Migrate Dev Center Network Connection Module to AzAPI

- Updated the `dev_center_network_connection` module to use the `azapi` provider instead of `azurerm`.
- Modified `module.tf` to replace `azurerm_dev_center_network_connection` with `azapi_resource`.
- Adjusted output values in `output.tf` to reflect changes in resource type.
- Updated `README.md` and `variables.tf` to align with the new provider and resource structure.
- Enhanced configuration examples in `configuration.tfvars` for both enhanced and simple cases.
- Ensured compatibility with existing module interfaces while improving internal implementation.

Author: raffertyuy

CHANGES_SUMMARY.md

@@ -6,6 +6,30 @@ This document summarizes the updates made to the Azure DevCenter module to imple
 
 ## Latest Changes (July 28, 2025)
 
+### Dev Center Network Connection Module - AzAPI Migration
+- **Updated**: Migrated `dev_center_network_connection` module from azurerm to azapi provider
+- **Classification**: Improvement
+- **Breaking Change**: NO - Module interface remains the same, only internal implementation changed
+- **Files Modified**:
+  - `modules/dev_center_network_connection/module.tf`: 
+    - Replaced `azurerm` provider with `azapi` provider (version ~> 2.4.0)
+    - Updated resource from `azurerm_dev_center_network_connection` to `azapi_resource`
+    - Set resource type to `Microsoft.DevCenter/networkConnections@2025-02-01`
+    - Added `azapi_client_config` data source for subscription ID
+    - Restructured properties in `body` block following Azure REST API schema
+    - Added `response_export_values = ["properties"]` for proper output handling
+  - `modules/dev_center_network_connection/output.tf`:
+    - Updated output references from `azurerm_dev_center_network_connection.this` to `azapi_resource.this`
+    - Modified property access to use `azapi_resource.this.output.properties.*` pattern
+    - Added new outputs: `provisioning_state` and `health_check_status`
+    - Updated `resource_group_name` output to reference variable (azapi doesn't expose this)
+  - `modules/dev_center_network_connection/README.md`:
+    - Updated provider requirements to reference azapi instead of azurerm
+    - Added new output descriptions for provisioning_state and health_check_status
+    - Updated resource table to reflect azapi_resource usage
+- **Testing**: All examples remain compatible as module interface is unchanged
+- **Validation**: Terraform fmt and validate pass successfully
+
 ### Dev Center Environment Type Module - Complete Implementation
 - **Created**: Full implementation of the `dev_center_environment_type` module
 - **Files Created**:

docs/conventions.md

@@ -13,7 +13,7 @@ Each resource module follows a consistent file structure:
 ### Naming Conventions
 
 1. **Resource Naming**
-   - All resources use the Azure CAF naming module for consistent naming. This includes prefixing names with "azurerm_"
+   - All resources use the Azure CAF naming module for consistent naming. **IMPORTANT: This includes prefixing names with "azurerm_".**
    - Standard prefixes are applied through global settings
    - Resources are named using a combination of prefixes, resource type, and custom name
 

examples/dev_center_network_connection/enhanced_case/configuration.tfvars

@@ -14,44 +14,31 @@ global_settings = {
 # Resource Group Configuration
 resource_groups = {
   "dev_center_network_connection" = {
-    name     = "enhanced-dev-center-network-connection"
-    location = "East US 2"
+    name   = "enhanced-dev-center-network-connection"
+    region = "eastus"
     tags = {
       Purpose = "DevCenter Network Connection Enhanced Demo"
       Tier    = "Production"
     }
   }
 }
 
