azurerm_mssql_managed_instance subnet ID is nil when updating resource
#28320
Comments
|
Hey, I wasn't able to replicate your error, however I got a similar build to yours that is working now. I downgraded my version to your main.tfterraform {
required_version = ">= 1.0"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.108.0"
}
}
}
provider "azurerm" {
features {
resource_group {
prevent_deletion_if_contains_resources = false
}
}
}
# Create resource group
resource "azurerm_resource_group" "example" {
name = "sql-mi-rg"
location = var.location
}
# Create security group
resource "azurerm_network_security_group" "example" {
name = "sql-mi-nsg"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
}
# Create a virtual network
resource "azurerm_virtual_network" "example" {
name = "sql-mi-vnet"
resource_group_name = azurerm_resource_group.example.name
address_space = ["10.0.0.0/24"]
location = azurerm_resource_group.example.location
}
# Create Security Group Rules
resource "azurerm_network_security_rule" "allow_management_inbound" {
name = "allow_management_inbound"
priority = 106
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_ranges = ["9000", "9003", "1438", "1440", "1452"]
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_network_security_rule" "allow_misubnet_inbound" {
name = "allow_misubnet_inbound"
priority = 200
direction = "Inbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "10.0.0.0/24"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_network_security_rule" "allow_health_probe_inbound" {
name = "allow_health_probe_inbound"
priority = 300
direction = "Inbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "AzureLoadBalancer"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_network_security_rule" "allow_tds_inbound" {
name = "allow_tds_inbound"
priority = 1000
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "1433"
source_address_prefix = "VirtualNetwork"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_network_security_rule" "deny_all_inbound" {
name = "deny_all_inbound"
priority = 4096
direction = "Inbound"
access = "Deny"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_network_security_rule" "allow_management_outbound" {
name = "allow_management_outbound"
priority = 106
direction = "Outbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_ranges = ["80", "443", "12000"]
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_network_security_rule" "allow_misubnet_outbound" {
name = "allow_misubnet_outbound"
priority = 200
direction = "Outbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "10.0.0.0/24"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_network_security_rule" "deny_all_outbound" {
name = "deny_all_outbound"
priority = 4096
direction = "Outbound"
access = "Deny"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
# Create a subnet
resource "azurerm_subnet" "example" {
name = "sql-mi-subnet"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.0.0/27"]
delegation {
name = "managedinstancedelegation"
service_delegation {
name = "Microsoft.Sql/managedInstances"
actions = [
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",
"Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action"
]
}
}
}
# Associate subnet and the security group
resource "azurerm_subnet_network_security_group_association" "example" {
subnet_id = azurerm_subnet.example.id
network_security_group_id = azurerm_network_security_group.example.id
}
# Create a route table
resource "azurerm_route_table" "example" {
name = "sql-mi-rt"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
depends_on = [
azurerm_subnet.example,
]
}
# Associate subnet and the route table
resource "azurerm_subnet_route_table_association" "example" {
subnet_id = azurerm_subnet.example.id
route_table_id = azurerm_route_table.example.id
depends_on = [azurerm_subnet_network_security_group_association.example]
}
# Create managed instance
resource "azurerm_mssql_managed_instance" "main" {
name = "sql-mi-mssql"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
subnet_id = azurerm_subnet.example.id
administrator_login = var.admin_user
administrator_login_password = var.admin_passwd
license_type = var.license_type
sku_name = var.sku_name
vcores = var.vcores
storage_size_in_gb = var.storage_size_in_gb
depends_on = [azurerm_subnet_route_table_association.example]
}variables.tfvariable "location" {
type = string
description = "Enter the location where you want to deploy the resources"
default = "eastus"
}
variable "sku_name" {
type = string
description = "Enter SKU"
default = "GP_Gen5"
}
variable "license_type" {
type = string
description = "Enter license type"
default = "BasePrice"
}
variable "vcores" {
type = number
description = "Enter number of vCores you want to deploy"
default = 4
}
variable "storage_size_in_gb" {
type = number
description = "Enter storage size in GB"
default = 32
}
variable "admin_user" {
type = string
description = "Mssql Managed Instance Username"
default = "sqladmin"
}
variable "admin_passwd" {
type = string
description = "Mssql Managed Instance Password"
default = "adminpwd1!"
}My guess of potential errors could be the order resources are being built by Also, I hope this helps! |
|
I was also not able to recreate the error using Terraform version 1.10.2 and AzureRM provider version 3.108.0. Here's my configuration: terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.108.0"
}
}
}
locals {
name = "wyatttest11223"
}
provider "azurerm" {
features {}
subscription_id = var.subscription_id
}
variable "subscription_id" {
type = string
description = "The Azure subscription ID."
