Plan and apply for Key Vault takes over 5 minute when KV is using private connection that's not available from plan/apply runner.

[Hi-Fi]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.9.4

AzureRM Provider Version

3.114.0

Affected Resource(s)/Data Source(s)

azurerm_key_vault

Terraform Configuration Files

# Configure the Azure provider
terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 3.115.0"
    }
  }

  required_version = ">= 1.1.0"
}

provider "azurerm" {
  skip_provider_registration = true
  features {
    key_vault {
      purge_soft_delete_on_destroy    = true
      recover_soft_deleted_key_vaults = true
    }
  }
}

data "azurerm_client_config" "current" {}

resource "azurerm_key_vault" "example" {
  name                        = "private-kv-bug-example"
  location                    = "southcentralus"
  resource_group_name         = "1-2fbd0efa-playground-sandbox"
  tenant_id                   = data.azurerm_client_config.current.tenant_id
  soft_delete_retention_days  = 7
  purge_protection_enabled    = false
  public_network_access_enabled = false
  sku_name = "standard"
}

Debug Output/Panic Output

https://gist.github.com/Hi-Fi/158e925330134678af1c0001b546d265

Expected Behaviour

When creating or updading KV, only control plane operations should be used.

Actual Behaviour

As we have common DNS which server names from DNS across all segregated networks, KV IP is resolved from network which is not accessible (as it shouldn't be for dataplane operations). This causes plan and apply to take about 5 minutes just hanging before continuing.

This probably relates at least to contacts update, as similar waiting was not present with version 3.103.1.

Steps to Reproduce

1. terraform apply
2. Add to hosts file the KV hostname with IP e.g. 10.254.254.254 (IP that shouldn't be reachable)
3. terrafrom plan

Even without changes plan takes now around 5 minutes. Log has just:

2024-08-16T07:50:17.912+0300 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"

Important Factoids

No response

References

No response

[Hi-Fi]

Issue originates probably from 5413d0d1bca3269bf1e986d44d1941b412787ca7, as this was working with earlier version.