diff --git a/azurerm/internal/services/network/resource_arm_network_watcher_flow_log.go b/azurerm/internal/services/network/resource_arm_network_watcher_flow_log.go index 9e0e4f819d51..4ae1700b1085 100644 --- a/azurerm/internal/services/network/resource_arm_network_watcher_flow_log.go +++ b/azurerm/internal/services/network/resource_arm_network_watcher_flow_log.go @@ -145,6 +145,13 @@ func resourceArmNetworkWatcherFlowLog() *schema.Resource { }, }, }, + + "version": { + Type: schema.TypeInt, + Optional: true, + Computed: true, + ValidateFunc: validation.IntBetween(1, 2), + }, }, } } @@ -185,6 +192,14 @@ func resourceArmNetworkWatcherFlowLogCreateUpdate(d *schema.ResourceData, meta i parameters.FlowAnalyticsConfiguration = expandAzureRmNetworkWatcherFlowLogTrafficAnalytics(d) } + if version, ok := d.GetOk("version"); ok { + format := &network.FlowLogFormatParameters{ + Version: utils.Int32(int32(version.(int))), + } + + parameters.FlowLogProperties.Format = format + } + future, err := client.SetFlowLogConfiguration(ctx, resourceGroupName, networkWatcherName, parameters) if err != nil { return fmt.Errorf("Error setting Flow Log Configuration for target %q (Network Watcher %q / Resource Group %q): %+v", networkSecurityGroupID, networkWatcherName, resourceGroupName, err) @@ -254,6 +269,10 @@ func resourceArmNetworkWatcherFlowLogRead(d *schema.ResourceData, meta interface if props := fli.FlowLogProperties; props != nil { d.Set("enabled", props.Enabled) + if format := props.Format; format != nil { + d.Set("version", format.Version) + } + // Azure API returns "" when flow log is disabled // Don't overwrite to prevent storage account ID diff when that is the case if props.StorageID != nil && *props.StorageID != "" { diff --git a/azurerm/internal/services/network/tests/resource_arm_network_watcher_flow_log_test.go b/azurerm/internal/services/network/tests/resource_arm_network_watcher_flow_log_test.go index ec9ea202b9d7..b774ebc38511 100644 --- a/azurerm/internal/services/network/tests/resource_arm_network_watcher_flow_log_test.go +++ b/azurerm/internal/services/network/tests/resource_arm_network_watcher_flow_log_test.go @@ -267,6 +267,34 @@ func testAccAzureRMNetworkWatcherFlowLog_trafficAnalytics(t *testing.T) { }) } +func testAccAzureRMNetworkWatcherFlowLog_version(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_network_watcher_flow_log", "test") + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMNetworkWatcherDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMNetworkWatcherFlowLog_versionConfig(data, 1), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMNetworkWatcherFlowLogExists(data.ResourceName), + resource.TestCheckResourceAttr(data.ResourceName, "version", "1"), + ), + }, + data.ImportStep(), + { + Config: testAccAzureRMNetworkWatcherFlowLog_versionConfig(data, 2), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMNetworkWatcherFlowLogExists(data.ResourceName), + resource.TestCheckResourceAttr(data.ResourceName, "version", "2"), + ), + }, + data.ImportStep(), + }, + }) +} + func testCheckAzureRMNetworkWatcherFlowLogExists(name string) resource.TestCheckFunc { return func(s *terraform.State) error { client := acceptance.AzureProvider.Meta().(*clients.Client).Network.WatcherClient @@ -493,3 +521,38 @@ resource "azurerm_network_watcher_flow_log" "test" { } `, testAccAzureRMNetworkWatcherFlowLog_prerequisites(data), data.RandomInteger) } + +func testAccAzureRMNetworkWatcherFlowLog_versionConfig(data acceptance.TestData, version int) string { + return fmt.Sprintf(` +%s + +resource "azurerm_log_analytics_workspace" "test" { + name = "acctestLAW-%d" + location = "${azurerm_resource_group.test.location}" + resource_group_name = "${azurerm_resource_group.test.name}" + sku = "PerGB2018" +} + +resource "azurerm_network_watcher_flow_log" "test" { + network_watcher_name = "${azurerm_network_watcher.test.name}" + resource_group_name = "${azurerm_resource_group.test.name}" + + network_security_group_id = "${azurerm_network_security_group.test.id}" + storage_account_id = "${azurerm_storage_account.test.id}" + enabled = true + version = %d + + retention_policy { + enabled = true + days = 7 + } + + traffic_analytics { + enabled = true + workspace_id = "${azurerm_log_analytics_workspace.test.workspace_id}" + workspace_region = "${azurerm_log_analytics_workspace.test.location}" + workspace_resource_id = "${azurerm_log_analytics_workspace.test.id}" + } +} +`, testAccAzureRMNetworkWatcherFlowLog_prerequisites(data), data.RandomInteger, version) +} diff --git a/azurerm/internal/services/network/tests/resource_arm_network_watcher_test.go b/azurerm/internal/services/network/tests/resource_arm_network_watcher_test.go index e5eef1a801ad..116f1914e8eb 100644 --- a/azurerm/internal/services/network/tests/resource_arm_network_watcher_test.go +++ b/azurerm/internal/services/network/tests/resource_arm_network_watcher_test.go @@ -73,6 +73,7 @@ func TestAccAzureRMNetworkWatcher(t *testing.T) { "retentionPolicy": testAccAzureRMNetworkWatcherFlowLog_retentionPolicy, "updateStorageAccount": testAccAzureRMNetworkWatcherFlowLog_updateStorageAccount, "trafficAnalytics": testAccAzureRMNetworkWatcherFlowLog_trafficAnalytics, + "version": testAccAzureRMNetworkWatcherFlowLog_version, }, } diff --git a/website/docs/r/network_watcher_flow_log.html.markdown b/website/docs/r/network_watcher_flow_log.html.markdown index d255962651e8..4b08f12c7729 100644 --- a/website/docs/r/network_watcher_flow_log.html.markdown +++ b/website/docs/r/network_watcher_flow_log.html.markdown @@ -88,6 +88,8 @@ The following arguments are supported: * `traffic_analytics` - (Optional) A `traffic_analytics` block as documented below. +* `version` - (Optional) The version (revision) of the flow log. Possible values are `1` and `2`. + --- * `retention_policy` supports the following: