Provider produced inconsistent result after apply

cshea-msft commented 1 year ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.5.3

AzureRM Provider Version

3.67.0

Affected Resource(s)/Data Source(s)

azurerm_sentinel_data_connector

Terraform Configuration Files

// Create data connector for Azure Active Directory
resource "azurerm_sentinel_data_connector_azure_active_directory" "aad" {
  name                       = "azure_active_directory"
  log_analytics_workspace_id = azurerm_log_analytics_workspace.law.id
  depends_on = [
    azurerm_sentinel_log_analytics_workspace_onboarding.law_onboarding
  ]
}

// Create data connector for Azure Advanced Threat protection
// E5 License is required for this connector
resource "azurerm_sentinel_data_connector_azure_advanced_threat_protection" "aad_advanced_threat_protection" {
  name                       = "azure_advanced_threat_protection"
  log_analytics_workspace_id = azurerm_log_analytics_workspace.law.id
  depends_on = [
    azurerm_sentinel_log_analytics_workspace_onboarding.law_onboarding
  ]
}

// Create data connector for Defender for Cloud
resource "azurerm_sentinel_data_connector_azure_security_center" "dfc" {
  name                       = "azure_security_center"
  log_analytics_workspace_id = azurerm_log_analytics_workspace.law.id
  subscription_id            = var.sub_id
  depends_on = [
    azurerm_sentinel_log_analytics_workspace_onboarding.law_onboarding
  ]
}
// Create a data connector for Dynamics 365
resource "azurerm_sentinel_data_connector_dynamics_365" "d365" {
  name                       = "dynamics_365"
  log_analytics_workspace_id = azurerm_log_analytics_workspace.law.id
  depends_on = [
    azurerm_sentinel_log_analytics_workspace_onboarding.law_onboarding
  ]
}

// Create a data connector for IoT
resource "azurerm_sentinel_data_connector_iot" "iot" {
  name                       = "iot"
  log_analytics_workspace_id = azurerm_log_analytics_workspace.law.id
  subscription_id            = var.sub_id
  depends_on = [
    azurerm_sentinel_log_analytics_workspace_onboarding.law_onboarding
  ]
}

// Create data connector for Microsoft Cloud App Security
// E5 license is required for this connector
resource "azurerm_sentinel_data_connector_microsoft_cloud_app_security" "microsoft_cloud_app_security" {
  name                       = "microsoft_cloud_app_security"
  log_analytics_workspace_id = azurerm_log_analytics_workspace.law.id
  depends_on = [
    azurerm_sentinel_log_analytics_workspace_onboarding.law_onboarding
  ]
}

// Create data connector for Microsoft Defender for Endpoint
resource "azurerm_sentinel_data_connector_microsoft_defender_advanced_threat_protection" "microsoft_defender_advanced_threat_protection" {
  name                       = "microsoft_defender_advanced_threat_protection"
  log_analytics_workspace_id = azurerm_log_analytics_workspace.law.id
  tenant_id = "5c5e1a56-251f-44b1-8f67-c97243f9e7cb"
  depends_on = [
    azurerm_sentinel_log_analytics_workspace_onboarding.law_onboarding
  ]
}

// Create data connector for Microsoft Threat Intelligence
resource "azurerm_sentinel_data_connector_microsoft_threat_intelligence" "microsoft_threat_intelligence" {
  name                                         = "microsoft_threat_intelligence"
  log_analytics_workspace_id                   = azurerm_log_analytics_workspace.law.id
  microsoft_emerging_threat_feed_lookback_date = "2023-01-01T00:00:00Z"
  depends_on = [
    azurerm_sentinel_log_analytics_workspace_onboarding.law_onboarding
  ]
}
// Create a data connector for Microsoft Threat Protection
resource "azurerm_sentinel_data_connector_microsoft_threat_protection" "microsoft_threat_protection" {
  name                       = "microsoft_threat_protection"
  log_analytics_workspace_id = azurerm_log_analytics_workspace.law.id
  tenant_id = "5c5e1a56-251f-44b1-8f67-c97243f9e7cb"
  depends_on = [
    azurerm_sentinel_log_analytics_workspace_onboarding.law_onboarding
  ]
}

