search

hashicorp / terraform-provider-azurerm

Terraform provider for Azure Resource Manager
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Mozilla Public License 2.0
4.62k stars 4.66k forks source link

"registry.terraform.io/hashicorp/azurerm" produced an invalid new value #15223

Open meldonya opened 2 years ago

meldonya commented 2 years ago

Terraform (and AzureRM Provider) Version Terraform Core version: 1.1.4 AzureRM Provider version: v2.94.0

Terraform Module Configuration Files

data "azurerm_application_insights" "appi" {
  name                = var.appi_name
  resource_group_name = local.rg_name
}

data "azurerm_monitor_action_group" "ag" {
  resource_group_name = local.rg_base_name
  name                = local.ag_name
}

resource "azurerm_application_insights_web_test" "test" { 
  name                    = local.test_complete_name
  location                = data.azurerm_application_insights.appi.location 
  resource_group_name     = data.azurerm_application_insights.appi.resource_group_name 
  application_insights_id = data.azurerm_application_insights.appi.id
  kind                    = "ping"
  frequency               = 300
  timeout                 = 120
  enabled                 = true
  geo_locations           = ["emea-nl-ams-azr", "emea-ru-msa-edge", "emea-gb-db3-azr"]
  retry_enabled           = true

  configuration = <<XML
<WebTest>
  <Items>
    <Request Method="GET" Version="1.1" Url="${var.test_url}" ThinkTime="0" Timeout="120" ParseDependentRequests="False" FollowRedirects="True" RecordResult="True" Cache="False" ResponseTimeGoal="0" Encoding="utf-8" ExpectedHttpStatusCode="200" ExpectedResponseUrl="" ReportingName="" IgnoreHttpStatusCode="False" />
  </Items>
</WebTest>
XML
}

resource "azurerm_monitor_metric_alert" "alert" {
  name                = local.alert_name
  resource_group_name = local.rg_name
  scopes              = [azurerm_application_insights_web_test.test.id, data.azurerm_application_insights.appi.id]
  description         = local.alert_description
  severity            = var.test_severity
  auto_mitigate       = false  

  application_insights_web_test_location_availability_criteria {
    web_test_id = azurerm_application_insights_web_test.test.id
    component_id = data.azurerm_application_insights.appi.id
    failed_location_count = 1
  }

  action {
    action_group_id = data.azurerm_monitor_action_group.ag.id
  }
}

Description / Feedback I've successfully applied the above resource, but Terraform reported the following error

==============================================================================
Task         : Terraform
Description  : Execute terraform commands to manage resources on AzureRM, Amazon Web Services(AWS) and Google Cloud Platform(GCP)
Version      : 2.197.1
Author       : Microsoft Corporation
Help         : [Learn more about this task](https://aka.ms/AAese2w)
==============================================================================
C:\deploy\agent-01\work\_work\_tool\terraform\1.1.4\x64\terraform.exe providers

Providers required by configuration:
.
├── provider[registry.terraform.io/hashicorp/azurerm] ~> 2.94.0
├── module.plan
│   └── provider[registry.terraform.io/hashicorp/azurerm]
├── module.snet
│   └── provider[registry.terraform.io/hashicorp/azurerm]
├── module.app
│   └── provider[registry.terraform.io/hashicorp/azurerm]
├── module.availabiliy_CheckDB_test
│   └── provider[registry.terraform.io/hashicorp/azurerm]
└── module.availabiliy_Heartbeat_test
    └── provider[registry.terraform.io/hashicorp/azurerm]

Providers required by state:

    provider[registry.terraform.io/hashicorp/azurerm]

C:\deploy\agent-01\work\_work\_tool\terraform\1.1.4\x64\terraform.exe validate
Success! The configuration is valid.

