We have several existing environments with a virtual network gateway using a public IP that's set to Basic SKU and Dynamic Allocation. We also spin up new ephemeral environments for pull requests
Since we were going to need to upgrade the public IP in a few months anyway, we tried switching over the Standard SKU and Static Allocation. However, we're not able to edit the existing public IP resource either through terraform or through the Azure CLI. Next we created a new public IP resource with the new settings, but we are unable to remove the old one from the virtual network gateway and connect the new one - the disassociate option is disabled in the portal, the reassignment times out after an hour in terraform, and we get a 500 error (with no additional information) using the Azure CLI (we tried both assigning the new public IP to the virtual network gateway, and just removing the old one)
We tried several different commands to approach the problem from different directions and none of them worked
Debug output for item 2 above (the others seem like just how it's set up, but this one seems like a bug)
cli.knack.cli: __init__ debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x105344680>, <function OutputProducer.on_global_arguments at 0x1054e2f20>, <function CLIQuery.on_global_arguments at 0x105520a40>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'network': ['azure.cli.command_modules.network', 'azure.cli.command_modules.privatedns']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: network 0.224 117 361
cli.azure.cli.core: privatedns 0.005 14 60
cli.azure.cli.core: Total (2) 0.229 131 421
cli.azure.cli.core: Loaded 130 groups, 421 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : network vnet-gateway update
cli.azure.cli.core: Command table: network vnet-gateway update
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x1068a36a0>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/Users/halprin/.azure/commands/2024-10-29.11-14-38.network_vnet-gateway_update.19126.log'.
az_command_data_logger: command args: network vnet-gateway update --resource-group {} --name {} --set {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.<locals>.add_subscription_parameter at 0x1069563e0>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument.<locals>.add_ids_arguments at 0x106978900>, <function register_cache_arguments.<locals>.add_cache_arguments at 0x106978a40>, <function register_upcoming_breaking_change_info.<locals>.update_breaking_change_info at 0x106978ae0>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x1054e2fc0>, <function CLIQuery.handle_query_parameter at 0x105520ae0>, <function register_ids_argument.<locals>.parse_ids_arguments at 0x1069789a0>]
cli.azure.cli.core.auth.persistence: build_persistence: location='/Users/halprin/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /Users/halprin/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/f2f795e1-6349-42e3-8d34-1eba20ed345d
msal.authority: openid_config("https://login.microsoftonline.com/f2f795e1-6349-42e3-8d34-1eba20ed345d/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/f2f795e1-6349-42e3-8d34-1eba20ed345d/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/f2f795e1-6349-42e3-8d34-1eba20ed345d/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/f2f795e1-6349-42e3-8d34-1eba20ed345d/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/f2f795e1-6349-42e3-8d34-1eba20ed345d/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/f2f795e1-6349-42e3-8d34-1eba20ed345d/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/f2f795e1-6349-42e3-8d34-1eba20ed345d/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/f2f795e1-6349-42e3-8d34-1eba20ed345d/kerberos', 'tenant_region_scope': 'NA', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? None
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
cli.azure.cli.core.auth.msal_credentials: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: e5d4b074-29d5-4583-823c-83d8a9c848ac
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn?api-version=2023-09-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '46cb40a8-9619-11ef-ab18-d2a1d3089675'
cli.azure.cli.core.sdk.policies: 'CommandName': 'network vnet-gateway update'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--resource-group --name --set --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.65.0 (HOMEBREW) azsdk-python-core/1.28.0 Python/3.11.10 (macOS-14.7.1-arm64-arm-64bit)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn?api-version=2023-09-01 HTTP/1.1" 200 2262
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '2262'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '2b7ce996-e108-4d02-904b-6f11571a9a1f'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '52c96854-62f5-4ded-a273-7b829deb10ae'