// Create a data connector for Threat Intelligence
resource "azurerm_sentinel_data_connector_threat_intelligence" "threat_intelligence" {
  name                       = "threat_intelligence"
  log_analytics_workspace_id = azurerm_log_analytics_workspace.law.id
  depends_on = [
    azurerm_sentinel_log_analytics_workspace_onboarding.law_onboarding
  ]
}

/*
// Create data connector for Threat Intelligence Taxii
// Need api_root_url and collection_id
resource "azurerm_sentinel_data_connector_threat_intelligence_taxii" "threat_intelligence_taxii" {
  name                       = "threat_intelligence_taxii"
  log_analytics_workspace_id = azurerm_log_analytics_workspace.law.id
  display_name               = "Threat Intelligence Taxii"
  api_root_url               = var.api_root_url
  collection_id              = var.collection_id
}
*/

# Data Connectors for Microsoft 365

// Create data connector for office 365
resource "azurerm_sentinel_data_connector_office_365" "o365" {
  name                       = "office_365"
  log_analytics_workspace_id = azurerm_log_analytics_workspace.law.id
  exchange_enabled           = true
  teams_enabled              = true
  sharepoint_enabled         = true
  depends_on = [
    azurerm_sentinel_log_analytics_workspace_onboarding.law_onboarding
  ]
}

// Create data connector for Office 365 Project
resource "azurerm_sentinel_data_connector_office_365_project" "o365_project" {
  name                       = "office_365_project"
  log_analytics_workspace_id = azurerm_log_analytics_workspace.law.id
  depends_on = [
    azurerm_sentinel_log_analytics_workspace_onboarding.law_onboarding
  ]
}

// Create data connector for Office 365 ATP
resource "azurerm_sentinel_data_connector_office_atp" "o365_advanced_threat_protection" {
  name                       = "office_365_advanced_threat_protection"
  log_analytics_workspace_id = azurerm_log_analytics_workspace.law.id
  depends_on = [
    azurerm_sentinel_log_analytics_workspace_onboarding.law_onboarding
  ]
}

// Create a data connector for Office 365 IRM
resource "azurerm_sentinel_data_connector_office_irm" "o365_information_rights_management" {
  name                       = "office_365_information_rights_management"
  log_analytics_workspace_id = azurerm_log_analytics_workspace.law.id
  depends_on = [
    azurerm_sentinel_log_analytics_workspace_onboarding.law_onboarding
  ]
}

// Create a data connector for Office 365 Power BI
resource "azurerm_sentinel_data_connector_office_power_bi" "o365_power_bi" {
  name                       = "office_365_power_bi"
  log_analytics_workspace_id = azurerm_log_analytics_workspace.law.id
  depends_on = [
    azurerm_sentinel_log_analytics_workspace_onboarding.law_onboarding
  ]
}

...terraform config...

Debug Output/Panic Output

[terraform.log](https://github.com/hashicorp/terraform-provider-azurerm/files/12280352/terraform.log)

Expected Behaviour

Should have deployed the connectors to Sentinel

Actual Behaviour

Error: Provider produced inconsistent result after apply │ │ When applying changes to module.modules.azurerm_sentinel_data_connector_azure_active_directory.aad, provider │ "provider["registry.terraform.io/hashicorp/azurerm"]" produced an unexpected new value: Root resource was present, │ but now absent. │ │ This is a bug in the provider, which should be reported in the provider's own issue tracker. ╵ ╷ │ Error: Provider produced inconsistent result after apply │ │ When applying changes to │ module.modules.azurerm_sentinel_data_connector_microsoft_defender_advanced_threat_protection.microsoft_defender_advanced_threat_protection, │ provider "provider["registry.terraform.io/hashicorp/azurerm"]" produced an unexpected new value: Root resource was │ present, but now absent. │ │ This is a bug in the provider, which should be reported in the provider's own issue tracker. ╵ ╷ │ Error: Provider produced inconsistent result after apply │ │ When applying changes to │ module.modules.azurerm_sentinel_data_connector_azure_advanced_threat_protection.aad_advanced_threat_protection, │ provider "provider["registry.terraform.io/hashicorp/azurerm"]" produced an unexpected new value: Root resource was │ present, but now absent. │ │ This is a bug in the provider, which should be reported in the provider's own issue tracker. ╵ ╷ │ Error: Provider produced inconsistent result after apply │ │ When applying changes to module.modules.azurerm_sentinel_data_connector_office_365.o365, provider │ "provider["registry.terraform.io/hashicorp/azurerm"]" produced an unexpected new value: Root resource was present, │ but now absent. │ │ This is a bug in the provider, which should be reported in the provider's own issue tracker. ╵ ╷ │ Error: Provider produced inconsistent result after apply │ │ When applying changes to module.modules.azurerm_sentinel_data_connector_office_power_bi.o365_power_bi, provider │ "provider["registry.terraform.io/hashicorp/azurerm"]" produced an unexpected new value: Root resource was present, │ but now absent. │ │ This is a bug in the provider, which should be reported in the provider's own issue tracker.

