azurerm_container_registry - network_rule_set.virtual_network is deprecated but mandatory

[Battleman]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.8.0-dev

AzureRM Provider Version

3.93.0

Affected Resource(s)/Data Source(s)

azurerm_container_registry

Terraform Configuration Files

terraform {
  backend "azurerm" {

  }
}

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "3.93.0"
    }
  }
}

provider "azurerm" {
  features {}
}

resource "azurerm_container_registry" "acr" {
  name                          = "myownacrname"
  resource_group_name           = "myresourcegroup"
  location                      = "location"
  sku                           = "Premium"
  public_network_access_enabled = false
  network_rule_set = [{
    default_action = "Deny"
    ip_rule = [
      {
        action   = "Allow"
        ip_range = "123.45.0.0/16"
      },
    ],
  }]
}

Debug Output/Panic Output

https://gist.github.com/Battleman/5a6335583d5d9fa2a394e2d5eebddc17

Expected Behaviour

The validation should pass, as network_rule_set.virtual_network has been deprecated.

Actual Behaviour

The validation fails indicating that the attribute "virtual_network" is required.

Steps to Reproduce

1. Prepare main.tf
2. terraform init -backend=false
3. terraform validate

Important Factoids

No response

References

#24140

[magodo]

@Battleman Instead of:

  network_rule_set = [{
    default_action = "Deny"
    ip_rule = [
      {
        action   = "Allow"
        ip_range = "123.45.0.0/16"
      },
    ],
  }]

You shall use the "block" syntax:

network_rule_set {
  default_action = "Deny"
  ip_rule {
    action   = "Allow"
    ip_range = "123.45.0.0/16"
  }
}

[Battleman]

I does work, thanks for pointing it out.

If I may, maybe there's room for improvement in the error message(s). After reading the doc carefully again, it is indeed mentioned that the network_rule_set must be a block.

Passing the list of objects was considered valid, with no indication of deprecation or warning. And passing the content as an object network_rule_set = { ..., yields the error message

Inappropriate value for attribute "network_rule_set": list of object required.

Finally, and I'm not sure if the issue lies in this repo or in another, but the linter in VScode does suggest to use a list of objects

Using the official extension (ID: hashicorp.terraform, v2.29.1)

If you think those are unexpected behaviors, and deserve a dedicated issue (here or over at hashicorp/vscode-terraform) , let me know and I can create one

[magodo]

@Battleman I'm not sure about this tbh, but based on the Terraform syntax, it is a common sense between attribute vs block.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.