azurerm_application_insights wants to replace due to change in workspace_id casing

[hobbesuk]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.3.2

AzureRM Provider Version

3.26.0

Affected Resource(s)/Data Source(s)

azurerm_application_insights

Terraform Configuration Files

n/a

Debug Output/Panic Output

n/a

Expected Behaviour

Nothing, the resource hasn't changed.

Actual Behaviour

Terraform wants to replace the resource which would mean loosing all the logs

Steps to Reproduce

terraform plan

Produces output like this:

  # module.web.azurerm_application_insights.web_ws["instance"] must be replaced
-/+ resource "azurerm_application_insights" "web_ws" {
      ~ app_id                                = "xxx" -> (known after apply)
      ~ connection_string                     = (sensitive value)
      ~ daily_data_cap_in_gb                  = 100 -> (known after apply)
      ~ daily_data_cap_notifications_disabled = false -> (known after apply)
      ~ id                                    = "/subscriptions/xxx/resourceGroups/canary-web/providers/Microsoft.Insights/components/canary-insights" -> (known after apply)
      ~ instrumentation_key                   = (sensitive value)
        name                                  = "canary-insights"
      ~ workspace_id                          = "/subscriptions/xxx/resourcegroups/monitoring/providers/microsoft.operationalinsights/workspaces/analytics-Canary" -> "/subscriptions/xxx/resourceGroups/monitoring/providers/Microsoft.OperationalInsights/workspaces/analytics-Canary" # forces replacement
        # (10 unchanged attributes hidden)
    }

Notice the change of resoucegroups to resourceGroups and microsoft.operationalinsights to Microsoft.OperationalInsights

I've seen older version of 3.x have issues around this but seems that all issues have been fixed?

Even if I go and edit the state file to change the references to what it expects and a plan -refresh-only is clean, but a normal plan wants to replace the resource.

Important Factoids

No response

References

No response

[hobbesuk]

Might be relevant info... the workspace_id I'm populating form a azurerm_log_analytics_workspace data source. The id casing in the state file matches that in azure, its appears the data source is somehow trying to change the case.

[catriona-m]

Hi @hobbesuk thanks for opening this. I tried reproducing this but wasn't able to produce the error you saw. Is there any other information that might be relevant for reproducing?

[nnnvvvcv]

We are also seeing this behaviour. @hobbesuk did you find a workaround? Although ours relates to the resource id of Application Insights.

This is what's planned:

  # azurerm_api_management_logger.apim-application-insights must be replaced
-/+ resource "azurerm_api_management_logger" "apim-application-insights" {
      - description         = "" -> null
      ~ id                  = "/subscriptions/xxxx/resourceGroups/xxxx/providers/Microsoft.ApiManagement/service/apim-app-dev/loggers/ai-app-dev" -> (known after apply)
        name                = "ai-agkipg-app-dev"
      ~ resource_id         = "/subscriptions/xxxx/resourceGroups/xxxx/providers/microsoft.insights/components/ai-app-dev" -> "/subscriptions/xxxx/resourceGroups/xxxx/providers/Microsoft.Insights/components/ai-app-dev" # forces replacement
        # (3 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

[pacorreia]

I'll probably open a new issue, but still pretty valid to refer here, that changing the workspace of an application insights should not require its replacement.

If any of us go to Application Insights properties and change the log analytics workspace to another, that an allowed operation!

So here it's wrong to trigger a replacement, worst case should give an error message on invalid workspace resource id, but never to replace application insights.

This is achieved by using the following operation:

PATCH https://management.azure.com/subscriptions/<subscription_id>/resourceGroups/<resource_group_name>/providers/microsoft.insights/components/<application_insights_name>?api-version=2020-02-02-preview
Authorization: Bearer <access_token>
Content-Type: application/json

{
  "properties": {
    "WorkspaceResourceId": "/subscriptions/<subscription_id>/resourceGroups/<resource_group_name>/providers/Microsoft.OperationalInsights/workspaces/<log_analyticis_workspace_name>"
  }
}

Tested and working,

[mkusmiy]

looks like issue was fixed in 3.33 - at least issue does not reproduce anymore for me after upgrade from 3.27 to 3.47 https://github.com/hashicorp/terraform-provider-azurerm/pull/19325 https://github.com/hashicorp/terraform-provider-azurerm/issues/13348

[rcskosir]

Thanks for taking the time to submit this issue. It looks like this has been resolved as of v3.47, per the comment by @mkusmiy. As such, I am going to mark this issue as closed.

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.