Steps to Reproduce

terraform init terraform apply

Important Factoids

No response

References

terraform.log

cshea-msft commented 1 year ago

also tried on version 3.68.0 is still same errors

Error: Provider produced inconsistent result after apply │ │ When applying changes to module.modules.azurerm_sentinel_data_connector_office_atp.o365_advanced_threat_protection,
│ provider "provider[\"registry.terraform.io/hashicorp/azurerm\"]" produced an unexpected new value: Root resource was │ present, but now absent. │ │ This is a bug in the provider, which should be reported in the provider's own issue tracker. ╵ ╷ │ Error: Provider produced inconsistent result after apply │ │ When applying changes to module.modules.azurerm_sentinel_data_connector_office_365_project.o365_project, provider
│ "provider[\"registry.terraform.io/hashicorp/azurerm\"]" produced an unexpected new value: Root resource was present, │ but now absent. │ │ This is a bug in the provider, which should be reported in the provider's own issue tracker. ╵ ╷ │ Error: Provider produced inconsistent result after apply │ │ When applying changes to │ module.modules.azurerm_sentinel_data_connector_microsoft_cloud_app_security.microsoft_cloud_app_security, provider
│ "provider[\"registry.terraform.io/hashicorp/azurerm\"]" produced an unexpected new value: Root resource was present, │ but now absent. │ │ This is a bug in the provider, which should be reported in the provider's own issue tracker. ╵

jwshive commented 1 year ago

Just curious, what resource location were you selecting? I'm having this pop up on north central us but not on east us.

cshea-msft commented 1 year ago

its all in EUS

marcusfriede commented 1 year ago

I have a similar problem (identical error message) with the resource "azurerm_automation_job_schedule" │ Error: Provider produced inconsistent result after apply │ │ When applying changes to xyz, provider "provider[\"registry.terraform.io/hashicorp/azurerm\"]" │ produced an unexpected new value: Root resource was present, but now absent. │ │ This is a bug in the provider, which should be reported in the provider's own issue tracker.

klausgh4836 commented 1 year ago

also tried on version 3.68.0 is still same errors

With the azurerm provider version "3.65.0" I was able to apply the changes. After the apply I switched back to the latest provider version ">=3.65.0". The next apply run without problems. I did not make any changes to the code.

klausgh4836 commented 7 months ago

@rcskosir can you please support us with this case?

We are now getting problems with the dependecies on azurerm provider features, which need a version that are greater than 3.65.0 .

With version 3.65.0 is it running without any problems. Versions greater than 3,65.0 run into errors. I run the terraform command in the debug mode with the actual version 3.91.0 and version 3.65.0.

The output of the version 3.91.0 is showing that there is a problem with the jobScheduleId, which is returned from the API. With version 3.65.0 the jobScheduleId is the same as in the PUT request.

With version 3.91.0 the API returns a new jobScheduleId. When terraform tries to verify that the resource has been created, it is not using the jobScheduelId from the API response. It is using the one from the PUT request, which results in an HTTP 404.

If have attached two files, which are anonymised. NoErrorMessagesTerraformVersion_3_65_0.txt ErrorMessagesTerraformVersionLagerThen3_65_0.txt

The file ErrorMessagesTerraformVersionLagerThen3_65_0.txt contains the output with version 3.9.1.0. The response from the PUT comand is at line 99.

The file NoErrorMessagesTerraformVersion_3_65_0.txt contains the output with version 3.65.0 . The response from the PUT comand is at line 65.

hashicorp / terraform-provider-azurerm