Merge remote-tracking branch 'origin/main' into feat/aisearch-bypass

.github/workflows/pull-request.yaml

@@ -15,7 +15,7 @@ jobs:
       with:
         configuration-path: .github/labeler-pull-request-triage.yml
         repo-token: "${{ secrets.GITHUB_TOKEN }}"
-    - uses: CodelyTV/pr-size-labeler@c7a55a022747628b50f3eb5bf863b9e796b8f274 # v1.10.1
+    - uses: CodelyTV/pr-size-labeler@1c3422395d899286d5ee2c809fd5aed264d5eb9b # v1.10.2
       with:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         xs_label: 'size/XS'

CHANGELOG.md

@@ -1,29 +1,46 @@
-## 4.12.0 (Unreleased)
+## 4.13.0 (December 05, 2024)
+
+ENHANCEMENTS:
+
+* `azurerm_cognitive_deployment` - support for the `dynamic_throttling_enabled` property ([#28100](https://github.com/hashicorp/terraform-provider-azurerm/issues/28100))
+* `azurerm_key_vault_managed_hardware_security_module_key` - the `key_type` property now supports `oct-HSM` ([#28171](https://github.com/hashicorp/terraform-provider-azurerm/issues/28171))
+* `azurerm_machine_learning_datastore_datalake_gen2` - can now be used with storage account in a different subscription ([#28123](https://github.com/hashicorp/terraform-provider-azurerm/issues/28123))
+* `azurerm_network_watcher_flow_log` - `target_resource_id` supports subnets and network interfaces ([#28177](https://github.com/hashicorp/terraform-provider-azurerm/issues/28177))
+
+BUG:
+
+* Data Source: `azurerm_logic_app_standard` - update the `identity` property to support User Assigned Identities ([#28158](https://github.com/hashicorp/terraform-provider-azurerm/issues/28158))
+* `azurerm_cdn_frontdoor_origin_group` - update validation of the `interval_in_seconds` property to match API behaviour ([#28143](https://github.com/hashicorp/terraform-provider-azurerm/issues/28143))
+* `azurerm_container_group` - retrieve log analytics workspace key from config when updating resource ([#28025](https://github.com/hashicorp/terraform-provider-azurerm/issues/28025))
+* `azurerm_mssql_elasticpool` - fix sku tier and family validation that prevented the creation of Hyperscale PRMS pools ([#28178](https://github.com/hashicorp/terraform-provider-azurerm/issues/28178))
+* `azurerm_search_service` -  the `partition_count` property can now be up to `3` when using basic sku ([#28105](https://github.com/hashicorp/terraform-provider-azurerm/issues/28105))
+
+## 4.12.0 (November 28, 2024)
 
 FEATURES:
 
-* **New Data Source**: `azurerm_mssql_managed_database` [GH-27026]
+* **New Data Source**: `azurerm_mssql_managed_database` ([#27026](https://github.com/hashicorp/terraform-provider-azurerm/issues/27026))
 
 BUG FIXES:
 
-* `azurerm_application_insights_api_key` - fix condition that nil checks the list of available API keys to prevent an indefinate loop when keys created outside of Terraform are present [GH-28037]
-* `azurerm_data_factory_linked_service_azure_sql_database` - send `tenant_id` only if it has been specified [GH-28120]
-* `azurerm_eventgrid_event_subscription` - fix crash when flattening `advanced_filter` [GH-28110]
-* `azurerm_virtual_network_gateway` - fix crash issue when specifying `root_certificate ` or `revoked_certificate` [GH-28099]
+* `azurerm_application_insights_api_key` - fix condition that nil checks the list of available API keys to prevent an indefinate loop when keys created outside of Terraform are present ([#28037](https://github.com/hashicorp/terraform-provider-azurerm/issues/28037))
+* `azurerm_data_factory_linked_service_azure_sql_database` - send `tenant_id` only if it has been specified ([#28120](https://github.com/hashicorp/terraform-provider-azurerm/issues/28120))
+* `azurerm_eventgrid_event_subscription` - fix crash when flattening `advanced_filter` ([#28110](https://github.com/hashicorp/terraform-provider-azurerm/issues/28110))
+* `azurerm_virtual_network_gateway` - fix crash issue when specifying `root_certificate ` or `revoked_certificate` ([#28099](https://github.com/hashicorp/terraform-provider-azurerm/issues/28099))
 
