Here are the scripts.
- On first "apply" the behavior is as expected.
- On 2nd "apply" I get the "Objects have changed outside of Terraform" even though there have been no manual changes of resources.
- Also, on 2nd "apply" the subnet gets deleted.
---modules---
data "azurerm_resource_group" "rg" {
name = var.resource_group_name
}
resource "azurerm_virtual_network" "vnet" {
name = var.vnet_name
resource_group_name = data.azurerm_resource_group.rg.name
location = data.azurerm_resource_group.rg.location
address_space = var.vnet_address_space
dns_servers = var.dns_servers
subnet = []
}
resource "azurerm_subnet" "subnet" {
name = var.subnet_name
resource_group_name = var.resource_group_name
virtual_network_name = var.vnet_name
address_prefixes = var.subnet_address_space
enforce_private_link_endpoint_network_policies = var.enforce_private_link_endpoint_network_policies
}
module "vnet_gateway_dev" {
source = "./../../az_modules/vnet"
vnet_name = var.vnet_name
resource_group_name = data.azurerm_resource_group.rg.name
vnet_address_space = var.vnet_address_space
dns_servers = var.dns_servers
depends_on = [data.azurerm_resource_group.rg]
}
module "subnet" {
source = "./../../az_modules/subnet"
for_each = {for subnet in var.subnet_config: subnet.subnet_name => subnet}
resource_group_name = data.azurerm_resource_group.rg.name
vnet_name = each.value.vnet_name
subnet_name = each.value.subnet_name
subnet_address_space = each.value.subnet_adress_space
enforce_private_link_endpoint_network_policies = each.value.enforce_private_link_endpoint_network_policies
depends_on = [module.vnet_gateway_dev]
}
---input-file---
resource_group_name="RG-01"
vnet_name = "VNET-DEV-01"
vnet_address_space = ["10.104.0.0/22"]
nsg_location="germanywestcentral"
dns_servers = []
subnet_config = [
{
vnet_name = "VNET-DEV-01"
subnet_name = "snet-01"
subnet_adress_space = ["10.104.0.0/28"]
enforce_private_link_endpoint_network_policies = null
nsg_rules = []
}
---Here is the terraform plan---
Note: Objects have changed outside of Terraform
Terraform detected the following changes made outside of Terraform since the
# module.subnet["snet-01"].azurerm_subnet.subnet has been changed
~ resource "azurerm_subnet" "subnet" {
id = "/subscriptions/1111111111111111/***/providers/Microsoft.Network/virtualNetworks/VNET-DEV-01/subnets/snet-01"
name = "snet-01"
service_endpoint_policy_ids = []
service_endpoints = []
# (6 unchanged attributes hidden)
}
# module.vnet_gateway_dev.azurerm_virtual_network.vnet has been changed
~ resource "azurerm_virtual_network" "vnet" {
id = "/subscriptions/1111111111111111/resourceGroups/***/providers/Microsoft.Network/virtualNetworks/VNET-DEV-01"
name = "VNET-DEV-01"
~ subnet = [
{
address_prefix = "10.104.0.0/28"
id = "/subscriptions/1111111111111111/***/providers/Microsoft.Network/virtualNetworks/VNET-DEV-01/subnets/snet-01"
name = "snet-01"
security_group = ""
}
}
------------
Terraform will perform the following actions:
# module.vnet_gateway_dev.azurerm_virtual_network.vnet will be updated in-place
~ resource "azurerm_virtual_network" "vnet" {
id = "/subscriptions/1111111111111111/resourceGroups/***/providers/Microsoft.Network/virtualNetworks/VNET-DEV-01"
name = "VNET-DEV-01"
~ subnet = [
- {
- address_prefix = "10.104.0.0/28"
- id = "/subscriptions/1111111111111111/***/providers/Microsoft.Network/virtualNetworks/VNET-DEV-01/subnets/snet-01"
- name = "snet-01"
- security_group = ""
},
]
}
CodePudding user response:
I think that this happens because you are deleting those subnets by using:
subnet = []
TF docs write:
At this time you cannot use a Virtual Network with in-line Subnets in conjunction with any Subnet resources. Doing so will cause a conflict of Subnet configurations and will overwrite Subnet's.
So you have to decide if you want to use subnet in azurerm_virtual_network or a separate resource azurerm_subnet. You can't mix both at the same time.