Terraform-provider-azurerm: Add Settings: azurerm_eventhub_namespace - Firewalls and Virtual Networks

Created on 27 Dec 2018 · 5Comments · Source: terraform-providers/terraform-provider-azurerm

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Please add the ability to manage eventhub namespace firewall and virtual network rules from Terraform.

New or Affected Resource(s)

azurerm_eventhub_namespace

Potential Terraform Configuration

resource "azurerm_eventhub_namespace" "test" {
  name                = "acceptanceTestEventHubNamespace"
  location            = "West US"
  resource_group_name = "${azurerm_resource_group.test.name}"
  sku                 = "Basic"
  capacity            = 2

  vnet_access = [
    {
      virtual_network = 'test-vnet1'
      subnet          = 'test-subnet1'
    },
    {
      virtual_network = 'test-vnet2'
      subnet          = 'test-subnet2'
    },
  ]

  firewall_rules      = [
    "subnet1",
    "subnet2",
  ]

  tags {
    environment       = "Production"
  }
}

References

https://docs.microsoft.com/mt-mt/Azure/event-hubs/event-hubs-ip-filtering

new-resource servicevent-hubs

Source

midacts

👍37 🚀3 👀1

Most helpful comment

This is supported since v1.35.0
https://github.com/terraform-providers/terraform-provider-azurerm/pull/4409
However it can only take single appearance of ip_rule, whereas it says in documentation ip_rule - (Optional) One or more ip_rule blocks as defined below.

AntonChernysh on 21 Jan 2020

👍3

All 5 comments

is this added ?

librannk on 17 Nov 2019

@librannk no this issue is open to track this bug

tombuildsstuff on 17 Nov 2019

While we are waiting for this resource to be supported in Terraform, here's the way to do it with ARM deployment.
Let's say we have var allowed_ips of type list that is allowed_ips=["11.11.11.11","22.22.22.22","33.33.33.33]

First using template provider we create data source with all IP addresses from above variable:

# Preparing list of allowed IPs
data "template_file" "data_json" {
  template = <<JSON
{
      "ipMask": "$${ipMask}",
      "action": "allow"
    }
JSON

  count = "${length(var.allowed_ips)}"

  vars {
    ipMask = "${element(var.allowed_ips,count.index)}"
  }
}

And the deployment titself would look like this:
(Also below code has an example of how to deal with VNET subnet rules)

# ARM deployment
resource "azurerm_template_deployment" "ipwhitelist" {
  name                = "some-name-firewall"
  resource_group_name = "some-rg"

  template_body = <<JSON
{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "variables": {
     "_force_terraform_to_always_redeploy": "${timestamp()}"
  },
  "resources": [{
    "type": "Microsoft.EventHub/namespaces/networkRuleSets",
    "apiVersion": "2018-01-01-preview",
    "name": "eventhub-namespace-name/default",
    "location": "[resourceGroup().location]",
    "properties": {
        "defaultAction": "Deny",
        "virtualNetworkRules": [
            {
                "subnet": {
                    "id": "some-subnet1-id"
                },
                "ignoreMissingVnetServiceEndpoint": false
            },
            {
                "subnet": {
                    "id": "some-subnet2-id"
                },
                "ignoreMissingVnetServiceEndpoint": false
            }
        ],
        "ipRules": [${join(",", data.template_file.data_json.*.rendered)}]
    }
  }
  ]
}
JSON

  deployment_mode = "Incremental"
}

AntonChernysh on 15 Jan 2020