search

Azure / terraform-azurerm-avm-res-network-virtualnetwork

Azure Verified Module for Virtual Network
https://registry.terraform.io/modules/Azure/avm-res-network-virtualnetwork
MIT License
17 stars 14 forks source link

[AVM Module Issue]: Cannot create a LAW and VNET with diagnostic settings at same time #75

Closed philipstreet closed 1 month ago

philipstreet commented 2 months ago

Check for previous/existing GitHub issues

Issue Type?

Bug

(Optional) Module Version

0.1.4

(Optional) Correlation Id

No response

Description

I know this might be an edge-case but I get an error during Terraform Plan when I try to deploy a LAW and a VNET with diagnostic settings at the same time. I appreciate that normally a LAW may already exist so can be simply referenced via a data resource.

Sample code;

resource "azurerm_resource_group" "this" {
  location = "uksouth"
  name     = "rg-test"
}

module "law" {
  source = "Azure/avm-res-operationalinsights-workspace/azurerm"
  version = ">= 0.1.3"
  location = azurerm_resource_group.this.location
  name = "law-test"
  resource_group_name = azurerm_resource_group.this.name
}

module "vnet" {
  source                        = "Azure/avm-res-network-virtualnetwork/azurerm"
  version                       = ">= 0.1.4"
  location                      = azurerm_resource_group.this.location
  name                          = "vnet-test"
  resource_group_name           = azurerm_resource_group.this.name
  virtual_network_address_space = ["10.0.0.1/24"]
  subnets = {
    "subnet-001" = {
      address_prefixes = ["10.0.0.0/25"]
    }
  }
  diagnostic_settings = {
    sendToLogAnalytics = {
      name                           = "sendToLogAnalytics"
      workspace_resource_id          = module.law.resource.id
      log_analytics_destination_type = "AzureDiagnostics"
    }
  }
}

I get the following error;

Error: Invalid for_each argument

  on .terraform/modules/vnet/main.tf line 70, in resource "azurerm_monitor_diagnostic_setting" "example":
  70:   for_each = {
  71:     for key, value in var.diagnostic_settings : key => value
  72:     if value.workspace_resource_id != null || value.storage_account_resource_id != null || value.event_hub_authorization_rule_resource_id != null
  73:   }
    ├────────────────
    │ var.diagnostic_settings is map of object with 1 element

I've tried using a technique by @matt-FFFFFF to put the 'module "vnet' call in another module and then pass the LAW ID inside an object to force the "(known after apply)" behaviour but that does not work. For example;

variable "log_analytics_workspace" {
  type = object({
    resource_id = string
  })
  description = "The ID of the Log Analytics workspace."
  default     = null
}

module "vnet" {
  source                        = "Azure/avm-res-network-virtualnetwork/azurerm"
  version                       = ">= 0.1.4"
  location                      = azurerm_resource_group.this.location
  name                          = "vnet-test"
  resource_group_name           = azurerm_resource_group.this.name
  virtual_network_address_space = ["10.0.0.1/24"]
  subnets = {
    "subnet-001" = {
      address_prefixes = ["10.0.0.0/25"]
    }
  }
  diagnostic_settings = {
    sendToLogAnalytics = {
      name                           = "sendToLogAnalytics"
      workspace_resource_id          = var.log_analytics_workspace.resource_id
      log_analytics_destination_type = "AzureDiagnostics"
    }
  }
}

So, I'm not sure if I am doing something wrong or it is a bug in the LAW AVM.

microsoft-github-policy-service[bot] commented 2 months ago

[!IMPORTANT] The "Needs: Triage :mag:" label must be removed once the triage process is complete!

[!NOTE] This label was added as per ITA06.

microsoft-github-policy-service[bot] commented 2 months ago

[!NOTE] The "Type: Bug :bug:" label was added as per ITA21.

microsoft-github-policy-service[bot] commented 2 months ago

[!WARNING] Tagging the AVM Core Team (@Azure/avm-core-team-technical-terraform) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

[!TIP]

  • To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
  • To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!

[!NOTE] This message was posted as per ITA01TF.

microsoft-github-policy-service[bot] commented 1 month ago

[!WARNING] Tagging the AVM Core Team (@Azure/avm-core-team-technical-terraform) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

[!TIP]

  • To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
  • To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!

[!NOTE] This message was posted as per ITA01TF.

microsoft-github-policy-service[bot] commented 1 month ago

[!CAUTION] This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-terraform) immediate attention as it hasn't been responded to within 6 business days.

[!TIP]

  • To avoid this rule being (re)triggered, the "Needs: Triage :mag:" and "Status: Response Overdue :triangular_flag_on_post:" labels must be removed when the issue is first responded to!
  • Remove the "Needs: Immediate Attention :bangbang:" label once the issue has been responded to.

[!NOTE] This message was posted as per ITA02TF.

microsoft-github-policy-service[bot] commented 1 month ago

[!WARNING] Tagging the AVM Core Team (@Azure/avm-core-team-technical-terraform) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

[!TIP]

  • To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
  • To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!

[!NOTE] This message was posted as per ITA01TF.

microsoft-github-policy-service[bot] commented 1 month ago

[!CAUTION] This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-terraform) immediate attention as it hasn't been responded to within 6 business days.

[!TIP]

  • To avoid this rule being (re)triggered, the "Needs: Triage :mag:" and "Status: Response Overdue :triangular_flag_on_post:" labels must be removed when the issue is first responded to!
  • Remove the "Needs: Immediate Attention :bangbang:" label once the issue has been responded to.

[!NOTE] This message was posted as per ITA02TF.

microsoft-github-policy-service[bot] commented 1 month ago

[!WARNING] Tagging the AVM Core Team (@Azure/avm-core-team-technical-terraform) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

[!TIP]

  • To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
  • To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!

[!NOTE] This message was posted as per ITA01TF.

microsoft-github-policy-service[bot] commented 1 month ago

[!CAUTION] This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-terraform) immediate attention as it hasn't been responded to within 6 business days.

[!TIP]

  • To avoid this rule being (re)triggered, the "Needs: Triage :mag:" and "Status: Response Overdue :triangular_flag_on_post:" labels must be removed when the issue is first responded to!
  • Remove the "Needs: Immediate Attention :bangbang:" label once the issue has been responded to.

[!NOTE] This message was posted as per ITA02TF.

microsoft-github-policy-service[bot] commented 1 month ago

[!WARNING] Tagging the AVM Core Team (@Azure/avm-core-team-technical-terraform) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

[!TIP]

  • To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
  • To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!

[!NOTE] This message was posted as per ITA01TF.

microsoft-github-policy-service[bot] commented 1 month ago

[!CAUTION] This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-terraform) immediate attention as it hasn't been responded to within 6 business days.

[!TIP]

  • To avoid this rule being (re)triggered, the "Needs: Triage :mag:" and "Status: Response Overdue :triangular_flag_on_post:" labels must be removed when the issue is first responded to!
  • Remove the "Needs: Immediate Attention :bangbang:" label once the issue has been responded to.

[!NOTE] This message was posted as per ITA02TF.