Merge branch 'main' of https://github.com/hashicorp/terraform-provide…

…r-azurerm into wyatt/todos-4-0-datadog-sso-config

.github/labeler-issue-triage.yml

@@ -234,7 +234,7 @@ service/monitor:
   - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_monitor_((.|\n)*)###'
 
 service/mssql:
-  - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_(mssql_database\W+|mssql_database_extended_auditing_policy\W+|mssql_database_vulnerability_assessment_rule_baseline\W+|mssql_elasticpool\W+|mssql_failover_group\W+|mssql_firewall_rule\W+|mssql_job_agent\W+|mssql_job_credential\W+|mssql_outbound_firewall_rule\W+|mssql_server\W+|mssql_server_dns_alias\W+|mssql_server_extended_auditing_policy\W+|mssql_server_microsoft_support_auditing_policy\W+|mssql_server_security_alert_policy\W+|mssql_server_transparent_data_encryption\W+|mssql_server_vulnerability_assessment\W+|mssql_virtual_machine\W+|mssql_virtual_machine_availability_group_listener\W+|mssql_virtual_machine_group\W+|mssql_virtual_network_rule\W+)((.|\n)*)###'
+  - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_(mssql_database\W+|mssql_database_extended_auditing_policy\W+|mssql_database_vulnerability_assessment_rule_baseline\W+|mssql_elasticpool\W+|mssql_failover_group\W+|mssql_firewall_rule\W+|mssql_job\W+|mssql_job_agent\W+|mssql_job_credential\W+|mssql_job_schedule\W+|mssql_outbound_firewall_rule\W+|mssql_server\W+|mssql_server_dns_alias\W+|mssql_server_extended_auditing_policy\W+|mssql_server_microsoft_support_auditing_policy\W+|mssql_server_security_alert_policy\W+|mssql_server_transparent_data_encryption\W+|mssql_server_vulnerability_assessment\W+|mssql_virtual_machine\W+|mssql_virtual_machine_availability_group_listener\W+|mssql_virtual_machine_group\W+|mssql_virtual_network_rule\W+)((.|\n)*)###'
 
 service/mssqlmanagedinstance:
   - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_mssql_managed_((.|\n)*)###'
@@ -357,4 +357,4 @@ service/vmware:
   - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_(vmware_cluster\W+|vmware_express_route_authorization\W+|vmware_netapp_volume_attachment\W+|vmware_private_cloud\W+|voice_services_communications_gateway\W+|voice_services_communications_gateway_test_line\W+)((.|\n)*)###'
 
 service/workloads:
-  - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_(chaos_studio_|container_connected_registry\W+|container_registry_cache_rule\W+|container_registry_cache_rule\W+|container_registry_task\W+|container_registry_task_schedule_run_now\W+|container_registry_token_password\W+|kubernetes_cluster_extension\W+|kubernetes_cluster_trusted_access_role_binding\W+|kubernetes_fleet_manager\W+|kubernetes_fleet_manager\W+|kubernetes_fleet_member\W+|kubernetes_fleet_update_run\W+|kubernetes_fleet_update_strategy\W+|kubernetes_flux_configuration\W+|kubernetes_node_pool_snapshot\W+|workloads_sap_)((.|\n)*)###'
+  - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_(chaos_studio_|container_connected_registry\W+|container_registry_cache_rule\W+|container_registry_cache_rule\W+|container_registry_credential_set\W+|container_registry_task\W+|container_registry_task_schedule_run_now\W+|container_registry_token_password\W+|kubernetes_cluster_extension\W+|kubernetes_cluster_trusted_access_role_binding\W+|kubernetes_fleet_manager\W+|kubernetes_fleet_manager\W+|kubernetes_fleet_member\W+|kubernetes_fleet_update_run\W+|kubernetes_fleet_update_strategy\W+|kubernetes_flux_configuration\W+|kubernetes_node_pool_snapshot\W+|workloads_sap_)((.|\n)*)###'

contributing/topics/guide-new-data-source.md

@@ -148,7 +148,7 @@ func (ResourceGroupExampleDataSource) Attributes() map[string]*pluginsdk.Schema
 }
 
 func (ResourceGroupExampleDataSource) ModelObject() interface{} {
-	return &ResourceGroupExampleDataSourceModel
+	return &ResourceGroupExampleDataSourceModel{}
 }
 
 func (ResourceGroupExampleDataSource) ResourceType() string {
@@ -160,6 +160,14 @@ func (ResourceGroupExampleDataSource) ResourceType() string {
 
