Bugfix: Error creating VM with private IP in DTL.

[kmsisco]

Creating a VM in a DTL that doesn't allow public IPs results in the following error messages even when "disallow_public_ip_address" is true.

Error: Error waiting for creation/update of DevTest Linux Virtual Machine "terraform-test" (Lab "xxx" / Resource Group "..."): Code="RequestDisallowedByPolicy" Message="Resource 'xxx' was disallowed by policy. Policy identifiers: '[{"policyAssignment":{"name":"No Public IP Policy","id":"/subscriptions/xxx/providers/Microsoft.Authorization/policyAssignments/xxx"},"policyDefinition":{"name":"NoPublicIPPolicyDefinition","id":"/subscriptions/xxx/providers/Microsoft.Authorization/policyDefinitions/NoPublicIPPolicyDefinition"}}]'."

This change only sets the NetworkInterface property if inbound_nat_rules was defined to allow Azure to use its defaults.

[katbyte]

Hi @kmsisco,

Would moving line 181 into the if statement so ‘nic’ Is nil when disable public up is true work too?

[kmsisco]

@katbyte Moving 181 into the if has the same effect as the current code. I am setting disallow_public_ip_address to true to get a private IP but I don't want it to initialize the nic. When the structure is passed Azure tries to allocate a public IP for some reason.

I removed the comment about reproducing issue with Azure REST API. Further testing showed that was not correct.

[katbyte]

Ah, could you write a test with that specific configuration the fails before the fix, and passes after?

Thanks @kmsisco

[kmsisco]

Added acceptance tests.

These changes depend on #3717

[katbyte]

@kmsisco,

Tried to run the acceptance tests today and got:

------- Stdout: -------
=== RUN   TestAccAzureRMDevTestLinuxVirtualMachine_privatePolicy
--- FAIL: TestAccAzureRMDevTestLinuxVirtualMachine_privatePolicy (1263.37s)
    testing.go:568: Step 0 error: After applying this step, the plan was not empty:
        
        DIFF:
        
        UPDATE: azurerm_dev_test_linux_virtual_machine.test
          allow_claim:                         "true" => "true"
          disallow_public_ip_address:          "true" => "true"
          fqdn:                                "" => ""
          gallery_image_reference.#:           "1" => "1"
          gallery_image_reference.0.offer:     "UbuntuServer" => "UbuntuServer"
          gallery_image_reference.0.publisher: "Canonical" => "Canonical"
          gallery_image_reference.0.sku:       "18.04-LTS" => "18.04-LTS"
          gallery_image_reference.0.version:   "latest" => "latest"
          id:                                  "/subscriptions/1a6092a6-137e-4025-9a7c-ef77f76f2c02/resourcegroups/acctestrg-190802152219228149/providers/microsoft.devtestlab/labs/acctestdtl190802152219228149/virtualmachines/acctestvm-vm190802152219228149" => "/subscriptions/1a6092a6-137e-4025-9a7c-ef77f76f2c02/resourcegroups/acctestrg-190802152219228149/providers/microsoft.devtestlab/labs/acctestdtl190802152219228149/virtualmachines/acctestvm-vm190802152219228149"
          inbound_nat_rule.#:                  "0" => "0"
          lab_name:                            "acctestdtl190802152219228149" => "acctestdtl190802152219228149"
          lab_subnet_name:                     "acctestdtvn190802152219228149Subnet" => "acctestdtvn190802152219228149Subnet"
          lab_virtual_network_id:              "/subscriptions/1a6092a6-137e-4025-9a7c-ef77f76f2c02/resourcegroups/acctestrg-190802152219228149/providers/microsoft.devtestlab/labs/acctestdtl190802152219228149/virtualnetworks/acctestdtvn190802152219228149" => "/subscriptions/1a6092a6-137e-4025-9a7c-ef77f76f2c02/resourcegroups/acctestrg-190802152219228149/providers/microsoft.devtestlab/labs/acctestdtl190802152219228149/virtualnetworks/acctestdtvn190802152219228149"
          location:                            "westeurope" => "westeurope"
          name:                                "acctestvm-vm190802152219228149" => "acctestvm-vm190802152219228149"
          notes:                               "" => ""
          password:                            "Pa$$w0rd1234!" => "Pa$$w0rd1234!"
          resource_group_name:                 "acctestrg-190802152219228149" => "acctestrg-190802152219228149"
          size:                                "Standard_F2" => "Standard_F2"
          storage_type:                        "Premium" => "Standard"
          tags.Acceptance:                     "Test" => "Test"
          unique_identifier:                   "66f0ec63-f2bb-43f4-99f2-e5f4fae3f012" => "66f0ec63-f2bb-43f4-99f2-e5f4fae3f012"
          username:                            "acct5stU5er" => "acct5stU5er"
        

so i changed the storage type and got a new error:

        Error: Error creating/updating DevTest Linux Virtual Machine "acctestvm-vm190802114613370723" (Lab "acctestdtl190802114613370723" / Resource Group "acctestRG-190802114613370723"): dtl.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InvalidSubnetUsed" Message="Subnet acctestdtvn190802114613370723Subnet either is not enabled or is not part of specified virtual network /subscriptions/1a6092a6-137e-4025-9a7c-ef77f76f2c02/resourcegroups/acctestrg-190802114613370723/providers/microsoft.devtestlab/labs/acctestdtl190802114613370723/virtualnetworks/acctestdtvn190802114613370723."

[kmsisco]

@katbyte

I merged the changes that fixed the virtual network issue and now the tests pass.

[katbyte]

@kmsisco,

I am still getting a diff on the test for:

=== RUN   TestAccAzureRMDevTestLinuxVirtualMachine_privatePolicy
--- FAIL: TestAccAzureRMDevTestLinuxVirtualMachine_privatePolicy (1261.89s)
    testing.go:568: Step 0 error: After applying this step, the plan was not empty:
        
        DIFF:
        
        UPDATE: azurerm_dev_test_linux_virtual_machine.test
 ...
          storage_type:                        "Premium" => "Standard"
        
```,

I think you'll need to change the storage type to `Premium` for some reason?

[katbyte]

@kmsisco,

The test is now failing with:

 DIFF:
        
        CREATE: azurerm_policy_assignment.test
          description:          "" => "No Public IP Policy Test"
          display_name:         "" => "No Public IP Policy"
          id:                   "" => "<computed>"
          identity:             "" => "<computed>"
          name:                 "" => "test-policy-assignment"
          policy_definition_id: "" => "<computed>"
          scope:                "" => "/subscriptions/1a6092a6-137e-4025-9a7c-ef77f76f2c02"
        CREATE: azurerm_policy_definition.test
          display_name: "" => "No Public IP Policy"
          id:           "" => "<computed>"
          metadata:     "" => "<computed>"
          mode:         "" => "Indexed"
          name:         "" => "NoPublicIPPolicyDefinition"
          policy_rule:  "" => "  {\n    \"if\": {\n      \"anyOf\": [{\n        \"source\": \"action\",\n        \"like\": \"Microsoft.Network/publicIPAddresses/*\"\n      }]\n    },\n    \"then\": {\n      \"effect\": \"deny\"\n    }\n  }\n"
          policy_type:  "" => "Custom"
        

Is this something unique to our environment maybe 🤔

[tombuildsstuff]

hey @kmsisco

Apologies for the delayed re-review here!

Since we've not heard back from you here and some of the test cases here are failing - rather than leaving this open languishing (since our team are currently focused on other areas) I'm going to suggest we close this PR for the moment.

Should you (or somebody else) be able to resolve the failing test then we're more than happy to take another look - however whilst I'd like to thank you for this contribution I'm going to close this PR for the moment.

Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!