Adds PublicNetworkAccess parameter to Cosmosdb

* Closes #7232

azurerm/internal/services/cosmos/cosmosdb_account_resource.go

@@ -111,6 +111,12 @@ func resourceArmCosmosDbAccount() *schema.Resource {
 				ForceNew: true,
 			},
 
+			"public_network_access_enabled": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  true,
+			},
+
 			"enable_automatic_failover": {
 				Type:     schema.TypeBool,
 				Optional: true,
@@ -389,6 +395,11 @@ func resourceArmCosmosDbAccountCreate(d *schema.ResourceData, meta interface{})
 		return fmt.Errorf("Error expanding CosmosDB Account %q (Resource Group %q) geo locations: %+v", name, resourceGroup, err)
 	}
 
+	publicNetworkAccess := documentdb.Enabled
+	if enabled := d.Get("public_network_access_enabled").(bool); !enabled {
+		publicNetworkAccess = documentdb.Disabled
+	}
+
 	account := documentdb.DatabaseAccountCreateUpdateParameters{
 		Location: utils.String(location),
 		Kind:     documentdb.DatabaseAccountKind(kind),
@@ -403,6 +414,7 @@ func resourceArmCosmosDbAccountCreate(d *schema.ResourceData, meta interface{})
 			Capabilities:                  expandAzureRmCosmosDBAccountCapabilities(d),
 			VirtualNetworkRules:           expandAzureRmCosmosDBAccountVirtualNetworkRules(d),
 			EnableMultipleWriteLocations:  utils.Bool(enableMultipleWriteLocations),
+			PublicNetworkAccess:           publicNetworkAccess,
 		},
 		Tags: tags.Expand(t),
 	}
@@ -477,6 +489,11 @@ func resourceArmCosmosDbAccountUpdate(d *schema.ResourceData, meta interface{})
 		oldLocationsMap[azure.NormalizeLocation(*location.LocationName)] = location
 	}
 
+	publicNetworkAccess := documentdb.Enabled
+	if enabled := d.Get("public_network_access_enabled").(bool); !enabled {
+		publicNetworkAccess = documentdb.Disabled
+	}
+
 	// cannot update properties and add/remove replication locations or updating enabling of multiple
 	// write locations at the same time. so first just update any changed properties
 	account := documentdb.DatabaseAccountCreateUpdateParameters{
@@ -493,6 +510,7 @@ func resourceArmCosmosDbAccountUpdate(d *schema.ResourceData, meta interface{})
 			Locations:                     &oldLocations,
 			VirtualNetworkRules:           expandAzureRmCosmosDBAccountVirtualNetworkRules(d),
 			EnableMultipleWriteLocations:  resp.EnableMultipleWriteLocations,
+			PublicNetworkAccess:           publicNetworkAccess,
 		},
 		Tags: tags.Expand(t),
 	}
@@ -588,6 +606,8 @@ func resourceArmCosmosDbAccountRead(d *schema.ResourceData, meta interface{}) er
 
 	d.Set("enable_free_tier", resp.EnableFreeTier)
 
+	d.Set("public_network_access_enabled", resp.PublicNetworkAccess == documentdb.Enabled)
+
 	if v := resp.IsVirtualNetworkFilterEnabled; v != nil {
 		d.Set("is_virtual_network_filter_enabled", resp.IsVirtualNetworkFilterEnabled)
 	}

azurerm/internal/services/cosmos/cosmosdb_account_resource_test.go

@@ -74,6 +74,29 @@ func TestAccAzureRMCosmosDBAccount_basic_parse_strong(t *testing.T) {
 	testAccAzureRMCosmosDBAccount_basicWith(t, documentdb.MongoDB, documentdb.Strong)
 }
 
+func TestAccAzureRMCosmosDBAccount_public_network_access_enabled(t *testing.T) {
+	testAccAzureRMCosmosDBAccount_public_network_access_enabled(t, documentdb.MongoDB, documentdb.Strong)
+}
+
+func testAccAzureRMCosmosDBAccount_public_network_access_enabled(t *testing.T, kind documentdb.DatabaseAccountKind, consistency documentdb.DefaultConsistencyLevel) {
+	data := acceptance.BuildTestData(t, "azurerm_cosmosdb_account", "test")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMCosmosDBAccountDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: checkAccAzureRMCosmosDBAccount_network_access_enabled(data, kind, consistency),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					checkAccAzureRMCosmosDBAccount_basic(data, consistency, 1),
+				),
+			},
+			data.ImportStep(),
+		},
+	})
+}
+
 func testAccAzureRMCosmosDBAccount_basicWith(t *testing.T, kind documentdb.DatabaseAccountKind, consistency documentdb.DefaultConsistencyLevel) {
 	data := acceptance.BuildTestData(t, "azurerm_cosmosdb_account", "test")
 
@@ -993,3 +1016,34 @@ func checkAccAzureRMCosmosDBAccount_basic(data acceptance.TestData, consistency
 		resource.TestCheckResourceAttrSet(data.ResourceName, "secondary_readonly_key"),
 	)
 }
+
+func checkAccAzureRMCosmosDBAccount_network_access_enabled(data acceptance.TestData, kind documentdb.DatabaseAccountKind, consistency documentdb.DefaultConsistencyLevel) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-cosmos-%d"
+  location = "%s"
+}
+
+resource "azurerm_cosmosdb_account" "test" {
+  name                          = "acctest-ca-%d"
+  location                      = azurerm_resource_group.test.location
+  resource_group_name           = azurerm_resource_group.test.name
+  offer_type                    = "Standard"
+  kind                          = "%s"
+  public_network_access_enabled = true
+
+  consistency_policy {
+    consistency_level = "%s"
+  }
+
+  geo_location {
+    location          = azurerm_resource_group.test.location
+    failover_priority = 0
+  }
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, string(kind), string(consistency))
+}

website/docs/r/cosmosdb_account.html.markdown

@@ -88,6 +88,8 @@ The following arguments are supported:
 
 * `enable_automatic_failover` - (Optional) Enable automatic fail over for this Cosmos DB account.
 
+* `public_network_access_enabled` - (Optional) Whether or not public network access is allowed for this CosmosDB account.
+
 * `capabilities` - (Optional) The capabilities which should be enabled for this Cosmos DB account. Possible values are `EnableAggregationPipeline`, `EnableCassandra`, `EnableGremlin`, `EnableTable`, `MongoDBv3.4`, `EnableServerless`, and `mongoEnableDocLevelTTL`.
 
 * `is_virtual_network_filter_enabled` - (Optional) Enables virtual network filtering for this Cosmos DB account.