Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azurerm_public_ip addresses now default to "non-zonal" #9095

Open
Liquidmantis opened this issue Oct 29, 2020 · 9 comments
Open

azurerm_public_ip addresses now default to "non-zonal" #9095

Liquidmantis opened this issue Oct 29, 2020 · 9 comments
Labels
sdk/requires-newer-api-version This requires upgrading the version of the API being used service/public-ip v/2.x (legacy)

Comments

@Liquidmantis
Copy link

Liquidmantis commented Oct 29, 2020
edited

See: https://azure.microsoft.com/en-us/updates/zone-behavior-change/

I created an Azure Firewall on Sept 1 with two public IP addresses. Today I tried to add a third using the same configuration but the new IP cannot be associated with the firewall due to an API error that all the public IPs must be in the same zone (error in linked gist below). My CLI queries show the zone of all three IPs as zone: {}; however, I opened a ticket with Microsoft and they were able to get a zone (logical) property that has N/A for the two original IPs and 1 for the newest IP.

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v0.13.5
provider registry.terraform.io/hashicorp/azurerm v2.34.0

Affected Resource(s)

  • azurerm_public_ip
  • azurerm_firewall
    (this issue may impact other resources if you wish to associate multiple IP addresses)

Terraform Configuration Files

All three IPs were created with this same block and different ordinals (I know, I know. Loop and DRY...)

resource "azurerm_public_ip" "firewall_pip_03" {
  name                = "${var.firewall_name}_pip_03"
  location            = azurerm_resource_group.firewall_rg.location
  resource_group_name = azurerm_resource_group.firewall_rg.name
  allocation_method   = "Static"
  sku                 = "Standard"
}

Debug Output

https://gist.github.com/Liquidmantis/406fada6362282f6e32a39e665b48645

Expected Behavior

Public IP needs to be zone-redundant but the current provider doesn't support this.

Actual Behavior

New public IPs are created as "non-zonal" as default, and the API used by the Terraform provider only supports specifying a specific zone.
@tombuildsstuff tombuildsstuff added breaking-change upstream/microsoft Indicates that there's an upstream issue blocking this issue/PR service/public-ip sdk/requires-newer-api-version This requires upgrading the version of the API being used and removed breaking-change upstream/microsoft Indicates that there's an upstream issue blocking this issue/PR labels Oct 30, 2020
@hbuckle
Copy link
Contributor

hbuckle commented Nov 5, 2020

I'm a bit confused by this - the announcement mentions API version 2020-08-01, which doesn't seem to exist yet. And Terraform is using 2020-05-01, which should be unaffected?

@jknott-terraform
Copy link

What is the workaround for this?

network.AzureFirewallsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="AzureFirewallAllPublicIPZonesMustMatch" Message="Azure Firewall /subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewalls/ references public IP /subscriptions//resourceGroups//providers/Microsoft.Network/publicIPAddresses/ with zones and public IP /subscriptions//resourceGroups//providers/Microsoft.Network/publicIPAddresses/prod-fw-ip with zones 1, 2, 3. All public IP zones must be the same." Details=[]

@Liquidmantis
Copy link
Author

Sorry, I haven't seen the updates on this issue. We have a ticket open with Microsoft but don't have a resolution yet. It does seem to be some backend API issue, though. Creating public IPs through Powershell or the Azure Portal results in the same issue.

@jknott-terraform
Copy link

Does anyone know if this is still broken?

@jknott-terraform
Copy link

It is fixed in 2.40 version of azurerm provider

@windwindblow
Copy link

windwindblow commented May 14, 2021
edited

Is there any fix made here to reverse the behavior? The funny thing is I need the opposite thing. I'd like to create a default No Zone standard IP.
In Azure PowerShell, I can do this by either not adding -Zone or using an empty string list -Zone []. Doing the same thing in Terraform will result in creating a fully zone-redundant IP which is the same as I pass zone [1,2,3].
Is there any way I can use Terraform to create a standard No Zone IP?

@magodo
Copy link
Collaborator

magodo commented May 15, 2021

This seems to be fixed in #11627

@windwindblow
Copy link

I am a little confused how the original post hit the "non-zonal IP" issue that azurerm has not updated to the network API after 2020-08-01 yet.

@ms-henglu
Copy link
Contributor

@windwindblow , hi, you can use availability_zone="No-Zone" to create a no zone resource now.
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip#availability_zone

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
sdk/requires-newer-api-version This requires upgrading the version of the API being used service/public-ip v/2.x (legacy)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@Liquidmantis @tombuildsstuff @magodo @hbuckle @jknott-terraform @ms-henglu @windwindblow @catriona-m