Update azurerm_security_center_subscription_pricing (#8549)

hashicorp · Oct 6, 2020 · c813398 · c813398
1 parent 0d0093a
commit c813398
Show file tree

Hide file tree

Showing 65 changed files with 24,383 additions and 11,139 deletions.
diff --git a/azurerm/internal/services/securitycenter/advanced_threat_protection.go b/azurerm/internal/services/securitycenter/advanced_threat_protection.go
@@ -21,7 +21,7 @@ func ParseAdvancedThreatProtectionID(input string) (*AdvancedThreatProtectionRes
 
 	parts := strings.Split(input, "/providers/Microsoft.Security/advancedThreatProtectionSettings/")
 	if len(parts) != 2 {
-		return nil, fmt.Errorf("Error determining target resource ID, resource ID in unexpected format: %q", id)
+		return nil, fmt.Errorf("Determining target resource ID, resource ID in unexpected format: %q", id)
 	}
 
 	return &AdvancedThreatProtectionResourceID{

diff --git a/azurerm/internal/services/securitycenter/client/client.go b/azurerm/internal/services/securitycenter/client/client.go
@@ -1,7 +1,7 @@
 package client
 
 import (
-	"github.com/Azure/azure-sdk-for-go/services/preview/security/mgmt/v1.0/security"
+	"github.com/Azure/azure-sdk-for-go/services/preview/security/mgmt/v3.0/security"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/common"
 )
 

diff --git a/azurerm/internal/services/securitycenter/parse/security_center_subscription_pricing.go b/azurerm/internal/services/securitycenter/parse/security_center_subscription_pricing.go
@@ -0,0 +1,30 @@
+package parse
+
+import (
+	"fmt"
+
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
+)
+
+type SecurityCenterSubscriptionPricingId struct {
+	ResourceType string
+}
+
+func SecurityCenterSubscriptionPricingID(input string) (*SecurityCenterSubscriptionPricingId, error) {
+	id, err := azure.ParseAzureResourceID(input)
+	if err != nil {
+		return nil, fmt.Errorf("unable to parse Security Center Subscription Pricing ID %q: %+v", input, err)
+	}
+
+	pricing := SecurityCenterSubscriptionPricingId{}
+
+	if pricing.ResourceType, err = id.PopSegment("pricings"); err != nil {
+		return nil, err
+	}
+
+	if err := id.ValidateNoEmptySegments(input); err != nil {
+		return nil, err
+	}
+
+	return &pricing, nil
+}
diff --git a/azurerm/internal/services/securitycenter/parse/security_center_subscription_pricing_test.go b/azurerm/internal/services/securitycenter/parse/security_center_subscription_pricing_test.go
@@ -0,0 +1,54 @@
+package parse
+
+import (
+	"testing"
+)
+
+func TestSecurityCenterSubscriptionPricingID(t *testing.T) {
+	testData := []struct {
+		ResourceType string
+		Input        string
+		Error        bool
+		Expect       *SecurityCenterSubscriptionPricingId
+	}{
+		{
+			ResourceType: "Empty",
+			Input:        "",
+			Error:        true,
+		},
+		{
+			ResourceType: "No Pricings Segment",
+			Input:        "/subscriptions/00000000-0000-0000-0000-000000000000",
+			Error:        true,
+		},
+		{
+			ResourceType: "No Pricings Value",
+			Input:        "/subscriptions/00000000-0000-0000-0000-000000000000/pricings/",
+			Error:        true,
+		},
+		{
+			ResourceType: "Security Center Subscription Pricing ID",
+			Input:        "/subscriptions/00000000-0000-0000-0000-000000000000/pricings/VirtualMachines",
+			Expect: &SecurityCenterSubscriptionPricingId{
+				ResourceType: "VirtualMachines",
+			},
+		},
+	}
+
+	for _, v := range testData {
+		t.Logf("[DEBUG] Testing %q", v.ResourceType)
+
+		actual, err := SecurityCenterSubscriptionPricingID(v.Input)
+		if err != nil {
+			if v.Error {
+				continue
+			}
+
+			t.Fatalf("Expected a value but got an error: %s", err)
+		}
+
+		if actual.ResourceType != v.Expect.ResourceType {
+			t.Fatalf("Expected %q but got %q for ResourceType", v.Expect.ResourceType, actual.ResourceType)
+		}
+	}
+}
diff --git a/azurerm/internal/services/securitycenter/resource_arm_advanced_threat_protection.go b/azurerm/internal/services/securitycenter/resource_arm_advanced_threat_protection.go
@@ -5,7 +5,7 @@ import (
 	"log"
 	"time"
 
