search

Azure / terraform-azurerm-hubnetworking

Terraform verified module for deploying multi-hub & spoke architectures
https://registry.terraform.io/modules/Azure/hubnetworking/azurerm/latest
MIT License
22 stars 17 forks source link

Management Public IP for Zonal Firewall is not zonal; deployment fails #78

Closed SvenAelterman closed 3 months ago

SvenAelterman commented 3 months ago

Is there an existing issue for this?

Greenfield/Brownfield provisioning

greenfield

Terraform Version

1.9.2

Module Version

1.2.0

AzureRM Provider Version

3.113.0

Affected Resource(s)/Data Source(s)

azurerm_firewall

Terraform Configuration Files

Generated by ALZ Terraform accelerator + manual modifications for Basic Firewall tier:

connectivity:
  hubnetworking: # `hubnetworking` module, add inputs as listed on the module registry where necessary.
    hub_virtual_networks:
      primary:
        name: hub-demo-vnet-cnc-01
        resource_group_name: network-demo-rg-cnc-01
        location: ${default_location}
        address_space:
          - 10.0.0.0/23
        # TODO: Add DNS servers, once deployed
        #dns_servers: [""]
        # TODO: Add tags
        tags: {}
        # TODO: Add custom subnets, for Bastion
        # subnets:
        #   - name: AzureBastionSubnet
        #     address_prefixes: 10.0.0.128/26
        #     delegation:
        #       name: Microsoft.Network/bastionHosts
        #       service_delegation:
        #         name: Microsoft.Bastion
        #         actions: ["Microsoft.Network/bastionHosts/*"]
        firewall:
          name: hub-demo-fw-cnc-01
          sku_name: AZFW_VNet
          sku_tier: Basic
          subnet_address_prefix: 10.0.0.0/26
          management_subnet_address_prefix: 10.0.0.64/26
          zones: ["1", "2", "3"]
          default_ip_configuration:
            public_ip_config:
              zones: ["1", "2", "3"]
              name: "hub-demo-fw-pip-cnc-01"
          management_ip_configuration:
            public_ip_config:
              zones: ["1", "2", "3"]
              name: "hub-demo-fw-mgmt-pip-cnc-01"

tfvars variables values

configuration_file_path         = ""
default_location                = "canadacentral"
default_postfix                 = "landing-zone"
root_parent_management_group_id = ""
subscription_id_connectivity    = "fca9eaf6-728a-4252-9e2d-aa2532c82614"
subscription_id_identity        = "d08095f8-98fa-434e-8f14-6d06471029b0"
subscription_id_management      = "efd2877e-cc6a-4660-ab6d-60f1c33f3ded"

Debug Output/Panic Output

Azure Firewall Name: "hub-demo-fw-cnc-01"): performing CreateOrUpdate: unexpected status 400 (400 Bad Request) with error: ZonalAzureFirewallCannotReferenceNoZonePublicIp: Azure Firewall /subscriptions/fca9eaf6-728a-4252-9e2d-aa2532c82614/resourceGroups/network-demo-rg-cnc-01/providers/Microsoft.Network/azureFirewalls/hub-demo-fw-cnc-01 has zone constraint 2, 3, 1, but Public IP /subscriptions/fca9eaf6-728a-4252-9e2d-aa2532c82614/resourceGroups/network-demo-rg-cnc-01/providers/Microsoft.Network/publicIPAddresses/hub-demo-fw-mgmt-pip-cnc-01 referenced by the azure firewall has no zones

Expected Behaviour

Public IP addresses should be correctly configured for zonal support

Actual Behaviour

Deployment errored

Steps to Reproduce

No response

Important Factoids

No response

References

No response

SvenAelterman commented 3 months ago

I've found the root cause. It's a set of typos.

SvenAelterman commented 3 months ago

This was resolved with #79