Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azurerm_virtual_network_dns_servers does not lock the virtual network, resulting in concurrency issues with e.g. subnet resources #26980

Closed
1 task done
DennisLundtoft opened this issue Aug 9, 2024 · 2 comments · Fixed by #27036
Closed
1 task done

azurerm_virtual_network_dns_servers does not lock the virtual network, resulting in concurrency issues with e.g. subnet resources #26980

DennisLundtoft opened this issue Aug 9, 2024 · 2 comments · Fixed by #27036
Labels
bug service/network v/3.x
Milestone
v4.0.0

Comments

@DennisLundtoft
Copy link

DennisLundtoft commented Aug 9, 2024
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.9.3

AzureRM Provider Version

3.86.0

Affected Resource(s)/Data Source(s)

azurerm_virtual_network_dns_servers

Terraform Configuration Files

locals {
  prefix                   = "prefix"
  netprefix                = "${local.prefix}net"
  dns_servers              = ["10.7.7.2", "10.7.7.7", "10.7.7.1"]
}

resource "azurerm_resource_group" "main" {
  name     = "${local.prefix}-rg-main"
  location = "West Europe"
}

resource "azurerm_virtual_network" "vnet" {
  resource_group_name = azurerm_resource_group.main.name
  address_space       = ["10.0.0.0/24"]
  location            = "westeurope"
  name                = "testvnet"
}

resource "azurerm_subnet" "snet1" {
  resource_group_name  = azurerm_resource_group.main.name
  address_prefixes     = ["10.0.0.0/29"]
  virtual_network_name = azurerm_virtual_network.vnet.name
  name                 = "${local.netprefix}-snet1"
}

resource "azurerm_subnet" "snet2" {
  resource_group_name  = azurerm_resource_group.main.name
  address_prefixes     = ["10.0.0.8/29"]
  virtual_network_name = azurerm_virtual_network.vnet.name
  name                 = "${local.netprefix}-snet2"
}

resource "azurerm_subnet" "snet3" {
  resource_group_name  = azurerm_resource_group.main.name
  address_prefixes     = ["10.0.0.16/29"]
  virtual_network_name = azurerm_virtual_network.vnet.name
  name                 = "${local.netprefix}-snet3"
}

resource "azurerm_subnet" "snet4" {
  resource_group_name  = azurerm_resource_group.main.name
  address_prefixes     = ["10.0.0.24/29"]
  virtual_network_name = azurerm_virtual_network.vnet.name
  name                 = "${local.netprefix}-snet4"
}

resource "azurerm_subnet" "snet5" {
  resource_group_name  = azurerm_resource_group.main.name
  address_prefixes     = ["10.0.0.32/29"]
  virtual_network_name = azurerm_virtual_network.vnet.name
  name                 = "${local.netprefix}-snet5"

resource "azurerm_virtual_network_dns_servers" "example" {
  virtual_network_id = azurerm_virtual_network.vnet.id
  dns_servers        = local.dns_servers
}

Debug Output/Panic Output

PS C:\project\terraform> terraform apply
azurerm_virtual_network_dns_servers.example: Refreshing state... [id=/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/dnsServers/default]
azurerm_resource_group.main: Refreshing state... [id=/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main]
azurerm_subnet.snet5: Refreshing state... [id=/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet5]
azurerm_subnet.snet4: Refreshing state... [id=/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet4]
azurerm_subnet.snet1: Refreshing state... [id=/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet1]
azurerm_subnet.snet2: Refreshing state... [id=/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet2]
azurerm_subnet.snet3: Refreshing state... [id=/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet3]
azurerm_virtual_network.vnet: Refreshing state... [id=/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  # azurerm_subnet.snet1 will be destroyed
  # (because azurerm_subnet.snet1 is not in configuration)
  - resource "azurerm_subnet" "snet1" {
      - address_prefixes                               = [
          - "10.0.0.0/29",
        ] -> null
      - enforce_private_link_endpoint_network_policies = false -> null
      - enforce_private_link_service_network_policies  = false -> null
      - id                                             = "/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet1" -> null
      - name                                           = "dx-weu-dev-devdhlnet-snet1" -> null
      - private_endpoint_network_policies              = "Enabled" -> null
      - private_endpoint_network_policies_enabled      = true -> null
      - private_link_service_network_policies_enabled  = true -> null
      - resource_group_name                            = "dx-weu-dev-devdhl-rg-main" -> null
      - virtual_network_name                           = "testvnet" -> null
    }

