Error "Provider produced inconsistent final plan" for Application Gateway TLS certs

[samrobillard]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.6.0

AzureRM Provider Version

3.84.0

Affected Resource(s)/Data Source(s)

azurerm_application_gateway

Terraform Configuration Files

dynamic "http_listener" {
    for_each = var.http_listeners

    content {
      name                           = http_listener.value.name
      frontend_ip_configuration_name = http_listener.value.is_public ? "gateway-frontend-ip" : "gateway-private-ip"
      frontend_port_name             = http_listener.value.protocol == "Https" ? "port_443" : "port_80"
      protocol                       = http_listener.value.protocol

      host_names           = http_listener.value.host_names
      ssl_certificate_name = http_listener.value.ssl_certificate_name
    }
  }

Debug Output/Panic Output

When expanding the plan for module.gateway.module.application_gateway.azurerm_application_gateway.ag to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for .ssl_certificate: planned set element cty.ObjectVal(map[string]cty.Value{"data":cty.NullVal(cty.String), "id":cty.StringVal("CERT RES ID"), "key_vault_secret_id":cty.StringVal("CERT KV URL"), "name":cty.StringVal("CERT NAME"), "password":cty.NullVal(cty.String), "public_cert_data":cty.StringVal("")}) does not correlate with any element in actual.

This is a bug in the provider, which should be reported in the provider's own issue tracker.

Expected Behaviour

No response

Actual Behaviour

SSL certificates is not created or updates

Steps to Reproduce

No response

Important Factoids

No response

References

No response

[teowa]

Hi @samrobillard, the error message is about the ssl_certificate block. I can find similar issue in https://github.com/hashicorp/terraform-provider-azurerm/issues/22651. Could you please share a runnable config which can reproduce this? Thanks.