Terraform-provider-azurerm: Resource Subnet_network_security_group_association will not stay associated

Created on 29 Oct 2018 · 3Comments · Source: terraform-providers/terraform-provider-azurerm

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform v0.11.10

provider.azurerm v1.17.0

Affected Resource(s)

azurerm_subnet_network_security_group_association

Terraform Configuration Files

module "data_nsg_link" {
  source = "git::ssh://[email protected]"
  subnet_id = "${module.data_subnet.subnet_id}"
  nsg_id = "${module.data_nsg.nsg_id}"
}

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp

Debug Output

Panic Output

Expected Behavior

No Change to resources

Actual Behavior

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  ~ module.app_subnet.azurerm_subnet.subnet
      network_security_group_id: "/subscriptions/mysub/resourceGroups/myrg/providers/Microsoft.Network/networkSecurityGroups/nsg01" => ""

  ~ module.data_subnet.azurerm_subnet.subnet
      network_security_group_id: "/subscriptions/mysub/resourceGroups/myrg/providers/Microsoft.Network/networkSecurityGroups/nsg02" => ""

  ~ module.gtwy_subnet.azurerm_subnet.subnet
      network_security_group_id: "/subscriptions/mysub/resourceGroups/myrg/providers/Microsoft.Network/networkSecurityGroups/nsg03" => ""

  ~ module.pres_subnet.azurerm_subnet.subnet
      network_security_group_id: "/subscriptions/mysub/resourceGroups/myrg/providers/Microsoft.Network/networkSecurityGroups/nsg04" => ""


Plan: 0 to add, 4 to change, 0 to destroy.

Steps to Reproduce

terraform apply

Important Factoids

References

#0000

question servicsubnets

Source

whytoe

Most helpful comment

hi @whytoe

Thanks for opening this issue :)

As mentioned in the documentation since this field currently exists both on the azurerm_subnet resource and the azurerm_subnet_network_security_group_association resource - at this time this field must be specified in both places to ensure it remains associated.

Whilst I appreciate this isn't ideal, the alternative would be a breaking change to the azurerm_subnet resource - which is planned for v2.0.0 of the AzureRM Provider (which we're planning at the moment) which will include removing the network_security_group_id field from the azurerm_subnet resource.

Since this is currently by design (and has a planned fix in the near future) - I'm going to close this issue for the moment.

Thanks!

tombuildsstuff on 29 Oct 2018

👍2

All 3 comments

hi @whytoe

Thanks for opening this issue :)

Since this is currently by design (and has a planned fix in the near future) - I'm going to close this issue for the moment.

Thanks!

tombuildsstuff on 29 Oct 2018

👍2

Thanks @tombuildsstuff I must have missed that documentation

whytoe on 30 Oct 2018

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!