It looks like v3.3.0 was released about 2 weeks ago. But according to Terraform, the latest available is v3.2.1.

With this set:

module "network" {
  source  = "Azure/network/azurerm"
  version = "3.3.0"
}

terraform init says:

Error: Unresolvable module version constraint

There is no available version of module "Azure/network/azurerm" (network.tf:2)
which matches the given version constraint. The newest available version is
3.2.1.

The official page also agrees: https://registry.terraform.io/modules/Azure/network/azurerm/latest

If releases got tagged, I think I could work around this easily, but for now I'll have to clone the repo locally as I need support for subnet_enforce_private_link_endpoint_network_policies.

I find the presence of a security group in this module to be quite strange and inflexible. Wouldn't it be better to have a separate module just to deal with security groups and then allow users to associate them to subnets in this module (as a list input) if they so choose? That is also the direction that the AWS folks have gone for: https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws/1.5.0

There are important files that Microsoft projects should all have that are not present in this repository. A pull request has been opened to add the missing file(s). When the pr is merged this issue will be closed automatically.

Microsoft teams can learn more about this effort and share feedback within the open source guidance available internally.

Merge this pull request

Is there an existing issue for this?

• I have searched the existing issues

Description

To improve the maintainability of this module, I'd like to reorder all variables, outputs and arguments of this module.

New or Affected Resource(s)/Data Source(s)

multiple resources

Potential Terraform Configuration

No response

References

No response

Is there an existing issue for this?

• I have searched the existing issues

Greenfield/Brownfield provisioning

brownfield

Terraform Version

1.7.0

Module Version

5.2.0

AzureRM Provider Version

3.92.0

Affected Resource(s)/Data Source(s)

enforce_private_link_endpoint_network_policies

Terraform Configuration Files

module "network" {
  source              = "Azure/network/azurerm"
  version             = "5.2.0"
  resource_group_name = azurerm_resource_group.rg.name
  vnet_name           = "vnet-${var.subscription}-${var.environment}-${var.region}"
  address_spaces      = "10.10.0.0/16"
  subnet_prefixes     = [
    "10.10.10.0/24",
    "10.10.11.0/24"
    ]
  subnet_names        = [
    "snet-${var.subscription}-${var.environment}-${var.region}-main",
    "snet-${var.subscription}-${var.environment}-${var.region}-services"
    ]

  use_for_each = true

  depends_on = [azurerm_resource_group.rg]
}

tfvars variables values

subscription = "connectivity"
environment = "prod"
region = "eastus2"

Debug Output/Panic Output

╷
│ Warning: Argument is deprecated
│
│   with module.network.azurerm_subnet.subnet_for_each["snet-techopssandbox-sandbox-eastus2-main"],
│   on .terraform/modules/network/main.tf line 57, in resource "azurerm_subnet" "subnet_for_each":
│   57:   enforce_private_link_endpoint_network_policies = lookup(var.subnet_enforce_private_link_endpoint_network_policies, each.value, false)
│
│ `enforce_private_link_endpoint_network_policies` will be removed in favour of the property
│ `private_endpoint_network_policies_enabled` in version 4.0 of the AzureRM Provider
│
│ (and 3 more similar warnings elsewhere)

Expected Behaviour

Should not receive warning. Eventually, this will cause an error when it is deprecated. Need to replace enforce_private_link_endpoint_network_policies with private_endpoint_network_policies_enabled

Actual Behaviour

No response

Steps to Reproduce

1. terraform apply

Important Factoids

No

References

No response

As a formal terraform module, we need prepare the inputs and outpus for end users. But manually preparation is hard job. So I used terraform-docs to do that

$ docker run --rm   -v $(pwd):/data   cytopia/terraform-docs   terraform-docs-012  md .