 ENHANCEMENTS:
 
-* dependencies - update `go-azure-sdk` to `v0.20241128.1112539` [GH-28137]
-* `containerapps` - update api version to `2024-03-01` [GH-28074]
-* `Search` - update api version to `2024-06-01-preview` [GH-27803]
-* Data Source: `azurerm_logic_app_standard` - add support for the `public_network_access` property [GH-27913]
-* Data Source: `azurerm_search_service` - add support for the `customer_managed_key_encryption_compliance_status` property [GH-27478]
-* `azurerm_container_registry_task` - add validation on `cpu` as well as on `agent_pool_name`and `agent_setting` [GH-28098]
-* `azurerm_databricks_workspace` - add support for the `enhanced_security_compliance` block [GH-26606]
-* `azurerm_eventhub` - deprecate `namespace_name` and `resource_group_name` in favour of `namespace_id` [GH-28055]
-* `azurerm_logic_app_standard` - add support for the `public_network_access` property [GH-27913]
-* `azurerm_search_service` - add support for the `customer_managed_key_encryption_compliance_status` property [GH-27478]
-* `azurerm_cosmosdb_account` - add support for value `EnableNoSQLFullTextSearch` in the  `capabilities.name` property [GH-28114]
+* dependencies - update `go-azure-sdk` to `v0.20241128.1112539` ([#28137](https://github.com/hashicorp/terraform-provider-azurerm/issues/28137))
+* `containerapps` - update api version to `2024-03-01` ([#28074](https://github.com/hashicorp/terraform-provider-azurerm/issues/28074))
+* `Search` - update api version to `2024-06-01-preview` ([#27803](https://github.com/hashicorp/terraform-provider-azurerm/issues/27803))
+* Data Source: `azurerm_logic_app_standard` - add support for the `public_network_access` property ([#27913](https://github.com/hashicorp/terraform-provider-azurerm/issues/27913))
+* Data Source: `azurerm_search_service` - add support for the `customer_managed_key_encryption_compliance_status` property ([#27478](https://github.com/hashicorp/terraform-provider-azurerm/issues/27478))
+* `azurerm_container_registry_task` - add validation on `cpu` as well as on `agent_pool_name`and `agent_setting` ([#28098](https://github.com/hashicorp/terraform-provider-azurerm/issues/28098))
+* `azurerm_databricks_workspace` - add support for the `enhanced_security_compliance` block ([#26606](https://github.com/hashicorp/terraform-provider-azurerm/issues/26606))
+* `azurerm_eventhub` - deprecate `namespace_name` and `resource_group_name` in favour of `namespace_id` ([#28055](https://github.com/hashicorp/terraform-provider-azurerm/issues/28055))
+* `azurerm_logic_app_standard` - add support for the `public_network_access` property ([#27913](https://github.com/hashicorp/terraform-provider-azurerm/issues/27913))
+* `azurerm_search_service` - add support for the `customer_managed_key_encryption_compliance_status` property ([#27478](https://github.com/hashicorp/terraform-provider-azurerm/issues/27478))
+* `azurerm_cosmosdb_account` - add support for value `EnableNoSQLFullTextSearch` in the  `capabilities.name` property ([#28114](https://github.com/hashicorp/terraform-provider-azurerm/issues/28114))
 
