ResourceIds are not matching due to URI case insensitivity

[elsesiy]

Azure resources are uniquely identifiable by following this naming schema: /subscriptions/<id>/resourceGroups/<id>/resource

However, in a quick test the following resource id has been recorded when created via Pulumi: /subscriptions/xx/resourcegroups/xxx/providers/Microsoft.ManagedIdentity/userAssignedIdentities/xx

The difference is resourceGroup vs resourcegroup which is recorded as a change during import of existing resources.

[clstokes]

Hi @elsesiy:

1. Are you seeing this across specific resources or all resource types?
2. What language and provider versions are you using?
3. Can you provide your code and Gopkg.lock or equivalent for us to reproduce?

Our Azure provider is one of our most popular ones so I'm surprised we've not seen this before.

[elsesiy]

@clstokes Thanks for the quick reply!

1. I noticed this specifically for managed identities but let me investigate other resource ids and get back to you on this
2. Go pulumi v1.13.0 and pulumi-azure v1.14.1-0.20200313151651-e68aac143fed

3. identity, err := authorization.NewUserAssignedIdentity(ctx, "identity",
   	&authorization.UserAssignedIdentityArgs{
   		Name:              pulumi.String("myidentity"),
   		ResourceGroupName: k8s.Cluster.NodeResourceGroup,
   		Tags:              rg.Tags,
   	})
   

GoPkg.toml:

[[constraint]]
  version = "v1.12.1"
  name = "github.com/pulumi/pulumi"

[[constraint]]
  version = "v2.1.0"
  name = "github.com/pulumi/pulumi-azure"

[[constraint]]
  version = "v1.6.0"
  name = "github.com/pulumi/pulumi-azuread"

[[constraint]]
  version = "v1.6.0"
  name = "github.com/pulumi/pulumi-random"

[[constraint]]
  version = "v1.5.0"
  name = "github.com/pulumi/pulumi-tls"

[prune]
  go-tests = true
  unused-packages = true

[mikhailshilkov]

Hi @elsesiy Thanks for the snippet, I can reproduce the issue specifically with the UserAssignedIdentity resource.

I made a trace and it appears that we get this ID from the terraform provider which gets it from the Azure Go SDK which in turn gets it from Azure API. Therefore, I suspect it's going to be hard to fix this any time soon.

I understand the problem only manifests during the import process. You could probably manually edit the ID in your state file to get past the issue. @clstokes might be able to help there.

Sorry for the inconvenience.

[elsesiy]

@mikhailshilkov Are you guys reporting these issues back to the respective dependencies or is that something you'd expect the issue author to do him/herself?

[mikhailshilkov]

@elsesiy It depends... if you could report it upstream, that would be awesome! Note that my quick investigation suggests terraform is not guilty here and it's somewhere further, either in Azure Go SDK or even the service. Let me know if you want me to dig into this.

[elsesiy]

@mikhailshilkov I did some simple search in the azure-sdk-for-go but couldn't pinpoint the location where this is happening. Can you point me to the right spot and I'll report it if that helps? Thanks!

[mikhailshilkov]

The bad news is that this problem in on Azure service side. The following HTTP request

curl -X GET -H "Authorization: Bearer [redacted]" -H "Content-Type: application/json" 
"https://management.azure.com/subscriptions/[redacted]/resourceGroups/test/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testmi?api-version=2015-08-31-preview"

returns

{"id":"/subscriptions/[redacted]/resourcegroups/test/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testmi",
"name":"testmi",
"type":"Microsoft.ManagedIdentity/userAssignedIdentities",
"location":"westeurope",
"tags":{},
"properties":{[redacted]}
}

[elsesiy]

@mikhailshilkov Understood, but we should at least report it to them

[mikhailshilkov]

@elsesiy Sure thing. Do you know a channel beyond Azure support?

[gpduck]

If Azure doesn't care about case, isn't the problem in the resource/engine doing case sensitive string comparisons?