Terraform does not ignore internal_domain_name_suffix on Azure

[AlbMor]

Terraform Version

Terraform v1.0.9
on linux_amd64
+ provider registry.terraform.io/hashicorp/azurerm v2.65.0
If you are not running the latest version of Terraform, please try upgrading because your issue may have already been fixed.

### Terraform Configuration Files

#create the network interface
resource "azurerm_network_interface" "vm" {
  count                         = var.num_instances
  name                          = "${var.vm_hostname}-${count.index}-nic"
  resource_group_name           = data.azurerm_resource_group.vm.name
  location                      = data.azurerm_resource_group.vm.location

  ip_configuration {
    name                          = "${var.vm_hostname}-${count.index}-ip"
    subnet_id                     = var.vnet_subnet_id
    private_ip_address_allocation = "Dynamic"
  }

  lifecycle {
    ignore_changes = [
      # Ignore changes to internal_domain_name_suffix, e.g. because a management agent
      # updates these based on some ruleset managed elsewhere.
      internal_domain_name_suffix
    ]
  }

  tags = var.tags
}

Debug Output

Expected Behavior

What should have happened?
Terraform is ignoring the changes to internal_domain_name_suffix that are managed by Azure

Actual Behavior

What actually happened?
When running terrafom plan I get

# module.build_server_compute_lower.azurerm_network_interface.vm[10] has been changed
  ~ resource "azurerm_network_interface" "vm" {
        id                            = "/subscriptions/f1c77d69-f5d9-4/resourceGroups/-buildvm-rg/providers/Microsoft.Network/networkInterfaces/bldLo-10-nic"
      + internal_domain_name_suffix   = "q00govt3vp2epfsh3ypbyp3xdc.ax.internal.cloudapp.net"
        name                          = "bldLo-10-nic"
        tags                          = {
            "dfSegment" = "dri"
            "scope"     = "BuildServers"
        }
        # (10 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond to
these changes.

No changes. Your infrastructure matches the configuration.

Your configuration already matches the changes detected above. If you'd like to update the Terraform state to match, create and apply a refresh-only plan:
  terraform apply -refresh-only 

Steps to Reproduce

1. terraform init
2. terraform plan

[jbardin]

Hi @AlbMor,

Thanks for filing the issue. The ignore_changes features ignore changes that would be imposed by the configuration, but this output is only reporting changes caused by the provider. This is what is meant by the "Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, ..." part of the message, implying that ignore_changes will still prevent Terraform from reverting these based on the configuration.

As for preventing this particular output, you may be interested in #28803.

Thanks!

[AlbMor]

Hi @jbardin

What dos it mean?

shall I run terraform apply -refresh-only each time there is a change from the provider?

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.