Terraform-provider-azurerm: Terraform doesn't dissociate the Public IP address before deleting it and deletion fails

Created on 21 Dec 2018 · 14Comments · Source: terraform-providers/terraform-provider-azurerm

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v0.11.11

provider.azurerm v1.20.0

Affected Resource(s)

*azurerm_network_interface
*azurerm_public_ip

Terraform Configuration Files

resource "azurerm_network_interface" "main" {
  count               = "${var.numberof_nics}"
  name                = "${var.hostname}-nic${count.index}"
  location            = "${var.region}"
  resource_group_name = "${var.sub-name}-${var.region}-${var.aplication}-rg"

  ip_configuration {
    name                          = "${var.hostname}-ipaddress${count.index}"
    subnet_id                     = "${var.subnet[count.index]}"
    private_ip_address_allocation = "static"
    private_ip_address            = "${var.private_ip[count.index]}"
    public_ip_address_id          = "${length(azurerm_public_ip.main.*.id) > 0 ? element(concat(azurerm_public_ip.main.*.id, list("")), count.index) : ""}"

  }
  depends_on = ["azurerm_resource_group.main"]
}

resource "azurerm_public_ip" "main" {
  count                = "${var.public_ip == "true" ? 1 : 0}"
  name                 = "${var.sub-name}-${var.region}-${var.hostname}-PublicIP${count.index}"
  location             = "${var.region}"
  resource_group_name  = "${var.sub-name}-${var.region}-${var.aplication}-rg"
  public_ip_address_allocation = "${var.public_ip_alloc}"
}

Expected Behavior

Terraform should:

Dissociate Public IP
Delete Public IP resource.

Terraform will perform the following actions:

  ~ module.tf-azure-vm-linux-module-srv-003.azurerm_network_interface.main
      ip_configuration.0.public_ip_address_id: "/subscriptions/mysubscription/resourceGroups/my-resourcegroup-rg/providers/Microsoft.Network/publicIPAddresses/something-srv-003-PublicIP0" => ""

  - module.tf-azure-vm-linux-module-srv-003.azurerm_public_ip.main

Actual Behavior

It seems that Terraform tries to delete the Public IP in first place before doing the dissociation and it fails.

  Enter a value: yes

module.tf-azure-vm-linux-module-srv-003.azurerm_public_ip.main: Destroying... (ID: /subscriptions/mysubscription-...something-srv-003-PublicIP0)
Releasing state lock. This may take a few moments...

Error: Error applying plan:

1 error(s) occurred:

* module.tf-azure-vm-linux-module-srv-003.azurerm_public_ip.main (destroy): 1 error(s) occurred:

* azurerm_public_ip.main: Error deleting Public IP "something-srv-003-PublicIP0" (Resource Group "my-resourcegroup-rg-rg"): network.PublicIPAddressesClient#Delete: Failure sending request: StatusCode=0 -- Original Error: Code="PublicIPAddressCannotBeDeleted" Message="Public IP address /subscriptions/mysubscriiption/resourceGroups/my-resourcegroup-rg/providers/Microsoft.Network/publicIPAddresses/something-srv-003-PublicIP0 can not be deleted since it is still allocated to resource /subscriptions/mysubscriptioin/resourceGroups/my-resourcegroup-rg/providers/Microsoft.Network/networkInterfaces/something-003-nic0/ipConfigurations/something-003-ipaddress0." Details=[]

Steps to Reproduce

terraform apply

bug servicpublic-ip

Source

juanjojulian

👍61

Most helpful comment

Any update on this? This issue is still happening since there is no public_ip_association resource that will manage the association between a public IP and a NIC. The reference of the public IP is still in the NIC so when we try to change or remove the Public IP, the provider is supposed to modify the NIC to remove the association first, then destroy the public IP. This is exactly what the plan is describing but when it comes to the apply, it starting by deleting the public IP before updating the NIC which results to an error...

fxredeyes on 15 Jan 2020

👍5

All 14 comments

Any update on this?

ghalevy on 28 Jun 2019

👍1

Maybe one solution would be a design change, similar to the aws or openstack provider.
In both provider, the association is done in the public ip ressource
(e.g. https://www.terraform.io/docs/providers/aws/r/eip.html and https://www.terraform.io/docs/providers/openstack/r/networking_floatingip_v2.html via port_id)
.
Another solution is to add a public_ip_attachment resource (similar to disks attachments).
(Similar has been done for application_gateway_backend_address_pools_ids of https://www.terraform.io/docs/providers/azurerm/r/network_interface.html )

With that, the attachment is a dependency of public_ip resource. If you destroy the public_ip, it will destroy the dependency

jpbuecken on 11 Sep 2019

👍2

fxredeyes on 15 Jan 2020

👍5

Hi, still no milestone for this?

miiitch on 30 Mar 2020

Even if you add -target=azurerm_network_interface.main it STILL put destroying of public_ip into plan (and tries to do both in wrong order). This might be root cause or this issue.
EDIT: Bug is still present in TF 0.12.24 and Azure 2.6.0 plugin..

stawii on 29 Apr 2020

👍1

I currently use the version
Terraform v0.12.24

provider.azurerm v2.18.0
provider.tls v2.1.1

The issue still persists:

Error deleting Public IP "public_ip2" (Resource Group "AnsibleLab_terraform"): network.PublicIPAddressesClient#Delete: Failure sending request: StatusCode=400 -- Original Error: Code="PublicIPAddressCannotBeDeleted" Message="Public IP address /subscriptions/a12345b9-95c9-4d15-a288-abb49feaf3cc/resourceGroups/AnsibleLab_terraform/providers/Microsoft.Network/publicIPAddresses/public_ip2 can not be deleted since it is still allocated to resource /subscriptions/a12345b9-95c9-4d15-a288-abb49feaf3cc/resourceGroups/AnsibleLab_terraform/providers/Microsoft.Network/networkInterfaces/network_interface2/ipConfigurations/network_interface1_ip_configuration. In order to delete the public IP, disassociate/detach the Public IP address from the resource. To learn how to do this, see aka.ms/deletepublicip." Details=[]

One has to manually remove the Public IP address binding at the NIC level and then the successful deletion happens

niranjan0292 on 19 Jul 2020

I get the same error with Virtual Gateways not NICs but same underlying problem

TechArtistG on 16 Sep 2020

Same behavior here with the followings :

terraform v0.13.3
azurerm v2.20.0

This is really annoying. Any workaround ?

Xat59 on 8 Oct 2020

👍2

This bug is open from Dec 21, 2018 :(

c4m4 on 21 Oct 2020

👍2

Has anybody a workaround, except for manually going into the Azure portal?!

zwoefler on 10 Nov 2020

Still occurs, I was hoping this would be fixed in a newer version of the provider but only manually going in to the front end configuration and removing the IP and load balancing rules works to allow a delete.

Terraform v0.12.29

provider.azuread v0.11.0
provider.azurerm v2.35.0
provider.http v2.0.0
provider.kubernetes v1.13.3

jrgwv on 17 Nov 2020

Experiencing the same problem with terraform version v0.13.4 and azurerm provider v2.37.0

GarethOates on 23 Nov 2020

I'm getting this too with v0.13.5 and azurerm v2.38.0

darren-johnson on 29 Nov 2020

Any reason why this issue is not being looked into ? Valid comments above are marked as off-topic :(
This issue still persists with
terraform v0.13.5
azurerm v2.40.0