-# Virtual Network Configuration
-virtual_networks = {
-  "dev_center_vnet" = {
-    name          = "enhanced-dev-center-vnet"
-    location      = "East US 2"
-    address_space = ["172.16.0.0/16"]
-  }
-}
-
-# Subnet Configuration
-subnets = {
-  "dev_center_subnet" = {
-    name                 = "dev-center-hybrid-subnet"
-    address_prefixes     = ["172.16.10.0/24"]
-    virtual_network_name = "enhanced-dev-center-vnet"
-  }
-}
-
 # Dev Center Network Connection Configuration - Hybrid Azure AD Join
 dev_center_network_connections = {
   "enhanced_hybrid_connection" = {
     name             = "enhanced-hybrid-network-connection"
     domain_join_type = "HybridAzureADJoin"
-    # subnet_id will be populated at runtime
-    domain_name     = "corp.contoso.local"
-    domain_username = "svc-devcenter@corp.contoso.local"
-    # Note: In production, use Azure Key Vault for sensitive data
-    domain_password   = var.domain_password # Pass via environment variable
-    organization_unit = "OU=DevBoxes,OU=Computers,DC=corp,DC=contoso,DC=local"
+    subnet_id        = "/subscriptions/33e81e94-c18c-4d5a-a613-897c92b35411/resourceGroups/rg-alz-connectivity/providers/Microsoft.Network/virtualNetworks/alz-hub-eastus2/subnets/Sandbox"
+    resource_group = {
+      key = "dev_center_network_connection"
+    }
+    domain_join = {
+      domain_name              = "corp.contoso.local"
+      domain_username          = "svc-devcenter@corp.contoso.local"
+      organizational_unit_path = "OU=DevBoxes,OU=Computers,DC=corp,DC=contoso,DC=local"
+      # Note: In production, use Azure Key Vault for domain_password_secret_id
+      # domain_password_secret_id = "/subscriptions/.../vaults/vault/secrets/domain-password"
+    }
     tags = {
       Purpose    = "Production Development Environment"
       DomainJoin = "Hybrid"

examples/dev_center_network_connection/simple_case/configuration.tfvars

@@ -12,38 +12,23 @@ global_settings = {
 # Resource Group Configuration
 resource_groups = {
   "dev_center_network_connection" = {
-    name     = "example-dev-center-network-connection"
-    location = "West Europe"
+    name   = "example-dev-center-network-connection"
+    region = "eastus"
     tags = {
       Purpose = "DevCenter Network Connection Demo"
     }
   }
 }
 
-# Virtual Network Configuration
-virtual_networks = {
-  "dev_center_vnet" = {
-    name          = "example-dev-center-vnet"
-    location      = "West Europe"
-    address_space = ["10.0.0.0/16"]
-  }
-}
-
-# Subnet Configuration
-subnets = {
-  "dev_center_subnet" = {
-    name                 = "dev-center-subnet"
-    address_prefixes     = ["10.0.1.0/24"]
-    virtual_network_name = "example-dev-center-vnet"
-  }
-}
-
 # Dev Center Network Connection Configuration
 dev_center_network_connections = {
   "example_connection" = {
     name             = "example-network-connection"
     domain_join_type = "AzureADJoin"
-    # subnet_id will be populated at runtime
+    subnet_id        = "/subscriptions/33e81e94-c18c-4d5a-a613-897c92b35411/resourceGroups/rg-alz-connectivity/providers/Microsoft.Network/virtualNetworks/alz-hub-eastus/subnets/Sandbox"
+    resource_group = {
+      key = "dev_center_network_connection"
+    }
     tags = {
       Purpose = "Development Environment"
     }

modules/dev_center_network_connection/README.md

@@ -1,6 +1,6 @@
 # Dev Center Network Connection Module
 
-This module manages an Azure Dev Center Network Connection using the `azurerm_dev_center_network_connection` resource.
+This module manages an Azure Dev Center Network Connection using the `azapi_resource` resource.
 
