search

Azure / caf-terraform-landingzones

This solution, offered by the Open-Source community, will no longer receive contributions from Microsoft. Customers are encouraged to transition to Microsoft Azure Verified Modules for continued support and updates from Microsoft. Please note, this repository is scheduled for decommissioning and will be removed on July 1, 2025.
https://github.com/aztfmod/caf-terraform-landingzones
MIT License
761 stars 666 forks source link

[bug] Unable to deploy virtual_hub_connections in another subscription #360

Open BartVanBerkel opened 2 years ago

BartVanBerkel commented 2 years ago

Describe the bug We are unable to deploy the virtual_hub_connections. In our case the vnet which we want to connect is in a different subscription than the virtualhub.

The idea is that 'local.connectivity_subscription_id' and 'local.connectivity_tenant_id' should be set to the subscription where the virtual hub is deployed. This can be achieved by setting the 'custom_variables.virtual_hub_lz_key'.

What I have found is that the 'local.tfstates' doesn't contain the right information. The result is that the 'local.connectivity_subscription_id' will be set to the current subscription.

To Reproduce Steps to reproduce the behavior:

  1. Deploy virtualhub in subscription A
  2. Deploy a vnet in subscription B and add the virtual_hub_connections

Configuration (please complete the following information):

Additional context What I did to fix this issue is update caf_solution/main.tf

  tfstates = merge(
    tomap(
      {
        (var.landingzone.key) = local.backend[var.landingzone.backend_type]
      }
    )
    ,
    try(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.tfstates, {}),
    try(data.terraform_remote_state.remote[local.custom_variables.virtual_hub_lz_key].outputs.tfstates, {})   <= add this line
  )
nusrath432 commented 2 years ago

Hi, I have same use case and I tested by adding the above line:

try(data.terraform_remote_state.remote[local.custom_variables.virtual_hub_lz_key].outputs.tfstates, {})

and it worked fine - adding and removing the connection - no issues. No changes to tfvars.

@BartVanBerkel Thanks

But as an interim solution, we are creating a separate landingzone/tfstate to maintain only virtual_hub_connections, using -target_subscription "hub-subscription-id".

shaneholder commented 2 years ago

I also just hit this issue trying to create a vhub connection. using 2203.1. And also confirm that the change in main.tf adding 

try(data.terraform_remote_state.remote[local.custom_variables.virtual_hub_lz_key].outputs.tfstates, {})

to line 62 allowed the connection to the vhub to be created. Guess I'll be creating a fork.

Many thanks @BartVanBerkel

shaneholder commented 2 years ago

It's been a while since this issue was reported and it seems that it is a blocker to building out a subscription vending machine scenario (which I am doing). I checked a few branches and I do not see the suggested change having been incorporated and I am wondering if there is an alternative solution or if there is a concern about the suggested fix impacting other areas.