cli.azure.cli.core.sdk.policies: 'x-ms-arm-service-request-id': '4f07129b-fd51-47d8-9f1e-df5c2af6739b'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '249'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-reads': '3749'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'SOUTHCENTRALUS:20241029T171438Z:52c96854-62f5-4ded-a273-7b829deb10ae'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: B405D7A07CDA4CE6912D4F217A7B5BFF Ref B: SN4AA2022303039 Ref C: 2024-10-29T17:14:38Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Tue, 29 Oct 2024 17:14:37 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"name":"internal-vpn","id":"/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn","etag":"W/\"369099d1-8bc6-4ec3-87a4-a7492065e46e\"","type":"Microsoft.Network/virtualNetworkGateways","location":"eastus","tags":{},"properties":{"provisioningState":"Succeeded","resourceGuid":"52dfa838-e1fb-4b74-bbf2-3f89e4007373","packetCaptureDiagnosticState":"None","enablePrivateIpAddress":false,"isMigrateToCSES":false,"virtualNetworkGatewayMigrationStatus":{"state":"None","phase":"None","errorMessage":""},"ipConfigurations":[{"name":"vnetGatewayConfig","id":"/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn/ipConfigurations/vnetGatewayConfig","etag":"W/\"369099d1-8bc6-4ec3-87a4-a7492065e46e\"","type":"Microsoft.Network/virtualNetworkGateways/ipConfigurations","properties":{"provisioningState":"Succeeded","privateIPAllocationMethod":"Dynamic","publicIPAddress":{"id":"/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/publicIPAddresses/vpn-public-ip"},"subnet":{"id":"/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworks/csels-rsti-internal-moderate-app-vnet/subnets/GatewaySubnet"}}}],"natRules":[],"virtualNetworkGatewayPolicyGroups":[],"enableBgpRouteTranslationForNat":false,"disableIPSecReplayProtection":false,"sku":{"name":"VpnGw1","tier":"VpnGw1","capacity":2},"gatewayType":"Vpn","vpnType":"RouteBased","enableBgp":false,"activeActive":false,"bgpSettings":{"asn":65515,"bgpPeeringAddress":"10.0.0.94","peerWeight":0,"bgpPeeringAddresses":[{"ipconfigurationId":"/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn/ipConfigurations/vnetGatewayConfig","defaultBgpIpAddresses":["10.0.0.94"],"customBgpIpAddresses":[],"tunnelIpAddresses":["52.234.129.109"]}]},"vpnGatewayGeneration":"Generation1","allowRemoteVnetTraffic":false,"allowVirtualWanTraffic":false}}
cli.azure.cli.core.util: invalid decimal literal (<unknown>, line 1)
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn?api-version=2023-09-01'
cli.azure.cli.core.sdk.policies: Request method: 'PUT'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json'
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'Content-Length': '1714'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '46cb40a8-9619-11ef-ab18-d2a1d3089675'
cli.azure.cli.core.sdk.policies: 'CommandName': 'network vnet-gateway update'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--resource-group --name --set --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.65.0 (HOMEBREW) azsdk-python-core/1.28.0 Python/3.11.10 (macOS-14.7.1-arm64-arm-64bit)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: {"id": "/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn", "location": "eastus", "properties": {"activeActive": false, "allowRemoteVnetTraffic": false, "allowVirtualWanTraffic": false, "bgpSettings": {"asn": 65515, "bgpPeeringAddress": "10.0.0.94", "bgpPeeringAddresses": [{"customBgpIpAddresses": [], "ipconfigurationId": "/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn/ipConfigurations/vnetGatewayConfig"}], "peerWeight": 0}, "disableIPSecReplayProtection": false, "enableBgp": false, "enableBgpRouteTranslationForNat": false, "enablePrivateIpAddress": false, "gatewayType": "Vpn", "ipConfigurations": [{"id": "/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn/ipConfigurations/vnetGatewayConfig", "name": "vnetGatewayConfig", "properties": {"privateIPAllocationMethod": "Dynamic", "publicIPAddress": {"id": "/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/publicIPAddresses/vpn-ip"}, "subnet": {"id": "/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworks/csels-rsti-internal-moderate-app-vnet/subnets/GatewaySubnet"}}}], "natRules": [], "sku": {"name": "VpnGw1", "tier": "VpnGw1"}, "virtualNetworkGatewayPolicyGroups": [], "vpnGatewayGeneration": "Generation1", "vpnType": "RouteBased"}, "tags": {}}
urllib3.connectionpool: https://management.azure.com:443 "PUT /subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn?api-version=2023-09-01 HTTP/1.1" 500 84
cli.azure.cli.core.sdk.policies: Response status: 500
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '84'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': 'd40b96ed-8c5c-4600-b267-5e34c35395da'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': 'c5e180c6-d6f4-4af7-b0ac-0956fb888337'
