Terraform-provider-azurerm: Tags are not applying to azurerm_private_dns_zone
Community Note
- Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform (and AzureRM Provider) Version
Terraform v0.12.23
- provider.azurerm v2.1.0
- provider.random v2.2.1
Affected Resource(s)
azurerm_private_dns_zone
Terraform Configuration Files
locals {
location = var.location
region = var.region[var.location]
env = var.env_code[var.env]
common_tags = {
"nt:TLA" = var.tla
"nt:CostCenter" = var.costCenter
"nt:BusinessUnit" = var.businessUnit
"nt:Environment" = title(var.env)
}
prefix = "${local.region}-${var.tla}-${local.env}-"
# Private DNS Zones needed for PrivateLink
zones = {
SQL = "private.database.windows.net"
KV = "private.vaultcore.azure.net"
ACR = "privatelink.azurecr.io"
BLOB = "privatelink.blob.core.windows.net"
TABLE = "privatelink.table.core.windows.net"
QUEUE = "privatelink.queue.core.windows.net"
FILE = "privatelink.file.core.windows.net"
WEB = "privatelink.web.core.windows.net"
DFS = "privatelink.dfs.core.windows.net"
COSMOS_SQL = "privatelink.documents.azure.com"
}
}
### Private Link DNS Zones
### https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview
resource "azurerm_private_dns_zone" "privatelink" {
for_each = local.zones
name = each.value
resource_group_name = azurerm_resource_group.sandbox.name
tags = local.common_tags
}
resource "azurerm_private_dns_zone_virtual_network_link" "privatelink" {
for_each = local.zones
name = "PL_${each.key}"
resource_group_name = azurerm_resource_group.sandbox.name
private_dns_zone_name = azurerm_private_dns_zone.privatelink[each.key].name
virtual_network_id = azurerm_virtual_network.sandbox.id
lifecycle {
ignore_changes = [
name
]
}
}
Debug Output
NO Panic was created, no crash.log created, no debug output to attach
Terraform Plan Ouptut (Reduced for clarity, only showing one resource)
# azurerm_private_dns_zone.privatelink["WEB"] will be updated in-place
~ resource "azurerm_private_dns_zone" "privatelink" {
id = "/subscriptions/58be4214-863c-4205-867e-689e155cb3ce/resourceGroups/cus-azr-z-rg/providers/Microsoft.Network/privateDnsZones/privatelink.web.core.windows.net"
max_number_of_record_sets = 25000
max_number_of_virtual_network_links = 1000
max_number_of_virtual_network_links_with_registration = 100
name = "privatelink.web.core.windows.net"
number_of_record_sets = 1
resource_group_name = "cus-azr-z-rg"
~ tags = {
+ "nt:BusinessUnit" = "INFR"
+ "nt:CostCenter" = "0888"
+ "nt:Environment" = "Sandbox"
+ "nt:TLA" = "AZR"
}
}
You can see from the plan output above that it is trying to add tags to the resource. cd
Terraform Apply Output
azurerm_private_dns_zone.privatelink["DFS"]: Modifying... [id=/subscriptions/subID/resourceGroups/cus-azr-z-rg/providers/Microsoft.Network/privateDnsZones/privatelink.dfs.core.windows.net]
azurerm_private_dns_zone.privatelink["BLOB"]: Modifying... [id=/subscriptions/subID/resourceGroups/cus-azr-z-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net]
azurerm_private_dns_zone.privatelink["COSMOS_SQL"]: Modifying... [id=/subscriptions/subID/resourceGroups/cus-azr-z-rg/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com]
azurerm_private_dns_zone.privatelink["KV"]: Modifying... [id=/subscriptions/subID/resourceGroups/cus-azr-z-rg/providers/Microsoft.Network/privateDnsZones/private.vaultcore.azure.net]
azurerm_private_dns_zone.privatelink["TABLE"]: Modifying... [id=/subscriptions/subID/resourceGroups/cus-azr-z-rg/providers/Microsoft.Network/privateDnsZones/privatelink.table.core.windows.net]
azurerm_private_dns_zone.privatelink["WEB"]: Modifying... [id=/subscriptions/subID/resourceGroups/cus-azr-z-rg/providers/Microsoft.Network/privateDnsZones/privatelink.web.core.windows.net]
azurerm_private_dns_zone.privatelink["SQL"]: Modifying... [id=/subscriptions/subID/resourceGroups/cus-azr-z-rg/providers/Microsoft.Network/privateDnsZones/private.database.windows.net]
azurerm_private_dns_zone.privatelink["ACR"]: Modifying... [id=/subscriptions/subID/resourceGroups/cus-azr-z-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io]
azurerm_private_dns_zone.privatelink["FILE"]: Modifying... [id=/subscriptions/subID/resourceGroups/cus-azr-z-rg/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net]
