azurerm_virtual_network_peering - support for the `peer_complete_vi…

…rtual_networks_enabled`, `only_ipv6_peering_enabled`, `local_subnet_names` and `remote_subnet_names` properties (#26229) * azurerm_virtual_network_peering - support peer_complete_virtual_networks_enabled, only_ipv6_peering_enabled, local_subnet_names and remote_subnet_names * update tc * update md * update tc * update tc * update tc
hashicorp · Jun 21, 2024 · 925328c · 925328c
1 parent 2a153fb
commit 925328c
Show file tree

Hide file tree

Showing 3 changed files with 118 additions and 3 deletions.
diff --git a/internal/services/network/virtual_network_peering_resource.go b/internal/services/network/virtual_network_peering_resource.go
@@ -17,6 +17,7 @@ import (
 	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/locks"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/timeouts"
 	"github.com/hashicorp/terraform-provider-azurerm/utils"
 )
@@ -81,6 +82,37 @@ func resourceVirtualNetworkPeering() *pluginsdk.Resource {
 				Default:  false,
 			},
 
+			"local_subnet_names": {
+				Type:     pluginsdk.TypeList,
+				Optional: true,
+				Elem: &pluginsdk.Schema{
+					Type:         pluginsdk.TypeString,
+					ValidateFunc: validation.StringIsNotEmpty,
+				},
+			},
+
+			"only_ipv6_peering_enabled": {
+				Type:     pluginsdk.TypeBool,
+				Optional: true,
+				ForceNew: true,
+			},
+
+			"peer_complete_virtual_networks_enabled": {
+				Type:     pluginsdk.TypeBool,
+				Optional: true,
+				Default:  true,
+				ForceNew: true,
+			},
+
+			"remote_subnet_names": {
+				Type:     pluginsdk.TypeList,
+				Optional: true,
+				Elem: &pluginsdk.Schema{
+					Type:         pluginsdk.TypeString,
+					ValidateFunc: validation.StringIsNotEmpty,
+				},
+			},
+
 			"use_remote_gateways": {
 				Type:     pluginsdk.TypeBool,
 				Optional: true,
@@ -121,13 +153,26 @@ func resourceVirtualNetworkPeeringCreate(d *pluginsdk.ResourceData, meta interfa
 			AllowVirtualNetworkAccess: pointer.To(d.Get("allow_virtual_network_access").(bool)),
 			AllowForwardedTraffic:     pointer.To(d.Get("allow_forwarded_traffic").(bool)),
 			AllowGatewayTransit:       pointer.To(d.Get("allow_gateway_transit").(bool)),
+			PeerCompleteVnets:         pointer.To(d.Get("peer_complete_virtual_networks_enabled").(bool)),
 			UseRemoteGateways:         pointer.To(d.Get("use_remote_gateways").(bool)),
 			RemoteVirtualNetwork: &virtualnetworkpeerings.SubResource{
 				Id: pointer.To(d.Get("remote_virtual_network_id").(string)),
 			},
 		},
 	}
 
+	if v, ok := d.GetOk("only_ipv6_peering_enabled"); ok {
+		peer.Properties.EnableOnlyIPv6Peering = pointer.To(v.(bool))
+	}
+
+	if v, ok := d.GetOk("local_subnet_names"); ok {
+		peer.Properties.LocalSubnetNames = utils.ExpandStringSlice(v.([]interface{}))
+	}
+
+	if v, ok := d.GetOk("remote_subnet_names"); ok {
+		peer.Properties.RemoteSubnetNames = utils.ExpandStringSlice(v.([]interface{}))
+	}
+
 	locks.ByID(virtualNetworkPeeringResourceType)
 	defer locks.UnlockByID(virtualNetworkPeeringResourceType)
 
@@ -202,6 +247,12 @@ func resourceVirtualNetworkPeeringUpdate(d *pluginsdk.ResourceData, meta interfa
 	if d.HasChange("allow_virtual_network_access") {
 		existing.Model.Properties.AllowVirtualNetworkAccess = pointer.To(d.Get("allow_virtual_network_access").(bool))
 	}
+	if d.HasChange("local_subnet_names") {
+		existing.Model.Properties.LocalSubnetNames = utils.ExpandStringSlice(d.Get("local_subnet_names").([]interface{}))
+	}
+	if d.HasChange("remote_subnet_names") {
+		existing.Model.Properties.RemoteSubnetNames = utils.ExpandStringSlice(d.Get("remote_subnet_names").([]interface{}))
+	}
 	if d.HasChange("use_remote_gateways") {
 		existing.Model.Properties.UseRemoteGateways = pointer.To(d.Get("use_remote_gateways").(bool))
 	}
@@ -246,6 +297,10 @@ func resourceVirtualNetworkPeeringRead(d *pluginsdk.ResourceData, meta interface
 			d.Set("allow_virtual_network_access", peer.AllowVirtualNetworkAccess)
 			d.Set("allow_forwarded_traffic", peer.AllowForwardedTraffic)
 			d.Set("allow_gateway_transit", peer.AllowGatewayTransit)
+			d.Set("peer_complete_virtual_networks_enabled", pointer.From(peer.PeerCompleteVnets))
+			d.Set("only_ipv6_peering_enabled", pointer.From(peer.EnableOnlyIPv6Peering))
+			d.Set("local_subnet_names", pointer.From(peer.LocalSubnetNames))
+			d.Set("remote_subnet_names", pointer.From(peer.RemoteSubnetNames))
 			d.Set("use_remote_gateways", peer.UseRemoteGateways)
 