cli.azure.cli.core.sdk.policies: 'x-ms-arm-service-request-id': '933de42e-4c89-47a9-8050-17261174d924'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-failure-cause': 'service'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-writes': '199'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-writes': '2999'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'SOUTHCENTRALUS:20241029T171440Z:c5e180c6-d6f4-4af7-b0ac-0956fb888337'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 865EC2E99DA14BFFA807660F0FF6C7AB Ref B: SN4AA2022303039 Ref C: 2024-10-29T17:14:38Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Tue, 29 Oct 2024 17:14:39 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"error":{"code":"InternalServerError","message":"An error occurred.","details":[]}}
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn?api-version=2023-09-01'
cli.azure.cli.core.sdk.policies: Request method: 'PUT'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json'
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'Content-Length': '1714'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '46cb40a8-9619-11ef-ab18-d2a1d3089675'
cli.azure.cli.core.sdk.policies: 'CommandName': 'network vnet-gateway update'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--resource-group --name --set --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.65.0 (HOMEBREW) azsdk-python-core/1.28.0 Python/3.11.10 (macOS-14.7.1-arm64-arm-64bit)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: {"id": "/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn", "location": "eastus", "properties": {"activeActive": false, "allowRemoteVnetTraffic": false, "allowVirtualWanTraffic": false, "bgpSettings": {"asn": 65515, "bgpPeeringAddress": "10.0.0.94", "bgpPeeringAddresses": [{"customBgpIpAddresses": [], "ipconfigurationId": "/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn/ipConfigurations/vnetGatewayConfig"}], "peerWeight": 0}, "disableIPSecReplayProtection": false, "enableBgp": false, "enableBgpRouteTranslationForNat": false, "enablePrivateIpAddress": false, "gatewayType": "Vpn", "ipConfigurations": [{"id": "/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn/ipConfigurations/vnetGatewayConfig", "name": "vnetGatewayConfig", "properties": {"privateIPAllocationMethod": "Dynamic", "publicIPAddress": {"id": "/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/publicIPAddresses/vpn-ip"}, "subnet": {"id": "/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworks/csels-rsti-internal-moderate-app-vnet/subnets/GatewaySubnet"}}}], "natRules": [], "sku": {"name": "VpnGw1", "tier": "VpnGw1"}, "virtualNetworkGatewayPolicyGroups": [], "vpnGatewayGeneration": "Generation1", "vpnType": "RouteBased"}, "tags": {}}
urllib3.connectionpool: https://management.azure.com:443 "PUT /subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn?api-version=2023-09-01 HTTP/1.1" 500 84
cli.azure.cli.core.sdk.policies: Response status: 500
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '84'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '7f70b28a-4ea5-472d-af16-2fe247e54557'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': 'ddb38220-74e6-4fee-a74a-eddbd9789a12'
cli.azure.cli.core.sdk.policies: 'x-ms-arm-service-request-id': '39805d5a-1780-46ba-9d79-6b813ce3beb4'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-failure-cause': 'service'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-writes': '199'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-writes': '2999'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'SOUTHCENTRALUS:20241029T171441Z:ddb38220-74e6-4fee-a74a-eddbd9789a12'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 264A1932C5F34BCFB727B74451B66BFB Ref B: SN4AA2022303039 Ref C: 2024-10-29T17:14:40Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Tue, 29 Oct 2024 17:14:40 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"error":{"code":"InternalServerError","message":"An error occurred.","details":[]}}
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn?api-version=2023-09-01'
cli.azure.cli.core.sdk.policies: Request method: 'PUT'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json'
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'Content-Length': '1714'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '46cb40a8-9619-11ef-ab18-d2a1d3089675'
