Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Terraform is unable to update tags on private endpoint that is attached to redis cache with enabled geo replication. #20909

Open
1 task done
DzmitrySurovets opened this issue Mar 13, 2023 · 3 comments
Open
1 task done

Terraform is unable to update tags on private endpoint that is attached to redis cache with enabled geo replication. #20909

DzmitrySurovets opened this issue Mar 13, 2023 · 3 comments
Labels
question service/network v/3.x

Comments

@DzmitrySurovets
Copy link

DzmitrySurovets commented Mar 13, 2023
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.4.0

AzureRM Provider Version

3.47.0

Affected Resource(s)/Data Source(s)

azurerm_private_endpoint

Terraform Configuration Files

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "first_redis_cache_rg" {
  name     = "first_redis_cache_rg"
  location = "westeurope"
}

resource "azurerm_resource_group" "second_redis_cache_rg" {
  name     = "second_redis_cache_rg"
  location = "northeurope"
}

# NOTE: the Name used for Redis needs to be globally unique
resource "azurerm_redis_cache" "first" {
  name                = "first-redis-cache"
  location            = azurerm_resource_group.first_redis_cache_rg.location
  resource_group_name = azurerm_resource_group.first_redis_cache_rg.name
  capacity            = 1
  family              = "P"
  sku_name            = "Premium"
  enable_non_ssl_port = false
  shard_count         = 3

  redis_configuration {
    maxmemory_reserved = 2
    maxmemory_delta    = 2
    maxmemory_policy   = "allkeys-lru"
  }
}


resource "azurerm_redis_cache" "second" {
  name                = "second-redis-cache"
  location            = azurerm_resource_group.second_redis_cache_rg.location
  resource_group_name = azurerm_resource_group.second_redis_cache_rg.name
  capacity            = 1
  family              = "P"
  sku_name            = "Premium"
  enable_non_ssl_port = false
  shard_count         = 3

  redis_configuration {
    maxmemory_reserved = 2
    maxmemory_delta    = 2
    maxmemory_policy   = "allkeys-lru"
  }
}

resource "azurerm_redis_linked_server" "this" {

  target_redis_cache_name     = azurerm_redis_cache.first.name
  resource_group_name         = azurerm_resource_group.first_redis_cache_rg.name
  linked_redis_cache_id       = azurerm_redis_cache.second.id
  linked_redis_cache_location = azurerm_resource_group.second_redis_cache_rg.location
  server_role                 = "Secondary"
  depends_on = [azurerm_private_endpoint.this]
}

resource "azurerm_private_endpoint" "this" {
  name                = "first-redis-cache-private-endpoint"
  location            = azurerm_resource_group.first_redis_cache_rg.location
  resource_group_name = azurerm_resource_group.first_redis_cache_rg.name
  subnet_id           = var.private_endpoint_subnet_id

  private_service_connection {
    name                           = "first-redis-cache-private-endpoint"
    private_connection_resource_id = azurerm_redis_cache.first.id
    subresource_names              = ["redisCache"]
    is_manual_connection           = false
  }

  private_dns_zone_group {
    name                 = "privatelink.documents.azure.com"
    private_dns_zone_ids = tolist([var.private_dns_zone_id])
  }

  tags = var.tags
}

variable private_endpoint_subnet_id {
  type        = string
  default    = "/subscriptions/***/resourceGroups/***/providers/Microsoft.Network/virtualNetworks/***/subnets/***"
  description = "The ID of the Subnet from which Private IP Addresses will be allocated for this Private Endpoint."
}

variable private_dns_zone_id {
  type        = string
  default    = "/subscriptions/***/resourceGroups/***/providers/Microsoft.Network/privateDnsZones/privatelink.redis.cache.windows.net"
  description = "Id of privatelink.documents.azure.com private dns zone"
}

variable tags {
  type        = map
  default     = {
    tag1 = "value1"
    tag2 = "value3"
  }
  description = "description"
}

Debug Output/Panic Output

dsurovets@*** terraform_bug_report $ terraform apply
azurerm_resource_group.first_redis_cache_rg: Refreshing state... [id=/subscriptions/***/resourceGroups/first_redis_cache_rg]
azurerm_resource_group.second_redis_cache_rg: Refreshing state... [id=/subscriptions/***/resourceGroups/second_redis_cache_rg]
azurerm_redis_cache.second: Refreshing state... [id=/subscriptions/***/resourceGroups/second_redis_cache_rg/providers/Microsoft.Cache/redis/second-redis-cache]
azurerm_redis_cache.first: Refreshing state... [id=/subscriptions/***/resourceGroups/first_redis_cache_rg/providers/Microsoft.Cache/redis/first-redis-cache]
azurerm_private_endpoint.this: Refreshing state... [id=/subscriptions/***/resourceGroups/first_redis_cache_rg/providers/Microsoft.Network/privateEndpoints/first-redis-cache-private-endpoint]
azurerm_redis_linked_server.this: Refreshing state... [id=/subscriptions/***/resourceGroups/first_redis_cache_rg/providers/Microsoft.Cache/redis/first-redis-cache/linkedServers/second-redis-cache]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # azurerm_private_endpoint.this will be updated in-place
  ~ resource "azurerm_private_endpoint" "this" {
        id                       = "/subscriptions/***/resourceGroups/first_redis_cache_rg/providers/Microsoft.Network/privateEndpoints/first-redis-cache-private-endpoint"
        name                     = "first-redis-cache-private-endpoint"
      ~ tags                     = {
            "tag1" = "value1"
          ~ "tag2" = "value2" -> "value3"
        }
        # (6 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # azurerm_redis_cache.first will be updated in-place
  ~ resource "azurerm_redis_cache" "first" {
        id                            = "/subscriptions/***/resourceGroups/first_redis_cache_rg/providers/Microsoft.Cache/redis/first-redis-cache"
        name                          = "first-redis-cache"
      ~ public_network_access_enabled = false -> true
        tags                          = {}
        # (20 unchanged attributes hidden)

