azurerm_nginx_deployment - support NGINX App Protect WAF

[arpith-f5]

Community Note

• Please vote on this PR by adding a :thumbsup: reaction to the original PR to help the community and maintainers prioritize for review
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for PR followers and do not help prioritize for review

Description

NGINXaaS now supports NGINX App Protect WAF. In order to use WAF, customers need to explicitly enable it while creating/update their NGINXaaS deployment. This commit includes changes to support a new block nginx_app_protect in azurerm_nginx_deployment resource to enable/disable WAF while creation or updating an NGINXaaS deployment.

PR Checklist

• [x] I have followed the guidelines in our Contributing Documentation.
• [x] I have checked to ensure there aren't other open Pull Requests for the same update/change.
• [x] I have checked if my changes close any open issues. If so please include appropriate closing keywords below.
• [x] I have updated/added Documentation as required written in a helpful and kind way to assist users that may be unfamiliar with the resource / data source.
• [x] I have used a meaningful PR title to help maintainers and other users understand this change and help prevent duplicate work. For example: “resource_name_here - description of change e.g. adding property new_property_name_here”

Changes to existing Resource / Data Source

• [x] I have added an explanation of what my changes do and why I'd like you to include them (This may be covered by linking to an issue above, but may benefit from additional explanation).
• [x] I have written new tests for my resource or datasource changes & updated any relevent documentation.
• [x] I have successfully run tests with my changes locally. If not, please provide details on testing challenges that prevented you running the tests.
• [x] (For changes that include a state migration only). I have manually tested the migration path between relevant versions of the provider.

Testing

• [x] My submission includes Test coverage as described in the Contribution Guide and the tests pass. (if this is not possible for any reason, please include details of why you did or could not add test coverage)

Manually tested create and update of a NGINXaaS deployment with WAF enabled/disabled

Change Log

Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.

• azurerm_nginx_deployment - support NGINX App Protect WAF

This is a (please select all that apply):

• [ ] Bug Fix
• [ ] New Feature (ie adding a service, resource, or data source)
• [x] Enhancement
• [ ] Breaking Change

Related Issue(s)

[!NOTE] If this PR changes meaningfully during the course of review please update the title and description as required.

[puneetsarna]

Looks like some vendor checks are failing?

[puneetsarna]

I like the newly flattened structure (less nested) to invoke this new feature as well 👍

[arpith-f5]

Hi @katbyte @stephybun, when you get time would you be able to take a look at this PR. Thanks in advance!

[puneetsarna]

Hi @katbyte!! I see @arpith-f5 pushed a fix for the test. Can you please re-run the tests and see if the issue persists?

[arpith-f5]

@katbyte would appreciate another look at this PR when convenient. Thanks in advance!

[russokj]

@katbyte - Anything left before this can be approved?

[WodansSon]

Looks like we still have test failures, if you can get that fixed up we can give this another go... 🙂

------- Stdout: -------
=== RUN   TestAccNginxDeploymentDataSource_nginxappprotect
=== PAUSE TestAccNginxDeploymentDataSource_nginxappprotect
=== CONT  TestAccNginxDeploymentDataSource_nginxappprotect
    testcase.go:173: Step 1/1 error: Check failed: Check 1/1 error: data.azurerm_nginx_deployment.test: Attribute 'web_application_firewall.0.activation_state' not found
--- FAIL: TestAccNginxDeploymentDataSource_nginxappprotect (426.85s)
FAIL

[arpith-f5]

@WodansSon Thank you for the review. I missed to fix the test after my last change. I have fixed it now and it passed locally. Could you review again

TF_ACC=1 go test -v ./internal/services/nginx -run=TestAccNginxDeploymentDataSource_nginxappprotect -timeout 60m -ldflags="-X=github.com/hashicorp/terraform-provider-azurerm/version.ProviderVersion=acc"
=== RUN   TestAccNginxDeploymentDataSource_nginxappprotect
=== PAUSE TestAccNginxDeploymentDataSource_nginxappprotect
=== CONT  TestAccNginxDeploymentDataSource_nginxappprotect
--- PASS: TestAccNginxDeploymentDataSource_nginxappprotect (401.70s)
PASS
ok  	github.com/hashicorp/terraform-provider-azurerm/internal/services/nginx	405.335s

[russokj]

@WodansSon Are there any other changes which are needed before approving this MR?

[arpith-f5]

@WodansSon just a gentle reminder for a re-review when you get a chance. Thanks in advance!

[WodansSon]

@arpith-f5, I have kicked off a test run... there were some minor issues I noticed while looking over the PR, but nothing that would prevent it from being merged. If the tests pass I believe this PR is good to go! 🚀

[github-actions[bot]]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.