ms-henglu
commented
2 weeks ago Hi @iverberk ,
Thank you for taking time to report this issue!
This is a good question and could happen to any terraform provider. I have a workaround that might help in this case, please give it a try. And I'll keep working on improving this.
I use the below configuration to simulate the use case. The azapi_resource.aksCluster resource is used to create the AKS cluster. And I added a azapi_resource_action.fetch_aks_static_output resource to perform an GET request on the aks cluster to fetch the static output attributes. And the azapi_resource.factory is used to create a data factory resource in the node resource group, which is used simulate the dependent resource which will be recreated if the node resource group changed. And I tried to add tags to the AKS cluster, and terraform plan shows that the data factory will not be affected by the change.
resource "azapi_resource" "aksCluster" {
type = "Microsoft.ContainerService/managedClusters@2024-08-01"
parent_id = azapi_resource.resourceGroup.id
name = "henglu01"
location = "westus"
identity {
type = "SystemAssigned"
}
body = {
properties = {
dnsPrefix = "henglu01"
agentPoolProfiles = [
{
name = "agentpool"
count = 1
vmSize = "Standard_DS2_v2"
osType = "Linux"
mode = "System"
}
]
}
}
}
resource "azapi_resource_action" "fetch_aks_static_output" {
type = "Microsoft.ContainerService/managedClusters@2024-08-01"
resource_id = azapi_resource.aksCluster.id
method = "GET"
response_export_values = [
"properties.identityProfile.kubeletidentity.objectId",
"properties.oidcIssuerProfile.issuerURL",
"properties.nodeResourceGroup"
]
}
data "azapi_resource" "nodeResourceGroup" {
type = "Microsoft.Resources/resourceGroups@2021-04-01"
name = azapi_resource_action.fetch_aks_static_output.output.properties.nodeResourceGroup
}
resource "azapi_resource" "factory" {
type = "Microsoft.DataFactory/factories@2018-06-01"
parent_id = data.azapi_resource.nodeResourceGroup.id
name = "henglu02"
location = "westus"
body = {
properties = {
publicNetworkAccess = "Enabled"
repoConfiguration = null
}
}
}
We are creating an AKS cluster with the AzAPI provider. As part of the resource we set:
These properties are static for the lifetime of the AKS cluster. They only change when the entire cluster is recreated.
Now, when an in-place update is triggered for the AKS cluster, the output attribute is re-evaluated and set to 'known after apply'. This has the unfortunate side-effect that dependent resources that rely on those output properties get recreated when in fact nothing changes. I would like to know if there is some way that we can tell the AzAPI provider that these exported values will never change and prevent all those recreations.
Adding a lifecycle ignore on every dependent resource that uses some output property is unmaintainable.