azurerm_network_interface_security_group_association fails on refreshing due to NIC not found

[rhollins]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

The VM is created by terraforming successfully on the initial run then it is deleted manually in Azure and after that the terraform plan or terraform refresh commands fails with the following error:

module.VM-1.azurerm_network_security_group.ubuntu_nsg: Refreshing state... [id=/subscriptions/<SUB>/resourceGroups/RG_NAME/providers/Microsoft.Network/networkSecurityGroups/nsg_VM-1]
module.VM-2.azurerm_network_security_group.ubuntu_nsg: Refreshing state... [id=/subscriptions/<SUB>/resourceGroups/RG_NAME/providers/Microsoft.Network/networkSecurityGroups/nsg_VM-2]
module.VM-2.azurerm_virtual_machine.vm: Refreshing state... [id=/subscriptions/<SUB>/resourceGroups/RG_NAME/providers/Microsoft.Compute/virtualMachines/VM-2]
module.VM-1.azurerm_virtual_machine.vm: Refreshing state... [id=/subscriptions/<SUB>/resourceGroups/RG_NAME/providers/Microsoft.Compute/virtualMachines/VM-1]
Error: Network Interface "ni_VM-1" (Resource Group "RG_NAME") was not found!
Error: Network Interface "ni_VM-2" (Resource Group "RG_NAME") was not found!

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

v0.12.25 and arm provider v2.10.0

Affected Resource(s)

azurerm_network_interface_security_group_association

Terraform Configuration Files

resource "azurerm_network_interface" "vm_nic" {
  name                = "ni_${coalesce(var.vm_nic_name, var.vm_hostname)}"
  location            = var.vm_resourcegroup_location
  resource_group_name = coalesce(var.vm_nic_rg_name, var.vm_resourcegroup_name)

  ip_configuration {
    name                          = "ipconfig_${coalesce(var.vm_nic_name, var.vm_hostname)}"
    subnet_id                     = var.vm_subnet_id
    private_ip_address            = var.vm_private_ip_address
    private_ip_address_allocation = "static"
  }
}

resource "azurerm_network_security_group" "ubuntu_nsg" {
  name                = "nsg_${var.vm_hostname}"
  location            = var.vm_resourcegroup_location
  resource_group_name = var.vm_resourcegroup_name
}

resource "azurerm_network_interface_security_group_association" "ubuntu_nsg_association" {
  network_interface_id      = azurerm_network_interface.vm_nic.id
  network_security_group_id = azurerm_network_security_group.ubuntu_nsg.id
  depends_on                = [azurerm_network_security_group.ubuntu_nsg, azurerm_network_interface.vm_nic]
}

resource "azurerm_virtual_machine" "vm" {
  name                             = var.vm_hostname
  resource_group_name              = var.vm_resourcegroup_name
  location                         = var.vm_resourcegroup_location
  network_interface_ids            = [azurerm_network_interface.vm_nic.id]
  vm_size                          = var.vm_size
  delete_os_disk_on_termination    = var.vm_delete_os_disk_on_termination
  delete_data_disks_on_termination = var.vm_delete_data_disks_on_termination  

  storage_image_reference {
    publisher = var.vm_image_publisher
    offer     = var.vm_image_offer
    sku       = var.vm_image_sku
    version   = var.vm_image_version
  }

  storage_os_disk {
    name              = "osdisk_${coalesce(var.vm_disk_name, var.vm_hostname)}"
    caching           = var.vm_os_disk_caching
    create_option     = "FromImage"
    managed_disk_type = var.os_managed_disk_type
    disk_size_gb      = var.os_managed_disk_size
  }

  storage_data_disk {
    name              = "datadisk0_${var.vm_hostname}"
    caching           = "ReadWrite"
    create_option     = "Empty"
    managed_disk_type = var.data_managed_disk_type
    disk_size_gb      = var.data_managed_disk_size
    lun               = 0
  }

  os_profile {
    computer_name  = var.vm_hostname
    admin_username = var.vm_admin_username
    admin_password = var.vm_admin_temporary_password
  }

  os_profile_linux_config {
    disable_password_authentication = "false"
    ssh_keys {
      path     = "/home/${var.vm_admin_username}/.ssh/authorized_keys"
      key_data = file(var.ssh_public_key)
    }
  }

  boot_diagnostics {
    enabled     = var.vm_boot_diagnostics_enabled
    storage_uri = var.vm_boot_diagnostics_storage_uri
  }

  tags = {
    environment = var.vm_tag_environment
  }

  depends_on = [azurerm_network_interface_security_group_association.ubuntu_nsg_association, azurerm_network_interface.vm_nic]  
}

Panic Output

module.VM-1.azurerm_network_security_group.ubuntu_nsg: Refreshing state... [id=/subscriptions/<SUB>/resourceGroups/RG_NAME/providers/Microsoft.Network/networkSecurityGroups/nsg_VM-1]
module.VM-2.azurerm_network_security_group.ubuntu_nsg: Refreshing state... [id=/subscriptions/<SUB>/resourceGroups/RG_NAME/providers/Microsoft.Network/networkSecurityGroups/nsg_VM-2]
module.VM-2.azurerm_virtual_machine.vm: Refreshing state... [id=/subscriptions/<SUB>/resourceGroups/RG_NAME/providers/Microsoft.Compute/virtualMachines/VM-2]
module.VM-1.azurerm_virtual_machine.vm: Refreshing state... [id=/subscriptions/<SUB>/resourceGroups/RG_NAME/providers/Microsoft.Compute/virtualMachines/VM-1]
Error: Network Interface "ni_VM-1" (Resource Group "RG_NAME") was not found!
Error: Network Interface "ni_VM-2" (Resource Group "RG_NAME") was not found!

Expected Behavior

refresh should run successfully and find out that all resources related to the VM were deleted manually and no longer exists and then new VM should be created

Actual Behavior

error provided above

Steps to Reproduce

Create VM using following code then delete all resources and VM manually in Azure portal and the try to run terraform plan or terraform refresh

1. terraform apply

Important Factoids

The workaround is to delete azurerm_network_interface_security_group_association from state before running terraform refresh

References

• #0000

[ghost]

This has been released in version 2.16.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.16.0"
}
# ... other configuration ...

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!