`change_feed_enabled` / `versioning_enabled` must be `true` when `restore_policy` is set

[jaywithersbrewin]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.5.0

AzureRM Provider Version

3.62.1

Affected Resource(s)/Data Source(s)

azurerm_storage_account

Terraform Configuration Files

resource "azurerm_storage_account" "web_app" {

  name                            = "${module.naming_standard.azure_resources["storage_account"]}webapp"
  resource_group_name             = azurerm_resource_group.resource_group.name
  location                        = azurerm_resource_group.resource_group.location
  account_tier                    = "Standard"
  account_replication_type        = "GRS"
  min_tls_version                 = "TLS1_2"
  public_network_access_enabled   = false
  allow_nested_items_to_be_public = false

  blob_properties {
    container_delete_retention_policy {}
    delete_retention_policy {}
    restore_policy {
      days = 6
    }
  }

  queue_properties {
    logging {
      delete  = true
      read    = true
      version = "1.0"
      write   = true
    }
  }
}

Debug Output/Panic Output

Error: `change_feed_enabled` must be `true` when `restore_policy` is set

Error: `versioning_enabled` must be `true` when `restore_policy` is set

Expected Behaviour

Should get the error on TF validate / plan

Actual Behaviour

Didn't get the error until TF apply

Steps to Reproduce

terraform apply

Important Factoids

No response

References

No response

[magodo]

@rcskosir Sorry for this unfortunate fact that some of these validations happen at apply time instead of validate/plan time.

The reason is that at validate/plan time, the properties that are interested might be unknown (e.g. due to referencing some known-after-apply values from other resources) until apply. The provider can only validate properties that are known at that point. The current SDK under used (terraform-plugin-sdk) does not well support checking (un)knowness during config validation, especially for those nested properties (e.g. the properties mentioned in this issue).

We're planning to migrate to the new SDK terraform-plugin-framework, at which point we can come back to improve the config validation, as it supports well for checking (un)knowness for both top-level and nested properties.

[jaywithersbrewin]

Thanks for the reply.

I look forward to improved config validation in the future.

[cid:d9bd8f5d-9720-40cb-a05e-c0dc4c4aa5ef]

---

From: magodo @.> Sent: 29 June 2023 06:43 To: hashicorp/terraform-provider-azurerm @.> Cc: Jay Withers @.>; Author @.> Subject: Re: [hashicorp/terraform-provider-azurerm] change_feed_enabled / versioning_enabled must be true when restore_policy is set (Issue #22291)

@rcskosirhttps://github.com/rcskosir Sorry for this unfortunate fact that some of these validations happen at apply time instead of validate/plan time.

The reason is that at validate/plan time, the properties that are interested might be unknown (e.g. due to referencing some known-after-apply values from other resources) until apply. The provider can only validate properties that are known at that point. The current SDK under used (terraform-plugin-sdk) does not well support checking (un)knowness during config validation, especially for those nested properties (e.g. the properties mentioned in this issue).

We're planning to migrate to the new SDK terraform-plugin-framework, at which point we can come back to improve the config validation, as it supports well for checking (un)knowness for both top-level and nested properties.

— Reply to this email directly, view it on GitHubhttps://github.com/hashicorp/terraform-provider-azurerm/issues/22291#issuecomment-1612462132, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A6BCOHDRKDK67E65P57JQOLXNUIXBANCNFSM6AAAAAAZVE2HYI. You are receiving this because you authored the thread.Message ID: @.***>