azurerm_postgresql_flexible_server generates inconsistent fqdn using private DNS zone

[theitalianz]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v1.1.7
on linux_amd64
+ provider registry.terraform.io/hashicorp/azuread v2.19.1
+ provider registry.terraform.io/hashicorp/azurerm v2.99.0
+ provider registry.terraform.io/hashicorp/helm v2.4.1
+ provider registry.terraform.io/hashicorp/random v3.1.0
+ provider registry.terraform.io/hashicorp/tls v3.1.0
+ provider registry.terraform.io/microsoft/azuredevops v0.2.0

Affected Resource(s)

• azurerm_postgresql_flexible_server

Terraform Configuration Files

# Module foo
resource "azurerm_private_dns_zone" "this" {
  name                = "foo.postgres.database.azure.com"
  resource_group_name = azurerm_resource_group.this.name
}

# Module bar
resource "azurerm_postgresql_flexible_server" "this" {
  name                   = "bar"
  resource_group_name    = azurerm_resource_group.this.name
  location               = azurerm_resource_group.this.location
  version                = "13"
  administrator_login    = "..."
  administrator_password = random_password.admin.result
  backup_retention_days  = 7
  storage_mb             = 32768
  delegated_subnet_id    = var.subnet_id
  private_dns_zone_id    = var.private_dns_zone_id
  sku_name               = "GP_Standard_D2ds_v4"
}

output "fqdn" {
  value = azurerm_postgresql_flexible_server.this.fqdn
}

Debug Output

Panic Output

Expected Behaviour

A record name to be bar and fqdn output to be bar.foo.postgres.database.azure.com

Actual Behaviour

Generated A record has a random name and fqdn is bar.postgres.database.azure.com

Steps to Reproduce

1. terraform apply

Important Factoids

Private DNS and subnet are defined in a separate Terraform modules

References

[theitalianz]

DNS is resolved just fine anyway, closing.

[nkm269]

@theitalianz even we faced same issue.. what is the resolution please ?

[theitalianz]

@nkm269 I think the A record can be ignored, the fqdn works fine in the internal network. Just try to ping it and it will resolve to the correct internal IP.

[nkm269]

theitalianz Thank you the update. Yeah it works fine when we ping it. But any idea why it is creating with the inconsistent name?

[theitalianz]

@nkm269 not sure tbh. I created a pg flexible via the UI and the name of the A record was consistent with the name given to the server. I'm gonna reopen the issue. You could :+1: if you want to.

[nkm269]

theitalianz

Ok.. Yes please reopen the issue.

[nkm269]

theitalianz Thank you

[riesbl01]

Seeing the issue in my environment as well. Need the private a records to be consistent with the fqdn so that I can programmatically pull the IP down from azure and create a public DNS a record to the same IP, for onprem dns resolution. Script breaks when private a record is randomly named.

[neil-yechenwei]

@theitalianz , thanks for raising this issue.

A record name (b8701f0c730) is automatically generated at backend service by private dns zone service according to some rule. So I assume it's by API design.

The name (b8701f0c730.foo.postgres.database.azure.com.) of private dns zone service you see in azure portal and the fqdn (bar.postgres.database.azure.com) of postgresql flexible server are different thing. So I assume it's by API design.

[Milindkg97]

Is there an update on this bug ? @katbyte

[teo113]

Also seeing this when using Portal to create PostgreSQL flexible server attached to a Private DNS Zone:

However, no issue observed for me, resolving FQDNs from on-premise to Azure (using DNS Private Resolver in our Hub VNet).

[ajostergaard]

I have worked around this issue using below to get the actual private FQDN into TF (data.external.pgsql_fqdn.result.fqdn):

data "external" "pgsql_fqdn" {
  program = ["./fetch_pgsql_fqdn.sh"]

  query = {
    resource_group_name = azurerm_private_dns_zone.pgsql.resource_group_name
    zone_name           = azurerm_private_dns_zone.pgsql.name
  }
}

Script is:

#!/bin/bash
set -e
eval "$(jq -r '@sh "RG=\(.resource_group_name) ZONE=\(.zone_name)"')"
az network private-dns record-set a list -z $ZONE -g $RG | jq '{"fqdn":.[0].fqdn}'