Merge pull request #5200 from gambtho/master

Update to Subnet support for Private Link
hashicorp · Dec 18, 2019 · cd515ac · cd515ac
2 parents 36e1569 + f5ed4c7
commit cd515ac
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 12 deletions.
diff --git a/azurerm/resource_arm_subnet.go b/azurerm/resource_arm_subnet.go
@@ -141,17 +141,15 @@ func resourceArmSubnet() *schema.Resource {
 			},
 
 			"enforce_private_link_endpoint_network_policies": {
-				Type:          schema.TypeBool,
-				Optional:      true,
-				ConflictsWith: []string{"enforce_private_link_service_network_policies"},
-				Default:       false,
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
 			},
 
 			"enforce_private_link_service_network_policies": {
-				Type:          schema.TypeBool,
-				Optional:      true,
-				ConflictsWith: []string{"enforce_private_link_endpoint_network_policies"},
-				Default:       false,
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
 			},
 		},
 	}

diff --git a/website/docs/r/subnet.html.markdown b/website/docs/r/subnet.html.markdown
@@ -60,10 +60,6 @@ The following arguments are supported:
 
 * `address_prefix` - (Required) The address prefix to use for the subnet.
 
-* `enforce_private_link_service_network_policies` - (Optional) Enable or Disable network policies on the `private link service` in the subnet. Default is `false`.
-
--> **NOTE:** Network policies like network security groups (NSG) are not supported for the private link service. In order to deploy a private link service on a given subnet, an explicit disable setting is required on that subnet(e.g. `enforce_private_link_service_network_policies` = `true`). This setting is only applicable for the private link service. For other resources in the subnet, access is controlled based on Network Security Groups (NSG) security rules definition.
-
 * `network_security_group_id` - (Optional / **Deprecated**) The ID of the Network Security Group to associate with the subnet.
 
 -> **NOTE:** At this time Subnet `<->` Network Security Group associations need to be configured both using this field (which is now Deprecated) and using the `azurerm_subnet_network_security_group_association` resource. This field is deprecated and will be removed in favour of that resource in the next major version (2.0) of the AzureRM Provider.