Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Virtual Network Subnets being modified when no changes #27626

Open
1 task done
JackBruceShell opened this issue Oct 11, 2024 · 4 comments
Open
1 task done

Virtual Network Subnets being modified when no changes #27626

JackBruceShell opened this issue Oct 11, 2024 · 4 comments
Labels
service/network v/4.x

Comments

@JackBruceShell
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

Latest

AzureRM Provider Version

4.5.0

Affected Resource(s)/Data Source(s)

azurerm_virtual_network

Terraform Configuration Files

main.tf

module "dev-us-vnet" {
  source              = "./modules/virtual-network"
  vnet_name           = var.vnet_name
  location            = var.location
  resource_group_name = var.rg_name
  address_space       = var.vnet_address_space
  tags                = var.tags
  subnets = [
    {
      name                              = "${var.ASE_Subnet}"
      address_prefixes                  = "${var.ASE_Subnet_address}"
      security_group                    = module.dev-us-ase-nsg.id
      attach_to_nat_gateway             = false
      private_endpoint_network_policies = "Disabled"
      delegation_name                   = var.ASE_Subnet_Delegation_Name
      service_delegation_name           = var.ASE_Subnet_Service_Delegation_Name
      service_endpoints                 = var.ASE_Subnet_Service_Endpoints
    },
    {
      name                                          = "${var.PrivateLink_Subnet}"
      address_prefixes                              = "${var.PrivateLink_Subnet_address}"
      security_group                                = module.dev-us-pls-nsg.id
      attach_to_nat_gateway                         = false
      private_endpoint_network_policies             = "Disabled"
      private_link_service_network_policies_enabled = false
    },
    {
      name                  = "${var.AppGW_Subnet}"
      address_prefixes      = "${var.AppGW_Subnet_address}"
      security_group        = module.dev-us-appgw-nsg.id
      attach_to_nat_gateway = false
    },
    {
      name                              = "${var.Bastion_Subnet}"
      address_prefixes                  = "${var.Bastion_Subnet_address}"
      security_group                    = null
      attach_to_nat_gateway             = false
      private_endpoint_network_policies = "Disabled"
      service_endpoints                 = var.Bastion_Subnet_Service_Endpoints
    },
    {
      name                  = "${var.Runner_Subnet}"
      address_prefixes      = "${var.Runner_Subnet_address}"
      security_group        = module.dev-us-runner-nsg.id
      attach_to_nat_gateway = false
    }
  ]
}

env.tfvars

#-----------------------------------------------
# Virtual Network and Subnets
#-----------------------------------------------
vnet_name                          = "VNET-AIS-ENT-DEV-US-10.1.0.0-16"
vnet_address_space                 = ["10.1.0.0/16"]
ASE_Subnet                         = "SN-AIS-ENT-ASE-DEV-US-001"
ASE_Subnet_address                 = "10.1.2.0/24"
ASE_Subnet_Delegation_Name         = "Microsoft.Web/hostingEnvironments"
ASE_Subnet_Service_Delegation_Name = "Microsoft.Web/hostingEnvironments"
ASE_Subnet_Service_Endpoints       = ["Microsoft.AzureActiveDirectory", "Microsoft.AzureCosmosDB", "Microsoft.CognitiveServices", "Microsoft.ContainerRegistry", "Microsoft.EventHub", "Microsoft.KeyVault", "Microsoft.ServiceBus", "Microsoft.Sql", "Microsoft.Storage", "Microsoft.Web"]
AppGW_Subnet                       = "SN-AIS-ENT-APPGW-DEV-US-001"
AppGW_Subnet_address               = "10.1.1.0/24"
PrivateLink_Subnet                 = "SN-AIS-ENT-PLS-DEV-US-001"
PrivateLink_Subnet_address         = "10.1.3.0/24"
Bastion_Subnet                     = "AzureBastionSubnet"
Bastion_Subnet_address             = "10.1.4.0/24"
Bastion_Subnet_Service_Endpoints   = ["Microsoft.KeyVault", "Microsoft.ServiceBus"]
Runner_Subnet                      = "SN-AIS-ENT-RUNNER-DEV-US-001"
Runner_Subnet_address              = "10.1.5.0/24"

