Open ChrisCalzaretta opened 1 year ago
This duplicates to https://github.com/hashicorp/terraform-provider-azurerm/issues/17863. The error presumably indicates a DNS resolve error, and please ensure your environment (running terraform
) can access the subnet specified in the PE, and no NSR (or the alikes) to block the access.
As said in this comment, I think the azurerm provider should avoid touching the dataplane if not required (i.e. if your are not manipulating actual data). The reason behind this is that your deployment infra should not have permissions to reach the dataplane unless necessary. Also any misconfiguration will lead to a dead state as your KV resource cannot be refreshed anymore.
Additionally, this certificates fetching seems to have been designed as a best-effort as if 403/404 are received it is ignored, thus seems legit to have it ignored in case of resolution failure, meaning the access to the KV is also denied to the user/SP in some way.
Still relevant today, worst part as a comment above is that your state file will always fail as it can't reach this data place. Manual steps are then needed to resolve, becomes very confusing with pipeline runs failing.
Is there an existing issue for this?
Community Note
We are trying to change anything with private link resource on the keyvault network.
Terraform Version
1.5
AzureRM Provider Version
latest
Affected Resource(s)/Data Source(s)
azurerm, azuread
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
that it would update the output
Actual Behaviour
while reading the state the error happens.. we dont get to the plan
Steps to Reproduce
terraform init works terraform plan fails
Important Factoids
No response
References
No response