Modifying a logic app associated with integration account fails with `IntegrationAccountAssociationRequired`

[hendriklorenz]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.1.5

AzureRM Provider Version

3.2.0

Affected Resource(s)/Data Source(s)

azurerm_logic_app_workflow azurerm_logic_app_action_custom

Terraform Configuration Files

variable "resource_group_name" {
  type        = string
  default     = "rg"
}

variable "integration_account_name" {
  type        = string
  default     = "ia"
}

variable "receiver_url" {
  type        = string
}

variable "receiver_username" {
  type        = string
}

variable "receiver_password" {
  type        = string
}

data "azurerm_resource_group" "this" {
  name = var.resource_group_name
}

data "azurerm_logic_app_integration_account" "this" {
  name                = var.integration_account_name
  resource_group_name = data.azurerm_resource_group.this.name
}

resource "azurerm_logic_app_workflow" "this" {
  name                = "logicapp"
  location            = data.azurerm_resource_group.this.location
  resource_group_name = data.azurerm_resource_group.this.name
  logic_app_integration_account_id = data.azurerm_logic_app_integration_account.this.id
  workflow_parameters = {
    "$connections" = <<EOF
{
  "defaultValue": {},
  "type": "Object"
}
EOF
  }
  parameters = {
    "$connections" = <<EOF
{
  "edifact": {
    "connectionId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg/providers/Microsoft.Web/connections/edifact",
    "connectionName": "edifact",
    "id": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Web/locations/westeurope/managedApis/edifact"
  }
}
EOF
  }
}

resource "azurerm_logic_app_action_custom" "as2-decode" {
  name         = "as2-decode"
  logic_app_id = azurerm_logic_app_workflow.this.id
  body = <<BODY
{
    "description": "Decode the AS2 payload",
    "inputs": {
        "messageHeaders": "@triggerOutputs()['headers']",
        "messageToDecode": "@triggerBody()"
    },
    "runAfter": {},
    "type": "As2Decode"
}
BODY
}

resource "azurerm_logic_app_action_custom" "edifact-decode" {
  name         = "edifact-decode"
  logic_app_id = azurerm_logic_app_workflow.this.id
  depends_on = [
    azurerm_logic_app_action_custom.as2-decode
  ]
  body = <<BODY
{
    "description": "Decode the EDIFACT message content.",
    "inputs": {
        "body": "@body('${azurerm_logic_app_action_custom.as2-decode.name}')?['messageContent']",
        "host": {
            "connection": {
                "name": "@parameters('$connections')['edifact']['connectionId']"
            }
        },
        "method": "post",
        "path": "/decode",
        "queries": {
            "componentSeparator": 58,
            "dataElementSeparator": 43,
            "decimalIndicator": "Comma",
            "payloadCharacterSet": "Legacy",
            "releaseIndicator": 63,
            "repetitionSeparator": 42,
            "segmentTerminator": 39,
            "segmentTerminatorSuffix": "None"
        }
    },
    "runAfter": {
        "${azurerm_logic_app_action_custom.as2-decode.name}": [
            "Succeeded"
        ]
    },
    "type": "ApiConnection"
}
BODY
}

resource "azurerm_logic_app_action_custom" "push-to-inbox" {
  name = "push-to-inbox"
  logic_app_id = azurerm_logic_app_workflow.this.id
  depends_on = [
    azurerm_logic_app_action_custom.as2-decode,
    azurerm_logic_app_action_custom.edifact-decode
  ]
  body = <<BODY
{
    "actions": {
        "Compose": {
            "inputs": {
                "content": "@items('push-to-inbox')?['Payload']",
                "headers": {
                    "as2MessageId": "@body('${azurerm_logic_app_action_custom.as2-decode.name}')?['messageId']",
                    "buyerIdentifier": "@items('push-to-inbox')?['SenderIdentifier']",
                    "buyerQualifier": "@items('push-to-inbox')?['SenderQualifier']",
                    "edifactMessageType": "@items('push-to-inbox')?['UNH']?['UNH2.1']",
                    "supplierIdentifier": "@items('push-to-inbox')?['ReceiverIdentifier']",
                    "supplierQualifier": "@items('push-to-inbox')?['ReceiverQualifier']"
                }
            },
            "runAfter": {},
            "type": "Compose"
        },
        "HTTP": {
            "inputs": {
                "authentication": {
                    "type": "Basic",
                    "username": "${var.receiver_username}",
                    "password": "${var.receiver_password}"
                },
                "body": "@outputs('Compose')",
                "headers": {
                    "Content-Type": "application/json"
                },
                "method": "POST",
                "uri": "${var.receiver_url}"
            },
            "runAfter": {
                "Compose": [
                    "Succeeded"
                ]
            },
            "type": "Http"
        }
    },
    "foreach": "@body('${azurerm_logic_app_action_custom.edifact-decode.name}')?['GoodMessages']",
    "runAfter": {
        "${azurerm_logic_app_action_custom.edifact-decode.name}": [
            "Succeeded"
        ]
    },
    "type": "Foreach"
  }  
BODY
}

Debug Output/Panic Output

Error: removing Action Action: (Name "push-to-inbox" / Workflow Name "main-receive-as2-9kmnx4" / Resource Group "rg"): removing Action "push-to-inbox" from Logic App Workspace "main-receive-as2-9kmnx4" (Resource Group "rg"): logic.WorkflowsClient#CreateOrUpdate: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="IntegrationAccountAssociationRequired" Message="The workflow must be associated with an integration account to use the workflow run action 'as2-decode' of type 'As2Decode'."

Expected Behaviour

Destroy should have destroyed the actions.

Actual Behaviour

Destroy did fail with the error message "IntegrationAccountAssociationRequired" although an integration account is associated with the workflow.

Steps to Reproduce

1. terraform apply
2. terraform destroy

Important Factoids

No response

References

No response

[dimangulov]

The same issue on our side