azurerm_private_dns_zone.privatelink["QUEUE"]: Modifying... [id=/subscriptions/subID/resourceGroups/cus-azr-z-rg/providers/Microsoft.Network/privateDnsZones/privatelink.queue.core.windows.net]
azurerm_private_dns_zone.privatelink["DFS"]: Still modifying... [id=/subscriptions/subID-...Zones/privatelink.dfs.core.windows.net, 10s elapsed]
azurerm_private_dns_zone.privatelink["BLOB"]: Still modifying... [id=/subscriptions/subID-...ones/privatelink.blob.core.windows.net, 10s elapsed]
azurerm_private_dns_zone.privatelink["COSMOS_SQL"]: Still modifying... [id=/subscriptions/subID-...sZones/privatelink.documents.azure.com, 10s elapsed]
azurerm_private_dns_zone.privatelink["KV"]: Still modifying... [id=/subscriptions/subID-...teDnsZones/private.vaultcore.azure.net, 10s elapsed]
azurerm_private_dns_zone.privatelink["TABLE"]: Still modifying... [id=/subscriptions/subID-...nes/privatelink.table.core.windows.net, 10s elapsed]
azurerm_private_dns_zone.privatelink["WEB"]: Still modifying... [id=/subscriptions/subID-...Zones/privatelink.web.core.windows.net, 10s elapsed]
azurerm_private_dns_zone.privatelink["SQL"]: Still modifying... [id=/subscriptions/subID-...eDnsZones/private.database.windows.net, 10s elapsed]
azurerm_private_dns_zone.privatelink["ACR"]: Still modifying... [id=/subscriptions/subID-...privateDnsZones/privatelink.azurecr.io, 10s elapsed]
azurerm_private_dns_zone.privatelink["FILE"]: Still modifying... [id=/subscriptions/subID-...ones/privatelink.file.core.windows.net, 10s elapsed]
azurerm_private_dns_zone.privatelink["QUEUE"]: Still modifying... [id=/subscriptions/subID-...nes/privatelink.queue.core.windows.net, 10s elapsed]
azurerm_private_dns_zone.privatelink["BLOB"]: Still modifying... [id=/subscriptions/subID-...ones/privatelink.blob.core.windows.net, 20s elapsed]
azurerm_private_dns_zone.privatelink["DFS"]: Still modifying... [id=/subscriptions/subID-...Zones/privatelink.dfs.core.windows.net, 20s elapsed]
azurerm_private_dns_zone.privatelink["COSMOS_SQL"]: Still modifying... [id=/subscriptions/subID-...sZones/privatelink.documents.azure.com, 20s elapsed]
azurerm_private_dns_zone.privatelink["WEB"]: Still modifying... [id=/subscriptions/subID-...Zones/privatelink.web.core.windows.net, 20s elapsed]
azurerm_private_dns_zone.privatelink["TABLE"]: Still modifying... [id=/subscriptions/subID-...nes/privatelink.table.core.windows.net, 20s elapsed]
azurerm_private_dns_zone.privatelink["KV"]: Still modifying... [id=/subscriptions/subID-...teDnsZones/private.vaultcore.azure.net, 20s elapsed]
azurerm_private_dns_zone.privatelink["ACR"]: Still modifying... [id=/subscriptions/subID-...privateDnsZones/privatelink.azurecr.io, 20s elapsed]
azurerm_private_dns_zone.privatelink["SQL"]: Still modifying... [id=/subscriptions/subID-...eDnsZones/private.database.windows.net, 20s elapsed]
azurerm_private_dns_zone.privatelink["FILE"]: Still modifying... [id=/subscriptions/subID-...ones/privatelink.file.core.windows.net, 20s elapsed]
azurerm_private_dns_zone.privatelink["QUEUE"]: Still modifying... [id=/subscriptions/subID-...nes/privatelink.queue.core.windows.net, 20s elapsed]
azurerm_private_dns_zone.privatelink["DFS"]: Still modifying... [id=/subscriptions/subID-...Zones/privatelink.dfs.core.windows.net, 30s elapsed]
azurerm_private_dns_zone.privatelink["BLOB"]: Still modifying... [id=/subscriptions/subID-...ones/privatelink.blob.core.windows.net, 30s elapsed]
azurerm_private_dns_zone.privatelink["COSMOS_SQL"]: Still modifying... [id=/subscriptions/subID-...sZones/privatelink.documents.azure.com, 30s elapsed]
azurerm_private_dns_zone.privatelink["KV"]: Still modifying... [id=/subscriptions/subID-...teDnsZones/private.vaultcore.azure.net, 30s elapsed]
azurerm_private_dns_zone.privatelink["WEB"]: Still modifying... [id=/subscriptions/subID-...Zones/privatelink.web.core.windows.net, 30s elapsed]
azurerm_private_dns_zone.privatelink["TABLE"]: Still modifying... [id=/subscriptions/subID-...nes/privatelink.table.core.windows.net, 30s elapsed]
azurerm_private_dns_zone.privatelink["ACR"]: Still modifying... [id=/subscriptions/subID-...privateDnsZones/privatelink.azurecr.io, 30s elapsed]
azurerm_private_dns_zone.privatelink["SQL"]: Still modifying... [id=/subscriptions/subID-...eDnsZones/private.database.windows.net, 30s elapsed]
