From bb74eca24ad40d5c07adce81880d0a6d4515029e Mon Sep 17 00:00:00 2001
From: diklatze <diklatzemah@gmail.com>
Date: Tue, 2 Aug 2022 15:56:37 +0300
Subject: [PATCH] change sku tier to not force new (#17577)

* change sku tier to ot force new

* add test

* Update internal/services/firewall/firewall_resource.go

Co-authored-by: kt <kt@katbyte.me>

* Update internal/services/firewall/firewall_resource_test.go

Co-authored-by: kt <kt@katbyte.me>

* add cost and upadated doc

* add quotes to around sku value in test config

Co-authored-by: Dikla Tzemah Weyl <dtzemahweyl@microsoft.com>
Co-authored-by: kt <kt@katbyte.me>
Co-authored-by: Steph <steph@hashicorp.com>
---
 .../services/firewall/firewall_resource.go    |  1 -
 .../firewall/firewall_resource_test.go        | 80 +++++++++++++++++++
 website/docs/r/firewall.html.markdown         |  2 +-
 3 files changed, 81 insertions(+), 2 deletions(-)

diff --git a/internal/services/firewall/firewall_resource.go b/internal/services/firewall/firewall_resource.go
index e65975c52606..843cb7b0a5e8 100644
--- a/internal/services/firewall/firewall_resource.go
+++ b/internal/services/firewall/firewall_resource.go
@@ -74,7 +74,6 @@ func resourceFirewall() *pluginsdk.Resource {
 			"sku_tier": {
 				Type:     pluginsdk.TypeString,
 				Required: true,
-				ForceNew: true,
 				ValidateFunc: validation.StringInSlice([]string{
 					string(network.AzureFirewallSkuTierPremium),
 					string(network.AzureFirewallSkuTierStandard),
diff --git a/internal/services/firewall/firewall_resource_test.go b/internal/services/firewall/firewall_resource_test.go
index a4b9b8a095ac..84b5ebdf6ccc 100644
--- a/internal/services/firewall/firewall_resource_test.go
+++ b/internal/services/firewall/firewall_resource_test.go
@@ -16,6 +16,9 @@ import (
 
 type FirewallResource struct{}
 
+const premium = "Premium"
+const standard = "Standard"
+
 func TestAccFirewall_basic(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azurerm_firewall", "test")
 	r := FirewallResource{}
@@ -194,6 +197,31 @@ func TestAccFirewall_withZones(t *testing.T) {
 	})
 }
 
+func TestAccFirewall_skuTierUpdate(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_firewall", "test")
+	r := FirewallResource{}
+	skuTier := standard
+	skuTierUpdate := premium
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.withSkuTier(data, skuTier),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+				check.That(data.ResourceName).Key("sku_tier").HasValue("Standard"),
+			),
+		},
+		{
+			Config: r.withSkuTier(data, skuTierUpdate),
+			Check: acceptance.ComposeTestCheckFunc(
+
+				check.That(data.ResourceName).ExistsInAzure(r),
+				check.That(data.ResourceName).Key("sku_tier").HasValue("Premium"),
+			),
+		},
+	})
+}
+
 func TestAccFirewall_withoutZone(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azurerm_firewall", "test")
 	r := FirewallResource{}
@@ -764,6 +792,58 @@ resource "azurerm_firewall" "test" {
 `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger)
 }
 
+func (FirewallResource) withSkuTier(data acceptance.TestData, skuTier string) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-fw-%d"
+  location = "%s"
+}
+
+resource "azurerm_virtual_network" "test" {
+  name                = "acctestvirtnet%d"
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+}
+
+resource "azurerm_subnet" "test" {
+  name                 = "AzureFirewallSubnet"
+  resource_group_name  = azurerm_resource_group.test.name
+  virtual_network_name = azurerm_virtual_network.test.name
+  address_prefixes     = ["10.0.1.0/24"]
+}
+
+resource "azurerm_public_ip" "test" {
+  name                = "acctestpip%d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+  allocation_method   = "Static"
+  sku                 = "Standard"
+  zones               = []
+}
+
+resource "azurerm_firewall" "test" {
+  name                = "acctestfirewall%d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+  sku_name            = "AZFW_VNet"
+  sku_tier            = "%s"
+
+  ip_configuration {
+    name                 = "configuration"
+    subnet_id            = azurerm_subnet.test.id
+    public_ip_address_id = azurerm_public_ip.test.id
+  }
+
+  zones = []
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger, skuTier)
+}
+
 func (FirewallResource) withZones(data acceptance.TestData, zones []string) string {
 	zoneString := strings.Join(zones, ",")
 	return fmt.Sprintf(`
diff --git a/website/docs/r/firewall.html.markdown b/website/docs/r/firewall.html.markdown
index ae16b77bab5b..b83967d8c625 100644
--- a/website/docs/r/firewall.html.markdown
+++ b/website/docs/r/firewall.html.markdown
@@ -68,7 +68,7 @@ The following arguments are supported:
 
 * `sku_name` - (Required) SKU name of the Firewall. Possible values are `AZFW_Hub` and `AZFW_VNet`.  Changing this forces a new resource to be created.
 
-* `sku_tier` - (Required) SKU tier of the Firewall. Possible values are `Premium` and `Standard`.  Changing this forces a new resource to be created.
+* `sku_tier` - (Required) SKU tier of the Firewall. Possible values are `Premium` and `Standard`.
 
 * `firewall_policy_id` - (Optional) The ID of the Firewall Policy applied to this Firewall.