Private link service subnet modification exits with error during terraform plan

[BzSpi]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

When deploying a private link service, a change to the "subnet_id" of any ip configuration prevent plan to be generated. In my context, the subnet_id do not change but depends on a data source. It seems that a late evaluation is considered as a change here.

However, a change of attribute should either modify resource in-place or recreate it. Having a plan that exits with error code do not help fix the eventual original issue.

Terraform Version

1.2.3

AzureRM Provider Version

3.11.0

Affected Resource(s)/Data Source(s)

azurerm_private_link_service

Terraform Configuration Files

# My configuration is quite complex since it fetch data from a Kubernetes cluster, here's a simplified version

locals {
  desired_ip = "10.0.42.42"
}

data "azurerm_lb" "ilb" {
  name                = "kubernetes-internal"
  resource_group_name = "rg-xxxxx"
}

locals {
  desired_ipconfig = [for ip_config in data.azurerm_lb.ilb.frontend_ip_configuration : ip_config if ip_config.private_ip_address == local.desired_ip][0]
}

resource "azurerm_private_link_service" "internal_lb" {
  load_balancer_frontend_ip_configuration_ids = [
    local.aml_fe_ipconfig.id
  ]
  location            = var.location
  name                = "pls-xxxxx"
  resource_group_name = "rg-xxxxxx"
  nat_ip_configuration {
    name      = "primary"
    primary   = true
    subnet_id = local.desired_ipconfig.subnet_id
  }
}

Debug Output/Panic Output

During terraform plan

Error: Private Link Service "pls-xxxxxxx (Resource Group "rg-xxxxxx") nat_ip_configuration "primary" primary subnet_id once assigned can not be changed

  with module.aks_prov_bis.azurerm_private_link_service.internal_lb[0],
  on ../../../../../terraform-azurerm-aks/modules/provisioning/r-lb-private-link.tf line 1, in resource "azurerm_private_link_service" "internal_lb":
   1: resource "azurerm_private_link_service" "internal_lb" {

Expected Behaviour

Terraform plan should display with private link service resource replacement.

Actual Behaviour

Error preventing anymore operation

Steps to Reproduce

terraform plan

[rcskosir]

Thanks for opening this issue. Have you been able to try this on any of the more recent 3.x versions or on the new 4.x versions to see if this issue still persists?