From cabe9de36e80a7b2cea098f921e0c59e4b115d4f Mon Sep 17 00:00:00 2001 From: sreallymatt <106555974+sreallymatt@users.noreply.github.com> Date: Tue, 16 Jun 2026 14:48:50 -0600 Subject: [PATCH] resolve TODO 4.0 comments for `TestResourcesDoNotContainLocalAuthenticationDisabled` --- internal/provider/provider_schema_test.go | 11 +- .../application_insights_resource.go | 143 +++++++++++++++--- .../application_insights_resource_test.go | 71 ++++++++- .../cosmos/cosmosdb_account_resource.go | 49 +++++- .../cosmos/cosmosdb_account_resource_test.go | 38 ++++- website/docs/5.0-upgrade-guide.html.markdown | 7 + .../docs/r/application_insights.html.markdown | 6 +- website/docs/r/cosmosdb_account.html.markdown | 2 +- 8 files changed, 284 insertions(+), 43 deletions(-) diff --git a/internal/provider/provider_schema_test.go b/internal/provider/provider_schema_test.go index 1e20f034602e..7e6f5b4d3c98 100644 --- a/internal/provider/provider_schema_test.go +++ b/internal/provider/provider_schema_test.go @@ -556,11 +556,12 @@ func TestResourcesDoNotContainLocalAuthenticationDisabled(t *testing.T) { } sort.Strings(resourceNames) - // TODO: 4.0 - work through this list - resourcesWhichNeedToBeAddressed := map[string]struct{}{ - "azurerm_application_insights": {}, - "azurerm_cosmosdb_account": {}, - "azurerm_log_analytics_workspace": {}, + resourcesWhichNeedToBeAddressed := make(map[string]struct{}) + if !features.FivePointOh() { + // These have been addressed but while in 4.x we need to ignore them so the test can pass. + resourcesWhichNeedToBeAddressed["azurerm_application_insights"] = struct{}{} + resourcesWhichNeedToBeAddressed["azurerm_cosmosdb_account"] = struct{}{} + resourcesWhichNeedToBeAddressed["azurerm_log_analytics_workspace"] = struct{}{} } for _, resourceName := range resourceNames { diff --git a/internal/services/applicationinsights/application_insights_resource.go b/internal/services/applicationinsights/application_insights_resource.go index cd9f9b5cbd76..968f8fb670a5 100644 --- a/internal/services/applicationinsights/application_insights_resource.go +++ b/internal/services/applicationinsights/application_insights_resource.go @@ -22,6 +22,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-azurerm/helpers/tf" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" + "github.com/hashicorp/terraform-provider-azurerm/internal/features" "github.com/hashicorp/terraform-provider-azurerm/internal/services/applicationinsights/migration" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation" @@ -80,10 +81,10 @@ func resourceApplicationInsights() *pluginsdk.Resource { }, false), }, - // NOTE: O+C A Log Analytics Workspace will be attached to the Application Insight by default, which should be computed=true "workspace_id": { - Type: pluginsdk.TypeString, - Optional: true, + Type: pluginsdk.TypeString, + Optional: true, + // NOTE: O+C A Log Analytics Workspace will be attached to the Application Insight by default, which should be computed=true Computed: true, ValidateFunc: workspaces.ValidateWorkspaceID, }, @@ -112,10 +113,10 @@ func resourceApplicationInsights() *pluginsdk.Resource { ValidateFunc: validation.FloatBetween(0, 100), }, - "disable_ip_masking": { + "ip_masking_enabled": { Type: pluginsdk.TypeBool, Optional: true, - Default: false, + Default: true, }, "tags": commonschema.Tags(), @@ -127,9 +128,10 @@ func resourceApplicationInsights() *pluginsdk.Resource { ValidateFunc: validation.FloatAtLeast(0), }, - "daily_data_cap_notifications_disabled": { + "daily_data_cap_notifications_enabled": { Type: pluginsdk.TypeBool, Optional: true, + Default: true, }, "app_id": { @@ -149,10 +151,10 @@ func