Terraform performs update everytime for ip_range_filter on cosmos DB , is their a way to exempt it without any lifecycle block

[zameer712]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform updates cosmos db account everytime

)

module.cosmosdbaccount.azurerm_cosmosdb_account.db will be updated in-place

~ resource "azurerm_cosmosdb_account" "db" { id = "/subscriptions//resourceGroups//providers/Microsoft.DocumentDB/databaseAccounts/" ~ ip_range_filter = "" -> "" name = "" tags = { "CreatedBy" = "devopsteam" "Environment" = "preprod" "ProjectCode" = "test" }

(33 unchanged attributes hidden)

    # (8 unchanged blocks hidden)
}

Plan: 0 to add, 1 to change, 0 to destroy.

Ip range filter gets updated everytime even their is no change

Even after keeping the depends on condition cosmosdb collection is failing to update due to internal server error

module.globalcollection[""].azurerm_cosmosdb_mongo_collection.collection: Still modifying... [id=, 10s elapsed] module.globalcollection[""].azurerm_cosmosdb_mongo_collection.collection: Still modifying... [id=, 10s elapsed] module.globalcollection[""].azurerm_cosmosdb_mongo_collection.collection: Still modifying... [id=, 10s elapsed]

And fails with error

Error: waiting on create/update future for Cosmos Mongo Collection "collection_name" (Account: "", Database: ""): Code="InternalServerError" Message="Internal error.\r\nActivityId: a0633ee8-97a2-497e-943b-f6d2e09042ae, Microsoft.Azure.Documents.Common/2.14.0" │ │ with module.globalcollection["collection_name"].azurerm_cosmosdb_mongo_collection.collection, │ on .terraform/modules/globalcollection/infrastructure/modules/cosmos-mongo-collection/main.tf line 1, in resource "azurerm_cosmosdb_mongo_collection" "collection": │ 1: resource "azurerm_cosmosdb_mongo_collection" "collection" {

Terraform Version

latest

AzureRM Provider Version

3.110.0

Affected Resource(s)/Data Source(s)

azurerm_cosmosdb_account

Terraform Configuration Files

data "http" "client_public_ip" {
  url = "https://api.ipify.org"
}

locals {
  client_public_ip = data.http.client_public_ip.body != "127.0.0.1" && data.http.client_public_ip.body != "0.0.0.0" && data.http.client_public_ip.body != "255.255.255.255" ? (can(regex("^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$", data.http.client_public_ip.body)) ? data.http.client_public_ip.body : "Invalid Ip address provided: ${data.http.client_public_ip.body}") : "These IP address are not allowed: 127.0.0.1, 0.0.0.0 or 255.255.255.255"
}

resource "azurerm_cosmosdb_account" "db" {
  name                              = var.name
  resource_group_name               = var.resource_group
  location                          = var.location
  offer_type                        = "Standard"
  kind                              = var.kind
  local_authentication_disabled     = var.kind == "GlobalDocumentDB" ? var.local_authentication_disabled : null
  ip_range_filter                   = "%{if var.ip_range_filter == null}${local.client_public_ip}%{endif}%{if var.ip_range_filter != null}${local.client_public_ip},${var.ip_range_filter}%{endif}"
  enable_free_tier                  = var.enable_free_tier
  enable_automatic_failover         = var.enable_automatic_failover
  is_virtual_network_filter_enabled = var.is_virtual_network_filter_enabled
  enable_multiple_write_locations   = var.enable_multiple_write_locations
  mongo_server_version              = var.kind == "MongoDB" ? var.mongo_server_version : null
  tags                              = var.tags

  consistency_policy {
    consistency_level       = lookup(var.consistency_policy, "consistency_level", "Session")
    max_interval_in_seconds = lookup(var.consistency_policy, "max_interval_in_seconds", null)
    max_staleness_prefix    = lookup(var.consistency_policy, "max_staleness_prefix", null)
  }

  dynamic "geo_location" {
    for_each = var.failover_geo_locations
    content {
      location          = geo_location.key
      failover_priority = geo_location.value
    }
  }

  dynamic "capabilities" {
    for_each = var.capabilities
    content {
      name = capabilities.value
    }
  }

  dynamic "virtual_network_rule" {
    for_each = var.virtual_network_rules
    content {
      id = virtual_network_rule.value
    }
  }

  backup{
          type                    = var.type
          interval_in_minutes     = var.interval_in_minutes
          retention_in_hours      = var.retention_in_hours
          storage_redundancy      = var.storage_redundancy

  }
}

resource "azurerm_cosmosdb_mongo_collection" "collection" {
  name                = var.name
  account_name        = var.account_name
  resource_group_name = var.resource_group
  database_name       = var.database_name
  throughput          = var.isautoscale_enable == false ? var.throughput : null

    autoscale_settings {
    max_throughput          = lookup(var.autoscale_settings, "max_throughput", null)

  }

  default_ttl_seconds = var.default_ttl_seconds
  shard_key           = var.shard_key

  dynamic "index" {
    for_each = var.indexlist
    content {
      keys          =       [index.key]
      unique        =        index.value
    }
  }
}

Debug Output/Panic Output

Hi Team,

Everytime our terraform code updates the cosmos DB by default which takes 10 minutes to do the task

please help us in finding any appropriate way to do so 

Solution required for:

1. Avoid Cosmos DB update everytime on terraform
2. Is their a way to make the cosmos DB public with above terraform code to make it has both private and public access together

please help me getting right solution for this

Expected Behaviour

Hi Team,

Everytime our terraform code updates the cosmos DB by default which takes 10 minutes to do the task

please help us in finding any appropriate way to do so

Solution required for:

1. Avoid Cosmos DB update everytime on terraform
2. Is their a way to make the cosmos DB public with above terraform code to make it has both private and public access together

please help me getting right solution for this

Actual Behaviour

Please give valuable suggestions for the same

Steps to Reproduce

Please give valuable suggestions for the same

Important Factoids

Please give valuable suggestions for the same

[zameer712]

is their update on this guys issue guys ?

[zameer712]

any update on this request please let u sknow

[zameer712]

@rcskosir can you please help me here ? waiting for your response