hashicorp · mbfrahry · Jun 23, 2020 · May 25, 2020 · Jun 22, 2020
diff --git a/azurerm/internal/services/kusto/kusto_cluster_resource.go b/azurerm/internal/services/kusto/kusto_cluster_resource.go
@@ -108,6 +108,31 @@ func resourceArmKustoCluster() *schema.Resource {
 				Optional: true,
 			},
 
+			"virtual_network_configuration": {
+				Type:     schema.TypeList,
+				Optional: true,
+				MaxItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"subnet_id": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: azure.ValidateResourceID,
+						},
+						"engine_public_ip_id": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: azure.ValidateResourceID,
+						},
+						"data_management_public_ip_id": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: azure.ValidateResourceID,
+						},
+					},
+				},
+			},
+
 			"uri": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -159,6 +184,11 @@ func resourceArmKustoClusterCreateUpdate(d *schema.ResourceData, meta interface{
 		EnablePurge:           utils.Bool(d.Get("enable_purge").(bool)),
 	}
 
+	if v, ok := d.GetOk("virtual_network_configuration"); ok {
+		vnet := expandKustoClusterVNET(v.([]interface{}))
+		clusterProperties.VirtualNetworkConfiguration = vnet
+	}
+
 	t := d.Get("tags").(map[string]interface{})
 
 	kustoCluster := kusto.Cluster{
@@ -227,6 +257,7 @@ func resourceArmKustoClusterRead(d *schema.ResourceData, meta interface{}) error
 		d.Set("enable_disk_encryption", clusterProperties.EnableDiskEncryption)
 		d.Set("enable_streaming_ingest", clusterProperties.EnableStreamingIngest)
 		d.Set("enable_purge", clusterProperties.EnablePurge)
+		d.Set("virtual_network_configuration", flatteKustoClusterVNET(clusterProperties.VirtualNetworkConfiguration))
 		d.Set("uri", clusterProperties.URI)
 		d.Set("data_ingestion_uri", clusterProperties.DataIngestionURI)
 	}
@@ -297,6 +328,23 @@ func expandKustoClusterSku(d *schema.ResourceData) (*kusto.AzureSku, error) {
 	return azureSku, nil
 }
 
+func expandKustoClusterVNET(input []interface{}) *kusto.VirtualNetworkConfiguration {
+	if len(input) == 0 || input[0] == nil {
+		return nil
+	}
+
+	vnet := input[0].(map[string]interface{})
+	subnetID := vnet["subnet_id"].(string)
+	enginePublicIPID := vnet["engine_public_ip_id"].(string)
+	dataManagementPublicIPID := vnet["data_management_public_ip_id"].(string)
+
+	return &kusto.VirtualNetworkConfiguration{
+		SubnetID:                 &subnetID,
+		EnginePublicIPID:         &enginePublicIPID,
+		DataManagementPublicIPID: &dataManagementPublicIPID,
+	}
+}
+
 func flattenKustoClusterSku(sku *kusto.AzureSku) []interface{} {
 	if sku == nil {
 		return []interface{}{}
@@ -312,3 +360,32 @@ func flattenKustoClusterSku(sku *kusto.AzureSku) []interface{} {
 
 	return []interface{}{s}
 }
+
+func flatteKustoClusterVNET(vnet *kusto.VirtualNetworkConfiguration) []interface{} {
+	if vnet == nil {
+		return []interface{}{}
+	}
+
+	subnetID := ""
+	if vnet.SubnetID != nil {
+		subnetID = *vnet.SubnetID
+	}
+
+	enginePublicIPID := ""
+	if vnet.EnginePublicIPID != nil {
+		enginePublicIPID = *vnet.EnginePublicIPID
+	}
+
+	dataManagementPublicIPID := ""
+	if vnet.DataManagementPublicIPID != nil {
+		dataManagementPublicIPID = *vnet.DataManagementPublicIPID
+	}
+
+	output := map[string]interface{}{
+		"subnet_id":                    subnetID,
+		"engine_public_ip_id":          enginePublicIPID,
+		"data_management_public_ip_id": dataManagementPublicIPID,
+	}
+
+	return []interface{}{output}
+}
diff --git a/azurerm/internal/services/kusto/tests/kusto_cluster_resource_test.go b/azurerm/internal/services/kusto/tests/kusto_cluster_resource_test.go
@@ -129,6 +129,29 @@ func TestAccAzureRMKustoCluster_sku(t *testing.T) {
 	})
 }
 