resourceApplicationInsights() *pluginsdk.Resource { Sensitive: true, }, - "local_authentication_disabled": { + "local_authentication_enabled": { Type: pluginsdk.TypeBool, Optional: true, - Default: false, + Default: true, }, "internet_ingestion_enabled": { @@ -174,6 +176,53 @@ func resourceApplicationInsights() *pluginsdk.Resource { }, } + if !features.FivePointOh() { + resource.Schema["local_authentication_disabled"] = &pluginsdk.Schema{ + Type: pluginsdk.TypeBool, + Optional: true, + Computed: true, + Deprecated: "`local_authentication_disabled` has been deprecated in favour of `local_authentication_enabled` and will be removed in v5.0 of the AzureRM Provider", + ConflictsWith: []string{"local_authentication_enabled"}, + } + + resource.Schema["local_authentication_enabled"] = &pluginsdk.Schema{ + Type: pluginsdk.TypeBool, + Optional: true, + Computed: true, + ConflictsWith: []string{"local_authentication_disabled"}, + } + + resource.Schema["disable_ip_masking"] = &pluginsdk.Schema{ + Type: pluginsdk.TypeBool, + Optional: true, + Computed: true, + Deprecated: "`disable_ip_masking` has been deprecated in favour of `ip_masking_enabled` and will be removed in v5.0 of the AzureRM Provider", + ConflictsWith: []string{"ip_masking_enabled"}, + } + + resource.Schema["ip_masking_enabled"] = &pluginsdk.Schema{ + Type: pluginsdk.TypeBool, + Optional: true, + Computed: true, + ConflictsWith: []string{"disable_ip_masking"}, + } + + resource.Schema["daily_data_cap_notifications_disabled"] = &pluginsdk.Schema{ + Type: pluginsdk.TypeBool, + Optional: true, + Computed: true, + Deprecated: "`daily_data_cap_notifications_disabled` has been deprecated in favour of `daily_data_cap_notifications_enabled` and will be removed in v5.0 of the AzureRM Provider", + ConflictsWith: []string{"daily_data_cap_notifications_enabled"}, + } + + resource.Schema["daily_data_cap_notifications_enabled"] = &pluginsdk.Schema{ + Type: pluginsdk.TypeBool, + Optional: true, + Computed: true, + ConflictsWith: []string{"daily_data_cap_notifications_disabled"}, + } + } + return resource } @@ -211,13 +260,31 @@ func resourceApplicationInsightsCreate(d *pluginsdk.ResourceData, meta interface ApplicationId: pointer.To(id.ComponentName), ApplicationType: components.ApplicationType(d.Get("application_type").(string)), SamplingPercentage: pointer.To(d.Get("sampling_percentage").(float64)), - DisableIPMasking: pointer.To(d.Get("disable_ip_masking").(bool)), - DisableLocalAuth: pointer.To(d.Get("local_authentication_disabled").(bool)), + DisableIPMasking: pointer.To(!d.Get("ip_masking_enabled").(bool)), + DisableLocalAuth: pointer.To(!d.Get("local_authentication_enabled").(bool)), PublicNetworkAccessForIngestion: pointer.To(internetIngestionEnabled), PublicNetworkAccessForQuery: pointer.To(internetQueryEnabled), ForceCustomerStorageForProfiler: pointer.To(d.Get("force_customer_storage_for_profiler").(bool)), } + if !features.FivePointOh() { + applicationInsightsComponentProperties.DisableIPMasking = pointer.To(false) + if !pluginsdk.IsExplicitlyNullInConfig(d, "ip_masking_enabled") { + applicationInsightsComponentProperties.DisableIPMasking = pointer.To(!d.Get("ip_masking_enabled").(bool)) + } + if !pluginsdk.IsExplicitlyNullInConfig(d, "disable_ip_masking") { + applicationInsightsComponentProperties.DisableIPMasking = pointer.To(d.Get("disable_ip_masking").(bool)) + } + + applicationInsightsComponentProperties.DisableLocalAuth = pointer.To(false) + if !pluginsdk.IsExplicitlyNullInConfig(d, "local_authentication_enabled") { + applicationInsightsComponentProperties.DisableLocalAuth = pointer.To(!d.Get("local_authentication_enabled").