hashicorp · katbyte · Dec 3, 2019 · Oct 3, 2019 · Oct 3, 2019 · Oct 3, 2019
diff --git a/azurerm/data_source_private_link_endpoint.go b/azurerm/data_source_private_link_endpoint.go
@@ -0,0 +1,81 @@
+package azurerm
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tags"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func dataSourceArmPrivateLinkEndpoint() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceArmPrivateLinkEndpointRead,
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: validate.NoEmptyStrings,
+			},
+
+			"location": azure.SchemaLocationForDataSource(),
+
+			"resource_group_name": azure.SchemaResourceGroupNameForDataSource(),
+
+			"network_interface_ids": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+
+			"subnet_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"tags": tags.SchemaDataSource(),
+		},
+	}
+}
+
+func dataSourceArmPrivateLinkEndpointRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*ArmClient).Network.PrivateEndpointClient
+	ctx := meta.(*ArmClient).StopContext
+
+	name := d.Get("name").(string)
+	resourceGroup := d.Get("resource_group_name").(string)
+
+	resp, err := client.Get(ctx, resourceGroup, name, "")
+	if err != nil {
+		if utils.ResponseWasNotFound(resp.Response) {
+			return fmt.Errorf("Error: Private Endpoint %q (Resource Group %q) was not found", name, resourceGroup)
+		}
+		return fmt.Errorf("Error reading Private Endpoint %q (Resource Group %q): %+v", name, resourceGroup, err)
+	}
+
+	if resp.ID == nil || *resp.ID == "" { 
+		return fmt.Errorf("API returns a nil/empty id on Private Link Endpoint %q (Resource Group %q): %+v", name, resourceGroup, err) 
+	} 
+	d.SetId(*resp.ID)
+
+	d.Set("name", resp.Name)
+	d.Set("resource_group_name", resourceGroup)
+	if location := resp.Location; location != nil {
+		d.Set("location", azure.NormalizeLocation(*location))
+	}
+	if props := resp.PrivateEndpointProperties; props != nil {
+		if err := d.Set("network_interfaces", flattenArmPrivateLinkEndpointInterface(props.NetworkInterfaces)); err != nil {
+			return fmt.Errorf("Error setting `network_interfaces`: %+v", err)
+		}
+		if subnet := props.Subnet; subnet != nil {
+			d.Set("subnet_id", subnet.ID)
+		}
+	}
+
+	return tags.FlattenAndSet(d, resp.Tags)
+}
diff --git a/azurerm/data_source_private_link_endpoint_test.go b/azurerm/data_source_private_link_endpoint_test.go
@@ -0,0 +1,73 @@
+package azurerm
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf"
+)
+
+func TestAccDataSourceAzureRMPrivateEndpoint_basic(t *testing.T) {
+	dataSourceName := "data.azurerm_private_link_endpoint.test"
+	ri := tf.AccRandTimeInt()
+	location := testLocation()
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourcePrivateEndpoint_basic(ri, location),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(dataSourceName, "subnet_id"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccDataSourceAzureRMPrivateEndpoint_complete(t *testing.T) {
+	dataSourceName := "data.azurerm_private_link_endpoint.test"
+	ri := tf.AccRandTimeInt()
+	location := testLocation()
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourcePrivateEndpoint_complete(ri, location),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(dataSourceName, "subnet_id"),
+					resource.TestCheckResourceAttr(dataSourceName, "tags.%", "1"),
+					resource.TestCheckResourceAttr(dataSourceName, "tags.env", "test"),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourcePrivateEndpoint_basic(rInt int, location string) string {
+	config := testAccAzureRMPrivateEndpoint_basic(rInt, location)
+	return fmt.Sprintf(`
+%s
+
+data "azurerm_private_link_endpoint" "test" {
+  resource_group_name = "${azurerm_private_link_endpoint.test.resource_group_name}"
+  name                = "${azurerm_private_link_endpoint.test.name}"
+}
+`, config)
+}
+
+func testAccDataSourcePrivateEndpoint_complete(rInt int, location string) string {
+	config := testAccAzureRMPrivateEndpoint_complete(rInt, location)
+	return fmt.Sprintf(`
+%s
+
+data "azurerm_private_link_endpoint" "test" {
+  resource_group_name = "${azurerm_private_link_endpoint.test.resource_group_name}"
+  name                = "${azurerm_private_link_endpoint.test.name}"
+}
+`, config)
+}
diff --git a/azurerm/data_source_subnet.go b/azurerm/data_source_subnet.go
@@ -63,6 +63,11 @@ func dataSourceArmSubnet() *schema.Resource {
 					Type: schema.TypeString,
 				},
 			},
+
+			"disable_private_link_endpoint_network_policies": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
 		},
 	}
 }
@@ -92,6 +97,12 @@ func dataSourceArmSubnetRead(d *schema.ResourceData, meta interface{}) error {
 	if props := resp.SubnetPropertiesFormat; props != nil {
 		d.Set("address_prefix", props.AddressPrefix)
 
