upgrade azure modules and providers

clstokes · clstokes · commit 45879211667c · 2025-11-15T08:42:18.000-05:00
diff --git a/terraform/azure/azure-linux-vm/main.tf b/terraform/azure/azure-linux-vm/main.tf
@@ -17,11 +17,12 @@ locals {
     "--advertise-connector",
     "--advertise-exit-node",
     "--advertise-routes=${join(",", coalescelist(
-      local.vpc_cidr_block,
+      tolist(local.vpc_cidr_block),
     ))}",
   ]
 
   // Modify these to use your own VPC
+  resource_group_id   = azurerm_resource_group.main.id
   resource_group_name = azurerm_resource_group.main.name
   location            = azurerm_resource_group.main.location
 
@@ -45,6 +46,7 @@ module "vpc" {
   tags = local.azure_tags
 
   location            = local.location
+  resource_group_id   = local.resource_group_id
   resource_group_name = local.resource_group_name
 
   subnet_name_public               = "public"
@@ -63,6 +65,18 @@ resource "tailscale_tailnet_key" "main" {
   tags                = local.tailscale_acl_tags
 }
 
+resource "azurerm_public_ip" "vm" {
+  location            = local.location
+  resource_group_name = local.resource_group_name
+
+  name = "${local.resource_group_name}-vm"
+  tags = local.azure_tags
+
+  sku               = "Standard"
+  allocation_method = "Static"
+  zones             = []
+}
+
 module "tailscale_azure_linux_virtual_machine" {
   source = "../internal-modules/azure-linux-vm"
 
@@ -72,6 +86,7 @@ module "tailscale_azure_linux_virtual_machine" {
   # public subnet
   primary_subnet_id         = local.subnet_id
   network_security_group_id = local.network_security_group_id
+  public_ip_address_id      = azurerm_public_ip.vm.id
 
   machine_name          = local.name
   machine_size          = local.instance_type
diff --git a/terraform/azure/azure-linux-vm/outputs.tf b/terraform/azure/azure-linux-vm/outputs.tf
@@ -1,3 +1,7 @@
+output "resource_name_prefix" {
+  value = local.name
+}
+
 output "vpc_id" {
   value = module.vpc.vnet_id
 }
diff --git a/terraform/azure/azure-linux-vm/providers.tf b/terraform/azure/azure-linux-vm/providers.tf
@@ -1,5 +1,5 @@
 provider "azurerm" {
-  skip_provider_registration = true
+  resource_provider_registrations = "none"
   features {
     resource_group {
       prevent_deletion_if_contains_resources = false
@@ -8,4 +8,6 @@ provider "azurerm" {
       delete_os_disk_on_deletion = true
     }
   }
+
+  # subscription_id = "00000000-0000-0000-0000-000000000000"
 }
diff --git a/terraform/azure/azure-linux-vm/versions.tf b/terraform/azure/azure-linux-vm/versions.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     tailscale = {
       source  = "tailscale/tailscale"
-      version = ">= 0.13.13"
+      version = ">= 0.24"
     }
   }
 }
diff --git a/terraform/azure/internal-modules/azure-linux-vm/main.tf b/terraform/azure/internal-modules/azure-linux-vm/main.tf
@@ -19,7 +19,7 @@ resource "azurerm_network_interface" "primary" {
   internal_dns_name_label = "${var.machine_name}-primary"
   ip_configuration {
     subnet_id                     = var.primary_subnet_id
-    name                          = "internal"
+    name                          = "primary"
     private_ip_address_allocation = "Dynamic"
     public_ip_address_id          = var.public_ip_address_id
   }
diff --git a/terraform/azure/internal-modules/azure-linux-vm/versions.tf b/terraform/azure/internal-modules/azure-linux-vm/versions.tf
@@ -2,11 +2,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.0, < 4.0"
-    }
-    tailscale = {
-      source  = "tailscale/tailscale"
-      version = ">= 0.13.13"
+      version = ">= 4.0, < 5.0"
     }
   }
 }
diff --git a/terraform/azure/internal-modules/azure-network/main.tf b/terraform/azure/internal-modules/azure-network/main.tf
@@ -12,45 +12,49 @@ resource "random_integer" "vpc_cidr" {
 }
 