(bool)) + } + if !pluginsdk.IsExplicitlyNullInConfig(d, "local_authentication_disabled") { + applicationInsightsComponentProperties.DisableLocalAuth = pointer.To(d.Get("local_authentication_disabled").(bool)) + } + } + if workspaceRaw, ok := d.GetOk("workspace_id"); ok { workspaceID, err := workspaces.ParseWorkspaceID(workspaceRaw.(string)) if err != nil { @@ -285,8 +352,15 @@ func resourceApplicationInsightsCreate(d *pluginsdk.ResourceData, meta interface applicationInsightsComponentBillingFeatures.DataVolumeCap.Cap = pointer.To(v.(float64)) } - if v, ok := d.GetOk("daily_data_cap_notifications_disabled"); ok { - applicationInsightsComponentBillingFeatures.DataVolumeCap.StopSendNotificationWhenHitCap = pointer.To(v.(bool)) + applicationInsightsComponentBillingFeatures.DataVolumeCap.StopSendNotificationWhenHitCap = pointer.To(!d.Get("daily_data_cap_notifications_enabled").(bool)) + if !features.FivePointOh() { + applicationInsightsComponentBillingFeatures.DataVolumeCap.StopSendNotificationWhenHitCap = pointer.To(false) + if !pluginsdk.IsExplicitlyNullInConfig(d, "daily_data_cap_notifications_enabled") { + applicationInsightsComponentBillingFeatures.DataVolumeCap.StopSendNotificationWhenHitCap = pointer.To(!d.Get("daily_data_cap_notifications_enabled").(bool)) + } + if !pluginsdk.IsExplicitlyNullInConfig(d, "daily_data_cap_notifications_disabled") { + applicationInsightsComponentBillingFeatures.DataVolumeCap.StopSendNotificationWhenHitCap = pointer.To(d.Get("daily_data_cap_notifications_disabled").(bool)) + } } if _, err = billingClient.ComponentCurrentBillingFeaturesUpdate(ctx, *billingId, applicationInsightsComponentBillingFeatures); err != nil { @@ -385,9 +459,15 @@ func resourceApplicationInsightsRead(d *pluginsdk.ResourceData, meta interface{} d.Set("app_id", props.AppId) d.Set("instrumentation_key", props.InstrumentationKey) d.Set("sampling_percentage", props.SamplingPercentage) - d.Set("disable_ip_masking", props.DisableIPMasking) + d.Set("ip_masking_enabled", !pointer.From(props.DisableIPMasking)) + if !features.FivePointOh() { + d.Set("disable_ip_masking", pointer.From(props.DisableIPMasking)) + } d.Set("connection_string", props.ConnectionString) - d.Set("local_authentication_disabled", props.DisableLocalAuth) + d.Set("local_authentication_enabled", !pointer.From(props.DisableLocalAuth)) + if !features.FivePointOh() { + d.Set("local_authentication_disabled", pointer.From(props.DisableLocalAuth)) + } d.Set("internet_ingestion_enabled", pointer.From(props.PublicNetworkAccessForIngestion) == components.PublicNetworkAccessTypeEnabled) d.Set("internet_query_enabled", pointer.From(props.PublicNetworkAccessForQuery) == components.PublicNetworkAccessTypeEnabled) d.Set("force_customer_storage_for_profiler", props.ForceCustomerStorageForProfiler) @@ -407,7 +487,10 @@ func resourceApplicationInsightsRead(d *pluginsdk.ResourceData, meta interface{} if model := billingResp.Model; model != nil { if props := model.DataVolumeCap; props != nil { d.Set("daily_data_cap_in_gb", props.Cap) - d.Set("daily_data_cap_notifications_disabled", props.StopSendNotificationWhenHitCap) + d.Set("daily_data_cap_notifications_enabled", !pointer.From(props.StopSendNotificationWhenHitCap)) + if !features.FivePointOh() { + d.Set("daily_data_cap_notifications_disabled", pointer.From(props.StopSendNotificationWhenHitCap)) + } } } @@ -447,12 +530,24 @@ func resourceApplicationInsightsUpdate(d *pluginsdk.ResourceData, meta interface component.Properties.SamplingPercentage = pointer.To(d.Get("sampling_percentage").(float64)) } - if d.HasChange("disable_ip_masking") { - component.Properties.DisableIPMasking = pointer.To(d.Get("disable_ip_masking").