Open akselleirv opened 1 week ago
Thanks for raising this issue. TF would provision azurerm_ip_group_cidr in the parallel. When one service request failed, another one should succeed. So cidr would be added at both service side and TF side. It's by TF design. For your case, I assume you have to remove/change the duplicate cidr after it failed.
Is there an existing issue for this?
Community Note
Terraform Version
1.8.4
AzureRM Provider Version
4.0.1
Affected Resource(s)/Data Source(s)
azurerm_ip_group_cidr
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
It should be able to recover from the error.
Actual Behaviour
Even though the API returned an error that the PUT failed, it still somehow managed to add the IP address to the IP group which results in the provider trying to add an IP which already exists.
I assume it fails due to a known limitation in the firewall:
However, I'm not able to do any synchronization cross pipelines and subscriptions.
Steps to Reproduce
The IP group is used by an Azure firewall that is located in another pipeline which makes it difficult to reproduce the bug.
Important Factoids
No response
References
No response