terraform-provider-azurerm: Terraform doesn't dissociate the Public IP address before deleting it and deletion fails

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave “+1” or “me too” comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v0.11.11

  • provider.azurerm v1.20.0

Affected Resource(s)

*azurerm_network_interface *azurerm_public_ip

Terraform Configuration Files

resource "azurerm_network_interface" "main" {
  count               = "${var.numberof_nics}"
  name                = "${var.hostname}-nic${count.index}"
  location            = "${var.region}"
  resource_group_name = "${var.sub-name}-${var.region}-${var.aplication}-rg"

  ip_configuration {
    name                          = "${var.hostname}-ipaddress${count.index}"
    subnet_id                     = "${var.subnet[count.index]}"
    private_ip_address_allocation = "static"
    private_ip_address            = "${var.private_ip[count.index]}"
    public_ip_address_id          = "${length(azurerm_public_ip.main.*.id) > 0 ? element(concat(azurerm_public_ip.main.*.id, list("")), count.index) : ""}"

  }
  depends_on = ["azurerm_resource_group.main"]
}

resource "azurerm_public_ip" "main" {
  count                = "${var.public_ip == "true" ? 1 : 0}"
  name                 = "${var.sub-name}-${var.region}-${var.hostname}-PublicIP${count.index}"
  location             = "${var.region}"
  resource_group_name  = "${var.sub-name}-${var.region}-${var.aplication}-rg"
  public_ip_address_allocation = "${var.public_ip_alloc}"
}

Expected Behavior

Terraform should:

  1. Dissociate Public IP
  2. Delete Public IP resource.
Terraform will perform the following actions:

  ~ module.tf-azure-vm-linux-module-srv-003.azurerm_network_interface.main
      ip_configuration.0.public_ip_address_id: "/subscriptions/mysubscription/resourceGroups/my-resourcegroup-rg/providers/Microsoft.Network/publicIPAddresses/something-srv-003-PublicIP0" => ""

  - module.tf-azure-vm-linux-module-srv-003.azurerm_public_ip.main

Actual Behavior

It seems that Terraform tries to delete the Public IP in first place before doing the dissociation and it fails.

  Enter a value: yes

module.tf-azure-vm-linux-module-srv-003.azurerm_public_ip.main: Destroying... (ID: /subscriptions/mysubscription-...something-srv-003-PublicIP0)
Releasing state lock. This may take a few moments...

Error: Error applying plan:

1 error(s) occurred:

* module.tf-azure-vm-linux-module-srv-003.azurerm_public_ip.main (destroy): 1 error(s) occurred:

* azurerm_public_ip.main: Error deleting Public IP "something-srv-003-PublicIP0" (Resource Group "my-resourcegroup-rg-rg"): network.PublicIPAddressesClient#Delete: Failure sending request: StatusCode=0 -- Original Error: Code="PublicIPAddressCannotBeDeleted" Message="Public IP address /subscriptions/mysubscriiption/resourceGroups/my-resourcegroup-rg/providers/Microsoft.Network/publicIPAddresses/something-srv-003-PublicIP0 can not be deleted since it is still allocated to resource /subscriptions/mysubscriptioin/resourceGroups/my-resourcegroup-rg/providers/Microsoft.Network/networkInterfaces/something-003-nic0/ipConfigurations/something-003-ipaddress0." Details=[]

Steps to Reproduce

  1. terraform apply

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 63
  • Comments: 20 (4 by maintainers)

Most upvoted comments

Any update on this? This issue is still happening since there is no public_ip_association resource that will manage the association between a public IP and a NIC. The reference of the public IP is still in the NIC so when we try to change or remove the Public IP, the provider is supposed to modify the NIC to remove the association first, then destroy the public IP. This is exactly what the plan is describing but when it comes to the apply, it starting by deleting the public IP before updating the NIC which results to an error…

+5
fxredeyes on Nov 10, 2020

This bug is open from Dec 21, 2018 😦

+2
c4m4 on Nov 10, 2020

Same behavior here with the followings :

  • terraform v0.13.3
  • azurerm v2.20.0

This is really annoying. Any workaround ?

+2
Xat59 on Nov 10, 2020

Maybe one solution would be a design change, similar to the aws or openstack provider. In both provider, the association is done in the public ip ressource (e.g. https://www.terraform.io/docs/providers/aws/r/eip.html and https://www.terraform.io/docs/providers/openstack/r/networking_floatingip_v2.html via port_id) . Another solution is to add a public_ip_attachment resource (similar to disks attachments). (Similar has been done for application_gateway_backend_address_pools_ids of https://www.terraform.io/docs/providers/azurerm/r/network_interface.html )

With that, the attachment is a dependency of public_ip resource. If you destroy the public_ip, it will destroy the dependency

+2
jpbuecken on Sep 11, 2019

Glad to help. @tombuildsstuff , can you close this issue?

+1
IanMoroney on Jan 20, 2021

Any reason why this issue is not being looked into ? Valid comments above are marked as off-topic 😦 This issue still persists with terraform v0.13.5 azurerm v2.40.0

+1
sohel-m on Dec 23, 2020

Even if you add -target=azurerm_network_interface.main it STILL put destroying of public_ip into plan (and tries to do both in wrong order). This might be root cause or this issue. EDIT: Bug is still present in TF 0.12.24 and Azure 2.6.0 plugin…

+1
stawii on Nov 10, 2020

Any update on this?

+1
ghalevy on Jun 28, 2019
Read more comments on GitHub
← terraform-provider-azurerm: Terraform detects and applies changes in azurerm_windows_web_app even though the configuration is not changed
terraform-provider-azurerm: terraform plan hangs forever after trying to upgrade provider to 1.37.0 →