+		if privateEndpointNetworkPolicies := props.PrivateEndpointNetworkPolicies; privateEndpointNetworkPolicies != nil {
+			if err := d.Set("disable_private_link_endpoint_network_policies", *privateEndpointNetworkPolicies == "Disabled"); err != nil {
+				return err
+			}
+		}
+
 		if props.NetworkSecurityGroup != nil {
 			d.Set("network_security_group_id", props.NetworkSecurityGroup.ID)
 		} else {

diff --git a/azurerm/helpers/validate/strings.go b/azurerm/helpers/validate/strings.go
@@ -18,3 +18,27 @@ func NoEmptyStrings(i interface{}, k string) ([]string, []error) {
 
 	return nil, nil
 }
+
+// PrivateLinkEnpointRequestMessage validates that the Private Link Enpoint Request Message is less than 140 characters
+func PrivateLinkEnpointRequestMessage(i interface{}, k string) (_ []string, errors []error) {
+	return stringMaxLength(140)(i, k)
+}
+
+func stringMaxLength(maxLength int) func(i interface{}, k string) (_ []string, errors []error) {
+	return func(i interface{}, k string) (_ []string, errors []error) {
+		v, ok := i.(string)
+		if !ok {
+			return nil, []error{fmt.Errorf("expected type of %q to be string", k)}
+		}
+
+		if len(v) > maxLength {
+			return nil, []error{fmt.Errorf("%q must not be longer than %d characters, got %d", k, maxLength, len(v))}
+		}
+
+		if strings.TrimSpace(v) == "" {
+			return nil, []error{fmt.Errorf("%q must not be empty", k)}
+		}
+
+		return
+	}
+}
diff --git a/azurerm/internal/services/network/client.go b/azurerm/internal/services/network/client.go
@@ -20,6 +20,7 @@ type Client struct {
 	LocalNetworkGatewaysClient           *network.LocalNetworkGatewaysClient
 	ProfileClient                        *network.ProfilesClient
 	PacketCapturesClient                 *network.PacketCapturesClient
+	PrivateEndpointClient                *network.PrivateEndpointsClient
 	PublicIPsClient                      *network.PublicIPAddressesClient
 	PublicIPPrefixesClient               *network.PublicIPPrefixesClient
 	RoutesClient                         *network.RoutesClient
@@ -82,6 +83,9 @@ func BuildClient(o *common.ClientOptions) *Client {
 	PacketCapturesClient := network.NewPacketCapturesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
 	o.ConfigureClient(&PacketCapturesClient.Client, o.ResourceManagerAuthorizer)
 
+	PrivateEndpointClient := network.NewPrivateEndpointsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+	o.ConfigureClient(&PrivateEndpointClient.Client, o.ResourceManagerAuthorizer)
+
 	VnetPeeringsClient := network.NewVirtualNetworkPeeringsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
 	o.ConfigureClient(&VnetPeeringsClient.Client, o.ResourceManagerAuthorizer)
 
@@ -136,6 +140,7 @@ func BuildClient(o *common.ClientOptions) *Client {
 		LocalNetworkGatewaysClient:           &LocalNetworkGatewaysClient,
 		ProfileClient:                        &ProfileClient,
 		PacketCapturesClient:                 &PacketCapturesClient,
+		PrivateEndpointClient:                &PrivateEndpointClient,
 		PublicIPsClient:                      &PublicIPsClient,
 		PublicIPPrefixesClient:               &PublicIPPrefixesClient,
 		RoutesClient:                         &RoutesClient,

diff --git a/azurerm/internal/services/network/validate.go b/azurerm/internal/services/network/validate.go
@@ -0,0 +1,23 @@
+package network
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+func ValidatePrivateLinkEndpointSettings(d *schema.ResourceData) error {
+	privateServiceConnections := d.Get("private_service_connection").([]interface{})
+
+	for _, psc := range privateServiceConnections {
+		privateServiceConnection := psc.(map[string]interface{})
+		name := privateServiceConnection["name"].(string)
+
+		// If this is not a manule connection and the message is set return an error since this does not make sense.
+		if !privateServiceConnection["is_manual_connection"].(bool) && privateServiceConnection["request_message"].(string) != "" {
+			return fmt.Errorf(`"private_service_connection":%q is invalid, the "request_message" attribute cannot be set if the "is_manual_connection" attribute is "false"`, name)
+		}
+	}
+
+	return nil
+}
diff --git a/azurerm/provider.go b/azurerm/provider.go
@@ -110,6 +110,7 @@ func Provider() terraform.ResourceProvider {
 		"azurerm_network_watcher":                         dataSourceArmNetworkWatcher(),
 		"azurerm_notification_hub_namespace":              dataSourceNotificationHubNamespace(),
 		"azurerm_notification_hub":                        dataSourceNotificationHub(),
+		"azurerm_private_link_endpoint":                   dataSourceArmPrivateLinkEndpoint(),
 		"azurerm_platform_image":                          dataSourceArmPlatformImage(),
 		"azurerm_policy_definition":                       dataSourceArmPolicyDefinition(),
 		"azurerm_proximity_placement_group":               dataSourceArmProximityPlacementGroup(),
@@ -370,6 +371,7 @@ func Provider() terraform.ResourceProvider {
 		"azurerm_private_dns_zone":                                                       resourceArmPrivateDnsZone(),
 		"azurerm_private_dns_a_record":                                                   resourceArmPrivateDnsARecord(),
 		"azurerm_private_dns_cname_record":                                               resourceArmPrivateDnsCNameRecord(),
+		"azurerm_private_link_endpoint":                                                  resourceArmPrivateLinkEndpoint(),
 		"azurerm_private_dns_zone_virtual_network_link":                                  resourceArmPrivateDnsZoneVirtualNetworkLink(),
 		"azurerm_proximity_placement_group":                                              resourceArmProximityPlacementGroup(),
 		"azurerm_public_ip":                                                              resourceArmPublicIp(),