Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Azure network security groups: eplicli apply makes changes when configuration file is not changed #1570

Closed
to-bar opened this issue Aug 20, 2020 · 3 comments
Closed

[BUG] Azure network security groups: eplicli apply makes changes when configuration file is not changed #1570

to-bar opened this issue Aug 20, 2020 · 3 comments
Assignees
@seriva
Labels
area/terraform provider/azure python Pull requests that update Python code type/bug type/low-hanging-fruit Good, nice, simple task

Comments

@to-bar
Copy link
Contributor

to-bar commented Aug 20, 2020
edited
Loading

Describe the bug
epicli apply is not idempotent on Azure. Odd runs attach network security groups to subnets and even runs detach.

To Reproduce
Steps to reproduce the behavior:

  1. Prepare minimalistic config file (use defaults)
  2. Execute epicli apply -f az_nsg_association_bug.yml
  3. Check network security group association in Azure Portal (e.g. Home | repro-nsg-association-bug-kubernetes-master-vm-0 | Networking)
  4. Repeat steps 2 and 3.

Expected behavior
Terraform should not modify associations (state) unless configuration has been changed.

Config files
If applicable, add config files to help explain your problem.
https://app.zenhub.com/files/164668263/af24eadf-1a93-45d7-b166-d880fb4612d9/download

Cloud Environment
Cloud Provider: Azure

Additional context
Found in version 0.7.1.

More details

  1. After first run:

In Azure Portal (Home | repro-nsg-association-bug-kubernetes-master-vm-0 | Networking):

Network security group repro-nsg-association-bug-kubernetes-master-nsg-0 (attached to subnet: repro-nsg-association-bug-kubernetes-master-subnet-0)
Impacts 1 subnets, 1 network interfaces

Network security group repro-nsg-association-bug-kubernetes-master-nsg-0 (attached to network interface: repro-nsg-association-bug-kubernetes-master-nic-0)
Impacts 1 subnets, 1 network interfaces

  1. No changes in configuration.

During second run:

10:01:27 INFO cli.engine.terraform.TerraformCommand - azurerm_storage_share.repro-nsg-association-bug-k8s-ss: Refreshing state... [id=https://repronsgassociationbugk8s.file.core.windows.net/k8s]
10:01:39 INFO cli.engine.terraform.TerraformCommand - azurerm_subnet.repro-nsg-association-bug-kubernetes-master-subnet-0: Modifying... [id=/subscriptions/2d60775f-932a-4cf6-b9f0-548a8b43b368/resourceGroups/repro-nsg-association-bug-rg/providers/Microsoft.Network/virtualNetworks/repro-nsg-association-bug-vnet/subnets/repro-nsg-association-bug-kubernetes-master-subnet-0]
10:01:39 INFO cli.engine.terraform.TerraformCommand - azurerm_virtual_machine.repro-nsg-association-bug-kubernetes-master-vm-0: Modifying... [id=/subscriptions/2d60775f-932a-4cf6-b9f0-548a8b43b368/resourceGroups/repro-nsg-association-bug-rg/providers/Microsoft.Compute/virtualMachines/repro-nsg-association-bug-kubernetes-master-vm-0]
10:01:43 INFO cli.engine.terraform.TerraformCommand - azurerm_virtual_machine.repro-nsg-association-bug-kubernetes-master-vm-0: Modifications complete after 3s [id=/subscriptions/2d60775f-932a-4cf6-b9f0-548a8b43b368/resourceGroups/repro-nsg-association-bug-rg/providers/Microsoft.Compute/virtualMachines/repro-nsg-association-bug-kubernetes-master-vm-0]
10:01:49 INFO cli.engine.terraform.TerraformCommand - azurerm_subnet.repro-nsg-association-bug-kubernetes-master-subnet-0: Still modifying... [id=/subscriptions/2d60775f-932a-4cf6-b9f0-...ciation-bug-kubernetes-master-subnet-0, 10s elapsed]
10:01:50 INFO cli.engine.terraform.TerraformCommand - azurerm_subnet.repro-nsg-association-bug-kubernetes-master-subnet-0: Modifications complete after 11s [id=/subscriptions/2d60775f-932a-4cf6-b9f0-548a8b43b368/resourceGroups/repro-nsg-association-bug-rg/providers/Microsoft.Network/virtualNetworks/tb-nsg-association-bug-vnet/subnets/repro-nsg-association-bug-kubernetes-master-subnet-0]
  1. After second run:

In Azure Portal (Home | repro-nsg-association-bug-kubernetes-master-vm-0 | Networking):

Network security group repro-nsg-association-bug-kubernetes-master-nsg-0 (attached to network interface: repro-nsg-association-bug-kubernetes-master-nic-0)
Impacts 0 subnets, 1 network interfaces

  1. After third run (the result is the same as initially):

Network security group repro-nsg-association-bug-kubernetes-master-nsg-0 (attached to subnet: repro-nsg-association-bug-kubernetes-master-subnet-0)
Impacts 1 subnets, 1 network interfaces
@to-bar to-bar changed the title [BUG] Azure: eplicli appy makes infrastructure changes when configuration file is not changed [BUG] Azure: eplicli apply makes infrastructure changes when configuration file is not changed Aug 20, 2020
@to-bar to-bar changed the title [BUG] Azure: eplicli apply makes infrastructure changes when configuration file is not changed [BUG] Azure network security groups: eplicli apply makes infrastructure changes when configuration file is not changed Aug 20, 2020
@to-bar to-bar changed the title [BUG] Azure network security groups: eplicli apply makes infrastructure changes when configuration file is not changed [BUG] Azure network security groups: eplicli apply makes changes when configuration file is not changed Aug 20, 2020
@seriva seriva mentioned this issue Aug 20, 2020
Merged
@seriva
Copy link
Collaborator

seriva commented Aug 20, 2020

There was a minor difference between VM templates when rerunning Epicli which was fixed with this pullrequest:

#1573

However with identical templates this issue still exists. Seems to me like Terraform bug. I checked their issue backlog but cannot find anything describing this.

@erzetpe erzetpe added python Pull requests that update Python code type/low-hanging-fruit Good, nice, simple task labels Sep 6, 2021
@erzetpe
Copy link
Contributor

erzetpe commented Sep 6, 2021

Double-check what in fact is going on.

@seriva seriva mentioned this issue Dec 30, 2021
Closed
5 tasks
@seriva seriva self-assigned this Jan 10, 2022
@seriva
Copy link
Collaborator

seriva commented Jan 10, 2022

Seems to be default Terraform behavior, even after bumping Terraform + Azurerm provider to latest. Researched in #2825. So I think we would be good to just close this.

@seriva seriva closed this as completed Jan 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@seriva seriva

Labels
area/terraform provider/azure python Pull requests that update Python code type/bug type/low-hanging-fruit Good, nice, simple task
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@erzetpe @seriva @to-bar