+func TestAccAzureRMKustoCluster_vnet(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_kusto_cluster", "test")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMKustoClusterDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMKustoCluster_vnet(data),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMKustoClusterExists(data.ResourceName),
+					resource.TestCheckResourceAttr(data.ResourceName, "virtual_network_configuration.#", "1"),
+					resource.TestCheckResourceAttrSet(data.ResourceName, "virtual_network_configuration.0.subnet_id"),
+					resource.TestCheckResourceAttrSet(data.ResourceName, "virtual_network_configuration.0.engine_public_ip_id"),
+					resource.TestCheckResourceAttrSet(data.ResourceName, "virtual_network_configuration.0.data_management_public_ip_id"),
+				),
+			},
+			data.ImportStep(),
+		},
+	})
+}
+
 func testAccAzureRMKustoCluster_basic(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 provider "azurerm" {
@@ -288,6 +311,91 @@ func testCheckAzureRMKustoClusterDestroy(s *terraform.State) error {
 	return nil
 }
 
+func testAccAzureRMKustoCluster_vnet(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-%d"
+  location = "%s"
+}
+
+resource "azurerm_virtual_network" "test" {
+  name                = "acctestkc%s-vnet"
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+}
+
+resource "azurerm_subnet" "test" {
+  name                 = "acctestkc%s-subnet"
+  resource_group_name  = azurerm_resource_group.test.name
+  virtual_network_name = azurerm_virtual_network.test.name
+  address_prefixes     = ["10.0.1.0/24"]
+}
+
+resource "azurerm_network_security_group" "test" {
+  name                = "acctestkc%s-nsg"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+}
+
+resource "azurerm_network_security_rule" "test_allow_management_inbound" {
+  name                        = "AllowAzureDataExplorerManagement"
+  priority                    = 100
+  direction                   = "Inbound"
+  access                      = "Allow"
+  protocol                    = "Tcp"
+  source_port_range           = "*"
+  destination_port_range      = "443"
+  source_address_prefix       = "AzureDataExplorerManagement"
+  destination_address_prefix  = "VirtualNetwork"
+  resource_group_name         = azurerm_resource_group.test.name
+  network_security_group_name = azurerm_network_security_group.test.name
+}
+
+resource "azurerm_subnet_network_security_group_association" "test" {
+  subnet_id                 = azurerm_subnet.test.id
+  network_security_group_id = azurerm_network_security_group.test.id
+}
+
+resource "azurerm_public_ip" "engine_pip" {
+  name                = "acctestkc%s-engine-pip"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+  sku                 = "Standard"
+  allocation_method   = "Static"
+}
+
+resource "azurerm_public_ip" "management_pip" {
+  name                = "acctestkc%s-management-pip"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+  sku                 = "Basic"
+  allocation_method   = "Static"
+}
+
+resource "azurerm_kusto_cluster" "test" {
+  name                = "acctestkc%s"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+
+  sku {
+    name     = "Dev(No SLA)_Standard_D11_v2"
+    capacity = 1
+  }
+
+  virtual_network_configuration {
+    subnet_id                    = azurerm_subnet.test.id
+    engine_public_ip_id          = azurerm_public_ip.engine_pip.id
+    data_management_public_ip_id = azurerm_public_ip.management_pip.id
+  }
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomString, data.RandomString, data.RandomString, data.RandomString, data.RandomString)
+}
+
 func testCheckAzureRMKustoClusterExists(resourceName string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		client := acceptance.AzureProvider.Meta().(*clients.Client).Kusto.ClustersClient

diff --git a/website/docs/r/kusto_cluster.html.markdown b/website/docs/r/kusto_cluster.html.markdown
@@ -52,6 +52,8 @@ The following arguments are supported:
 
 * `enable_purge` - (Optional) Specifies if the purge operations are enabled.
 
+* `virtual_network_configuration`- (Optional) A `virtual_network_configuration` block as defined below.
+
 * `tags` - (Optional) A mapping of tags to assign to the resource.
 
 ---
@@ -62,6 +64,15 @@ A `sku` block supports the following:
 
 * `capacity` - (Required) Specifies the node count for the cluster. Boundaries depend on the sku name.
 
+---
+
+A `virtual_network_configuration` block supports the following:
+
+* `subnet_id` - (Required) The subnet resource id.
+
+* `engine_public_ip_id` - (Required) Engine service's public IP address resource id.
+
+* `data_management_public_ip_id` - (Required) Data management's service public IP address resource id.
 
 ## Attributes Reference