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| address\_space | The address space that is used by the virtual network. | `string` | `"10.0.0.0/16"` | no |
| dns\_servers | The DNS servers to be used with vNet. | `list(string)` | `[]` | no |
| resource\_group\_name | The name of an existing resource group to be imported. | `string` | n/a | yes |
| subnet\_enforce\_private\_link\_endpoint\_network\_policies | A map with key (string) `subnet name`, value (bool) `true` or `false` to indicate enable or disable network policies for the private link endpoint on the subnet. Default value is false. | `map(bool)` | `{}` | no |
| subnet\_names | A list of public subnets inside the vNet. | `list(string)` | <pre>[<br>  "subnet1"<br>]</pre> | no |
| subnet\_prefixes | The address prefix to use for the subnet. | `list(string)` | <pre>[<br>  "10.0.1.0/24"<br>]</pre> | no |
| tags | The tags to associate with your network and subnets. | `map(string)` | <pre>{<br>  "environment": "dev"<br>}</pre> | no |
| vnet\_name | Name of the vnet to create. | `string` | `"acctvnet"` | no |

## Outputs

| Name | Description |
|------|-------------|
| vnet\_address\_space | The address space of the newly created vNet |
| vnet\_id | The id of the newly created vNet |
| vnet\_location | The location of the newly created vNet |
| vnet\_name | The Name of the newly created vNet |
| vnet\_subnets | The ids of subnets created inside the newl vNet |

Please update the READM as same, so we can easly know what could the input varialbes.

For example, I want to change the vnet name from acctvnet to mine. But your README doesn't show me directly. I have to go through the TF files to find it out by myself.

With Inputs and Output in README, end users can easily understand what to be used to feed the module and what could be get after applied this module.

It appears that this module does not currently support the use of multiple address space allocations to a vnet. Is that correct?

I am trying to do an IPv6 allocation to my vnet:

variable "address_space" {
  description = "The address space that is used by the network."
  default     = ["10.0.0.0/24", "fd93:2d97:549a/48"]
}

The plan fails with:

Terraform v0.14.9
Configuring remote state backend...
Initializing Terraform configuration...
azurerm_resource_group.rg: Refreshing state... [id=/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/msdn-networking-dev-rg]

Error: Invalid value for module argument

  on main.tf line 70, in module "network":
  70:   address_space       = var.address_space

The given value is not suitable for child module variable "address_space"
defined at .terraform/modules/network/variables.tf:12,1-25: string required.

Hi there,

How do you associate new security group rules by network_security_group_id? The security group rules can only associated with security group name.

The data resource for resource groups no longer works if you call it with Terraform 0.13.

Terraform is now checking if the resource is there as part of terraform plan

Steps to Reproduce:

1. Install Terraform version 0.13
2. Enter this code

resource "azurerm_resource_group" "test" {
  name     = "my-resources"
  location = "West Europe"
}

provider "azurerm" {
  features {}
}

module "network" {
  source              = "Azure/network/azurerm"
  resource_group_name = azurerm_resource_group.test.name
  address_space       = "10.0.0.0/16"
  subnet_prefixes     = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
  subnet_names        = ["subnet1", "subnet2", "subnet3"]

  tags = {
    environment = "dev"
    costcenter  = "it"
  }
}

3. terraform init && terraform plan will now fail and give the following:

------------------------------------------------------------------------

Error: Error: Resource Group "my-resources" was not found

  on .terraform/modules/network/terraform-azurerm-network-3.1.1/main.tf line 2, in data "azurerm_resource_group" "network":
   2: data "azurerm_resource_group" "network" {

Running terraform 11.1 & azure provider 1.1.0 end to end test fails with the following error

• provider.azurerm: Azure CLI Authorization Profile was not found. Please ensure the Azure CLI is installed and then log-in with az login.

What's a recommendation on allowing routes to be given? I see Azure doesn't let you associate route tables with subnets as a separate function. It has to be done at creation time? That makes this module difficult to use if you need to create custom route tables on your subnet.

It looks like this module just references the vnet module and the only additional work is adding in a resource group.

Maybe I am missing something?

I am wondering why would I use this instead of just using the vnet module.

We are using below terraform code.

resource "azurerm_virtual_network" "vnet" {
name = "${var.vnet_name}"
location = "${var.location}"
address_space = ["${var.address_space}"]
resource_group_name = "${var.resource_group_name}"
tags = "${var.tags}"
}

resource "azurerm_subnet" "subnet" {
name = "${var.subnet_names[count.index]}"
virtual_network_name = "${azurerm_virtual_network.vnet.name}"
resource_group_name = "${var.resource_group_name}"
address_prefix = "${var.subnet_prefixes[count.index]}"
count = "${length(var.subnet_names)}"
}

We created virtual network and Subnet with a particular address space.
Post that we decided that there is a need to change the address space for vnet and subnet and during the apply we get an error .

