Azure / terraform-azurerm-aks

Terraform Module for deploying an AKS cluster
MIT License
362 stars 468 forks source link

Use `private_endpoint_network_policies_enabled` instead of `enforce_private_link_endpoint_network_policies` in the example code #246

Open lonegunmanb opened 2 years ago

lonegunmanb commented 2 years ago

Is there an existing issue for this?

Description

Now the azurerm_subnet resource in the example folder used enforce_private_link_endpoint_network_policies:

resource "azurerm_subnet" "test" {
  address_prefixes                               = ["10.52.0.0/24"]
  name                                           = "${random_id.prefix.hex}-sn"
  resource_group_name                            = local.resource_group.name
  virtual_network_name                           = azurerm_virtual_network.test.name
  enforce_private_link_endpoint_network_policies = true
}

The enforce_private_link_endpoint_network_policies has been deprecated and will be removed in azurerm 4.0, we should use private_endpoint_network_policies_enabled instead.

New or Affected Resource(s)/Data Source(s)

azurerm_subnet

Potential Terraform Configuration

resource "azurerm_subnet" "test" {
  address_prefixes                          = ["10.52.0.0/24"]
  name                                      = "${random_id.prefix.hex}-sn"
  resource_group_name                       = local.resource_group.name
  virtual_network_name                      = azurerm_virtual_network.test.name
  private_endpoint_network_policies_enabled = true
}

References

https://github.com/hashicorp/terraform-provider-azurerm/blob/main/internal/services/network/subnet_resource.go#L207

ravick4u commented 1 year ago

I am also getting the exact same error. Any update on this?

lonegunmanb commented 1 year ago

Hi @ravick4u I've tried a fix but I found that we cannot use private_endpoint_network_policies_enabled directly now as this response pointed out.

But I think maybe we can add this attribute to ignore_changes list as this is only an example.

BenjaminNolan commented 3 months ago

Anyone coming here after googling this error:

Error: Unsupported argument
│ 
│   on ./path/to/virtual_network/subnets.tf line 8, in resource "azurerm_subnet" "additional_subnets":
│    8:   private_endpoint_network_policies_enabled = each.value.enable_pe_policy

Hashicorp released AzureRM v4.0.0 11 hours ago, which apparently breaks the suggested fix as well.

Seems the fix is to use this instead:

private_link_service_network_policies_enabled = each.value.enable_pe_policy
private_endpoint_network_policies             = "Enabled"

There's more info on other breaking changes in the 4.0.0 upgrade guide.