C:\deploy\agent-01\work\_work\_tool\terraform\1.1.4\x64\terraform.exe apply -auto-approve dev-792339.out
module.app.azurerm_key_vault_access_policy.kv_permissions: Destroying... [id=***/resourceGroups/rg-dev-base/providers/Microsoft.KeyVault/vaults/kv-dev-auth/objectId/9e18d397-b0ad-418c-a780-5bc7bbab71c7]
module.app.azurerm_key_vault_access_policy.kv_permissions: Destruction complete after 6s
module.app.azurerm_application_insights.appi: Creating...
module.app.azurerm_application_insights.appi: Still creating... [10s elapsed]
module.app.azurerm_application_insights.appi: Still creating... [20s elapsed]
module.app.azurerm_application_insights.appi: Creation complete after 21s [id=***/resourceGroups/rg-dev-temp/providers/Microsoft.Insights/components/appi-dev-xxxx]
module.app.azurerm_app_service.app: Creating...
module.app.azurerm_app_service.app: Still creating... [10s elapsed]
module.app.azurerm_application_insights.appi: Still creating... [20s elapsed]
module.app.azurerm_application_insights.appi: Creation complete after 21s [id=***/resourceGroups/rg-dev-temp/providers/Microsoft.Insights/components/appi-dev-xxxx]
module.app.azurerm_app_service.app: Creating...
module.app.azurerm_app_service.app: Still creating... [10s elapsed]
module.app.azurerm_app_service.app: Still creating... [20s elapsed]
module.app.azurerm_app_service.app: Still creating... [30s elapsed]
module.app.azurerm_app_service.app: Still creating... [40s elapsed]
module.app.azurerm_app_service.app: Still creating... [50s elapsed]
module.app.azurerm_app_service.app: Still creating... [1m0s elapsed]
module.app.azurerm_app_service.app: Still creating... [1m10s elapsed]
module.app.azurerm_app_service.app: Creation complete after 1m19s [id=***/resourceGroups/rg-dev-temp/providers/Microsoft.Web/sites/app-dev-xxxx]
module.app.azurerm_key_vault_access_policy.kv_permissions: Creating...
module.app.azurerm_key_vault_access_policy.kv_permissions: Creation complete after 6s [id=***/resourceGroups/rg-dev-base/providers/Microsoft.KeyVault/vaults/kv-dev-auth/objectId/a73d1bab-7b0a-4726-b502-af25f2569a0e]
module.availabiliy_Heartbeat_test[0].data.azurerm_application_insights.appi: Reading... [id=***/resourceGroups/rg-dev-temp/providers/Microsoft.Insights/components/appi-dev-xxxx]
module.availabiliy_CheckDB_test[0].data.azurerm_application_insights.appi: Reading... [id=***/resourceGroups/rg-dev-temp/providers/Microsoft.Insights/components/appi-dev-xxxx]
module.availabiliy_CheckDB_test[0].data.azurerm_monitor_action_group.ag: Reading... [id=***/resourceGroups/rg-dev-base/providers/Microsoft.Insights/actionGroups/ag-dev-auth-ssss]
module.availabiliy_Heartbeat_test[0].data.azurerm_monitor_action_group.ag: Reading... [id=***/resourceGroups/rg-dev-base/providers/Microsoft.Insights/actionGroups/ag-dev-auth-ssss]
module.snet.azurerm_subnet.snet: Modifying... [id=***/resourceGroups/rsg-network/providers/Microsoft.Network/virtualNetworks/net-dev-iam-authentication/subnets/snet-dev-xxxx]
module.availabiliy_CheckDB_test[0].data.azurerm_application_insights.appi: Read complete after 0s [id=***/resourceGroups/rg-dev-temp/providers/Microsoft.Insights/components/appi-dev-xxxx]
module.availabiliy_Heartbeat_test[0].data.azurerm_application_insights.appi: Read complete after 0s [id=***/resourceGroups/rg-dev-temp/providers/Microsoft.Insights/components/appi-dev-xxxx]
module.availabiliy_CheckDB_test[0].azurerm_application_insights_web_test.test: Creating...
module.availabiliy_Heartbeat_test[0].azurerm_application_insights_web_test.test: Creating...
module.snet.azurerm_subnet.snet: Modifications complete after 0s [id=***/resourceGroups/rsg-network/providers/Microsoft.Network/virtualNetworks/net-dev-iam-authentication/subnets/snet-dev-xxxx]
module.snet.azurerm_app_service_virtual_network_swift_connection.vnet_integration: Creating...
module.availabiliy_CheckDB_test[0].data.azurerm_monitor_action_group.ag: Read complete after 1s [id=***/resourceGroups/rg-dev-base/providers/Microsoft.Insights/actionGroups/ag-dev-auth-ssss]
module.availabiliy_Heartbeat_test[0].data.azurerm_monitor_action_group.ag: Read complete after 1s [id=***/resourceGroups/rg-dev-base/providers/Microsoft.Insights/actionGroups/ag-dev-auth-ssss]
module.availabiliy_CheckDB_test[0].azurerm_application_insights_web_test.test: Creation complete after 3s [id=***/resourceGroups/rg-dev-temp/providers/Microsoft.Insights/webTests/Check DB connection appi-dev-xxxx]
module.availabiliy_Heartbeat_test[0].azurerm_application_insights_web_test.test: Creation complete after 3s [id=***/resourceGroups/rg-dev-temp/providers/Microsoft.Insights/webTests/Heartbeat appi-dev-xxxx]
module.snet.azurerm_app_service_virtual_network_swift_connection.vnet_integration: Creation complete after 5s [id=***/resourceGroups/rg-dev-temp/providers/Microsoft.Web/sites/app-dev-xxxx/config/virtualNetwork]
╷
│ Error: Provider produced inconsistent final plan
│ 
│ When expanding the plan for
│ module.availabiliy_Heartbeat_test[0].azurerm_monitor_metric_alert.alert to
│ include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for
│ .action: planned set element
│ cty.ObjectVal(map[string]cty.Value{"action_group_id":cty.UnknownVal(cty.String),
│ "webhook_properties":cty.NullVal(cty.Map(cty.String))}) does not correlate
│ with any element in actual.
│ 
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│ 
│ When expanding the plan for
│ module.availabiliy_CheckDB_test[0].azurerm_monitor_metric_alert.alert to
│ include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for
│ .action: planned set element
│ cty.ObjectVal(map[string]cty.Value{"action_group_id":cty.UnknownVal(cty.String),
│ "webhook_properties":cty.NullVal(cty.Map(cty.String))}) does not correlate
│ with any element in actual.
│ 
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
╵
##[error]Error: The process 'C:\deploy\agent-01\work\_work\_tool\terraform\1.1.4\x64\terraform.exe' failed with exit code 1
Finishing: Terraform Apply