 ## Overview
 
@@ -82,14 +82,14 @@ module "dev_center_network_connection" {
 |------|---------|
 | terraform | >= 1.9.0 |
 | azurecaf | ~> 1.2.29 |
-| azurerm | ~> 4.0 |
+| azapi | ~> 2.4.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | azurecaf | ~> 1.2.29 |
-| azurerm | ~> 4.0 |
+| azapi | ~> 2.4.0 |
 
 ## Inputs
 
@@ -110,13 +110,16 @@ module "dev_center_network_connection" {
 | resource_group_name | The resource group name of the Dev Center Network Connection |
 | domain_join_type | The domain join type of the Dev Center Network Connection |
 | subnet_id | The subnet ID of the Dev Center Network Connection |
+| provisioning_state | The provisioning state of the Dev Center Network Connection |
+| health_check_status | The health check status of the Dev Center Network Connection |
 
 ## Resources
 
 | Name | Type |
 |------|------|
 | azurecaf_name.dev_center_network_connection | resource |
-| azurerm_dev_center_network_connection.this | resource |
+| azapi_resource.this | resource |
+| azapi_client_config.current | data source |
 
 ## Notes
 

modules/dev_center_network_connection/module.tf

@@ -5,9 +5,9 @@ terraform {
       source  = "aztfmod/azurecaf"
       version = "~> 1.2.29"
     }
-    azurerm = {
-      source  = "hashicorp/azurerm"
-      version = "~> 4.0"
+    azapi = {
+      source  = "Azure/azapi"
+      version = "~> 2.4.0"
     }
   }
 }
@@ -33,24 +33,43 @@ resource "azurecaf_name" "dev_center_network_connection" {
   use_slug      = var.global_settings.use_slug
 }
 
-resource "azurerm_dev_center_network_connection" "this" {
-  name                = local.network_connection_name
-  resource_group_name = var.resource_group_name
-  location            = var.location
-  domain_join_type    = var.dev_center_network_connection.domain_join_type
-  subnet_id           = var.dev_center_network_connection.subnet_id
+resource "azapi_resource" "this" {
+  type      = "Microsoft.DevCenter/networkConnections@2025-02-01"
+  name      = local.network_connection_name
+  location  = var.location
+  parent_id = "/subscriptions/${data.azapi_client_config.current.subscription_id}/resourceGroups/${var.resource_group_name}"
 
-  domain_name       = try(var.dev_center_network_connection.domain_name, null)
-  domain_password   = try(var.dev_center_network_connection.domain_password, null)
-  domain_username   = try(var.dev_center_network_connection.domain_username, null)
-  organization_unit = try(var.dev_center_network_connection.organization_unit, null)
+  body = {
+    properties = merge(
+      {
+        domainJoinType = var.dev_center_network_connection.domain_join_type
+        subnetId       = var.dev_center_network_connection.subnet_id
+      },
+      try(var.dev_center_network_connection.networking_resource_group_name, null) != null ? {
+        networkingResourceGroupName = var.dev_center_network_connection.networking_resource_group_name
+      } : {},
+      try(var.dev_center_network_connection.domain_join.domain_name, null) != null ? {
+        domainName = var.dev_center_network_connection.domain_join.domain_name
+      } : {},
+      try(var.dev_center_network_connection.domain_join.domain_username, null) != null ? {
+        domainUsername = var.dev_center_network_connection.domain_join.domain_username
+      } : {},
+      try(var.dev_center_network_connection.domain_join.organizational_unit_path, null) != null ? {
+        organizationUnit = var.dev_center_network_connection.domain_join.organizational_unit_path
+      } : {}
+    )
+  }
 
   tags = local.tags
 
+  response_export_values = ["properties"]
+
   # Ignore changes to system-managed tags that Azure automatically adds
   lifecycle {
     ignore_changes = [
       tags["hidden-title"]
     ]
   }
-}
+}
+
+data "azapi_client_config" "current" {}

modules/dev_center_network_connection/output.tf

@@ -1,29 +1,39 @@
 output "id" {
   description = "The ID of the Dev Center Network Connection"
-  value       = azurerm_dev_center_network_connection.this.id
+  value       = azapi_resource.this.id
 }
 
 output "name" {
   description = "The name of the Dev Center Network Connection"
-  value       = azurerm_dev_center_network_connection.this.name
+  value       = azapi_resource.this.name
 }
 