(bool)) + if d.HasChange("ip_masking_enabled") { + component.Properties.DisableIPMasking = pointer.To(!d.Get("ip_masking_enabled").(bool)) + } + + if !features.FivePointOh() { + if d.HasChange("disable_ip_masking") { + component.Properties.DisableIPMasking = pointer.To(d.Get("disable_ip_masking").(bool)) + } + } + + if d.HasChange("local_authentication_enabled") { + component.Properties.DisableLocalAuth = pointer.To(!d.Get("local_authentication_enabled").(bool)) } - if d.HasChange("local_authentication_disabled") { - component.Properties.DisableLocalAuth = pointer.To(d.Get("local_authentication_disabled").(bool)) + if !features.FivePointOh() { + if d.HasChange("local_authentication_disabled") { + component.Properties.DisableLocalAuth = pointer.To(d.Get("local_authentication_disabled").(bool)) + } } if d.HasChange("internet_ingestion_enabled") { @@ -527,8 +622,14 @@ func resourceApplicationInsightsUpdate(d *pluginsdk.ResourceData, meta interface billingProps.DataVolumeCap.Cap = pointer.To(d.Get("daily_data_cap_in_gb").(float64)) } - if d.HasChange("daily_data_cap_notifications_disabled") { - billingProps.DataVolumeCap.StopSendNotificationWhenHitCap = pointer.To(d.Get("daily_data_cap_notifications_disabled").(bool)) + if d.HasChange("daily_data_cap_notifications_enabled") { + billingProps.DataVolumeCap.StopSendNotificationWhenHitCap = pointer.To(!d.Get("daily_data_cap_notifications_enabled").(bool)) + } + + if !features.FivePointOh() { + if d.HasChange("daily_data_cap_notifications_disabled") { + billingProps.DataVolumeCap.StopSendNotificationWhenHitCap = pointer.To(d.Get("daily_data_cap_notifications_disabled").(bool)) + } } if _, err = billingClient.ComponentCurrentBillingFeaturesUpdate(ctx, *billingId, *billingProps); err != nil { diff --git a/internal/services/applicationinsights/application_insights_resource_test.go b/internal/services/applicationinsights/application_insights_resource_test.go index fa917a8f9a50..d2eb70b5f854 100644 --- a/internal/services/applicationinsights/application_insights_resource_test.go +++ b/internal/services/applicationinsights/application_insights_resource_test.go @@ -13,6 +13,7 @@ import ( "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance" "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" + "github.com/hashicorp/terraform-provider-azurerm/internal/features" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" ) @@ -198,8 +199,8 @@ func TestAccApplicationInsights_complete(t *testing.T) { check.That(data.ResourceName).Key("retention_in_days").HasValue("120"), check.That(data.ResourceName).Key("sampling_percentage").HasValue("50"), check.That(data.ResourceName).Key("daily_data_cap_in_gb").HasValue("50"), - check.That(data.ResourceName).Key("daily_data_cap_notifications_disabled").HasValue("true"), - check.That(data.ResourceName).Key("local_authentication_disabled").HasValue("true"), + check.That(data.ResourceName).Key("daily_data_cap_notifications_enabled").HasValue("false"), + check.That(data.ResourceName).Key("local_authentication_enabled").HasValue("false"), check.That(data.ResourceName).Key("tags.