceBus Namespace. -* `ignore_missing_vnet_service_endpoint` - (Optional) Should the ServiceBus Namespace Network Rule ignore missing Virtual Network Service Endpoint option in the Subnet? Defaults to `false`. +* `ignore_missing_vnet_service_endpoint` - (Optional) Should the ServiceBus Namespace Network Rule Set ignore missing Virtual Network Service Endpoint option in the Subnet? Defaults to `false`. ## Attributes Reference The following attributes are exported: -* `id` - The ID of the ServiceBus Namespace Network Rule. +* `id` - The ID of the ServiceBus Namespace Network Rule Set. ## Timeouts The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions: -* `create` - (Defaults to 30 minutes) Used when creating the ServiceBus Namespace Network Rule. -* `update` - (Defaults to 30 minutes) Used when updating the ServiceBus Namespace Network Rule. -* `read` - (Defaults to 5 minutes) Used when retrieving the ServiceBus Namespace Network Rule. -* `delete` - (Defaults to 30 minutes) Used when deleting the ServiceBus Namespace Network Rule. +* `create` - (Defaults to 30 minutes) Used when creating the ServiceBus Namespace Network Rule Set. +* `update` - (Defaults to 30 minutes) Used when updating the ServiceBus Namespace Network Rule Set. +* `read` - (Defaults to 5 minutes) Used when retrieving the ServiceBus Namespace Network Rule Set. +* `delete` - (Defaults to 30 minutes) Used when deleting the ServiceBus Namespace Network Rule Set. ## Import Service Bus Namespace can be imported using the `resource id`, e.g. ```shell -terraform import azurerm_servicebus_namespace_network_rule.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Servicebus/namespaces/sbns1/networkrulesets/default +terraform import azurerm_servicebus_namespace_network_rule_set.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Servicebus/namespaces/sbns1/networkrulesets/default ``` From 43b69c89bbe5360c5f1dd0373347509666923c96 Mon Sep 17 00:00:00 2001 From: Dapeng Zhang Date: Thu, 16 Apr 2020 12:22:28 +0800 Subject: [PATCH 3/3] Resolve comments --- .../r/servicebus_namespace_network_rule_set.html.markdown | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/website/docs/r/servicebus_namespace_network_rule_set.html.markdown b/website/docs/r/servicebus_namespace_network_rule_set.html.markdown index 921739bd499e..f83b0eb908b2 100644 --- a/website/docs/r/servicebus_namespace_network_rule_set.html.markdown +++ b/website/docs/r/servicebus_namespace_network_rule_set.html.markdown @@ -75,15 +75,15 @@ The following arguments are supported: * `default_action` - (Optional) Specifies the default action for the ServiceBus Namespace Network Rule Set. Possible values are `Allow` and `Deny`. Defaults to `Deny`. -* `ip_rules` - (Optional) A list of IP filter masks that are added to allow access to the ServiceBus Namespace. +* `ip_rules` - (Optional) One or more IP Addresses, or CIDR Blocks which should be able to access the ServiceBus Namespace. -* `network_rules` - (Optional) One or more `network_rules` blocks defined below. +* `network_rules` - (Optional) One or more `network_rules` blocks as defined below. --- A `network_rules` block supports the following: -* `subnet_id` - (Required) The ID of the subnet you want to allow to access the corresponding ServiceBus Namespace. +* `subnet_id` - (Required) The Subnet ID which should be able to access this ServiceBus Namespace. * `ignore_missing_vnet_service_endpoint` - (Optional) Should the ServiceBus Namespace Network Rule Set ignore missing Virtual Network Service Endpoint option in the Subnet? Defaults to `false`.