azurerm_api_management_api_operation and azurerm_api_management_api_operation_policy throwing plugin error

[raswinraaj]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

terraform version : v1.0.1 azurerm version : v2.91.0

Affected Resource(s)

• azurerm_api_management_api_operation
• azurerm_api_management_api_operation_policy

Terraform Configuration Files

resource "azurerm_api_management_api_operation" "post_siteonboarding_search" {
  operation_id = "post-siteonboarding-search"
  api_name = azurerm_api_management_api.media_sites.name
  api_management_name = local.api_management_name
  resource_group_name = local.api_management_resource_group_name
  display_name = "POST Site Onboarding Search"
  method = "POST"
  url_template ="/search"
  description = "POST Site Onboarding Search"

  request {
    header {
      name = "Authorization"
      required = true
      type = "string"
    }    

    representation {
      content_type = "application/json"
      schema_id = azurerm_api_management_api_schema.mediasites.schema_id
      type_name = "MediaSiteSearchRequest"
    }
  }

  response {
    status_code = 200
  }  

  response {
    status_code = 204
  }  

  response {
    status_code = 404
  }

  response {
    status_code = 401
  }

  response {
    status_code = 403
  }

  response {
    status_code = 500
  }
}
resource "azurerm_api_management_api_operation_policy" "post_siteonboarding_search_policy" {
  api_name            = azurerm_api_management_api_operation.post_siteonboarding_search.api_name
  api_management_name = azurerm_api_management_api_operation.post_siteonboarding_search.api_management_name
  resource_group_name = azurerm_api_management_api_operation.post_siteonboarding_search.resource_group_name
  operation_id        = azurerm_api_management_api_operation.post_siteonboarding_search.operation_id

  xml_content = <<XML
  <policies>
    <inbound>
        <base/>     
    <set-header name="api-version" exists-action="override">
                        <value>2.0</value>
    </set-header>        
        <rewrite-uri template="/onboarding/internal/site/search" />
    </inbound>
    <outbound>
        <base />        
    </outbound>
</policies>
XML
}
resource "azurerm_api_management_api_operation" "post_site_onboarding" {
  operation_id = "post-site-onboarding"
  api_name = azurerm_api_management_api.media_sites.name
  api_management_name = local.api_management_name
  resource_group_name = local.api_management_resource_group_name
  display_name = "POST Site Onboarding"
  method = "POST"
  url_template = "/"
  description = "POST  Site Onboarding"  

  request {
    header {
      name = "Authorization"
      required = true
      type = "string"
    }    

    representation {
      content_type = "application/json"
      schema_id = azurerm_api_management_api_schema.mediasites.schema_id
      type_name = "MediaSiteProperties"
    }
  }

  response {
    status_code = 200
  }  

  response {
    status_code = 204
  }  

  response {
    status_code = 404
  }

  response {
    status_code = 401
  }

  response {
    status_code = 403
  }

  response {
    status_code = 500
  }
}
resource "azurerm_api_management_api_operation_policy" "post_site_onboarding_policy" {
  api_name            = azurerm_api_management_api_operation.post_site_onboarding.api_name
  api_management_name = azurerm_api_management_api_operation.post_site_onboarding.api_management_name
  resource_group_name = azurerm_api_management_api_operation.post_site_onboarding.resource_group_name
  operation_id        = azurerm_api_management_api_operation.post_site_onboarding.operation_id

  xml_content = <<XML
  <policies>
    <inbound>
        <base/>     
    <set-header name="api-version" exists-action="override">
                        <value>2.0</value>
    </set-header>        
        <rewrite-uri template="/onboarding/internal/site" />
    </inbound>
    <outbound>
        <base />        
    </outbound>
</policies>
XML
}

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp

Debug Output

https://gist.github.com/raswinraaj/d1b0bdfbe382142625529e5013eba499

Panic Output

Expected Behaviour

Create Policy on the API operation

Actual Behaviour

The Operation gets created in the APIM even though it throws an error on terraform cli. But the policy creation fails.

 Error: Plugin did not respond
│
│   with azurerm_api_management_api_operation.post_siteonboarding_search,
│   on sites.tf line 103, in resource "azurerm_api_management_api_operation" "post_siteonboarding_search":
│  103: resource "azurerm_api_management_api_operation" "post_siteonboarding_search" {
│
│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ApplyResourceChange call. The
│ plugin logs may contain more details.

 Error: Plugin did not respond
│
│   with azurerm_api_management_api_operation_policy.post_site_onboarding_policy,
│   on sites.tf line 81, in resource "azurerm_api_management_api_operation_policy" "post_site_onboarding_policy":
│   81: resource "azurerm_api_management_api_operation_policy" "post_site_onboarding_policy" {
│
│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ApplyResourceChange call. The
│ plugin logs may contain more details.

Steps to Reproduce

1. terraform apply

Important Factoids

References

• 0000

[raswinraaj]

This was working fine until v2.88.0. The issue has started appearing since 2.90.0

[lonegunmanb]

The panic was caused by type cast for request.representation.example.value.

According to rest-api spec, the value field could be a string or an object.

[raswinraaj]

But I have not used request.representation.example.value in my code at all.

[lonegunmanb]

Hi @raswinraaj , the whole request argument is "Computed"(https://github.com/hashicorp/terraform-provider-azurerm/blob/main/internal/services/apimanagement/api_management_api_operation_resource.go#L66), which means it could be modified by the Azure service side. I think the original code is not aware of the ambiguous type of this argument, it could be a string or an object represented by a map. I'm working on a patch for this issue and the tests for this api management resource are really slow, so please hold on a moment. Thanks for your patience!

[maxbog]

14707 is a duplicate

[rcskosir]

Thanks for taking the time to submit this issue. It looks like this has been resolved as of #14848. As such, I am going to mark this issue as closed.

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.