'azurerm_kusto_cluster' resource applies 'virtual_network_configuration' even if it is present in the 'ignore_changes' block

[kshilovskiy]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.5.7

AzureRM Provider Version

3.89.0

Affected Resource(s)/Data Source(s)

azurerm_kusto_database

Terraform Configuration Files

resource "azurerm_kusto_cluster" "adx_cluster" {
  name                        = replace(substr("dpadx${var.environment_name}", 0, 22), "-", "")
  location                    = var.location
  resource_group_name         = var.rg_name
  zones                       = var.adx_cluster.zones
  disk_encryption_enabled     = true
  tags                        = var.tags
  streaming_ingestion_enabled = true
  auto_stop_enabled           = false
  sku {
    name = var.adx_cluster.sku_name
  }

  language_extensions = var.extensions

  optimized_auto_scale {
    minimum_instances = var.adx_cluster.minimum_instances
    maximum_instances = var.adx_cluster.maximum_instances
  }

  allowed_ip_ranges = local.ip_ranges

  identity {
    type = "SystemAssigned"
  }

  lifecycle {
    ignore_changes = [
      sku,
      optimized_auto_scale,
      virtual_network_configuration
    ]
  }
}

Debug Output/Panic Output

GET /subscriptions/MY_SUBSCRIPTION/resourceGroups/core-staging/providers/Microsoft.Kusto/clusters/MY_CLUSTER?api-version=2023-08-15 HTTP/1.1
Host: management.azure.com
User-Agent: Go/go1.21.3 (amd64-darwin) go-autorest/v14.2.1 hashicorp/go-azure-sdk/clusters/2023-08-15 HashiCorp Terraform/1.5.7 (+https://www.terraform.io) Terraform Plugin SDK/2.10.1 terraform-provider-azurerm/3.85.0 pid-222c6c49-1b0a-5959-a213-6608f9eb8820
Content-Type: application/json; charset=utf-8
X-Ms-Correlation-Request-Id: 463f396c-94d1-8779-3604-3da0d0ba1a9c
Accept-Encoding: gzip: timestamp=2024-02-01T11:18:23.978+0100
2024-02-01T11:18:24.344+0100 [DEBUG] provider.terraform-provider-azurerm_v3.85.0_x5: AzureRM Response for https://management.azure.com/subscriptions/MY_SUBSCRIPTION/resourceGroups/core-staging/providers/Microsoft.Kusto/clusters/MY_CLUSTER?api-version=2023-08-15: 
HTTP/2.0 200 OK
Content-Length: 2799
Cache-Control: no-cache
Content-Type: application/json; charset=utf-8
Date: Thu, 01 Feb 2024 10:18:23 GMT
Etag: "2024-02-01T10:18:15.1921590Z"
Expires: -1
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Cache: CONFIG_NOCACHE
X-Content-Type-Options: nosniff
X-Ms-Correlation-Request-Id: 463f396c-94d1-8779-3604-3da0d0ba1a9c
X-Ms-Ratelimit-Remaining-Subscription-Resource-Requests: 298
X-Ms-Request-Id: 8a5e088c-0674-4be4-a9ce-3a68d25e3070
X-Ms-Routing-Request-Id: GERMANYNORTH:20240201T101824Z:169aebb3-d111-4eab-8b26-a8f0ad2086d4
X-Msedge-Ref: Ref A: 99552A4E016642C9BE0E9A070CA2F570 Ref B: FRA231050413037 Ref C: 2024-02-01T10:18:24Z