 These functions define a Data Source called `azurerm_resource_group_example`, which has one Required argument called `name` and two Computed arguments called `location` and `tags`.
 
+Schema fields should be ordered as follows:
+
+1. Any fields that make up the resource's ID, with the last user specified segment (usually the resource's name) first. (e.g. `name`, `resource_group_name`, or `name`, `parent_resource_id`)
+2. The `location` field.
+3. Required fields, sorted alphabetically.
+4. Optional fields, sorted alphabetically.
+5. Computed fields, sorted alphabetically. (Although in a typed data source these are always added within the `Attributes` method)
+
 ---
 
 Next up, let's implement the Read function - which retrieves the information about the Resource Group from Azure:
@@ -192,7 +200,7 @@ func (ResourceGroupExampleDataSource) Read() sdk.ResourceFunc {
 
 			id := resources.NewResourceGroupExampleID(subscriptionId, state.Name)
 
-			// then retrieve the Resource Group by it's ID 
+			// then retrieve the Resource Group by its ID 
 			resp, err := client.Get(ctx, id)
 			if err != nil {
 				// if the Resource Group doesn't exist (e.g. we get a 404 Not Found)

contributing/topics/guide-new-fields-to-data-source.md

@@ -16,7 +16,7 @@ The process is similar to [extending an existing Resource](guide-new-fields-to-r
 
 Building on the example from [adding a new data source](guide-new-data-source.md) the new property will need to be added into the `Attributes` list which contains a list of schema fields that are Computed only.
 
-The location of the new property within this list is determined alphabetically. Taking the hypothetical property `public_network_access_enabled` as an example this would then end up looking like this in `Attributes`.
+The location of the new property within this list is determined based on the order found in [adding a new data source](guide-new-data-source.md#step-3-scaffold-an-emptynew-data-source). Taking the hypothetical property `public_network_access_enabled` as an example this would then end up looking like this in `Attributes`.
 
 ```go
 func (ResourceGroupExampleDataSource) Attributes() map[string]*pluginsdk.Schema {

contributing/topics/guide-new-fields-to-resource.md

@@ -14,7 +14,7 @@ Building on the example found in [adding a new resource](guide-new-resource.md)
 
 Our hypothetical property `public_network_access_enabled` will be user configurable and thus will need to be added to the `Arguments` list.
 
-The position of the new property is determined alphabetically and will end up looking like the code block below.
+The position of the new property is determined based on the order found in [adding a new resource](guide-new-resource.md#step-3-scaffold-an-emptynew-resource) and will end up looking like the code block below.
 
 ```go
 func (ResourceGroupExampleResource) Arguments() map[string]*pluginsdk.Schema {

