azurerm_api_management_api_operation_tag creates / overwrites tag instead of just attaching

dennis1f commented 6 months ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.7.4

AzureRM Provider Version

3.93.0

Affected Resource(s)/Data Source(s)

azurerm_api_management_api_operation_tag

Terraform Configuration Files

terraform {
  backend "local" {
    path = "apimtest.tfstate"
  }
}

provider "azurerm" {
  features {}
  skip_provider_registration = true
}

data "azurerm_api_management" "example" {
  name                = "APIMTest5567"
  resource_group_name = "RGTest"
}

resource "azurerm_api_management_api" "example" {
  name                = "example-api"
  resource_group_name = data.azurerm_api_management.example.resource_group_name
  api_management_name = data.azurerm_api_management.example.name
  display_name = "User"
protocols           = ["https"]
  revision            = "1"
}

resource "azurerm_api_management_api_operation" "example" {
  operation_id        = "user-delete"
  api_name            = azurerm_api_management_api.example.name
  api_management_name = data.azurerm_api_management.example.name
  resource_group_name = data.azurerm_api_management.example.resource_group_name
  display_name        = "Delete User Operation"
  method              = "DELETE"
  url_template        = "/users/{id}/delete"
  description         = "This can only be done by the logged in user."

  template_parameter {
    name     = "id"
    type     = "number"
    required = true
  }

  response {
    status_code = 200
  }
}

# Create tag "example-tag"
resource "azurerm_api_management_tag" "example" {
  api_management_id = data.azurerm_api_management.example.id
  name              = "example-tag"
}

# Attach tag "example-tag" to api
resource "azurerm_api_management_api_tag" "example" {
  api_id = azurerm_api_management_api.example.id
  name   = azurerm_api_management_tag.example.name
}

# Attach tag "example-tag" to operation
resource "azurerm_api_management_api_operation_tag" "example" {
  api_operation_id = azurerm_api_management_api_operation.example.id
  name             = azurerm_api_management_tag.example.name
  display_name     = "This is already managed by azurerm_api_management_tag.example resource"
}

Debug Output/Panic Output

This is the 2nd terraform apply run.

  # azurerm_api_management_api_tag.example must be replaced
-/+ resource "azurerm_api_management_api_tag" "example" {
      ~ api_id = "/subscriptions/xxx/resourceGroups/RGTest/providers/Microsoft.ApiManagement/service/APIMTest5567/apis/example-api" -> "/subscriptions/xxx/resourceGroups/RGTest/providers/Microsoft.ApiManagement/service/APIMTest5567/apis/example-api;rev=1" # forces replacement
      ~ id     = "/subscriptions/xxx/resourceGroups/RGTest/providers/Microsoft.ApiManagement/service/APIMTest5567/apis/example-api/tags/example-tag" -> (known after apply)
        name   = "example-tag"
    }

Plan: 1 to add, 0 to change, 1 to destroy.

Expected Behaviour

There should be one tag with name "example-tag" which is attached to example api and example api operation.

Actual Behaviour

There is one tag with name "This is already managed by azurerm_api_management_tag.example resource" which is attached to example api and example api operation. And with next terraform apply the api tag will be replaced again.

Steps to Reproduce

terraform apply
terraform apply

Important Factoids

No response

References

No response

alexwiese commented 6 months ago

This is related to #24705 Appears to be introduced by changes in #23031

Theres some peculiarity around how the ID of APIs in APIM is handled via the ARM REST API, relating to the “current” revision.

Corendiel commented 5 months ago

In the mean time you can fix it by adding a split function to trim the ;rev=1

api_id = split(";", azurerm_api_management_api.example.id)[0]

Aujjani commented 5 months ago

Hello @dennis1f
did you find any fix for this issue?

@Corendiel can you eloborate on how to do the change you just suggested

Corendiel commented 5 months ago

@Aujjani,

The issue is that in a recent version they added the revision number ;rev=1 to the api_id. So until they fix how they will handle that change you can remove the ;rev=1 from the id by using the split function to trim that part.

dennis1f commented 5 months ago

@Aujjani I've created a patched azurerm provider which fixed the initial bug for me (creating of a tag instead of just attaching). This is based on an older version and is not affected by the ;rev=1 bug. However I'm not happy with the fix so I can't upstream it.

So besides the ;rev=1 stuff, I do believe that the behaviour that azurerm_api_management_api_operation_tag tries to create a tag instead of just attaching to an existing tag is a bug. At least it is not consistent with the behaviour of azurerm_api_management_api_tag and should be changed. azurerm_api_management_api_operation_tag should not have a property display_name. It should only attach tag to an operation.

hashicorp / terraform-provider-azurerm