[BUG] Not Possible Associate to Vnet Subnet created via terraform

[fdmsantos]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.5.6

AzureRM Provider Version

3.65.0

Affected Resource(s)/Data Source(s)

azurerm_app_service_virtual_network_swift_connection and azurerm_app_service_slot_virtual_network_swift_connection

Terraform Configuration Files

module "subnet" {
  source               = "claranet/subnet/azurerm"
  version              = "6.2.0"
  resource_group_name  = var.az_resource_group_name
  virtual_network_name = module.vnet[0].virtual_network_name
  custom_subnet_name   = "${var.name_prefix}-private-subnet"
  subnet_cidr_list     = ["10.0.0.16/28"]
  network_security_group_name = module.nsg[0].network_security_group_name
  subnet_delegation = {
    app-service = [
      {
        name    = "Microsoft.Web/serverFarms"
        actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
      }
    ]
  }

  use_caf_naming = false
  location_short = ""
  client_name    = ""
  environment    = ""
  stack          = ""
}

And in function app module add:

app_service_vnet_integration_subnet_id = module.subnet.subnet_id 

Debug Output/Panic Output

╷
│ Error: Invalid count argument
│ 
│   on .terraform/modules/app-service/modules/container-web-app/r-appservice.tf line 673, in resource "azurerm_app_service_virtual_network_swift_connection" "app_service_vnet_integration":
│  673:   count          = var.app_service_vnet_integration_subnet_id == null ? 0 : 1
│ 
│ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To work around this, use the -target argument to first apply only
│ the resources that the count depends on.

│ Error: Invalid count argument
│ 
│   on .terraform/modules/app-service/modules/container-web-app/r-appservice.tf line 679, in resource "azurerm_app_service_slot_virtual_network_swift_connection" "app_service_slot_vnet_integration":
│  679:   count          = var.staging_slot_enabled && var.app_service_vnet_integration_subnet_id != null ? 1 : 0
│ 
│ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To work around this, use the -target argument to first apply only
│ the resources that the count depends on.

Expected Behaviour

It's not possible associate app service to Vnet Subnet if the Subnet is also created in terraform. Because the resources are depending from count keyword, where the count value cannot be determined until apply.

Expected Behaviour: Azure Web App deployed on subnet.

Actual Behaviour

Terraform error

Steps to Reproduce

No response

Important Factoids

No response

References

No response

[BzSpi]

Hello @fdmsantos

Thank you for opening this issue.
Unfortunately, this is a Terraform limitation. See here and here.
Even if we try to do our best building modules to avoid dealing with this issue, we sometimes encounter it.
I'm afraid that your only solution is to target the creation of your subnet and do a second full apply.

[fdmsantos]

Hi, Tks for your reply. Im aware about that limitation. Im unable to test it now, but creation a new bool variable (something like integration_on_vnet = true) and used it on count, i think will solve this issue. I think, already found this solution on another claranet module (Probably function app module). But right now, i dont have access to my computer to confirm. Thanks.

…

On Mon, Sep 4, 2023, 13:52 Spi ***@***.***> wrote: Hello @fdmsantos <https://github.com/fdmsantos> Thank you for opening this issue. Unfortunately, this is a Terraform limitation. See here <hashicorp/terraform#30937> and here <hashicorp/terraform#26755>. Even if we try to do our best building modules to avoid dealing with this issue, we sometimes encounter it. I'm afraid that your only solution is to target the creation of your subnet and do a second full apply. — Reply to this email directly, view it on GitHub <#8 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AGGIXOQFQN75HURYC7G7PK3XYXFINANCNFSM6AAAAAA4HZS2IU> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[BzSpi]

You're right, we have it on some modules.

Also, we've removed the swift resource for function-app but not app-service and cannot remember why. Let me check.

[fdmsantos]

hi @BzSpi ,

Any news?

Thanks

[BzSpi]

Hi @fdmsantos

Sorry for the delay. We have previously experienced issues with the VNet integration in the app service resource, it may have been fixed now.
We've added it in our internal backlog but feel free to suggest an implementation.

[Shr3ps]

Fixed in latest v7.8: https://github.com/claranet/terraform-azurerm-app-service/blob/master/CHANGELOG.md#v780---2023-10-10