Merge remote-tracking branch 'upstream/main' into systemcentervirtual…

…machinemanagervirtualmachineinstance

internal/services/keyvault/key_vault_certificate_ephemeral_test.go

@@ -24,7 +24,7 @@ func TestAccEphemeralKeyVaultCertificate_basic(t *testing.T) {
 	data := acceptance.BuildTestData(t, "ephemeral.azurerm_key_vault_certificate", "test")
 	r := KeyVaultCertificateEphemeral{}
 
-	resource.UnitTest(t, resource.TestCase{
+	resource.Test(t, resource.TestCase{
 		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
 			tfversion.SkipBelow(version.Must(version.NewVersion("1.10.0-rc1"))),
 		},
@@ -49,7 +49,7 @@ func TestAccEphemeralKeyVaultCertificate_ecdsaPFX(t *testing.T) {
 	data := acceptance.BuildTestData(t, "ephemeral.azurerm_key_vault_certificate", "test")
 	r := KeyVaultCertificateEphemeral{}
 
-	resource.UnitTest(t, resource.TestCase{
+	resource.Test(t, resource.TestCase{
 		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
 			tfversion.SkipBelow(version.Must(version.NewVersion("1.10.0-rc1"))),
 		},
@@ -72,7 +72,7 @@ func TestAccEphemeralKeyVaultCertificate_ecdsaPEM(t *testing.T) {
 	data := acceptance.BuildTestData(t, "ephemeral.azurerm_key_vault_certificate", "test")
 	r := KeyVaultCertificateEphemeral{}
 
-	resource.UnitTest(t, resource.TestCase{
+	resource.Test(t, resource.TestCase{
 		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
 			tfversion.SkipBelow(version.Must(version.NewVersion("1.10.0-rc1"))),
 		},
@@ -95,7 +95,7 @@ func TestAccEphemeralKeyVaultCertificate_rsaBundlePEM(t *testing.T) {
 	data := acceptance.BuildTestData(t, "ephemeral.azurerm_key_vault_certificate", "test")
 	r := KeyVaultCertificateEphemeral{}
 
-	resource.UnitTest(t, resource.TestCase{
+	resource.Test(t, resource.TestCase{
 		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
 			tfversion.SkipBelow(version.Must(version.NewVersion("1.10.0-rc1"))),
 		},
@@ -119,7 +119,7 @@ func TestAccEphemeralKeyVaultCertificate_rsaSinglePEM(t *testing.T) {
 	data := acceptance.BuildTestData(t, "ephemeral.azurerm_key_vault_certificate", "test")
 	r := KeyVaultCertificateEphemeral{}
 
-	resource.UnitTest(t, resource.TestCase{
+	resource.Test(t, resource.TestCase{
 		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
 			tfversion.SkipBelow(version.Must(version.NewVersion("1.10.0-rc1"))),
 		},
@@ -143,7 +143,7 @@ func TestAccEphemeralKeyVaultCertificate_rsaBundlePFX(t *testing.T) {
 	data := acceptance.BuildTestData(t, "ephemeral.azurerm_key_vault_certificate", "test")
 	r := KeyVaultCertificateEphemeral{}
 
-	resource.UnitTest(t, resource.TestCase{
+	resource.Test(t, resource.TestCase{
 		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
 			tfversion.SkipBelow(version.Must(version.NewVersion("1.10.0-rc1"))),
 		},

internal/services/keyvault/key_vault_secret_ephemeral_test.go

@@ -24,7 +24,7 @@ func TestAccEphemeralKeyVaultSecret_basic(t *testing.T) {
 	data := acceptance.BuildTestData(t, "ephemeral.azurerm_key_vault_secret", "test")
 	r := KeyVaultSecretEphemeral{}
 
-	resource.UnitTest(t, resource.TestCase{
+	resource.Test(t, resource.TestCase{
 		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
 			tfversion.SkipBelow(version.Must(version.NewVersion("1.10.0-rc1"))),
 		},
@@ -45,7 +45,7 @@ func TestAccEphemeralKeyVaultSecret_complete(t *testing.T) {
 	data := acceptance.BuildTestData(t, "ephemeral.azurerm_key_vault_secret", "test")
 	r := KeyVaultSecretEphemeral{}
 
-	resource.UnitTest(t, resource.TestCase{
+	resource.Test(t, resource.TestCase{
 		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
 			tfversion.SkipBelow(version.Must(version.NewVersion("1.10.0-rc1"))),
 		},

internal/services/managedhsm/key_vault_managed_hardware_security_module_key_resource.go