What we see during the plan is that although we did n't specify any subnet to be created in the resource "azurerm_virtual_network" "vnet" , subnet entries are present in the vnet with the address values which were specified during the initial creation and it does not show that its going to update the new address space for subnet. Thats where the problem is according to me which results in the error.

Terraform will perform the following actions:

module.network.azurerm_subnet.subnet[0] will be updated in-place

~ resource "azurerm_subnet" "subnet" {
~ address_prefix = "10.20.0.0/24" -> "10.30.0.0/24"
id = "/subscriptions/<sb_id>/resourceGroups/RG-operationNE-DEV/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet-test"
ip_configurations = []
name = "subnet-test"
resource_group_name = "RG-operationNE-DEV"
service_endpoints = [
"Microsoft.Sql",
"Microsoft.Web",
]
virtual_network_name = "test-vnet"
}

module.network.azurerm_virtual_network.vnet will be updated in-place

~ resource "azurerm_virtual_network" "vnet" {
~ address_space = [
- "10.20.0.0/16",
+ "10.30.0.0/16",
]
dns_servers = []
id = "/subscriptions/<sb_id>/resourceGroups/RG-operationNE-DEV/providers/Microsoft.Network/virtualNetworks/test-vnet"
location = "northeurope"
name = "test-vnet"
resource_group_name = "RG-operationNE-DEV"
tags = {}

    subnet {
        address_prefix = "10.20.0.0/24"
        id             = "/subscriptions/<sb_id>/resourceGroups/RG-operationNE-DEV/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet-test"
        name           = "subnet-test"
    }
}

Plan: 0 to add, 2 to change, 0 to destroy.

Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.

Enter a value: yes

module.network.azurerm_virtual_network.vnet: Modifying... [id=/subscriptions/<sb_id>/resourceGroups/RG-operationNE-DEV/providers/Microsoft.Network/virtualNetworks/test-vnet
]

Error: Error Creating/Updating Virtual Network "test-vnet" (Resource Group "RG-operationNE-DEV"): network.VirtualNetworksClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error
: Code="NetcfgInvalidSubnet" Message="Subnet 'subnet-test' is not valid in virtual network 'test-vnet'." Details=[]

on ../../../modules/network/main.tf line 2, in resource "azurerm_virtual_network" "vnet":
2: resource "azurerm_virtual_network" "vnet" {

Teerraform verion and provider version details are below.

Terraform v0.12.6

• provider.azurerm v1.32.1

Please let me know if you need more details.

I have noticed that the test are failing with incorrect credentials errors.

Is there a way this can be updated so that the test scan complete?

Is there an existing issue for this?

• I have searched the existing issues

Description

The module is not clear on what the actual required minimum version of Terraform is.

1. The versions.tf file specifies that Terraform 1.2 or higher will work.
2. The README.md has instructions for running on Terraform 0.12, which would suggest that 0.12 and higher would all work.
3. The variables.tf file makes use of optional(), which requires Terraform 1.3 or higher.

This leads me to believe the actual minimum version is 1.3, in which case I'd recommend updating versions.tf to reflect that, and removing references to 0.12 and 0.13 from the README.

I'm happy to make this change if a maintainer agrees that supported versions actually are 1.3+.

New or Affected Resource(s)/Data Source(s)

n/a

Potential Terraform Configuration

No response

References

No response

Is there an existing issue for this?

• I have searched the existing issues

Description

Including support for Virtual Network Encryption

New or Affected Resource(s)/Data Source(s)

azurerm_virtual_network

Potential Terraform Configuration

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "example" {
  name     = "my-resources"
  location = "West Europe"
}

module "network" {
  source              = "Azure/network/azurerm"
  resource_group_name = azurerm_resource_group.example.name
  address_spaces      = ["10.0.0.0/16", "10.2.0.0/16"]
  subnet_prefixes     = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
  subnet_names        = ["subnet1", "subnet2", "subnet3"]

  encryption = {
    enforced = "AllowUnencrypted" / "DropUnencrypted"
  }

  subnet_service_endpoints = {
    "subnet1" : ["Microsoft.Sql"],
    "subnet2" : ["Microsoft.Sql"],
    "subnet3" : ["Microsoft.Sql"]
  }
  use_for_each = true
  tags = {
    environment = "dev"
    costcenter  = "it"
  }

  depends_on = [azurerm_resource_group.example]
}

References

hashicorp/terraform-provider-azurerm#22679
hashicorp/terraform-provider-azurerm#22745