 ## 4.11.0 (November 22, 2024)
 

examples/databricks/enhanced-security-compliance/main.tf

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 provider "azurerm" {
   features {}
 }

internal/services/apimanagement/api_management_api_diagnostic_resource_test.go

@@ -191,7 +191,7 @@ resource "azurerm_api_management_api" "test" {
 
   import {
     content_format = "swagger-link-json"
-    content_value  = "http://conferenceapi.azurewebsites.net/?format=json"
+    content_value  = "https://raw.githubusercontent.com/hashicorp/terraform-provider-azurerm/refs/heads/main/internal/services/apimanagement/testdata/api_management_api_swagger.json"
   }
 }
 `, data.RandomInteger, data.Locations.Primary)

internal/services/cdn/cdn_endpoint_custom_domain_resource.go

@@ -14,6 +14,7 @@ import (
 	"github.com/hashicorp/go-azure-helpers/resourcemanager/commonids"
 	"github.com/hashicorp/terraform-provider-azurerm/helpers/tf"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/features"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/services/cdn/parse"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/services/cdn/validate"
 	keyvaultClient "github.com/hashicorp/terraform-provider-azurerm/internal/services/keyvault/client"
@@ -74,9 +75,7 @@ func resourceArmCdnEndpointCustomDomain() *pluginsdk.Resource {
 						Type:     pluginsdk.TypeString,
 						Optional: true,
 						ValidateFunc: validation.StringInSlice([]string{
-							string(cdn.MinimumTLSVersionTLS10),
 							string(cdn.MinimumTLSVersionTLS12),
-							string(cdn.MinimumTLSVersionNone),
 						}, false),
 						Default: string(cdn.MinimumTLSVersionTLS12),
 					},
@@ -96,9 +95,7 @@ func resourceArmCdnEndpointCustomDomain() *pluginsdk.Resource {
 						Type:     pluginsdk.TypeString,
 						Optional: true,
 						ValidateFunc: validation.StringInSlice([]string{
-							string(cdn.MinimumTLSVersionTLS10),
 							string(cdn.MinimumTLSVersionTLS12),
-							string(cdn.MinimumTLSVersionNone),
 						}, false),
 						Default: string(cdn.MinimumTLSVersionTLS12),
 					},
@@ -114,6 +111,28 @@ func resourceArmCdnEndpointCustomDomain() *pluginsdk.Resource {
 		ValidateFunc: keyvaultValidate.NestedItemIdWithOptionalVersion,
 	}
 
+	if !features.FivePointOhBeta() {
+		schema["cdn_managed_https"].Elem.(*pluginsdk.Resource).Schema["tls_version"] = &pluginsdk.Schema{
+			Type:     pluginsdk.TypeString,
+			Optional: true,
+			ValidateFunc: validation.StringInSlice([]string{
+				string(cdn.MinimumTLSVersionNone),
+				string(cdn.MinimumTLSVersionTLS10),
+				string(cdn.MinimumTLSVersionTLS12),
+			}, false),
+			Default: string(cdn.MinimumTLSVersionTLS12),
+		}
+		schema["user_managed_https"].Elem.(*pluginsdk.Resource).Schema["tls_version"] = &pluginsdk.Schema{
+			Type:     pluginsdk.TypeString,
+			Optional: true,
+			ValidateFunc: validation.StringInSlice([]string{
+				string(cdn.MinimumTLSVersionNone),
+				string(cdn.MinimumTLSVersionTLS10),
+				string(cdn.MinimumTLSVersionTLS12),
+			}, false),
+			Default: string(cdn.MinimumTLSVersionTLS12),
+		}
+	}
 	return &pluginsdk.Resource{
 		Create: resourceArmCdnEndpointCustomDomainCreate,
 		Read:   resourceArmCdnEndpointCustomDomainRead,

internal/services/cdn/cdn_frontdoor_origin_group_resource.go

@@ -114,7 +114,7 @@ func resourceCdnFrontDoorOriginGroup() *pluginsdk.Resource {
 						"interval_in_seconds": {
 							Type:         pluginsdk.TypeInt,
 							Required:     true,
-							ValidateFunc: validation.IntBetween(5, 31536000),
+							ValidateFunc: validation.IntBetween(1, 255),
 						},
 