%").HasValue("1"), check.That(data.ResourceName).Key("tags.Hello").HasValue("World"), ), @@ -395,7 +396,8 @@ resource "azurerm_application_insights" "import" { } func (ApplicationInsightsResource) complete(data acceptance.TestData, applicationType string) string { - return fmt.Sprintf(` + if !features.FivePointOh() { + return fmt.Sprintf(` provider "azurerm" { features {} } @@ -422,11 +424,42 @@ resource "azurerm_application_insights" "test" { Hello = "World" } } +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, applicationType) + } + + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-appinsights-%d" + location = "%s" +} + +resource "azurerm_application_insights" "test" { + name = "acctestappinsights-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + application_type = "%s" + retention_in_days = 120 + sampling_percentage = 50 + daily_data_cap_in_gb = 50 + daily_data_cap_notifications_enabled = false + ip_masking_enabled = false + force_customer_storage_for_profiler = true + local_authentication_enabled = false + + tags = { + Hello = "World" + } +} `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, applicationType) } func (ApplicationInsightsResource) completeUpdated(data acceptance.TestData, applicationType string) string { - return fmt.Sprintf(` + if !features.FivePointOh() { + return fmt.Sprintf(` provider "azurerm" { features {} } @@ -453,6 +486,36 @@ resource "azurerm_application_insights" "test" { Hello = "World" } } +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, applicationType) + } + + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-appinsights-%d" + location = "%s" +} + +resource "azurerm_application_insights" "test" { + name = "acctestappinsights-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + application_type = "%s" + retention_in_days = 60 + sampling_percentage = 60 + daily_data_cap_in_gb = 60 + daily_data_cap_notifications_enabled = true + ip_masking_enabled = true + force_customer_storage_for_profiler = false + local_authentication_enabled = true + + tags = { + Hello = "World" + } +} `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, applicationType) } diff --git a/internal/services/cosmos/cosmosdb_account_resource.go b/internal/services/cosmos/cosmosdb_account_resource.go index f5db5ba434ab..a21850a36cb8 100644 --- a/internal/services/cosmos/cosmosdb_account_resource.go +++ b/internal/services/cosmos/cosmosdb_account_resource.go @@ -484,10 +484,10 @@ func resourceCosmosDbAccount() *pluginsdk.Resource { Default: true, }, - "local_authentication_disabled": { + "local_authentication_enabled": { Type: pluginsdk.TypeBool, Optional: true, - Default: false, + Default: true, }, "mongo_server_version": { @@ -769,6 +769,21 @@ func resourceCosmosDbAccount() *pluginsdk.Resource { } if !features.FivePointOh() { + resource.Schema["local_authentication_disabled"] = &pluginsdk.Schema{ + Type: pluginsdk.TypeBool, + Optional: true, + Computed: true, + Deprecated: "`local_authentication_disabled` has been deprecated in favour of `local_authentication_enabled` and will be removed in v5.0 of the AzureRM Provider", + ConflictsWith: []string{"local_authentication_enabled"}, + } + + resource.Schema["local_authentication_enabled"] = &pluginsdk.Schema{ + Type: pluginsdk.TypeBool, + Optional: true, + Computed: true, + ConflictsWith: []string{"local_authentication_disabled"}, + } + resource.Schema["minimal_tls_version"] = &pluginsdk.Schema{ Type: pluginsdk.TypeString, Optional: true, @@ -889,11 +904,21 @@ func resourceCosmosDbAccountCreate(d *pluginsdk.ResourceData, meta interface{}) DisableKeyBasedMetadataWriteAccess: pointer.To(!d.Get("access_key_metadata_writes_enabled").(bool)), NetworkAclBypass: expandCosmosdbAccountNetworkBypass(d.Get("network_acl_bypass_for_azure_services").(bool)), NetworkAclBypassResourceIds: utils.ExpandStringSlice(d.Get("network_acl_bypass_ids").([]interface{})), - DisableLocalAuth: pointer.To(d.Get("local_authentication_disabled").(bool)), + DisableLocalAuth: pointer.To(!d.Get("local_authentication_enabled").(bool)), }, Tags: tags.Expand(d.Get("tags").