Feat/use azapi for subnets

[jaredfholgate]

Description

NOTE: This pull request is a clone of https://github.com/Azure/terraform-azurerm-avm-res-network-virtualnetwork/pull/74 submitted by @kewalaka. We just had to migrate to an un forked branch on this occasion for ease of testing, etc.

1) This ports the approach used in the sub vending LZ module

• functionally, this allows a second team to create subnets within a vnet, without terraform overwriting the subnets

2) This also ports the example from @haflidif where subnets are also created using azapi, to allow an immediate association with an NSG & route table, along with aligning it to the AVM way. As noted, this fixes deployments when faced with typical Azure Policy restrictions.

3) This includes the logic to be able to deploy subnets into an existing vnet (fixes #43)

4) On the examples;

• The 'complete' example is now much more complete. It deploys all the various resources such as routes, NSGs, DDOS (but disabled, for cost saving), etc.
• The 'default' example just deploys the minimal vnet
• There is an additional example to test (3)

5) This fixes a number of variables that do not follow AVM spec, noting;

• vnet_location is now location
• virtual_network_dns_servers is dns_servers
• virtual_network_ddos_protection_plan is ddos_protection_plan
• virtual_network_address_space is address_space
• vnet_peering_config is peerings (?)

... and the outputs have been updated to align more closely with AVM too.

6) Change works with recent changes in azapi 1.13

The code passes lint, docs & grept apply checks.

Fixes #43, #65, #71, #73 Supersedes #62

-->

Type of Change

• [ ] Non-module change (e.g. CI/CD, documentation, etc.)
• [X] Azure Verified Module updates:
  • [ ] Bugfix containing backwards compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in locals.version.tf.json:
  • [ ] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description.
  • [ ] The bug was found by the module author, and no one has opened an issue to report it yet.
  • [ ] Feature update backwards compatible feature updates, and I have bumped the MINOR version in locals.version.tf.json.
  • [X] Breaking changes and I have bumped the MAJOR version in locals.version.tf.json. edit: bumped the minor version as we are still < v1.0
  • [X] Update to documentation

Checklist

• [X] I'm sure there are no other open Pull Requests for the same update/change (except those noted that this supersedes)
• [X] My corresponding pipelines / checks run clean and green without any errors or warnings
• [X] I did run all pre-commit checks

[jaredfholgate]

@matt-FFFFFF How important is it that we provide an automated migration path here? There is a lot of change happening here. Adding the removed and import blocks to the examples is certainly feasible, but given we are pre-v1.0 I'm wondering how much time we should spend on it. I appreciate that users have probably already adopted the module, but in order to fully automate this we would need to do it in an external script. We'd need to find the resource ids from their state and then create remove and import blocks or commands. Interested in your thoughts as to how far we should go with this.

[jaredfholgate]

@matt-FFFFFF Refactored this a bit more following our discussion yesterday. Not specifically supporting the sub module being used independently, but it is there if we want to take that approach. Keen to get your thoughts. Also moved away from supplying the resource_id for existing VNETs and instead re-using the existing variables to reduce clunkiness. Final change is to make it so that subnet role assignments actually work. I will consider splitting out peerings into a sub module too, but can wait until later.

I did add support for reverse peerings too, so that the module supports an end to end solution. Otherwise there was a circular dependency and you could only ever do half a peering.

[kewalaka]

thanks for helping finish this off @jaredfholgate - LGTM - what do we need to do before pressing the Big Green Button & making a release?

[matt-FFFFFF]

I think we probably need it to be Monday 😂

Been a long week but glad to get there. I'm sure we will get this released soon.

[kewalaka]

just doing some quick usage testing, spotted shouldn't these be nullable = false :

private_link_service_network_policies_enabled & private_endpoint_network_policies

in https://github.com/kewalaka/terraform-azurerm-avm-res-network-virtualnetwork/blob/feat/use-azapi-for-subnets/modules/subnet/variables.tf

[jaredfholgate]

@kewalaka, @haflidif and @matt-FFFFFF. I'll get this release out today.