-	"github.com/Azure/azure-sdk-for-go/services/preview/security/mgmt/v1.0/security"
+	"github.com/Azure/azure-sdk-for-go/services/preview/security/mgmt/v3.0/security"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf"
@@ -59,7 +59,7 @@ func resourceArmAdvancedThreatProtectionCreateUpdate(d *schema.ResourceData, met
 		server, err := client.Get(ctx, resourceID)
 		if err != nil {
 			if !utils.ResponseWasNotFound(server.Response) {
-				return fmt.Errorf("Error checking for presence of existing Advanced Threat Protection for resource %q: %+v", resourceID, err)
+				return fmt.Errorf("Checking for presence of existing Advanced Threat Protection for resource %q: %+v", resourceID, err)
 			}
 		}
 
@@ -76,7 +76,7 @@ func resourceArmAdvancedThreatProtectionCreateUpdate(d *schema.ResourceData, met
 
 	resp, err := client.Create(ctx, resourceID, setting)
 	if err != nil {
-		return fmt.Errorf("Error updating Advanced Threat protection for resource %q: %+v", resourceID, err)
+		return fmt.Errorf("Updating Advanced Threat protection for resource %q: %+v", resourceID, err)
 	}
 
 	if resp.ID == nil {
@@ -105,7 +105,7 @@ func resourceArmAdvancedThreatProtectionRead(d *schema.ResourceData, meta interf
 			return nil
 		}
 
-		return fmt.Errorf("Error reading Advanced Threat protection for resource %q: %+v", id.TargetResourceID, err)
+		return fmt.Errorf("Reading Advanced Threat protection for resource %q: %+v", id.TargetResourceID, err)
 	}
 
 	d.Set("target_resource_id", id.TargetResourceID)
@@ -134,7 +134,7 @@ func resourceArmAdvancedThreatProtectionDelete(d *schema.ResourceData, meta inte
 	}
 
 	if _, err := client.Create(ctx, id.TargetResourceID, setting); err != nil {
-		return fmt.Errorf("Error resetting Advanced Threat protection to false for resource %q: %+v", id.TargetResourceID, err)
+		return fmt.Errorf("Resetting Advanced Threat protection to false for resource %q: %+v", id.TargetResourceID, err)
 	}
 
 	return nil

diff --git a/azurerm/internal/services/securitycenter/resource_arm_security_center_contact.go b/azurerm/internal/services/securitycenter/resource_arm_security_center_contact.go
@@ -5,7 +5,7 @@ import (
 	"log"
 	"time"
 
-	"github.com/Azure/azure-sdk-for-go/services/preview/security/mgmt/v1.0/security"
+	"github.com/Azure/azure-sdk-for-go/services/preview/security/mgmt/v3.0/security"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf"
@@ -75,7 +75,7 @@ func resourceArmSecurityCenterContactCreateUpdate(d *schema.ResourceData, meta i
 		existing, err := client.Get(ctx, name)
 		if err != nil {
 			if !utils.ResponseWasNotFound(existing.Response) {
-				return fmt.Errorf("Error checking for presence of existing Security Center Contact: %+v", err)
+				return fmt.Errorf("Checking for presence of existing Security Center Contact: %+v", err)
 			}
 		}
 
