对象已在 Terraform 之外发生更改,随后 "terraform apply" 删除资源而不更改脚本
Objects have changed outside of Terraform and subsequent "terraform apply" deletes resources without any changes in the scripts
这是脚本。
- 第一次“应用”时,行为符合预期。
- 在第二次“应用”时,我得到“对象已在 Terraform 之外更改”,即使没有手动更改资源。
- 此外,在第二次“应用”时,子网将被删除。
---模块---
data "azurerm_resource_group" "rg" {
name = var.resource_group_name
}
resource "azurerm_virtual_network" "vnet" {
name = var.vnet_name
resource_group_name = data.azurerm_resource_group.rg.name
location = data.azurerm_resource_group.rg.location
address_space = var.vnet_address_space
dns_servers = var.dns_servers
subnet = []
}
resource "azurerm_subnet" "subnet" {
name = var.subnet_name
resource_group_name = var.resource_group_name
virtual_network_name = var.vnet_name
address_prefixes = var.subnet_address_space
enforce_private_link_endpoint_network_policies = var.enforce_private_link_endpoint_network_policies
}
module "vnet_gateway_dev" {
source = "./../../az_modules/vnet"
vnet_name = var.vnet_name
resource_group_name = data.azurerm_resource_group.rg.name
vnet_address_space = var.vnet_address_space
dns_servers = var.dns_servers
depends_on = [data.azurerm_resource_group.rg]
}
module "subnet" {
source = "./../../az_modules/subnet"
for_each = {for subnet in var.subnet_config: subnet.subnet_name => subnet}
resource_group_name = data.azurerm_resource_group.rg.name
vnet_name = each.value.vnet_name
subnet_name = each.value.subnet_name
subnet_address_space = each.value.subnet_adress_space
enforce_private_link_endpoint_network_policies = each.value.enforce_private_link_endpoint_network_policies
depends_on = [module.vnet_gateway_dev]
}
---输入文件---
resource_group_name="RG-01"
vnet_name = "VNET-DEV-01"
vnet_address_space = ["10.104.0.0/22"]
nsg_location="germanywestcentral"
dns_servers = []
subnet_config = [
{
vnet_name = "VNET-DEV-01"
subnet_name = "snet-01"
subnet_adress_space = ["10.104.0.0/28"]
enforce_private_link_endpoint_network_policies = null
nsg_rules = []
}
---这是地形规划---
Note: Objects have changed outside of Terraform
Terraform detected the following changes made outside of Terraform since the
# module.subnet["snet-01"].azurerm_subnet.subnet has been changed
~ resource "azurerm_subnet" "subnet" {
id = "/subscriptions/1111111111111111/***/providers/Microsoft.Network/virtualNetworks/VNET-DEV-01/subnets/snet-01"
name = "snet-01"
+ service_endpoint_policy_ids = []
+ service_endpoints = []
# (6 unchanged attributes hidden)
}
# module.vnet_gateway_dev.azurerm_virtual_network.vnet has been changed
~ resource "azurerm_virtual_network" "vnet" {
id = "/subscriptions/1111111111111111/resourceGroups/***/providers/Microsoft.Network/virtualNetworks/VNET-DEV-01"
name = "VNET-DEV-01"
~ subnet = [
+ {
+ address_prefix = "10.104.0.0/28"
+ id = "/subscriptions/1111111111111111/***/providers/Microsoft.Network/virtualNetworks/VNET-DEV-01/subnets/snet-01"
+ name = "snet-01"
+ security_group = ""
}
}
------------
Terraform will perform the following actions:
# module.vnet_gateway_dev.azurerm_virtual_network.vnet will be updated in-place
~ resource "azurerm_virtual_network" "vnet" {
id = "/subscriptions/1111111111111111/resourceGroups/***/providers/Microsoft.Network/virtualNetworks/VNET-DEV-01"
name = "VNET-DEV-01"
~ subnet = [
- {
- address_prefix = "10.104.0.0/28"
- id = "/subscriptions/1111111111111111/***/providers/Microsoft.Network/virtualNetworks/VNET-DEV-01/subnets/snet-01"
- name = "snet-01"
- security_group = ""
},
]
}
我认为发生这种情况是因为您正在 删除这些子网 使用:
subnet = []
TF 文档 write:
At this time you cannot use a Virtual Network with in-line Subnets in conjunction with any Subnet resources. Doing so will cause a conflict of Subnet configurations and will overwrite Subnet's.
因此您必须决定是要在 azurerm_virtual_network 中使用 subnet 还是单独的资源 azurerm_subnet。不能同时混用。
这是脚本。
- 第一次“应用”时,行为符合预期。
- 在第二次“应用”时,我得到“对象已在 Terraform 之外更改”,即使没有手动更改资源。
- 此外,在第二次“应用”时,子网将被删除。
---模块---
data "azurerm_resource_group" "rg" {
name = var.resource_group_name
}
resource "azurerm_virtual_network" "vnet" {
name = var.vnet_name
resource_group_name = data.azurerm_resource_group.rg.name
location = data.azurerm_resource_group.rg.location
address_space = var.vnet_address_space
dns_servers = var.dns_servers
subnet = []
}
resource "azurerm_subnet" "subnet" {
name = var.subnet_name
resource_group_name = var.resource_group_name
virtual_network_name = var.vnet_name
address_prefixes = var.subnet_address_space
enforce_private_link_endpoint_network_policies = var.enforce_private_link_endpoint_network_policies
}
module "vnet_gateway_dev" {
source = "./../../az_modules/vnet"
vnet_name = var.vnet_name
resource_group_name = data.azurerm_resource_group.rg.name
vnet_address_space = var.vnet_address_space
dns_servers = var.dns_servers
depends_on = [data.azurerm_resource_group.rg]
}
module "subnet" {
source = "./../../az_modules/subnet"
for_each = {for subnet in var.subnet_config: subnet.subnet_name => subnet}
resource_group_name = data.azurerm_resource_group.rg.name
vnet_name = each.value.vnet_name
subnet_name = each.value.subnet_name
subnet_address_space = each.value.subnet_adress_space
enforce_private_link_endpoint_network_policies = each.value.enforce_private_link_endpoint_network_policies
depends_on = [module.vnet_gateway_dev]
}
---输入文件---
resource_group_name="RG-01"
vnet_name = "VNET-DEV-01"
vnet_address_space = ["10.104.0.0/22"]
nsg_location="germanywestcentral"
dns_servers = []
subnet_config = [
{
vnet_name = "VNET-DEV-01"
subnet_name = "snet-01"
subnet_adress_space = ["10.104.0.0/28"]
enforce_private_link_endpoint_network_policies = null
nsg_rules = []
}
---这是地形规划---
Note: Objects have changed outside of Terraform
Terraform detected the following changes made outside of Terraform since the
# module.subnet["snet-01"].azurerm_subnet.subnet has been changed
~ resource "azurerm_subnet" "subnet" {
id = "/subscriptions/1111111111111111/***/providers/Microsoft.Network/virtualNetworks/VNET-DEV-01/subnets/snet-01"
name = "snet-01"
+ service_endpoint_policy_ids = []
+ service_endpoints = []
# (6 unchanged attributes hidden)
}
# module.vnet_gateway_dev.azurerm_virtual_network.vnet has been changed
~ resource "azurerm_virtual_network" "vnet" {
id = "/subscriptions/1111111111111111/resourceGroups/***/providers/Microsoft.Network/virtualNetworks/VNET-DEV-01"
name = "VNET-DEV-01"
~ subnet = [
+ {
+ address_prefix = "10.104.0.0/28"
+ id = "/subscriptions/1111111111111111/***/providers/Microsoft.Network/virtualNetworks/VNET-DEV-01/subnets/snet-01"
+ name = "snet-01"
+ security_group = ""
}
}
------------
Terraform will perform the following actions:
# module.vnet_gateway_dev.azurerm_virtual_network.vnet will be updated in-place
~ resource "azurerm_virtual_network" "vnet" {
id = "/subscriptions/1111111111111111/resourceGroups/***/providers/Microsoft.Network/virtualNetworks/VNET-DEV-01"
name = "VNET-DEV-01"
~ subnet = [
- {
- address_prefix = "10.104.0.0/28"
- id = "/subscriptions/1111111111111111/***/providers/Microsoft.Network/virtualNetworks/VNET-DEV-01/subnets/snet-01"
- name = "snet-01"
- security_group = ""
},
]
}
我认为发生这种情况是因为您正在 删除这些子网 使用:
subnet = []
TF 文档 write:
At this time you cannot use a Virtual Network with in-line Subnets in conjunction with any Subnet resources. Doing so will cause a conflict of Subnet configurations and will overwrite Subnet's.
因此您必须决定是要在 azurerm_virtual_network 中使用 subnet 还是单独的资源 azurerm_subnet。不能同时混用。