Getting error when using 3.1.1 as follows:

**on ".terraform\modules\network-module\terraform-azurerm-network-3.1.1\main.tf line 19, in resource "azurerm_subnet" "subnet":
19: address_prefixes = [var.subnet_prefixes[count.index]]

An argument named "address_prefixes" is not expected here. Did you mean
"address_prefix"?**

When I rolled back to 3.0.1 version - things are working fine.

Hello,

I wanted to use this module to create Azure RedHat Openshift but it seems the service delegation isn't there (https://docs.microsoft.com/en-us/azure/virtual-network/subnet-delegation-overview)

Is it possible to add it ?

Regards

Is there an existing issue for this?

• I have searched the existing issues

Greenfield/Brownfield provisioning

greenfield

Terraform Version

1.4.4

Module Version

5.2.0

AzureRM Provider Version

3.53.

Affected Resource(s)/Data Source(s)

azurerm_virtual_network

Terraform Configuration Files

Hello

Can you please add the missing attribute ddos_protection_plan.

tfvars variables values

/

Debug Output/Panic Output

/

Expected Behaviour

No response

Actual Behaviour

No response

Steps to Reproduce

No response

Important Factoids

No response

References

No response

Hey guys,

I'm testing this module, but when I declare the variable vnet_name, the error below happens.

"Error: Duplicate variable declaration

on variables.tf line 9:
9: variable "vnet_name" {

A variable named "vnet_name" was already declared at main.tf:1,1-21. Variable
names must be unique within a module."

My code:
variable "vnet_name" {
default = "vnet-test"
}

module "network" {
source = "Azure/network/azurerm"
version = "2.0.0"
resource_group_name = "myapp"
location = "westus"
address_space = "10.0.0.0/16"
subnet_prefixes = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
subnet_names = ["subnet1", "subnet2", "subnet3"]

tags                = {
                        environment = "dev"
                        costcenter  = "it"
                      }

}

Can you help me?

Against version 3.0.1

Need to update line 19 in main.tf as 'address_prefix' has been deprecated...need to change to 'address_prefixes'.

When I am using the current test case and try apply and destroy the module, an error occurs showing that the resource group cannot be found when destroying. It seems that terraform tries to delete one resource group twice and thus the build in travis CI fails eventually.

However, if I change source = "../../" to source = "Azure/network/azurerm", the whole process will succeed. Therefore, this demonstrates two problems:

1. The code in GitHub is actually not identical to the newest released version, because the released module works but the code in repo does not.
2. Some other modules are based on network module of version 2.0.0, which is the latest version. If we use the code in GitHub to update the release, this may harm to other modules. For instance, I contributed terratest to compute module and the test case is using network module 2.0.0. If we try to sync up the released network module with code in repo, the test of compute module may fail.

As a result, I would like to provide a plan to solve this problem. First, I revert the repo to version 2.0.0, which is latest released and commonly used. Second, I would like to introduce terratest to network module to run automatic test, just as compute module does.

If you import the module and don't specify dns_servers = [""] then it will fail with:

Error: Error running plan: 1 error(s) occurred:

* module.network.output.vnet_dns_servers: Resource 'azurerm_virtual_network.vnet' does not have attribute 'dns_servers' for variable 'azurerm_virtual_network.vnet.dns_servers'

Testing with the [""] value using terraform 0.11.0 and Azure provider 0.3.3 - the terraform plan works but in the middle of terraform apply it crashes 👎 with:

!!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!

Terraform crashed! This is always indicative of a bug within Terraform.
A crash log has been placed at "crash.log" relative to your current
working directory. It would be immensely helpful if you could please
report the crash with Terraform[1] so that we can fix this.

When reporting bugs, please include your terraform version. That
information is available on the first line of crash.log. You can also
get it by running 'terraform --version' on the command line.