Debug Output/Panic Output

TF Apply output

# module.dev-us-vnet.azurerm_virtual_network.main will be updated in-place
  ~ resource "azurerm_virtual_network" "main" ***
        id                      = "/subscriptions/***/resourceGroups/RG-AIS-ENT-DEV-US-001/providers/Microsoft.Network/virtualNetworks/VNET-AIS-ENT-DEV-US-10.1.0.0-16"
        name                    = "VNET-AIS-ENT-DEV-US-10.1.0.0-16"
      ~ subnet                  = [
          - ***
              - address_prefixes                              = [
                  - "10.1.1.0/24",
                ]
              - default_outbound_access_enabled               = true
              - delegation                                    = []
              - id                                            = "/subscriptions/***/resourceGroups/RG-AIS-ENT-DEV-US-001/providers/Microsoft.Network/virtualNetworks/VNET-AIS-ENT-DEV-US-10.1.0.0-16/subnets/SN-AIS-ENT-APPGW-DEV-US-001"
              - name                                          = "SN-AIS-ENT-APPGW-DEV-US-001"
              - private_endpoint_network_policies             = "Disabled"
              - private_link_service_network_policies_enabled = true
              - security_group                                = "/subscriptions/***/resourceGroups/RG-AIS-ENT-DEV-US-001/providers/Microsoft.Network/networkSecurityGroups/NSG-AIS-ENT-APPGW-DEV-US-001"
              - service_endpoint_policy_ids                   = []
              - service_endpoints                             = [
                  - "Microsoft.KeyVault",
                ]
                # (1 unchanged attribute hidden)
            ***,
          - ***
              - address_prefixes                              = [
                  - "10.1.2.0/24",
                ]
              - default_outbound_access_enabled               = true
              - delegation                                    = [
                  - ***
                      - name               = "Microsoft.Web/hostingEnvironments"
                      - service_delegation = [
                          - ***
                              - actions = [
                                  - "Microsoft.Network/virtualNetworks/subnets/action",
                                ]
                              - name    = "Microsoft.Web/hostingEnvironments"
                            ***,
                        ]
                    ***,
                ]
              + private_endpoint_network_policies             = "Disabled"
              + private_link_service_network_policies_enabled = true
              + security_group                                = "/subscriptions/***/resourceGroups/RG-AIS-ENT-DEV-US-001/providers/Microsoft.Network/networkSecurityGroups/NSG-AIS-ENT-ASE-DEV-US-001"
              + service_endpoint_policy_ids                   = []
              + service_endpoints                             = [
                  + "Microsoft.AzureActiveDirectory",
                  + "Microsoft.AzureCosmosDB",
                  + "Microsoft.CognitiveServices",
                  + "Microsoft.ContainerRegistry",
                  + "Microsoft.EventHub",
                  + "Microsoft.KeyVault",
                  + "Microsoft.ServiceBus",
                  + "Microsoft.Sql",
                  + "Microsoft.Storage",
                  + "Microsoft.Web",
                ]
                # (1 unchanged attribute hidden)
            ***,
          + ***
              + address_prefixes                              = [
                  + "10.1.3.0/24",
                ]
              + default_outbound_access_enabled               = true
              + delegation                                    = []
              + id                                            = "/subscriptions/***/resourceGroups/RG-AIS-ENT-DEV-US-001/providers/Microsoft.Network/virtualNetworks/VNET-AIS-ENT-DEV-US-10.1.0.0-16/subnets/SN-AIS-ENT-PLS-DEV-US-001"
              + name                                          = "SN-AIS-ENT-PLS-DEV-US-001"
              + private_endpoint_network_policies             = "Disabled"
              + private_link_service_network_policies_enabled = false
              + security_group                                = "/subscriptions/***/resourceGroups/RG-AIS-ENT-DEV-US-001/providers/Microsoft.Network/networkSecurityGroups/NSG-AIS-ENT-PLS-DEV-US-001"
              + service_endpoint_policy_ids                   = []
              + service_endpoints                             = []
            ***,
          + ***
              + address_prefixes                              = [
                  + "10.1.4.0/24",
                ]
              + default_outbound_access_enabled               = true
              + delegation                                    = []
              + id                                            = "/subscriptions/***/resourceGroups/RG-AIS-ENT-DEV-US-001/providers/Microsoft.Network/virtualNetworks/VNET-AIS-ENT-DEV-US-10.1.0.0-16/subnets/AzureBastionSubnet"
              + name                                          = "AzureBastionSubnet"
              + private_endpoint_network_policies             = "Disabled"
              + private_link_service_network_policies_enabled = true
              + service_endpoint_policy_ids                   = []
              + service_endpoints                             = [
                  + "Microsoft.KeyVault",
                  + "Microsoft.ServiceBus",
                ]
            ***,
          + ***
              + address_prefixes                              = [
                  + "10.1.5.0/24",
                ]
              + default_outbound_access_enabled               = true
              + delegation                                    = []
              + id                                            = "/subscriptions/***/resourceGroups/RG-AIS-ENT-DEV-US-001/providers/Microsoft.Network/virtualNetworks/VNET-AIS-ENT-DEV-US-10.1.0.0-16/subnets/SN-AIS-ENT-RUNNER-DEV-US-001"
              + name                                          = "SN-AIS-ENT-RUNNER-DEV-US-001"
              + private_endpoint_network_policies             = "Disabled"
              + private_link_service_network_policies_enabled = true
              + security_group                                = "/subscriptions/***/resourceGroups/RG-AIS-ENT-DEV-US-001/providers/Microsoft.Network/networkSecurityGroups/NSG-AIS-ENT-RUNNER-DEV-US-001"
              + service_endpoint_policy_ids                   = []
              + service_endpoints                             = []
            ***,
        ]
        tags                    = ***
            "IsEnterpriseCoreResource" = "true"
            "businessunit"             = "DEV-US"
        ***
        # (8 unchanged attributes hidden)
    ***

Also causing a azurerm_private_dns_zone_virtual_network_link to be force replaced

# module.dev-us-ase.azurerm_private_dns_zone_virtual_network_link.main[0] must be replaced
-/+ resource "azurerm_private_dns_zone_virtual_network_link" "main" ***
      ~ id                    = "/subscriptions/***/resourceGroups/RG-AIS-ENT-DEV-US-001/providers/Microsoft.Network/privateDnsZones/ASE-AIS-ENT-DEV-US-001.appserviceenvironment.net/virtualNetworkLinks/vnetlink" -> (known after apply)
        name                  = "vnetlink"
      - tags                  = *** -> null
      ~ virtual_network_id    = "/subscriptions/***/resourceGroups/RG-AIS-ENT-DEV-US-001/providers/Microsoft.Network/virtualNetworks/VNET-AIS-ENT-DEV-US-10.1.0.0-16" -> (known after apply) # forces replacement
        # (3 unchanged attributes hidden)
    ***

Expected Behaviour

No changes to any subnets
azurerm_private_dns_zone_virtual_network_link is not force replaced

Actual Behaviour

Subnets are updated-in-place and shows that the ID of the subnet is changing but should not be happening.

Steps to Reproduce

terraform apply

Important Factoids

No response

References

hashicorp/terraform#35841
@JackBruceShell JackBruceShell mentioned this issue Oct 11, 2024
Closed
@neil-yechenwei
Copy link
Contributor

neil-yechenwei commented Oct 12, 2024
edited
Loading

Thanks for raising this issue. May I ask if the Virtual Network with Subnet is created with v3.x? Does this issue happen since TF azurerm provider is upgraded to v4.x?

@JackBruceShell
Copy link
Author

@neil-yechenwei

Yes this Virtual Network with Subnet was created with v3.x

We have only noticed this issue recently once Version 4 has been available, yes.

Thanks

@JackBruceShell
Copy link
Author

Hi @neil-yechenwei

Is there any updates here at all?

Thanks.

@JackBruceShell
Copy link
Author

Hi @neil-yechenwei

Can I please ask for an update?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
service/network v/4.x
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@neil-yechenwei @JackBruceShell