 			remoteVirtualNetworkId := ""

diff --git a/internal/services/network/virtual_network_peering_resource_test.go b/internal/services/network/virtual_network_peering_resource_test.go
@@ -51,7 +51,7 @@ func TestAccVirtualNetworkPeering_withTriggers(t *testing.T) {
 				check.That(secondResourceName).ExistsInAzure(r),
 				check.That(data.ResourceName).Key("allow_virtual_network_access").HasValue("true"),
 				check.That(data.ResourceName).Key("triggers.remote_address_space").Exists(),
-				check.That(data.ResourceName).Key("triggers.remote_address_space").HasValue("10.0.2.0/24"),
+				check.That(data.ResourceName).Key("triggers.remote_address_space").HasValue("10.0.2.0/24,1001:1002::/64"),
 				check.That(secondResourceName).Key("allow_virtual_network_access").HasValue("true"),
 			),
 		},
@@ -122,6 +122,21 @@ func TestAccVirtualNetworkPeering_update(t *testing.T) {
 	})
 }
 
+func TestAccVirtualNetworkPeering_subnetPeering(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_virtual_network_peering", "test1")
+	r := VirtualNetworkPeeringResource{}
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.subnetPeering(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
 func (r VirtualNetworkPeeringResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
 	id, err := virtualnetworkpeerings.ParseVirtualNetworkPeeringID(state.ID)
 	if err != nil {
@@ -261,15 +276,52 @@ resource "azurerm_resource_group" "test" {
 resource "azurerm_virtual_network" "test1" {
   name                = "acctestvirtnet-1-%[1]d"
   resource_group_name = azurerm_resource_group.test.name
-  address_space       = ["10.0.1.0/24"]
+  address_space       = ["10.0.1.0/24", "1001:1001::/64"]
   location            = azurerm_resource_group.test.location
 }
 
 resource "azurerm_virtual_network" "test2" {
   name                = "acctestvirtnet-2-%[1]d"
   resource_group_name = azurerm_resource_group.test.name
-  address_space       = ["10.0.2.0/24"]
+  address_space       = ["10.0.2.0/24", "1001:1002::/64"]
   location            = azurerm_resource_group.test.location
 }
 `, data.RandomInteger, data.Locations.Primary)
 }
+
+func (r VirtualNetworkPeeringResource) subnetPeering(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+%[1]s
+
+resource "azurerm_subnet" "test1" {
+  name                 = "internal1"
+  resource_group_name  = azurerm_resource_group.test.name
+  virtual_network_name = azurerm_virtual_network.test1.name
+  address_prefixes     = ["10.0.1.0/27", "1001:1001::/64"]
+}
+
+resource "azurerm_subnet" "test2" {
+  name                 = "internal2"
+  resource_group_name  = azurerm_resource_group.test.name
+  virtual_network_name = azurerm_virtual_network.test2.name
+  address_prefixes     = ["10.0.2.0/27", "1001:1002::/64"]
+}
+
+resource "azurerm_virtual_network_peering" "test1" {
+  name                                   = "acctestpeer-1-%[2]d"
+  resource_group_name                    = azurerm_resource_group.test.name
+  virtual_network_name                   = azurerm_virtual_network.test1.name
+  remote_virtual_network_id              = azurerm_virtual_network.test2.id
+  allow_forwarded_traffic                = true
+  allow_virtual_network_access           = true
+  peer_complete_virtual_networks_enabled = false
+  only_ipv6_peering_enabled              = true
+  local_subnet_names                     = [azurerm_subnet.test1.name]
+  remote_subnet_names                    = [azurerm_subnet.test2.name]
+}
+`, r.template(data), data.RandomInteger)
+}
diff --git a/website/docs/r/virtual_network_peering.html.markdown b/website/docs/r/virtual_network_peering.html.markdown
@@ -174,6 +174,14 @@ The following arguments are supported:
 
 * `allow_gateway_transit` - (Optional) Controls gatewayLinks can be used in the remote virtual network’s link to the local virtual network. Defaults to `false`.
 
+* `local_subnet_names` - (Optional) A list of local Subnet names that are Subnet peered with remote Virtual Network.
+
+* `only_ipv6_peering_enabled` - (Optional) Specifies whether only IPv6 address space is peered for Subnet peering. Changing this forces a new resource to be created.
+
+* `peer_complete_virtual_networks_enabled` - (Optional) Specifies whether complete Virtual Network address space is peered. Defaults to `true`. Changing this forces a new resource to be created.
+
+* `remote_subnet_names` - (Optional) A list of remote Subnet names from remote Virtual Network that are Subnet peered.
+
 * `use_remote_gateways` - (Optional) Controls if remote gateways can be used on the local virtual network. If the flag is set to `true`, and `allow_gateway_transit` on the remote peering is also `true`, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to `true`. This flag cannot be set if virtual network already has a gateway. Defaults to `false`.
 
 -> **NOTE:** `use_remote_gateways` must be set to `false` if using Global Virtual Network Peerings.