Hello community.
I have some Terraform code that I’ve used many times to successfully deploy PostgreSQL Flexible Servers in multiple Azure subscriptions. Until now.
What I’m trying to do
- I’ve added new configuration for the new, which includes names, size, network information, etc.
- I’m deploying the code and I’m getting an error saying that cannot find the resource it’s trying to create.
- I’ve created a small PoC that only deploys the PostgreSQL and the result is the same.
Code
resource "azurerm_postgresql_flexible_server" "server" {
name = local.server_name
resource_group_name = var.resource_group_name
location = var.azure_location
administrator_login = var.pgsql_admin_login
administrator_password = random_password.dbadmin.result
version = var.pgsql_version
storage_mb = var.pgsql_storage_mb
create_mode = var.pgsql_create_mode
sku_name = var.pgsql_sku_name
auto_grow_enabled = var.pgsql_storage_auto_grow_enabled
delegated_subnet_id = var.delegated_subnet_id
private_dns_zone_id = var.private_dns_zone_id
geo_redundant_backup_enabled = var.pgsql_geo_redundant_backup_enabled
public_network_access_enabled = local.pgsql_public_network_access_enabled
tags = var.tags
authentication {
password_auth_enabled = true
active_directory_auth_enabled = var.active_directory_auth_enabled
tenant_id = var.active_directory_auth_enabled ? var.tenant_id : null
}
dynamic "high_availability" {
for_each = local.high_availability_configuration
content {
mode = var.pgsql_high_availability_mode
}
}
lifecycle {
ignore_changes = [
# To avoid the error `zone` and `high_availability.0.standby_availability_zone`
# should only be either exchanged with each other or unchanged" when no `zone` is provided.
# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_flexible_server
zone,
high_availability.0.standby_availability_zone
]
}
}
resource "azurerm_postgresql_flexible_server_active_directory_administrator" "ad_admin" {
for_each = local.active_directory_administrators
server_name = azurerm_postgresql_flexible_server.server.name
resource_group_name = azurerm_postgresql_flexible_server.server.resource_group_name
tenant_id = var.tenant_id
object_id = each.value.object_id
principal_name = each.value.principal_name
principal_type = each.value.principal_type
}
Commands executed
$ terraform -chdir=src init
Initializing the backend...
Initializing modules...
Initializing provider plugins...
- Reusing previous version of hashicorp/azurerm from the dependency lock file
- Reusing previous version of hashicorp/random from the dependency lock file
- Using previously-installed hashicorp/azurerm v4.48.0
- Using previously-installed hashicorp/random v3.7.2
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
$ terraform -chdir=src plan -out .terraform/terraform.tfplan
Acquiring state lock. This may take a few moments...
data.azurerm_resource_group.network: Reading...
data.azurerm_private_dns_zone.flex_server: Reading...
data.azurerm_subnet.pgsql: Reading...
data.azurerm_virtual_network.vnet: Reading...
data.azurerm_client_config.current: Reading...
data.azurerm_client_config.current: Read complete after 0s [id=Y2xpZW50Q29uZmlncy9jbGllbnRJZD0wNGIwNzc5NS04ZGRiLTQ2MWEtYmJlZS0wMmY5ZTFiZjdiNDY7b2JqZWN0SWQ9NDNmZmIxOTktNzhhMy00ZmVkLWJjZTUtYTgyYjhlMmNkYTdmO3N1YnNjcmlwdGlvbklkPWQzZjQzNGIwLTg1OTctNDQ1NS1iMWEzLTIzY2Q3MTVlNzZkMjt0ZW5hbnRJZD02ZTA2ZTQyZC02OTI1LTQ3YzYtYjllNy05NTgxYzdjYTMwMmE=]
data.azurerm_subnet.pgsql: Read complete after 0s [id=/subscriptions/d3f434b0-8597-4455-b1a3-23cd715e76d2/resourceGroups/rg-d-we1-azbnl-default-primary-networking/providers/Microsoft.Network/virtualNetworks/vnet-d-we1-azbnl-default-primary/subnets/sub-d-we1-enterprise-44-81-46-192-28]
data.azurerm_resource_group.network: Read complete after 1s [id=/subscriptions/d3f434b0-8597-4455-b1a3-23cd715e76d2/resourceGroups/rg-d-we1-azbnl-default-primary-networking]
data.azurerm_virtual_network.vnet: Read complete after 1s [id=/subscriptions/d3f434b0-8597-4455-b1a3-23cd715e76d2/resourceGroups/rg-d-we1-azbnl-default-primary-networking/providers/Microsoft.Network/virtualNetworks/vnet-d-we1-azbnl-default-primary]
data.azurerm_private_dns_zone.flex_server: Read complete after 2s [id=/subscriptions/d3f434b0-8597-4455-b1a3-23cd715e76d2/resourceGroups/rg-bnl-global-nonprod-shared-resources/providers/Microsoft.Network/privateDnsZones/flex.nonprod.postgres.database.azure.com]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# azurerm_resource_group.primary will be created
+ resource "azurerm_resource_group" "primary" {
+ id = (known after apply)
+ location = "westeurope"
+ name = "rg-bnl-we1-nonprod-service-deploy-shared-pgsql-sccplus"
+ tags = {
+ "alz_location" = "we1"
+ "app.service" = "AS_Postgress_SQL_Cloud_Database_BNL_T"
+ "business_unit" = "labs"
+ "created_with" = "terraform"
+ "deployment_mode" = "automation"
+ "environment" = "nonprod"
+ "workload_type" = "service"
