azurerm_monitor_private_link_scoped_service makes undetected changes to private endpoint for azurerm_monitor_private_link_scope

[fgarcia-cnb]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.0.7

AzureRM Provider Version

3.98.0

Affected Resource(s)/Data Source(s)

azurerm_monitor_private_link_scope, azurerm_monitor_private_link_scoped_service, azurerm_private_endpoint

Terraform Configuration Files

resource "azurerm_monitor_private_link_scope" "ampls" {
  name                = "fgtest-ampls"
  resource_group_name = "dandrianov20210823-rg"
}

resource "azurerm_private_endpoint" "endpoint" {
  name                = "fgtest-ampls-azuremonitor-pe"
  resource_group_name = "dandrianov20210823-rg"
  location = "westus2"
  subnet_id = var.subnet_id

  private_service_connection {
    is_manual_connection           = false
    name                           = "fgtest-ampls-azuremonitor-pc"
    subresource_names              = ["azuremonitor"]
    private_connection_resource_id = azurerm_monitor_private_link_scope.ampls.id
  }
}

resource "azurerm_monitor_private_link_scoped_service" "ampls_svc" {
  name                = "fgtest-amplsservice"
  resource_group_name = "dandrianov20210823-rg"
  scope_name          = azurerm_monitor_private_link_scope.ampls.name
  linked_resource_id  = "resourceID"
}

Debug Output/Panic Output

None

Expected Behaviour

all resources are created fine... but the 3rd resource (azurerm_monitor_private_link_scoped_service) causes changes to the "custom_dns_configs" attribute of the private endpoint. however, terraform does not bring these changes into state... instead it detects them in the "Objects have changed outside of Terraform" part of the run.

Actual Behaviour

How can we get the private endpoint to see the additional custom dns entries created by azurerm_monitor_private_link_scoped_service?

Steps to Reproduce

No response

Important Factoids

No response

References

No response

[neil-yechenwei]

Thanks for raising this issue. Maybe adding "depends_on = [azurerm_monitor_private_link_scoped_service.ampls_svc]" in "azurerm_private_endpoint" and then recreating them is helpful.

[fgarcia-cnb]

nah, won't make a difference since the scope service doesnt present any new changes, and it doesnt detect the dns changes in the private endpoint