cli.azure.cli.core.sdk.policies: 'CommandName': 'network vnet-gateway update'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--resource-group --name --set --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.65.0 (HOMEBREW) azsdk-python-core/1.28.0 Python/3.11.10 (macOS-14.7.1-arm64-arm-64bit)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: {"id": "/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn", "location": "eastus", "properties": {"activeActive": false, "allowRemoteVnetTraffic": false, "allowVirtualWanTraffic": false, "bgpSettings": {"asn": 65515, "bgpPeeringAddress": "10.0.0.94", "bgpPeeringAddresses": [{"customBgpIpAddresses": [], "ipconfigurationId": "/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn/ipConfigurations/vnetGatewayConfig"}], "peerWeight": 0}, "disableIPSecReplayProtection": false, "enableBgp": false, "enableBgpRouteTranslationForNat": false, "enablePrivateIpAddress": false, "gatewayType": "Vpn", "ipConfigurations": [{"id": "/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn/ipConfigurations/vnetGatewayConfig", "name": "vnetGatewayConfig", "properties": {"privateIPAllocationMethod": "Dynamic", "publicIPAddress": {"id": "/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/publicIPAddresses/vpn-ip"}, "subnet": {"id": "/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworks/csels-rsti-internal-moderate-app-vnet/subnets/GatewaySubnet"}}}], "natRules": [], "sku": {"name": "VpnGw1", "tier": "VpnGw1"}, "virtualNetworkGatewayPolicyGroups": [], "vpnGatewayGeneration": "Generation1", "vpnType": "RouteBased"}, "tags": {}}
urllib3.connectionpool: https://management.azure.com:443 "PUT /subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn?api-version=2023-09-01 HTTP/1.1" 500 84
cli.azure.cli.core.sdk.policies: Response status: 500
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '84'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': 'f5cc654d-3684-49cf-b731-977c74117ad7'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '3b7ad2f8-d0cb-4919-a606-b6aef65b02df'
cli.azure.cli.core.sdk.policies: 'x-ms-arm-service-request-id': '89054207-55f0-475d-8de2-cfdbfed3f259'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-failure-cause': 'service'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-writes': '199'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-writes': '2999'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'SOUTHCENTRALUS:20241029T171445Z:3b7ad2f8-d0cb-4919-a606-b6aef65b02df'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 24B855EF78244A17B9BCC70EC6D11BD3 Ref B: SN4AA2022303039 Ref C: 2024-10-29T17:14:43Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Tue, 29 Oct 2024 17:14:44 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"error":{"code":"InternalServerError","message":"An error occurred.","details":[]}}
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn?api-version=2023-09-01'
cli.azure.cli.core.sdk.policies: Request method: 'PUT'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json'
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'Content-Length': '1714'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '46cb40a8-9619-11ef-ab18-d2a1d3089675'
cli.azure.cli.core.sdk.policies: 'CommandName': 'network vnet-gateway update'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--resource-group --name --set --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.65.0 (HOMEBREW) azsdk-python-core/1.28.0 Python/3.11.10 (macOS-14.7.1-arm64-arm-64bit)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: {"id": "/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn", "location": "eastus", "properties": {"activeActive": false, "allowRemoteVnetTraffic": false, "allowVirtualWanTraffic": false, "bgpSettings": {"asn": 65515, "bgpPeeringAddress": "10.0.0.94", "bgpPeeringAddresses": [{"customBgpIpAddresses": [], "ipconfigurationId": "/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn/ipConfigurations/vnetGatewayConfig"}], "peerWeight": 0}, "disableIPSecReplayProtection": false, "enableBgp": false, "enableBgpRouteTranslationForNat": false, "enablePrivateIpAddress": false, "gatewayType": "Vpn", "ipConfigurations": [{"id": "/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn/ipConfigurations/vnetGatewayConfig", "name": "vnetGatewayConfig", "properties": {"privateIPAllocationMethod": "Dynamic", "publicIPAddress": {"id": "/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/publicIPAddresses/vpn-ip"}, "subnet": {"id": "/subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworks/csels-rsti-internal-moderate-app-vnet/subnets/GatewaySubnet"}}}], "natRules": [], "sku": {"name": "VpnGw1", "tier": "VpnGw1"}, "virtualNetworkGatewayPolicyGroups": [], "vpnGatewayGeneration": "Generation1", "vpnType": "RouteBased"}, "tags": {}}
urllib3.connectionpool: https://management.azure.com:443 "PUT /subscriptions/[subscription id]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn?api-version=2023-09-01 HTTP/1.1" 500 84
cli.azure.cli.core.sdk.policies: Response status: 500