@@ -77,6 +77,7 @@ func (r KeyVaultMHSMKeyResource) Arguments() map[string]*pluginsdk.Schema {
 			// issue: https://github.com/Azure/azure-rest-api-specs/issues/1739
 			ValidateFunc: validation.StringInSlice([]string{
 				string(keyvault.JSONWebKeyTypeECHSM),
+				string(keyvault.JSONWebKeyTypeOctHSM),
 				string(keyvault.JSONWebKeyTypeRSAHSM),
 			}, false),
 		},

internal/services/network/network_watcher_flow_log_resource.go

@@ -79,6 +79,8 @@ func resourceNetworkWatcherFlowLog() *pluginsdk.Resource {
 				ValidateFunc: validation.Any(
 					networksecuritygroups.ValidateNetworkSecurityGroupID,
 					commonids.ValidateVirtualNetworkID,
+					commonids.ValidateSubnetID,
+					commonids.ValidateNetworkInterfaceID,
 				),
 			},
 
@@ -422,6 +424,10 @@ func resourceNetworkWatcherFlowLogRead(d *pluginsdk.ResourceData, meta interface
 				targetIsNSG = true
 			} else if vnetId, err := commonids.ParseVirtualNetworkIDInsensitively(props.TargetResourceId); err == nil {
 				targetResourceId = vnetId.ID()
+			} else if subnetId, err := commonids.ParseSubnetIDInsensitively(props.TargetResourceId); err == nil {
+				targetResourceId = subnetId.ID()
+			} else if nicId, err := commonids.ParseNetworkInterfaceIDInsensitively(props.TargetResourceId); err == nil {
+				targetResourceId = nicId.ID()
 			}
 
 			if !features.FivePointOhBeta() && targetIsNSG {

internal/services/network/network_watcher_flow_log_resource_test.go

@@ -49,6 +49,36 @@ func testAccNetworkWatcherFlowLog_basicWithVirtualNetwork(t *testing.T) {
 	})
 }
 
+func testAccNetworkWatcherFlowLog_basicWithSubnet(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_network_watcher_flow_log", "test")
+	r := NetworkWatcherFlowLogResource{}
+
+	data.ResourceSequentialTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.basicConfigWithSubnet(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
+func testAccNetworkWatcherFlowLog_basicWithNIC(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_network_watcher_flow_log", "test")
+	r := NetworkWatcherFlowLogResource{}
+
+	data.ResourceSequentialTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.basicConfigWithNIC(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
 func testAccNetworkWatcherFlowLog_requiresImport(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azurerm_network_watcher_flow_log", "test")
 	r := NetworkWatcherFlowLogResource{}
@@ -396,6 +426,88 @@ resource "azurerm_network_watcher_flow_log" "test" {
 `, r.prerequisites(data), data.RandomInteger, data.RandomInteger)
 }
 
+func (r NetworkWatcherFlowLogResource) basicConfigWithSubnet(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+%s
+
+resource "azurerm_virtual_network" "test" {
+  name                = "acctestvn-%d"
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+}
+
+resource "azurerm_subnet" "test" {
+  name                 = "acctestsubnet-%d"
+  resource_group_name  = azurerm_resource_group.test.name
+  virtual_network_name = azurerm_virtual_network.test.name
+  address_prefixes     = ["10.0.1.0/24"]
+}
+
+resource "azurerm_network_watcher_flow_log" "test" {
+  network_watcher_name = azurerm_network_watcher.test.name
+  resource_group_name  = azurerm_resource_group.test.name
+  name                 = "flowlog-%d"
+
+  target_resource_id = azurerm_subnet.test.id
+  storage_account_id = azurerm_storage_account.test.id
+  enabled            = true
+
+  retention_policy {
+    enabled = false
+    days    = 0
+  }
+}
+`, r.prerequisites(data), data.RandomInteger, data.RandomInteger, data.RandomInteger)
+}
+
+func (r NetworkWatcherFlowLogResource) basicConfigWithNIC(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+%s
+
+resource "azurerm_virtual_network" "test" {
+  name                = "acctestvn-%d"
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+}
+
+resource "azurerm_subnet" "test" {
+  name                 = "acctestsubnet-%d"
+  resource_group_name  = azurerm_resource_group.test.name
+  virtual_network_name = azurerm_virtual_network.test.name
+  address_prefixes     = ["10.0.1.0/24"]
+}
+
+resource "azurerm_network_interface" "test" {
+  name                = "acctestnic-%d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+
+  ip_configuration {
+    name                          = "internal"
+    subnet_id                     = azurerm_subnet.test.id
+    private_ip_address_allocation = "Dynamic"
+  }
+}
+
+resource "azurerm_network_watcher_flow_log" "test" {
+  network_watcher_name = azurerm_network_watcher.test.name
+  resource_group_name  = azurerm_resource_group.test.name
+  name                 = "flowlog-%d"
+
+  target_resource_id = azurerm_network_interface.test.id
+  storage_account_id = azurerm_storage_account.test.id
+  enabled            = true
+
+  retention_policy {
+    enabled = false
+    days    = 0
+  }
+}
+`, r.prerequisites(data), data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger)
+}
+
 func (r NetworkWatcherFlowLogResource) requiresImport(data acceptance.TestData) string {
 	if !features.FivePointOhBeta() {
 		return fmt.Sprintf(`