contributing/topics/guide-new-resource.md

@@ -62,7 +62,7 @@ func NewClient(o *common.ClientOptions) (*Client, error) {
 
 	return &Client{
 		GroupsClient: groupsClient,
-	}
+	}, nil
 }
 ```
 
@@ -166,6 +166,14 @@ func (ResourceGroupExampleResource) ResourceType() string {
 
 These functions define a Resource called `azurerm_resource_group_example`, which has two Required arguments (`name` and `location`) and one Optional argument (`tags`). We'll come back to `ModelObject` later.
 
+Schema fields should be ordered as follows:
+
+1. Any fields that make up the resource's ID, with the last user specified segment (usually the resource's name) first. (e.g. `name` then `resource_group_name`, or `name` then `parent_resource_id`)
+2. The `location` field.
+3. Required fields, sorted alphabetically.
+4. Optional fields, sorted alphabetically.
+5. Computed fields, sorted alphabetically. (Although in a typed resource these are always added within the `Attributes` method)
+
 ---
 
 Let's start by implementing the Create function:
@@ -237,7 +245,7 @@ func (r ResourceGroupExampleResource) Update() sdk.ResourceFunc {
 			client := metadata.Client.Resource.GroupsClient
 
 			// parse the existing Resource ID from the State
-			id, err := resources.ParseResourceGroupID(metadata.ResourceData.Get("id").(string))
+			id, err := resources.ParseResourceGroupID(metadata.ResourceData.Id())
 			if err != nil {
 				return err
 			}
@@ -249,7 +257,7 @@ func (r ResourceGroupExampleResource) Update() sdk.ResourceFunc {
 			// update the Resource Group
 			// NOTE: for a more complex resource we'd recommend retrieving the existing Resource from the
 			// API and then conditionally updating it when fields in the config have been updated, which
-			// can be determined by using `d.HasChanges` - for example:
+			// can be determined by using `metadata.ResourceData.HasChange` - for example:
 			//
 			//   existing, err := client.Get(ctx, *id)
 			//   if err != nil {
@@ -265,13 +273,13 @@ func (r ResourceGroupExampleResource) Update() sdk.ResourceFunc {
 			//      return fmt.Errorf("retrieving %s: `properties` was nil", id)
 			//   }
 			//
-			//   if d.HasChanges("tags") {
-			//     existing.Model.Properties.Tags = tags.Expand(metadata.ResourceData.Get("tags").(map[string]interface{}))
+			//   if metadata.ResourceData.HasChange("tags") {
+			//     existing.Model.Properties.Tags = tags.Expand(config.Tags)
 			//   }
 			//
 			// doing so allows users to take advantage of Terraform's `ignore_changes` functionality.
 			//
-			// However since a Resource Group only has one field which is updatable (tags) so in this case we'll only
+			// However since a Resource Group only has one field which is updatable (tags) we'll only
 			// enter the update function if `tags` has been updated.
 			param := resources.Group{
 				Location: pointer.To(location.Normalize(config.Location)),
@@ -453,7 +461,7 @@ func (ResourceGroupExampleResource) Attributes() map[string]*pluginsdk.Schema {
 }
 
 func (ResourceGroupExampleResource) ModelObject() interface{} {
-	return &ResourceGroupExampleResourceModel
+	return &ResourceGroupExampleResourceModel{}
 }
 
 func (ResourceGroupExampleResource) ResourceType() string {
@@ -501,7 +509,7 @@ func (r ResourceGroupExampleResource) Update() sdk.ResourceFunc {
 		Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error {
 			client := metadata.Client.Resource.GroupsClient
 
-			id, err := resources.ParseResourceGroupID(metadata.ResourceData.Get("id").(string))
+			id, err := resources.ParseResourceGroupID(metadata.ResourceData.Id())
 			if err != nil {
 				return err
 			}
@@ -703,7 +711,7 @@ func TestAccResourceGroupExample_basic(t *testing.T) {
 		{
 			Config: r.basic(data),
 			Check: acceptance.ComposeTestCheckFunc(
-				check.That(data.ResourceName).ExistsInAzure(r)
+				check.That(data.ResourceName).ExistsInAzure(r),
 			),
 		},
 		data.ImportStep(),
@@ -717,8 +725,11 @@ func TestAccResourceGroupExample_requiresImport(t *testing.T) {
 	data.ResourceTest(t, r, []acceptance.TestStep{
 		{
 			Config: r.basic(data),
-			ExpectError: acceptance.RequiresImportError("azurerm_resource_group_example"),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
 		},
+		data.RequiresImportErrorStep(r.requiresImport),
 	})
 }
 
@@ -730,7 +741,7 @@ func TestAccResourceGroupExample_complete(t *testing.T) {
 		{
 			Config: r.complete(data),
 			Check: acceptance.ComposeTestCheckFunc(
-				check.That(data.ResourceName).ExistsInAzure(r)
+				check.That(data.ResourceName).ExistsInAzure(r),
 			),
 		},
 		data.ImportStep(),

contributing/topics/reference-acceptance-testing.md

@@ -18,7 +18,7 @@ See [Running the Tests](running-the-tests.md).
 
 ### Test Package
 
-While tests reside in the same folder as resource and data source .go files, they need to be in a separate test package to prevent circuler references. ie for the file `./internal/services/aab2c/aadb2c_directory_data_source_test.go` the package should be:
+While tests reside in the same folder as resource and data source .go files, they need to be in a separate test package to prevent circular references. i.e. for the file `./internal/services/aab2c/aadb2c_directory_data_source_test.go` the package should be:
 