(map[string]interface{})), } + if !features.FivePointOh() { + account.Properties.DisableLocalAuth = pointer.To(false) + if !pluginsdk.IsExplicitlyNullInConfig(d, "local_authentication_enabled") { + account.Properties.DisableLocalAuth = pointer.To(!d.Get("local_authentication_enabled").(bool)) + } + if !pluginsdk.IsExplicitlyNullInConfig(d, "local_authentication_disabled") { + account.Properties.DisableLocalAuth = pointer.To(d.Get("local_authentication_disabled").(bool)) + } + } + if v, ok := d.GetOk("default_identity_type"); ok { account.Properties.DefaultIdentity = pointer.To(v.(string)) } @@ -1064,7 +1089,7 @@ func resourceCosmosDbAccountUpdate(d *pluginsdk.ResourceData, meta interface{}) "capacity", "restore", "mongo_server_version", "public_network_access_enabled", "ip_range_filter", "offer_type", "is_virtual_network_filter_enabled", "tags", "automatic_failover_enabled", "analytical_storage_enabled", - "local_authentication_disabled", "partition_merge_enabled", "minimal_tls_version", "burst_capacity_enabled") + "local_authentication_enabled", "local_authentication_disabled", "partition_merge_enabled", "minimal_tls_version", "burst_capacity_enabled") // Incident : #383341730 // Azure Bug: #2209567 'Updating identities and default identity at the same time fails silently' @@ -1109,7 +1134,7 @@ func resourceCosmosDbAccountUpdate(d *pluginsdk.ResourceData, meta interface{}) DisableKeyBasedMetadataWriteAccess: pointer.To(!d.Get("access_key_metadata_writes_enabled").(bool)), NetworkAclBypass: expandCosmosdbAccountNetworkBypass(d.Get("network_acl_bypass_for_azure_services").(bool)), NetworkAclBypassResourceIds: utils.ExpandStringSlice(d.Get("network_acl_bypass_ids").([]interface{})), - DisableLocalAuth: pointer.To(d.Get("local_authentication_disabled").(bool)), + DisableLocalAuth: pointer.To(!d.Get("local_authentication_enabled").(bool)), BackupPolicy: backup, EnablePartitionMerge: pointer.To(d.Get("partition_merge_enabled").(bool)), EnableBurstCapacity: pointer.To(d.Get("burst_capacity_enabled").(bool)), @@ -1117,6 +1142,15 @@ func resourceCosmosDbAccountUpdate(d *pluginsdk.ResourceData, meta interface{}) Tags: tags.Expand(d.Get("tags").(map[string]interface{})), } + if !features.FivePointOh() { + if pluginsdk.IsExplicitlyNullInConfig(d, "local_authentication_enabled") { + account.Properties.DisableLocalAuth = pointer.To(false) + } + if !pluginsdk.IsExplicitlyNullInConfig(d, "local_authentication_disabled") { + account.Properties.DisableLocalAuth = pointer.To(d.Get("local_authentication_disabled").(bool)) + } + } + // 'default_identity_type' will always have a value since it now has a default value of "FirstPartyIdentity" per the API documentation. // I do not include 'DefaultIdentity' and 'Identity' in the 'accountProps' intentionally, these operations need to be // performed mutually exclusive from each other in an atomic fashion, else you will hit the service teams bug... @@ -1408,7 +1442,10 @@ func resourceCosmosDbAccountRead(d *pluginsdk.ResourceData, meta interface{}) er d.Set("network_acl_bypass_for_azure_services", pointer.From(props.NetworkAclBypass) == cosmosdb.NetworkAclBypassAzureServices) d.Set("network_acl_bypass_ids", utils.FlattenStringSlice(props.NetworkAclBypassResourceIds)) - d.Set("local_authentication_disabled", pointer.From(props.DisableLocalAuth)) + d.Set("local_authentication_enabled", !pointer.From(props.DisableLocalAuth)) + if !features.FivePointOh() { + d.Set("local_authentication_disabled", pointer.From(props.DisableLocalAuth)) + } policy, err := flattenCosmosdbAccountBackup(props.BackupPolicy) if err != nil { diff --git a/internal/services/cosmos/cosmosdb_account_resource_test.go b/internal/services/cosmos/cosmosdb_account_resource_test.go index 343b2b3e8882..1c787abb4350 