Closed eehret closed 1 month ago
Oops, I think I misunderstood the root issue here. I guess I can't just omit zones from the archetype_config_overrides
block. In 5.2.1 I must have provided a resource ID for all of the zones that were in there, and now since new zones have been added and I didn't create them and configure all of the resource IDs for those, I'm seeing the default values. I'll rethink this and close the issue.
Community Note
Versions
terraform: 1.8.5
azure provider: 3.113.0
module: 6.0.0
Description
Describe the bug
In the process of reviewing the
terraform plan
for the upgrade from v5.2.1 to v6.0.0 I noticed some new behaviour that is undesired in my opinion.In our environment we are invoking the module two times, because our
Connectivity
subscription is a legacy subscription that we did not want to be automatically reparented to a new management group; this subscription is where the private DNS zones exist. We thus configured the module not to deploy connectivity resources for the first module invocation (deploy_connectivity_resources=false
), and then we called the module a second time to only deploy connectivity resources. In order to wire up the private DNS zone locations for theDeploy-Private-DNS-Zones
policy assignment, we used thearchetype_config_overrides
for the first module invocation. In v5.2.1 this had the desired effect of populating the placeholder private DNS zone resource IDs with the actual values and everything was working fine.In v.6.0.0, however, we are seeing placeholder entries for entries that we are not even including in our deployment. For example, we have no entries for ARC related private DNS zones, because we don't require those capabilities right now and don't have those zones. In the plan, we're seeing:
Steps to Reproduce
Deploy-Private-DNS-Zones
policy assignment viaarchetype_config_overrides
. Don't include all of the possible private DNS zone IDs.Deploy-Private-DNS-Zones
policy assignment resource.Screenshots
n/a
Additional context
If there is some other way we should be handling our 'mixed-mode' deployment (calling module twice, treating
Connectivity
separately), I'm all ears. Back when we set it up this way it seemed to be the way to handle avoiding reparenting of theConnectivity
subscription. I'm not sure if there is a better way now, or if it would solve the problem reported in this issue.Note that there are other entries showing up with placeholder resource IDs in the
Deploy-Private-DNS-Zones
policy assignment for non-existing/non-required zones as well, the ARC ones were just one example. In my particular deployment we also see: azureIotCentralPrivateDnsZoneId, azureIotDeviceupdatePrivateDnsZoneId, azureMachineLearningWorkspaceSecondPrivateDnsZoneId, azureManagedGrafanaWorkspacePrivateDnsZoneId, azureSiteRecoveryBackupPrivateDnsZoneID, azureSiteRecoveryBlobPrivateDnsZoneID, azureSiteRecoveryBlobPrivateDnsZoneID, azureVirtualDesktopHostpoolPrivateDnsZoneId and azureVirtualDesktopWorkspacePrivateDnsZoneId