internal/services/network/network_watcher_resource_test.go

@@ -79,6 +79,8 @@ func TestAccNetworkWatcher(t *testing.T) {
 		"FlowLog": {
 			"basic":                   testAccNetworkWatcherFlowLog_basic,
 			"basicWithVirtualNetwork": testAccNetworkWatcherFlowLog_basicWithVirtualNetwork,
+			"basicWithSubnet":         testAccNetworkWatcherFlowLog_basicWithSubnet,
+			"basicWithNIC":            testAccNetworkWatcherFlowLog_basicWithNIC,
 			"requiresImport":          testAccNetworkWatcherFlowLog_requiresImport,
 			"disabled":                testAccNetworkWatcherFlowLog_disabled,
 			"reenabled":               testAccNetworkWatcherFlowLog_reenabled,

website/docs/d/mssql_managed_database.html.markdown

@@ -70,4 +70,4 @@ A `point_in_time_restore` block exports the following:
 
 The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/language/resources/syntax#operation-timeouts) for certain actions:
 
-* `read` - (Defaults to 5 minutes) Used when retrieving the Azure SQL Azure Managed Database.
+* `read` - (Defaults to 5 minutes) Used when retrieving the Azure SQL Azure Managed Database.

website/docs/r/data_protection_backup_instance_blob_storage.html.markdown

@@ -44,9 +44,9 @@ resource "azurerm_role_assignment" "example" {
 }
 
 resource "azurerm_data_protection_backup_policy_blob_storage" "example" {
-  name               = "example-backup-policy"
-  vault_id           = azurerm_data_protection_backup_vault.example.id
-  retention_duration = "P30D"
+  name                                   = "example-backup-policy"
+  vault_id                               = azurerm_data_protection_backup_vault.example.id
+  operational_default_retention_duration = "P30D"
 }
 
 resource "azurerm_data_protection_backup_instance_blob_storage" "example" {

website/docs/r/key_vault_managed_hardware_security_module_key.html.markdown

@@ -74,9 +74,9 @@ The following arguments are supported:
 
 * `managed_hsm_id` - (Required) Specifies the ID of the Key Vault Managed Hardware Security Module that they key will be owned by. Changing this forces a new resource to be created.
 
-* `key_type` - (Required) Specifies the Key Type to use for this Key Vault Managed Hardware Security Module Key. Possible values are `EC-HSM` and `RSA-HSM`. Changing this forces a new resource to be created.
+* `key_type` - (Required) Specifies the Key Type to use for this Key Vault Managed Hardware Security Module Key. Possible values are `EC-HSM`, `oct-HSM` and `RSA-HSM`. More details see [HSM-protected keys](https://learn.microsoft.com/en-us/azure/key-vault/keys/about-keys#hsm-protected-keys). Changing this forces a new resource to be created.
 
-* `key_size` - (Optional) Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. *Note*: This field is required if `key_type` is `RSA-HSM`. Changing this forces a new resource to be created.
+* `key_size` - (Optional) Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. *Note*: This field is required if `key_type` is `RSA-HSM` or `oct-HSM`. Changing this forces a new resource to be created.
 
 * `curve` - (Optional) Specifies the curve to use when creating an `EC-HSM` key. Possible values are `P-256`, `P-256K`, `P-384`, and `P-521`. This field is required if `key_type` is `EC-HSM`. Changing this forces a new resource to be created.
 

website/docs/r/network_watcher_flow_log.html.markdown

@@ -56,9 +56,9 @@ resource "azurerm_network_watcher_flow_log" "test" {
   resource_group_name  = azurerm_resource_group.example.name
   name                 = "example-log"
 
-  network_security_group_id = azurerm_network_security_group.test.id
-  storage_account_id        = azurerm_storage_account.test.id
-  enabled                   = true
+  target_resource_id = azurerm_network_security_group.test.id
+  storage_account_id = azurerm_storage_account.test.id
+  enabled            = true
 
   retention_policy {
     enabled = true