Support for azurerm_eventhub_namespace_network_rule_set

[rohithegde]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Please add a resource to manage eventhub namespace's network rules separately from the event hub namespace resource in Terraform. This will be similar to azurerm_servicebus_namespace_network_rule_set but for event hub namespace instead. This feature exists in Az CLI too.

New or Affected Resource(s)

• azurerm_eventhub_namespace_network_rule_set

Potential Terraform Configuration

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}
resource "azurerm_virtual_network" "example" {
  name                = "example-vnet"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  address_space       = ["172.17.0.0/16"]
  dns_servers         = ["10.0.0.4", "10.0.0.5"]
}

resource "azurerm_subnet" "example" {
  name                 = "default"
  resource_group_name  = azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = ["172.17.0.0/24"]

  service_endpoints = ["Microsoft.ServiceBus"]
}
resource "azurerm_eventhub_namespace" "example" {
  name                = "example-namespace"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  sku                   = "Standard"
  capacity           = 2
}
resource "azurerm_eventhub_namespace_network_rule_set" "example" {
  namespace_id = azurerm_eventhub_namespace.example.id

  default_action                = "Deny"
  public_network_access_enabled = true

  network_rules {
    subnet_id                            = azurerm_subnet.example.id
    ignore_missing_vnet_service_endpoint = false
  }

  ip_rules = ["1.1.1.1"]
}

References

• https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/servicebus_namespace_network_rule_set
• https://docs.microsoft.com/en-us/cli/azure/eventhubs/namespace/network-rule?view=azure-cli-latest
• https://github.com/hashicorp/terraform-provider-azurerm/issues/14958
• https://github.com/hashicorp/terraform-provider-azurerm/issues/2579

[jackbackes]

hi @catriona-m have you been able to work on this?

[catriona-m]

Hi @thejohnbackes

I currently have a PR open for upgrading the eventhubs sdk and hope to get to this issue in the near future once that is merged

[vamshisiram]

Hi @thejohnbackes @catriona-m

Can you please share example on how to set the network_rule sets block right now in version 3.43.0?

I am struggling with setting it right way, as there are no examples.

Do you have any examples @rohithegde ?

[vijayakrishnar]

i am having same issue, unable to set network rules for eventhub Installing hashicorp/azurerm v3.34.0...

• Installed hashicorp/azurerm v3.34.0 (signed by HashiCorp)

Error: Invalid resource type │ │ on .terraform/modules/eventhub_namespace/modules/eventhub_namespace/main.tf line 19, in resource "azurerm_eventhub_namespace_network_rule_set" "networkrules": │ 19: resource "azurerm_eventhub_namespace_network_rule_set" "networkrules" { │ │ The provider hashicorp/azurerm does not support resource type │ "azurerm_eventhub_namespace_network_rule_set". ╵ ╷ │ Error: Invalid resource type │ │ on .terraform/modules/networkrules/modules/networkrules/main.tf line 2, in resource "azurerm_eventhub_namespace_network_rule_set" "networkrules": │ 2: resource "azurerm_eventhub_namespace_network_rule_set" "networkrules" { │ │ The provider hashicorp/azurerm does not support resource type │ "azurerm_eventhub_namespace_network_rule_set".

[catriona-m]

@rohithegde @jackbackes just wanted to check what is the use case for having this as a separate resource? Is there a reason this can't be used inline within azurerm_eventhub_namespace? Thanks

[rohithegde]

@rohithegde @jackbackes just wanted to check what is the use case for having this as a separate resource? Is there a reason this can't be used inline within azurerm_eventhub_namespace? Thanks

Having a separate resource allows for flexibility in deployment by decoupling the resource creation from vnet integration. Similar to how its done for other resources like Service bus, Storage account etc where we have one Terraform resource to provision the cloud resource and another to provision the vnet integration.

[catriona-m]

Thanks for your reply @rohithegde. Based on our guidelines here I would lean towards not creating a separate resource for this as it does not have it's own resource id. Is there any case where you are blocked from using the network rule set inline?

[rohithegde]

Thanks for your reply @rohithegde. Based on our guidelines here I would lean towards not creating a separate resource for this as it does not have it's own resource id. Is there any case where you are blocked from using the network rule set inline?

@catriona-m These guidelines came around 9 months after I created the ticket. I also see that the azurerm_servicebus_namespace_network_rule_set Terraform resource is being deprecated to align with the guidelines. In that case I will go ahead and close this ticket. Thanks for bringing my attention to this.

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.