Bug report - azurerm_firewall invalid subnet_id on public_ip[1]

[sjackson0109]

Is there an existing issue for this?

• [X] I have searched the existing issues

Versions

Terraform v1.5.5 on windows_amd64

• provider registry.terraform.io/aztfmod/azurecaf v1.2.26
• provider registry.terraform.io/azure/azapi v1.6.0
• provider registry.terraform.io/hashicorp/azuread v2.39.0
• provider registry.terraform.io/hashicorp/azurerm v3.56.0
• provider registry.terraform.io/hashicorp/external v2.3.1
• provider registry.terraform.io/hashicorp/local v2.4.0
• provider registry.terraform.io/hashicorp/null v3.2.1
• provider registry.terraform.io/hashicorp/random v3.3.2
• provider registry.terraform.io/hashicorp/time v0.9.1
• provider registry.terraform.io/hashicorp/tls v4.0.4

Affected Resource(s)/Data Source(s)

azurerm_firewall

Terraform Configuration Files

azurerm_firewalls = {
  uks_hub = {
    name               = "uks-hub"
    resource_group_key = "hub"
    region             = "uks"
    vnet_key           = "uks_hub"
    sku_name           = "AZFW_VNet"
    sku_tier           = "Standard"
    zones              = ["1", "2"]
    private_ip_ranges  = null
    management_ip_configuration = {
      mgmt = {
        name          = "uks-hub-azfw-mgmt-config"
        public_ip_key = "uks_hub_azfw_pip_mgmt"
        vnet_key      = "uks_hub"
        subnet_key    = "AzureFirewallManagementSubnet"
      }
    }
    public_ips = {
      primary = {
        name          = "uks-hub-azfw-primary"
        public_ip_key = "uks_hub_azfw_pip_primary"
        vnet_key      = "uks_hub"
        subnet_key    = "AzureFirewallSubnet"
      }
      secondary = {
        name          = "uks-hub-azfw-secondary"
        public_ip_key = "uks_hub_azfw_pip_secondary"
        vnet_key      = "uks_hub"
        subnet_key    = "AzureFirewallSubnet" ## <<<< THIS LINE ERRORS
      }
    }
    threat_intel_mode = "Deny" # Options: Off, Alert (default) or Deny
    # diagnostic_profiles = {
    #   central_logs_region1 = {
    #     definition_key   = "azurerm_firewall"
    #     destination_type = "event_hub"
    #     destination_key  = "central_logs"
    #   }
    # }
  }
}

Expected Behaviour

expect this to build the resource successfully.

Actual Behaviour

The "ip_configuration" is invalid, 2 "subnet_id" have been set, one "subnet_id" should be set among all "ip_configuration" blocks

Steps to Reproduce

terraform plan terraform apply

Important Factoids

No response

References

No response

[sjackson0109]

Can fix by amending modules/networking/firewall/module.tf, lines 39-47 as follows:

  dynamic "ip_configuration" {
    for_each = try([var.settings.public_ip_key], {})

    content {
      name                 = ip_configuration.key
      public_ip_address_id = var.public_ip_addresses[var.client_config.landingzone_key][ip_configuration.value].id
      subnet_id            = contains(["0", 0], ip_configuration.key) ? var.subnet_id : null
    }
  }