 module "vpc" {
-  # https://registry.terraform.io/modules/Azure/network/azurerm/latest
-  source  = "Azure/network/azurerm"
-  version = ">= 5.0, < 6.0"
-
-  resource_group_location = var.location
-  resource_group_name     = var.resource_group_name
-
-  vnet_name = var.name
-  tags      = var.tags
-
-  address_spaces  = local.cidrs
-  subnet_prefixes = local.subnet_cidrs
-  subnet_names = [
-    var.subnet_name_public,
-    var.subnet_name_private,
-    var.subnet_name_private_dns_resolver,
-  ]
-
-  subnet_delegation = {
-    "${var.subnet_name_private_dns_resolver}" = [
-      {
+  # https://registry.terraform.io/modules/Azure/avm-res-network-virtualnetwork/azurerm/latest
+  source  = "Azure/avm-res-network-virtualnetwork/azurerm"
+  version = ">= 0.16, < 1.0"
+
+  location  = var.location
+  parent_id = var.resource_group_id
+
+  name = var.name
+  tags = var.tags
+
+  address_space = local.cidrs
+  subnets = {
+    "public" = {
+      name             = var.subnet_name_public
+      address_prefixes = [local.subnet_cidrs[0]]
+    }
+    "private" = {
+      name             = var.subnet_name_private
+      address_prefixes = [local.subnet_cidrs[1]]
+      nat_gateway = {
+        id = azurerm_nat_gateway.nat.id
+      }
+    }
+    "dns-inbound" = {
+      name             = var.subnet_name_private_dns_resolver
+      address_prefixes = [local.subnet_cidrs[2]]
+      delegations = [{
         name = "Microsoft.Network/dnsResolvers"
         service_delegation = {
           name = "Microsoft.Network/dnsResolvers"
           actions = [
             "Microsoft.Network/virtualNetworks/subnets/join/action",
           ]
         }
-      }
-    ]
+      }]
+    }
   }
-
-  use_for_each = true # https://github.com/Azure/terraform-azurerm-network#notice-to-contributor
 }
 
 data "azurerm_subnet" "public" {
   resource_group_name = var.resource_group_name
 
-  virtual_network_name = module.vpc.vnet_name
+  virtual_network_name = module.vpc.name
   name                 = var.subnet_name_public
 
   depends_on = [module.vpc.vnet_subnets]
@@ -59,7 +63,7 @@ data "azurerm_subnet" "public" {
 data "azurerm_subnet" "private" {
   resource_group_name = var.resource_group_name
 
-  virtual_network_name = module.vpc.vnet_name
+  virtual_network_name = module.vpc.name
   name                 = var.subnet_name_private
 
   depends_on = [module.vpc.vnet_subnets]
@@ -68,7 +72,7 @@ data "azurerm_subnet" "private" {
 data "azurerm_subnet" "dns-inbound" {
   resource_group_name = var.resource_group_name
 
-  virtual_network_name = module.vpc.vnet_name
+  virtual_network_name = module.vpc.name
   name                 = var.subnet_name_private_dns_resolver
 
   depends_on = [module.vpc.vnet_subnets]
@@ -83,7 +87,7 @@ resource "azurerm_private_dns_resolver" "main" {
   name = var.name
   tags = var.tags
 
-  virtual_network_id = module.vpc.vnet_id
+  virtual_network_id = module.vpc.resource_id
 }
 
 resource "azurerm_private_dns_resolver_inbound_endpoint" "main" {
@@ -107,23 +111,30 @@ resource "azurerm_nat_gateway" "nat" {
   location            = var.location
   resource_group_name = var.resource_group_name
 
-  name                    = var.name
+  name = var.name
+  tags = var.tags
+
   sku_name                = "Standard"
   idle_timeout_in_minutes = 10
-}
+  zones                   = []
 
-resource "azurerm_subnet_nat_gateway_association" "nat" {
-  nat_gateway_id = azurerm_nat_gateway.nat.id
-  subnet_id      = data.azurerm_subnet.private.id
 }
 
+# resource "azurerm_subnet_nat_gateway_association" "nat" {
+#   nat_gateway_id = azurerm_nat_gateway.nat.id
+#   subnet_id      = data.azurerm_subnet.private.id
+# }
+
 resource "azurerm_public_ip" "nat" {
   location            = var.location
   resource_group_name = var.resource_group_name
 
