terraform-provider-azurerm: Redeploying a resource group and child resources fails with "Error: Resource group was not found" when using a data resource within a module

This issue was originally opened by @derekwinters as hashicorp/terraform#23738. It was migrated here as a result of the provider split. The original body of the issue is below.

Terraform Version

Terraform v0.12.18
+ provider.azurerm v1.39.0

Terraform Configuration Files

# main.tf

provider "azurerm" {
  version         = "=1.39.0"
  subscription_id = "redacted"
}

data "azurerm_subnet" "subnet" {
  name                 = "redacted"
  virtual_network_name = "redacted"
  resource_group_name  = "resource_group_1"
}

# create.tf

resource "azurerm_resource_group" "resource_group" {
  name     = "resource_group_2"
  location = "eastus2"
}

# This section is from a module, but for the purpose of reproducing it's simplified and added directly to the create.tf file
data "azurerm_resource_group" "new_rg" {
  name = azurerm_resource_group.resource_group.name
}

resource "azurerm_virtual_machine" "vm" {
  name                             = "test_vm"
  location                         = data.azurerm_resource_group.new_rg.location
  resource_group_name              = data.azurerm_resource_group.new_rg.name
  vm_size                          = "Standard_B1ls"
  delete_os_disk_on_termination    = true
  delete_data_disks_on_termination = true
  network_interface_ids            = [azurerm_network_interface.nic1.id]

  storage_os_disk {
    name          = "test_vm_osdisk"
    caching       = "ReadWrite"
    create_option = "FromImage"
  }

  storage_image_reference {
    publisher = "Canonical"
    offer     = "UbuntuServer"
    sku       = "18.04-LTS"
    version   = "latest"
  }

  os_profile {
    computer_name  = "testvm"
    admin_username = "myadmin"
    admin_password = "TestP@ss1!"
  }

  os_profile_linux_config {
    disable_password_authentication = false
  }

  identity {
    type = "SystemAssigned"
  }
}

resource "azurerm_network_interface" "nic1" {
  name                = "test_vm_nic"
  location            = data.azurerm_resource_group.new_rg.location
  resource_group_name = data.azurerm_resource_group.new_rg.name

  ip_configuration {
    name                          = "test_vm_ip"
    subnet_id                     = data.azurerm_subnet.subnet.id
    private_ip_address_allocation = "Dynamic"
  }
}

Expected Behavior

If this configuration is deployed and needs to be redeployed, sometimes it is easier to remove the configuration (instead of terraform taint), then add the configuration back to redeploy. It would be expected to redeploy successfully.

Actual Behavior

If a configuration is removed and applied, and then added back and applied, the data "azurerm_resource_group" "new_rg" resource will fail with Error: Error: Resource Group "resource_group_2" was not found

Steps to Reproduce

  1. terraform init
  2. terraform apply
  3. mv create.tf create.tf.bak
  4. terraform apply
  5. mv create.tf.bak create.tf
  6. terraform apply

Additional Context

If there is anything in the configuration after step 4, the error occurs. In this example, if the data "azurerm_subnet" data resource is also removed, the error does not occur.

I’ve found two ways to work around this bug

  1. Remove everything else from the configuration and terraform apply, then add everything back. This obviously isn’t ideal, but it does work in the example if I also remove the data "azurerm_subnet" data resource and terraform apply, then add everything back, terraform apply will work again. If I remove the subnet data, terraform apply, add the subnet data back and terraform apply again, then add all the resources back, the error re-occurs.
  2. Add only the new_rg resource back, terraform apply, then add the rest of the resources that go in that resource group.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 11
  • Comments: 15 (3 by maintainers)

Most upvoted comments

Has there been any progress on this issue?

I am seeing the exact same behavior when attempting to use the resource group data source, in Azurerm provider 1.39 (tf version .012)

data “azurerm_resource_group” “core-rg” { name = “${var.project_ident}-${var.env_ident}-${var.core_rg_name}” }

I get “Error: Error: Resource Group “rg_name” was not found”

And if i try to use the rg data source, as a reference for another data source, i get both data sources dont exist

data “azurerm_key_vault” “kv” { name = “${var.project_ident}-${var.env_ident}-${var.kv_name}” resource_group_name = data.azurerm_resource_group.core-rg.name }

I get “Error: KeyVault “kv_name” (Resource Group “rg_name”) does not exist”

This is prohibiting me from using my modules now that i have upgraded to .012 to take advantage of new features

+7
Gvazzana on Jan 2, 2020

This still occurs. I have a similar config where i deploy a number of VMs. The initial apply works, but if I increase the number of VM’s after the fact, it fails stating the resource group was not found.

+1
thos25 on Apr 3, 2020

#Bump I am observing the exact same behavior after upgrading to TF 0.12 for both the data providers mentioned in @Gvazzana’s post. Please note that this is a blocker that prevents creating reusable modules that try to reference existing Resource Groups or Key Vaults.

+1
vfab on Jan 21, 2020
Read more comments on GitHub
← terraform-provider-azurerm: Problem with IP Restriction rules in azurerm_app_service resource
terraform-provider-azurerm: Resource must be replaced. azurerm_linux_virtual_machine must be replaced →