search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io
Other
43.16k stars 9.58k forks source link

azurerm_subnet_network_security_group_association is requiring a subnet to be imported (data reference does not work) #31206

Closed ravensorb closed 2 years ago

ravensorb commented 2 years ago

Terraform Version

Terraform v1.2.2
on windows_amd64
+ provider registry.terraform.io/hashicorp/azuread v2.2.1
+ provider registry.terraform.io/hashicorp/azurerm v2.99.0

Terraform Configuration Files

data "azurerm_subnet" "snet" {
  name                 = "azd-hub-eus2-001-net-vnet-snet-lan"
  virtual_network_name = "azd-hub-eus2-001-net-vnet"
  resource_group_name  = "azd-hub-eus2-001-net-rg"
}

resource "azurerm_network_security_group" "nsg" {
  name                = "azd-hub-eus2-001-net-nsg-lan_subnet-1"
  resource_group_name = "az-test-eus2-001-rg"
  location            = "eastus2"

  security_rule {
      name                       = "Default_Rule"
      priority                   = 100
      direction                  = "Inbound"
      access                     = "Allow"
      protocol                   = "Tcp"
      source_port_range          = "*"
      destination_port_range     = "*"
      source_address_prefix      = "Internet"
      destination_address_prefix = "VirtualNetwork"
      description                = ""
  }
}

resource "azurerm_subnet_network_security_group_association" "nsg-assoc-new" {
  subnet_id                 = data.azurerm_subnet.snet.id
  network_security_group_id = azurerm_network_security_group.nsg.id

  depends_on = [
    data.azurerm_subnet.snet
  ]
}

Debug Output

https://gist.github.com/ravensorb/1b5e4d25ccb6171d6315e8bc8b356fce

Expected Behavior

Network group association should complete successfully without needing to manually import subnet

Actual Behavior

Error

Applying Terraform Plan
azurerm_network_security_group.nsg: Creating...
azurerm_network_security_group.nsg: Creation complete after 5s [id=/subscriptions/9f53d1c4-XXXX-XXXX-XXXX-4da9d769544f/resourceGroups/az-test-eus2-001-rg/providers/Microsoft.Network/networkSecurityGroups/azd-hub-eus2-001-net-nsg-lan_subnet-1]
azurerm_subnet_network_security_group_association.nsg-assoc-new: Creating...
╷
│ Error: A resource with the ID "/subscriptions/9f53d1c4-XXXX-XXXX-XXXX-4da9d769544f/resourceGroups/azd-hub-eus2-001-net-rg/providers/Microsoft.Network/virtualNetworks/azd-hub-eus2-001-net-vnet/subnets/azd-hub-eus2-001-net-vnet-snet-lan" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_subnet_network_security_group_association" for more information.
│
│   with azurerm_subnet_network_security_group_association.nsg-assoc-new,
│   on main.tf line 26, in resource "azurerm_subnet_network_security_group_association" "nsg-assoc-new":
│   26: resource "azurerm_subnet_network_security_group_association" "nsg-assoc-new" {
│
╵

Steps to Reproduce

In Azure Portal:

  1. create a resource group called 'azd-hub-eus2-001-net-vnet'' that contains a vnet called 'azd-hub-eus2-001-net-vnet' with a subnet called 'azd-hub-eus2-001-net-vnet-snet-lan'
  2. create a resource group called az-test-eus2-001-rg
  3. export env variables for service principal based authentication ARM_SUBSCRIPTION_ID = ARM_CLIENT_ID = ARM_CLIENT_SECRET = ARM_TENANT_ID =
  4. terraform init
  5. terraform apply

Additional Context

There does not seem to be any indication in the documentation on why an import is needed for a subnet

References

jbardin commented 2 years ago

Hello,

This appears to be an issue or question with the AzureRM provider, not with Terraform itself. You can see existing issues and file a new one in their repository here: https://github.com/terraform-providers/terraform-provider-azurerm/issues. If you have questions about Terraform or the AzureRM provider, it's better to use the community forum where there are more people ready to help. The GitHub issues here are monitored only by a few core maintainers.

Thanks!

ravensorb commented 2 years ago

Moved - https://github.com/hashicorp/terraform-provider-azurerm/issues/17167

github-actions[bot] commented 2 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.