diff --git a/internal/services/cosmos/cosmosdb_account_resource.go b/internal/services/cosmos/cosmosdb_account_resource.go index 8bc1257b5a15..6399643d640e 100644 --- a/internal/services/cosmos/cosmosdb_account_resource.go +++ b/internal/services/cosmos/cosmosdb_account_resource.go @@ -461,22 +461,22 @@ func resourceCosmosDbAccount() *pluginsdk.Resource { Default: false, }, - "virtual_network_rule": { + "virtual_network_subnet_ids": { Type: pluginsdk.TypeSet, Optional: true, - Elem: &pluginsdk.Resource{ - Schema: map[string]*pluginsdk.Schema{ - "id": { - Type: pluginsdk.TypeString, - Required: true, - ValidateFunc: azure.ValidateResourceID, - }, - "ignore_missing_vnet_service_endpoint": { - Type: pluginsdk.TypeBool, - Optional: true, - Default: false, - }, - }, + Elem: &pluginsdk.Schema{ + Type: pluginsdk.TypeString, + ValidateFunc: azure.ValidateResourceID, + }, + Set: resourceAzureRMCosmosDBAccountVirtualNetworkRuleHash, + }, + + "virtual_network_subnet_ids_ignore_missing_vnet_service_endpoint": { + Type: pluginsdk.TypeSet, + Optional: true, + Elem: &pluginsdk.Schema{ + Type: pluginsdk.TypeString, + ValidateFunc: azure.ValidateResourceID, }, Set: resourceAzureRMCosmosDBAccountVirtualNetworkRuleHash, }, @@ -778,6 +778,55 @@ func resourceCosmosDbAccount() *pluginsdk.Resource { Default: string(cosmosdb.MinimalTlsVersionTlsOneTwo), ValidateFunc: validation.StringInSlice(cosmosdb.PossibleValuesForMinimalTlsVersion(), false), } + + resource.Schema["virtual_network_subnet_ids"] = &pluginsdk.Schema{ + Type: pluginsdk.TypeSet, + Optional: true, + Computed: true, + ConflictsWith: []string{"virtual_network_rule"}, + Elem: &pluginsdk.Schema{ + Type: pluginsdk.TypeString, + ValidateFunc: azure.ValidateResourceID, + }, + Set: resourceAzureRMCosmosDBAccountVirtualNetworkRuleHash, + } + + resource.Schema["virtual_network_subnet_ids_ignore_missing_vnet_service_endpoint"] = &pluginsdk.Schema{ + Type: pluginsdk.TypeSet, + Optional: true, + Computed: true, + ConflictsWith: []string{"virtual_network_rule"}, + Elem: &pluginsdk.Schema{ + Type: pluginsdk.TypeString, + ValidateFunc: azure.ValidateResourceID, + }, + Set: resourceAzureRMCosmosDBAccountVirtualNetworkRuleHash, + } + + resource.Schema["virtual_network_rule"] = &pluginsdk.Schema{ + Type: pluginsdk.TypeSet, + Optional: true, + Computed: true, + ConflictsWith: []string{ + "virtual_network_subnet_ids", + "virtual_network_subnet_ids_ignore_missing_vnet_service_endpoint", + }, + Elem: &pluginsdk.Resource{ + Schema: map[string]*pluginsdk.Schema{ + "id": { + Type: pluginsdk.TypeString, + Required: true, + ValidateFunc: azure.ValidateResourceID, + }, + "ignore_missing_vnet_service_endpoint": { + Type: pluginsdk.TypeBool, + Optional: true, + Default: false, + }, + }, + }, + Set: resourceAzureRMCosmosDBAccountVirtualNetworkRuleHash, + } } return resource @@ -871,7 +920,6 @@ func resourceCosmosDbAccountCreate(d *pluginsdk.ResourceData, meta interface{}) Locations: geoLocations, Capabilities: capabilities, MinimalTlsVersion: pointer.To(cosmosdb.MinimalTlsVersion(d.Get("minimal_tls_version").(string))), - VirtualNetworkRules: expandAzureRmCosmosDBAccountVirtualNetworkRules(d), EnableMultipleWriteLocations: utils.Bool(enableMultipleWriteLocations), EnablePartitionMerge: pointer.To(partitionMergeEnabled), EnableBurstCapacity: pointer.To(burstCapacityEnabled), @@ -886,6 +934,12 @@ func resourceCosmosDbAccountCreate(d *pluginsdk.ResourceData, meta interface{}) Tags: tags.Expand(t), } + if !features.FivePointOhBeta() { + account.Properties.VirtualNetworkRules = expandAzureRmCosmosDBAccountVirtualNetworkRules(d) + } else { + account.Properties.VirtualNetworkRules = expandAzureRmCosmosDBAccountVirtualNetworkSubnetIds(d) + } + // These values may not have changed but they need to be in the update params... if v, ok := d.GetOk("default_identity_type"); ok { account.Properties.DefaultIdentity = pointer.To(v.