 ```go
 package aadb2c_test
@@ -134,11 +134,12 @@ func TestAccExampleDataSource_complete(t *testing.T) {
                 {
                         Config: r.complete(data),
                         Check: acceptance.ComposeTestCheckFunc(
-                            check.That(data.ResourceName).Key("example_property").HasValue("bar")
-                            check.That(data.ResourceName).Key("example_optional_bool").HasValue("false")
-                            check.That(data.ResourceName).Key("example_optional_string").HasValue("foo")
+                            check.That(data.ResourceName).Key("example_property").HasValue("bar"),
+                            check.That(data.ResourceName).Key("example_optional_bool").HasValue("false"),
+                            check.That(data.ResourceName).Key("example_optional_string").HasValue("foo"),
                         ),
                 },
+                data.ImportStep(),
         })
 }
 

contributing/topics/schema-design-considerations.md

@@ -36,7 +36,7 @@ In the cases where `Enabled` is the only field within the object we opt to flatt
 },
 ```
 
-However when there are multiple fields in addtion to the `Enabled` one and they are all required for the object/feature like in Example B, a terraform block is created with all the fields including `Enabled`. The corresponding Terraform schema would be as follows:
+However when there are multiple fields in addition to the `Enabled` field and they are all required for the object/feature like in Example B, a terraform block is created with all the fields including `Enabled`. The corresponding Terraform schema would be as follows:
 
 ```go
 "vertical_pod_autoscaler": {

examples/app-service-certificate/stored-in-keyvault/main.tf

@@ -34,7 +34,7 @@ resource "azurerm_key_vault_access_policy" "current_user" {
 }
 
 data "azuread_service_principal" "web_app_resource_provider" {
-  application_id = "abfa0a7c-a6b6-4736-8310-5855508787cd"
+  client_id = data.azurerm_client_config.current.client_id
 }
 
 resource "azurerm_key_vault_access_policy" "web_app_resource_provider" {

examples/app-service/docker-authentication/main.tf

@@ -32,8 +32,8 @@ resource "azurerm_linux_web_app" "example" {
 
   site_config {
     application_stack {
-      docker_image     = "jackofallops/azure-containerapps-python-acctest"
-      docker_image_tag = "v0.0.1"
+      docker_image_name   = "nginx:latest"
+      docker_registry_url = "https://index.docker.io"
     }
   }
 

examples/azure-monitoring/eventhub_integration/main.tf

@@ -48,27 +48,13 @@ resource "azurerm_monitor_diagnostic_setting" "example" {
   eventhub_name                  = azurerm_eventhub.example.name
   eventhub_authorization_rule_id = azurerm_eventhub_namespace_authorization_rule.example.id
 
