Add EnablePrivateLinkFastPath to the Express Route Connection resource

internal/services/network/express_route_connection_resource.go

@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/hashicorp/go-azure-helpers/lang/pointer"
 	"github.com/hashicorp/terraform-provider-azurerm/helpers/tf"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/services/network/parse"
@@ -71,6 +72,12 @@ func resourceExpressRouteConnection() *pluginsdk.Resource {
 				Optional: true,
 			},
 
+			"private_link_fast_path_enabled": {
+				Type:     pluginsdk.TypeBool,
+				Optional: true,
+				Default:  false,
+			},
+
 			"express_route_gateway_bypass_enabled": {
 				Type:     pluginsdk.TypeBool,
 				Optional: true,
@@ -173,6 +180,10 @@ func resourceExpressRouteConnectionCreate(d *pluginsdk.ResourceData, meta interf
 		return tf.ImportAsExistsError("azurerm_express_route_connection", id.ID())
 	}
 
+	if d.Get("private_link_fast_path_enabled").(bool) && !d.Get("express_route_gateway_bypass_enabled").(bool) {
+		return fmt.Errorf("`express_route_gateway_bypass_enabled` must be enabled when `private_link_fast_path_enabled` is set to `true`")
+	}
+
 	parameters := network.ExpressRouteConnection{
 		Name: utils.String(id.Name),
 		ExpressRouteConnectionProperties: &network.ExpressRouteConnectionProperties{
@@ -183,6 +194,7 @@ func resourceExpressRouteConnectionCreate(d *pluginsdk.ResourceData, meta interf
 			RoutingConfiguration:      expandExpressRouteConnectionRouting(d.Get("routing").([]interface{})),
 			RoutingWeight:             utils.Int32(int32(d.Get("routing_weight").(int))),
 			ExpressRouteGatewayBypass: utils.Bool(d.Get("express_route_gateway_bypass_enabled").(bool)),
+			EnablePrivateLinkFastPath: utils.Bool(d.Get("private_link_fast_path_enabled").(bool)),
 		},
 	}
 
@@ -230,6 +242,7 @@ func resourceExpressRouteConnectionRead(d *pluginsdk.ResourceData, meta interfac
 		d.Set("routing_weight", props.RoutingWeight)
 		d.Set("authorization_key", props.AuthorizationKey)
 		d.Set("enable_internet_security", props.EnableInternetSecurity)
+		d.Set("private_link_fast_path_enabled", pointer.From(props.EnablePrivateLinkFastPath))
 
 		if props.ExpressRouteGatewayBypass != nil {
 			d.Set("express_route_gateway_bypass_enabled", props.ExpressRouteGatewayBypass)
@@ -267,6 +280,9 @@ func resourceExpressRouteConnectionUpdate(d *pluginsdk.ResourceData, meta interf
 		return err
 	}
 
+	if d.Get("private_link_fast_path_enabled").(bool) && !d.Get("express_route_gateway_bypass_enabled").(bool) {
+		return fmt.Errorf("`express_route_gateway_bypass_enabled` must be enabled when `private_link_fast_path_enabled` is set to `true`")
+	}
 	parameters := network.ExpressRouteConnection{
 		Name: utils.String(id.Name),
 		ExpressRouteConnectionProperties: &network.ExpressRouteConnectionProperties{
@@ -277,6 +293,7 @@ func resourceExpressRouteConnectionUpdate(d *pluginsdk.ResourceData, meta interf
 			RoutingConfiguration:      expandExpressRouteConnectionRouting(d.Get("routing").([]interface{})),
 			RoutingWeight:             utils.Int32(int32(d.Get("routing_weight").(int))),
 			ExpressRouteGatewayBypass: utils.Bool(d.Get("express_route_gateway_bypass_enabled").(bool)),
+			EnablePrivateLinkFastPath: utils.Bool(d.Get("private_link_fast_path_enabled").(bool)),
 		},
 	}
 

internal/services/network/express_route_connection_resource_test.go

@@ -147,12 +147,14 @@ func (r ExpressRouteConnectionResource) complete(data acceptance.TestData) strin
 %s
 
 resource "azurerm_express_route_connection" "test" {
-  name                             = "acctest-ExpressRouteConnection-%d"
-  express_route_gateway_id         = azurerm_express_route_gateway.test.id
-  express_route_circuit_peering_id = azurerm_express_route_circuit_peering.test.id
-  routing_weight                   = 2
-  authorization_key                = "90f8db47-e25b-4b65-a68b-7743ced2a16b"
-  enable_internet_security         = true
+  name                                 = "acctest-ExpressRouteConnection-%d"
+  express_route_gateway_id             = azurerm_express_route_gateway.test.id
+  express_route_circuit_peering_id     = azurerm_express_route_circuit_peering.test.id
+  routing_weight                       = 2
+  authorization_key                    = "90f8db47-e25b-4b65-a68b-7743ced2a16b"
+  enable_internet_security             = true
+  private_link_fast_path_enabled       = true
+  express_route_gateway_bypass_enabled = true
 
   routing {
     associated_route_table_id = azurerm_virtual_hub.test.default_route_table_id
@@ -223,6 +225,7 @@ resource "azurerm_express_route_connection" "test" {
   routing_weight                       = 2
   authorization_key                    = "90f8db47-e25b-4b65-a68b-7743ced2a16b"
   enable_internet_security             = true
+  private_link_fast_path_enabled       = true
   express_route_gateway_bypass_enabled = true
 
   routing {

website/docs/r/express_route_connection.html.markdown

@@ -98,6 +98,8 @@ The following arguments are supported:
 
 * `express_route_gateway_bypass_enabled` - (Optional) Specified whether Fast Path is enabled for Virtual Wan Firewall Hub. Defaults to `false`.
 
+* `private_link_fast_path_enabled` - (Optional) Bypass the Express Route gateway when accessing private-links. When enabled `express_route_gateway_bypass_enabled` must be set to `true`. Defaults to `false`.
+
 * `routing` - (Optional) A `routing` block as defined below.
 
 * `routing_weight` - (Optional) The routing weight associated to the Express Route Connection. Possible value is between `0` and `32000`. Defaults to `0`.