(string)) @@ -1069,7 +1123,8 @@ func resourceCosmosDbAccountUpdate(d *pluginsdk.ResourceData, meta interface{}) // are included in the 'DatabaseAccountCreateUpdateParameters' // later, however we need to know if they changed or not... // TODO Post 4.0 remove `enable_automatic_failover` from this list - if d.HasChanges("consistency_policy", "virtual_network_rule", "cors_rule", "access_key_metadata_writes_enabled", + if d.HasChanges("consistency_policy", "virtual_network_rule", "virtual_network_subnet_ids", + "virtual_network_subnet_ids_ignore_missing_vnet_service_endpoint", "cors_rule", "access_key_metadata_writes_enabled", "network_acl_bypass_for_azure_services", "network_acl_bypass_ids", "analytical_storage", "capacity", "create_mode", "restore", "key_vault_key_id", "managed_hsm_key_id", "mongo_server_version", "public_network_access_enabled", "ip_range_filter", "offer_type", "is_virtual_network_filter_enabled", @@ -1112,7 +1167,6 @@ func resourceCosmosDbAccountUpdate(d *pluginsdk.ResourceData, meta interface{}) Capabilities: capabilities, ConsistencyPolicy: expandAzureRmCosmosDBAccountConsistencyPolicy(d), Locations: cosmosLocations, - VirtualNetworkRules: expandAzureRmCosmosDBAccountVirtualNetworkRules(d), EnableMultipleWriteLocations: props.EnableMultipleWriteLocations, PublicNetworkAccess: pointer.To(publicNetworkAccess), EnableAnalyticalStorage: enableAnalyticalStorage, @@ -1128,6 +1182,12 @@ func resourceCosmosDbAccountUpdate(d *pluginsdk.ResourceData, meta interface{}) Tags: t, } + if !features.FivePointOhBeta() { + account.Properties.VirtualNetworkRules = expandAzureRmCosmosDBAccountVirtualNetworkRules(d) + } else { + account.Properties.VirtualNetworkRules = expandAzureRmCosmosDBAccountVirtualNetworkSubnetIds(d) + } + if key, err := customermanagedkeys.ExpandKeyVaultOrManagedHSMKey(d, customermanagedkeys.VersionTypeAny, apiEnvs.KeyVault, apiEnvs.ManagedHSM); err != nil { return err } else if key != nil { @@ -1459,8 +1519,17 @@ func resourceCosmosDbAccountRead(d *pluginsdk.ResourceData, meta interface{}) er return fmt.Errorf("setting `capabilities`: %+v", err) } - if err = d.Set("virtual_network_rule", flattenAzureRmCosmosDBAccountVirtualNetworkRules(props.VirtualNetworkRules)); err != nil { - return fmt.Errorf("setting `virtual_network_rule`: %+v", err) + if !features.FivePointOhBeta() { + if err = d.Set("virtual_network_rule", flattenAzureRmCosmosDBAccountVirtualNetworkRules(props.VirtualNetworkRules)); err != nil { + return fmt.Errorf("setting `virtual_network_rule`: %+v", err) + } + } else { + if err = d.Set("virtual_network_subnet_ids", flattenAzureRmCosmosDBAccountVirtualNetworkSubnetIds(props.VirtualNetworkRules)); err != nil { + return fmt.Errorf("setting `virtual_network_subnet_ids`: %+v", err) + } + if err = d.Set("virtual_network_subnet_ids_ignore_missing_vnet_service_endpoint", flattenAzureRmCosmosDBAccountVirtualNetworkSubnetIdsIgnoreMissingVnetServiceEndpoint(props.VirtualNetworkRules)); err != nil { + return fmt.Errorf("setting `virtual_network_subnet_ids_ignore_missing_vnet_service_endpoint`: %+v", err) + } } d.Set("access_key_metadata_writes_enabled", !*props.DisableKeyBasedMetadataWriteAccess) @@ -1804,6 +1873,28 @@ func expandAzureRmCosmosDBAccountVirtualNetworkRules(d *pluginsdk.ResourceData) return &s } +func expandAzureRmCosmosDBAccountVirtualNetworkSubnetIds(d *pluginsdk.ResourceData) *[]cosmosdb.VirtualNetworkRule { + subnetIds := d.Get("virtual_network_subnet_ids").(*pluginsdk.Set).List() + subnetIdsIgnoreMissingVnetServiceEndpoint := d.Get("virtual_network_subnet_ids_ignore_missing_vnet_service_endpoint").(*pluginsdk.Set).List() + + s := make([]cosmosdb.VirtualNetworkRule, 0) + for _, id := range subnetIds { + s = append(s, cosmosdb.VirtualNetworkRule{ + Id: pointer.To(id.(string)), + IgnoreMissingVNetServiceEndpoint: pointer.FromBool(false), + }) + } + + for _, id := range subnetIdsIgnoreMissingVnetServiceEndpoint { + s = append(s, cosmosdb.VirtualNetworkRule{ + Id: pointer.To(id.