fixes #5864 and #6763

WodansSon · tombuildsstuff · web-flow · commit 001fefb72772 · 2020-05-13T15:07:51.000-07:00
* Adding private endpoint example HCL

* Update examples/private_endpoint/postgreSql/README.md

Co-authored-by: Tom Harvey &lt;tombuildsstuff@users.noreply.github.com&gt;

* Update examples/private_endpoint/cosmosDb/README.md

Co-authored-by: Tom Harvey &lt;tombuildsstuff@users.noreply.github.com&gt;

* Requested changes per PR review

* Update location descriptions in README.md

Co-authored-by: Tom Harvey &lt;tombuildsstuff@users.noreply.github.com&gt;
diff --git a/examples/private-endpoint/cosmos-db/README.md b/examples/private-endpoint/cosmos-db/README.md
@@ -0,0 +1,9 @@
+## Example: Private Endpoint
+
+This example provisions a Private Endpoint in Azure connected to a CosmosDB Account configured with MongoDB.
+
+### Variables
+
+* `prefix` - (Required) The prefix used for all resources in this example.
+
+* `location` - (Required) The Azure Region in which all resources in this example should be created.
diff --git a/examples/private-endpoint/cosmos-db/main.tf b/examples/private-endpoint/cosmos-db/main.tf
@@ -0,0 +1,66 @@
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "example" {
+  name     = "${var.prefix}-resources"
+  location = "${var.location}"
+}
+
+resource "azurerm_virtual_network" "example" {
+  name                = "${var.prefix}-vnet"
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+}
+
+resource "azurerm_subnet" "endpoint" {
+  name                 = "endpoint"
+  resource_group_name  = azurerm_resource_group.example.name
+  virtual_network_name = azurerm_virtual_network.example.name
+  address_prefix       = "10.0.2.0/24"
+
+  enforce_private_link_endpoint_network_policies = true
+}
+
+resource "azurerm_cosmosdb_account" "example" {
+  name                = "${var.prefix}-cosmosdb-example"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+  offer_type          = "Standard"
+  kind                = "MongoDB"
+
+  enable_automatic_failover         = false
+  is_virtual_network_filter_enabled = true
+  ip_range_filter                   = "104.42.195.92,40.76.54.131,52.176.6.30,52.169.50.45,52.187.184.26"
+
+  capabilities {
+    name = "EnableMongo"
+  }
+
+  consistency_policy {
+    consistency_level       = "BoundedStaleness"
+    max_interval_in_seconds = 310
+    max_staleness_prefix    = 101000
+  }
+
+  geo_location {
+    prefix            = "${var.prefix}-cosmos-db-customid"
+    location          = azurerm_resource_group.example.location
+    failover_priority = 0
+  }
+}
+
+resource "azurerm_private_endpoint" "example" {
+  name                 = "${var.prefix}-pe"
+  location             = azurerm_resource_group.example.location
+  resource_group_name  = azurerm_resource_group.example.name
+  subnet_id            = azurerm_subnet.endpoint.id
+
+  private_service_connection {
+    name                           = "tfex-cosmosdb-connection"
+    is_manual_connection           = false
+    private_connection_resource_id = azurerm_cosmosdb_account.example.id
+    subresource_names              = ["MongoDB"]
+  }
+}
diff --git a/examples/private-endpoint/cosmos-db/variables.tf b/examples/private-endpoint/cosmos-db/variables.tf
diff --git a/examples/private-endpoint/postgresql/README.md b/examples/private-endpoint/postgresql/README.md
@@ -0,0 +1,9 @@
+## Example: Private Endpoint
+
+This example provisions a Private Endpoint which connects to a PostgreSQL server within Azure.
+
+### Variables
+
+* `prefix` - (Required) The prefix used for all resources in this example.
+
+* `location` - (Required) The Azure Region in which all resources in this example should be created.
diff --git a/examples/private-endpoint/postgresql/main.tf b/examples/private-endpoint/postgresql/main.tf
@@ -0,0 +1,54 @@
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "example" {
+  name     = "${var.prefix}-resources"
+  location = "${var.location}"
+}
+
+resource "azurerm_virtual_network" "example" {
+  name                = "${var.prefix}-vnet"
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+}
+
+resource "azurerm_subnet" "endpoint" {
+  name                 = "endpoint"
+  resource_group_name  = azurerm_resource_group.example.name
+  virtual_network_name = azurerm_virtual_network.example.name
+  address_prefix       = "10.0.2.0/24"
+
+  enforce_private_link_endpoint_network_policies = true
+}
+
+resource "azurerm_postgresql_server" "example" {
+  name                = "${var.prefix}-postgresql"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+
+  administrator_login          = "psqladmin"
+  administrator_login_password = "H@Sh1CoR3!"
+  auto_grow_enabled            = true
+  backup_retention_days        = 7
+  geo_redundant_backup_enabled = false
+  sku_name                     = "GP_Gen5_2"
+  ssl_enforcement_enabled      = true
+  storage_mb                   = 51200
+  version                      = "11"
+}
+
+resource "azurerm_private_endpoint" "example" {
+  name                 = "${var.prefix}-pe"
+  location             = azurerm_resource_group.example.location
+  resource_group_name  = azurerm_resource_group.example.name
+  subnet_id            = azurerm_subnet.endpoint.id
+
+  private_service_connection {
