From 518917ba6e4bb8dfba3fad620517c3671c85fa1b Mon Sep 17 00:00:00 2001
From: Simon Schneider <simon.schneider@volocopter.com>
Date: Tue, 12 Mar 2024 09:58:03 +0000
Subject: [PATCH 1/3] feat(kusto_cluster): add private endpoint

---
 data_explorer.tf                                 |  2 ++
 .../data_explorer/kusto_clusters/module.tf       | 13 +++++++------
 .../kusto_clusters/private_endpoint.tf           | 16 ++++++++++++++++
 .../data_explorer/kusto_clusters/variables.tf    |  2 +-
 4 files changed, 26 insertions(+), 7 deletions(-)
 create mode 100644 modules/databases/data_explorer/kusto_clusters/private_endpoint.tf

diff --git a/data_explorer.tf b/data_explorer.tf
index ee06f70ee5..7d4b408304 100644
--- a/data_explorer.tf
+++ b/data_explorer.tf
@@ -7,9 +7,11 @@ module "kusto_clusters" {
   settings            = each.value
   location            = can(local.global_settings.regions[each.value.region]) ? local.global_settings.regions[each.value.region] : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location
   resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name
+  private_endpoints   = try(each.value.private_endpoints, {})
   base_tags           = try(local.global_settings.inherit_tags, false) ? try(local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].tags, {}) : {}
 
   combined_resources = {
+    private_dns        = local.combined_objects_private_dns
     vnets              = local.combined_objects_networking
     pips               = local.combined_objects_public_ip_addresses
     managed_identities = local.combined_objects_managed_identities
diff --git a/modules/databases/data_explorer/kusto_clusters/module.tf b/modules/databases/data_explorer/kusto_clusters/module.tf
index 82bea499fe..4a7ad9ffbf 100644
--- a/modules/databases/data_explorer/kusto_clusters/module.tf
+++ b/modules/databases/data_explorer/kusto_clusters/module.tf
@@ -52,9 +52,10 @@ resource "azurerm_kusto_cluster" "kusto" {
       maximum_instances = optimized_auto_scale.value.maximum_instances
     }
   }
-  trusted_external_tenants = try(var.settings.trusted_external_tenants, null)
-  zones                    = try(var.settings.zones, null)
-  engine                   = try(var.settings.engine, null)
-  auto_stop_enabled        = try(var.settings.auto_stop_enabled, null)
-  tags                     = local.tags
-}
\ No newline at end of file
+  trusted_external_tenants      = try(var.settings.trusted_external_tenants, null)
+  zones                         = try(var.settings.zones, null)
+  engine                        = try(var.settings.engine, null)
+  auto_stop_enabled             = try(var.settings.auto_stop_enabled, null)
+  public_network_access_enabled = try(var.settings.public_network_access_enabled, null)
+  tags                          = local.tags
+}
diff --git a/modules/databases/data_explorer/kusto_clusters/private_endpoint.tf b/modules/databases/data_explorer/kusto_clusters/private_endpoint.tf
new file mode 100644
index 0000000000..8c1d1b88c5
--- /dev/null
+++ b/modules/databases/data_explorer/kusto_clusters/private_endpoint.tf
@@ -0,0 +1,16 @@
+module "private_endpoint" {
+  source   = "../../../networking/private_endpoint"
+  for_each = try(var.private_endpoints, {})
+
+  resource_id         = azurerm_kusto_cluster.kusto.id
+  name                = each.value.name
+  location            = var.location
+  resource_group_name = var.resource_group_name
+  subnet_id           = can(each.value.subnet_id) ? each.value.subnet_id : var.combined_resources.vnets[try(each.value.lz_key, var.client_config.landingzone_key)][each.value.vnet_key].subnets[each.value.subnet_key].id
+  settings            = each.value
+  global_settings     = var.global_settings
+  base_tags           = var.global_settings.inherit_tags
+  tags                = local.tags
+  private_dns         = var.combined_resources.private_dns
+  client_config       = var.client_config
+}
diff --git a/modules/databases/data_explorer/kusto_clusters/variables.tf b/modules/databases/data_explorer/kusto_clusters/variables.tf
index b0934606a9..a6b677d72a 100644
--- a/modules/databases/data_explorer/kusto_clusters/variables.tf
+++ b/modules/databases/data_explorer/kusto_clusters/variables.tf
@@ -25,8 +25,8 @@ variable "vnets" {
 variable "pips" {
   default = null
 }
+variable "private_endpoints" {}
 variable "combined_resources" {
   description = "Provide a map of combined resources for environment_variables_from_resources"
   default     = {}
 }
-

From 03e9641333c37cd830ec209a6655b4bc3a3f23c2 Mon Sep 17 00:00:00 2001
From: Simon Schneider <simon.schneider@volocopter.com>
Date: Wed, 13 Mar 2024 15:04:41 +0000
Subject: [PATCH 2/3] feat(azurerm_kusto_cluster): example for private endpoint

