internal_load_balancer_enabled with value of falsein container app environment requires infrastructure_subnet_id value

[kawahara-titan]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.7.1

AzureRM Provider Version

3.96

Affected Resource(s)/Data Source(s)

azurerm_container_app_environment

Terraform Configuration Files

resource "azurerm_container_app_environment" "cae" {
  name                     = "cae"
  resource_group_name      = "myresourcegroup"
  location                 = "eastus"
  internal_load_balancer_enabled = false
  infrastructure_subnet_id = false ? module.vnet.subnet_ids["mysubnet"] : null
  workload_profile {
    name                  = "default"
    workload_profile_type = "D4"
    minimum_count         = 0
    maximum_count         = 2
  }
  lifecycle {
    ignore_changes = [tags]
  }
}

Debug Output/Panic Output

...
...
2024-03-18T15:50:52.959-0400 [TRACE] vertex "module.container_apps.local.env_secrets (expand)": visit complete
2024-03-18T15:50:52.959-0400 [TRACE] dag/walk: upstream of "module.container_apps.azurerm_container_app.container_app" errored, so skipping
2024-03-18T15:50:52.959-0400 [TRACE] dag/walk: upstream of "module.container_apps.output.latest_rev_fqdn (expand)" errored, so skipping
2024-03-18T15:50:52.959-0400 [TRACE] dag/walk: upstream of "module.container_apps (close)" errored, so skipping
2024-03-18T15:50:52.960-0400 [TRACE] dag/walk: upstream of "output.app_fqdns (expand)" errored, so skipping
2024-03-18T15:50:52.960-0400 [TRACE] dag/walk: upstream of "provider[\"registry.terraform.io/hashicorp/azurerm\"] (close)" errored, so skipping
2024-03-18T15:50:52.960-0400 [TRACE] dag/walk: upstream of "root" errored, so skipping
2024-03-18T15:50:52.960-0400 [TRACE] statemgr.Filesystem: removing lock metadata file .local-state.tfstate.lock.info
2024-03-18T15:50:52.960-0400 [TRACE] statemgr.Filesystem: unlocked by closing ./local-state.tfstate
╷
│ Error: Missing required argument
│
│   with azurerm_container_app_environment.cae,
│   on main_root.tf line 48, in resource "azurerm_container_app_environment" "cae":
│   48:   internal_load_balancer_enabled = false
│
│ "internal_load_balancer_enabled": all of `infrastructure_subnet_id,internal_load_balancer_enabled` must be specified
╵
2024-03-18T15:50:52.963-0400 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-03-18T15:50:52.988-0400 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/hashicorp/azurerm/3.96.0/windows_amd64/terraform-provider-azurerm_v3.96.0_x5.exe pid=38540
2024-03-18T15:50:52.988-0400 [DEBUG] provider: plugin exited

Expected Behaviour

If both internal_load_balancer_enabled and infrastructure_subnet_id are set to true, it works as expected. When set to false, I would expect the plan operation to not require infrastructure_subnet_id and therefore accept a null value.

Actual Behaviour

Receive the following error:

"internal_load_balancer_enabled": all of infrastructure_subnet_id,internal_load_balancer_enabled must be specified

Steps to Reproduce

terraform plan

Important Factoids

No response

References

No response

[Ledermayer]

I can confirm we are facing the same issue up to the latest provider version. (3.96.0 as of writing this)

We could work around by defining 2 resource blocks and conditionally create one of them:

# Default Container Apps Environment
resource "azurerm_container_app_environment" "caen" {
  # for_each = var.infrastructure_subnet_id == null ? toset(["default"]) : toset([])
  count = var.infrastructure_subnet_id == null ? 1 : 0

  name                                        = local.caen_name
  resource_group_name                         = var.resource_group_name
  location                                    = var.conventions.region
  tags                                        = local.tags
  dapr_application_insights_connection_string = var.dapr_application_insights_connection_string
  log_analytics_workspace_id                  = var.caen_log_analytics_workspace_id

  dynamic "workload_profile" {
    for_each = var.workload_profile == null ? [] : [1]
    content {
    name                  = var.workload_profile.workload_profile_name
    workload_profile_type = var.workload_profile.workload_profile_type
    maximum_count         = var.workload_profile.maximum_count
    minimum_count         = var.workload_profile.minimum_count
    }
  }

  infrastructure_resource_group_name          = var.workload_profile != null ? "${var.resource_group_name}-infra" : null 
}

AND

# VNET Integrated Container Apps Environment
resource "azurerm_container_app_environment" "caen_vnet" {
  # for_each = var.infrastructure_subnet_id != null ? toset(["vnet_integrated"]) : toset([])
  count = var.infrastructure_subnet_id != null ? 1 : 0

  name                                        = local.caen_name
  resource_group_name                         = var.resource_group_name
  location                                    = var.conventions.region
  tags                                        = local.tags
  dapr_application_insights_connection_string = var.dapr_application_insights_connection_string
  log_analytics_workspace_id                  = var.caen_log_analytics_workspace_id

  dynamic "workload_profile" {
    for_each = var.workload_profile == null ? [] : [1]
    content {
    name                  = var.workload_profile.workload_profile_name
    workload_profile_type = var.workload_profile.workload_profile_type
    maximum_count         = var.workload_profile.maximum_count
    minimum_count         = var.workload_profile.minimum_count
    }
  }

  infrastructure_resource_group_name          = var.workload_profile != null ? "${var.resource_group_name}-infra" : null
  infrastructure_subnet_id                    = var.infrastructure_subnet_id
  internal_load_balancer_enabled              = var.internal_load_balancer_enabled
  zone_redundancy_enabled                     = var.zone_redundancy_enabled

}