Add support for Private endpoints on Azure CosmosDB for Postgres

[CarelvanHeerden]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Description

Add support for Private endpoints on Azure CosmosDB for Postgres

According to the current documentation, https://registry.terraform.io/providers/hashicorp/azurerm/3.72.0/docs/resources/cosmosdb_postgresql_cluster, this has not yet been added to the Provider.

It is supported in the API. https://learn.microsoft.com/en-us/rest/api/postgresqlhsc/private-endpoint-connections

New or Affected Resource(s)/Data Source(s)

azurerm_cosmosdb_postgresql_cluster

Potential Terraform Configuration

resource "azurerm_cosmosdb_postgresql_cluster" "example" {
  name                            = "example-cluster"
  resource_group_name             = azurerm_resource_group.example.name
  location                        = azurerm_resource_group.example.location
  delegated_subnet_id             = azurerm_subnet.example.id
  private_dns_zone_id             = azurerm_private_dns_zone.example.id
  administrator_login_password    = "H@Sh1CoR3!"
  coordinator_storage_quota_in_mb = 131072
  coordinator_vcore_count         = 2
  node_count                      = 0
}

References

No response

[neil-yechenwei]

Thanks for raising this issue. I assume it has been supported by TF. Below is an example. Hopes it would be helpful.

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "test" {
  name     = "acctestRG-privatelink-test03"
  location = "westeurope"
}

resource "azurerm_virtual_network" "test" {
  name                = "acctestvnet-test03"
  resource_group_name = azurerm_resource_group.test.name
  location            = azurerm_resource_group.test.location
  address_space       = ["10.5.0.0/16"]
}

resource "azurerm_subnet" "service" {
  name                 = "acctestsnetservice-test03"
  resource_group_name  = azurerm_resource_group.test.name
  virtual_network_name = azurerm_virtual_network.test.name
  address_prefixes     = ["10.5.1.0/24"]

  enforce_private_link_service_network_policies = true
}

resource "azurerm_subnet" "endpoint" {
  name                 = "acctestsnetendpoint-test03"
  resource_group_name  = azurerm_resource_group.test.name
  virtual_network_name = azurerm_virtual_network.test.name
  address_prefixes     = ["10.5.2.0/24"]

  enforce_private_link_endpoint_network_policies = true
}

resource "azurerm_cosmosdb_postgresql_cluster" "test" {
  name                            = "acctestclustertest03"
  resource_group_name             = azurerm_resource_group.test.name
  location                        = azurerm_resource_group.test.location
  administrator_login_password    = "A@Sd1DoR5!"
  coordinator_storage_quota_in_mb = 131072
  coordinator_vcore_count         = 2
  node_count                      = 0
}

resource "azurerm_private_dns_zone" "finance" {
  name                = "privatelink.postgreshsc.database.azure.com"
  resource_group_name = azurerm_resource_group.test.name
}

resource "azurerm_private_endpoint" "test" {
  name                = "acctest-privatelink-test03"
  location            = azurerm_resource_group.test.location
  resource_group_name = azurerm_resource_group.test.name
  subnet_id           = azurerm_subnet.endpoint.id

  private_dns_zone_group {
    name                 = "acctest-dzg-test03"
    private_dns_zone_ids = [azurerm_private_dns_zone.finance.id]
  }

  private_service_connection {
    name                           = "acctest-privatelink-pschsc-test03"
    private_connection_resource_id = azurerm_cosmosdb_postgresql_cluster.test.id
    subresource_names              = ["coordinator"]
    is_manual_connection           = false
  }
}

[apheera]

@neil-yechenwei solution you posted definitely doesnt work I guess problem stands there of not being able to create private endpoint directly, one of the module I came across: https://github.com/Azure/terraform-azurerm-cosmosdb/blob/v1.0.0/examples/202-cosmosdb-private-endpoint/main.tf (haven't tested it yet)