azurerm_lb always shows changed on resource with Public IP frontend.

[jgreat]

Looks like azure_lb is always trying to set frontend_ip_configuration[0].private_ip_address_version = "Ipv4" even on frontend_ip_configuration blocks that are using public_ip. This looks like its accepted, but not persisted on the Azure side.

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v0.14.8
+ provider registry.terraform.io/hashicorp/azurerm v2.62.1

Affected Resource(s)

• azurerm_lb

Terraform Configuration Files

provider "azurerm" {
  features {}

  tenant_id       = var.tenant_id
  subscription_id = var.subscription_id
  client_id       = var.azure_client_id
  client_secret   = var.azure_client_secret
}

resource "azurerm_resource_group" "this" {
  name     = var.resource_name
  location = var.location
}

resource "azurerm_public_ip" "ingress_public" {
  name                = "ingress-public"
  resource_group_name = azurerm_resource_group.this.name
  location            = azurerm_resource_group.this.location

  sku               = "Standard"
  allocation_method = "Static"
}

resource "azurerm_lb" "ingress_public" 
  name                = "ingress-public"
  resource_group_name = azurerm_resource_group.this.name
  location            = azurerm_resource_group.this.location

  sku = "Standard"

  frontend_ip_configuration {
    name                       = "Frontend"
    public_ip_address_id       = azurerm_public_ip.ingress_public.id
  }
}

Debug Output

Panic Output

Expected Behaviour

First apply should create resources. Second apply should not show changes.

Actual Behaviour

First apply creates resources. Second apply shows changes:

  ~ resource "azurerm_lb" "ingress_public" {
        id                   = "/subscriptions/UUID/resourceGroups/primary-a/providers/Microsoft.Network/loadBalancers/ingress-public"
        name                 = "ingress-public"
        tags                 = {
        }
        # (4 unchanged attributes hidden)

      ~ frontend_ip_configuration {
            id                            = "/subscriptions/UUID/resourceGroups/primary-a/providers/Microsoft.Network/loadBalancers/ingress-public/frontendIPConfigurations/Frontend"
            name                          = "Frontend"
          + private_ip_address_version    = "IPv4"
            # (6 unchanged attributes hidden)
        }
    }

Steps to Reproduce

1. terraform apply
2. terraform apply or plan

[mathcantin]

I have the same issue with terraform 1.0.0 and azurerm 2.64.0.

[meowingtons]

I'm seeing the same. FWIW, this ignores it so it at least doesn't clog up plan output:

lifecycle { ignore_changes = [ frontend_ip_configuration[0].private_ip_address_version, ] }

[katbyte]

Hey @jgreat - this should have been fixed by #12208 in the last release. As such i'm going to close this, if thats not the case please do let us know!

[jgreat]

For reference #12208 is part of provider version 2.64.0.

[Alex-W1]

Hello @katbyte,

The issue appears to be partially solved in 2.64.0, but not completely. @jgreat can you re-open the issue?

When I run a terraform plan for my environment using 2.63.0, I get 22 instances of the '+ private_ip_address_version = "IPv4"' addition, but when I run the plan with 2.64.0 I only get 17.

Comparing the two plans, any azure_lb resources that have multiple frontend_ip_configuration blocks defined are appearing in 2.63.0 but NOT 2.64.0,

Any azure_lb resources that have a single frontend_ip_configuration block defined still show up with the addition. See the examples below.

(Below addition appears in 2.63.0 but not 2.64.0)

resource "azurerm_lb" "x" {
        id                   = "/subscriptions/xxxxxx/resourceGroups/yyyyyy/providers/Microsoft.Network/loadBalancers/zzzzzzz"
        name                 = "zzzzzzz"
        tags                 = {}
        # (4 unchanged attributes hidden)

      ~ frontend_ip_configuration {
            id                            = "/subscriptions/xxxxxx/resourceGroups/yyyyyy/providers/Microsoft.Network/loadBalancers/zzzzzzz/frontendIPConfigurations/LoadBalancerFrontEnd"
            name                          = "LoadBalancerFrontEnd"
          + private_ip_address_version    = "IPv4"
            # (6 unchanged attributes hidden)
        }
      ~ frontend_ip_configuration {
            id                            = "/subscriptions/xxxxxx/resourceGroups/yyyyyy/providers/Microsoft.Network/loadBalancers/zzzzzzz/frontendIPConfigurations/LoadBalancerFrontEnd-Server"
            name                          = "LoadBalancerFrontEnd-Server"
          + private_ip_address_version    = "IPv4"
            # (6 unchanged attributes hidden)
        }
      ~ frontend_ip_configuration {
            id                            = "/subscriptions/xxxxxx/resourceGroups/yyyyyy/providers/Microsoft.Network/loadBalancers/zzzzzzz/frontendIPConfigurations/LoadBalancerFrontEnd-KpiServer"
            name                          = "LoadBalancerFrontEnd-KpiServer"
          + private_ip_address_version    = "IPv4"
            # (6 unchanged attributes hidden)
        }
    }

(Below addition appears in both 2.63.0 and 2.64.0)

resource "azurerm_lb" "x1" {
        id                   = "/subscriptions/xxxxxxxxx/resourceGroups/yyyyyy/providers/Microsoft.Network/loadBalancers/zzzzzzzz"
        name                 = "zzzzzzzz"
        tags                 = {}
        # (4 unchanged attributes hidden)

      ~ frontend_ip_configuration {
            id                            = "/subscriptions/xxxxxxxxx/resourceGroups/yyyyyy/providers/Microsoft.Network/loadBalancers/zzzzzzzz/frontendIPConfigurations/LoadBalancerFrontEnd"
            name                          = "LoadBalancerFrontEnd"
          + private_ip_address_version    = "IPv4"
            # (7 unchanged attributes hidden)

[hbuckle]

Yep still happening in 2.64.0

[stksz]

For completeness: Also happening in 2.65.0. @jgreat can you pleaese re-open this ticket?

[jgreat]

I'm not seeing the issue any more with 2.65.0. My plans are coming up clean now.

I've had a Iifecycle ignore_changes work around in my lb resource for a while now. I have done several terraform applies since upgrading the azurerm module.

In any case you might need to open a new issue, I don't seem to have permission to re-open this one.

[Alex-W1]

Glad to hear your plans are fixed @jgreat.

Unfortunately, even after upgrading the provider to 2.65.0 the issue is still present. For now, I have the lifecycle_ignore_changes workaround to bypass the issue.

I'll open a new issue then if we're not able to re-open this one.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.