-  name              = "${var.name}-nat"
+  name = "${var.name}-nat"
+  tags = var.tags
+
   sku               = "Standard"
   allocation_method = "Static"
+  zones             = []
 }
 
 resource "azurerm_nat_gateway_public_ip_association" "nat" {
diff --git a/terraform/azure/internal-modules/azure-network/outputs.tf b/terraform/azure/internal-modules/azure-network/outputs.tf
@@ -1,14 +1,14 @@
 output "vnet_id" {
-  value = module.vpc.vnet_id
+  value = module.vpc.resource_id
 }
 output "vnet_name" {
-  value = module.vpc.vnet_name
+  value = module.vpc.name
 }
 output "vnet_address_space" {
-  value = module.vpc.vnet_address_space
+  value = module.vpc.address_spaces
 }
 output "vnet_subnets" {
-  value = module.vpc.vnet_subnets
+  value = module.vpc.subnets
 }
 
 output "public_subnet_id" {
diff --git a/terraform/azure/internal-modules/azure-network/variables.tf b/terraform/azure/internal-modules/azure-network/variables.tf
@@ -1,6 +1,10 @@
 #
 # Variables for all resources
 #
+variable "resource_group_id" {
+  description = "ID of Resource Group for all resources"
+  type        = string
+}
 variable "resource_group_name" {
   description = "Name of Resource Group for all resources"
   type        = string
diff --git a/terraform/azure/internal-modules/azure-network/versions.tf b/terraform/azure/internal-modules/azure-network/versions.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.0, < 4.0"
+      version = ">= 4.0, < 5.0"
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,7 @@`
	`1`	`+output "resource_name_prefix" {`
	`2`	`+ value = local.name`
	`3`	`+}`
	`4`	`+`
`1`	`5`	`output "vpc_id" {`
`2`	`6`	`value = module.vpc.vnet_id`
`3`	`7`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`provider "azurerm" {`
`2`		`- skip_provider_registration = true`
	`2`	`+ resource_provider_registrations = "none"`
`3`	`3`	`features {`
`4`	`4`	`resource_group {`
`5`	`5`	`prevent_deletion_if_contains_resources = false`
`@@ -8,4 +8,6 @@ provider "azurerm" {`
`8`	`8`	`delete_os_disk_on_deletion = true`
`9`	`9`	`}`
`10`	`10`	`}`
	`11`	`+`
	`12`	`+ # subscription_id = "00000000-0000-0000-0000-000000000000"`
`11`	`13`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@ terraform {`
`2`	`2`	`required_providers {`
`3`	`3`	`tailscale = {`
`4`	`4`	`source = "tailscale/tailscale"`
`5`		`- version = ">= 0.13.13"`
	`5`	`+ version = ">= 0.24"`
`6`	`6`	`}`
`7`	`7`	`}`
`8`	`8`	`}`
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ resource "azurerm_network_interface" "primary" {`
`19`	`19`	`internal_dns_name_label = "${var.machine_name}-primary"`
`20`	`20`	`ip_configuration {`
`21`	`21`	`subnet_id = var.primary_subnet_id`
`22`		`- name = "internal"`
	`22`	`+ name = "primary"`
`23`	`23`	`private_ip_address_allocation = "Dynamic"`
`24`	`24`	`public_ip_address_id = var.public_ip_address_id`
`25`	`25`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2,11 +2,7 @@ terraform {`
`2`	`2`	`required_providers {`
`3`	`3`	`azurerm = {`
`4`	`4`	`source = "hashicorp/azurerm"`
`5`		`- version = ">= 3.0, < 4.0"`
`6`		`- }`
`7`		`- tailscale = {`
`8`		`- source = "tailscale/tailscale"`
`9`		`- version = ">= 0.13.13"`
	`5`	`+ version = ">= 4.0, < 5.0"`
`10`	`6`	`}`
`11`	`7`	`}`
`12`	`8`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,14 +1,14 @@`
`1`	`1`	`output "vnet_id" {`
`2`		`- value = module.vpc.vnet_id`
	`2`	`+ value = module.vpc.resource_id`
`3`	`3`	`}`
`4`	`4`	`output "vnet_name" {`
`5`		`- value = module.vpc.vnet_name`
	`5`	`+ value = module.vpc.name`
`6`	`6`	`}`
`7`	`7`	`output "vnet_address_space" {`
`8`		`- value = module.vpc.vnet_address_space`
	`8`	`+ value = module.vpc.address_spaces`
`9`	`9`	`}`
`10`	`10`	`output "vnet_subnets" {`
`11`		`- value = module.vpc.vnet_subnets`
	`11`	`+ value = module.vpc.subnets`
`12`	`12`	`}`
`13`	`13`
`14`	`14`	`output "public_subnet_id" {`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,10 @@`
`1`	`1`	`#`
`2`	`2`	`# Variables for all resources`
`3`	`3`	`#`
	`4`	`+variable "resource_group_id" {`
	`5`	`+ description = "ID of Resource Group for all resources"`
	`6`	`+ type = string`
	`7`	`+}`
`4`	`8`	`variable "resource_group_name" {`
`5`	`9`	`description = "Name of Resource Group for all resources"`
`6`	`10`	`type = string`