{"id":"/subscriptions/MY_SUBSCRIPTION/resourceGroups/core-staging/providers/Microsoft.Kusto/Clusters/MY_CLUSTER","name":"MY_CLUSTER","type":"Microsoft.Kusto/Clusters","etag":"\"2024-02-01T10:18:15.1921590Z\"","location":"West Europe","sku":{"name":"Standard_L8s_v3","tier":"Standard","capacity":2},"tags":{"GITC-ProdStage":"false","environment":"staging","project":"data-platform"},"properties":{"state":"Updating","stateReason":"","uri":"https://MY_CLUSTER.westeurope.kusto.windows.net","dataIngestionUri":"https://ingest-MY_CLUSTER.westeurope.kusto.windows.net","trustedExternalTenants":[{"value":"*"}],"virtualNetworkConfiguration":{"state":"Disabled","subnetId":"/subscriptions/MY_SUBSCRIPTION/resourceGroups/core-staging/providers/Microsoft.Network/virtualNetworks/main-vnet-we-staging/subnets/adx-subnet-we-staging","enginePublicIpId":"/subscriptions/MY_SUBSCRIPTION/resourceGroups/core-staging/providers/Microsoft.Network/publicIPAddresses/adx-dp-engine-ip-staging","dataManagementPublicIpId":"/subscriptions/MY_SUBSCRIPTION/resourceGroups/core-staging/providers/Microsoft.Network/publicIPAddresses/adx-dp-ip-staging"},"optimizedAutoscale":{"version":1,"isEnabled":true,"minimum":2,"maximum":6},"enableDiskEncryption":true,"enableStreamingIngest":true,"keyVaultProperties":null,"languageExtensions":{"value":[{"languageExtensionName":"PYTHON","languageExtensionImageName":"Python3_6_5","languageExtensionCustomImageName":null}]},"enablePurge":false,"enableDoubleEncryption":false,"engineType":"V3","acceptedAudiences":[],"restrictOutboundNetworkAccess":"Disabled","allowedFqdnList":[],"publicNetworkAccess":"Enabled","allowedIpRangeList":["212.114.159.234","188.192.105.40","81.164.217.88","104.28.62.57"],"enableAutoStop":false,"publicIPType":"IPv4","virtualClusterGraduationProperties":null,"privateEndpointConnections":[{"name":"dp-adx-pe-staging-352b0e7e-fdff-43b0-86ec-773ef2bc131d","type":"Microsoft.Kusto/Clusters/privateEndpointConnections","id":"/subscriptions/MY_SUBSCRIPTION/resourceGroups/core-staging/providers/Microsoft.Kusto/Clusters/MY_CLUSTER/privateEndpointConnections/dp-adx-pe-staging-352b0e7e-fdff-43b0-86ec-773ef2bc131d","properties":{"provisioningState":"Succeeded","groupId":"cluster","privateEndpoint":{"id":"/subscriptions/MY_SUBSCRIPTION/resourceGroups/core-staging/providers/Microsoft.Network/privateEndpoints/dp-adx-pe-staging"},"privateLinkServiceConnectionState":{"status":"Approved","description":"","actionsRequired":"None"}}}],"migrationCluster":null,"provisioningState":"Running"},"identity":{"principalId":"95c3afa1-7d41-4bc8-924b-13f35617809f","tenantId":"MY_TENANT","type":"SystemAssigned"}}: timestamp=2024-02-01T11:18:24.344+0100

Expected Behaviour

state property of the virtualNetworkConfiguration is not changed when virtual_network_configuration block is present in the ignore_changes block.

Actual Behaviour

state property of the virtualNetworkConfiguration is not present in the state. So, when the state is applied, even if virtual_network_configuration block is present in the ignore_changes, the cluster is restored to the enabled virtual network configuration state. Therefore there is no way to disable virtualNetworkConfiguration without re-creating the cluster.

Steps to Reproduce

1. Create a cluster with virtual network enabled via terraform apply
2. Click Migrate button in Azure Portal. This will change the virtualNetworkConfiguration.state to Disabled
3. Add virtual_network_configuration block to the ignore_changes lifecycle block
4. Run terraform apply

Important Factoids

No response

References

No response

[liuwuliuyun]

Hi @kshilovskiy, thanks for raising this issue. We are workinng on solving this issue by including state property in the kusto cluster. I will link the PR to this issue later.

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.