azurerm_private_dns_zone.privatelink["FILE"]: Still modifying... [id=/subscriptions/subID-...ones/privatelink.file.core.windows.net, 30s elapsed]
azurerm_private_dns_zone.privatelink["QUEUE"]: Still modifying... [id=/subscriptions/subID-...nes/privatelink.queue.core.windows.net, 30s elapsed]
azurerm_private_dns_zone.privatelink["QUEUE"]: Modifications complete after 32s [id=/subscriptions/subID/resourceGroups/cus-azr-z-rg/providers/Microsoft.Network/privateDnsZones/privatelink.queue.core.windows.net]
azurerm_private_dns_zone.privatelink["BLOB"]: Modifications complete after 32s [id=/subscriptions/subID/resourceGroups/cus-azr-z-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net]
azurerm_private_dns_zone.privatelink["WEB"]: Modifications complete after 32s [id=/subscriptions/subID/resourceGroups/cus-azr-z-rg/providers/Microsoft.Network/privateDnsZones/privatelink.web.core.windows.net]
azurerm_private_dns_zone.privatelink["SQL"]: Modifications complete after 32s [id=/subscriptions/subID/resourceGroups/cus-azr-z-rg/providers/Microsoft.Network/privateDnsZones/private.database.windows.net]
azurerm_private_dns_zone.privatelink["KV"]: Modifications complete after 32s [id=/subscriptions/subID/resourceGroups/cus-azr-z-rg/providers/Microsoft.Network/privateDnsZones/private.vaultcore.azure.net]
azurerm_private_dns_zone.privatelink["DFS"]: Modifications complete after 32s [id=/subscriptions/subID/resourceGroups/cus-azr-z-rg/providers/Microsoft.Network/privateDnsZones/privatelink.dfs.core.windows.net]
azurerm_private_dns_zone.privatelink["ACR"]: Modifications complete after 32s [id=/subscriptions/subID/resourceGroups/cus-azr-z-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io]
azurerm_private_dns_zone.privatelink["COSMOS_SQL"]: Modifications complete after 32s [id=/subscriptions/subID/resourceGroups/cus-azr-z-rg/providers/Microsoft.Network/privateDnsZones/privatelink.documents.azure.com]
azurerm_private_dns_zone.privatelink["TABLE"]: Modifications complete after 33s [id=/subscriptions/subID/resourceGroups/cus-azr-z-rg/providers/Microsoft.Network/privateDnsZones/privatelink.table.core.windows.net]
azurerm_private_dns_zone.privatelink["FILE"]: Modifications complete after 33s [id=/subscriptions/subID/resourceGroups/cus-azr-z-rg/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net]
Apply complete! Resources: 0 added, 10 changed, 0 destroyed.
Expected Behavior
Tags should be applied after terraform apply is run.
Actual Behavior
Tags are not applied, but no error is displayed. TF Apply completes normally but the resource has no tags
Steps to Reproduce
terraform apply- Review Plan to see that
tagsare added to the resource - Review output of
applyto see that there are no errors, and that resources are changed - Run
terraform applyand see thatazurerm_private_dns_zonewill apply tags again.
Important Factoids
Nothing significant about this environment
References
johnwildes
👍2
All 5 comments
it seems an issue of azure api that tags will be omitted when the key contains :
njuCZ
on 20 Mar 2020
In this deployment, the tags are being applied to other resources within this deployment, including the : within the tag name. It's only these azurerm_private_dns_zone resources that the tags are not applying on.
Are you saying it's the Azure API for the private dns zone resource that is not applying tags with : ?
johnwildes
on 24 Mar 2020
I was able to replicate this, and it does seem to involve the ':'. For example, adding a tag of '"key:1" = "value"' works for the azurerm_resource_group resource, but not for azurerm_private_dns_zone resource. This can also be verified through the Azure UI and it actually hangs when trying to add a tag with a ':' to a private DNS zone.
akonrath
on 8 Apr 2020
I am looking do something similar to this. Add tags to DNS Zones with ":"
Is there any way to achieve this?
namratasuresh
on 17 Nov 2020
@njuCZ since this appears to be an API bug, can you raise an API issue to track this?
tombuildsstuff
on 18 Nov 2020
👍2
Was this page helpful?
0 / 5 - 0 ratings
Related issues
Faaux
路
3Comments
MMollyy
路
3Comments
mlazowik
路
3Comments
Lachlan-White
路
3Comments
tomasaschan
路
3Comments
Most helpful comment
@njuCZ since this appears to be an API bug, can you raise an API issue to track this?