`azurerm_lb_backend_address_pool` can't be replaced when in use

[jacky9813]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.7.4

AzureRM Provider Version

3.93.0

Affected Resource(s)/Data Source(s)

azurerm_linux_virtual_machine_scale_set, azurerm_lb_backend_address_pool

Terraform Configuration Files

resource "azurerm_linux_virtual_machine_scale_set" "example-vmss" {
    name = "example-vmss"
    location = azurerm_resource_group.example.location
    resource_group_name = azurerm_resource_group.example.name

    instances = 2

    sku = "Standard_B1s"
    source_image_reference {
        publisher = "Canonical"
        sku = "22_04-lts"
        offer = "0001-com-ubuntu-server-jammy"
        version = "latest"
    }
    os_disk {
        caching = "ReadWrite"
        storage_account_type = "Standard_LRS"
    }
    network_interface {
        name = "example-vmss-nic"
        network_security_group_id = azurerm_network_security_group.example-vmss-nsg.id
        primary = true
        ip_configuration {
            name = "example-vmss-nic-ipconf"
            subnet_id = azurerm_subnet.vm-subnet.id
            primary = true
            application_security_group_ids = [
                azurerm_application_security_group.example-vmss-asg.id
            ]
            load_balancer_backend_address_pool_ids = [
                azurerm_lb_backend_address_pool.example_address_pool.id
            ]
        }
    }

    disable_password_authentication = true
    admin_username = "admin"
    admin_ssh_key {
        username = "admin"
        public_key = file("~/.ssh/id_rsa.pub")
    }
}

resource "azurerm_public_ip" "example-lb-ext-ip" {
    name = "example-lb-ext-ip"
    resource_group_name = azurerm_resource_group.example.name
    location = azurerm_resource_group.example.location
    allocation_method = "Static"
    sku = "Standard"
}

resource "azurerm_lb" "example-lb" {
    name = "example-lb"
    resource_group_name = azurerm_resource_group.example.name
    location = azurerm_resource_group.example.location

    sku = "Standard"

    frontend_ip_configuration {
        name = "example-lb-frontend"
        public_ip_address_id = azurerm_public_ip.example-lb-ext-ip.id
    }
}

resource "azurerm_lb_backend_address_pool" "example-lb-be-address-pool" {
    name = "example-lb-be-address-pool"
    loadbalancer_id = azurerm_lb.example-lb.id
}

Debug Output/Panic Output

2024-03-06T18:30:30.003+0800 [ERROR] provider.terraform-provider-azurerm_v3.93.0_x5: Response contains error diagnostic:
  diagnostic_summary=
  | deleting Load Balancer Backend Address Pool (Subscription: "<REDACTED>"
  | Resource Group Name: "<REDACTED>"
  | Load Balancer Name: "example-lb"
  | Backend Address Pool Name: "example-lb-be-address-pool"): performing LoadBalancerBackendAddressPoolsDelete: unexpected status 400 with error: LoadBalancerBackendAddressPoolInUseByVirtualMachineScaleSet: Cannot remove backend address pool example-lb-be-address-pool from load balancer since it is in use by virtual machine scale set /subscriptions/<REDACTED>/resourceGroups/<REDACTED>/providers/Microsoft.Compute/virtualMachineScaleSets/example-vmss.
   tf_provider_addr=provider tf_resource_type=azurerm_lb_backend_address_pool @module=sdk.proto diagnostic_detail="" tf_req_id=afb22b8f-5f14-9af2-02f4-e818d11f69c4 diagnostic_severity=ERROR @caller=github.com/hashicorp/terraform-plugin-go@v0.19.0/tfprotov5/internal/diag/diagnostics.go:58 tf_proto_version=5.4 tf_rpc=ApplyResourceChange timestamp="2024-03-06T18:30:30.003+0800"

Expected Behaviour

1. VMSS should remove backend address pool first, then
2. Replace the backend address pool.
3. After new backend address pool is created, set this pool to VMSS.

Similar result will also occur for application gateway as well.

Actual Behaviour

Terraform tries to remove backend address pool, which is in use at the moment, and failed to do so.

Steps to Reproduce

1. terraform apply
2. Change the name of the backend address pool
3. terraform apply
4. Failed

Important Factoids

No response

References

No response

[jacky9813]

A new resource like azurerm_lb_backend_address_pool_vmss_assignment would be really helpful, as this new resource can be set to depend on the existence of azurerm_lb_backend_address_pool, for example:

resource "azurerm_lb_backend_address_pool_vmss_assignment" "example-be-address-pool-vmss" {
    pool_id = azurerm_lb_backend_address_pool.example-be-address-pool.id
    scale_set_id = azurerm_linux_virtual_machine_scale_set.example-vmss.id
}

This resource should be replaced when the value of either pool_id or scale_set_id is changed, which should make Terraform destroy this relationship first before destroying backend address pool.