Microsoft.AzureStackHCI/networkInterfaces tags update disconnects the VM permanently

[FernandoMiguel]

Is there an existing issue for this?

• I have searched the existing issues

Terraform Version

1.10.4

Provider Version

2.2.0

Current Behavior

We are creating HCI linux VMs with terraform and azapi_resource with "Microsoft.AzureStackHCI/networkInterfaces@2024-08-01-preview" API
when network interface tags are changed, the NI seems to disconnect briefly from the VM, making the VM lose all network and never restoring.
A reboot does not fix this issue.
No other VM resources with tags seems to face this issue.
When this happens, we are forced to replace the VM entirely, leading to uptime issues.

The issue happens with the latest preview version of the API and several previous ones.

Expected Behavior

For tags to be updated, like with any other resource

Terraform configuration

$ terraform providers

Providers required by configuration:
.
│   ├── provider[registry.terraform.io/hashicorp/azurerm] >= 4.15.0
│   ├── provider[registry.terraform.io/hashicorp/vault] ~> 3.0
│   ├── provider[registry.terraform.io/hashicorp/random] >= 3.6.0
│   ├── provider[registry.terraform.io/hashicorp/time] >= 0.12.0
│   ├── provider[registry.terraform.io/azure/azapi] >= 2.2.0
│   ├── provider[terraform.io/builtin/terraform]

resource "azapi_resource" "azure_stack_hci_network_interface" {
  type      = "Microsoft.AzureStackHCI/networkInterfaces@2024-08-01-preview"
  location  = data.azapi_resource.vm_resource_group.location
  name      = format("%s-%s", local.vm_name, "ni")
  parent_id = data.azapi_resource.vm_resource_group.id
  tags      = local.resource_tags

  body = {
    properties = {
      ipConfigurations = [
        {
          properties = {
            subnet = {
              id = data.azapi_resource.logical_network.id
            }
          }
        }
      ]
    }
    extendedLocation = {
      name = data.azapi_resource.custom_location.id
      type = "CustomLocation"
    }
  }

  lifecycle {
    create_before_destroy = true
  }
}

locals {
  dynamic_tags = {
    BusinessUnit = var.bu
    CreationDate = time_static.creation.rfc3339
    Component    = var.component
    Environment  = var.env
  }
  resource_tags = merge(
    var.default_tags,
    local.dynamic_tags,
    var.resource_tags,
  )
}

Steps To Reproduce

1. terraform init -backend-config dev.backend.tfvars --upgrade --reconfigure
2. terraform apply -var-file dev.tfvars -parallelism=100

Anything else?

maybe related Azure/bicep-types-az#2246

we have been forced to add ignore_changes lifecycle rule to the NI resources, until this issue is fixed.

  lifecycle {
    create_before_destroy = true
    ignore_changes = [
      tags
    ]
  }

Not being able to have correct tags is not ideal in a production system.

We have tested CLI updates, and none reproduced this issue. So far only seems to affect modifications via terraform.
az azurestackhci networkinterface update --tags additionalProperties="sample" --name "hci-4cdf-ni" --resource-group "rg"
az network nic update --name hci-4cdf-ni --resource-group rg --set properties.creationDate=$(date +%Y-%m-%dT%H:%M:%S)