Added support for network_access_policy

hashicorp · Dec 14, 2020 · 9aa359d · 9aa359d
1 parent dfbd11d
commit 9aa359d
Show file tree

Hide file tree

Showing 2 changed files with 177 additions and 0 deletions.
diff --git a/azurerm/internal/services/compute/managed_disk_resource.go b/azurerm/internal/services/compute/managed_disk_resource.go
@@ -143,6 +143,16 @@ func resourceArmManagedDisk() *schema.Resource {
 
 			"encryption_settings": encryptionSettingsSchema(),
 
+			"network_access_policy": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ValidateFunc: validation.StringInSlice([]string{
+					string(compute.AllowAll),
+					string(compute.AllowPrivate),
+					string(compute.DenyAll),
+				}, true),
+			},
+
 			"tags": tags.Schema(),
 		},
 	}
@@ -256,6 +266,10 @@ func resourceArmManagedDiskCreateUpdate(d *schema.ResourceData, meta interface{}
 		}
 	}
 
+	if v, ok := d.GetOk("network_access_policy"); ok {
+		props.NetworkAccessPolicy = compute.NetworkAccessPolicy(v.(string))
+	}
+
 	createDisk := compute.Disk{
 		Name:           &name,
 		Location:       &location,
@@ -373,6 +387,10 @@ func resourceArmManagedDiskUpdate(d *schema.ResourceData, meta interface{}) erro
 		}
 	}
 
+	if d.HasChange("network_access_policy") {
+		diskUpdate.NetworkAccessPolicy = compute.NetworkAccessPolicy(d.Get("network_access_policy").(string))
+	}
+
 	// whilst we need to shut this down, if we're not attached to anything there's no point
 	if shouldShutDown && disk.ManagedBy == nil {
 		shouldShutDown = false
@@ -544,6 +562,7 @@ func resourceArmManagedDiskRead(d *schema.ResourceData, meta interface{}) error
 		d.Set("disk_iops_read_write", props.DiskIOPSReadWrite)
 		d.Set("disk_mbps_read_write", props.DiskMBpsReadWrite)
 		d.Set("os_type", props.OsType)
+		d.Set("network_access_policy", props.NetworkAccessPolicy)
 
 		diskEncryptionSetId := ""
 		if props.Encryption != nil && props.Encryption.DiskEncryptionSetID != nil {

diff --git a/azurerm/internal/services/compute/tests/managed_disk_resource_test.go b/azurerm/internal/services/compute/tests/managed_disk_resource_test.go
@@ -487,6 +487,78 @@ func testDeleteAzureRMVirtualMachine(resourceName string) resource.TestCheckFunc
 	}
 }
 
+func TestAccAzureRMManagedDisk_create_withNetworkPolicy(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_managed_disk", "test")
+	var d compute.Disk
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMManagedDiskDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMManagedDisk_create_withNetworkPolicy(data),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMManagedDiskExists(data.ResourceName, &d, true),
+				),
+			},
+			data.ImportStep(),
+		},
+	})
+}
+
+func TestAccAzureRMManagedDisk_update_withNetworkPolicy(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_managed_disk", "test")
+	var d compute.Disk
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMManagedDiskDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMManagedDisk_create_withNetworkPolicy(data),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMManagedDiskExists(data.ResourceName, &d, true),
+					resource.TestCheckResourceAttr(data.ResourceName, "disk_iops_read_write", "101"),
+					resource.TestCheckResourceAttr(data.ResourceName, "disk_mbps_read_write", "10"),
+				),
+			},
+			{
+				Config: testAccAzureRMManagedDisk_update_withNetworkPolicy(data),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMManagedDiskExists(data.ResourceName, &d, true),
+					resource.TestCheckResourceAttr(data.ResourceName, "disk_iops_read_write", "102"),
+					resource.TestCheckResourceAttr(data.ResourceName, "disk_mbps_read_write", "11"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAzureRMManagedDisk_import_withNetworkPolicy(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_managed_disk", "test")
+	var d compute.Disk
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMManagedDiskDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMManagedDisk_create_withNetworkPolicy(data),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMManagedDiskExists(data.ResourceName, &d, true),
+				),
+			},
+			{
+				Config:      testAccAzureRMManagedDisk_import_withNetworkPolicy(data),
+				ExpectError: acceptance.RequiresImportError("azurerm_managed_disk"),
+			},
+		},
+	})
+}
+
 func testAccAzureRMManagedDisk_empty(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 provider "azurerm" {
@@ -1168,3 +1240,89 @@ resource "azurerm_linux_virtual_machine" "test" {
 }
 `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger)
 }
+
+func testAccAzureRMManagedDisk_create_withNetworkPolicy(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-%d"
+  location = "%s"
+}
+
+resource "azurerm_managed_disk" "test" {
+  name                  = "acctestd-%d"
+  location              = azurerm_resource_group.test.location
+  resource_group_name   = azurerm_resource_group.test.name
+  storage_account_type  = "Standard_LRS"
+  create_option         = "Empty"
+  disk_size_gb          = "4"
+  disk_iops_read_write  = "101"
+  disk_mbps_read_write  = "10"
+  zones                 = ["1"]
+  network_access_policy = "DenyAll"
+
+  tags = {
+    environment = "acctest"
+    cost-center = "ops"
+  }
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger)
+}
+
+func testAccAzureRMManagedDisk_update_withNetworkPolicy(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-%d"
+  location = "%s"
+}
+
+resource "azurerm_managed_disk" "test" {
+  name                  = "acctestd-%d"
+  location              = azurerm_resource_group.test.location
+  resource_group_name   = azurerm_resource_group.test.name
+  storage_account_type  = "Standard_LRS"
+  create_option         = "Empty"
+  disk_size_gb          = "4"
+  disk_iops_read_write  = "102"
+  disk_mbps_read_write  = "11"
+  zones                 = ["1"]
+  network_access_policy = "DenyAll"
+
+  tags = {
+    environment = "acctest"
+    cost-center = "ops"
+  }
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger)
+}
+
+func testAccAzureRMManagedDisk_import_withNetworkPolicy(data acceptance.TestData) string {
+	template := testAccAzureRMManagedDisk_create_withUltraSSD(data)
+	return fmt.Sprintf(`
+%s
+
+resource "azurerm_managed_disk" "import" {
+  name                  = azurerm_managed_disk.test.name
+  location              = azurerm_managed_disk.test.location
+  resource_group_name   = azurerm_managed_disk.test.resource_group_name
+  storage_account_type  = "Standard_LRS"
+  create_option         = "Empty"
+  disk_size_gb          = "4"
+  disk_iops_read_write  = "101"
+  disk_mbps_read_write  = "10"
+  network_access_policy = "DenyAll"
+
+  tags = {
+    environment = "acctest"
+    cost-center = "ops"
+  }
+}
+`, template)
+}