search

CloudNationHQ / terraform-azure-vnet

Terraform module which creates virtual network resources used by workloads and accelerators.
https://library.tf/modules/CloudNationHQ/vnet/azure/latest
MIT License
1 stars 1 forks source link

error using multiple ports or ip adresses with NSG rules #31

Closed cndaan closed 4 months ago

cndaan commented 4 months ago

Using destination_port_ranges, source_address_prefixes or destination_address_prefixes does not work. Using the source_address_prefix, destination_port_range and destination_address_prefix does work as a work around. So you will need a rule for every port and Ip-address.

Adding nsg rules with multiple ports or ip adresses wil result in the following error:

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: Inconsistent conditional result types
│
│   on .terraform\modules\Infrastructure.network_test\locals.tf line 14, in locals:
│   14:   subnets = length(lookup(var.vnet, "subnets", {})) > 0 ? flatten([
│   15:     for subnet_key, subnet in lookup(var.vnet, "subnets", {}) : {
│   16:       subnet_key                 = subnet_key
│   17:       virtual_network_name       = azurerm_virtual_network.vnet.name
│   18:       address_prefixes           = subnet.cidr
│   19:       endpoints                  = try(subnet.endpoints, [])
│   20:       enforce_priv_link_service  = try(subnet.enforce_priv_link_service, false)
│   21:       enforce_priv_link_endpoint = try(subnet.enforce_priv_link_endpoint, false)
│   22:       rules                      = local.nsg_rules[subnet_key]
│   23:       subnet_name                = try(subnet.name, join("-", [var.naming.subnet, subnet_key]))
│   24:       nsg_name                   = try(subnet.nsg.name, join("-", [var.naming.network_security_group, subnet_key]))
│   25:       rt_name                    = try(subnet.route.name, join("-", [var.naming.route_table, subnet_key]), {})
│   26:       location                   = var.vnet.location
│   27:       routes                     = try(subnet.route.routes, {})
│   28:       route_table                = local.route_table_info[subnet_key].route_table
│   29:       shd_route_table            = local.route_table_info[subnet_key].shd_route_table
│   30:       delegations = [for d in try(subnet.delegations, {}) : {
│   31:         name    = d.name
│   32:         actions = try(d.actions, [])
│   33:       }]
│   34:     }
│   35:   ]) : []
│     ├────────────────
│     │ azurerm_virtual_network.vnet.name is "vnet-nonprod-workload1"
│     │ local.nsg_rules is object with 2 attributes
│     │ local.route_table_info is object with 2 attributes
│     │ var.naming.network_security_group is "nsg-nonprod-workload1"
│     │ var.naming.route_table is "route-nonprod-workload1"
│     │ var.naming.subnet is "snet-nonprod-workload1"
│     │ var.vnet is object with 6 attributes
│     │ var.vnet.location is "westeurope"
│
│ The true and false result expressions must have consistent types. The 'true' tuple has length 2, but the 'false' tuple has length 0.
dkooll commented 4 months ago

solved by #34