Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Settings: azurerm_eventhub_namespace - Firewalls and Virtual Networks #2579

Closed
midacts opened this issue Dec 27, 2018 · 8 comments
Closed

Comments

@midacts
Copy link
Contributor

midacts commented Dec 27, 2018

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Please add the ability to manage eventhub namespace firewall and virtual network rules from Terraform.

New or Affected Resource(s)

  • azurerm_eventhub_namespace

Potential Terraform Configuration

resource "azurerm_eventhub_namespace" "test" {
  name                = "acceptanceTestEventHubNamespace"
  location            = "West US"
  resource_group_name = "${azurerm_resource_group.test.name}"
  sku                 = "Basic"
  capacity            = 2

  vnet_access = [
    {
      virtual_network = 'test-vnet1'
      subnet          = 'test-subnet1'
    },
    {
      virtual_network = 'test-vnet2'
      subnet          = 'test-subnet2'
    },
  ]

  firewall_rules      = [
    "subnet1",
    "subnet2",
  ]

  tags {
    environment       = "Production"
  }
}

References

image

aluong pushed a commit to aluong/azure-grpc-telemetry-pipeline that referenced this issue May 23, 2019
Since ability to manage eventhub namespace firewall and virtual network rules from Terraform is not supported yet (hashicorp/terraform-provider-azurerm#2579) we need to use ARM templates.

Another challenge - azurerm_template_deployment fails to pass "array" type parameters properly with error
Error: azurerm_template_deployment.eventhub: parameters (subnetIds): '' expected type 'string', got unconvertible type '[]interface {}’
(hashicorp/terraform-provider-azurerm#2579 closed but doesn’t seem resolved)

Related work items: #47
@librannk

This comment has been minimized.

@tombuildsstuff

This comment has been minimized.

@AntonChernysh
Copy link

AntonChernysh commented Jan 15, 2020

While we are waiting for this resource to be supported in Terraform, here's the way to do it with ARM deployment.
Let's say we have var allowed_ips of type list that is allowed_ips=["11.11.11.11","22.22.22.22","33.33.33.33]

First using template provider we create data source with all IP addresses from above variable:

# Preparing list of allowed IPs
data "template_file" "data_json" {
  template = <<JSON
{
      "ipMask": "$${ipMask}",
      "action": "allow"
    }
JSON

  count = "${length(var.allowed_ips)}"

  vars {
    ipMask = "${element(var.allowed_ips,count.index)}"
  }
}

And the deployment titself would look like this:
(Also below code has an example of how to deal with VNET subnet rules)

# ARM deployment
resource "azurerm_template_deployment" "ipwhitelist" {
  name                = "some-name-firewall"
  resource_group_name = "some-rg"

  template_body = <<JSON
{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "variables": {
     "_force_terraform_to_always_redeploy": "${timestamp()}"
  },
  "resources": [{
    "type": "Microsoft.EventHub/namespaces/networkRuleSets",
    "apiVersion": "2018-01-01-preview",
    "name": "eventhub-namespace-name/default",
    "location": "[resourceGroup().location]",
    "properties": {
        "defaultAction": "Deny",
        "virtualNetworkRules": [
            {
                "subnet": {
                    "id": "some-subnet1-id"
                },
                "ignoreMissingVnetServiceEndpoint": false
            },
            {
                "subnet": {
                    "id": "some-subnet2-id"
                },
                "ignoreMissingVnetServiceEndpoint": false
            }
        ],
        "ipRules": [${join(",", data.template_file.data_json.*.rendered)}]
    }
  }
  ]
}
JSON

  deployment_mode = "Incremental"
}

@AntonChernysh
Copy link

AntonChernysh commented Jan 21, 2020

This is supported since v1.35.0
#4409
However it can only take single appearance of ip_rule, whereas it says in documentation ip_rule - (Optional) One or more ip_rule blocks as defined below.

@AntonChernysh
Copy link

Looks like it's fixed now in https://github.com/terraform-providers/terraform-provider-azurerm/releases/tag/v2.0.0
I'll give it a try Tomorrow.

@jbinko
Copy link
Contributor

jbinko commented Feb 16, 2021

@midacts: I believe this is implemented already and this issue can be closed now. See https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/eventhub_namespace

@favoretti
Copy link
Collaborator

Since this issue seems to have been addressed in the latest versions of the provider - I'm going to close it. Please open a new updated bug report if this is still relevant. Thank you.

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 24, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

7 participants