100644 --- a/internal/services/cosmos/cosmosdb_account_resource_test.go +++ b/internal/services/cosmos/cosmosdb_account_resource_test.go @@ -1346,7 +1346,7 @@ func TestAccCosmosDBAccount_localAuthenticationDisabled(t *testing.T) { Config: r.basic(data, cosmosdb.DatabaseAccountKindGlobalDocumentDB, cosmosdb.DefaultConsistencyLevelEventual), Check: acceptance.ComposeAggregateTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), - check.That(data.ResourceName).Key("local_authentication_disabled").HasValue("false"), + check.That(data.ResourceName).Key("local_authentication_enabled").HasValue("true"), ), }, data.ImportStep(), @@ -1354,7 +1354,7 @@ func TestAccCosmosDBAccount_localAuthenticationDisabled(t *testing.T) { Config: r.basicWithLocalAuthenticationDisabled(data, cosmosdb.DatabaseAccountKindGlobalDocumentDB, cosmosdb.DefaultConsistencyLevelEventual), Check: acceptance.ComposeAggregateTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), - check.That(data.ResourceName).Key("local_authentication_disabled").HasValue("true"), + check.That(data.ResourceName).Key("local_authentication_enabled").HasValue("false"), ), }, data.ImportStep(), @@ -4075,7 +4075,8 @@ resource "azurerm_cosmosdb_account" "test" { } func (CosmosDBAccountResource) basicWithLocalAuthenticationDisabled(data acceptance.TestData, kind cosmosdb.DatabaseAccountKind, consistency cosmosdb.DefaultConsistencyLevel) string { - return fmt.Sprintf(` + if !features.FivePointOh() { + return fmt.Sprintf(` provider "azurerm" { features {} } @@ -4103,6 +4104,37 @@ resource "azurerm_cosmosdb_account" "test" { local_authentication_disabled = true } +`, data.RandomInteger, data.Locations.Primary, string(kind), string(consistency)) + } + + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-cosmos-%[1]d" + location = "%[2]s" +} + +resource "azurerm_cosmosdb_account" "test" { + name = "acctest-ca-%[1]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + offer_type = "Standard" + kind = "%[3]s" + + consistency_policy { + consistency_level = "%[4]s" + } + + geo_location { + location = azurerm_resource_group.test.location + failover_priority = 0 + } + + local_authentication_enabled = false +} `, data.RandomInteger, data.Locations.Primary, string(kind), string(consistency)) } diff --git a/website/docs/5.0-upgrade-guide.html.markdown b/website/docs/5.0-upgrade-guide.html.markdown index de93a06d3da8..82a084ad824a 100644 --- a/website/docs/5.0-upgrade-guide.html.markdown +++ b/website/docs/5.0-upgrade-guide.html.markdown @@ -367,6 +367,12 @@ Please follow the format in the example below for listing breaking changes in re * The deprecated `ssl_profile.verify_client_cert_issuer_dn` property has been removed in favour of the `ssl_profile.verify_client_certificate_issuer_dn` property. * The deprecated `enable_http2` property has been removed in favour of the `http2_enabled` property. +### `azurerm_application_insights` + +* The deprecated `local_authentication_disabled` property has been removed in favour of the `local_authentication_enabled` property. +* The deprecated `disable_ip_masking` property has been removed in favour of the `ip_masking_enabled` property. +* The deprecated `daily_data_cap_notifications_disabled` property has been removed in favour of the `daily_data_cap_notifications_enabled` property. + ### `azurerm_automation_account` * The `encryption.key_source` property has been removed. @@ -417,6 +423,7 @@ Please follow the format in the example below for listing breaking changes in re ### `azurerm_cosmosdb_account` +* The deprecated `local_authentication_disabled` property has been removed in favour of the `local_authentication_enabled` property. * The deprecated `managed_hsm_key_id` property has been removed in favour of the `key_vault_key_id` property. * The `minimal_tls_version` property no longer accepts `Tls` or `Tls11` as a value. diff --git a/website/docs/r/application_insights.html.markdown b/website/docs/r/application_insights.html.markdown index 73f827fd7106..8db4745ba7ce 100644 --- a/website/docs/r/application_insights.html.markdown +++ b/website/docs/r/application_insights.html.markdown @@ -81,13 +81,13 @@ The following arguments are supported: * `daily_data_cap_in_gb` - (Optional) Specifies the Application Insights component daily data volume cap in GB. Defaults to `100`. -* `daily_data_cap_notifications_disabled` - (Optional) Specifies if a notification email will be sent when the daily data volume cap is met. Defaults to `false`. +* `daily_data_cap_notifications_enabled` - (Optional) Whether a notification email will be sent when the daily data volume cap is met. Defaults to `true`. * `retention_in_days` - (Optional) Specifies the retention period in days. Possible values are `30`, `60`, `90`, `120`, `180`, `270`, `365`, `550` or `730`. Defaults to `90`. * `sampling_percentage` - (Optional) Specifies the percentage of the data produced by the monitored application that is sampled for Application Insights telemetry. Defaults to `100`. -* `disable_ip_masking` - (Optional) By default the real client IP is masked as `0.0.0.0` in the logs. Use this argument to disable masking and log the real client IP. Defaults to `false`. +* `ip_masking_enabled` - (Optional) By default the real client IP is masked as `0.0.0.0` in the logs. Set this argument to `false` to disable masking and log the real client IP. Defaults to `true`. * `tags` - (Optional) A mapping of tags to assign to the resource. @@ -95,7 +95,7 @@ The following arguments are supported: ~> **Note:** `workspace_id` cannot be removed after set. More details can be found at [Migrate to workspace-based Application Insights resources](https://docs.microsoft.com/azure/azure-monitor/app/convert-classic-resource#migration-process). If `workspace_id` is not specified but you encounter a diff, this might indicate a Microsoft initiated automatic migration from classic resources to workspace-based resources. If this is the case, please update `workspace_id` in the config file to the new value. -* `local_authentication_disabled` - (Optional) Disable Non-Azure AD based Auth. Defaults to `false`. +* `local_authentication_enabled` - (Optional) Whether Non-Azure AD based Auth is enabled. Defaults to `true`. * `internet_ingestion_enabled` - (Optional) Should the Application Insights component support ingestion over the Public Internet? Defaults to `true`. diff --git a/website/docs/r/cosmosdb_account.html.markdown b/website/docs/r/cosmosdb_account.html.markdown index c0d300f67e41..74a35d817f1f 100644 --- a/website/docs/r/cosmosdb_account.html.markdown +++ b/website/docs/r/cosmosdb_account.html.markdown @@ -176,7 +176,7 @@ The following arguments are supported: * `network_acl_bypass_ids` - (Optional) The list of resource Ids for Network Acl Bypass for this Cosmos DB account. -* `local_authentication_disabled` - (Optional) Disable local authentication and ensure only MSI and AAD can be used exclusively for authentication. Defaults to `false`. Can be set only when using the SQL API. +* `local_authentication_enabled` - (Optional) Whether local authentication is enabled, when disabled only MSI and AAD can be used exclusively for authentication. Defaults to `true`. Can be set only when using the SQL API. * `backup` - (Optional) A `backup` block as defined below.