@@ -105,20 +105,20 @@ func resourceArmSecurityCenterContactCreateUpdate(d *schema.ResourceData, meta i
 
 	if d.IsNewResource() {
 		if _, err := client.Create(ctx, name, contact); err != nil {
-			return fmt.Errorf("Error creating Security Center Contact: %+v", err)
+			return fmt.Errorf("Creating Security Center Contact: %+v", err)
 		}
 
 		resp, err := client.Get(ctx, name)
 		if err != nil {
-			return fmt.Errorf("Error reading Security Center Contact: %+v", err)
+			return fmt.Errorf("Reading Security Center Contact: %+v", err)
 		}
 		if resp.ID == nil {
 			return fmt.Errorf("Security Center Contact ID is nil")
 		}
 
 		d.SetId(*resp.ID)
 	} else if _, err := client.Update(ctx, name, contact); err != nil {
-		return fmt.Errorf("Error updating Security Center Contact: %+v", err)
+		return fmt.Errorf("Updating Security Center Contact: %+v", err)
 	}
 
 	return resourceArmSecurityCenterContactRead(d, meta)
@@ -139,7 +139,7 @@ func resourceArmSecurityCenterContactRead(d *schema.ResourceData, meta interface
 			return nil
 		}
 
-		return fmt.Errorf("Error reading Security Center Contact: %+v", err)
+		return fmt.Errorf("Reading Security Center Contact: %+v", err)
 	}
 
 	if properties := resp.ContactProperties; properties != nil {
@@ -166,7 +166,7 @@ func resourceArmSecurityCenterContactDelete(d *schema.ResourceData, meta interfa
 			return nil
 		}
 
-		return fmt.Errorf("Error deleting Security Center Contact: %+v", err)
+		return fmt.Errorf("Deleting Security Center Contact: %+v", err)
 	}
 
 	return nil

diff --git a/...erm/internal/services/securitycenter/resource_arm_security_center_subscription_pricing.go b/...erm/internal/services/securitycenter/resource_arm_security_center_subscription_pricing.go
@@ -5,28 +5,27 @@ import (
 	"log"
 	"time"
 
-	"github.com/Azure/azure-sdk-for-go/services/preview/security/mgmt/v1.0/security"
+	"github.com/Azure/azure-sdk-for-go/services/preview/security/mgmt/v3.0/security"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/securitycenter/parse"
+	azSchema "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/schema"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
 )
 
-// NOTE: seems default is the only valid pricing name:
-// Code="InvalidInputJson" Message="Pricing name 'kt's price' is not allowed. Expected 'default' for this scope."
-const securityCenterSubscriptionPricingName = "default"
-
 func resourceArmSecurityCenterSubscriptionPricing() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceArmSecurityCenterSubscriptionPricingUpdate,
 		Read:   resourceArmSecurityCenterSubscriptionPricingRead,
 		Update: resourceArmSecurityCenterSubscriptionPricingUpdate,
 		Delete: resourceArmSecurityCenterSubscriptionPricingDelete,
 
-		Importer: &schema.ResourceImporter{
-			State: schema.ImportStatePassthrough,
-		},
+		Importer: azSchema.ValidateResourceIDPriorToImport(func(id string) error {
+			_, err := parse.SecurityCenterSubscriptionPricingID(id)
+			return err
+		}),
 
 		Timeouts: &schema.ResourceTimeout{
 			Create: schema.DefaultTimeout(60 * time.Minute),
@@ -35,6 +34,15 @@ func resourceArmSecurityCenterSubscriptionPricing() *schema.Resource {
 			Delete: schema.DefaultTimeout(60 * time.Minute),
 		},
 
+		SchemaVersion: 1,
+		StateUpgraders: []schema.StateUpgrader{
+			{
+				Type:    ResourceArmSecurityCenterSubscriptionPricingV0().CoreConfigSchema().ImpliedType(),
+				Upgrade: ResourceArmSecurityCenterSubscriptionPricingUpgradeV0ToV1,
+				Version: 0,
+			},
+		},
+
 		Schema: map[string]*schema.Schema{
 			"tier": {
 				Type:     schema.TypeString,
@@ -44,6 +52,21 @@ func resourceArmSecurityCenterSubscriptionPricing() *schema.Resource {
 					string(security.Standard),
 				}, false),
 			},
+			"resource_type": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "VirtualMachines",
+				ValidateFunc: validation.StringInSlice([]string{
+					"AppServices",
+					"ContainerRegistry",
+					"KeyVaults",
+					"KubernetesService",
+					"SqlServers",
+					"SqlServerVirtualMachines",
+					"StorageAccounts",
+					"VirtualMachines",
+				}, false),
+			},
 		},
 	}
 }
@@ -53,8 +76,6 @@ func resourceArmSecurityCenterSubscriptionPricingUpdate(d *schema.ResourceData,
 	ctx, cancel := timeouts.ForUpdate(meta.(*clients.Client).StopContext, d)
 	defer cancel()
 
