diff --git a/azurerm/internal/services/loganalytics/log_analytics_workspace_resource.go b/azurerm/internal/services/loganalytics/log_analytics_workspace_resource.go index 12f50c6ca669..b18b740664e4 100644 --- a/azurerm/internal/services/loganalytics/log_analytics_workspace_resource.go +++ b/azurerm/internal/services/loganalytics/log_analytics_workspace_resource.go @@ -57,6 +57,18 @@ func resourceArmLogAnalyticsWorkspace() *schema.Resource { "resource_group_name": azure.SchemaResourceGroupNameDiffSuppress(), + "internet_ingestion_enabled": { + Type: schema.TypeBool, + Optional: true, + Default: true, + }, + + "internet_query_enabled": { + Type: schema.TypeBool, + Optional: true, + Default: true, + }, + "sku": { Type: schema.TypeString, Optional: true, @@ -147,6 +159,15 @@ func resourceArmLogAnalyticsWorkspaceCreateUpdate(d *schema.ResourceData, meta i Name: operationalinsights.WorkspaceSkuNameEnum(skuName), } + internetIngestionEnabled := operationalinsights.Disabled + if d.Get("internet_ingestion_enabled").(bool) { + internetIngestionEnabled = operationalinsights.Enabled + } + internetQueryEnabled := operationalinsights.Disabled + if d.Get("internet_query_enabled").(bool) { + internetQueryEnabled = operationalinsights.Enabled + } + retentionInDays := int32(d.Get("retention_in_days").(int)) t := d.Get("tags").(map[string]interface{}) @@ -156,8 +177,10 @@ func resourceArmLogAnalyticsWorkspaceCreateUpdate(d *schema.ResourceData, meta i Location: &location, Tags: tags.Expand(t), WorkspaceProperties: &operationalinsights.WorkspaceProperties{ - Sku: sku, - RetentionInDays: &retentionInDays, + Sku: sku, + PublicNetworkAccessForIngestion: internetIngestionEnabled, + PublicNetworkAccessForQuery: internetQueryEnabled, + RetentionInDays: &retentionInDays, }, } @@ -209,6 +232,9 @@ func resourceArmLogAnalyticsWorkspaceRead(d *schema.ResourceData, meta interface d.Set("location", azure.NormalizeLocation(*location)) } + d.Set("internet_ingestion_enabled", resp.PublicNetworkAccessForIngestion == operationalinsights.Enabled) + d.Set("internet_query_enabled", resp.PublicNetworkAccessForQuery == operationalinsights.Enabled) + d.Set("workspace_id", resp.CustomerID) d.Set("portal_url", "") if sku := resp.Sku; sku != nil { diff --git a/azurerm/internal/services/loganalytics/tests/log_analytics_workspace_resource_test.go b/azurerm/internal/services/loganalytics/tests/log_analytics_workspace_resource_test.go index 836687208513..7c5cdc07ee68 100644 --- a/azurerm/internal/services/loganalytics/tests/log_analytics_workspace_resource_test.go +++ b/azurerm/internal/services/loganalytics/tests/log_analytics_workspace_resource_test.go @@ -199,6 +199,58 @@ func TestAccAzureRMLogAnalyticsWorkspace_removeVolumeCap(t *testing.T) { }) } +func TestAccAzureRMLogAnalyticsWorkspace_withInternetIngestionEnabled(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_log_analytics_workspace", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMLogAnalyticsWorkspaceDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMLogAnalyticsWorkspace_withInternetIngestionEnabled(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMLogAnalyticsWorkspaceExists(data.ResourceName), + ), + }, + data.ImportStep(), + { + Config: testAccAzureRMLogAnalyticsWorkspace_withInternetIngestionEnabledUpdate(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMLogAnalyticsWorkspaceExists(data.ResourceName), + ), + }, + data.ImportStep(), + }, + }) +} + +func TestAccAzureRMLogAnalyticsWorkspace_withInternetQueryEnabled(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_log_analytics_workspace", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMLogAnalyticsWorkspaceDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMLogAnalyticsWorkspace_withInternetQueryEnabled(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMLogAnalyticsWorkspaceExists(data.ResourceName), + ), + }, + data.ImportStep(), + { + Config: testAccAzureRMLogAnalyticsWorkspace_withInternetQueryEnabledUpdate(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMLogAnalyticsWorkspaceExists(data.ResourceName), + ), + }, + data.ImportStep(), + }, + }) +} + func testCheckAzureRMLogAnalyticsWorkspaceDestroy(s *terraform.State) error { conn := acceptance.AzureProvider.Meta().(*clients.Client).LogAnalytics.WorkspacesClient ctx := acceptance.AzureProvider.Meta().(*clients.Client).StopContext @@ -404,3 +456,87 @@ resource "azurerm_log_analytics_workspace" "test" { } `, data.RandomInteger, data.Locations.Primary, data.RandomInteger) } + +func testAccAzureRMLogAnalyticsWorkspace_withInternetIngestionEnabled(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +resource "azurerm_log_analytics_workspace" "test" { + name = "acctestLAW-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + internet_ingestion_enabled = true + sku = "PerGB2018" +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger) +} + +func testAccAzureRMLogAnalyticsWorkspace_withInternetIngestionEnabledUpdate(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +resource "azurerm_log_analytics_workspace" "test" { + name = "acctestLAW-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + internet_ingestion_enabled = false + sku = "PerGB2018" +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger) +} + +func testAccAzureRMLogAnalyticsWorkspace_withInternetQueryEnabled(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +resource "azurerm_log_analytics_workspace" "test" { + name = "acctestLAW-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + internet_query_enabled = true + sku = "PerGB2018" +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger) +} + +func testAccAzureRMLogAnalyticsWorkspace_withInternetQueryEnabledUpdate(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +resource "azurerm_log_analytics_workspace" "test" { + name = "acctestLAW-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + internet_query_enabled = false + sku = "PerGB2018" +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger) +} diff --git a/website/docs/r/log_analytics_workspace.html.markdown b/website/docs/r/log_analytics_workspace.html.markdown index 0dc0d0f0359c..dcbbcaace6d4 100644 --- a/website/docs/r/log_analytics_workspace.html.markdown +++ b/website/docs/r/log_analytics_workspace.html.markdown @@ -49,6 +49,10 @@ The following arguments are supported: ~> **NOTE:** When `sku_name` is set to `Free` this field can be set to a maximum of `0.5` (GB), and has a default value of `0.5`. +* `internet_ingestion_enabled ` - (Optional) Should the Log Analytics Workflow support ingestion over the Public Internet? Defaults to `true`. + +* `internet_query_enabled` - (Optional) Should the Log Analytics Workflow support querying over the Public Internet? Defaults to `true`. + * `tags` - (Optional) A mapping of tags to assign to the resource. ## Attributes Reference