  # azurerm_subnet.snet2 will be destroyed
  # (because azurerm_subnet.snet2 is not in configuration)
  - resource "azurerm_subnet" "snet2" {
      - address_prefixes                               = [
          - "10.0.0.8/29",
        ] -> null
      - enforce_private_link_endpoint_network_policies = false -> null
      - enforce_private_link_service_network_policies  = false -> null
      - id                                             = "/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet2" -> null
      - name                                           = "dx-weu-dev-devdhlnet-snet2" -> null
      - private_endpoint_network_policies              = "Enabled" -> null
      - private_endpoint_network_policies_enabled      = true -> null
      - private_link_service_network_policies_enabled  = true -> null
      - resource_group_name                            = "dx-weu-dev-devdhl-rg-main" -> null
      - virtual_network_name                           = "testvnet" -> null
    }

  # azurerm_subnet.snet3 will be destroyed
  # (because azurerm_subnet.snet3 is not in configuration)
  - resource "azurerm_subnet" "snet3" {
      - address_prefixes                               = [
          - "10.0.0.16/29",
        ] -> null
      - enforce_private_link_endpoint_network_policies = false -> null
      - enforce_private_link_service_network_policies  = false -> null
      - id                                             = "/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet3" -> null
      - name                                           = "dx-weu-dev-devdhlnet-snet3" -> null
      - private_endpoint_network_policies              = "Enabled" -> null
      - private_endpoint_network_policies_enabled      = true -> null
      - private_link_service_network_policies_enabled  = true -> null
      - resource_group_name                            = "dx-weu-dev-devdhl-rg-main" -> null
      - virtual_network_name                           = "testvnet" -> null
    }

  # azurerm_subnet.snet4 will be destroyed
  # (because azurerm_subnet.snet4 is not in configuration)
  - resource "azurerm_subnet" "snet4" {
      - address_prefixes                               = [
          - "10.0.0.24/29",
        ] -> null
      - enforce_private_link_endpoint_network_policies = false -> null
      - enforce_private_link_service_network_policies  = false -> null
      - id                                             = "/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet4" -> null
      - name                                           = "dx-weu-dev-devdhlnet-snet4" -> null
      - private_endpoint_network_policies              = "Enabled" -> null
      - private_endpoint_network_policies_enabled      = true -> null
      - private_link_service_network_policies_enabled  = true -> null
      - resource_group_name                            = "dx-weu-dev-devdhl-rg-main" -> null
      - virtual_network_name                           = "testvnet" -> null
    }

  # azurerm_subnet.snet5 will be destroyed
  # (because azurerm_subnet.snet5 is not in configuration)
  - resource "azurerm_subnet" "snet5" {
      - address_prefixes                               = [
          - "10.0.0.32/29",
        ] -> null
      - enforce_private_link_endpoint_network_policies = false -> null
      - enforce_private_link_service_network_policies  = false -> null
      - id                                             = "/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet5" -> null
      - name                                           = "dx-weu-dev-devdhlnet-snet5" -> null
      - private_endpoint_network_policies              = "Enabled" -> null
      - private_endpoint_network_policies_enabled      = true -> null
      - private_link_service_network_policies_enabled  = true -> null
      - resource_group_name                            = "dx-weu-dev-devdhl-rg-main" -> null
      - virtual_network_name                           = "testvnet" -> null
    }

  # azurerm_virtual_network_dns_servers.example will be destroyed
  # (because azurerm_virtual_network_dns_servers.example is not in configuration)
  - resource "azurerm_virtual_network_dns_servers" "example" {
      - dns_servers        = [
          - "10.7.7.2",
          - "10.7.7.7",
          - "10.7.7.1",
        ] -> null
      - id                 = "/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/dnsServers/default" -> null
      - virtual_network_id = "/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet" -> null
    }