-	name := securityCenterSubscriptionPricingName
-
 	// not doing import check as afaik it always exists (cannot be deleted)
 	// all this resource does is flip a boolean
 
@@ -64,13 +85,15 @@ func resourceArmSecurityCenterSubscriptionPricingUpdate(d *schema.ResourceData,
 		},
 	}
 
-	if _, err := client.UpdateSubscriptionPricing(ctx, name, pricing); err != nil {
-		return fmt.Errorf("Error creating/updating Security Center Subscription pricing: %+v", err)
+	resource_type := d.Get("resource_type").(string)
+
+	if _, err := client.Update(ctx, resource_type, pricing); err != nil {
+		return fmt.Errorf("Creating/updating Security Center Subscription pricing: %+v", err)
 	}
 
-	resp, err := client.GetSubscriptionPricing(ctx, name)
+	resp, err := client.Get(ctx, resource_type)
 	if err != nil {
-		return fmt.Errorf("Error reading Security Center Subscription pricing: %+v", err)
+		return fmt.Errorf("Reading Security Center Subscription pricing: %+v", err)
 	}
 	if resp.ID == nil {
 		return fmt.Errorf("Security Center Subscription pricing ID is nil")
@@ -86,20 +109,26 @@ func resourceArmSecurityCenterSubscriptionPricingRead(d *schema.ResourceData, me
 	ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
 	defer cancel()
 
-	resp, err := client.GetSubscriptionPricing(ctx, securityCenterSubscriptionPricingName)
+	id, err := parse.SecurityCenterSubscriptionPricingID(d.Id())
+	if err != nil {
+		return err
+	}
+
+	resp, err := client.Get(ctx, id.ResourceType)
 	if err != nil {
 		if utils.ResponseWasNotFound(resp.Response) {
-			log.Printf("[DEBUG] Security Center Subscription was not found: %v", err)
+			log.Printf("[DEBUG] %q Security Center Subscription was not found: %v", id.ResourceType, err)
 			d.SetId("")
 			return nil
 		}
 
-		return fmt.Errorf("Error reading Security Center Subscription pricing: %+v", err)
+		return fmt.Errorf("Reading %q Security Center Subscription pricing: %+v", id.ResourceType, err)
 	}
 
 	if properties := resp.PricingProperties; properties != nil {
 		d.Set("tier", properties.PricingTier)
 	}
+	d.Set("resource_type", id.ResourceType)
 
 	return nil
 }

diff --git a/...al/services/securitycenter/resource_arm_security_center_subscription_pricing_migration.go b/...al/services/securitycenter/resource_arm_security_center_subscription_pricing_migration.go
@@ -0,0 +1,37 @@
+package securitycenter
+
+import (
+	"log"
+	"strings"
+
+	"github.com/Azure/azure-sdk-for-go/services/preview/security/mgmt/v3.0/security"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
+)
+
+func ResourceArmSecurityCenterSubscriptionPricingV0() *schema.Resource {
+	return &schema.Resource{
+		Schema: map[string]*schema.Schema{
+			"tier": {
+				Type:     schema.TypeString,
+				Required: true,
+				ValidateFunc: validation.StringInSlice([]string{
+					string(security.Free),
+					string(security.Standard),
+				}, false),
+			},
+		},
+	}
+}
+
+func ResourceArmSecurityCenterSubscriptionPricingUpgradeV0ToV1(rawState map[string]interface{}, meta interface{}) (map[string]interface{}, error) {
+	log.Println("[DEBUG] Migrating ResourceType from v0 to v1 format")
+	oldId := rawState["id"].(string)
+	newId := strings.Replace(oldId, "/default", "/VirtualMachines", 1)
+
+	log.Printf("[DEBUG] Updating ID from %q to %q", oldId, newId)
+
+	rawState["id"] = newId
+
+	return rawState, nil
+}