Case sensitivity to Resource Group name in resources azurerm_subnet_route_table_association and azurerm_subnet_network_security_group_association

gogonaft commented 7 months ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.5.7

AzureRM Provider Version

3.89.0

Affected Resource(s)/Data Source(s)

azurerm_subnet_route_table_association, azurerm_subnet_network_security_group_association

Terraform Configuration Files

resource "azurerm_subnet_route_table_association" "rt-subnet-1" {
  subnet_id      = azurerm_subnet.snet-1.id
  route_table_id = azurerm_route_table.rt1.id
}

resource "azurerm_resource_group" "resource-group-1" {
  name     = "abc-home-eastus-rg"  # all in lowercase initially and everywhere
  location = "eastus"
}

Debug Output/Panic Output

2024-02-12T12:16:17.019-0800 [WARN]  Provider "registry.terraform.io/hashicorp/azurerm" produced an unexpected new value for azurerm_subnet_route_table_association.rt-subnet-1 during refresh.
      - .subnet_id: was cty.StringVal("/subscriptions/12345-1111-222-333-4444444/resourceGroups/abc-home-eastus-rg/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/snet-1"), but now cty.StringVal("/subscriptions/12345-1111-222-333-4444444/resourceGroups/abc-HOME-eastus-RG/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/snet-1")

Expected Behaviour

Resource group name is returned by azurerm the same as configured in Terraform code. TF does not try to change/replace the resource.

Actual Behaviour

Resource group name is returned with random uppercasing by azurerm, not the same as configured in Terraform code. TF tries to change/replace the resource.

Steps to Reproduce

These resources were created >1year ago and we've not had any issues with applying new code over it until about Jan 12, 2024. No code changes were done to these resources in that period. After 12th of Jan we started to get RG name warnings and TF reacted with replacements for such resources, which is dangerous op for Prod envs and for some resources - impossible due to dependencies on resources inside affected resources.

Important Factoids

No response

References

Sounds similar to this blocked/unsatisfied PR which had a looong wait before being rejected: https://github.com/hashicorp/terraform-provider-azurerm/pull/22070 And original issue: https://github.com/hashicorp/terraform-provider-azurerm/issues/20138

I've seen in recent build v3.90.0 you've fixed "serverFarms" and "logicApp" issues with which we struggled recently as well, but RG name casing is still there, still old sdk in use. Imo, this needs to be addressed(worked around) in current SDK to avoid having ignore_changes everywhere in TF code. Ref: https://github.com/hashicorp/terraform-provider-azurerm/pull/24562 https://github.com/hashicorp/terraform-provider-azurerm/pull/24626

slideroh commented 6 months ago

@gogonaft We are struggling with the same issue. The resources were created over 1 year ago and until now everything worked fine. Actually, we have the same setup for 3 environments, and this happened only on Prod :D

  # module.subnet_X.azurerm_subnet_network_security_group_association.nsg must be replaced

  # module.subnet_X.azurerm_subnet_route_table_association.rt[0] must be replaced

~ subnet_id = "/subscriptions/1/resourceGroups/lowecase/providers/Microsoft.Network/virtualNetworks/x/subnets/y" -> "/subscriptions/1a9d07fa-358d-44c7-aaa4-190c40bd3f1f/resourceGroups/UPPERCASE/providers/Microsoft.Network/virtualNetworks/x/subnets/y" # forces replacement

In portal resource group is UPPERCASE.

Did you manage to fix/workaround this error? We didn't even change azurerm provider (3.75) and the error appeared...

gogonaft commented 6 months ago

Hey, It also appeared from nowhere to us, without version changes to any part of env/pipelines. Azure APIs live their own lives...

After azurerm and Azure Support talks, we eventually had to apply a workaround to affected resources. lifecycle { ignore_changes = [ subnet_id ] }

All discussions came to "wait for AzureRM to migrate to new library which would solve all casing issues". Not ETA for that was provided though.

slideroh commented 6 months ago

Good to know, no ETA is very promising ;) We applied the same workaround already few times.

lifecycle {  
  ignore_changes = [ subnet_id ]
 }

hashicorp / terraform-provider-azurerm