The input variable private_dns_zone_id = "None" not acceptable. It allows only null. As per the Description, it says null or "None" but it is not accepting and give the error.

[skhati96]

Is there an existing issue for this?

• I have searched the existing issues

Greenfield/Brownfield provisioning

greenfield

Terraform Version

1.7.4

Module Version

10.2.0

AzureRM Provider Version

"~> =3.0"

Affected Resource(s)/Data Source(s)

Global Private DNS Zone is getting created for a Private AKS

Terraform Configuration Files

terraform {
  required_version = ">= 1.0.0"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 3.0"
    }
    azuread = {
      source  = "hashicorp/azuread"
      version = "~> 3.0"
    }
    kubernetes = {
      source  = "hashicorp/kubernetes"
      version = "~> 2.0"
    }
    helm = {
      source  = "hashicorp/helm"
      version = "~> 3.0"
    }
  }
}

provider "azurerm" {
  features {}
}

# Provider for DNS zone (different subscription)
provider "azurerm" {
  alias           = "dns"
  subscription_id = "<subscription id>"
  features {}
}

tfvars variables values

NA because I am directly passing passing value as below
private_dns_zone_id = "None"

Debug Output/Panic Output

on .terraform/modules/aks.aks/main.tf line 661, in resource "azurerm_kubernetes_cluster" "main":
│  661:       condition     = var.private_dns_zone_id == null ? true : (anytrue([for r in local.valid_private_dns_zone_regexs : try(regex(r, local.private_dns_zone_name) == local.private_dns_zone_name, false)]))
│     ├────────────────
│     │ local.private_dns_zone_name is "None"
│     │ local.valid_private_dns_zone_regexs is tuple with 4 elements
│     │ var.private_dns_zone_id is "None"
│ 
│ According to the
│ [document](https://learn.microsoft.com/en-us/azure/aks/private-clusters?tabs=azure-portal#configure-a-private-dns-zone),
│ the private DNS zone must be in one of the following format:
│ `privatelink.<region>.azmk8s.io`,
│ `<subzone>.privatelink.<region>.azmk8s.io`, `private.<region>.azmk8s.io`,
│ `<subzone>.private.<region>.azmk8s.io`
╵

Expected Behaviour

No response

Actual Behaviour

No response

Steps to Reproduce

No response

Important Factoids

No response

References

No response

[lonegunmanb]

@skhati96 thanks for reporting this issue to us. The error message showed:

│ the private DNS zone must be in one of the following format:
│ `privatelink.<region>.azmk8s.io`,
│ `<subzone>.privatelink.<region>.azmk8s.io`, `private.<region>.azmk8s.io`,
│ `<subzone>.private.<region>.azmk8s.io`

If you don't want to set the private_dns_zone_id please set it to null instead of "None", thanks!

[lonegunmanb]

@skhati96 I've checked the git log, you're correct, the description is incorrect from the first commit. I'll open a pr to fix it.