Open kiebrew opened 2 years ago
The workaround method I mentioned in the post above doesn't work either, i'm getting an Azure provider error when applying the changes:
##[error]Bash exited with code '1'.
##[error]Bash wrote one or more lines to the standard error stream.
##[error]
Error: creating/updating Azure Firewall "fw-hub" (Resource Group "rg-hub"): network.AzureFirewallsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="InternalServerError" Message="An error occurred." Details=[]
with module.solution.module.azurerm_firewalls["fw_hub"].azurerm_firewall.fw,
on /tf/caf/modules/solution/modules/networking/firewall/module.tf line 13, in resource "azurerm_firewall" "fw":
13: resource "azurerm_firewall" "fw" {
##[error]Error on or near line 374: Error running terraform apply; exiting with status 1
I've reverted and re-applied these changes twice thinking it might have been a blip, but I've had the same error twice now
Upvote for this problem. I can see the root cause of the issue. In short, only local.combined_objects_azurerm_firewall_policies is being examined to determine the firewall_id. With that said, local.combined_objects_azurerm_firewall_policies only consists of policies from remote tfstate files or module.azurerm_firewall_policies. module.azurerm_firewall_policies only includes policies that do not have a base_policy defined.
In this situation, the policy being assigned is a child policy so the search needs to examine policies in module.azure_rm_firewall_policies_child
Assign to me and I can submit fix. I'll also submit fix for https://github.com/aztfmod/terraform-azurerm-caf/issues/1101
We are in the process of deploying a set of Firewall policies (Firewall Manager) and need to associate them with corresponding firewalls.
We've come across some strange behaviour when trying to attach a child firewall policy to our firewall. I'm not sure if this is a bug or not as my config code looks to okay and matches the examples given to us in the CAF supermodule.
Some context:
production_policy is a child of base_policy and the policies have been deployed successfully, we then have a firewall deployed and want to associate the production_policy to it.
For some reason, using the code below, the rover container/Terraform doesnt detect the value
The firewall policy code:
In my testing I changed firewall_policy_key to be "base_policy" instead of "production_policy" and the policy is detected correctly. But this is not our intended design.
I can workaround the issue by hardcoding the resource id of the production_policy using the code below instead
I've tried the various options available to us as defined in the CAF supermodule
snippet from https://github.com/aztfmod/terraform-azurerm-caf/blob/master/networking_firewall.tf
Any help or guidance would be greatly appreciated!