Cannot create Postgres Flexible Server with private networking

BeneHa commented 2 weeks ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.9.1

AzureRM Provider Version

3.110.0

Affected Resource(s)/Data Source(s)

azurerm_postgresql_flexible_server

Terraform Configuration Files

resource "azurerm_resource_group" "rg" {
  name     = "demo"
  location = "westeurope"
}

resource "azurerm_postgresql_flexible_server" "this" {
  name                          = "postgrestest"
  resource_group_name           = azurerm_resource_group.rg.name
  location                      = azurerm_resource_group.rg.location
  version                       = "16"
  #delegated_subnet_id           = null 
  private_dns_zone_id           = var.private_dns_zone.id
  administrator_login           = "admin_user"
  administrator_password        = "admin_pw"
  backup_retention_days         = 35
  storage_mb   = 32768
  storage_tier = "P30"
  sku_name   = "GP_Standard_D4s_v3"
  public_network_access_enabled = false
}

Debug Output/Panic Output

│ Error: creating Flexible Server (Subscription: "xxxxxx"
│ Resource Group Name: "demo"
│ Flexible Server Name: "postgrestest"): performing Create: unexpected status 400 (400 Bad Request) with error: EmptyDelegatedSubnetResourceId: The provided Delegated Subnet ARM resource ID should not be empty for servers with Virtual Network access.

Expected Behaviour

Postgres database should be created without public network and without delegated subnet. I want to create it with a private endpoint so I do not need public networking and I also do not need a delegated subnet. If I comment out the private dns zone, create the server and then add the line again and apply again, it works. But this is not a viable approach if I want to create a re-usable module.

Actual Behaviour

Error message see above.

Steps to Reproduce

No response

Important Factoids

No response

References

No response

neil-yechenwei commented 2 weeks ago

Thanks for raising this issue. The error message is returned by service API. So it's service API limitation, which means service API doesn't allow it.

BeneHa commented 2 weeks ago

Thanks for raising this issue. The error message is returned by service API. So it's service API limitation, which means service API doesn't allow it.

So if it is an issue with the Azure API, where do I raise an issue about this?

BeneHa commented 1 week ago

So this issue was a misunderstanding on my part. When you want to create a private Postgres Flexible Server you do not need to configure delegated subnet or private dns zone on the postgres resource. Just skip both parameters and set the private DNS zone on the private endpoint and it works fine.

hashicorp / terraform-provider-azurerm