[1]: https://github.com/hashicorp/terraform/issues

!!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!
2:           "" => "<computed>"

Error: Error applying plan:

4 error(s) occurred:

* module.network.azurerm_network_security_group.security_group: 1 error(s) occurred:

* azurerm_network_security_group.security_group: unexpected EOF
* module.windowsservers.azurerm_resource_group.vm: 1 error(s) occurred:

* azurerm_resource_group.vm: unexpected EOF
* module.linuxservers.provider.azurerm: unexpected EOF
* module.network.azurerm_virtual_network.vnet: 1 error(s) occurred:

* azurerm_virtual_network.vnet: unexpected EOF

2017/11/21 16:56:47 [ERROR] root.network: eval: *terraform.EvalApplyPost, err: 1 error(s) occurred:

* azurerm_virtual_network.vnet: unexpected EOF
2017/11/21 16:56:47 [ERROR] root.network: eval: *terraform.EvalSequence, err: 1 error(s) occurred:

* azurerm_virtual_network.vnet: unexpected EOF
2017/11/21 16:56:47 [TRACE] [walkApply] Exiting eval tree: module.network.azurerm_virtual_network.vnet

When you specify a value of ["10.0.0.4"] it works, but now you're actually requiring an internal DNS server for the subnet (it's no longer optional 👎 )

Hi,
Can you please upload v3.0.0 to terraform registry.

thanks

Passing in the resource_group name only and relying on depends_on on the module causes lifecycle issues for the resources in this module. E.g., if the tags on the resource group are changed then the subnets will be replaced (because of a new computed location attribute on the resource group data_source in the module).

Martin's recommendation is that:

In current versions of Terraform we generally recommend that a specific configuration should either be managing an object or reading the object using a date resource, but not both at the same time.

He then details what a variable design would be that avoids this issue:

variable "resource_group" {
  type = object({
    name     = string
    location = string
  })
}

Able to be consumed like:

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "test" {
  name     = "my-resources"
  location = "West Europe"
}

module "network" {
  source = "Azure/network/azurerm"

  resource_group  = azurerm_resource_group.test
  address_space   = "10.0.0.0/16"
  subnet_prefixes = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
  subnet_names    = ["subnet1", "subnet2", "subnet3"]

  tags = {
    environment = "dev"
    costcenter  = "it"
  }
}

This would obviously be a breaking change to the module (requiring a major version bump), but it wouldn't be hazardous to users: accidental upgrades would cause an error that the new variable is missing, allowing them to update the variable and continue using the module.

Hi
The destroy gets stuck as below:
module.network.azurerm_virtual_network.vnet: Still destroying... (ID: /subscriptions/a0bba555-00000-00000-00006-...oft.Network/virtualNetworks/GSKM-VNET1, 22m11s elapsed)

Can someone help ?

When trying to destroy the resources terrafrom gets stuck on module.network.azurerm_virtual_network.vnet: Still destroying...

Terraform v0.10.8

Hi,
Could we add a new optional input to set enforce_private_link_endpoint_network_policies on azurerm_subnet?
Thanks

Initializing modules...

• module.network
  Found version 1.0.0 of Azure/network/azurerm on registry.terraform.io
  Getting source "Azure/network/azurerm"
  Error downloading modules: Error loading modules: chmod .terraform/modules/d67a94276de399cc072a6a2c087a27cb/Azure-terraform-azurerm-network-6fc4665/.DS_Store: operation not permitted

Is there an existing issue for this?

• I have searched the existing issues

Description

Disallow legacy dot index syntax according to the tflint rule.

New or Affected Resource(s)/Data Source(s)

output.vnet_subnets

Potential Terraform Configuration

No response

References

No response

Hey there,

I'm running the newest example of setting the subnet to a network security group for SSH.

Reproducing the error.

Run the example on the readme. Then edit the port on the SSH group, to whatever, 22-23 range. Apply.

From my experience, what happens is the security group is REMOVED from the subnet. I think this has something to do with the module code that loops through all subnets and sets the security group id.

Hi,
I've noticed that the tags aren't applied to the resource group, even if a separate azurerm_resource_group resource is configured side-by-side.
Thanks,
Yohan

Hi,

I am sorry if this was asked, but what is the difference between this module and this one terraform-azurerm-vnet I am asking as I would like to use this module but I am not sure which one repository to use.

I have found the same question been asked here but, nobody responded.

Azure/terraform-azurerm-vnet#8

This module doesn't work with the new AzureRM provider which introduced breaking changes