terraform-provider-azapi icon indicating copy to clipboard operation
terraform-provider-azapi copied to clipboard
verified publisher icon Azure

The API returns a readonly `location` field which triggers the replacement

Open ms-henglu opened this issue 1 year ago • 1 comments

Behavior

Take Microsoft.Web/staticSites/linkedBackends resource as an example, in the configuration, there's no location field defined and the schema validation also fails if the location is defined.

After the resource is created, the location field was set automatically by Azure and terraform wants to recreate the resource on every plan and apply. The configuration:

resource "azapi_resource" "webapp_linked_backend" {
  type      = "Microsoft.Web/staticSites/linkedBackends@2022-09-01"
  name      = "webapp-${var.env}-${var.location}"
  parent_id = azurerm_static_web_app.web_app.id

  body = {
    kind = "Container App"
    properties = {
      backendResourceId = var.web_backend_id
      region            = var.location
    }
  }
}

The terraform output:

  # module.web_app.azapi_resource.webapp_linked_backend must be replaced
-/+ resource "azapi_resource" "webapp_linked_backend" {
      ~ id                        = "/subscriptions/<SUBSCRIPTON>/resourceGroups/<RG>/providers/Microsoft.Web/staticSites/<STATIC_WEB>/linkedBackends/<NAME>" -> (known after apply)
      - location                  = "East US 2" -> null # forces replacement
        name                      = "webapp-dev-eastus2"
      ~ output                    = {} -> (known after apply)
        # (6 unchanged attributes hidden)
    }

Workaround

Step 1. Add the location field to the configuration to make the configuration match with the remote state. It's okay to use lifecycle.ignore_changes to suppress the difference too.

lifecycle {
    ignore_changes = [
      location,
    ]
  }
  1. Disable the scheme validation by adding the below configuration
schema_validation_enabled = false

Known resource types

It also happens to other resource types, listed as the following:

Microsoft.Web/staticSites/linkedBackends
Microsoft.Web/sites/siteextensions
Microsoft.KeyVault/vaults/secrets
Microsoft.Relay/namespaces/wcfRelays/authorizationRules 
Microsoft.ServiceBus/namespaces/topics/subscriptions
Microsoft.KeyVault/vaults/keys
Microsoft.Storage/storageAccounts/blobServices/containers
Microsoft.Insights/diagnosticSettings
Microsoft.Web/staticSites/customDomains

Related issues

https://github.com/Azure/terraform-provider-azapi/issues/629 https://github.com/Azure/terraform-provider-azapi/issues/601 https://github.com/Azure/terraform-provider-azapi/issues/584 https://github.com/Azure/terraform-provider-azapi/issues/563 https://github.com/Azure/terraform-provider-azapi/issues/541 https://github.com/Azure/terraform-provider-azapi/issues/538 https://github.com/Azure/terraform-provider-azapi/issues/514 https://github.com/Azure/terraform-provider-azapi/issues/511

ms-henglu avatar Oct 28 '24 08:10 ms-henglu

This issue happens after v1.13.x.

ms-henglu avatar Oct 28 '24 08:10 ms-henglu

Hi there

Is there an ETA on when this will be fixed? Thank you

danielkwok72 avatar Jan 07 '25 00:01 danielkwok72

When trying to import a Microsoft.EventHub/namespaces/authorizationRules it also triggers a replace due the location field.

cwe1ss avatar Feb 06 '25 09:02 cwe1ss

I'll investigate and try to fix it in the next month.

ms-henglu avatar Feb 07 '25 06:02 ms-henglu

This is also occurring for Microsoft.EventHub/namespaces/eventhubs@2024-01-01

fardarter avatar Mar 25 '25 13:03 fardarter

@stemaMSFT this seems to be the main thread that tracks the schema validation API issues

kewalaka avatar Mar 29 '25 21:03 kewalaka