terraform-provider-azurerm icon indicating copy to clipboard operation
terraform-provider-azurerm copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Support for Azure Bastion Developer SKU

Open vMarkusK opened this issue 1 year ago • 7 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Community Note

  • Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Description

Azure Bastion Developer SKU is in Public Preview: https://azure.microsoft.com/de-de/updates/azure-bastion-developer-public-preview/

Current Error:

│ Error: expected sku to be one of ["Basic" "Standard"], got Developer
│ 
│   with azurerm_bastion_host.mgmt-bastion,
│   on management.tf line 112, in resource "azurerm_bastion_host" "mgmt-bastion":
│  112:     sku                 = "Developer"
│

New or Affected Resource(s)/Data Source(s)

azurerm_bastion_host

Potential Terraform Configuration

resource "azurerm_bastion_host" "mgmt-bastion" {
    name                = "mgmt-bastion"
    location            = azurerm_resource_group.mgmt-rg.location
    resource_group_name = azurerm_resource_group.mgmt-rg.name
    sku                 = "Developer"


    ip_configuration {
        name                 = "configuration"
        subnet_id            = azurerm_subnet.mgmt-sn01.id
        public_ip_address_id = azurerm_public_ip.mgmt-bastion-pip
    }
}

References

No response

vMarkusK avatar Nov 07 '23 12:11 vMarkusK

Thanks for raising this issue. After checked, seems azure-rest-api-specs hasn't supported this new feature yet. Once it's supported, we will take another look. Thanks.

neil-yechenwei avatar Nov 08 '23 03:11 neil-yechenwei

Thanks for raising this issue. After checked, seems azure-rest-api-specs hasn't supported this new feature yet. Once it's supported, we will take another look. Thanks.

Hi Neil, from what I can see now is that the Developer SKU is now part of the 2023-06-01 spec. Would be good to have this integrated into the Terraform Provider soon as Bastion is used by many developers.

michelkeus avatar Dec 18 '23 01:12 michelkeus

@rcskosir @mybayern1974 @neil-yechenwei

Sorry for bumping this, was hoping this had already had some attention...

michelkeus avatar Dec 26 '23 01:12 michelkeus

Sorry for late response. Though this new SKU is released to 2023-06-01 spec but this feature is still in preview. See more details from https://learn.microsoft.com/en-us/azure/bastion/quickstart-developer-sku.

neil-yechenwei avatar Dec 29 '23 02:12 neil-yechenwei

Hey, as it's been a few months since this post, was wondering if there's been any progress or update that can be made for this?

tfstateuk avatar May 03 '24 10:05 tfstateuk

@tfstateuk - I did see that there was an announcement on internet that Bastion Developer had been GA'd (https://azure.microsoft.com/en-us/updates/general-availability-azure-bastion-developer-sku/) but it seems that the announcement has been pulled back.

Meanwhile I've gotten it to work and be deployable from Terraform by using "azurerm_resource_group_template_deployment" in conjunction with the ARM template that the portal spits out. This seems to work just as well.

Example:

resource "azurerm_resource_group_template_deployment" "BAST-EU-NE-TEST" {
  name = "BAST-EU-NE-TEST"
  resource_group_name = azurerm_resource_group.RG-EU-LAB-NE-BASTION.name
  deployment_mode = "Incremental"

 parameters_content = jsonencode({
        "location": {
            "value": "northeurope"
        },
        "resourceGroup": {
            "value": "RG-EU-LAB-NE-BASTION"
        },
        "bastionHostName": {
            "value": "Bastion01"
        },
        "bastionHostSku": {
            "value": "Developer"
        },
        "vnetId": {
            "value": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/RG-EU-LAB-NE-TEST/providers/Microsoft.Network/virtualNetworks/VNET"
        }
 })

 template_content = file("./templates/bastion.json")
}

The referenced json can be found here:


{
    "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "location": {
            "type": "String"
        },
        "resourceGroup": {
            "type": "String"
        },
        "bastionHostName": {
            "type": "String"
        },
        "vnetId": {
            "type": "String"
        },
        "bastionHostSku": {
            "type": "String"
        }
    },
    "resources": [
        {
            "apiVersion": "2022-09-01",
            "type": "Microsoft.Network/bastionHosts",
            "name": "[parameters('bastionHostName')]",
            "sku": {
                "name": "[parameters('bastionHostSku')]"
            },
            "location": "[parameters('location')]",
            "dependsOn": [],
            "properties": {
                "virtualNetwork": {
                    "id": "[parameters('vnetId')]"
                }
            },
            "tags": {}
        }
    ]
}

This works for me to deploy Azure Bastion in the Developer SKU until we can get native support sorted. Hope this helps you and perhaps some of the others that might want to use it this way.

michelkeus avatar May 03 '24 13:05 michelkeus

Thank you, I'll give this a go!

tfstateuk avatar May 07 '24 08:05 tfstateuk

It looks like the API has been updated, the AzAPI provider references support for the Developer sku now - https://learn.microsoft.com/en-us/azure/templates/microsoft.network/bastionhosts?pivots=deployment-language-terraform#sku-2:~:text=string-,Sku,-Expand%20table

rwilc avatar May 23 '24 05:05 rwilc

I'm going to give it a test now and report back..I have it commented out in dev , so will report back

tfstateuk avatar May 23 '24 07:05 tfstateuk

sadly no success, maybe the API hasn't quite been updated just yet..however the arm template method referenced above is working fine

tfstateuk avatar May 23 '24 08:05 tfstateuk

So though this is Closed and classed as completed, still getting the error

│ Error: expected sku to be one of ["Basic" "Standard"], got Developer │ │ with azurerm_bastion_host.mgmt-bastion, │ on management.tf line 112, in resource "azurerm_bastion_host" "mgmt-bastion": │ 112: sku = "Developer"

What are the next steps with getting this available now the API is updated?

tfstateuk avatar May 28 '24 10:05 tfstateuk

@tfstateuk this will be available v3.106.0 of the provider which will be released at the end of this week.

stephybun avatar May 28 '24 11:05 stephybun

So the good news 3.106.0 is out, and the developer SKU is working as expected :)

Here's the expected code for those who are looking for it..

resource "azurerm_bastion_host" "bastionhost" { location = azurerm_resource_group.hub-rg.location name = "AzureBastionSubnet" resource_group_name = azurerm_resource_group.hub-rg.name sku = "Developer" virtual_network_id = azurerm_virtual_network.hub-vnet.id }

tfstateuk avatar May 31 '24 08:05 tfstateuk

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Jul 01 '24 02:07 github-actions[bot]