azurerm_machine_learning_workspace high_business_impact argument is always getting set to true

[satyakrish]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.0.5

AzureRM Provider Version

3.34

Affected Resource(s)/Data Source(s)

azurerm_machine_learning_workspace

Terraform Configuration Files

resource "azurerm_machine_learning_workspace" "mlw" {
  name                = module.optum_resource_name.name
  resource_group_name = var.resource_group_name
  location            = var.location
  tags                = module.optum_tags.tags

  application_insights_id        = var.application_insights_id
  container_registry_id          = var.container_registry_id
  description                    = var.description
  friendly_name                  = var.friendly_name
  high_business_impact           = false # or null
  image_build_compute_name       = var.image_build_compute_name
  key_vault_id                   = var.key_vault_id
  primary_user_assigned_identity = var.primary_user_assigned_identity
  public_network_access_enabled  = var.public_network_access_enabled
  sku_name                       = var.sku_name
  storage_account_id             = var.storage_account_id
  v1_legacy_mode_enabled         = var.v1_legacy_mode_enabled

  encryption {
    key_vault_id              = var.encryption.key_vault_id
    key_id                    = var.encryption.key_id
    user_assigned_identity_id = var.encryption.user_assigned_identity_id
  }

  identity {
    type         = local.identity_type
    identity_ids = local.identity_ids
  }

}

Debug Output/Panic Output

na

Expected Behaviour

high_business_impact when set to false or null should stay false.

Actual Behaviour

high_business_impact when set to false -> terraform apply completes successfully. But subsequent terraform plan changes changes it from false to true again.

same happens when its value is set to null.

so high_business_impact=true seems to be the only working case now.

Steps to Reproduce

1. Create an azure macnine learning workspace with high_business_impact = false/null
2. run terraform apply -> successful
3. run terraform plan -> shows high_business_impact will be updated from false to true.

Important Factoids

none

References

none

[LiamLeane]

Realize this is a stale issue but confirming its still occurring in v4.

The behavior is because if any value is set for the encryption block or public network access is disabled the API marks the resource as high business impact. Next plan resource has it set to true and the HCL has it set to false or null, change detected and resource replaces.

The provider should ignore changes to high_business_impact if encryption block has a value or public_network_access_enabled is set to false.

Issue workaround is currently setting high_business_impact to true or setting a lifecycle ignore on high_business_impact