 output "location" {
   description = "The location of the Dev Center Network Connection"
-  value       = azurerm_dev_center_network_connection.this.location
+  value       = azapi_resource.this.location
 }
 
 output "resource_group_name" {
   description = "The resource group name of the Dev Center Network Connection"
-  value       = azurerm_dev_center_network_connection.this.resource_group_name
+  value       = var.resource_group_name
 }
 
 output "domain_join_type" {
   description = "The domain join type of the Dev Center Network Connection"
-  value       = azurerm_dev_center_network_connection.this.domain_join_type
+  value       = try(azapi_resource.this.output.properties.domainJoinType, null)
 }
 
 output "subnet_id" {
   description = "The subnet ID of the Dev Center Network Connection"
-  value       = azurerm_dev_center_network_connection.this.subnet_id
+  value       = try(azapi_resource.this.output.properties.subnetId, null)
+}
+
+output "provisioning_state" {
+  description = "The provisioning state of the Dev Center Network Connection"
+  value       = try(azapi_resource.this.output.properties.provisioningState, null)
+}
+
+output "health_check_status" {
+  description = "The health check status of the Dev Center Network Connection"
+  value       = try(azapi_resource.this.output.properties.healthCheckStatus, null)
 }

modules/dev_center_network_connection/variables.tf

@@ -22,19 +22,29 @@ variable "location" {
 variable "dev_center_network_connection" {
   description = "Configuration object for the Dev Center Network Connection"
   type = object({
-    name              = string
-    domain_join_type  = string
-    subnet_id         = string
-    domain_name       = optional(string)
-    domain_password   = optional(string)
-    domain_username   = optional(string)
-    organization_unit = optional(string)
-    tags              = optional(map(string))
+    name             = string
+    domain_join_type = string
+    subnet_id        = string
+    dev_center_id    = optional(string)
+    dev_center = optional(object({
+      key = string
+    }))
+    resource_group = optional(object({
+      key = string
+    }))
+    domain_join = optional(object({
+      domain_name               = string
+      domain_password_secret_id = optional(string)
+      domain_username           = string
+      organizational_unit_path  = optional(string)
+    }))
+    networking_resource_group_name = optional(string)
+    tags                          = optional(map(string), {})
   })
 
   validation {
-    condition     = contains(["AzureADJoin", "HybridAzureADJoin"], var.dev_center_network_connection.domain_join_type)
-    error_message = "Domain join type must be either 'AzureADJoin' or 'HybridAzureADJoin'."
+    condition     = contains(["AzureADJoin", "HybridAzureADJoin", "None"], var.dev_center_network_connection.domain_join_type)
+    error_message = "Domain join type must be one of: AzureADJoin, HybridAzureADJoin, None."
   }
 
   validation {

variables.tf

@@ -258,22 +258,34 @@ variable "dev_center_environment_types" {
 variable "dev_center_network_connections" {
   description = "Dev Center Network Connections configuration objects"
   type = map(object({
-    name          = string
-    dev_center_id = optional(string)
+    name             = string
+    domain_join_type = string
+    subnet_id        = string
+    dev_center_id    = optional(string)
     dev_center = optional(object({
       key = string
     }))
-    network_connection_resource_id = string
-    subnet_resource_id             = string
+    resource_group = optional(object({
+      key = string
+    }))
     domain_join = optional(object({
       domain_name               = string
       domain_password_secret_id = optional(string)
       domain_username           = string
       organizational_unit_path  = optional(string)
     }))
-    tags = optional(map(string), {})
+    networking_resource_group_name = optional(string)
+    tags                          = optional(map(string), {})
   }))
   default = {}
+
+  validation {
+    condition = alltrue([
+      for k, v in var.dev_center_network_connections : 
+      contains(["AzureADJoin", "HybridAzureADJoin", "None"], v.domain_join_type)
+    ])
+    error_message = "Domain join type must be one of: AzureADJoin, HybridAzureADJoin, None."
+  }
 }
 
 # tflint-ignore: terraform_unused_declarations