      ~ redis_configuration {
          ~ maxmemory_delta                 = 642 -> 2
          ~ maxmemory_reserved              = 642 -> 2
            # (8 unchanged attributes hidden)
        }
    }

  # azurerm_redis_cache.second will be updated in-place
  ~ resource "azurerm_redis_cache" "second" {
        id                            = "/subscriptions/***/resourceGroups/second_redis_cache_rg/providers/Microsoft.Cache/redis/second-redis-cache"
        name                          = "second-redis-cache"
        tags                          = {}
        # (21 unchanged attributes hidden)

      ~ redis_configuration {
          ~ maxmemory_delta                 = 642 -> 2
          ~ maxmemory_reserved              = 642 -> 2
            # (8 unchanged attributes hidden)
        }
    }

Plan: 0 to add, 3 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

azurerm_redis_cache.first: Modifying... [id=/subscriptions/***/resourceGroups/first_redis_cache_rg/providers/Microsoft.Cache/redis/first-redis-cache]
azurerm_redis_cache.second: Modifying... [id=/subscriptions/***/resourceGroups/second_redis_cache_rg/providers/Microsoft.Cache/redis/second-redis-cache]
azurerm_redis_cache.second: Modifications complete after 4s [id=/subscriptions/***/resourceGroups/second_redis_cache_rg/providers/Microsoft.Cache/redis/second-redis-cache]
azurerm_redis_cache.first: Still modifying... [id=/subscriptions/***-...icrosoft.Cache/redis/first-redis-cache, 10s elapsed]
azurerm_redis_cache.first: Modifications complete after 19s [id=/subscriptions/***/resourceGroups/first_redis_cache_rg/providers/Microsoft.Cache/redis/first-redis-cache]
azurerm_private_endpoint.this: Modifying... [id=/subscriptions/***/resourceGroups/first_redis_cache_rg/providers/Microsoft.Network/privateEndpoints/first-redis-cache-private-endpoint]
╷
│ Error: updating Private Endpoint "first-redis-cache-private-endpoint" (Resource Group "first_redis_cache_rg"): network.PrivateEndpointsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest" Message="Call to Microsoft.Cache/redis failed. Error message: This cache is geo replicated and cannot be the target of a private endpoint.\r\nRequestID=83e2bf92-e864-4ef3-b753-67efab282272" Details=[]
│
│   with azurerm_private_endpoint.this,
│   on main.tf line 61, in resource "azurerm_private_endpoint" "this":
│   61: resource "azurerm_private_endpoint" "this" {
│
╵

Expected Behaviour

Tags on private endpoint should be updated.

Actual Behaviour

│ Error: updating Private Endpoint "first-redis-cache-private-endpoint" (Resource Group "first_redis_cache_rg"): network.PrivateEndpointsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest" Message="Call to Microsoft.Cache/redis failed. Error message: This cache is geo replicated and cannot be the target of a private endpoint.\r\nRequestID=83e2bf92-e864-4ef3-b753-67efab282272" Details=[]

│ with azurerm_private_endpoint.this,
│ on main.tf line 61, in resource "azurerm_private_endpoint" "this":
│ 61: resource "azurerm_private_endpoint" "this" {

Steps to Reproduce

  1. Create "privatelink.documents.azure.com" private dns zone.

  2. Specify following variables:
    private_dns_zone_id
    private_endpoint_subnet_id

  3. Run "terraform apply"

  4. Change values in tags variable

  5. Run "terraform apply"

Important Factoids

No response

References

No response
@github-actions github-actions bot removed the bug label Mar 13, 2023
@xuzhang3
Copy link
Contributor

@DzmitrySurovets A linked sever was created between the two Redis instance, you need remove the linked server before update the tags.

@DzmitrySurovets
Copy link
Author

@xuzhang3 Yes, that's right, but I am finding the solution how to update private endpoint tags without removing the linked server.
I can update tags on private endpoint with azure cli or with ARM template, but I can't update with terraform.

@Meertman Meertman mentioned this issue Nov 6, 2023
Open
1 task
@jeffreyrubi
Copy link

I experienced the same issue of failing to update the value of a tags in a private-endpoint through terraform.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question service/network v/3.x
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@manicminer @jeffreyrubi @xuzhang3 @catriona-m @DzmitrySurovets