-  dynamic "log" {
-    for_each = data.azurerm_monitor_diagnostic_categories.example.logs
+  dynamic "enabled_log" {
+    for_each = data.azurerm_monitor_diagnostic_categories.example.log_category_types
     content {
-      category = log.key
-
-      retention_policy {
-        enabled = false
-        days    = 0
-      }
+      category = enabled_log.key
     }
   }
-  dynamic "metric" {
-    for_each = data.azurerm_monitor_diagnostic_categories.example.metrics
-
-    content {
-      category = metric.key
-
-      retention_policy {
-        enabled = false
-        days    = 0
-      }
-    }
+  metric {
+    category = "AllMetrics"
   }
 }

examples/batch/custom-image/main.tf

@@ -107,11 +107,12 @@ resource "azurerm_image" "example" {
   resource_group_name = azurerm_resource_group.example.name
 
   os_disk {
-    os_type  = "Linux"
-    os_state = "Generalized"
-    blob_uri = azurerm_virtual_machine.example.storage_os_disk.0.vhd_uri
-    size_gb  = 30
-    caching  = "None"
+    os_type      = "Linux"
+    os_state     = "Generalized"
+    blob_uri     = azurerm_virtual_machine.example.storage_os_disk.0.vhd_uri
+    size_gb      = 30
+    caching      = "None"
+    storage_type = "Standard_LRS"
   }
 
   tags = {

examples/cosmos-db/failover/main.tf

@@ -21,7 +21,7 @@ resource "azurerm_cosmosdb_account" "example" {
   // set ip_range_filter to allow azure services (0.0.0.0) and azure portal.
   // https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-configure-firewall#allow-requests-from-the-azure-portal
   // https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-configure-firewall#allow-requests-from-global-azure-datacenters-or-other-sources-within-azure
-  ip_range_filter = "0.0.0.0,104.42.195.92,40.76.54.131,52.176.6.30,52.169.50.45,52.187.184.26"
+  ip_range_filter = ["0.0.0.0", "104.42.195.92", "40.76.54.131", "52.176.6.30", "52.169.50.45", "52.187.184.26"]
 
   consistency_policy {
     consistency_level       = "BoundedStaleness"

examples/hdinsight/enterprise-security-package/main.tf

@@ -42,7 +42,7 @@ resource "azurerm_subnet" "example" {
   name                 = "${var.prefix}-subnet"
   resource_group_name  = azurerm_resource_group.example.name
   virtual_network_name = azurerm_virtual_network.example.name
-  address_prefixes     = [cidrsubnet(azurerm_virtual_network.example.address_space.0, 8, 0)]
+  address_prefixes     = azurerm_virtual_network.example.address_space
 }
 
 resource "azurerm_network_security_group" "example" {

examples/image/from_vhd/main.tf

@@ -89,9 +89,10 @@ resource "azurerm_image" "example" {
   resource_group_name = azurerm_resource_group.example.name
 
   os_disk {
-    os_type  = "Linux"
-    os_state = "Generalized"
-    blob_uri = azurerm_virtual_machine.example.storage_os_disk[0].vhd_uri
-    size_gb  = 30
+    os_type      = "Linux"
+    os_state     = "Generalized"
+    blob_uri     = azurerm_virtual_machine.example.storage_os_disk[0].vhd_uri
+    size_gb      = 30
+    storage_type = "Standard_LRS"
   }
 }

examples/kubernetes/egress-with-udr-azure-cni/main.tf

@@ -28,7 +28,7 @@ resource "azurerm_route_table" "example" {
   name                          = "${var.prefix}fwrt"
   location                      = azurerm_resource_group.example.location
   resource_group_name           = azurerm_resource_group.example.name
-  disable_bgp_route_propagation = false
+  bgp_route_propagation_enabled = true
 
   route {
     name                   = "${var.prefix}fwrn"

examples/kubernetes/egress-with-udr-kubenet/main.tf

@@ -28,7 +28,7 @@ resource "azurerm_route_table" "example" {
   name                          = "${var.prefix}fwrt"
   location                      = azurerm_resource_group.example.location
   resource_group_name           = azurerm_resource_group.example.name
-  disable_bgp_route_propagation = false
+  bgp_route_propagation_enabled = true
 
   route {
     name                   = "${var.prefix}fwrn"