Send empty list when using condition (load_balancer_backend_address_pools_ids)

[JamesDLD]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Affected Resource(s)

• Terraform v0.11.3
• provider.azurerm v1.6.0

Terraform Configuration Files

#Set the Provider
provider "azurerm" {
  subscription_id = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  client_id       = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  client_secret   = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  tenant_id       = "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}

#Set variable

variable "Linux_Vms" {
  type = "list"

  default = [
    {
      suffix_name = "ssh"
      id          = "3"            #Id of the VM nic (this is the 3° nic)
      Id_Subnet   = "0"            #Id of the Subnet whitin the list "subnets_ids"
      Id_Nsg      = "0"            #Id of the Network Security Group whitin the list "nsgs_ids", set to 777 if there is no Network Security Groups
      Id_Lb       = "777"          #Id of the Load Balancer whitin the list "lb_backend_ids", set to 777 if there is no LB to link (this don't work at the moment)
      static_ip   = "198.18.1.232"
    },
  ]
}

variable "nic_location" {
  default = "northeurope"
}

variable "nic_resource_group_name" {
  default = "apps-jdld-sand1-rg1"
}

variable "subnets_ids" {
  type    = "list"
  default = ["/subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/infr-jdld-noprd-rg1/providers/Microsoft.Network/virtualNetworks/infra-jdld-sand1-net1/subnets/jdld-sand1-frontend-snet1"]
}

variable "lb_backend_ids" {
  type    = "list"
  default = ["/subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/apps-jdld-sand1-rg1/providers/Microsoft.Network/loadBalancers/jdld-sand1-ssh-lb1/backendAddressPools/jdld-sand1-ssh-bckpool1"]
}

variable "nsgs_ids" {
  type    = "list"
  default = ["/subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/apps-jdld-sand1-rg1/providers/Microsoft.Network/networkSecurityGroups/jdld-sand1-nic-all-nsg1"]
}

#Action
resource "azurerm_network_interface" "linux_vms_nics" {
  count                     = "${length(var.Linux_Vms)}"
  name                      = "jdld-sand1-${lookup(var.Linux_Vms[count.index], "suffix_name")}${lookup(var.Linux_Vms[count.index], "id")}-nic1"
  location                  = "${var.nic_location}"
  resource_group_name       = "${var.nic_resource_group_name}"
  network_security_group_id = "${"${lookup(var.Linux_Vms[count.index], "Id_Nsg")}" == "777" ? "" : "${element(var.nsgs_ids,lookup(var.Linux_Vms[count.index], "Id_Nsg"))}"}"

  ip_configuration {
    name                          = "jdld-sand1-${lookup(var.Linux_Vms[count.index], "suffix_name")}-nic1-CFG"
    subnet_id                     = "${element(var.subnets_ids,lookup(var.Linux_Vms[count.index], "Id_Subnet"))}"
    private_ip_address_allocation = "static"
    private_ip_address            = "${lookup(var.Linux_Vms[count.index], "static_ip")}"

    #Below code works but only permit to have a standalone nic, not linked to any lb
    #load_balancer_backend_address_pools_ids = []


    #Below code works but only permit to have a nic linked to an lb
    #load_balancer_backend_address_pools_ids = ["${element(var.lb_backend_ids,lookup(var.Linux_Vms[count.index], "Id_Lb"))}"]

    #Below codes don't work if "Id_Lb"  == "777", it fails to send a null list like [], otherwise the condition works
    load_balancer_backend_address_pools_ids = "${split(" ", "${lookup(var.Linux_Vms[count.index], "Id_Lb")}"  == "777" ? "" : "${element(var.lb_backend_ids,lookup(var.Linux_Vms[count.index], "Id_Lb"))}" )}"
  }
}

Debug Output

Panic Output

Expected Behavior

Send the following when the condition is set to 777 ==>

load_balancer_backend_address_pools_ids = []

Actual Behavior

It currently sends an empty string when the condition is set to 777 ==>

Error: Error applying plan:

1 error(s) occurred:

* azurerm_network_interface.linux_vms_nics: 1 error(s) occurred:

* azurerm_network_interface.linux_vms_nics: network.InterfacesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="
LinkedInvalidPropertyId" Message="Property id '' at path 'properties.ipConfigurations[0].properties.loadBalancerBackendAddressPools[0].id' is invalid.
 Expect fully qualified resource Id that start with '/subscriptions/{subscriptionId}' or '/providers/{resourceProviderNamespace}/'."

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

Steps to Reproduce

1. terraform apply

Important Factoids

The condition is working fine when the parameter is a string, in the upper tf I had an example for the parameter network_security_group_id

References

• A similar issue has been raised here #13733 but didn't take into account to send an empty list

[katbyte]

Hello @JamesDLD,

Sorry to hear this has been a problem for you. I don't think the provider should be silently ignoring empty strings to send an empty array, if anything it should be validating that all ID's passed in are valid and as such I will shortly open a PR to enforce this. My reasoning is if someone is doing some interpolation and accidentally ends up with " " they would get a silent failure and that is not ideal

I think this is better solved in the terraform config and I believe this could be done by adding a compact() call around your interpolation:

load_balancer_backend_address_pools_ids = "${compact(split(" ", "${lookup(var.Linux_Vms[count.index], "Id_Lb")}"  == "777" ? "" : "${element(var.lb_backend_ids,lookup(var.Linux_Vms[count.index], "Id_Lb"))}" ))}"

Could you please give this a try and let me know if it solves the issue for you? Thanks!

[JamesDLD]

Thank you @katbyte !!

The workaround “compact” with “bracelet” did the job like a charm.
This use case is pretty useful in one of my client context, they just fill in a variable file and they can now deactivate or activate a backend by just modifying this variable file.

load_balancer_backend_address_pools_ids = ["${compact(split(" ", "${lookup(var.Linux_Vms[count.index], "Id_Lb")}"  == "777" ? "" : "${element(var.lb_backend_ids,lookup(var.Linux_Vms[count.index], "Id_Lb"))}" ))}"]

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!