Open beaubutton opened 3 years ago
any news on this ? any workaround would be appreciated as well. In my case I have two keys created fine, but need two more to be created. tf plan shows the change (to create 2 more keys) but TF apply fails with above error and those missing keys do not exist in AI on azure.
Tried also to delete one of them from azure portal. next TF plan shows to create 3 keys now, same error as above for 3 keys.
ok, so what fixed it for me was to delete all keys manually from portal, and let TF recreate them again. it seems that this needs to be completed successfully for all keys from the beginning in one go. So, adding a new key afterwards in the future probably won't work :/
Yeah I've just hit this issue today when creating a TF managed Read Key alongside some that have been created manually
The Terraform here is totally unworkable even using AzureRM provider 2.98.0
With AzureRM provider 3.0.2
I have tried to debug the providers and found that after listing the api keys, terraform try to list the key id again and then throw error A resource with the ID "..." already exists
which is not make any sense.
Here is the behavior of terraform appeared in debug log
1) terraform lists the APIKey
REQ
GET /subscriptions/xxxxxx/resourceGroups/xxxxxxx/providers/Microsoft.Insights/components/appi-appinsights-az-asse-sbx-001/ApiKeys?api-version=2015-05-01
RESP
{
"value": [
{
"id": "/subscriptions/xxxxxx/resourcegroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/apikeys/35b99a4e-2a98-4a4e-87e7-fde636e74534",
"name": "cli-demo",
"linkedReadProperties": [
"/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/api",
"/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/draft",
"/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/extendqueries",
"/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/search",
"/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/aggregate"
],
"linkedWriteProperties": [
"/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/annotations"
],
"createdDate": "Mon, 04 Apr 2022 22:35:20 GMT",
"integrationType": null,
"integrationProperty": null
},
{
"id": "/subscriptions/xxxxxx/resourcegroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/apikeys/04f39ba3-e829-4d33-ac04-5287bddc980a",
"name": "aaaaaaaa",
"linkedReadProperties": [
"/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/api",
"/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/draft",
"/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/extendqueries",
"/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/search",
"/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/aggregate",
"/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/agentconfig"
],
"linkedWriteProperties": [
"/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/annotations"
],
"createdDate": "Mon, 04 Apr 2022 22:19:39 GMT",
"integrationType": null,
"integrationProperty": null
}
]
}
2) Then terraform try to list the key that it get from previous request again
REQ
GET /subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/Microsoft.Insights/components/xxxxxx/APIKeys/35b99a4e-2a98-4a4e-87e7-fde636e74534?api-version=2015-05-01
RESP
{
"id": "/subscriptions/xxxxxx/resourcegroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/apikeys/35b99a4e-2a98-4a4e-87e7-fde636e74534",
"name": "cli-demo",
"linkedReadProperties": [
"/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/api",
"/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/draft",
"/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/extendqueries",
"/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/search",
"/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/aggregate"
],
"linkedWriteProperties": [
"/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/microsoft.insights/components/xxxxxx/annotations"
],
"createdDate": "Mon, 04 Apr 2022 22:35:20 GMT",
"integrationType": null,
"integrationProperty": null
}
3) Then terraform throw error A resource with the ID "..." already exists
LOG
2022-04-05T06:03:49.855+0700 [ERROR] vertex "module.app_insights.azurerm_application_insights_api_key.main1" error: A resource with the ID "/subscriptions/xxxxxx/resourceGroups/xxxxxx/providers/Microsoft.Insights/components/xxxxxx/apiKeys/35b99a4e-2a98-4a4e-87e7-fde636e74534" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_application_insights_api_key" for more information.
In my opinion rather than checking existance of key listing from 1.
, terraform should check the name and permissions (linkedReadProperties
and linkedWriteProperties
) of api key return from 1.
and what in terraform code.
I've hit this today as well, using AzureRM 3.x.
Created the first ApiKey fine, then got this error trying to create a second key, even though the new azurerm_application_insights_api_key
Terraform resource has a seperate name:
Error: A resource with the ID "/subscriptions/XXX/XXX/providers/Microsoft.Insights/components/XXX/apiKeys/abf14644-8087-42eb-acec-1a5792e4XXXX" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_application_insights_api_key" for more information.
The issue is still occurring. Checked with Microsoft azure backend and confirmed that they only received GET requests for the component and didn't receive any POST or PUT requests. Kindly assign a TF engineer to look into the issue.
I've hit this issue myself this week. MS pointed me to this bug. Any updates on this?
I have the same problem, is there any workaround ?
we've been experiencing the same for quite a while and would really like to eventually find a solution
This was resolved in release v3.84.0
Community Note
Terraform (and AzureRM Provider) Version
Terraform v0.13.6
Affected Resource(s)
Terraform Configuration Files
Expected Behaviour
Two Application Insights API Keys should have been created. One with Read permissions and a second with write permissions.
Actual Behaviour
Only one Application Insights API Key was created, the Read key. When trying to create the Write key, the following error was received: A resource with the ID "/subscriptions/****/resourcegroups/application-e1us-hdtest-rg-01/providers/microsoft.insights/components/application-e1us-hdtest-ai-01/apikeys/****" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_application_insights_api_key" for more information.
Steps to Reproduce
References
8472
9877