Terraform-provider-azurerm: Support for private_ip_address attribute on azurerm_private_endpoint resource
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
Thanks for adding Private Link resources, while it is still in preview!
With both Private Link and Private DNS resources, it should now be possible to provision a Private Endpoint for a PaaS resource e.g. SQL Server, and create the DNS to resolve SQL Server privately.
However, the bit that is missing to accomplish that is relevant attributes in azurerm_private_endpoint, so a DNS record can be created. Currently only id is exposed, and I propose to add private_ip_address.
New or Affected Resource(s)
- azurerm_private_endpoint
Potential Terraform Configuration
This provisions a SQL Server, VNet, Private Endpoint and DNS:
resource azurerm_resource_group repro {
name = "${var.prefix}-private-endpoint-issue"
location = var.location
}
resource azurerm_virtual_network network {
name = "${var.prefix}-vnet"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.repro.location
resource_group_name = azurerm_resource_group.repro.name
}
resource azurerm_subnet subnet {
name = "${var.prefix}-subnet"
resource_group_name = azurerm_resource_group.repro.name
virtual_network_name = azurerm_virtual_network.network.name
address_prefix = "10.0.1.0/24"
enforce_private_link_endpoint_network_policies = true
}
resource random_string password {
length = 12
upper = true
lower = true
number = true
special = true
override_special = "."
}
resource azurerm_sql_server sql_server {
name = "${var.prefix}sqlserver"
resource_group_name = azurerm_resource_group.repro.name
location = azurerm_resource_group.repro.location
version = "12.0"
administrator_login = "dbadmin"
administrator_login_password = random_string.password.result
}
resource azurerm_private_endpoint endpoint {
name = "${var.prefix}-endpoint"
resource_group_name = azurerm_resource_group.repro.name
location = azurerm_resource_group.repro.location
subnet_id = azurerm_subnet.subnet.id
private_service_connection {
is_manual_connection = false
name = "${var.prefix}-endpoint-connection"
private_connection_resource_id = azurerm_sql_server.sql_server.id
subresource_names = ["sqlServer"]
}
}
resource azurerm_private_dns_zone sql_server_db_dns_zone {
name = "privatelink.database.windows.net"
resource_group_name = azurerm_resource_group.repro.name
}
resource azurerm_private_dns_a_record sql_server_dns_record {
name = azurerm_sql_server.sql_server.name
zone_name = azurerm_private_dns_zone.sql_server_db_dns_zone.name
resource_group_name = azurerm_resource_group.repro.name
ttl = 300
# Proposed Attribute for resource azurerm_private_endpoint: private_ip_address
records = [azurerm_private_endpoint.endpoint.private_ip_address]
}
resource azurerm_private_dns_zone_virtual_network_link link {
name = "${azurerm_virtual_network.network.name}-dns"
resource_group_name = azurerm_resource_group.repro.name
private_dns_zone_name = azurerm_private_dns_zone.sql_server_db_dns_zone.name
virtual_network_id = azurerm_virtual_network.network.id
}
References
geekzter
All 5 comments
Similar situation for us where we create private endpoints to storage accounts. We can create the privatelink private dns zones but the A records are not automatically created and we would need the private endpoint assigned IP for that..
frankvdbh
on 30 Jan 2020
@frankvdbh Your scenarios is exactly as demoed in this Azure Friday video now Private Link is GA. However, we can not replicate what is done in the Azure Portal with Terraform.
geekzter
on 14 Feb 2020
We have taken the workaround from here: https://github.com/terraform-providers/terraform-provider-azurerm/issues/5622
frankvdbh
on 24 Feb 2020
This has been released in version 2.1.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:
provider "azurerm" {
version = "~> 2.1.0"
}
# ... other configuration ...
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 11 Mar 2020
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!
hashibot[bot]
on 27 Mar 2020
Related issues
tomasaschan
·
3Comments
mlazowik
·
3Comments
JayDoubleu
·
3Comments
rolandjohann
·
3Comments
bentterp
·
3Comments
Most helpful comment
This has been released in version 2.1.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: