search

Azure / terraform-provider-azapi

Terraform provider for Azure Resource Manager Rest API
https://registry.terraform.io/providers/Azure/azapi/latest
Mozilla Public License 2.0
184 stars 48 forks source link

Problem with creation VNET link to the private dns zone #642

Open eking-go opened 3 days ago

eking-go commented 3 days ago

When I trying to create vnet link to private dns zone, I have got error

resource "azapi_resource" "az_pdzvnl" {
  type      = "Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01"
  name      = var.name
  parent_id = var.private_dns_zone_id
  location  = "global"

  body = jsonencode({
    properties = {
      virtualNetwork = {
        id = var.virtual_network_id
      }
    }
  })
}

Plan looks like:

# module.m.azapi_resource.az_pdzvnl will be created
  + resource "azapi_resource" "az_pdzvnl" {
      + body                      = jsonencode(
            {
              + properties = {
                  + virtualNetwork = {
                      + id = "/subscriptions/***/resourceGroups/rg-***/providers/Microsoft.Network/virtualNetworks/vnet-***"
                    }
                }
            }
        )
      + id                        = (known after apply)
      + ignore_casing             = false
      + ignore_missing_property   = true
      + location                  = "global"
      + name                      = "vnet-***"
      + output                    = (known after apply)
      + parent_id                 = "/subscriptions/***resourceGroups/rg-***/providers/Microsoft.Network/privateDnsZones/***.corp"
      + removing_special_chars    = false
      + schema_validation_enabled = true
      + type                      = "Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01"
    }

Error:

│ Error: Failed to create/update resource
│
│   with module.m.azapi_resource.az_pdzvnl,
│   on ../../azapi_resource/private_dns_zone_virtual_network_link/main.tf line 1, in resource "azapi_resource" "az_pdzvnl":
│    1: resource "azapi_resource" "az_pdzvnl" {
│
│ creating/updating Resource: (ResourceId
│ "/subscriptions/***/resourceGroups/rg-***/providers/Microsoft.Network/privateDnsZones/***/virtualNetworkLinks/vnet-***"
│ / Api Version "2020-06-01"): PUT
│ https://management.azure.com/subscriptions/***/resourceGroups/rg-***/providers/Microsoft.Network/privateDnsZones/***/virtualNetworkLinks/vnet-***
│ --------------------------------------------------------------------------------
│ RESPONSE 400: 400 Bad Request
│ ERROR CODE: BadRequest
│ --------------------------------------------------------------------------------
│ {
│   "code": "BadRequest",
│   "message": "The specified virtual network link registration setting is invalid."
│ }
│ --------------------------------------------------------------------------------
│

In debug output of terraform I see:

