Closed haflidif closed 1 month ago
kewalaka
commented
2 months ago hi @haflidif - I love the idea of the azapi subnet resource as you mention. I agree with your observations regarding Policy.
This is quite useful for an existing use case I have, so I may contribute a PR, or if not would certainly help with testing.
jaredfholgate
commented
1 month ago @haflidif and @matt-FFFFFF I agree that we need to support subnet creation without a VNET, just passing a VNET ID / name instead. Having that as part of this module is a reasonable approach rather than having a separate subnet module. I think we'll need to highlight the capability at the top of the read me, as people are likely to go searching for a separate subnet module and need to help them find it here instead.
The use case of subscription vending makes the ability to create subnets on their own essential, so great this is happening.
If we need to change it in the future, we could always reference a separate subnet module from this module and add some moved blocks.
haflidif
commented
1 month ago @haflidif and @matt-FFFFFF I agree that we need to support subnet creation without a VNET, just passing a VNET ID / name instead. Having that as part of this module is a reasonable approach rather than having a separate subnet module. I think we'll need to highlight the capability at the top of the read me, as people are likely to go searching for a separate subnet module and need to help them find it here instead.
The use case of subscription vending makes the ability to create subnets on their own essential, so great this is happening.
If we need to change it in the future, we could always reference a separate subnet module from this module and add some moved blocks.
Absolutely @jaredfholgate - It's already being worked on here: #74 🚀
Check for previous/existing GitHub issues
Issue Type?
Feature Request
(Optional) Module Version
No response
(Optional) Correlation Id
No response
Description
I would like to propose a feature that utilizes the
azapiresource provider to deploy a subnet with a virtual network as well as within an existing virtual network. This feature would support all the configurations that the nativeazurerm_subnetresource provides, along with the ability to associate an existing Network Security Group (NSG) and Route Table (RT) to the subnet in a single API call.In this context, the
azapiresource provider would serve as an alternative to the nativeazurerm_subnetresource to circumvent conflicts withdenyAzure Landing Zone policies. These policies includeSubnets should have a Network Security GroupandSubnets should have a User Defined Route, which are commonly implemented in large to medium-sized enterprises following the Azure Landing Zone Reference Architecture.While a pattern module that I created, which can be used to deploy a subnet, create a new route table, and NSG in addition to other features already exists [haflidif/terraform-azurerm-alz-subnet](), I would like this feature to contribute to the virtual network verified module that is clean, creates the subnet, and accepts input for Route Table, NSG, etc. This would enhance the functionality and efficiency of this module, and allow it to be used with these policies in place.
There is an open module proposal on just creating a subnet https://github.com/Azure/Azure-Verified-Modules/issues/842 but after some considerations with @matt-FFFFFF we agreed on that this would better be suited as a feature in the virtual network resource module, rather then being a separate resource module.
I would be happy to contribute to that feature as well, so just say the word @herms14 and I will start working on this feature 🚀