}
}
# module.postgresql_flexible_server["labs-sccplus-001"].azurerm_postgresql_flexible_server.server will be created
+ resource "azurerm_postgresql_flexible_server" "server" {
+ administrator_login = "dbadmin"
+ administrator_password = (sensitive value)
+ administrator_password_wo = (write-only attribute)
+ auto_grow_enabled = false
+ backup_retention_days = (known after apply)
+ create_mode = "Update"
+ delegated_subnet_id = "/subscriptions/d3f434b0-8597-4455-b1a3-23cd715e76d2/resourceGroups/rg-d-we1-azbnl-default-primary-networking/providers/Microsoft.Network/virtualNetworks/vnet-d-we1-azbnl-default-primary/subnets/sub-d-we1-enterprise-44-81-46-192-28"
+ fqdn = (known after apply)
+ geo_redundant_backup_enabled = false
+ id = (known after apply)
+ location = "westeurope"
+ name = "pgsql-azbnl-we1-nonprod-service-labs-sccplus-001"
+ private_dns_zone_id = "/subscriptions/d3f434b0-8597-4455-b1a3-23cd715e76d2/resourceGroups/rg-bnl-global-nonprod-shared-resources/providers/Microsoft.Network/privateDnsZones/flex.nonprod.postgres.database.azure.com"
+ public_network_access_enabled = false
+ resource_group_name = "rg-bnl-we1-nonprod-service-deploy-shared-pgsql-sccplus"
+ sku_name = "B_Standard_B2s"
+ storage_mb = 32768
+ storage_tier = (known after apply)
+ tags = {
+ "alz_location" = "we1"
+ "app.service" = "AS_Postgress_SQL_Cloud_Database_BNL_T"
+ "business_unit" = "labs"
+ "created_with" = "terraform"
+ "deployment_mode" = "automation"
+ "environment" = "nonprod"
+ "workload_type" = "service"
}
+ version = "16"
+ authentication {
+ active_directory_auth_enabled = true
+ password_auth_enabled = true
+ tenant_id = "6e06e42d-6925-47c6-b9e7-9581c7ca302a"
}
}
# module.postgresql_flexible_server["labs-sccplus-001"].azurerm_postgresql_flexible_server_active_directory_administrator.ad_admin["73ba5a92-37cd-458f-a17f-d3784f4db77f"] will be created
+ resource "azurerm_postgresql_flexible_server_active_directory_administrator" "ad_admin" {
+ id = (known after apply)
+ object_id = "73ba5a92-37cd-458f-a17f-d3784f4db77f"
+ principal_name = "AZBNL-Apps-DBA"
+ principal_type = "Group"
+ resource_group_name = "rg-bnl-we1-nonprod-service-deploy-shared-pgsql-sccplus"
+ server_name = "pgsql-azbnl-we1-nonprod-service-labs-sccplus-001"
+ tenant_id = "6e06e42d-6925-47c6-b9e7-9581c7ca302a"
}
# module.postgresql_flexible_server["labs-sccplus-001"].random_password.dbadmin will be created
+ resource "random_password" "dbadmin" {
+ bcrypt_hash = (sensitive value)
+ id = (known after apply)
+ length = 32
+ lower = true
+ min_lower = 6
+ min_numeric = 6
+ min_special = 0
+ min_upper = 6
+ number = true
+ numeric = true
+ result = (sensitive value)
+ special = false
+ upper = true
}
Plan: 4 to add, 0 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Saved the plan to: .terraform/terraform.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply ".terraform/terraform.tfplan"
Releasing state lock. This may take a few moments...
$ terraform -chdir=src apply .terraform/terraform.tfplan
Do you want to apply these changes? (yes/NO): yes
Acquiring state lock. This may take a few moments...
module.postgresql_flexible_server["labs-sccplus-001"].random_password.dbadmin: Creating...
module.postgresql_flexible_server["labs-sccplus-001"].random_password.dbadmin: Creation complete after 0s [id=none]
azurerm_resource_group.primary: Creating...
azurerm_resource_group.primary: Still creating... [00m10s elapsed]
azurerm_resource_group.primary: Creation complete after 14s [id=/subscriptions/d3f434b0-8597-4455-b1a3-23cd715e76d2/resourceGroups/rg-bnl-we1-nonprod-service-deploy-shared-pgsql-sccplus]
module.postgresql_flexible_server["labs-sccplus-001"].azurerm_postgresql_flexible_server.server: Creating...
╷
│ Error: creating Flexible Server (Subscription: "d3f434b0-8597-4455-b1a3-23cd715e76d2"
│ Resource Group Name: "rg-bnl-we1-nonprod-service-deploy-shared-pgsql-sccplus"
│ Flexible Server Name: "pgsql-azbnl-we1-nonprod-service-labs-sccplus-001"): performing Create: unexpected status 404 (404 Not Found) with error: ResourceNotFound: The requested resource of type 'Microsoft.DBforPostgreSQL/flexibleServers' with name 'pgsql-azbnl-we1-nonprod-service-labs-sccplus-001' was not found.
│
│ with module.postgresql_flexible_server["labs-sccplus-001"].azurerm_postgresql_flexible_server.server,
│ on modules/postgresql_flexible_server/postgresql_server.tf line 1, in resource "azurerm_postgresql_flexible_server" "server":
│ 1: resource "azurerm_postgresql_flexible_server" "server" {
│
╵
Releasing state lock. This may take a few moments...
Troubleshoot
- I’m able to create other resources using Terraform
- I’m able to create a PostgreSQL Flexible Server using the Azure Portal
- I’m using the same user in the Azure Portal and in the terminal
Question
What do you think it’s the problem? I’m unable to find a reason for this to be happening.