 						"path": {

internal/services/cognitive/cognitive_deployment_resource.go

@@ -20,12 +20,13 @@ import (
 )
 
 type cognitiveDeploymentModel struct {
-	Name                 string                 `tfschema:"name"`
-	CognitiveAccountId   string                 `tfschema:"cognitive_account_id"`
-	Model                []DeploymentModelModel `tfschema:"model"`
-	RaiPolicyName        string                 `tfschema:"rai_policy_name"`
-	Sku                  []DeploymentSkuModel   `tfschema:"sku"`
-	VersionUpgradeOption string                 `tfschema:"version_upgrade_option"`
+	Name                     string                 `tfschema:"name"`
+	CognitiveAccountId       string                 `tfschema:"cognitive_account_id"`
+	DynamicThrottlingEnabled bool                   `tfschema:"dynamic_throttling_enabled"`
+	Model                    []DeploymentModelModel `tfschema:"model"`
+	RaiPolicyName            string                 `tfschema:"rai_policy_name"`
+	Sku                      []DeploymentSkuModel   `tfschema:"sku"`
+	VersionUpgradeOption     string                 `tfschema:"version_upgrade_option"`
 }
 
 type DeploymentModelModel struct {
@@ -74,6 +75,11 @@ func (r CognitiveDeploymentResource) Arguments() map[string]*pluginsdk.Schema {
 			ValidateFunc: cognitiveservicesaccounts.ValidateAccountID,
 		},
 
+		"dynamic_throttling_enabled": {
+			Type:     pluginsdk.TypeBool,
+			Optional: true,
+		},
+
 		"model": {
 			Type:     pluginsdk.TypeList,
 			Required: true,
@@ -220,6 +226,10 @@ func (r CognitiveDeploymentResource) Create() sdk.ResourceFunc {
 				properties.Properties.RaiPolicyName = &model.RaiPolicyName
 			}
 
+			if model.DynamicThrottlingEnabled {
+				properties.Properties.DynamicThrottlingEnabled = &model.DynamicThrottlingEnabled
+			}
+
 			if model.VersionUpgradeOption != "" {
 				option := deployments.DeploymentModelVersionUpgradeOption(model.VersionUpgradeOption)
 				properties.Properties.VersionUpgradeOption = &option
@@ -266,6 +276,10 @@ func (r CognitiveDeploymentResource) Update() sdk.ResourceFunc {
 
 			properties := resp.Model
 
+			if metadata.ResourceData.HasChange("dynamic_throttling_enabled") {
+				properties.Properties.DynamicThrottlingEnabled = pointer.To(model.DynamicThrottlingEnabled)
+			}
+
 			if metadata.ResourceData.HasChange("sku.0.capacity") {
 				properties.Sku.Capacity = pointer.To(model.Sku[0].Capacity)
 			}
@@ -323,12 +337,9 @@ func (r CognitiveDeploymentResource) Read() sdk.ResourceFunc {
 			if properties := model.Properties; properties != nil {
 				state.Model = flattenDeploymentModelModel(properties.Model)
 
-				if v := properties.RaiPolicyName; v != nil {
-					state.RaiPolicyName = *v
-				}
-				if v := properties.VersionUpgradeOption; v != nil {
-					state.VersionUpgradeOption = string(*v)
-				}
+				state.DynamicThrottlingEnabled = pointer.From(properties.DynamicThrottlingEnabled)
+				state.RaiPolicyName = pointer.From(properties.RaiPolicyName)
+				state.VersionUpgradeOption = string(pointer.From(properties.VersionUpgradeOption))
 			}
 			if sku := flattenDeploymentSkuModel(model.Sku); sku != nil {
 				state.Sku = sku

