add fields to loganalytics workspaces

azurerm/internal/services/loganalytics/log_analytics_workspace_resource.go

@@ -49,6 +49,18 @@ func resourceArmLogAnalyticsWorkspace() *schema.Resource {
 
 			"resource_group_name": azure.SchemaResourceGroupNameDiffSuppress(),
 
+			"public_network_access_for_ingestion_enabled": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  true,
+			},
+
+			"public_network_access_for_query_enabled": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  true,
+			},
+
 			"sku": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -91,6 +103,24 @@ func resourceArmLogAnalyticsWorkspace() *schema.Resource {
 				Deprecated: "this property has been removed from the API and will be removed in version 3.0 of the provider",
 			},
 
+			"private_link_scoped_resource": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"resource_id": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+
+						"scope_id": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+
 			"primary_shared_key": {
 				Type:      schema.TypeString,
 				Computed:  true,
@@ -136,6 +166,15 @@ func resourceArmLogAnalyticsWorkspaceCreateUpdate(d *schema.ResourceData, meta i
 		Name: operationalinsights.WorkspaceSkuNameEnum(skuName),
 	}
 
+	publicNetworkAccessForIngestion := operationalinsights.Disabled
+	if d.Get("public_network_access_for_ingestion_enabled").(bool) {
+		publicNetworkAccessForIngestion = operationalinsights.Enabled
+	}
+	publicNetworkAccessForQuery := operationalinsights.Disabled
+	if d.Get("public_network_access_for_query_enabled").(bool) {
+		publicNetworkAccessForQuery = operationalinsights.Enabled
+	}
+
 	retentionInDays := int32(d.Get("retention_in_days").(int))
 	dailyQuotaGb := d.Get("daily_quota_gb").(float64)
 
@@ -147,6 +186,8 @@ func resourceArmLogAnalyticsWorkspaceCreateUpdate(d *schema.ResourceData, meta i
 		Tags:     tags.Expand(t),
 		WorkspaceProperties: &operationalinsights.WorkspaceProperties{
 			Sku:             sku,
+			PublicNetworkAccessForIngestion: publicNetworkAccessForIngestion,
+			PublicNetworkAccessForQuery:     publicNetworkAccessForQuery,
 			RetentionInDays: &retentionInDays,
 			WorkspaceCapping: &operationalinsights.WorkspaceCapping{
 				DailyQuotaGb: &dailyQuotaGb,
@@ -202,6 +243,9 @@ func resourceArmLogAnalyticsWorkspaceRead(d *schema.ResourceData, meta interface
 		d.Set("location", azure.NormalizeLocation(*location))
 	}
 
+	d.Set("public_network_access_for_ingestion_enabled", resp.PublicNetworkAccessForIngestion != operationalinsights.Disabled)
+	d.Set("public_network_access_for_query_enabled", resp.PublicNetworkAccessForQuery != operationalinsights.Disabled)
+
 	d.Set("workspace_id", resp.CustomerID)
 	d.Set("portal_url", "")
 	if sku := resp.Sku; sku != nil {
@@ -214,6 +258,10 @@ func resourceArmLogAnalyticsWorkspaceRead(d *schema.ResourceData, meta interface
 		d.Set("daily_quota_gb", utils.Float(-1))
 	}
 
+	if err := d.Set("private_link_scoped_resource", flattenArmWorkspacePrivateLinkScopedResourceArray(resp.PrivateLinkScopedResources)); err != nil {
+		return fmt.Errorf("setting `private_link_scoped_resource`: %+v", err)
+	}
+
 	sharedKeys, err := sharedKeysClient.GetSharedKeys(ctx, id.ResourceGroup, id.Name)
 	if err != nil {
 		log.Printf("[ERROR] Unable to List Shared keys for Log Analytics workspaces %s: %+v", id.Name, err)
@@ -263,3 +311,26 @@ func ValidateAzureRmLogAnalyticsWorkspaceName(v interface{}, _ string) (warnings
 
 	return warnings, errors
 }
+
+func flattenArmWorkspacePrivateLinkScopedResourceArray(input *[]operationalinsights.PrivateLinkScopedResource) []interface{} {
+	results := make([]interface{}, 0)
+	if input == nil {
+		return results
+	}
+
+	for _, item := range *input {
+		var resourceId string
+		if item.ResourceID != nil {
+			resourceId = *item.ResourceID
+		}
+		var scopeId string
+		if item.ScopeID != nil {
+			scopeId = *item.ScopeID
+		}
+		results = append(results, map[string]interface{}{
+			"resource_id": resourceId,
+			"scope_id":    scopeId,
+		})
+	}
+	return results
+}

azurerm/internal/services/loganalytics/tests/log_analytics_workspace_resource_test.go

@@ -172,6 +172,58 @@ func TestAccAzureRMLogAnalyticsWorkspace_withVolumeCap(t *testing.T) {
 	})
 }
 
