search

Azure / terraform-provider-azapi

Terraform provider for Azure Resource Manager Rest API
https://registry.terraform.io/providers/Azure/azapi/latest
Mozilla Public License 2.0
193 stars 51 forks source link

Bug: Provider produced an unexpected new value: .output.etag #644

Open cwe1ss opened 1 month ago

cwe1ss commented 1 month ago

When trying to upgrade from v1.14.0 to v2.0.1 we are having an issue with our Microsoft.Network/routeTables/routes-resource.

Our code with v1.14.0 was:

resource "azapi_resource" "hub_gateway_route" {
  for_each = {
    for index, address_space in var.spoke_vnet_address_space : index => address_space
    if var.hub_gateway_route_enabled
  }

  type      = "Microsoft.Network/routeTables/routes@2023-04-01"
  name      = "udr-${data.azapi_resource_id.spoke_vnet.name}-${each.key}"
  parent_id = local.hub_gateway_subnet_route_table_id
  body = {
    properties = {
      addressPrefix    = each.value
      nextHopType      = "VirtualAppliance"
      nextHopIpAddress = var.hub_firewall_ip
      hasBgpOverride   = true
    }
  }
}

With v2.0.1 this resulted in the following error: hasBgpOverride is not expected here, it's read only.

As this seems to be an error with the schema, we added schema_validation_enabled = false. This resulted in the following terraform plan:

Terraform will perform the following actions:

  # module.resolver.module.vnet_peering.azapi_resource.hub_gateway_route["0"] will be updated in-place
  ~ resource "azapi_resource" "hub_gateway_route" {
        id                        = "/subscriptions/xyz/resourceGroups/rg-xyz/providers/Microsoft.Network/routeTables/rt-xyz/routes/udr-vnet-xyz-0"
        name                      = "udr-vnet-xyz-0"
      ~ schema_validation_enabled = true -> false
        tags                      = {}
        # (7 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

The apply then failed with following error message:

Error: Provider produced inconsistent result after apply

When applying changes to module.resolver.module.vnet_peering.azapi_resource.hub_gateway_route["0"],
provider "provider[\"registry.terraform.io/azure/azapi\"]" produced an
unexpected new value: .output.etag: was
cty.StringVal("W/\"ff4b68ad-8519-421e-8284-94d34480545f\""), but now
cty.StringVal("W/\"1426bdd3-df9d-473f-83ae-5d1452ba46e2\"").

This is a bug in the provider, which should be reported in the provider's own issue tracker.
ms-henglu commented 1 month ago

Hi @cwe1ss ,

Thank you for taking time to report this issue!

In the 2.0, the output will default to the readonly properties. In above case, it will output the etag and etag gets updated when there're PUT requests to update the resource.

I'll work on improving this.

And I have some workarounds to help with this case:

  1. Disable the default output: https://registry.terraform.io/providers/Azure/azapi/latest/docs#disable_default_output
  2. Specifying the response_export_values = ["properties"] in the resource block to avoid outputting the etag.