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '84'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': 'd01a0d84-6ddf-470a-a47e-2c39a9515b3a'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': 'acfb96cf-5717-46e2-a6b9-ec51d504ced7'
cli.azure.cli.core.sdk.policies: 'x-ms-arm-service-request-id': 'f1ae0964-4da4-47a9-aef1-be2c26e977ab'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-failure-cause': 'service'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-writes': '199'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-writes': '2999'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'SOUTHCENTRALUS:20241029T171449Z:acfb96cf-5717-46e2-a6b9-ec51d504ced7'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: D3D59D132C684A2894554BA6E44D6745 Ref B: SN4AA2022303039 Ref C: 2024-10-29T17:14:48Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Tue, 29 Oct 2024 17:14:48 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"error":{"code":"InternalServerError","message":"An error occurred.","details":[]}}
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "/opt/homebrew/Cellar/azure-cli/2.65.0_2/libexec/lib/python3.11/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/Cellar/azure-cli/2.65.0_2/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 666, in execute
raise ex
File "/opt/homebrew/Cellar/azure-cli/2.65.0_2/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 733, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/Cellar/azure-cli/2.65.0_2/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 714, in _run_job
result = LongRunningOperation(cmd_copy.cli_ctx, 'Starting {}'.format(cmd_copy.name))(result)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/Cellar/azure-cli/2.65.0_2/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 1075, in __call__
raise exception
File "/opt/homebrew/Cellar/azure-cli/2.65.0_2/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 1062, in __call__
result = poller.result()
^^^^^^^^^^^^^^^
File "/opt/homebrew/Cellar/azure-cli/2.65.0_2/libexec/lib/python3.11/site-packages/azure/cli/core/aaz/_poller.py", line 108, in result
self.wait(timeout)
File "/opt/homebrew/Cellar/azure-cli/2.65.0_2/libexec/lib/python3.11/site-packages/azure/core/tracing/decorator.py", line 76, in wrapper_use_tracer
return func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/Cellar/azure-cli/2.65.0_2/libexec/lib/python3.11/site-packages/azure/cli/core/aaz/_poller.py", line 130, in wait
raise self._exception
File "/opt/homebrew/Cellar/azure-cli/2.65.0_2/libexec/lib/python3.11/site-packages/azure/cli/core/aaz/_poller.py", line 83, in _start
for polling_method in self._polling_generator:
File "/opt/homebrew/Cellar/azure-cli/2.65.0_2/libexec/lib/python3.11/site-packages/azure/cli/command_modules/network/aaz/latest/network/vnet_gateway/_update.py", line 448, in _execute_operations
yield self.VirtualNetworkGatewaysCreateOrUpdate(ctx=self.ctx)()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/Cellar/azure-cli/2.65.0_2/libexec/lib/python3.11/site-packages/azure/cli/command_modules/network/aaz/latest/network/vnet_gateway/_update.py", line 579, in __call__
return self.on_error(session.http_response)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/Cellar/azure-cli/2.65.0_2/libexec/lib/python3.11/site-packages/azure/cli/core/aaz/_operation.py", line 332, in on_error
raise HttpResponseError(response=response, error_format=error_format)
azure.core.exceptions.HttpResponseError: (InternalServerError) An error occurred.
Code: InternalServerError
Message: An error occurred.
cli.azure.cli.core.azclierror: (InternalServerError) An error occurred.
Code: InternalServerError
Message: An error occurred.
az_command_data_logger: (InternalServerError) An error occurred.
Code: InternalServerError
Message: An error occurred.
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x1068a3920>]
az_command_data_logger: exit code: 1
cli.__main__: Command ran in 12.455 seconds (init: 0.078, invoke: 12.377)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 4082 in cache file under /Users/halprin/.azure/telemetry/20241029111450194
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "/opt/homebrew/Cellar/azure-cli/2.65.0_2/libexec/bin/python /opt/homebrew/Cellar/azure-cli/2.65.0_2/libexec/lib/python3.11/site-packages/azure/cli/telemetry/__init__.py /Users/halprin/.azure /Users/halprin/.azure/telemetry/20241029111450194"
telemetry.process: Return from creating process 19131
telemetry.main: Finish creating telemetry upload process.
There needs to be some way to either update or replace the existing public IP on this vnet gateway. The command to update the vnet with a different public IP should also return an informative error
Python (Darwin) 3.11.10 (main, Sep 7 2024, 01:03:31) [Clang 15.0.0 (clang-1500.3.9.4)]
Your CLI is up-to-date.
