diff --git a/internal/services/network/express_route_connection_resource.go b/internal/services/network/express_route_connection_resource.go index 8bdc3a996be0..fbd0bed001a5 100644 --- a/internal/services/network/express_route_connection_resource.go +++ b/internal/services/network/express_route_connection_resource.go @@ -7,6 +7,7 @@ import ( "fmt" "time" + "github.com/hashicorp/go-azure-helpers/lang/pointer" "github.com/hashicorp/terraform-provider-azurerm/helpers/tf" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" "github.com/hashicorp/terraform-provider-azurerm/internal/services/network/parse" @@ -71,6 +72,12 @@ func resourceExpressRouteConnection() *pluginsdk.Resource { Optional: true, }, + "private_link_fast_path_enabled": { + Type: pluginsdk.TypeBool, + Optional: true, + Default: false, + }, + "express_route_gateway_bypass_enabled": { Type: pluginsdk.TypeBool, Optional: true, @@ -173,6 +180,10 @@ func resourceExpressRouteConnectionCreate(d *pluginsdk.ResourceData, meta interf return tf.ImportAsExistsError("azurerm_express_route_connection", id.ID()) } + if d.Get("private_link_fast_path_enabled").(bool) && !d.Get("express_route_gateway_bypass_enabled").(bool) { + return fmt.Errorf("`express_route_gateway_bypass_enabled` must be enabled when `private_link_fast_path_enabled` is set to `true`") + } + parameters := network.ExpressRouteConnection{ Name: utils.String(id.Name), ExpressRouteConnectionProperties: &network.ExpressRouteConnectionProperties{ @@ -183,6 +194,7 @@ func resourceExpressRouteConnectionCreate(d *pluginsdk.ResourceData, meta interf RoutingConfiguration: expandExpressRouteConnectionRouting(d.Get("routing").([]interface{})), RoutingWeight: utils.Int32(int32(d.Get("routing_weight").(int))), ExpressRouteGatewayBypass: utils.Bool(d.Get("express_route_gateway_bypass_enabled").(bool)), + EnablePrivateLinkFastPath: utils.Bool(d.Get("private_link_fast_path_enabled").(bool)), }, } @@ -230,6 +242,7 @@ func resourceExpressRouteConnectionRead(d *pluginsdk.ResourceData, meta interfac d.Set("routing_weight", props.RoutingWeight) d.Set("authorization_key", props.AuthorizationKey) d.Set("enable_internet_security", props.EnableInternetSecurity) + d.Set("private_link_fast_path_enabled", pointer.From(props.EnablePrivateLinkFastPath)) if props.ExpressRouteGatewayBypass != nil { d.Set("express_route_gateway_bypass_enabled", props.ExpressRouteGatewayBypass) @@ -267,6 +280,9 @@ func resourceExpressRouteConnectionUpdate(d *pluginsdk.ResourceData, meta interf return err } + if d.Get("private_link_fast_path_enabled").(bool) && !d.Get("express_route_gateway_bypass_enabled").(bool) { + return fmt.Errorf("`express_route_gateway_bypass_enabled` must be enabled when `private_link_fast_path_enabled` is set to `true`") + } parameters := network.ExpressRouteConnection{ Name: utils.String(id.Name), ExpressRouteConnectionProperties: &network.ExpressRouteConnectionProperties{ @@ -277,6 +293,7 @@ func resourceExpressRouteConnectionUpdate(d *pluginsdk.ResourceData, meta interf RoutingConfiguration: expandExpressRouteConnectionRouting(d.Get("routing").([]interface{})), RoutingWeight: utils.Int32(int32(d.Get("routing_weight").(int))), ExpressRouteGatewayBypass: utils.Bool(d.Get("express_route_gateway_bypass_enabled").(bool)), + EnablePrivateLinkFastPath: utils.Bool(d.Get("private_link_fast_path_enabled").(bool)), }, } diff --git a/internal/services/network/express_route_connection_resource_test.go b/internal/services/network/express_route_connection_resource_test.go index 2766ae6257cd..9f92a1dfa363 100644 --- a/internal/services/network/express_route_connection_resource_test.go +++ b/internal/services/network/express_route_connection_resource_test.go @@ -147,12 +147,14 @@ func (r ExpressRouteConnectionResource) complete(data acceptance.TestData) strin %s resource "azurerm_express_route_connection" "test" { - name = "acctest-ExpressRouteConnection-%d" - express_route_gateway_id = azurerm_express_route_gateway.test.id - express_route_circuit_peering_id = azurerm_express_route_circuit_peering.test.id - routing_weight = 2 - authorization_key = "90f8db47-e25b-4b65-a68b-7743ced2a16b" - enable_internet_security = true + name = "acctest-ExpressRouteConnection-%d" + express_route_gateway_id = azurerm_express_route_gateway.test.id + express_route_circuit_peering_id = azurerm_express_route_circuit_peering.test.id + routing_weight = 2 + authorization_key = "90f8db47-e25b-4b65-a68b-7743ced2a16b" + enable_internet_security = true + private_link_fast_path_enabled = true + express_route_gateway_bypass_enabled = true routing { associated_route_table_id = azurerm_virtual_hub.test.default_route_table_id @@ -223,6 +225,7 @@ resource "azurerm_express_route_connection" "test" { routing_weight = 2 authorization_key = "90f8db47-e25b-4b65-a68b-7743ced2a16b" enable_internet_security = true + private_link_fast_path_enabled = true express_route_gateway_bypass_enabled = true routing { diff --git a/website/docs/r/express_route_connection.html.markdown b/website/docs/r/express_route_connection.html.markdown index b4ade15c241a..d85a0b67d538 100644 --- a/website/docs/r/express_route_connection.html.markdown +++ b/website/docs/r/express_route_connection.html.markdown @@ -98,6 +98,8 @@ The following arguments are supported: * `express_route_gateway_bypass_enabled` - (Optional) Specified whether Fast Path is enabled for Virtual Wan Firewall Hub. Defaults to `false`. +* `private_link_fast_path_enabled` - (Optional) Bypass the Express Route gateway when accessing private-links. When enabled `express_route_gateway_bypass_enabled` must be set to `true`. Defaults to `false`. + * `routing` - (Optional) A `routing` block as defined below. * `routing_weight` - (Optional) The routing weight associated to the Express Route Connection. Possible value is between `0` and `32000`. Defaults to `0`.