search

Azure / terraform-azurerm-avm-ptn-hubnetworking

Multi-hub networking pattern module for Terraform
MIT License
2 stars 3 forks source link

This module is not compatible with Azure/naming/azurerm module #60

Open DucretJe opened 1 month ago

DucretJe commented 1 month ago

Is there an existing issue for this?

Greenfield/Brownfield provisioning

greenfield

Terraform Version

1.9.2

Module Version

1.2.0

AzureRM Provider Version

3.111.0

Affected Resource(s)/Data Source(s)

azurerm_resource_group

Terraform Configuration Files

module "naming" {
  source  = "Azure/naming/azurerm"
  version = "0.4.1"

  suffix = [var.naming_suffix]
}

module "subnet_addrs_hub" {
  source          = "hashicorp/subnets/cidr"
  base_cidr_block = var.hub_address_space
  networks = [
    {
      name     = "firewall"
      new_bits = 8
    },
    {
      name     = "vnet-gateway"
      new_bits = 9
    },
    {
      name     = "bastion"
      new_bits = 8
    },
    {
      name     = "dns"
      new_bits = 10
    }
  ]
}

module "hub" {
  count   = var.type == "hub" ? 1 : 0
  source  = "Azure/hubnetworking/azurerm"
  version = "1.2.0"

  tracing_tags_enabled = false
  hub_virtual_networks = {
    hub = {
      name                = module.naming.virtual_network.name_unique
      address_space       = [var.hub_address_space]
      location            = var.location
      resource_group_name = module.naming.resource_group.name_unique
      route_table_name                = module.naming.route_table.name_unique
      flow_timeout_in_minutes         = 4
      mesh_peering_enabled            = true
      resource_group_creation_enabled = true
      resource_group_lock_enabled     = true
      resource_group_tags = {
        type        = "hub"
        environment = local.environment
      }
      tags = {
        type        = "hub"
        environment = local.environment
      }
      subnets = {
        vnet-gateway = {
          address_prefixes                              = [module.subnet_addrs_hub.network_cidr_blocks["vnet-gateway"]]
          private_endpoint_network_policies_enabled     = true
          private_link_service_network_policies_enabled = true
          assign_generated_route_table                  = true
        },
        bastion = {
          address_prefixes                              = [module.subnet_addrs_hub.network_cidr_blocks["bastion"]]
          private_endpoint_network_policies_enabled     = true
          private_link_service_network_policies_enabled = true
          assign_generated_route_table                  = true
        },
        dns = {
          address_prefixes                              = [module.subnet_addrs_hub.network_cidr_blocks["dns"]]
          private_endpoint_network_policies_enabled     = true
          private_link_service_network_policies_enabled = true
          assign_generated_route_table                  = true
        },
      }
      firewall = {
        sku_name              = "AZFW_VNet"
        sku_tier              = "Standard"
        subnet_address_prefix = module.subnet_addrs_hub.network_cidr_blocks["firewall"]
        name                  = module.naming.firewall.name_unique
        default_ip_configuration = {
          tags = {
            type        = "hub"
            environment = local.environment
          }
        }
        tags = {
          type        = "hub"
          environment = local.environment
        }
      }
    }
  }
}

tfvars variables values

variables {
        type = "hub"
        hub_address_space = "10.0.0.0/18"
        naming_suffix = "tests"
    }

Debug Output/Panic Output

Error: Invalid for_each argument
on .terraform/modules/hub.hub/main.tf line 14, in resource "azurerm_resource_group" "rg":
  for_each = { for rg in local.resource_group_data : rg.name => rg }
local.resource_group_data is set of object with 1 element
The "for_each" map includes keys derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify the instances of this resource.

When working with unknown values in for_each, it's better to define the map keys statically in your configuration and place apply-time results only in the map values.

Alternatively, you could use the -target planning option to first apply only the resources that the for_each value depends on, and then apply a second time to fully converge.

Expected Behaviour

We expect the resource group to be created with the name defined by the Azure/naming/azurerm module

Actual Behaviour

Failure because a for_each loop based on the name of the resource_group leading Terraform to be unable to compute the amount of created resources since the name_unique will be known after the apply.

Steps to Reproduce

terraform plan

Important Factoids

No response

References

No response

matt-FFFFFF commented 4 weeks ago

Hi @DucretJe we will be publishing a new version very soon when we hope to fix this

matt-FFFFFF commented 1 week ago

Please can you try 0.1.0?