search

Azure / terraform-azurerm-aks

Terraform Module for deploying an AKS cluster
MIT License
361 stars 468 forks source link

Module throws multiple deprecation warnings #578

Closed scottslowe closed 3 months ago

scottslowe commented 4 months ago

Is there an existing issue for this?

Greenfield/Brownfield provisioning

greenfield

Terraform Version

1.8.x (also reproduced with OpenTofu 1.7.x)

Module Version

9.0.0

AzureRM Provider Version

3.103.1

Affected Resource(s)/Data Source(s)

azurerm_kubernetes_cluster

Terraform Configuration Files

We consume this module downstream; the example Terraform configuration files at this link should be sufficient to reproduce the deprecation warnings: https://github.com/isovalent/terraform-azure-aks/tree/main/example

tfvars variables values

The default values used in the example code (see previous link) should be sufficient to reproduce the behavior.

Debug Output/Panic Output

N/A

Expected Behaviour

The module should not have produced deprecation warnings when creating the resources.

Actual Behaviour

The module throws deprecation warnings, like this:

 Warning: Argument is deprecated

with module.aks.module.main.azurerm_kubernetes_cluster.main,
on .terraform/modules/aks.main/main.tf line 17, in resource "azurerm_kubernetes_cluster" "main":
17: resource "azurerm_kubernetes_cluster" "main" {

Azure AD Integration (legacy) (https://aka.ms/aks/aad-legacy) is deprecated
and clusters can no longer be created with the Azure AD integration (legacy)
enabled. This field must be supplied with the value `true` for AKS-managed
Entra Integration, but will be removed and defaulted to `true` for the user
in v4.0 of the AzureRM Provider.

(and one more similar warning elsewhere)

Warning: Deprecated attribute

on .terraform/modules/aks.main/main.tf line 548, in resource "azurerm_kubernetes_cluster" "main":
548:       public_network_access_enabled,

The attribute "public_network_access_enabled" is deprecated. Refer to the
provider documentation for details.

Steps to Reproduce

No response

Important Factoids

N/A

References

This issue is filed on our downstream repository: https://github.com/isovalent/terraform-azure-aks/issues/31

zioproto commented 4 months ago

Hello @scottslowe

thanks for opening this issue.

For public_network_access_enabled this was already discussed in issue #526

You can check in the source code that public_network_access_enabled appears only in the lifecycle block to ignore it. It is intentional to keep that value in the lifecycle block. To avoid problems with existing terraform states that contain public_network_access_enabled.

Original comment: https://github.com/Azure/terraform-azurerm-aks/issues/526#issuecomment-2024655582

For the Azure AD Integration (legacy) deprecation warning, this is an issue coming for the provider.

At the moment we have this azure_active_directory_role_based_access_control block with a managed property, that is at the same time required and deprecated. Because it is required for the block to work we can't remove it to remove the deprecation warning.

Here a detailed discussion about this: https://github.com/hashicorp/terraform-provider-azurerm/issues/25756 https://github.com/hashicorp/terraform-provider-azurerm/issues/25707

please let me know if you have any additional question. If there is any actionable change that we can implement in the module, and that I missed, please let me know.

I will propose a PR to the readme to make these details more visible.

Thanks

lonegunmanb commented 4 months ago

Hi @scottslowe thanks for opening this issue to us. No worries about the deprecation message, these arguments would be removed in v4.0, we have pinned major version for this module, anyone who's using this module won't be harmed by v4 releasement for azurerm provider.

lonegunmanb commented 3 months ago

I'm closing this issue since we have nothing to do in v3. Please feel free to reopen it if you have different thoughts @scottslowe !