internal/services/cognitive/cognitive_deployment_resource_test.go

@@ -19,19 +19,6 @@ import (
 
 type CognitiveDeploymentTestResource struct{}
 
-func TestAccCognitiveDeploymentSequential(t *testing.T) {
-	// Only two OpenAI resources could be created per region, so run the tests sequentially.
-	// Refer to : https://learn.microsoft.com/en-us/azure/cognitive-services/openai/quotas-limits
-	acceptance.RunTestsInSequence(t, map[string]map[string]func(t *testing.T){
-		"deployment": {
-			"basic":          TestAccCognitiveDeployment_basic,
-			"requiresImport": testAccCognitiveDeployment_requiresImport,
-			"complete":       testAccCognitiveDeployment_complete,
-			"update":         TestAccCognitiveDeployment_update,
-		},
-	})
-}
-
 func TestAccCognitiveDeployment_basic(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azurerm_cognitive_deployment", "test")
 	r := CognitiveDeploymentTestResource{}
@@ -47,7 +34,7 @@ func TestAccCognitiveDeployment_basic(t *testing.T) {
 	})
 }
 
-func testAccCognitiveDeployment_requiresImport(t *testing.T) {
+func TestAccCognitiveDeployment_requiresImport(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azurerm_cognitive_deployment", "test")
 
 	r := CognitiveDeploymentTestResource{}
@@ -62,14 +49,15 @@ func testAccCognitiveDeployment_requiresImport(t *testing.T) {
 	})
 }
 
-func testAccCognitiveDeployment_complete(t *testing.T) {
+func TestAccCognitiveDeployment_complete(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azurerm_cognitive_deployment", "test")
 	r := CognitiveDeploymentTestResource{}
 	data.ResourceSequentialTest(t, r, []acceptance.TestStep{
 		{
 			Config: r.complete(data),
 			Check: acceptance.ComposeTestCheckFunc(
 				check.That(data.ResourceName).ExistsInAzure(r),
+				check.That(data.ResourceName).Key("dynamic_throttling_enabled").HasValue("true"),
 			),
 		},
 		data.ImportStep(),
@@ -211,9 +199,9 @@ func (r CognitiveDeploymentTestResource) complete(data acceptance.TestData) stri
 %s
 
 resource "azurerm_cognitive_deployment" "test" {
-  name                 = "acctest-cd-%d"
-  cognitive_account_id = azurerm_cognitive_account.test.id
-
+  name                       = "acctest-cd-%d"
+  cognitive_account_id       = azurerm_cognitive_account.test.id
+  dynamic_throttling_enabled = true
   model {
     format  = "OpenAI"
     name    = "text-embedding-ada-002"
@@ -222,7 +210,7 @@ resource "azurerm_cognitive_deployment" "test" {
   sku {
     name = "Standard"
   }
-  rai_policy_name        = "RAI policy"
+  rai_policy_name        = "Microsoft.DefaultV2"
   version_upgrade_option = "OnceNewDefaultVersionAvailable"
 }
 `, template, data.RandomInteger)

internal/services/containers/container_group_resource.go

@@ -814,6 +814,11 @@ func resourceContainerGroupUpdate(d *pluginsdk.ResourceData, meta interface{}) e
 		}
 		model.Properties.Volumes = pointer.To(containerGroupVolumes)
 
+		// As API doesn't return the value of WorkspaceKey, so it has to get the value from tf config and set it to request payload. Otherwise, the Update API call would fail
+		if diagnostics := expandContainerGroupDiagnostics(d.Get("diagnostics").([]interface{})); diagnostics != nil && diagnostics.LogAnalytics != nil {
+			model.Properties.Diagnostics.LogAnalytics.WorkspaceKey = diagnostics.LogAnalytics.WorkspaceKey
+		}
+
 		// As Update API doesn't support to update identity, so it has to use CreateOrUpdate API to update identity
 		if err := client.ContainerGroupsCreateOrUpdateThenPoll(ctx, *id, model); err != nil {
 			return fmt.Errorf("updating %s: %+v", *id, err)