The action_group_id is already created at execution time. It only happens when I execute the hole plan and create App Service before the rule. When I only execute it to create the rule it works as expected:

Starting: Terraform Apply
==============================================================================
Task         : Terraform
Description  : Execute terraform commands to manage resources on AzureRM, Amazon Web Services(AWS) and Google Cloud Platform(GCP)
Version      : 2.197.1
Author       : Microsoft Corporation
Help         : [Learn more about this task](https://aka.ms/AAese2w)
==============================================================================
C:\deploy\agent-01\work\_work\_tool\terraform\1.1.4\x64\terraform.exe providers

Providers required by configuration:
.
├── provider[registry.terraform.io/hashicorp/azurerm] ~> 2.94.0
├── module.plan
│   └── provider[registry.terraform.io/hashicorp/azurerm]
├── module.snet
│   └── provider[registry.terraform.io/hashicorp/azurerm]
├── module.app
│   └── provider[registry.terraform.io/hashicorp/azurerm]
├── module.availabiliy_CheckDB_test
│   └── provider[registry.terraform.io/hashicorp/azurerm]
└── module.availabiliy_Heartbeat_test
    └── provider[registry.terraform.io/hashicorp/azurerm]

Providers required by state:

    provider[registry.terraform.io/hashicorp/azurerm]

C:\deploy\agent-01\work\_work\_tool\terraform\1.1.4\x64\terraform.exe validate
Success! The configuration is valid.

C:\deploy\agent-01\work\_work\_tool\terraform\1.1.4\x64\terraform.exe apply -auto-approve dev-792343.out
module.availabiliy_Heartbeat_test[0].azurerm_application_insights_web_test.test: Creating...
module.availabiliy_CheckDB_test[0].azurerm_application_insights_web_test.test: Creating...
module.snet.azurerm_subnet.snet: Modifying... [id=***/resourceGroups/rsg-network/providers/Microsoft.Network/virtualNetworks/net-dev-iam-authentication/subnets/snet-dev-xxxx]
module.snet.azurerm_subnet.snet: Modifications complete after 0s [id=***/resourceGroups/rsg-network/providers/Microsoft.Network/virtualNetworks/net-dev-iam-authentication/subnets/snet-dev-xxxx]
module.availabiliy_CheckDB_test[0].azurerm_application_insights_web_test.test: Creation complete after 4s [id=***/resourceGroups/rg-dev-temp/providers/Microsoft.Insights/webTests/Check DB connection appi-dev-xxxx]
module.availabiliy_Heartbeat_test[0].azurerm_application_insights_web_test.test: Creation complete after 4s [id=***/resourceGroups/rg-dev-temp/providers/Microsoft.Insights/webTests/Heartbeat appi-dev-xxxx]