}
resource "azurerm_mssql_managed_instance" "example" {
name = local.name
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
license_type = "BasePrice"
sku_name = "GP_Gen5"
storage_size_in_gb = 32
subnet_id = azurerm_subnet.example.id
vcores = 4
administrator_login = "mradministrator"
administrator_login_password = "ThisIsThePassword1!AndItIsVeryStrong!"
depends_on = [
azurerm_subnet_network_security_group_association.example,
azurerm_subnet_route_table_association.example,
]
tags = {
Change = "Second"
}
}
resource "azurerm_resource_group" "example" {
name = local.name
location = "eastus"
}
resource "azurerm_network_security_group" "example" {
name = local.name
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_network_security_rule" "allow_management_inbound" {
name = "allow_management_inbound"
priority = 106
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_ranges = ["9000", "9003", "1438", "1440", "1452"]
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_network_security_rule" "allow_misubnet_inbound" {
name = "allow_misubnet_inbound"
priority = 200
direction = "Inbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "10.0.0.0/24"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_network_security_rule" "allow_health_probe_inbound" {
name = "allow_health_probe_inbound"
priority = 300
direction = "Inbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "AzureLoadBalancer"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_network_security_rule" "allow_tds_inbound" {
name = "allow_tds_inbound"
priority = 1000
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "1433"
source_address_prefix = "VirtualNetwork"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_network_security_rule" "deny_all_inbound" {
name = "deny_all_inbound"
priority = 4096
direction = "Inbound"
access = "Deny"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_network_security_rule" "allow_management_outbound" {
name = "allow_management_outbound"
priority = 106
direction = "Outbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_ranges = ["80", "443", "12000"]
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_network_security_rule" "allow_misubnet_outbound" {
name = "allow_misubnet_outbound"
priority = 200
direction = "Outbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "10.0.0.0/24"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_network_security_rule" "deny_all_outbound" {
name = "deny_all_outbound"
priority = 4096
direction = "Outbound"
access = "Deny"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_virtual_network" "example" {
name = local.name
resource_group_name = azurerm_resource_group.example.name
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.example.location
}
resource "azurerm_subnet" "example" {
name = "subnet-mi"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.0.0/24"]
delegation {
name = "managedinstancedelegation"
service_delegation {
name = "Microsoft.Sql/managedInstances"
actions = ["Microsoft.Network/virtualNetworks/subnets/join/action", "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action", "Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action"]
}
}
}
# output "test" {
# value = {
# vnet = azurerm_virtual_network.example
# subnet = azurerm_subnet.example
# }
# }
resource "azurerm_subnet_network_security_group_association" "example" {
subnet_id = azurerm_subnet.example.id
network_security_group_id = azurerm_network_security_group.example.id
}
resource "azurerm_route_table" "example" {
name = "routetable-mi"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
depends_on = [
azurerm_subnet.example,
]
}
resource "azurerm_subnet_route_table_association" "example" {
subnet_id = azurerm_subnet.example.id
route_table_id = azurerm_route_table.example.id
}I deployed the configuration and then changed the Regarding the |
14 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there an existing issue for this?
Community Note
Terraform Version
1.10.2
AzureRM Provider Version
3.108.0
Affected Resource(s)/Data Source(s)
azurerm_mssql_managed_instance
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
Apply complete!
Actual Behaviour
❯ tfp
azurerm_resource_group.example: Refreshing state...
[...]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
azurerm_mssql_managed_instance.example will be updated in-place
~ resource "azurerm_mssql_managed_instance" "example" {
~ administrator_login_password = (sensitive value)
id = "/subscriptions/XXXXXXXXXXXXX/resourceGroups/wyatt-test/providers/Microsoft.Sql/managedInstances/managedsqlinstance"
name = "managedsqlinstance"
tags = {}
# (19 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Saved the plan to: /tmp/tfplan.zip
To perform exactly these actions, run the following command to apply:
terraform apply "/tmp/tfplan.zip"
❯ tfa
azurerm_mssql_managed_instance.example: Modifying... [id=/subscriptions/XXXXXXXXXXX/resourceGroups/wyatt-test/providers/Microsoft.Sql/managedInstances/managedsqlinstance]
╷
│ Error: updating Managed Instance: (Name "managedsqlinstance" / Resource Group "wyatt-test"): sql.ManagedInstancesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InvalidSubnetResourceId" Message="Subnet resource ID '' is invalid. Please provide a correct resource Id for the target subnet."
│
│ with azurerm_mssql_managed_instance.example,
│ on main.tf line 14, in resource "azurerm_mssql_managed_instance" "example":
│ 14: resource "azurerm_mssql_managed_instance" "example" {
│
│ updating Managed Instance: (Name "managedsqlinstance" / Resource Group "wyatt-test"): sql.ManagedInstancesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InvalidSubnetResourceId" Message="Subnet resource ID '' is invalid. Please provide a correct
│ resource Id for the target subnet."
╵
Steps to Reproduce
[change an attribute] then plan and apply
Important Factoids
No response
References
No response
The text was updated successfully, but these errors were encountered: