Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azurerm_key_vault - persist change for network_acls when allowing AzureServices #4805

Closed
wants to merge 3 commits into from
Closed

azurerm_key_vault - persist change for network_acls when allowing AzureServices #4805

wants to merge 3 commits into from

Conversation

richardzone
Copy link
Contributor

This commit fix #2164.

How to reproduce the bug:

  1. terraform apply the following Terraform configuration:
resource "azurerm_key_vault" "test_kv" {
  name                = "test-kv"
  ...

  network_acls {
    default_action             = "Allow"
    bypass                     = "AzureServices"
  }
}
  1. Do a terraform plan with the same above configuration. It will incorrectly shows changes - Terraform trys to re-add the network_acls.

@ghost ghost added the size/XS label Nov 5, 2019
@richardzone richardzone mentioned this pull request Nov 5, 2019
Closed
@richardzone
Copy link
Contributor Author

@tombuildsstuff Hi Tom, I wonder if you have some time to help review the PR?

@mbfrahry
Copy link
Member

mbfrahry commented Nov 12, 2019
edited
Loading

Hey @richardzone, this looks good at a glance but could you add a test so we can confirm that this works/will continue to work

@katbyte
Copy link
Collaborator

katbyte commented Nov 17, 2019

@richardzone,

It sounds like this is a bug in the API not returning the values? Would it make sense to open an issue on the SDK and link to it in a comment here explaining why this is required?

@katbyte katbyte changed the title Fix #2164 aazurerm_key_vault - persist change for network_acls when allowing AzureServices Nov 17, 2019
@katbyte katbyte changed the title aazurerm_key_vault - persist change for network_acls when allowing AzureServices azurerm_key_vault - persist change for network_acls when allowing AzureServices Nov 17, 2019
@tombuildsstuff tombuildsstuff mentioned this pull request Dec 18, 2019
Merged
@tombuildsstuff
Copy link
Contributor

hey @richardzone

Thanks for this PR - apologies for the delayed review here!

After spending some time with this Pull Request and playing with the API to confirm the behaviour we believe it'd be better to return a default object matching the API behaviour for the network_acls block (e.g. defaulted to Allow, as the API behaves) - rather than omiting this from the diff. In order to achieve this we'd need to also make this block Computed - since this behaviour would be configured by default unless a user opted to change it.

As such whilst I'd like to thank you for this contribution - since these are fairly substantial changes, I hope you don't mind but I'm going to close this PR in favour of #5207 which implements this.

Thanks!

katbyte pushed a commit that referenced this pull request Dec 18, 2019
@tombuildsstuff @katbyte
r/key_vault: making the network_acls block computed (#5207)
f7c9985 
This PR supersedes #4805 by making the network_acls block computed with a default value based on the behaviour of the API

$ acctests azurerm TestAccAzureRMKeyVault_networkAcls
=== RUN   TestAccAzureRMKeyVault_networkAcls
=== PAUSE TestAccAzureRMKeyVault_networkAcls
=== RUN   TestAccAzureRMKeyVault_networkAclsAllowed
=== PAUSE TestAccAzureRMKeyVault_networkAclsAllowed
=== CONT  TestAccAzureRMKeyVault_networkAcls
--- PASS: TestAccAzureRMKeyVault_networkAcls (347.28s)
=== CONT  TestAccAzureRMKeyVault_networkAclsAllowed
--- PASS: TestAccAzureRMKeyVault_networkAclsAllowed (247.89s)
PASS
ok  	github.com/terraform-providers/terraform-provider-azurerm/azurerm	595.221s
Fixes #2164
@richardzone
Copy link
Contributor Author

No worries @tombuildsstuff , thanks for fixing this!

@ghost ghost removed the waiting-response label Dec 19, 2019
@ghost
Copy link

ghost commented Mar 29, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 29, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
service/key-vault Key Vault size/XS
Projects
None yet
Milestone
No milestone
4 participants
@richardzone @mbfrahry @katbyte @tombuildsstuff