azurerm_lb always recreates load balancer resources when adding a new frontend_ip_configuration

[kjanss]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

terraform -v
Terraform v0.15.5
on darwin_amd64

• provider registry.terraform.io/hashicorp/azuread v1.5.1
• provider registry.terraform.io/hashicorp/azurerm v2.72.0

Affected Resource(s)

• azurerm_lb

Terraform Configuration Files

resource "azurerm_lb" "lb-in" {
  name = "prd-${terraform.workspace}-lb-in"

  frontend_ip_configuration {
    availability_zone             = "Zone-Redundant"
    name                          = "LoadBalancerFrontEnd"
    private_ip_address            = var.lb["${terraform.workspace}"].FrontEnd.FrontEnd_ipAddress
    private_ip_address_allocation = "Static"
    private_ip_address_version    = "IPv4"
    subnet_id                     = data.azurerm_subnet.transit.id
  }
  frontend_ip_configuration {
    availability_zone             = "Zone-Redundant"
    name                          = "FrontEnd2"
    private_ip_address            = var.lb["${terraform.workspace}"].FrontEnd.FrontEnd2_ipAddress
    private_ip_address_allocation = "Static"
    private_ip_address_version    = "IPv4"
    subnet_id                     = data.azurerm_subnet.transit.id
  }

Debug Output

Panic Output

Expected Behaviour

I create a lb with a frontend
I apply
I add a second frontend listener
I apply
the listener gets added

Actual Behaviour

I create a lb with a frontend
I apply
I add a second frontend listener
I apply
all objects within the load balancer (probes, frontends, backend pools, rules) and the load balancer itself get re-created.

Reason listed:
+ frontend_ip_configuration {
+ availability_zone = "Zone-Redundant" # forces replacement
+ id = (known after apply)
+ inbound_nat_rules = (known after apply)
+ load_balancer_rules = (known after apply)
+ name = "FrontEnd2"

this causes the lb id to change, which causes everything else to get re-created.

workaround: create the listener manually, then apply the terraform script.

Steps to Reproduce

1. terraform apply

Important Factoids

References

• #0000

[kjanss]

Interestingly (I first had this in 2.64), the deprecated 'zones' attribute is also marked as destructive:
+ frontend_ip_configuration {
+ availability_zone = "Zone-Redundant" # forces replacement
+ id = (known after apply)
+ inbound_nat_rules = (known after apply)
+ load_balancer_rules = (known after apply)
+ name = "FrontEnd2"
+ outbound_rules = (known after apply)
+ private_ip_address = "xxxx"
+ private_ip_address_allocation = "static"
+ private_ip_address_version = "IPv4"
+ public_ip_address_id = (known after apply)
+ public_ip_prefix_id = (known after apply)
+ subnet_id = "xxxxx"
+ zones = (known after apply) # forces replacement
}

commenting out 'availability zones' to let it revet to the default ("Zone-Redundant") causes 'availability zone' to no longer destroy the object but the 'zones' still causes a destruction.
setting 'zones' is not possible due to the replacement of zones with availability_zone.

[gek0]

getting the same on this version

Terraform v0.14.11
+ provider registry.terraform.io/hashicorp/azurerm v2.72.0
+ provider registry.terraform.io/hashicorp/external v2.1.

Adding the new frontend IP configuration wants to re-create the load balancer itself - no matter the availability_zone setting

  # module.lb.azurerm_lb.lb must be replaced
-/+ resource "azurerm_lb" "lb" {
      ~ id                   = "/subscriptions/XXXXXXX" -> (known after apply)
        name                 = "lb-internal-xxxxx-1"
      ~ private_ip_address   = xxxxxxx" -> (known after apply)
      ~ private_ip_addresses = [
          - "xxxxx",
        ] -> (known after apply)
        tags                 = {
            "environment" = "prod"
        }
        # (3 unchanged attributes hidden)

      ~ frontend_ip_configuration {
          ~ id                            = "/subscriptions/XXXXXXX-1" -> (known after apply)
          ~ inbound_nat_rules             = [] -> (known after apply)
          ~ load_balancer_rules           = [
              - "/subscriptions/XXXXXXX-1",
              - "/subscriptions/XXXXXXX-2",
              - "/subscriptions/XXXXXXX-3",
            ] -> (known after apply)
          ~ outbound_rules                = [] -> (known after apply)
          ~ private_ip_address            = "xxxxx" -> (known after apply)
          ~ private_ip_address_allocation = "Dynamic" -> "dynamic"
          + public_ip_address_id          = (known after apply)
          + public_ip_prefix_id           = (known after apply)
          ~ zones                         = [] -> (known after apply)
            # (3 unchanged attributes hidden)
        }
      + frontend_ip_configuration {
          + availability_zone             = "No-Zone" # forces replacement
          + id                            = (known after apply)
          + inbound_nat_rules             = (known after apply)
          + load_balancer_rules           = (known after apply)
          + name                          = "internal-xxxxx"
          + outbound_rules                = (known after apply)
          + private_ip_address            = (known after apply)
          + private_ip_address_allocation = "dynamic"
          + private_ip_address_version    = "IPv4"
          + public_ip_address_id          = (known after apply)
          + public_ip_prefix_id           = (known after apply)
          + subnet_id                     = "/subscriptions/XXXXXXX"
          + zones                         = (known after apply) # forces replacement
        }
    }

this seems to be introduced in 2.64.0 as @kjanss said with #12208
trying with the 2.63.0 provider does not help since availability_zone cannot be used/set with that and previous versions

This is preventing us from any new changes on the LB as we cannot update our balancers...

[aristosvo]

Fix is on the way. Tests so far look good.

[github-actions]

This functionality has been released in v2.77.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.