Terraform plan failing with "failed getting A-record: WAPI request error: 404('404 Not Found')" #493
Description
The following TF code was used to create an Azure Key Vault, assign it a Private Endpoint and add an A record to InfoBlox:
main.tf
module "key_vault_qa_01" {
source = "app.terraform.io/Molina-Cloud/azure-key-vault/azurerm"
version = "1.0.0"
key_vault_name = var.enso_kv_name_01
keyvault_sku = var.enso_kv_sku_01
resource_group_name = data.azurerm_resource_group.RG-key_vault_qa.name
resource_group_location = data.azurerm_resource_group.RG-key_vault_qa.location
:
tenant_id = data.azurerm_user_assigned_identity.kv-uami-key_vault_qa.tenant_id
:
}
module "privateendpoint-kv-sc-kv-enso-qa-01" {
source = "app.terraform.io/Molina-Cloud/privateendpoint/azurerm"
version = "1.0.5"
resource_group_name = data.azurerm_resource_group.RG-key_vault_qa.name
resource_group_location = data.azurerm_resource_group.RG-key_vault_qa.location
resource_name = var.enso_kv_name_01
resource_id = module.key_vault_qa_01.key_vault_id
subresource_names = ["vault"]
:
subnet_id = data.azurerm_subnet.Node-SNET-DC10AKSSTG.id
private_dns_zone_ids = [data.azurerm_private_dns_zone.key-vault-private-dns-zone.id]
private_dns_zone_name = data.azurerm_private_dns_zone.key-vault-private-dns-zone.name
:
}
module "DNSRecord-kv-sc-kv-enso-qa-01" {
source = "app.terraform.io/Molina-Cloud/dns-record/infoblox"
version = "1.0.1"
fqdn_name = "${var.enso_kv_name_01}.vault.azure.net" #==> "sc-kv-enso-qa-02"
ip_address = module.privateendpoint-kv-sc-kv-enso-qa-01.private-ip
}
requirements.tf
data "azurerm_private_dns_zone" "key-vault-private-dns-zone" {
name = "privatelink.vaultcore.azure.net"
resource_group_name = "ussc-non-prod-apps-vnet"
}
data "azurerm_resource_group" "RG-key_vault_qa" {
name = var.resource_group_name # <=== why no "location"?
}
• Unsure if the A record was correctly added
• Initially, NSLOOKUP sc-kv-enso-qa-02.vault.azure.net resolved to a Public IP Address. Public access was enabled.
• We did not troubleshoot why it was NOT resolving to a Public IP but noticed that there was no A record in InfoBlox for KV
• We proceeded to manually add the A record to InfoBlox
• NSLOOKUP resolved to the newly added private IP after the manual added A record
• However, we now are having issues with running the existing TF code which consistently fails with:
│ Error: failed getting A-record: WAPI request error: 404('404 Not Found')
│ Contents:
│ { "Error": "AdmConDataNotFoundError: Reference record:a/ZG5zLmJpbmRfYSQuX2RlZmF1bHQubmV0LmF6dXJlLnZhdWx0LHNjLWt2LWVuc28tcWEtMDIsMTAuMjM5Ljk5LjEy:sc-kv-enso-qa-02.vault.azure.net/default not found",
│ "code": "Client.Ibap.Data.NotFound",
│ "text": "Reference record:a/ZG5zLmJpbmRfYSQuX2RlZmF1bHQubmV0LmF6dXJlLnZhdWx0LHNjLWt2LWVuc28tcWEtMDIsMTAuMjM5Ljk5LjEy:sc-kv-enso-qa-02.vault.azure.net/default not found"
│ }
│
│
│ with module.DNSRecord-kv-sc-kv-enso-qa-01.infoblox_a_record.a-record,
│ on .terraform/modules/DNSRecord-kv-sc-kv-enso-qa-01/main.tf line 1, in resource "infoblox_a_record" "a-record":
│ 1: resource "infoblox_a_record" "a-record" {
│
╵
Operation failed: failed running terraform plan (exit 1)
• Doesn’t matter if we uncomment the PrivateEndpoint or DNS Record module – still fails with same error
InfoBlox shows the A record. So it seems the record is there.
Tfstate file shows:
{
"module": "module.DNSRecord-kv-sc-kv-enso-qa-01",
"mode": "managed",
"type": "infoblox_a_record",
"name": "a-record",
"provider": "provider[\"registry.terraform.io/infobloxopen/infoblox\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"cidr": null,
"comment": "",
"dns_view": "default",
"ext_attrs": null,
"fqdn": "sc-kv-enso-qa-02.vault.azure.net",
"id": "record:a/ZG5zLmJpbmRfYSQuX2RlZmF1bHQubmV0LmF6dXJlLnZhdWx0LHNjLWt2LWVuc28tcWEtMDIsMTAuMjM5Ljk5LjEy:sc-kv-enso-qa-02.vault.azure.net/default",
"ip_addr": "10.239.99.12",
"network_view": "default",
"ttl": -2147483648
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"data.azurerm_private_dns_zone.key-vault-private-dns-zone",
"data.azurerm_resource_group.RG-key_vault_qa",
"data.azurerm_subnet.Node-SNET-DC10AKSSTG",
"data.azurerm_user_assigned_identity.kv-uami-key_vault_qa",
"data.azurerm_virtual_network.VNET-DC10AKSSTG",
"module.key_vault_qa_01.azurerm_key_vault.sc-azure-keyvault",
"module.privateendpoint-kv-sc-kv-enso-qa-01.azurerm_private_endpoint.private-endpoint"
]
}
]
},
Unsure how this was added there.
This is TF Cloud. Using InfoBlox provider:
infoblox = {
source = "infobloxopen/infoblox"
version = "2.3.0"
Need to understand how to resolve this issue. Seems the record is there – so why does TF keep failing to retrieve it? Do we need to manually delete the A record and run the TF code again? If so, why would it succeed when it appears to not do so initially?