terraform-provider-azurerm icon indicating copy to clipboard operation
terraform-provider-azurerm copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Failure to create `azurerm_private_endpoint

Open bengesoff opened this issue 6 months ago • 5 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Community Note

  • Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.9.5

AzureRM Provider Version

3.115.0

Affected Resource(s)/Data Source(s)

azurerm_private_endpoint

Terraform Configuration Files

locals {
  pl_alias = "internal-ingress-nginx.837de879-b929-40fe-a7e5-673072f4b71e.westeurope.azure.privatelinkservice"
}

resource "azurerm_private_endpoint" "privatelink_grafana" {
  name                = "grafana-pl"
  location            = data.azurerm_resource_group.kubernetes.location
  resource_group_name = data.azurerm_resource_group.kubernetes.name
  subnet_id           = data.azurerm_subnet.kubernetes.id

  private_service_connection {
    name                              = "grafana-pl"
    is_manual_connection              = false
    private_connection_resource_alias = local.pl_alias
  }
}

Debug Output/Panic Output

Error: creating Private Endpoint (Subscription: "1f62296d-9176-438d-b0bd-8050fcd89c54" Resource Group Name: "rG-vnet-001_prod" Private Endpoint Name: "grafana-pl"): performing CreateOrUpdate: unexpected status 400 (400 Bad Request) with error: LinkedInvalidPropertyId: Property id 'internal-ingress-nginx.837de879-b929-40fe-a7e5-673072f4b71e.westeurope.azure.privatelinkservice' at path 'properties.privateLinkServiceConnections[0].properties.privateLinkServiceId' is invalid. Expect fully qualified resource Id that start with '/subscriptions/{subscriptionId}' or '/providers/{resourceProviderNamespace}/'.

Expected Behaviour

Should have succssfully used the private link service alias to create the private endpoint, and not tried to use it as a service ID.

Actual Behaviour

The creation failed because it sent the alias as an ID, despite the alias field being used in the provider. This failed validation in the Microsoft API, which was expecting a valid ID.

I believe this code could be the culprit https://github.com/hashicorp/terraform-provider-azurerm/blob/af0806e764913e72c3511bd2562e230715ab7709/internal/services/network/private_endpoint_resource.go#L754

Steps to Reproduce

No response

Important Factoids

No response

References

No response

bengesoff avatar Aug 22 '24 06:08 bengesoff