Describe the bug
We have several existing environments with a virtual network gateway using a public IP that's set to Basic SKU and Dynamic Allocation. We also spin up new ephemeral environments for pull requests
Even though Basic SKU creation is not supposed to be disabled until next March, we started seeing this error last week when spinning up new PR environments:
Virtual Network Gateway Name:performing CreateOrUpdate: unexpected status 400 (400 Bad Request) with error: PublicIpWithBasicSkuNotAllowedOnVPNGateways: Basic IP configuration for VPN Virtual Network Gateways is not supported`Since we were going to need to upgrade the public IP in a few months anyway, we tried switching over the Standard SKU and Static Allocation. However, we're not able to edit the existing public IP resource either through terraform or through the Azure CLI. Next we created a new public IP resource with the new settings, but we are unable to remove the old one from the virtual network gateway and connect the new one - the disassociate option is disabled in the portal, the reassignment times out after an hour in terraform, and we get a 500 error (with no additional information) using the Azure CLI (we tried both assigning the new public IP to the virtual network gateway, and just removing the old one)
Related command
We tried several different commands to approach the problem from different directions and none of them worked
az network public-ip update --resource-group csels-rsti-internal-moderate-rg --name vpn-public-ip --sku Standard --allocation-method Staticaz network vnet-gateway update --resource-group csels-rsti-internal-moderate-rg --name internal-vpn --set ipConfigurations[0].publicIpAddress.id=/subscriptions/[subscription number]/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/publicIPAddresses/vpn-ipaz network vnet-gateway update --resource-group csels-rsti-internal-moderate-rg --name internal-vpn --remove ipConfigurations[0].publicIpAddress.idaz network vnet-gateway update --resource-group csels-rsti-internal-moderate-rg --name internal-vpn --remove ipConfigurations[0].publicIpAddressErrors
numbers for errors correspond to numbers for commands above
(PublicIPAddressInUseCannotUpdate) Public IP address /subscriptions/52203171-a2ed-4f6c-b5cf-9b368c43f15b/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/publicIPAddresses/vpn-public-ip is in use by ipconfig /subscriptions/39d0777e-9e7b-4507-bf5a-0b4e2887eaae/resourceGroups/ARMRG-F1580077-2690-4C2A-8733-ED0EDC2D0CC1/providers/Microsoft.Network/loadBalancers/azuregateway-f1580077-2690-4c2a-8733-ed0edc2d0cc1-20a8c7299e69LB/frontendIPConfigurations/azuregateway-f1580077-2690-4c2a-8733-ed0edc2d0cc1-20a8c7299e69LBFE0 and cannot be updated.(InternalServerError) An error occurred. Code: InternalServerError Message: An error occurred.(InvalidRequestFormat) Cannot parse the request. Code: InvalidRequestFormat Message: Cannot parse the request. Exception Details: MissingJsonReferenceId) Value for reference id is missing. Path properties.ipConfigurations[0].properties.publicIPAddress. Code: MissingJsonReferenceId Message: Value for reference id is missing. Path properties.ipConfigurations[0].properties.publicIPAddress.(PublicIpForGatewayIsRequired) Public IP address reference is required for gateway IP configration /subscriptions/52203171-a2ed-4f6c-b5cf-9b368c43f15b/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Network/virtualNetworkGateways/internal-vpn.Issue script & Debug output
Debug output for item 2 above (the others seem like just how it's set up, but this one seems like a bug)
Expected behavior
There needs to be some way to either update or replace the existing public IP on this vnet gateway. The command to update the vnet with a different public IP should also return an informative error
Environment Summary
azure-cli 2.65.0
core 2.65.0
telemetry 1.1.0
Dependencies:
msal 1.31.0
azure-mgmt-resource 23.1.1
Python location '/opt/homebrew/Cellar/azure-cli/2.65.0_2/libexec/bin/python'
Extensions directory '/Users/halprin/.azure/cliextensions'
Python (Darwin) 3.11.10 (main, Sep 7 2024, 01:03:31) [Clang 15.0.0 (clang-1500.3.9.4)]
Legal docs and information: aka.ms/AzureCliLegal
Your CLI is up-to-date.
Additional context
No response