(string)), + IgnoreMissingVNetServiceEndpoint: pointer.FromBool(true), + }) + } + + return &s +} + func flattenAzureRmCosmosDBAccountConsistencyPolicy(policy *cosmosdb.ConsistencyPolicy) []interface{} { result := map[string]interface{}{} result["consistency_level"] = string(policy.DefaultConsistencyLevel) @@ -1908,6 +1999,38 @@ func flattenAzureRmCosmosDBAccountVirtualNetworkRules(rules *[]cosmosdb.VirtualN return &results } +func flattenAzureRmCosmosDBAccountVirtualNetworkSubnetIds(rules *[]cosmosdb.VirtualNetworkRule) *pluginsdk.Set { + result := pluginsdk.Set{ + F: resourceAzureRMCosmosDBAccountVirtualNetworkRuleHash, + } + + if rules != nil { + for _, r := range *rules { + if !pointer.From(r.IgnoreMissingVNetServiceEndpoint) { + result.Add(pointer.From(r.Id)) + } + } + } + + return &result +} + +func flattenAzureRmCosmosDBAccountVirtualNetworkSubnetIdsIgnoreMissingVnetServiceEndpoint(rules *[]cosmosdb.VirtualNetworkRule) *pluginsdk.Set { + result := pluginsdk.Set{ + F: resourceAzureRMCosmosDBAccountVirtualNetworkRuleHash, + } + + if rules != nil { + for _, r := range *rules { + if pointer.From(r.IgnoreMissingVNetServiceEndpoint) { + result.Add(pointer.From(r.Id)) + } + } + } + + return &result +} + func resourceAzureRMCosmosDBAccountGeoLocationHash(v interface{}) int { var buf bytes.Buffer diff --git a/internal/services/cosmos/cosmosdb_account_resource_test.go b/internal/services/cosmos/cosmosdb_account_resource_test.go index 68a9402ccd0a..3bd47f8d2c00 100644 --- a/internal/services/cosmos/cosmosdb_account_resource_test.go +++ b/internal/services/cosmos/cosmosdb_account_resource_test.go @@ -1711,7 +1711,8 @@ resource "azurerm_subnet" "subnet2" { } func (r CosmosDBAccountResource) complete(data acceptance.TestData, kind cosmosdb.DatabaseAccountKind, consistency cosmosdb.DefaultConsistencyLevel) string { - return fmt.Sprintf(` + if !features.FivePointOhBeta() { + return fmt.Sprintf(` %[1]s resource "azurerm_cosmosdb_account" "test" { @@ -1765,11 +1766,65 @@ resource "azurerm_cosmosdb_account" "test" { access_key_metadata_writes_enabled = false network_acl_bypass_for_azure_services = true } +`, r.completePreReqs(data), data.RandomInteger, string(kind), string(consistency), data.Locations.Secondary, data.Locations.Ternary) + } + return fmt.Sprintf(` +%[1]s + +resource "azurerm_cosmosdb_account" "test" { + name = "acctest-ca-%[2]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + offer_type = "Standard" + kind = "%[3]s" + + consistency_policy { + consistency_level = "%[4]s" + max_interval_in_seconds = 300 + max_staleness_prefix = 170000 + } + + is_virtual_network_filter_enabled = true + + virtual_network_subnet_ids = [ + azurerm_subnet.subnet1.id, + azurerm_subnet.subnet2.id + ] + + multiple_write_locations_enabled = true + + geo_location { + location = azurerm_resource_group.test.location + failover_priority = 0 + } + + geo_location { + location = "%[5]s" + failover_priority = 1 + } + + geo_location { + location = "%[6]s" + failover_priority = 2 + } + + cors_rule { + allowed_origins = ["http://www.example.com"] + exposed_headers = ["x-tempo-*"] + allowed_headers = ["x-tempo-*"] + allowed_methods = ["GET", "PUT"] + max_age_in_seconds = 500 + } + + access_key_metadata_writes_enabled = false + network_acl_bypass_for_azure_services = true +} `, r.completePreReqs(data), data.RandomInteger, string(kind), string(consistency), data.Locations.Secondary, data.Locations.Ternary) } func (r CosmosDBAccountResource) completeTags(data acceptance.TestData, kind cosmosdb.DatabaseAccountKind, consistency cosmosdb.DefaultConsistencyLevel) string { - return fmt.Sprintf(` + if !features.FivePointOhBeta() { + return fmt.Sprintf(` %[1]s resource "azurerm_cosmosdb_account" "test" { @@ -1826,11 +1881,68 @@ resource "azurerm_cosmosdb_account" "test" { ENV = "Test" } } +`, r.completePreReqs(data), data.RandomInteger, string(kind), string(consistency), data.Locations.Secondary, data.Locations.Ternary) + } + return fmt.Sprintf(` +%[1]s + +resource "azurerm_cosmosdb_account" "test" { + name = "acctest-ca-%[2]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + offer_type = "Standard" + kind = "%[3]s" + + consistency_policy { + consistency_level = "%[4]s" + max_interval_in_seconds = 300 + max_staleness_prefix = 170000 + } + + is_virtual_network_filter_enabled = true + + virtual_network_subnet_ids = [ + azurerm_subnet.subnet1.id, + azurerm_subnet.subnet2.id + ] + + multiple_write_locations_enabled = true + + geo_location { + location = azurerm_resource_group.test.location + failover_priority = 0 + } + + geo_location { + location = "%[5]s" + failover_priority = 1 + } + + geo_location { + location = "%[6]s" + failover_priority = 2 + } + + cors_rule { + allowed_origins = ["http://www.example.com"] + exposed_headers = ["x-tempo-*"] + allowed_headers = ["x-tempo-*"] + allowed_methods = ["GET", "PUT"] + max_age_in_seconds = 500 + } + access_key_metadata_writes_enabled = false + network_acl_bypass_for_azure_services = true + + tags = { + ENV = "Test" + } +} `, r.completePreReqs(data), data.RandomInteger, string(kind), string(consistency), data.Locations.Secondary, data.Locations.Ternary) } func (r CosmosDBAccountResource) completeMongoDB(data acceptance.TestData, consistency cosmosdb.DefaultConsistencyLevel) string { - return fmt.Sprintf(` + if !features.FivePointOhBeta() { + return fmt.Sprintf(` %[1]s resource "azurerm_cosmosdb_account" "test" { @@ -1888,6 +2000,63 @@ resource "azurerm_cosmosdb_account" "test" { access_key_metadata_writes_enabled = false network_acl_bypass_for_azure_services = true } +`, r.completePreReqs(data), data.RandomInteger, string(consistency), data.Locations.Secondary, data.Locations.Ternary) + } + return fmt.Sprintf(` +%[1]s + +resource "azurerm_cosmosdb_account" "test" { + name = "acctest-ca-%[2]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + offer_type = "Standard" + kind = "MongoDB" + + capabilities { + name = "EnableMongo" + } + + consistency_policy { + consistency_level = "%[3]s" + max_interval_in_seconds = 300 + max_staleness_prefix = 170000 + } + + is_virtual_network_filter_enabled = true + + virtual_network_subnet_ids = [ + azurerm_subnet.subnet1.id, + azurerm_subnet.subnet2.id + ] + + multiple_write_locations_enabled = true + + geo_location { + location = azurerm_resource_group.test.location + failover_priority = 0 + } + + geo_location { + location = "%[4]s" + failover_priority = 1 + } + + geo_location { + location = "%[5]s" + failover_priority = 2 + } + + cors_rule { + allowed_origins = ["http://www.example.com"] + exposed_headers = ["x-tempo-*"] + allowed_headers = ["x-tempo-*"] + allowed_methods = ["GET", "PUT"] + max_age_in_seconds = 500 + } + + access_key_metadata_writes_enabled = false + network_acl_bypass_for_azure_services = true +} `, r.completePreReqs(data), data.RandomInteger, string(consistency), data.Locations.Secondary, data.Locations.Ternary) } @@ -1947,36 +2116,303 @@ resource "azurerm_cosmosdb_account" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name offer_type = "Standard" - kind = "MongoDB" + kind = "MongoDB" + + capabilities { + name = "EnableMongo" + } + + multiple_write_locations_enabled = true + + consistency_policy { + consistency_level = "BoundedStaleness" + max_interval_in_seconds = 300 + max_staleness_prefix = 100000 + } + + geo_location { + location = azurerm_resource_group.test.location + failover_priority = 0 + } + + geo_location { + location = "%s" + failover_priority = 1 + zone_redundant = true + } +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.Locations.Secondary) +} + +func (r CosmosDBAccountResource) completeUpdated(data acceptance.TestData, kind cosmosdb.DatabaseAccountKind, consistency cosmosdb.DefaultConsistencyLevel) string { + if !features.FivePointOhBeta() { + return fmt.Sprintf(` +%[1]s + +resource "azurerm_cosmosdb_account" "test" { + name = "acctest-ca-%[2]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + offer_type = "Standard" + kind = "%[3]s" + + capabilities { + name = "DisableRateLimitingResponses" + } + + capabilities { + name = "AllowSelfServeUpgradeToMongo36" + } + + capabilities { + name = "EnableAggregationPipeline" + } + + capabilities { + name = "mongoEnableDocLevelTTL" + } + + consistency_policy { + consistency_level = "%[4]s" + max_interval_in_seconds = 360 + max_staleness_prefix = 170000 + } + + is_virtual_network_filter_enabled = true + + virtual_network_rule { + id = azurerm_subnet.subnet2.id + } + + multiple_write_locations_enabled = true + + geo_location { + location = azurerm_resource_group.test.location + failover_priority = 0 + } + + geo_location { + location = "%[5]s" + failover_priority = 1 + } + + geo_location { + location = "%[6]s" + failover_priority = 2 + } + + cors_rule { + allowed_origins = ["http://www.example.com", "http://www.test.com"] + exposed_headers = ["x-tempo-*", "x-method-*"] + allowed_headers = ["*"] + allowed_methods = ["GET"] + max_age_in_seconds = 2147483647 + } + + access_key_metadata_writes_enabled = true +} +`, r.completePreReqs(data), data.RandomInteger, string(kind), string(consistency), data.Locations.Secondary, data.Locations.Ternary) + } + return