+    name                           = "tfex-postgresql-connection"
+    is_manual_connection           = false
+    private_connection_resource_id = azurerm_postgresql_server.example.id
+    subresource_names              = ["postgresqlServer"]
+  }
+}
diff --git a/examples/private-endpoint/postgresql/variables.tf b/examples/private-endpoint/postgresql/variables.tf
@@ -0,0 +1,7 @@
+variable "prefix" {
+  description = "The Prefix used for all resources in this example"
+}
+
+variable "location" {
+  description = "The Azure Region in which all resources in this example should be created."
+}
diff --git a/examples/private-endpoint/private-link-service/README.md b/examples/private-endpoint/private-link-service/README.md
@@ -0,0 +1,9 @@
+## Example: Private Endpoint
+
+This example provisions a Private Endpoint which connects to a Private Link Service within Azure.
+
+### Variables
+
+* `prefix` - (Required) The prefix used for all resources in this example.
+
+* `location` - (Required) The Azure Region in which all resources in this example should be created.
diff --git a/examples/private-endpoint/private-link-service/main.tf b/examples/private-endpoint/private-link-service/main.tf
@@ -0,0 +1,85 @@
+provider "azurerm" {
+  features {}
+}
+
+data "azurerm_subscription" "current" {}
+
+resource "azurerm_resource_group" "example" {
+  name     = "${var.prefix}-resources"
+  location = "${var.location}"
+}
+
+resource "azurerm_virtual_network" "example" {
+  name                = "${var.prefix}-vnet"
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+}
+
+resource "azurerm_subnet" "service" {
+  name                 = "service"
+  resource_group_name  = azurerm_resource_group.example.name
+  virtual_network_name = azurerm_virtual_network.example.name
+  address_prefix       = "10.0.1.0/24"
+
+  enforce_private_link_service_network_policies = true
+}
+
+resource "azurerm_subnet" "endpoint" {
+  name                 = "endpoint"
+  resource_group_name  = azurerm_resource_group.example.name
+  virtual_network_name = azurerm_virtual_network.example.name
+  address_prefix       = "10.0.2.0/24"
+
+  enforce_private_link_endpoint_network_policies = true
+}
+
+resource "azurerm_public_ip" "example" {
+  name                = "${var.prefix}-pip"
+  sku                 = "Standard"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+  allocation_method   = "Static"
+}
+
+resource "azurerm_lb" "example" {
+  name                = "${var.prefix}-lb"
+  sku                 = "Standard"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+
+  frontend_ip_configuration {
+    name                 = azurerm_public_ip.example.name
+    public_ip_address_id = azurerm_public_ip.example.id
+  }
+}
+
+resource "azurerm_private_link_service" "example" {
+  name                = "${var.prefix}-pls"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+
+  auto_approval_subscription_ids = [data.azurerm_subscription.current.subscription_id]
+  visibility_subscription_ids    = [data.azurerm_subscription.current.subscription_id]
+  
+  nat_ip_configuration {
+    name      = azurerm_public_ip.example.name
+    subnet_id = azurerm_subnet.service.id
+    primary   = true
+  }
+  
+  load_balancer_frontend_ip_configuration_ids = [azurerm_lb.example.frontend_ip_configuration.0.id]
+}
+
+resource "azurerm_private_endpoint" "example" {
+  name                 = "${var.prefix}-pe"
+  location             = azurerm_resource_group.example.location
+  resource_group_name  = azurerm_resource_group.example.name
+  subnet_id            = azurerm_subnet.endpoint.id
+
+  private_service_connection {
+    name                           = "tfex-pls-connection"
+    is_manual_connection           = false
+    private_connection_resource_id = azurerm_private_link_service.example.id
+  }
+}
diff --git a/examples/private-endpoint/private-link-service/variables.tf b/examples/private-endpoint/private-link-service/variables.tf
@@ -0,0 +1,7 @@
+variable "prefix" {
+  description = "The Prefix used for all resources in this example"
+}
+
+variable "location" {
+  description = "The Azure Region in which all resources in this example should be created."
+}
diff --git a/examples/private_endpoint/README.md b/examples/private_endpoint/README.md
diff --git a/examples/private_endpoint/main.tf b/examples/private_endpoint/main.tf
diff --git a/website/docs/r/private_endpoint.html.markdown b/website/docs/r/private_endpoint.html.markdown
@@ -151,6 +151,12 @@ The following attributes are exported:
 
 * `id` - The ID of the Private Endpoint.
 
+## Example HCL Configurations
+
+* How to connect a `Private Endpoint` to a [Cosmos MongoDB](https://github.com/terraform-providers/terraform-provider-azurerm/tree/master/examples/private-endpoint/cosmos-db)
+* How to connect a `Private Endpoint` to a [PostgreSQL Server](https://github.com/terraform-providers/terraform-provider-azurerm/tree/master/examples/private-endpoint/postgresql)
+* How to connect a `Private Endpoint` to a [Private Link Service](https://github.com/terraform-providers/terraform-provider-azurerm/tree/master/examples/private-endpoint/private-link-service)
+
 ## Timeouts
 
 The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions:
