virtual_network doesn't reflect custom dns servers after import

[jonas-budde]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

Terraform v1.9.6

AzureRM Provider Version

4.10.0

Affected Resource(s)/Data Source(s)

azurerm_virtual_network

Terraform Configuration Files

import {
  id = "/subscriptions/<sub_id>/resourceGroups/<rg_name>/providers/Microsoft.Network/virtualNetworks/vnet-test"
  to = azurerm_virtual_network.main
}

resource "azurerm_virtual_network" "main" {
  name                = "vnet-test"
  location            = data.azurerm_resource_group.main.location
  resource_group_name = data.azurerm_resource_group.main.name
  address_space       = ["10.0.0.0/16"]
}

Debug Output/Panic Output

Terraform will perform the following actions:

  # azurerm_virtual_network.main will be imported
    resource "azurerm_virtual_network" "main" {
        address_space           = [
            "10.0.0.0/16",
        ]
        bgp_community           = null
        dns_servers             = [
            "10.0.0.1",
        ]
        edge_zone               = null
        flow_timeout_in_minutes = 0
        guid                    = "<guid>"
        id                      = "/subscriptions/<sub_id>/resourceGroups/<rg_name>/providers/Microsoft.Network/virtualNetworks/vnet-test"
        location                = "germanywestcentral"
        name                    = "vnet-test"
        resource_group_name     = "rg-jonas-test-dev-gwc-01"
        subnet                  = [
            {
                address_prefixes                              = [
                    "10.0.0.0/24",
                ]
                default_outbound_access_enabled               = false
                delegation                                    = []
                id                                            = "/subscriptions/<sub_id>/resourceGroups/<rg_name>/providers/Microsoft.Network/virtualNetworks/vnet-test/subnets/default"
                name                                          = "default"
                private_endpoint_network_policies             = "Disabled"
                private_link_service_network_policies_enabled = true
                route_table_id                                = null
                security_group                                = null
                service_endpoint_policy_ids                   = []
                service_endpoints                             = []
            },
        ]
        tags                    = {}
    }

Plan: 1 to import, 0 to add, 0 to change, 0 to destroy.

Expected Behaviour

Terraform should check that there is a difference between default (Azure Provided DNS Server) and the imported resources DNS Server (10.0.0.1). On the next apply the default DNS Server should be configured to the default (Azure provided), because I don't have the custom one in my configuration.

Actual Behaviour

On the Debug Output you can see, that terraform knows about the custom dns server i configured (10.0.0.1). After I imported the vnet (with cli or import block) the apply said: "No changes. Your infrastructure matches the configuration."

Steps to Reproduce

No response

Important Factoids

No response

References

[neil-yechenwei]

Thanks for raising this issue. Seems it's by TF design since the import function will perform an import based on the actual configuration of the resources on Azure.

[jonas-budde]

@neil-yechenwei Yes, and I would expect that the actual configuration of my Azure resources gets compared to my terraform code. If the TF performs an "import based on the actual configuration", then TF should want to change the DNS server on the next apply, or am I wrong? Because in my TF code I didn't specify a DNS server but in the portal a specified one.