Plan: 0 to add, 0 to change, 6 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

azurerm_virtual_network_dns_servers.example: Destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/dnsServers/default]
azurerm_subnet.snet3: Destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet3]
azurerm_subnet.snet4: Destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet4]
azurerm_subnet.snet2: Destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet2]
azurerm_subnet.snet5: Destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet5]
azurerm_subnet.snet1: Destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet1]
azurerm_subnet.snet1: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet1, 10s elapsed]
azurerm_subnet.snet5: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet5, 10s elapsed]
azurerm_subnet.snet2: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet2, 10s elapsed]
azurerm_virtual_network_dns_servers.example: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...alNetworks/testvnet/dnsServers/default, 10s elapsed]
azurerm_subnet.snet4: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet4, 10s elapsed]
azurerm_subnet.snet3: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet3, 10s elapsed]
azurerm_subnet.snet3: Destruction complete after 11s
azurerm_subnet.snet4: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet4, 20s elapsed]
azurerm_subnet.snet2: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet2, 20s elapsed]
azurerm_subnet.snet1: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet1, 20s elapsed]
azurerm_virtual_network_dns_servers.example: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...alNetworks/testvnet/dnsServers/default, 20s elapsed]
azurerm_subnet.snet5: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet5, 20s elapsed]
azurerm_subnet.snet4: Destruction complete after 21s
azurerm_subnet.snet2: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet2, 30s elapsed]
azurerm_virtual_network_dns_servers.example: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...alNetworks/testvnet/dnsServers/default, 30s elapsed]
azurerm_subnet.snet1: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet1, 30s elapsed]
azurerm_subnet.snet5: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet5, 30s elapsed]
azurerm_subnet.snet5: Destruction complete after 32s
azurerm_subnet.snet1: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet1, 40s elapsed]
azurerm_virtual_network_dns_servers.example: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...alNetworks/testvnet/dnsServers/default, 40s elapsed]
azurerm_subnet.snet2: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet2, 40s elapsed]
azurerm_subnet.snet2: Destruction complete after 43s
azurerm_subnet.snet1: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet1, 50s elapsed]
azurerm_virtual_network_dns_servers.example: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...alNetworks/testvnet/dnsServers/default, 50s elapsed]
azurerm_subnet.snet1: Destruction complete after 53s
azurerm_virtual_network_dns_servers.example: Destruction complete after 58s

Apply complete! Resources: 0 added, 0 changed, 6 destroyed.

PS C:\project\terraform> terraform apply
azurerm_resource_group.main: Refreshing state... [id=/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main]
azurerm_virtual_network.vnet: Refreshing state... [id=/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # azurerm_subnet.snet1 will be created
  + resource "azurerm_subnet" "snet1" {
      + address_prefixes                               = [
          + "10.0.0.0/29",
        ]
      + enforce_private_link_endpoint_network_policies = (known after apply)
      + enforce_private_link_service_network_policies  = (known after apply)
      + id                                             = (known after apply)
      + name                                           = "dx-weu-dev-devdhlnet-snet1"
      + private_endpoint_network_policies              = (known after apply)
      + private_endpoint_network_policies_enabled      = (known after apply)
      + private_link_service_network_policies_enabled  = (known after apply)
      + resource_group_name                            = "dx-weu-dev-devdhl-rg-main"
      + virtual_network_name                           = "testvnet"
    }

  # azurerm_subnet.snet2 will be created
  + resource "azurerm_subnet" "snet2" {
      + address_prefixes                               = [
          + "10.0.0.8/29",
        ]
      + enforce_private_link_endpoint_network_policies = (known after apply)
      + enforce_private_link_service_network_policies  = (known after apply)
      + id                                             = (known after apply)
      + name                                           = "dx-weu-dev-devdhlnet-snet2"
      + private_endpoint_network_policies              = (known after apply)
      + private_endpoint_network_policies_enabled      = (known after apply)
      + private_link_service_network_policies_enabled  = (known after apply)
      + resource_group_name                            = "dx-weu-dev-devdhl-rg-main"
      + virtual_network_name                           = "testvnet"
    }

