From 338307d7a8d030a4a7eb3abb850c45003d4b8a49 Mon Sep 17 00:00:00 2001 From: kt Date: Fri, 26 Jun 2020 18:37:09 -0700 Subject: [PATCH] refactor: cleanup some property names (#7499) --- ...entinel_alert_rule_ms_security_incident.go | 30 +++++++++++--- ...el_alert_rule_ms_security_incident_test.go | 2 +- .../web/app_service_environment_resource.go | 40 ++++++++++++++----- .../app_service_environment_resource_test.go | 2 +- .../r/app_service_environment.html.markdown | 6 +-- .../docs/r/blueprint_assignment.html.markdown | 2 +- ...rt_rule_ms_security_incident.html.markdown | 2 +- 7 files changed, 62 insertions(+), 22 deletions(-) diff --git a/azurerm/internal/services/sentinel/resource_arm_sentinel_alert_rule_ms_security_incident.go b/azurerm/internal/services/sentinel/resource_arm_sentinel_alert_rule_ms_security_incident.go index 2a540ffa271e0..e7d63cbaf1af4 100644 --- a/azurerm/internal/services/sentinel/resource_arm_sentinel_alert_rule_ms_security_incident.go +++ b/azurerm/internal/services/sentinel/resource_arm_sentinel_alert_rule_ms_security_incident.go @@ -97,10 +97,25 @@ func resourceArmSentinelAlertRuleMsSecurityIncident() *schema.Resource { Default: true, }, + "display_name_filter": { + Type: schema.TypeSet, + Optional: true, + Computed: true, // remove in 3.0 + MinItems: 1, + ConflictsWith: []string{"text_whitelist"}, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringIsNotEmpty, + }, + }, + "text_whitelist": { - Type: schema.TypeSet, - Optional: true, - MinItems: 1, + Type: schema.TypeSet, + Optional: true, + Computed: true, // remove in 3.0 + MinItems: 1, + ConflictsWith: []string{"display_name_filter"}, + Deprecated: "this property has been renamed to display_name_filter to better match the SDK & API", Elem: &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringIsNotEmpty, @@ -146,8 +161,10 @@ func resourceArmSentinelAlertRuleMsSecurityIncidentCreateUpdate(d *schema.Resour }, } - if whitelist, ok := d.GetOk("text_whitelist"); ok { - param.DisplayNamesFilter = utils.ExpandStringSlice(whitelist.(*schema.Set).List()) + if dnf, ok := d.GetOk("display_name_filter"); ok { + param.DisplayNamesFilter = utils.ExpandStringSlice(dnf.(*schema.Set).List()) + } else if dnf, ok := d.GetOk("text_whitelist"); ok { + param.DisplayNamesFilter = utils.ExpandStringSlice(dnf.(*schema.Set).List()) } // Service avoid concurrent update of this resource via checking the "etag" to guarantee it is the same value as last Read. @@ -223,6 +240,9 @@ func resourceArmSentinelAlertRuleMsSecurityIncidentRead(d *schema.ResourceData, if err := d.Set("text_whitelist", utils.FlattenStringSlice(prop.DisplayNamesFilter)); err != nil { return fmt.Errorf(`setting "text_whitelist": %+v`, err) } + if err := d.Set("display_name_filter", utils.FlattenStringSlice(prop.DisplayNamesFilter)); err != nil { + return fmt.Errorf(`setting "display_name_filter": %+v`, err) + } if err := d.Set("severity_filter", flattenAlertRuleMsSecurityIncidentSeverityFilter(prop.SeveritiesFilter)); err != nil { return fmt.Errorf(`setting "severity_filter": %+v`, err) } diff --git a/azurerm/internal/services/sentinel/tests/resource_arm_sentinel_alert_rule_ms_security_incident_test.go b/azurerm/internal/services/sentinel/tests/resource_arm_sentinel_alert_rule_ms_security_incident_test.go index 4ccffb66fb645..eadbf2d94c659 100644 --- a/azurerm/internal/services/sentinel/tests/resource_arm_sentinel_alert_rule_ms_security_incident_test.go +++ b/azurerm/internal/services/sentinel/tests/resource_arm_sentinel_alert_rule_ms_security_incident_test.go @@ -181,7 +181,7 @@ resource "azurerm_sentinel_alert_rule_ms_security_incident" "test" { display_name = "updated rule" severity_filter = ["High", "Low"] description = "this is a alert rule" - text_whitelist = ["alert"] + display_name_filter = ["alert"] } `, template, data.RandomInteger) } diff --git a/azurerm/internal/services/web/app_service_environment_resource.go b/azurerm/internal/services/web/app_service_environment_resource.go index e55d689975e4a..5e4a571f37cbf 100644 --- a/azurerm/internal/services/web/app_service_environment_resource.go +++ b/azurerm/internal/services/web/app_service_environment_resource.go @@ -93,9 +93,23 @@ func resourceArmAppServiceEnvironment() *schema.Resource { }, false), }, + "allowed_user_ip_cidrs": { + Type: schema.TypeSet, + Optional: true, + Computed: true, // remove in 3.0 + ConflictsWith: []string{"user_whitelisted_ip_ranges"}, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: helpersValidate.CIDR, + }, + }, + "user_whitelisted_ip_ranges": { - Type: schema.TypeSet, - Optional: true, + Type: schema.TypeSet, + Optional: true, + Computed: true, // remove in 3.0 + ConflictsWith: []string{"allowed_user_ip_cidrs"}, + Deprecated: "this property has been renamed to `allowed_user_ip_cidrs` better reflect the expected ip range format", Elem: &schema.Schema{ Type: schema.TypeString, ValidateFunc: helpersValidate.CIDR, @@ -126,6 +140,9 @@ func resourceArmAppServiceEnvironmentCreate(d *schema.ResourceData, meta interfa internalLoadBalancingMode := d.Get("internal_load_balancing_mode").(string) t := d.Get("tags").(map[string]interface{}) userWhitelistedIPRangesRaw := d.Get("user_whitelisted_ip_ranges").(*schema.Set).List() + if v, ok := d.GetOk("allowed_user_ip_cidrs"); ok { + userWhitelistedIPRangesRaw = v.(*schema.Set).List() + } subnetId := d.Get("subnet_id").(string) subnet, err := networkParse.SubnetID(subnetId) @@ -222,32 +239,34 @@ func resourceArmAppServiceEnvironmentUpdate(d *schema.ResourceData, meta interfa return err } - environment := web.AppServiceEnvironmentPatchResource{ + e := web.AppServiceEnvironmentPatchResource{ AppServiceEnvironment: &web.AppServiceEnvironment{}, } if d.HasChange("internal_load_balancing_mode") { v := d.Get("internal_load_balancing_mode").(string) - environment.AppServiceEnvironment.InternalLoadBalancingMode = web.InternalLoadBalancingMode(v) + e.AppServiceEnvironment.InternalLoadBalancingMode = web.InternalLoadBalancingMode(v) } if d.HasChange("front_end_scale_factor") { v := d.Get("front_end_scale_factor").(int) - environment.AppServiceEnvironment.FrontEndScaleFactor = utils.Int32(int32(v)) + e.AppServiceEnvironment.FrontEndScaleFactor = utils.Int32(int32(v)) } if d.HasChange("pricing_tier") { v := d.Get("pricing_tier").(string) v = convertFromIsolatedSKU(v) - environment.AppServiceEnvironment.MultiSize = utils.String(v) + e.AppServiceEnvironment.MultiSize = utils.String(v) } - if d.HasChange("user_whitelisted_ip_ranges") { - v := d.Get("user_whitelisted_ip_ranges").(*schema.Set).List() - environment.UserWhitelistedIPRanges = utils.ExpandStringSlice(v) + if d.HasChanges("user_whitelisted_ip_ranges", "allowed_user_ip_cidrs") { + e.UserWhitelistedIPRanges = utils.ExpandStringSlice(d.Get("user_whitelisted_ip_ranges").(*schema.Set).List()) + if v, ok := d.GetOk("user_whitelisted_ip_ranges"); ok { + e.UserWhitelistedIPRanges = utils.ExpandStringSlice(v.(*schema.Set).List()) + } } - if _, err := client.Update(ctx, id.ResourceGroup, id.Name, environment); err != nil { + if _, err := client.Update(ctx, id.ResourceGroup, id.Name, e); err != nil { return fmt.Errorf("Error updating App Service Environment %q (Resource Group %q): %+v", id.Name, id.ResourceGroup, err) } @@ -306,6 +325,7 @@ func resourceArmAppServiceEnvironmentRead(d *schema.ResourceData, meta interface } d.Set("pricing_tier", pricingTier) d.Set("user_whitelisted_ip_ranges", props.UserWhitelistedIPRanges) + d.Set("allowed_user_ip_cidrs", props.UserWhitelistedIPRanges) } return tags.FlattenAndSet(d, existing.Tags) diff --git a/azurerm/internal/services/web/tests/app_service_environment_resource_test.go b/azurerm/internal/services/web/tests/app_service_environment_resource_test.go index 94b5714674609..33d42cd462807 100644 --- a/azurerm/internal/services/web/tests/app_service_environment_resource_test.go +++ b/azurerm/internal/services/web/tests/app_service_environment_resource_test.go @@ -411,7 +411,7 @@ resource "azurerm_app_service_environment" "test" { pricing_tier = "I1" front_end_scale_factor = 5 internal_load_balancing_mode = "Web, Publishing" - user_whitelisted_ip_ranges = ["11.22.33.44/32", "55.66.77.0/24"] + allowed_user_ip_cidrs = ["11.22.33.44/32", "55.66.77.0/24"] } `, template, data.RandomInteger) } diff --git a/website/docs/r/app_service_environment.html.markdown b/website/docs/r/app_service_environment.html.markdown index 5b3a7b5a2446a..d884f70738b22 100644 --- a/website/docs/r/app_service_environment.html.markdown +++ b/website/docs/r/app_service_environment.html.markdown @@ -46,7 +46,7 @@ resource "azurerm_app_service_environment" "example" { pricing_tier = "I2" front_end_scale_factor = 10 internal_load_balancing_mode = "Web, Publishing" - user_whitelisted_ip_ranges = ["11.22.33.44/32", "55.66.77.0/24"] + allowed_user_ip_cidrs = ["11.22.33.44/32", "55.66.77.0/24"] } ``` @@ -65,9 +65,9 @@ resource "azurerm_app_service_environment" "example" { * `front_end_scale_factor` - (Optional) Scale factor for front end instances. Possible values are between `5` and `15`. Defaults to `15`. -* `user_whitelisted_ip_ranges` - (Optional) User added IP ranges to whitelist on ASE db. Use the addresses you want to set as the explicit egress address ranges. Use CIDR format. +* `allowed_user_ip_cidrs` - (Optional) Allowed user added IP ranges on the ASE database. Use the addresses you want to set as the explicit egress address ranges. -~> **NOTE:** `user_whitelisted_ip_ranges` The addresses that will be used for all outbound traffic from your App Service Environment to the internet to avoid asymmetric routing challenge. If you're routing the traffic on premises, these addresses are your NATs or gateway IPs. If you want to route the App Service Environment outbound traffic through an NVA, the egress address is the public IP of the NVA. Please visit [Create your ASE with the egress addresses](https://docs.microsoft.com/en-us/azure/app-service/environment/forced-tunnel-support#add-your-own-ips-to-the-ase-azure-sql-firewall) +~> **NOTE:** `allowed_user_ip_cidrs` The addresses that will be used for all outbound traffic from your App Service Environment to the internet to avoid asymmetric routing challenge. If you're routing the traffic on premises, these addresses are your NATs or gateway IPs. If you want to route the App Service Environment outbound traffic through an NVA, the egress address is the public IP of the NVA. Please visit [Create your ASE with the egress addresses](https://docs.microsoft.com/en-us/azure/app-service/environment/forced-tunnel-support#add-your-own-ips-to-the-ase-azure-sql-firewall) * `resource_group_name` - (Optional) The name of the Resource Group where the App Service Environment exists. Defaults to the Resource Group of the Subnet (specified by `subnet_id`). diff --git a/website/docs/r/blueprint_assignment.html.markdown b/website/docs/r/blueprint_assignment.html.markdown index f2046a0c73ef1..0055a87146c5d 100644 --- a/website/docs/r/blueprint_assignment.html.markdown +++ b/website/docs/r/blueprint_assignment.html.markdown @@ -162,4 +162,4 @@ Azure Blueprint Assignments can be imported using the `resource id`, e.g. ```shell terraform import azurerm_blueprint_assignment.example "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint" -``` \ No newline at end of file +``` diff --git a/website/docs/r/sentinel_alert_rule_ms_security_incident.html.markdown b/website/docs/r/sentinel_alert_rule_ms_security_incident.html.markdown index a6727975d7867..d2abd030b5108 100644 --- a/website/docs/r/sentinel_alert_rule_ms_security_incident.html.markdown +++ b/website/docs/r/sentinel_alert_rule_ms_security_incident.html.markdown @@ -60,7 +60,7 @@ The following arguments are supported: * `enabled` - (Optional) Should this Sentinel MS Security Incident Alert Rule be enabled? Defaults to `true`. -* `text_whitelist` - (Optional) Only create incidents from alerts when alert name contain text in this list. No filter will happen if this field is absent. +* `display_name_filter` - (Optional) Only create incidents when the alert display name contain text from this list, leave empty to apply no filter. ## Attributes Reference