2024-10-16T14:21:17.214Z [DEBUG] provider.terraform-provider-azapi_v1.15.0: [DEBUG] Oct 16 14:21:17.214285 Retry: response 404
2024-10-16T14:21:17.214Z [DEBUG] provider.terraform-provider-azapi_v1.15.0: [DEBUG] Oct 16 14:21:17.214294 Retry: exit due to non-retriable status code
2024-10-16T14:21:17.214Z [DEBUG] provider.terraform-provider-azapi_v1.15.0: [DEBUG] Oct 16 14:21:17.214331 ResponseError: GET https://management.azure.com/subscriptions/***/resourceGroups/rg-***/providers/Microsoft.Network/privateDnsZones/***/virtualNetworkLinks/vnet-***
2024-10-16T14:21:17.214Z [DEBUG] provider.terraform-provider-azapi_v1.15.0: --------------------------------------------------------------------------------
2024-10-16T14:21:17.214Z [DEBUG] provider.terraform-provider-azapi_v1.15.0: RESPONSE 404: 404 Not Found
2024-10-16T14:21:17.214Z [DEBUG] provider.terraform-provider-azapi_v1.15.0: ERROR CODE: ResourceNotFound
2024-10-16T14:21:17.214Z [DEBUG] provider.terraform-provider-azapi_v1.15.0: --------------------------------------------------------------------------------
2024-10-16T14:21:17.214Z [DEBUG] provider.terraform-provider-azapi_v1.15.0: {
2024-10-16T14:21:17.214Z [DEBUG] provider.terraform-provider-azapi_v1.15.0:   "error": {
2024-10-16T14:21:17.214Z [DEBUG] provider.terraform-provider-azapi_v1.15.0:     "code": "ResourceNotFound",
2024-10-16T14:21:17.214Z [DEBUG] provider.terraform-provider-azapi_v1.15.0:     "message": "The Resource 'Microsoft.Network/privateDnsZones/***/virtualNetworkLinks/vnet-***' under resource group 'rg-***' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix"
2024-10-16T14:21:17.214Z [DEBUG] provider.terraform-provider-azapi_v1.15.0:   }
2024-10-16T14:21:17.214Z [DEBUG] provider.terraform-provider-azapi_v1.15.0: }
2024-10-16T14:21:17.214Z [DEBUG] provider.terraform-provider-azapi_v1.15.0: --------------------------------------------------------------------------------
2024-10-16T14:21:17.214Z [DEBUG] provider.terraform-provider-azapi_v1.15.0:
2024-10-16T14:21:17.214Z [ERROR] provider.terraform-provider-azapi_v1.15.0: Response contains error diagnostic: diagnostic_detail="creating/updating Resource: (ResourceId "/subscriptions/***/resourceGroups/rg-***/providers/Microsoft.Network/privateDnsZones/***/virtualNetworkLinks/vnet-***" / Api Version "2020-06-01"): PUT https://management.azure.com/subscriptions/***/resourceGroups/rg-***/providers/Microsoft.Network/privateDnsZones/***/virtualNetworkLinks/vnet-***
--------------------------------------------------------------------------------
RESPONSE 400: 400 Bad Request
ERROR CODE: BadRequest
--------------------------------------------------------------------------------
{
  "code": "BadRequest",
  "message": "The specified virtual network link registration setting is invalid."
}
--------------------------------------------------------------------------------

But all resources exists and ID are correct. I can create link to the private dns zone via portal without any errors. When I have checked logs on the portal I see only difference in:

<         "entity": "/subscriptions/***/resourceGroups/***/providers/Microsoft.Network/privateDnsZones/***/virtualNetworkLinks/vnet-***",
---
>         "entity": "/subscriptions/***/resourcegroups/***/providers/Microsoft.Network/privateDnsZones/***/virtualNetworkLinks/vnet-***",

resourceGroups => resourcegroups

Could you check it?

ms-henglu commented 1 day ago

Hi @eking-go ,

Thank you for taking time to report this issue.

I have an example of how to use this resource, hope it could help you deploy this resource: https://github.com/Azure/terraform-provider-azapi/blob/main/examples/Microsoft.Network_privateDnsZones_virtualNetworkLinks%402018-09-01/main.tf

eking-go commented 1 day ago

Hi, @ms-henglu

Thank you for your answer!

I tried to change my module code like in your example:

resource "azapi_resource" "az_pdzvnl" {
  type      = "Microsoft.Network/privateDnsZones/virtualNetworkLinks@2018-09-01"
  name      = var.name
  parent_id = var.private_dns_zone_id
  location  = "global"

  body = jsonencode({
    properties = {
      virtualNetwork = {
        registrationEnabled = false
        id = var.virtual_network_id
      }
    }
  })
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

But it hasn't helped. I have got the same error. One more thing - the private DNS zone and the VNET in my case located in different subscriptions. This is the main reason why I use azapi provider, because with azurerm provider all works as expected but I have to initialize 2 providers for each subscription. But for some reason I don't want to have aliases.

BTW, for Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks which also located in the different subscription relative to the VNET all works as expected without any issues.