fmt.Sprintf(` +%[1]s + +resource "azurerm_cosmosdb_account" "test" { + name = "acctest-ca-%[2]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + offer_type = "Standard" + kind = "%[3]s" + + capabilities { + name = "DisableRateLimitingResponses" + } + + capabilities { + name = "AllowSelfServeUpgradeToMongo36" + } + + capabilities { + name = "EnableAggregationPipeline" + } + + capabilities { + name = "mongoEnableDocLevelTTL" + } + + consistency_policy { + consistency_level = "%[4]s" + max_interval_in_seconds = 360 + max_staleness_prefix = 170000 + } + + is_virtual_network_filter_enabled = true + + virtual_network_subnet_ids = [ + azurerm_subnet.subnet2.id + ] + + multiple_write_locations_enabled = true + + geo_location { + location = azurerm_resource_group.test.location + failover_priority = 0 + } + + geo_location { + location = "%[5]s" + failover_priority = 1 + } + + geo_location { + location = "%[6]s" + failover_priority = 2 + } + + cors_rule { + allowed_origins = ["http://www.example.com", "http://www.test.com"] + exposed_headers = ["x-tempo-*", "x-method-*"] + allowed_headers = ["*"] + allowed_methods = ["GET"] + max_age_in_seconds = 2147483647 + } + + access_key_metadata_writes_enabled = true +} +`, r.completePreReqs(data), data.RandomInteger, string(kind), string(consistency), data.Locations.Secondary, data.Locations.Ternary) +} + +func (r CosmosDBAccountResource) completeUpdated_RemoveDisableRateLimitingResponsesCapabilities(data acceptance.TestData, kind cosmosdb.DatabaseAccountKind, consistency cosmosdb.DefaultConsistencyLevel) string { + if !features.FivePointOhBeta() { + return fmt.Sprintf(` +%[1]s + +resource "azurerm_cosmosdb_account" "test" { + name = "acctest-ca-%[2]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + offer_type = "Standard" + kind = "%[3]s" + + capabilities { + name = "AllowSelfServeUpgradeToMongo36" + } + + capabilities { + name = "EnableAggregationPipeline" + } + + capabilities { + name = "mongoEnableDocLevelTTL" + } + + consistency_policy { + consistency_level = "%[4]s" + max_interval_in_seconds = 360 + max_staleness_prefix = 170000 + } + + is_virtual_network_filter_enabled = true + + virtual_network_rule { + id = azurerm_subnet.subnet2.id + } + + multiple_write_locations_enabled = true + + geo_location { + location = azurerm_resource_group.test.location + failover_priority = 0 + } + + geo_location { + location = "%[5]s" + failover_priority = 1 + } + + geo_location { + location = "%[6]s" + failover_priority = 2 + } + + cors_rule { + allowed_origins = ["http://www.example.com", "http://www.test.com"] + exposed_headers = ["x-tempo-*", "x-method-*"] + allowed_headers = ["*"] + allowed_methods = ["GET"] + max_age_in_seconds = 2147483647 + } + + access_key_metadata_writes_enabled = true +} +`, r.completePreReqs(data), data.RandomInteger, string(kind), string(consistency), data.Locations.Secondary, data.Locations.Ternary) + } + return fmt.Sprintf(` +%[1]s + +resource "azurerm_cosmosdb_account" "test" { + name = "acctest-ca-%[2]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + offer_type = "Standard" + kind = "%[3]s" capabilities { - name = "EnableMongo" + name = "AllowSelfServeUpgradeToMongo36" } - multiple_write_locations_enabled = true + capabilities { + name = "EnableAggregationPipeline" + } + + capabilities { + name = "mongoEnableDocLevelTTL" + } consistency_policy { - consistency_level = "BoundedStaleness" - max_interval_in_seconds = 300 - max_staleness_prefix = 100000 + consistency_level = "%[4]s" + max_interval_in_seconds = 360 + max_staleness_prefix = 170000 } + is_virtual_network_filter_enabled = true + + virtual_network_subnet_ids = [ + azurerm_subnet.subnet2.id + ] + + multiple_write_locations_enabled = true + geo_location { location = azurerm_resource_group.test.location failover_priority = 0 } geo_location { - location = "%s" + location = "%[5]s" failover_priority = 1 - zone_redundant = true } + + geo_location { + location = "%[6]s" + failover_priority = 2 + } + + cors_rule { + allowed_origins = ["http://www.example.com", "http://www.test.com"] + exposed_headers = ["x-tempo-*", "x-method-*"] + allowed_headers = ["*"] + allowed_methods = ["GET"] + max_age_in_seconds = 2147483647 + } + + access_key_metadata_writes_enabled = true } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.Locations.Secondary) +`, r.completePreReqs(data), data.RandomInteger, string(kind), string(consistency), data.Locations.Secondary, data.Locations.Ternary) } -func (r CosmosDBAccountResource) completeUpdated(data acceptance.TestData, kind cosmosdb.DatabaseAccountKind, consistency cosmosdb.DefaultConsistencyLevel) string { - return fmt.Sprintf(` +func (r CosmosDBAccountResource) completeUpdatedMongoDB(data acceptance.TestData, consistency cosmosdb.DefaultConsistencyLevel) string { + if !features.FivePointOhBeta() { + return fmt.Sprintf(` %[1]s resource "azurerm_cosmosdb_account" "test" { @@ -1984,7 +2420,11 @@ resource "azurerm_cosmosdb_account" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name offer_type = "Standard" - kind = "%[3]s" + kind = "MongoDB" + + capabilities { + name = "EnableMongo" + } capabilities { name = "DisableRateLimitingResponses" @@ -1998,12 +2438,16 @@ resource "azurerm_cosmosdb_account" "test" { name = "EnableAggregationPipeline" } + capabilities { + name = "MongoDBv3.4" + } + capabilities { name = "mongoEnableDocLevelTTL" } consistency_policy { - consistency_level = "%[4]s" + consistency_level = "%[3]s" max_interval_in_seconds = 360 max_staleness_prefix = 170000 } @@ -2022,12 +2466,12 @@ resource "azurerm_cosmosdb_account" "test" { } geo_location { - location = "%[5]s" + location = "%[4]s" failover_priority = 1 } geo_location { - location = "%[6]s" + location = "%[5]s" failover_priority = 2 } @@ -2038,13 +2482,10 @@ resource "azurerm_cosmosdb_account" "test" { allowed_methods = ["GET"] max_age_in_seconds = 2147483647 } - access_key_metadata_writes_enabled = true } -`, r.completePreReqs(data), data.RandomInteger, string(kind), string(consistency), data.Locations.Secondary, data.Locations.Ternary) -} - -func (r CosmosDBAccountResource) completeUpdated_RemoveDisableRateLimitingResponsesCapabilities(data acceptance.TestData, kind cosmosdb.DatabaseAccountKind, consistency cosmosdb.DefaultConsistencyLevel) string { +`, r.completePreReqs(data), data.RandomInteger, string(consistency), data.Locations.Secondary, data.Locations.Ternary) + } return fmt.Sprintf(` %[1]s @@ -2053,7 +2494,15 @@ resource "azurerm_cosmosdb_account" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name offer_type = "Standard" - kind = "%[3]s" + kind = "MongoDB" + + capabilities { + name = "EnableMongo" + } + + capabilities { + name = "DisableRateLimitingResponses" + } capabilities { name = "AllowSelfServeUpgradeToMongo36" @@ -2063,21 +2512,25 @@ resource "azurerm_cosmosdb_account" "test" { name = "EnableAggregationPipeline" } + capabilities { + name = "MongoDBv3.4" + } + capabilities { name = "mongoEnableDocLevelTTL" } consistency_policy { - consistency_level = "%[4]s" + consistency_level = "%[3]s" max_interval_in_seconds = 360 max_staleness_prefix = 170000 } is_virtual_network_filter_enabled = true - virtual_network_rule { - id = azurerm_subnet.subnet2.id - } + virtual_network_subnet_ids = [ + azurerm_subnet.subnet2.id + ] multiple_write_locations_enabled = true @@ -2087,12 +2540,12 @@ resource "azurerm_cosmosdb_account" "test" { } geo_location { - location = "%[5]s" + location = "%[4]s" failover_priority = 1 } geo_location { - location = "%[6]s" + location = "%[5]s" failover_priority = 2 } @@ -2103,14 +2556,14 @@ resource "azurerm_cosmosdb_account" "test" { allowed_methods = ["GET"] max_age_in_seconds = 2147483647 } - access_key_metadata_writes_enabled = true } -`, r.completePreReqs(data), data.RandomInteger, string(kind), string(consistency), data.Locations.Secondary, data.Locations.Ternary) +`, r.completePreReqs(data), data.RandomInteger, string(consistency), data.Locations.Secondary, data.Locations.Ternary) } -func (r CosmosDBAccountResource) completeUpdatedMongoDB(data acceptance.TestData, consistency cosmosdb.DefaultConsistencyLevel) string { - return fmt.Sprintf(` +func (r CosmosDBAccountResource) completeUpdatedMongoDB_RemoveDisableRateLimitingResponsesCapability(data acceptance.TestData, consistency cosmosdb.DefaultConsistencyLevel) string { + if !features.FivePointOhBeta() { + return fmt.Sprintf(` %[1]s resource "azurerm_cosmosdb_account" "test" { @@ -2124,10 +2577,6 @@ resource "azurerm_cosmosdb_account" "test" { name = "EnableMongo" } - capabilities { - name = "DisableRateLimitingResponses" - } - capabilities { name = "AllowSelfServeUpgradeToMongo36" } @@ -2183,9 +2632,7 @@ resource "azurerm_cosmosdb_account" "test" { access_key_metadata_writes_enabled = true } `, r.completePreReqs(data), data.RandomInteger, string(consistency), data.Locations.Secondary, data.Locations.Ternary) -} - -func (r CosmosDBAccountResource) completeUpdatedMongoDB_RemoveDisableRateLimitingResponsesCapability(data acceptance.TestData, consistency cosmosdb.DefaultConsistencyLevel) string { + } return fmt.Sprintf(` %[1]s @@ -2224,9 +2671,9 @@ resource "azurerm_cosmosdb_account" "test" { is_virtual_network_filter_enabled = true - virtual_network_rule { - id = azurerm_subnet.subnet2.id - } + virtual_network_subnet_ids = [ + azurerm_subnet.subnet2.id + ] multiple_write_locations_enabled = true @@ -2509,7 +2956,8 @@ resource "azurerm_subnet" "subnet2" { } func (r CosmosDBAccountResource) vNetFilters(data acceptance.TestData) string { - return fmt.Sprintf(` + if !features.FivePointOhBeta() { + return fmt.Sprintf(` %[1]s resource "azurerm_cosmosdb_account" "test" { @@ -2546,6 +2994,43 @@ resource "azurerm_cosmosdb_account" "test" { failover_priority = 0 } } +`, r.vNetFiltersPreReqs(data), data.RandomInteger) + } + return fmt.Sprintf(` +%[1]s + +resource "azurerm_cosmosdb_account" "test" { + name = "acctest-ca-%[2]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + offer_type = "Standard" + kind = "GlobalDocumentDB" + + multiple_write_locations_enabled = false + automatic_failover_enabled = false + + consistency_policy { + consistency_level = "Eventual" + max_interval_in_seconds = 5 + max_staleness_prefix = 100 + } + + is_virtual_network_filter_enabled = true + ip_range_filter = [] + + virtual_network_subnet_ids = [ + azurerm_subnet.subnet2.id + ] + + virtual_network_subnet_ids_ignore_missing_vnet_service_endpoint = [ + azurerm_subnet.subnet1.id + ] + + geo_location { + location = azurerm_resource_group.test.location + failover_priority = 0 + } +} `, r.vNetFiltersPreReqs(data), data.RandomInteger) } @@ -4703,7 +5188,8 @@ resource "azurerm_cosmosdb_account" "test" { } func (r CosmosDBAccountResource) ipRangeFilters(data acceptance.TestData) string { - return fmt.Sprintf(` + if !features.FivePointOhBeta() { + return fmt.Sprintf(` %[1]s resource "azurerm_cosmosdb_account" "test" { @@ -4735,6 +5221,44 @@ resource "azurerm_cosmosdb_account" "test" { ignore_missing_vnet_service_endpoint = false } + geo_location { + location = azurerm_resource_group.test.location + failover_priority = 0 + } +} +`, r.vNetFiltersPreReqs(data), data.RandomInteger) + } + return fmt.Sprintf(` +%[1]s + +resource "azurerm_cosmosdb_account" "test" { + name = "acctest-ca-%[2]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + offer_type = "Standard" + kind = "GlobalDocumentDB" + + multiple_write_locations_enabled = false + automatic_failover_enabled = false + + consistency_policy { + consistency_level = "Eventual" + max_interval_in_seconds = 5 + max_staleness_prefix = 100 + } + + is_virtual_network_filter_enabled = true + ip_range_filter = ["55.0.1.0/24"] + + virtual_network_subnet_ids_ignore_missing_vnet_service_endpoint = [ + azurerm_subnet.subnet1.id + ] + + virtual_network_subnet_ids = [ + azurerm_subnet.subnet2.id + ] + + geo_location { location = azurerm_resource_group.test.location failover_priority = 0 @@ -4744,7 +5268,8 @@ resource "azurerm_cosmosdb_account" "test" { } func (r CosmosDBAccountResource) ipRangeFiltersUpdated(data acceptance.TestData) string { - return fmt.Sprintf(` + if !features.FivePointOhBeta() { + return fmt.Sprintf(` %[1]s resource "azurerm_cosmosdb_account" "test" { @@ -4776,6 +5301,44 @@ resource "azurerm_cosmosdb_account" "test" { ignore_missing_vnet_service_endpoint = false } + geo_location { + location = azurerm_resource_group.test.location + failover_priority = 0 + } +} +`, r.vNetFiltersPreReqs(data), data.RandomInteger) + } + return fmt.Sprintf(` +%[1]s + +resource "azurerm_cosmosdb_account" "test" { + name = "acctest-ca-%[2]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + offer_type = "Standard" + kind = "GlobalDocumentDB" + + multiple_write_locations_enabled = false + automatic_failover_enabled = false + + consistency_policy { + consistency_level = "Eventual" + max_interval_in_seconds = 5 + max_staleness_prefix = 100 + } + + is_virtual_network_filter_enabled = true + ip_range_filter = ["55.0.1.0/24", "55.0.2.0/24", "0.0.0.0"] + + virtual_network_subnet_ids_ignore_missing_vnet_service_endpoint = [ + azurerm_subnet.subnet1.id + ] + + virtual_network_subnet_ids = [ + azurerm_subnet.subnet2.id + ] + + geo_location { location = azurerm_resource_group.test.location failover_priority = 0 @@ -4835,7 +5398,8 @@ resource "azurerm_cosmosdb_account" "test" { } func (r CosmosDBAccountResource) withoutMaxAgeInSeconds(data acceptance.TestData, kind cosmosdb.DatabaseAccountKind, consistency cosmosdb.DefaultConsistencyLevel) string { - return fmt.Sprintf(` + if !features.FivePointOhBeta() { + return fmt.Sprintf(` %[1]s resource "azurerm_cosmosdb_account" "test" { name = "acctest-ca-%[2]d" @@ -4877,5 +5441,47 @@ resource "azurerm_cosmosdb_account" "test" { access_key_metadata_writes_enabled = false network_acl_bypass_for_azure_services = true } +`, r.completePreReqs(data), data.RandomInteger, string(kind), string(consistency), data.Locations.Secondary, data.Locations.Ternary) + } + return fmt.Sprintf(` +%[1]s +resource "azurerm_cosmosdb_account" "test" { + name = "acctest-ca-%[2]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + offer_type = "Standard" + kind = "%[3]s" + consistency_policy { + consistency_level = "%[4]s" + max_interval_in_seconds = 300 + max_staleness_prefix = 170000 + } + is_virtual_network_filter_enabled = true + virtual_network_subnet_ids = [ + azurerm_subnet.subnet1.id, + azurerm_subnet.subnet2.id + ] + multiple_write_locations_enabled = true + geo_location { + location = azurerm_resource_group.test.location + failover_priority = 0 + } + geo_location { + location = "%[5]s" + failover_priority = 1 + } + geo_location { + location = "%[6]s" + failover_priority = 2 + } + cors_rule { + allowed_origins = ["http://www.example.com"] + exposed_headers = ["x-tempo-*"] + allowed_headers = ["x-tempo-*"] + allowed_methods = ["GET", "PUT"] + } + access_key_metadata_writes_enabled = false + network_acl_bypass_for_azure_services = true +} `, r.completePreReqs(data), data.RandomInteger, string(kind), string(consistency), data.Locations.Secondary, data.Locations.Ternary) } diff --git a/website/docs/5.0-upgrade-guide.html.markdown b/website/docs/5.0-upgrade-guide.html.markdown index ebafb0c7e535..9b84251daae5 100644 --- a/website/docs/5.0-upgrade-guide.html.markdown +++ b/website/docs/5.0-upgrade-guide.html.markdown @@ -92,6 +92,7 @@ Please follow the format in the example below for listing breaking changes in re ### `azurerm_cosmosdb_account` * The `minimal_tls_version` property no longer accepts `Tls` or `Tls11` as a value. +* The deprecated `virtual_network_rule` property has been removed in favour of the `virtual_network_subnet_ids` and `virtual_network_subnet_ids_ignore_missing_vnet_service_endpoint` property. ### `azurerm_eventhub` diff --git a/website/docs/r/cosmosdb_account.html.markdown b/website/docs/r/cosmosdb_account.html.markdown index 91d58703c8ac..975b862ac13c 100644 --- a/website/docs/r/cosmosdb_account.html.markdown +++ b/website/docs/r/cosmosdb_account.html.markdown @@ -174,6 +174,10 @@ The following arguments are supported: * `virtual_network_rule` - (Optional) Specifies a `virtual_network_rule` block as defined below, used to define which subnets are allowed to access this CosmosDB account. +* `virtual_network_subnet_ids` - (Optional) The IDs of the subnets allowed to access this CosmosDB account. + +* `virtual_network_subnet_ids_ignore_missing_vnet_service_endpoint` - (Optional) The IDs of the subnets allowed to access this CosmosDB account.The subnets in this list will be added as virtual network rules even if its CosmosDB service endpoint is not active. + * `multiple_write_locations_enabled` - (Optional) Enable multiple write locations for this Cosmos DB account. * `access_key_metadata_writes_enabled` - (Optional) Is write operations on metadata resources (databases, containers, throughput) via account keys enabled? Defaults to `true`.