New Resouce azurerm_network_manager_deployment
#20451
Conversation
…m into network_manager_commit
There was a problem hiding this comment.
hey @teowa
Thanks for this PR.
Taking a look through here it appears this resource has a 1:1 relationship with Network Manager and as such should be embedded within that resource, rather than being a separate resource (potentially as two blocks/fields for connectivity and security_admin), which would also mean that we could remove the flag from the features block.
Would you be able to take a look into supporting this functionality within the azurerm_network_manager resource instead?
Thanks!
| "network_manager_id": { | ||
| Type: pluginsdk.TypeString, | ||
| Required: true, | ||
| ValidateFunc: validate.NetworkManagerID, | ||
| }, | ||
|
|
||
| "location": commonschema.Location(), | ||
|
|
||
| "scope_access": { | ||
| Type: pluginsdk.TypeString, | ||
| Required: true, | ||
| ValidateFunc: validation.StringInSlice([]string{ | ||
| string(network.ConfigurationTypeConnectivity), | ||
| string(network.ConfigurationTypeSecurityAdmin), | ||
| }, false), | ||
| }, | ||
|
|
||
| "configuration_ids": { | ||
| Type: pluginsdk.TypeList, | ||
| Required: true, | ||
| Elem: &pluginsdk.Schema{ | ||
| Type: pluginsdk.TypeString, | ||
| ValidateFunc: validation.StringIsNotEmpty, | ||
| }, |
There was a problem hiding this comment.
since this resource is 1:1 with the Network Manager, this should be embedded within the Network Manager resource as blocks rather than being a separate resource - presumably with one for connectivity and one for security_admin - which also removes the need for the flag within the features block, can we update this?
There was a problem hiding this comment.
A Network Manager can have more than one commit. Actually the commit is used to deploy specfic type of configuration to specific location follow a goal state model, so we design the ID format to be like /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1/providers/Microsoft.Network/networkManagers/networkManager1/commit|eastus|Connectivity. From Portal:
There was a problem hiding this comment.
wouldn't that just mean you allow multiple commit blocks in the network manager resource then?
There was a problem hiding this comment.
The dependency is that Commit depends on the Configurations, Configurations depends on Network Manager, and a Commit can contains more than one Configurations. An example is like:
resource "azurerm_network_manager" "test" {
name = "acctest-nm"
resource_group_name = azurerm_resource_group.test.name
}
resource "azurerm_network_manager_connectivity_configuration" "test" {
name = "acctest-nmcc"
network_manager_id = azurerm_network_manager.test.id
}
resource "azurerm_network_manager_commit" "test" {
network_manager_id = azurerm_network_manager.test.id
location = "eastus"
scope_access = "Connectivity"
configuration_ids = [azurerm_network_manager_connectivity_configuration.test.id]
}Allowing commits as blocks in the Network Manager will lead to cycle import.
There was a problem hiding this comment.
@teowa per the link above, it appears that the Goal State Model is contrary to how Terraform Resources are expected to work - since at the end of the terraform apply the resource has to be in a fully provisioned/stable state - so the question becomes how does this resource make sense in Terraform?
There was a problem hiding this comment.
@katbyte , from the doc, Security admin rules are evaluated before network security rules. And I have also confirmed with service team that Network Manager will NOT touch NSGs. They are in different layers.
As for possible conflict with peering resource, can we addnotes in the provider docs, if users don't config Network Peering and Network Manger Commit together, (they can also do this if they know how the Network Manager scope works), conflict can be avoid in their config file. Per above, I think no computed or ignore_changes needs to be added. Is this OK?
There was a problem hiding this comment.
from the docs there, it seems like it starts an "eventually consistent" deployment. how do we, terraform, know when that is completed/done given there is nothign to poll on an ensure the create finished at the same time all these deployments finish?
There was a problem hiding this comment.
We can retrieve the deployment status from another API, a state.WaitForStateContext is added at https://github.com/hashicorp/terraform-provider-azurerm/pull/20451/files#diff-f7faa7358d61518bec904e6d50a8453bf5220356bdae2d40b01027c61babfabeR245, we will wait until the create /update and delete get fully finished.
There was a problem hiding this comment.
please continue to review this, thanks.
|
temp close this, please merge #20840 before this one. |
…m into network_manager_commit
|
Hi, is there any update on this? |
|
|
Hi @manicminer, thanks for reviewing this. I have changed code per review comment, please kindly take another look. |
teowa
changed the title
azurerm_network_manager_commitazurerm_network_manager_deployment
internal/services/network/network_manager_deployment_resource.go
Outdated
Show resolved
Hide resolved
…m into network_manager_commit
|
|
There was a problem hiding this comment.
Many thanks for making the changes @teowa, this looks good to merge.
|
This functionality has been released in v3.56.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
This is a special resouce with POST API to CRUD.
Reference:
Test: