8000 Private endpoint NIC Slow to Delete - Causes Precondition Failed Error in Cosmos account · Issue #28831 · hashicorp/terraform-provider-azurerm · GitHub
[go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Private endpoint NIC Slow to Delete - Causes Precondition Failed Error in Cosmos account #28831

Open
1 task done
mchaves27 opened this issue Feb 20, 2025 · 2 comments
Open
1 task done

Private endpoint NIC Slow to Delete - Causes Precondition Failed Error in Cosmos account #28831

mchaves27 opened this issue Feb 20, 2025 · 2 comments
Labels
service/authorization service/cosmosdb service/key-vault Key Vault service/monitor service/network v/4.x

Comments

@mchaves27
Copy link
mchaves27 commented Feb 20, 2025
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

When destroying an azurerm_private_endpoint, the associated Network Interface Card (NIC) is taking approximately 10 minutes to be deleted. Although Terraform indicates that the private endpoint destruction is complete, the NIC deletion process lingers.
Consequently, when attempting to destroy the azurerm_cosmosdb_account, it fails with a PreconditionFailed error due to the NIC deletion operation still being in progress.

When creating this private endpoint, the NIC is created automatically. This process does not require separate code to create the NIC

Terraform Version

1.4.6

AzureRM Provider Version

4.19.0

Affected Resource(s)/Data Source(s)

azurerm_private_endpoint, azurerm_cosmosdb_account

Terraform Configuration Files

resource "azurerm_private_endpoint" "cosmosdb_private_endpoint" {
  name                = "pe-${var.name}"
  location            = var.location
  resource_group_name = var.resource_group_name
  subnet_id           = var.private_endpoint_details.subnet_id

  private_service_connection {
    name                           = "pec-${var.name}"
    private_connection_resource_id = azurerm_cosmosdb_account.account.id
    is_manual_connection           = false
    subresource_names              = ["mongodb"]
  }

  dynamic "private_dns_zone_group" {
    for_each = var.private_endpoint_details.private_dns_zone
    content {
      name                 = private_dns_zone_group.value.name
      private_dns_zone_ids = private_dns_zone_group.value.zone_ids
    }
  }
  
  depends_on = [
    azurerm_monitor_diagnostic_setting.eventhub_metrics_cosmos
    ]
}

resource "azurerm_cosmosdb_account" "account" {
  name                  = var.name
  location              = var.location
  resource_group_name   = var.resource_group_name
  minimal_tls_version   = var.minimal_tls_version
  create_mode           = var.create_mode
  default_identity_type = "UserAssignedIdentity=${azurerm_user_assigned_identity.cosmos_db_user_identity.id}"
  kind                  = var.kind
  mongo_server_version  = var.mongo_server_version
  dynamic "capabilities" {
    for_each = var.capabilities
    content {
      name = capabilities.value
    }
  }
  key_vault_key_id = azurerm_key_vault_key.cmk.versionless_id
  geo_location {
    location          = var.location
    failover_priority = 0
    zone_redundant    = var.zone_redundant
  }
  dynamic "geo_location" {
    for_each = var.replication_locations
    content {
      location          = geo_location.value.location
      failover_priority = geo_location.value.failover_priority
      zone_redundant    = geo_location.value.zone_redundant
    }
  }
    free_tier_enabled              = var.free_tier_enabled
  automatic_failover_enabled       = var.automatic_failover_enabled
  multiple_write_locations_enabled = var.multiple_write_locations_enabled
  local_authentication_disabled    = var.local_authentication_disabled
  identity {
    type         = "SystemAssigned, UserAssigned"
    identity_ids = [azurerm_user_assigned_identity.cosmos_db_user_identity.id]
  }
}

Debug Output/Panic Output

module.cosmosdb.azurerm_private_endpoint.cosmosdb_private_endpoint: Destruction complete after 1m53s
module.cosmosdb.azurerm_cosmosdb_account.account: Destroying... [id=/subscriptions/...
 
│ Error: deleting CosmosDB Account "cosno-test0f0ukw" (Resource Group "rg-cloud-ops-1"): performing DatabaseAccountsDelete: unexpected status 412 (412 Precondition Failed) with response: {"code":"PreconditionFailed","message":"There is already an operation in progress which requires exclusive lock on this service cosno-test0f0ukw. Please retry the operation after sometime.\r\nActivityId: c0cf12bf-fa57-4abf-8b85-3e5095c15223, Microsoft.Azure.Documents.Common/2.14.0"}

Expected Behaviour

azurerm_private_endpoint must show Destruction complete after NIC is already destroyed.

Actual Behaviour

NIC is taking around 10 minutes to be deleted, however log shows that azurerm_private_endpoint is destroyed.

Steps to Reproduce

No response

Important Factoids

No response

References

No response
@neil-yechenwei
Copy link
Contributor
neil-yechenwei commented Feb 21, 2025
edited
Loading

Thanks for raising this issue. It sounds like service API issue since API should return after the resource is completely deleted. I filed an issue on Swagger for tracking.

@mchaves27
Copy link
Author

@neil-yechenwei thanks for the clarification. I appreciate you reporting it.

Would you like me to keep this open until the API issue is resolved?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
service/authorization service/cosmosdb service/key-vault Key Vault service/monitor service/network v/4.x
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@neil-yechenwei @mchaves27
0