+func TestAccAzureRMLogAnalyticsWorkspace_withPublicNetworkAccessForIngestion(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_log_analytics_workspace", "test")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMLogAnalyticsWorkspaceDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMLogAnalyticsWorkspace_withPublicNetworkAccessForIngestionEnabled(data),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMLogAnalyticsWorkspaceExists(data.ResourceName),
+				),
+			},
+			data.ImportStep(),
+			{
+				Config: testAccAzureRMLogAnalyticsWorkspace_withPublicNetworkAccessForIngestionDisabled(data),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMLogAnalyticsWorkspaceExists(data.ResourceName),
+				),
+			},
+			data.ImportStep(),
+		},
+	})
+}
+
+func TestAccAzureRMLogAnalyticsWorkspace_withPublicNetworkAccessForQuery(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_log_analytics_workspace", "test")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMLogAnalyticsWorkspaceDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMLogAnalyticsWorkspace_withPublicNetworkAccessForQueryEnabled(data),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMLogAnalyticsWorkspaceExists(data.ResourceName),
+				),
+			},
+			data.ImportStep(),
+			{
+				Config: testAccAzureRMLogAnalyticsWorkspace_withPublicNetworkAccessForQueryDisabled(data),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMLogAnalyticsWorkspaceExists(data.ResourceName),
+				),
+			},
+			data.ImportStep(),
+		},
+	})
+}
+
 func testCheckAzureRMLogAnalyticsWorkspaceDestroy(s *terraform.State) error {
 	conn := acceptance.AzureProvider.Meta().(*clients.Client).LogAnalytics.WorkspacesClient
 	ctx := acceptance.AzureProvider.Meta().(*clients.Client).StopContext
@@ -352,3 +404,87 @@ resource "azurerm_log_analytics_workspace" "test" {
 }
 `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, volumeCapGb)
 }
+
+func testAccAzureRMLogAnalyticsWorkspace_withPublicNetworkAccessForIngestionEnabled(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-%d"
+  location = "%s"
+}
+
+resource "azurerm_log_analytics_workspace" "test" {
+  name                                        = "acctestLAW-%d"
+  location                                    = azurerm_resource_group.test.location
+  resource_group_name                         = azurerm_resource_group.test.name
+  public_network_access_for_ingestion_enabled = true
+  sku                                         = "PerGB2018"
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger)
+}
+
+func testAccAzureRMLogAnalyticsWorkspace_withPublicNetworkAccessForIngestionDisabled(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-%d"
+  location = "%s"
+}
+
+resource "azurerm_log_analytics_workspace" "test" {
+  name                                        = "acctestLAW-%d"
+  location                                    = azurerm_resource_group.test.location
+  resource_group_name                         = azurerm_resource_group.test.name
+  public_network_access_for_ingestion_enabled = false
+  sku                                         = "PerGB2018"
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger)
+}
+
+func testAccAzureRMLogAnalyticsWorkspace_withPublicNetworkAccessForQueryEnabled(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-%d"
+  location = "%s"
+}
+
+resource "azurerm_log_analytics_workspace" "test" {
+  name                                    = "acctestLAW-%d"
+  location                                = azurerm_resource_group.test.location
+  resource_group_name                     = azurerm_resource_group.test.name
+  public_network_access_for_query_enabled = true
+  sku                                     = "PerGB2018"
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger)
+}
+
+func testAccAzureRMLogAnalyticsWorkspace_withPublicNetworkAccessForQueryDisabled(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-%d"
+  location = "%s"
+}
+
+resource "azurerm_log_analytics_workspace" "test" {
+  name                                    = "acctestLAW-%d"
+  location                                = azurerm_resource_group.test.location
+  resource_group_name                     = azurerm_resource_group.test.name
+  public_network_access_for_query_enabled = false
+  sku                                     = "PerGB2018"
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger)
+}

website/docs/r/log_analytics_workspace.html.markdown

@@ -45,6 +45,10 @@ The following arguments are supported:
 
 * `daily_quota_gb` - (Optional) The workspace daily quota for ingestion in GB.  Defaults to -1 (unlimited).
 
+* `public_network_access_for_ingestion` - (Optional) Should the network access type for accessing Log Analytics ingestion be enabled?
+
+* `public_network_access_for_query` - (Optional) Should the network access type for accessing Log Analytics query be enabled?
+
 * `tags` - (Optional) A mapping of tags to assign to the resource.
 
 ## Attributes Reference
@@ -57,8 +61,18 @@ The following attributes are exported:
 
 * `secondary_shared_key` - The Secondary shared key for the Log Analytics Workspace.
 
+* `private_link_scoped_resource` - One or more `private_link_scoped_resource` blocks as defined below.
+
 * `workspace_id` - The Workspace (or Customer) ID for the Log Analytics Workspace.
 
+---
+
+A `private_link_scoped_resource` block exports the following:
+
+* `resource_id` - The ID of the resource.
+
+* `scope_id` - The ID of the scope.
+
 ## Timeouts
 
 The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions: