PostgreSQL virtual network rule gives incorrect response for invalid data

[ac-astuartkregor]

Bug Report

Affects hashicorp/terraform-provider-azurerm#1774.

• import path: services/postgresql/mgmt/2017-12-01/postgresql
• SDK version: v18.0.0
• go version: go version go1.10.3 darwin/amd64

What happened?

Attempting to create a PostgreSQL virtual network rule from Terraform using postgresql.VirtualNetworkRulesClient with IgnoreMissingVnetServiceEndpoint set to false but the service endpoint is not configured on the target subnet.

The API unexpectedly responded with HTTP 202 Accepted.

What did you expect or want to happen?

The API should have responded with HTTP 400 Bad Request, similar to the behaviour seen with SQL virtual network rules under similar circumstances (service endpoint is missing, IgnoreMissingVnetServiceEndpoint is false).

How can we reproduce it?

1. Create a virtual network with a subnet
2. Ensure that the Microsoft.Sql service endpoint is not configured on the subnet
3. Create a PostgreSQL server
4. Attempt to create the PostgreSQL virtual network rule and observe the response code

Anything we should know about your environment.

This behaviour has been observed through Terraform's use of the Azure SDK for Go.

Fine details

What follows is the detailed output when running terraform with TF_LOG=debug. Terraform is attempting to create the rule but does not receive an error code. Additionally, the documentation for virtual network rules does not indicate that this error will be received even though the SQL virtual network rule creation fails.

There are two output blocks, the first relates to the PostgreSQL virtual network rule and the second relates to the SQL virtual network rule.

2018-08-21T17:38:17.284+0100 [DEBUG] plugin.terraform-provider-azurerm: 2018/08/21 17:38:17 [DEBUG] AzureRM Request:
2018-08-21T17:38:17.284+0100 [DEBUG] plugin.terraform-provider-azurerm: PUT /subscriptions/<redacted>/resourceGroups/acctestRG-1/providers/Microsoft.DBforPostgreSQL/servers/acctestpostgresqlsvr-1/virtualNetworkRules/acctestpostgresqlvnetrule1?api-version=2017-12-01 HTTP/1.1
2018-08-21T17:38:17.284+0100 [DEBUG] plugin.terraform-provider-azurerm: Host: management.azure.com
2018-08-21T17:38:17.284+0100 [DEBUG] plugin.terraform-provider-azurerm: User-Agent: Go/go1.10.3 (amd64-darwin) go-autorest/v10.12.0 Azure-SDK-For-Go/v18.0.0 postgresql/2017-12-01;HashiCorp-Terraform-v0.11.3
2018-08-21T17:38:17.284+0100 [DEBUG] plugin.terraform-provider-azurerm: Content-Length: 243
2018-08-21T17:38:17.284+0100 [DEBUG] plugin.terraform-provider-azurerm: Authorization: Bearer <redacted>
  subnet_id:                            "" => "/subscriptions/<redacted>/resourceGroups/acctestRG-1/providers/Microsoft.Network/virtualNetworks/acctestvnet1/subnets/acctestsubnet1"
2018-08-21T17:38:17.284+0100 [DEBUG] plugin.terraform-provider-azurerm: Content-Type: application/json; charset=utf-8
2018-08-21T17:38:17.284+0100 [DEBUG] plugin.terraform-provider-azurerm: Accept-Encoding: gzip
2018-08-21T17:38:17.284+0100 [DEBUG] plugin.terraform-provider-azurerm: 
2018-08-21T17:38:17.677+0100 [DEBUG] plugin.terraform-provider-azurerm: 2018/08/21 17:38:17 [DEBUG] AzureRM Response for https://management.azure.com/subscriptions/<redacted>/resourceGroups/acctestRG-1/providers/Microsoft.DBforPostgreSQL/servers/acctestpostgresqlsvr-1/virtualNetworkRules/acctestpostgresqlvnetrule1?api-version=2017-12-01:
2018-08-21T17:38:17.677+0100 [DEBUG] plugin.terraform-provider-azurerm: HTTP/1.1 202 Accepted
2018-08-21T17:38:17.677+0100 [DEBUG] plugin.terraform-provider-azurerm: Content-Length: 88
2018-08-21T17:38:17.677+0100 [DEBUG] plugin.terraform-provider-azurerm: Azure-Asyncoperation: https://management.azure.com/subscriptions/<redacted>/resourceGroups/acctestRG-1/providers/Microsoft.DBforPostgreSQL/locations/canadacentral/azureAsyncOperation/8d3081ed-2509-4465-9c93-5dc6b26ee686?api-version=2017-12-01
2018-08-21T17:38:17.677+0100 [DEBUG] plugin.terraform-provider-azurerm: Cache-Control: no-cache
2018-08-21T17:38:17.677+0100 [DEBUG] plugin.terraform-provider-azurerm: Content-Type: application/json; charset=utf-8
2018-08-21T17:38:17.677+0100 [DEBUG] plugin.terraform-provider-azurerm: Date: Tue, 21 Aug 2018 16:39:05 GMT
2018-08-21T17:38:17.677+0100 [DEBUG] plugin.terraform-provider-azurerm: Expires: -1
2018-08-21T17:38:17.677+0100 [DEBUG] plugin.terraform-provider-azurerm: Location: https://management.azure.com/subscriptions/<redacted>/resourceGroups/acctestRG-1/providers/Microsoft.DBforPostgreSQL/locations/canadacentral/operationResults/8d3081ed-2509-4465-9c93-5dc6b26ee686?api-version=2017-12-01
2018-08-21T17:38:17.677+0100 [DEBUG] plugin.terraform-provider-azurerm: Pragma: no-cache
2018-08-21T17:38:17.677+0100 [DEBUG] plugin.terraform-provider-azurerm: Retry-After: 30
2018-08-21T17:38:17.677+0100 [DEBUG] plugin.terraform-provider-azurerm: Server: Microsoft-HTTPAPI/2.0
2018-08-21T17:38:17.677+0100 [DEBUG] plugin.terraform-provider-azurerm: Strict-Transport-Security: max-age=31536000; includeSubDomains
2018-08-21T17:38:17.677+0100 [DEBUG] plugin.terraform-provider-azurerm: X-Content-Type-Options: nosniff
2018-08-21T17:38:17.677+0100 [DEBUG] plugin.terraform-provider-azurerm: X-Ms-Correlation-Request-Id: b66ac427-9f24-47fb-991a-80aeab0f6609
2018-08-21T17:38:17.677+0100 [DEBUG] plugin.terraform-provider-azurerm: X-Ms-Ratelimit-Remaining-Subscription-Writes: 1197
2018-08-21T17:38:17.677+0100 [DEBUG] plugin.terraform-provider-azurerm: X-Ms-Request-Id: 8d3081ed-2509-4465-9c93-5dc6b26ee686
2018-08-21T17:38:17.677+0100 [DEBUG] plugin.terraform-provider-azurerm: X-Ms-Routing-Request-Id: CANADAEAST:20180821T163906Z:b66ac427-9f24-47fb-991a-80aeab0f6609
2018-08-21T17:38:17.677+0100 [DEBUG] plugin.terraform-provider-azurerm: 
2018-08-21T17:38:17.677+0100 [DEBUG] plugin.terraform-provider-azurerm: 2018/08/21 17:38:17 [DEBUG] Waiting for PostgreSQL Virtual Network Rule "acctestpostgresqlvnetrule1" (PostgreSQL Server: "acctestpostgresqlsvr-1", Resource Group: "acctestRG-1") to become ready: <nil>
2018-08-21T17:38:17.677+0100 [DEBUG] plugin.terraform-provider-azurerm: 2018/08/21 17:38:17 [DEBUG] Waiting for state to become: [Ready]

For comparison, the debug output for creating an azurerm_sql_virtual_network_rule follows. When the ARM request is sent, the HTTP status received in response is 400 instead of 202.

2018-08-22T09:48:23.728+0100 [DEBUG] plugin.terraform-provider-azurerm: 2018/08/22 09:48:23 [DEBUG] AzureRM Request:
2018-08-22T09:48:23.728+0100 [DEBUG] plugin.terraform-provider-azurerm: PUT /subscriptions/<redacted>/resourceGroups/example-sql-server-vnet-rule/providers/Microsoft.Sql/servers/unqiueazuresqlserver/virtualNetworkRules/sql-vnet-rule?api-version=2015-05-01-preview HTTP/1.1
  resource_group_name:                  "" => "example-sql-server-vnet-rule"
2018-08-22T09:48:23.728+0100 [DEBUG] plugin.terraform-provider-azurerm: Host: management.azure.com
2018-08-22T09:48:23.728+0100 [DEBUG] plugin.terraform-provider-azurerm: User-Agent: Go/go1.10.3 (amd64-darwin) go-autorest/v10.12.0 Azure-SDK-For-Go/v18.0.0 sql/2015-05-01-preview;HashiCorp-Terraform-v0.11.3
2018-08-22T09:48:23.728+0100 [DEBUG] plugin.terraform-provider-azurerm: Content-Length: 260
2018-08-22T09:48:23.728+0100 [DEBUG] plugin.terraform-provider-azurerm: Authorization: <redacted>
server_name:                          "" => "unqiueazuresqlserver"
2018-08-22T09:48:23.728+0100 [DEBUG] plugin.terraform-provider-azurerm: Content-Type: application/json; charset=utf-8
2018-08-22T09:48:23.728+0100 [DEBUG] plugin.terraform-provider-azurerm: Accept-Encoding: gzip
2018-08-22T09:48:23.728+0100 [DEBUG] plugin.terraform-provider-azurerm: 
  subnet_id:                            "" => "/subscriptions/<redacted>/resourceGroups/example-sql-server-vnet-rule/providers/Microsoft.Network/virtualNetworks/example-vnet/subnets/example-subnet"
2018-08-22T09:48:24.908+0100 [DEBUG] plugin.terraform-provider-azurerm: 2018/08/22 09:48:24 [DEBUG] AzureRM Response for https://management.azure.com/subscriptions/<redacted>/resourceGroups/example-sql-server-vnet-rule/providers/Microsoft.Sql/servers/unqiueazuresqlserver/virtualNetworkRules/sql-vnet-rule?api-version=2015-05-01-preview:
2018-08-22T09:48:24.908+0100 [DEBUG] plugin.terraform-provider-azurerm: HTTP/1.1 400 Bad Request
2018-08-22T09:48:24.908+0100 [DEBUG] plugin.terraform-provider-azurerm: Content-Length: 511
2018-08-22T09:48:24.908+0100 [DEBUG] plugin.terraform-provider-azurerm: Cache-Control: no-cache
2018-08-22T09:48:24.908+0100 [DEBUG] plugin.terraform-provider-azurerm: Content-Type: application/json; charset=utf-8
2018-08-22T09:48:24.908+0100 [DEBUG] plugin.terraform-provider-azurerm: Date: Wed, 22 Aug 2018 08:48:24 GMT
2018-08-22T09:48:24.908+0100 [DEBUG] plugin.terraform-provider-azurerm: Expires: -1
2018-08-22T09:48:24.908+0100 [DEBUG] plugin.terraform-provider-azurerm: Pragma: no-cache
2018-08-22T09:48:24.908+0100 [DEBUG] plugin.terraform-provider-azurerm: Server: Microsoft-HTTPAPI/2.0
2018-08-22T09:48:24.908+0100 [DEBUG] plugin.terraform-provider-azurerm: Strict-Transport-Security: max-age=31536000; includeSubDomains
2018-08-22T09:48:24.908+0100 [DEBUG] plugin.terraform-provider-azurerm: X-Content-Type-Options: nosniff
2018-08-22T09:48:24.908+0100 [DEBUG] plugin.terraform-provider-azurerm: X-Ms-Correlation-Request-Id: 97da2c8d-682e-49e9-80bc-ca616387df5f
2018-08-22T09:48:24.908+0100 [DEBUG] plugin.terraform-provider-azurerm: X-Ms-Ratelimit-Remaining-Subscription-Writes: 1198
2018-08-22T09:48:24.908+0100 [DEBUG] plugin.terraform-provider-azurerm: X-Ms-Request-Id: 6fe2f017-f29f-4060-a896-274ba437fd18
2018-08-22T09:48:24.908+0100 [DEBUG] plugin.terraform-provider-azurerm: X-Ms-Routing-Request-Id: CANADAEAST:20180822T084824Z:97da2c8d-682e-49e9-80bc-ca616387df5f
2018-08-22T09:48:24.908+0100 [DEBUG] plugin.terraform-provider-azurerm: 

[vladbarosan]

Hi @ac-astuartkregor this seems to be an issue with the service. I moved the issue in the specs repo for tracking and will be closing here