  # azurerm_subnet.snet3 will be created
  + resource "azurerm_subnet" "snet3" {
      + address_prefixes                               = [
          + "10.0.0.16/29",
        ]
      + enforce_private_link_endpoint_network_policies = (known after apply)
      + enforce_private_link_service_network_policies  = (known after apply)
      + id                                             = (known after apply)
      + name                                           = "dx-weu-dev-devdhlnet-snet3"
      + private_endpoint_network_policies              = (known after apply)
      + private_endpoint_network_policies_enabled      = (known after apply)
      + private_link_service_network_policies_enabled  = (known after apply)
      + resource_group_name                            = "dx-weu-dev-devdhl-rg-main"
      + virtual_network_name                           = "testvnet"
    }

  # azurerm_subnet.snet4 will be created
  + resource "azurerm_subnet" "snet4" {
      + address_prefixes                               = [
          + "10.0.0.24/29",
        ]
      + enforce_private_link_endpoint_network_policies = (known after apply)
      + enforce_private_link_service_network_policies  = (known after apply)
      + id                                             = (known after apply)
      + name                                           = "dx-weu-dev-devdhlnet-snet4"
      + private_endpoint_network_policies              = (known after apply)
      + private_endpoint_network_policies_enabled      = (known after apply)
      + private_link_service_network_policies_enabled  = (known after apply)
      + resource_group_name                            = "dx-weu-dev-devdhl-rg-main"
      + virtual_network_name                           = "testvnet"
    }

  # azurerm_subnet.snet5 will be created
  + resource "azurerm_subnet" "snet5" {
      + address_prefixes                               = [
          + "10.0.0.32/29",
        ]
      + enforce_private_link_endpoint_network_policies = (known after apply)
      + enforce_private_link_service_network_policies  = (known after apply)
      + id                                             = (known after apply)
      + name                                           = "dx-weu-dev-devdhlnet-snet5"
      + private_endpoint_network_policies              = (known after apply)
      + private_endpoint_network_policies_enabled      = (known after apply)
      + private_link_service_network_policies_enabled  = (known after apply)
      + resource_group_name                            = "dx-weu-dev-devdhl-rg-main"
      + virtual_network_name                           = "testvnet"
    }

Plan: 5 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

azurerm_subnet.snet2: Creating...
azurerm_subnet.snet4: Creating...
azurerm_subnet.snet1: Creating...
azurerm_subnet.snet3: Creating...
azurerm_subnet.snet5: Creating...
╷
│ Error: A resource with the ID "/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet1" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_subnet" for more information.
│
│   with azurerm_subnet.snet1,
│   on main.tf line 23, in resource "azurerm_subnet" "snet1":
│   23: resource "azurerm_subnet" "snet1" {
│
╵
╷
│ Error: A resource with the ID "/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet2" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_subnet" for more information.
│
│   with azurerm_subnet.snet2,
│   on main.tf line 30, in resource "azurerm_subnet" "snet2":
│   30: resource "azurerm_subnet" "snet2" {
│
╵
╷
│ Error: A resource with the ID "/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet3" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_subnet" for more information.
│
│   with azurerm_subnet.snet3,
│   on main.tf line 37, in resource "azurerm_subnet" "snet3":
│   37: resource "azurerm_subnet" "snet3" {
│
╵
╷
│ Error: A resource with the ID "/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet4" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_subnet" for more information.
│
│   with azurerm_subnet.snet4,
│   on main.tf line 44, in resource "azurerm_subnet" "snet4":
│   44: resource "azurerm_subnet" "snet4" {
│
╵
╷
│ Error: A resource with the ID "/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet5" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_subnet" for more information.
│
│   with azurerm_subnet.snet5,
│   on main.tf line 51, in resource "azurerm_subnet" "snet5":
│   51: resource "azurerm_subnet" "snet5" {
azurerm_subnet.snet2: Destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet2]
azurerm_subnet.snet5: Destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet5]
azurerm_subnet.snet1: Destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-df56acf14a78/resourceGroups/dx-weu-dev-devdhl-rg-main/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/dx-weu-dev-devdhlnet-snet1]
azurerm_subnet.snet1: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet1, 10s elapsed]
azurerm_subnet.snet5: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet5, 10s elapsed]
azurerm_subnet.snet2: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet2, 10s elapsed]
azurerm_virtual_network_dns_servers.example: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...alNetworks/testvnet/dnsServers/default, 10s elapsed]
azurerm_subnet.snet4: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet4, 10s elapsed]
azurerm_subnet.snet3: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet3, 10s elapsed]
azurerm_subnet.snet3: Destruction complete after 11s
azurerm_subnet.snet4: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet4, 20s elapsed]
azurerm_subnet.snet2: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet2, 20s elapsed]
azurerm_subnet.snet1: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet1, 20s elapsed]
azurerm_virtual_network_dns_servers.example: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...alNetworks/testvnet/dnsServers/default, 20s elapsed]
azurerm_subnet.snet5: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet5, 20s elapsed]
azurerm_subnet.snet4: Destruction complete after 21s
azurerm_subnet.snet2: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet2, 30s elapsed]
azurerm_virtual_network_dns_servers.example: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...alNetworks/testvnet/dnsServers/default, 30s elapsed]
azurerm_subnet.snet1: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet1, 30s elapsed]
azurerm_subnet.snet5: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet5, 30s elapsed]
azurerm_subnet.snet5: Destruction complete after 32s
azurerm_subnet.snet1: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet1, 40s elapsed]
azurerm_virtual_network_dns_servers.example: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...alNetworks/testvnet/dnsServers/default, 40s elapsed]
azurerm_subnet.snet2: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet2, 40s elapsed]
azurerm_subnet.snet2: Destruction complete after 43s
azurerm_subnet.snet1: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...net/subnets/dx-weu-dev-devdhlnet-snet1, 50s elapsed]
azurerm_virtual_network_dns_servers.example: Still destroying... [id=/subscriptions/b282f352-7b88-48e7-b4bf-...alNetworks/testvnet/dnsServers/default, 50s elapsed]
azurerm_subnet.snet1: Destruction complete after 53s
azurerm_virtual_network_dns_servers.example: Destruction complete after 58s

