search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io/
Other
42.51k stars 9.52k forks source link

Subnets being updated-in-place when nothing has changed #35841

Open JackBruceShell opened 3 hours ago

JackBruceShell commented 3 hours ago

Terraform Version

- Installed hashicorp/azurerm v4.5.0 (signed by HashiCorp)

Terraform Configuration Files

name: Terraform Apply on: workflow_dispatch: inputs: environment: type: choice description: "Choose the environment" options:

Debug Output

N/A

Expected Behavior

Subnets should no be updated-in-place because nothing is changing. Also causing the virtual_network_link to be force replaced.

Actual Behavior

Subnets are updating in place, causing the ID of the Virtual Network to be refreshed, and the virtual_network_link being destroyed and re-created.

Steps to Reproduce

terraform apply

Additional Context

No response

References

No response

liamcervante commented 2 hours ago

Hi @JackBruceShell - can you share the .tf configuration files and the output of the plan command? That will help us reproduce and investigate. Thanks!

JackBruceShell commented 1 hour ago

Hi @liamcervante - is it possible to connect so I can replicate the issue for you on a call?

I have also given you the module block from my main.tf and the module main.tf itself below.

Thanks!

JackBruceShell commented 1 hour ago

main.tf

module "dev-us-vnet" { source = "./modules/virtual-network" vnet_name = var.vnet_name location = var.location resource_group_name = var.rg_name address_space = var.vnet_address_space tags = var.tags subnets = [ { name = "${var.ASE_Subnet}" address_prefixes = "${var.ASE_Subnet_address}" security_group = module.dev-us-ase-nsg.id attach_to_nat_gateway = false private_endpoint_network_policies = "Disabled" delegation_name = var.ASE_Subnet_Delegation_Name service_delegation_name = var.ASE_Subnet_Service_Delegation_Name service_endpoints = var.ASE_Subnet_Service_Endpoints }, { name = "${var.PrivateLink_Subnet}" address_prefixes = "${var.PrivateLink_Subnet_address}" security_group = module.dev-us-pls-nsg.id attach_to_nat_gateway = false private_endpoint_network_policies = "Disabled" private_link_service_network_policies_enabled = false }, { name = "${var.AppGW_Subnet}" address_prefixes = "${var.AppGW_Subnet_address}" security_group = module.dev-us-appgw-nsg.id attach_to_nat_gateway = false }, { name = "${var.Bastion_Subnet}" address_prefixes = "${var.Bastion_Subnet_address}" security_group = null attach_to_nat_gateway = false private_endpoint_network_policies = "Disabled" service_endpoints = var.Bastion_Subnet_Service_Endpoints }, { name = "${var.Runner_Subnet}" address_prefixes = "${var.Runner_Subnet_address}" security_group = module.dev-us-runner-nsg.id attach_to_nat_gateway = false } ] }

module main.tf

resource "azurerm_virtual_network" "main" { name = var.vnet_name location = var.location resource_group_name = var.resource_group_name address_space = var.address_space dynamic "subnet" { for_each = var.subnets content { name = subnet.value.name address_prefixes = [subnet.value.address_prefixes] security_group = subnet.value.security_group private_endpoint_network_policies = subnet.value.private_endpoint_network_policies private_link_service_network_policies_enabled = subnet.value.private_link_service_network_policies_enabled service_endpoints = subnet.value.service_endpoints dynamic "delegation" { for_each = subnet.value.delegation_name != null ? [1] : [] content { name = subnet.value.delegation_name dynamic "service_delegation" { for_each = subnet.value.service_delegation_name != null ? [1] : [] content { name = subnet.value.service_delegation_name } } } } } } tags = var.tags }