I've tried using dependency when calling the module but I still get the same error

RKSelvi commented 2 years ago

Ran into this similar issue. Created Action Group in Az Cli as I did not want to hard code multiple email receivers. Then used data call to get action group and used that to create action alert. I ran the same error stated here. I also had 'depends_on' but did not help. The only way to fix is, run only creation of action group and data call in TF and leave the creation of alert commented. Then uncomment and re-run to create alert based on the action group works.

mathsnunes commented 2 years ago

We're having the same issue here. Is there any updates about this?

rohit563 commented 2 years ago

Yup, running into the same issue.

venky554 commented 2 years ago

We are running in to same issue any updates?

askldjd commented 2 years ago

Same, still see this problem on Terraform 1.2.4 Azure Provider version 3.12.0

Reaaavaaahhh commented 2 years ago

Had a similar issue,

_When expanding the plan for azurerm_storage_account_customer_managed_key.storage_account_customer_managed_key to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for .keyversion: was null, but now cty.StringVal("xxxxxxxxxxxxxxxxxx").

Reverting terraform from 1.3.1 to 1.2.8 fixed the issue for me

derekwilliamsliquidx commented 1 year ago

This is still an issue with

Terraform 1.3.4 AzureRM 3.40.0

vats28 commented 1 year ago

Still coming with terraform 1.4.0 and azureRM 3.50.0

maltaf1 commented 1 year ago

For this issue

action {
- action_group_id = "/subscriptions/S/resourceGroups/RG/providers/Microsoft.Insights/actionGroups/AG" -> null
- webhook_properties = {} -> null
}
action {
action_group_id = "/subscriptions/S/resourcegroups/RG/providers/Microsoft.Insights/actiongroups/AG"
}

Workaround:

  action {
    action_group_id = data.azurerm_monitor_action_group.ag.id
    webhook_properties = {
         A = "workaround"
    } 
  }

Just add a custom property(s) and this will remove the error reported above.

larutow commented 1 year ago

Can confirm @maltaf1 suggestion for a workaround works to get the TF plan to apply in my specific case

brendzzer commented 7 months ago

This is still happening in Terraform 1.7.0 and AzureRM 3.61.0 and the @maltaf1 workaround doesn't seem to work for me.

Code -

resource "azurerm_monitor_metric_alert" "alert" { name = var.alert_name resource_group_name = var.rgname scopes = [var.data_source_id] description = var.description

dynamic "action" { for_each = var.monitor_action_group_ids content { action_group_id = action.value } }

enabled = var.override_alert_is_enabled severity = var.override_alert_config.severity frequency = var.override_alert_config.frequency window_size = var.override_alert_config.window_size auto_mitigate = var.override_alert_config.auto_mitigate

criteria { metric_namespace = var.override_criteria_settings.metric_namespace metric_name = var.override_criteria_settings.metric_name aggregation = var.override_criteria_settings.aggregation operator = var.override_criteria_settings.operator threshold = var.override_criteria_settings.threshold }

tags = var.tags }

Error -

Error: Provider produced inconsistent final plan │ │ When expanding the plan for │ module.cosmos_table.module.default_cosmos_alerts.module.low_service_availability.azurerm_monitor_metric_alert.alert │ to include new values learned so far during apply, provider │ "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for │ .action: planned set element │ cty.ObjectVal(map[string]cty.Value{"action_group_id":cty.UnknownVal(cty.String), │ "webhook_properties":cty.NullVal(cty.Map(cty.String))}) does not correlate │ with any element in actual. │ │ This is a bug in the provider, which should be reported in the provider's │ own issue tracker.