add description for nat/network rules in firewall policy rule (#23354)

hashicorp · Sep 22, 2023 · 8ff4825 · 8ff4825
1 parent 78db139
commit 8ff4825
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 0 deletions.
diff --git a/internal/services/firewall/firewall_policy_rule_collection_group_resource.go b/internal/services/firewall/firewall_policy_rule_collection_group_resource.go
@@ -9,6 +9,7 @@ import (
 	"strconv"
 	"time"
 
+	"github.com/hashicorp/go-azure-helpers/lang/pointer"
 	"github.com/hashicorp/go-azure-helpers/lang/response"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/hashicorp/terraform-provider-azurerm/helpers/tf"
@@ -236,6 +237,11 @@ func resourceFirewallPolicyRuleCollectionGroup() *pluginsdk.Resource {
 										Required:     true,
 										ValidateFunc: validation.StringIsNotEmpty,
 									},
+									"description": {
+										Type:         pluginsdk.TypeString,
+										Optional:     true,
+										ValidateFunc: validation.StringIsNotEmpty,
+									},
 									"protocols": {
 										Type:     pluginsdk.TypeList,
 										Required: true,
@@ -349,6 +355,11 @@ func resourceFirewallPolicyRuleCollectionGroup() *pluginsdk.Resource {
 										Required:     true,
 										ValidateFunc: validation.StringIsNotEmpty,
 									},
+									"description": {
+										Type:         pluginsdk.TypeString,
+										Optional:     true,
+										ValidateFunc: validation.StringIsNotEmpty,
+									},
 									"protocols": {
 										Type:     pluginsdk.TypeList,
 										Required: true,
@@ -659,6 +670,7 @@ func expandFirewallPolicyRuleNetwork(input []interface{}) *[]network.BasicFirewa
 			DestinationIPGroups:  utils.ExpandStringSlice(condition["destination_ip_groups"].([]interface{})),
 			DestinationFqdns:     utils.ExpandStringSlice(condition["destination_fqdns"].([]interface{})),
 			DestinationPorts:     utils.ExpandStringSlice(condition["destination_ports"].([]interface{})),
+			Description:          pointer.To(condition["description"].(string)),
 		}
 		result = append(result, output)
 	}
@@ -691,6 +703,7 @@ func expandFirewallPolicyRuleNat(input []interface{}) (*[]network.BasicFirewallP
 			DestinationAddresses: &destinationAddresses,
 			DestinationPorts:     utils.ExpandStringSlice(condition["destination_ports"].([]interface{})),
 			TranslatedPort:       utils.String(strconv.Itoa(condition["translated_port"].(int))),
+			Description:          pointer.To(condition["description"].(string)),
 		}
 		if condition["translated_address"].(string) != "" {
 			output.TranslatedAddress = utils.String(condition["translated_address"].(string))
@@ -890,6 +903,7 @@ func flattenFirewallPolicyRuleNetwork(input *[]network.BasicFirewallPolicyRule)
 			"destination_ip_groups": utils.FlattenStringSlice(rule.DestinationIPGroups),
 			"destination_fqdns":     utils.FlattenStringSlice(rule.DestinationFqdns),
 			"destination_ports":     utils.FlattenStringSlice(rule.DestinationPorts),
+			"description":           pointer.From(rule.Description),
 		})
 	}
 	return output, nil
@@ -951,6 +965,7 @@ func flattenFirewallPolicyRuleNat(input *[]network.BasicFirewallPolicyRule) ([]i
 			"translated_address":  translatedAddress,
 			"translated_port":     translatedPort,
 			"translated_fqdn":     translatedFQDN,
+			"description":         pointer.From(rule.Description),
 		})
 	}
 	return output, nil

diff --git a/internal/services/firewall/firewall_policy_rule_collection_group_resource_test.go b/internal/services/firewall/firewall_policy_rule_collection_group_resource_test.go
@@ -259,13 +259,15 @@ resource "azurerm_firewall_policy_rule_collection_group" "test" {
     action   = "Deny"
     rule {
       name                  = "network_rule_collection1_rule1"
+      description           = "network_rule_collection1_rule1"
       protocols             = ["TCP", "UDP"]
       source_addresses      = ["10.0.0.1"]
       destination_addresses = ["192.168.1.1", "ApiManagement"]
       destination_ports     = ["80", "1000-2000"]
     }
     rule {
       name              = "network_rule_collection1_rule2"
+      description       = "network_rule_collection1_rule2"
       protocols         = ["TCP", "UDP"]
       source_addresses  = ["10.0.0.1"]
       destination_fqdns = ["time.windows.com"]
@@ -292,6 +294,7 @@ resource "azurerm_firewall_policy_rule_collection_group" "test" {
     action   = "Dnat"
     rule {
       name                = "nat_rule_collection1_rule1"
+      description         = "nat_rule_collection1_rule1"
       protocols           = ["TCP", "UDP"]
       source_addresses    = ["10.0.0.1", "10.0.0.2"]
       destination_address = "192.168.1.1"

diff --git a/website/docs/r/firewall_policy_rule_collection_group.html.markdown b/website/docs/r/firewall_policy_rule_collection_group.html.markdown
@@ -163,6 +163,8 @@ A `network_rule` (network rule) block supports the following:
 
 * `name` - (Required) The name which should be used for this rule.
 
+* `description` - (Optional) The description which should be used for this rule.
+
 * `protocols` - (Required) Specifies a list of network protocols this rule applies to. Possible values are `Any`, `TCP`, `UDP`, `ICMP`.
 
 * `destination_ports` - (Required) Specifies a list of destination ports.
@@ -183,6 +185,8 @@ A `nat_rule` (NAT rule) block supports the following:
 
 * `name` - (Required) The name which should be used for this rule.
 
+* `description` - (Optional) The description which should be used for this rule.
+
 * `protocols` - (Required) Specifies a list of network protocols this rule applies to. Possible values are `TCP`, `UDP`.
 
 * `source_addresses` - (Optional) Specifies a list of source IP addresses (including CIDR, IP range and `*`).