[azurerm_route_table] `route[]<T>(obj)` attribute validation error

[junkiebev]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.8.1

AzureRM Provider Version

3.109.0

Affected Resource(s)/Data Source(s)

azurerm_route_table

Terraform Configuration Files

terraform {
  required_version = ">=1.5.0"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">=3.109.0"
    }
    http = {
      source  = "hashicorp/http"
      version = ">=3.4.3"
    }
  }
}
provider "azurerm" {
  features {}
}
data "http" "cloudflare_waf_ips" {
  url    = "https://api.cloudflare.com/client/v4/ips"
  method = "GET"
  request_headers = {
    Accept = "application/json"
  }
}
locals {
  cloudflare_ips = jsondecode(data.http.cloudflare_waf_ips.response_body).result.ipv4_cidrs
  kms_ips        = ["23.102.135.246/32"]
  default_routes = merge(
    zipmap([for i in range(length(local.cloudflare_ips)) : "route-cloudflare-ingress-${i}"], local.cloudflare_ips),
    zipmap([for i in range(length(local.kms_ips)) : "route-kms-activation-${i}"], local.kms_ips)
  )
}

resource "azurerm_resource_group" "devops_nonprod_01_eus" {
  name     = "rg-networking"
  location = "East US 2"
}

resource "azurerm_route_table" "this" {
  name                          = "route-vnet-devops-nonprod-eus2-01"
  location                      = azurerm_resource_group.devops_nonprod_01_eus2.location
  resource_group_name           = azurerm_resource_group.devops_nonprod_01_eus2.name
  disable_bgp_route_propagation = false
  route = [for k, v in local.default_routes : {
    name           = k
    address_prefix = v
    next_hop_type  = "Internet"
  }]
}

Debug Output/Panic Output

-pipeline
│ Error: Incorrect attribute value type
│ 
│   on eastus2.tf line 122, in resource "azurerm_route_table" "standard":
│  122:   route = [for k, v in local.default_routes : {
│  123:     name           = k
│  124:     address_prefix = v
│  125:     next_hop_type  = "Internet"
│  126:   }]
│     ├────────────────
│     │ local.default_routes is object with 16 attributes
│ 
│ Inappropriate value for attribute "route": element 0: attribute
│ "next_hop_in_ip_address" is required.
╵
##[error]Terraform command 'plan' failed with exit code '1'.
##[error]╷
│ Error: Incorrect attribute value type
│ 
│   on eastus2.tf line 122, in resource "azurerm_route_table" "standard":
│  122:   route = [for k, v in local.default_routes : {
│  123:     name           = k
│  124:     address_prefix = v
│  125:     next_hop_type  = "Internet"
│  126:   }]
│     ├────────────────
│     │ local.default_routes is object with 16 attributes
│ 
│ Inappropriate value for attribute "route": element 0: attribute
│ "next_hop_in_ip_address" is required.

Expected Behaviour

Route table created with all the routes in the list of route objects

Actual Behaviour

Error thrown - attribute next_hot_in_ip_address required

Steps to Reproduce

terraform apply

Important Factoids

No response

References

According to this: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/route_table

• azurerm_route_table can take a route as a list of route objects
  • Notes on 3.x of the azurerm provider say it now takes a set - I tried that as well, and have the same error
  • Docs may need to be updated to indicate it takes a set
• route blocks require name, address_prefix, next_hop_type
• next_hop_in_ip_address is only allowed when next_hop_type is VirtualAppliance (and the API will reject any non-conformant request)
  • as you can see, next_hop_type is specified as Internet

I believe the issue is here in the code - the function should only require and allow that attribute to be set if string(props.NextHopType) == "VirtualAppliance".

A few issues which are probably related

• https://github.com/hashicorp/terraform-provider-azurerm/issues/19182
• https://github.com/hashicorp/terraform-provider-azurerm/issues/20340
• https://github.com/hashicorp/terraform-provider-azurerm/issues/7489
• https://github.com/hashicorp/terraform-provider-azurerm/issues/6898

[sinbai]

Hi @junkiebev thanks for opening this issue. However, as far as I know in Terraform, for expressions cannot directly generate resource blocks or other configuration blocks. You could achieve similar functionality by leveraging dynamic blocks within resource definitions. Also, I would like to explain that this forum is intended to be used for feature enhancements and bugs in the Azure Provider . So that we can keep this forum focused on that we instead ask that questions are raised using one of the Community Resources. Thanks!

[junkiebev]

Hi @junkiebev thanks for opening this issue. However, as far as I know in Terraform, for expressions cannot directly generate resource blocks or other configuration blocks. You could achieve similar functionality by leveraging dynamic blocks within resource definitions. Also, I would like to explain that this forum is intended to be used for feature enhancements and bugs in the Azure Provider . So that we can keep this forum focused on that we instead ask that questions are raised using one of the Community Resources. Thanks!

Triage via documentation works :)