Expected Behaviour

Virtual network should have attached dns servers, and all subnets should be created and be present in the virtual network. Likewise with destroy, the subnets should not be present after being destroyed.

Actual Behaviour

In case the azurerm_virtual_network_dns_servers resource is initiated before, and created after a subnet has been created, the subnet(s) will be overwritten once the azurerm_virtual_network_dns_servers is created.

For destroy, the subnets are still present after Terraform has reported them destroyed if the azurerm_virtual_network_dns_servers resource is initiated before the subnets are destroyed and finishes its destruction after the subnets are destroyed.

Steps to Reproduce

Ensure that parallelism is not set to 1.

  1. Apply the above terraform code which creates both subnets and the azurerm_virtual_network_dns_servers resource.
  2. Ensure the azurerm_virtual_network_dns_servers resource is initiated before a subnet is created, and finish creation after a subnet has been created.
  3. If the order is correct (All azurerm_virtual_network_dns_servers operations are completed before a subnet has been provisioned/destroyed):
    • Try to destroy just the subnets and the azurerm_virtual_network_dns_servers resource, then reapply it.
    • Repeat this until a subnet has completed its actions in between the azurerm_virtual_network_dns_servers operation.
  4. Verify in Azure that the subnet is missing/has appeared again depending on whether it was a destroy or apply action.

Important Factoids

No response

References

Potential underlying root cause for #18724
@wuxu92 wuxu92 mentioned this issue Aug 14, 2024
Merged
14 tasks
@wuxu92
Copy link
Contributor

wuxu92 commented Aug 14, 2024

hi @DennisLundtoft thanks for raising this bug! I've created a PR to update the locker logic of dns_servers which should address the issue as I tested locally.

@rcskosir rcskosir added the bug label Aug 14, 2024
@github-actions github-actions bot added this to the v3.117.0 milestone Aug 19, 2024
@stephybun stephybun modified the milestones: v3.117.0, v4.0.0 Aug 21, 2024
@github-actions GitHub Actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 21, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug service/network v/3.x
Projects
None yet
Milestone
v4.0.0
4 participants
@wuxu92 @stephybun @DennisLundtoft @rcskosir