azurerm_ip_group - support for firewall_ids, firewall_policy_ids

[sponte]

Resolves #19843

PS: If accepted and merged, could this be released into v2.99? The reason for the ask is that we use Azure CAF for landing zones and CAF is still using v2 of the provider.

[sponte]

Hello, I noticed one of the checks is failing due to using d.Get in the delete function - what is the alternative? to query the API to get the information required i.e. in this case to get the list of linked firewalls and firewall policies?

[sponte]

Judging by the firewall example, one needs to query the API as suspected. will refactor

[sponte]

Refactored

[katbyte]

Thanks @sponte - just need to add the properties to the docs and i think we're good to merge!

[sponte]

Hey @katbyte - how would we go about releasing this into v2 if at all possible?

[sponte]

Hello, gentle nudge. Is there anything else required to progress this PR?

[katbyte]

Thanks @sponte - i'm sorry i missed this on my first review but exported (computed only) properties should only be lists (otherwise you need to know the hash)

As for porting it back to 2.x we try not to do so and encourage people to update to the latest version of the provider. Is there a reason you cannot upgrade?

[sponte]

Hello @katbyte, I addressed the type comments.

With regards to v2 - I completely understand where you're coming from. The reason for the ask, is that we use Microsoft's Azure CAF framework which is pinned to ~> 2.99 version in https://github.com/aztfmod/terraform-azurerm-caf/blob/main/main.tf - the v3 upgrade is on the roadmap for the project but it is a substantial amount of work and is likely not going to be available for a considerable amount of time.

The fix proposed in this PR would go a long way to help with v2.x deployments, especially for people in the similar situation to ours.

Hope it makes sense and is not too big of an ask.

Thank you,
Stan Wozniak

[katbyte]

@sponte - you are also going to need to update the handling of the properties expand/flatter:

Test ended in panic.

------- Stdout: -------
=== RUN   TestAccFirewallPolicy_completePremium
=== PAUSE TestAccFirewallPolicy_completePremium
=== CONT  TestAccFirewallPolicy_completePremium

------- Stderr: -------
panic: interface conversion: interface {} is []interface {}, not *schema.Set

goroutine 520 [running]:
github.com/hashicorp/terraform-provider-azurerm/internal/services/network.resourceIpGroupCreateUpdate(0xc000323400, {0x5ddac40?, 0xc002d38800})
	/opt/teamcity-agent/work/5e6516bb4d10eb66/internal/services/network/ip_group_resource.go:91 +0x12d5

[sponte]

Hey @katbyte , apologies, I didn't run the tests before submitting last change. I have now ran the following two tests and here are their outputs:

ARM_TEST_LOCATION_ALT2=uksouth ARM_TEST_LOCATION_ALT=uksouth ARM_TEST_LOCATION=uksouth TF_ACC=true go test -v github.com/hashicorp/terraform-provider-azurerm/internal/services/firewall -run TestAccFirewallPolicy_completePremium
=== RUN   TestAccFirewallPolicy_completePremium
=== PAUSE TestAccFirewallPolicy_completePremium
=== CONT  TestAccFirewallPolicy_completePremium
--- PASS: TestAccFirewallPolicy_completePremium (475.19s)
PASS
ok      github.com/hashicorp/terraform-provider-azurerm/internal/services/firewall      476.490s

and

ARM_TEST_LOCATION_ALT2=uksouth ARM_TEST_LOCATION_ALT=uksouth ARM_TEST_LOCATION=uksouth TF_ACC=true go test -v github.com/hashicorp/terraform-provider-azurerm/internal/services/network -run TestAccIpGroup_updateWithAttachedPolicy  -timeout 126m
=== RUN   TestAccIpGroup_updateWithAttachedPolicy
=== PAUSE TestAccIpGroup_updateWithAttachedPolicy
=== CONT  TestAccIpGroup_updateWithAttachedPolicy
--- PASS: TestAccIpGroup_updateWithAttachedPolicy (1651.22s)
PASS
ok      github.com/hashicorp/terraform-provider-azurerm/internal/services/network       1652.559s

[katbyte]

No worried @sponte - tests pass now and LGTM 🔐

[github-actions]

This functionality has been released in v3.40.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[sponte]

Excellent, thank you for merging @katbyte.

I wanted to follow up on the v2 release? Would this be possible? Do you need me to do anything to help with that?

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.