Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for "Routing" in scope_accesses key for resource azurerm_network_manager #28002

Closed
1 task done
geertn opened this issue Nov 13, 2024 · 1 comment · Fixed by #28033
Closed
1 task done

Support for "Routing" in scope_accesses key for resource azurerm_network_manager #28002

geertn opened this issue Nov 13, 2024 · 1 comment · Fixed by #28033
Labels
enhancement service/network

Comments

@geertn
Copy link

geertn commented Nov 13, 2024

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Description

Resource azurerm_network_manager only supports the following values for key scope_accesses:

scope_accesses = ["Connectivity", "SecurityAdmin"]

However there is additional value supported: "Routing" which refers to UDR management (just got GA). Updating this in the portal generates the following plan:

      ~ scope_accesses      = [
            # (1 unchanged element hidden)
            "SecurityAdmin",
          - "Routing",
        ]

See also:
https://learn.microsoft.com/en-us/azure/virtual-network-manager/concept-user-defined-route

Workaround is to use azapi provider:

resource "azurerm_network_manager" "this" {
  name                = azurecaf_name.network_manager.result
  location            = module.xxx.resource_group.location
  resource_group_name = module.xxx.resource_group.name
  scope {
    subscription_ids = local.subscription_ids
  }
  scope_accesses = ["Connectivity", "SecurityAdmin"]
  description    = "PoC virtual network manager"

  lifecycle {
    ignore_changes = [scope_accesses, tags]
  }
}

resource "azapi_update_resource" "network_manager_update" {
  type      = "Microsoft.Network/networkManagers@2022-07-01"
  name      = azurerm_network_manager.this.name
  parent_id = module.xxx.resource_group.id

  body = {
    properties = {
      networkManagerScopeAccesses = [
        "Connectivity",
        "SecurityAdmin",
        "Routing"
      ]
    }
  }
}

New or Affected Resource(s)/Data Source(s)

azurerm_network_manager

Potential Terraform Configuration

No response

References

No response
@teowa teowa mentioned this issue Nov 15, 2024
Merged
14 tasks
@github-actions GitHub Actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 22, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement service/network
Projects
None yet
Milestone
No milestone
2 participants
@geertn @rcskosir