---
 .github/workflows/standalone-scenarios.json   |  1 +
 .../107-private-endpoint/configuration.tfvars | 75 +++++++++++++++++++
 2 files changed, 76 insertions(+)
 create mode 100644 examples/data_explorer/107-private-endpoint/configuration.tfvars

diff --git a/.github/workflows/standalone-scenarios.json b/.github/workflows/standalone-scenarios.json
index 3a4a611179..08037a46f3 100644
--- a/.github/workflows/standalone-scenarios.json
+++ b/.github/workflows/standalone-scenarios.json
@@ -26,6 +26,7 @@
     "data_explorer/104-kusto_cluster_database",
     "data_explorer/105-kusto_attached_database_configuration",
     "data_explorer/106-database_principal_assignment",
+    "data_explorer/107-private-endpoint",
     "data_factory/101-data_factory",
     "data_factory/102-data_factory_pipeline",
     "data_factory/103-data_factory_trigger_schedule",
diff --git a/examples/data_explorer/107-private-endpoint/configuration.tfvars b/examples/data_explorer/107-private-endpoint/configuration.tfvars
new file mode 100644
index 0000000000..f831afb6e6
--- /dev/null
+++ b/examples/data_explorer/107-private-endpoint/configuration.tfvars
@@ -0,0 +1,75 @@
+global_settings = {
+  default_region = "region1"
+  regions = {
+    region1 = "eastus"
+  }
+}
+
+resource_groups = {
+  rg1 = {
+    name   = "dedicated-test"
+    region = "region1"
+  }
+}
+kusto_clusters = {
+  kc1 = {
+    name              = "kustocluster"
+    auto_stop_enabled = false
+    resource_group = {
+      key = "rg1"
+      #lz_key = ""
+      #name   = ""
+    }
+    region = "region1"
+
+    sku = {
+      name     = "Dev(No SLA)_Standard_E2a_v4"
+      capacity = 1
+    }
+
+    private_endpoints = {
+      pe1 = {
+        name               = "kusto-shared"
+        resource_group_key = "rg1"
+        vnet_key           = "vnet_region1"
+        subnet_key         = "private_endpoints"
+        private_service_connection = {
+          name                 = "kusto-shared"
+          is_manual_connection = false
+          subresource_names    = ["cluster"]
+        }
+        private_dns = {
+          keys = ["kusto"]
+        }
+      }
+    }
+  }
+}
+
+## Networking configuration
+vnets = {
+  vnet_region1 = {
+    resource_group_key = "rg1"
+    region             = "region1"
+
+    vnet = {
+      name          = "kusto"
+      address_space = ["10.10.0.0/24"]
+    }
+
+    subnets = {
+      private_endpoints = {
+        name                                           = "private-endpoint"
+        cidr                                           = ["10.10.0.0/25"]
+        enforce_private_link_endpoint_network_policies = true
+      }
+    }
+  }
+}
+
+private_dns = {
+  kusto = {
+    name               = "privatelink.westeurope.kusto.windows.net"
+    resource_group_key = "rg1"
+  }
+}

From 818ec56700101081ce449b5229ce5965e201dd10 Mon Sep 17 00:00:00 2001
From: Simon Schneider <simon.schneider@volocopter.com>
Date: Tue, 12 Mar 2024 10:43:03 +0000
Subject: [PATCH 3/3] feat(private_endpoint): fix sanity checks for
 resource_group_name

---
 modules/networking/private_endpoint/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/networking/private_endpoint/main.tf b/modules/networking/private_endpoint/main.tf
index c9a409e81e..b8af5addcc 100644
--- a/modules/networking/private_endpoint/main.tf
+++ b/modules/networking/private_endpoint/main.tf
@@ -16,6 +16,6 @@ locals {
 
   location = can(var.location) || can(var.settings.region) ? try(var.location, var.global_settings.regions[var.settings.region]) : var.resource_groups[try(var.settings.resource_group.lz_key, var.settings.lz_key, var.client_config.landingzone_key)][try(var.settings.resource_group.key, var.settings.resource_group_key)].location
 
-  resource_group_name = can(var.resource_group_name) ? var.resource_group_name : var.resource_groups[try(var.settings.resource_group.lz_key, var.settings.lz_key, var.client_config.landingzone_key)][try(var.settings.resource_group.key, var.settings.resource_group_key)].name
+  resource_group_name = can(var.resource_group_name) && var.resource_group_name != null ? var.resource_group_name : var.resource_groups[try(var.settings.resource_group.lz_key, var.settings.lz_key, var.client_config.landingzone_key)][try(var.settings.resource_group.key, var.settings.resource_group_key)].name
 
 }