azurerm_api_management_gateway_api always gets recreated when using --target

[Andrei-Predoiu]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.7.4

AzureRM Provider Version

3.89.0

Affected Resource(s)/Data Source(s)

azurerm_api_management_gateway_api

Terraform Configuration Files

resource "azurerm_api_management_api" "api" {
  api_management_name   = data.azurerm_api_management.apim.name
  resource_group_name   = data.azurerm_api_management.apim.resource_group_name
  name                  = local.internalName
  revision              = var.Revision
  version               = var.ApiVersion > 0 ? "v${var.ApiVersion}" : null
  version_set_id        = local.versionSetID
  display_name          = var.Name
  path                  = var.Path
  service_url           = var.ServiceUrl
  protocols             = ["https"]
  subscription_required = true
  description           = var.Description

  import {
    content_format = var.ContentFormat
    content_value  = var.ContentValue
  }
}

resource "azurerm_api_management_api_version_set" "versioned_api" {
  count               = var.ApiVersion == 1 ? 1 : 0
  api_management_name = data.azurerm_api_management.apim.name
  resource_group_name = data.azurerm_api_management.apim.resource_group_name
  display_name        = var.Name
  name                = local.internalName
  versioning_scheme   = "Segment"
}

resource "azurerm_api_management_gateway_api" "gke_gw" {
  gateway_id = data.azurerm_api_management_gateway.gateway.id
  api_id     = azurerm_api_management_api.api.id
}

Debug Output/Panic Output

I don't always specified revisions in my apis and now my plan obviously requires i recreate the azurerm_api_management_gateway_api resource. The problem is, this happens every time i run terraform.

$ terraform plan
Terraform will perform the following actions:

  # module.es.module.echoapi-file.azurerm_api_management_gateway_api.gke_gw must be replaced
-/+ resource "azurerm_api_management_gateway_api" "gke_gw" {
      ~ api_id     = "/subscriptions/redacted/resourceGroups/apim-dev/providers/Microsoft.ApiManagement/service/redacted/apis/echoapi-file" -> "/subscriptions/redacted/resourceGroups/apim-dev/providers/Microsoft.ApiManagement/service/redacted/apis/echoapi-file;rev=1" # forces replacement
      ~ id         = "/subscriptions/redacted/resourceGroups/apim-dev/providers/Microsoft.ApiManagement/service/redacted/gateways/apigwtest/apis/echoapi-file" -> (known after apply)
        # (1 unchanged attribute hidden)
    }

[...]

$ terraform apply --target="module.es.module.echoapi-file.azurerm_api_management_gateway_api.gke_gw"
 Acquiring state lock. This may take a few moments...
 module.es.module.echoapi-file.data.azurerm_resource_group.rg: Reading...
 module.es.module.echoapi-file.data.azurerm_resource_group.rg: Read complete after 0s [id=/subscriptions/redacted/resourceGroups/apim-dev]
 module.es.module.echoapi-file.data.azurerm_api_management.apim: Reading...
 module.es.module.echoapi-file.data.azurerm_api_management.apim: Read complete after 1s [id=/subscriptions/redacted/resourceGroups/apim-dev/providers/Microsoft.ApiManagement/service/redacted]
 module.es.module.echoapi-file.data.azurerm_api_management_gateway.gateway: Reading...
 module.es.module.echoapi-file.azurerm_api_management_api.api: Refreshing state... [id=/subscriptions/redacted/resourceGroups/apim-dev/providers/Microsoft.ApiManagement/service/redacted/apis/echoapi-file;rev=1]
 module.es.module.echoapi-file.data.azurerm_api_management_gateway.gateway: Read complete after 0s [id=/subscriptions/redacted/resourceGroups/apim-dev/providers/Microsoft.ApiManagement/service/redacted/gateways/apigwtest]
 module.es.module.echoapi-file.azurerm_api_management_gateway_api.gke_gw: Refreshing state... [id=/subscriptions/redacted/resourceGroups/apim-dev/providers/Microsoft.ApiManagement/service/redacted/gateways/apigwtest/apis/echoapi-file]

 Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
 -/+ destroy and then create replacement

 Terraform will perform the following actions:

   # module.es.module.echoapi-file.azurerm_api_management_gateway_api.gke_gw must be replaced
 -/+ resource "azurerm_api_management_gateway_api" "gke_gw" {
       ~ api_id     = "/subscriptions/redacted/resourceGroups/apim-dev/providers/Microsoft.ApiManagement/service/redacted/apis/echoapi-file" -> "/subscriptions/redacted/resourceGroups/apim-dev/providers/Microsoft.ApiManagement/service/redacted/apis/echoapi-file;rev=1" # forces replacement
       ~ id         = "/subscriptions/redacted/resourceGroups/apim-dev/providers/Microsoft.ApiManagement/service/redacted/gateways/apigwtest/apis/echoapi-file" -> (known after apply)
         # (1 unchanged attribute hidden)
     }

 Plan: 1 to add, 0 to change, 1 to destroy.
 ╷
 │ Warning: Resource targeting is in effect
 │
 │ You are creating a plan with the -target option, which means that the result of this plan may not represent all of the changes requested by the current configuration.
 │
 │ The -target option is not for routine use, and is provided only for exceptional situations such as recovering from errors or mistakes, or when Terraform specifically suggests to use it as part of an error message.
 ╵

 Do you want to perform these actions?
   Terraform will perform the actions described above.
   Only 'yes' will be accepted to approve.

   Enter a value: yes

 module.es.module.echoapi-file.azurerm_api_management_gateway_api.gke_gw: Destroying... [id=/subscriptions/redacted/resourceGroups/apim-dev/providers/Microsoft.ApiManagement/service/redacted/gateways/apigwtest/apis/echoapi-file]
 module.es.module.echoapi-file.azurerm_api_management_gateway_api.gke_gw: Destruction complete after 1s
 module.es.module.echoapi-file.azurerm_api_management_gateway_api.gke_gw: Creating...
 module.es.module.echoapi-file.azurerm_api_management_gateway_api.gke_gw: Creation complete after 1s [id=/subscriptions/redacted/resourceGroups/apim-dev/providers/Microsoft.ApiManagement/service/redacted/gateways/apigwtest/apis/echoapi-file]
[...]

$ terraform plan
Terraform will perform the following actions:

  # module.es.module.echoapi-file.azurerm_api_management_gateway_api.gke_gw must be replaced
-/+ resource "azurerm_api_management_gateway_api" "gke_gw" {
      ~ api_id     = "/subscriptions/redacted/resourceGroups/apim-dev/providers/Microsoft.ApiManagement/service/redacted/apis/echoapi-file" -> "/subscriptions/redacted/resourceGroups/apim-dev/providers/Microsoft.ApiManagement/service/redacted/apis/echoapi-file;rev=1" # forces replacement
      ~ id         = "/subscriptions/redacted/resourceGroups/apim-dev/providers/Microsoft.ApiManagement/service/redacted/gateways/apigwtest/apis/echoapi-file" -> (known after apply)
        # (1 unchanged attribute hidden)
    }

[...]

When terraform plan again and it's like nothing was applied, the change should be made again.

Expected Behaviour

The azurerm_api_management_gateway_api resource has to be recreated only once.

Actual Behaviour

The azurerm_api_management_gateway_api shows up in the plan, with the same changes, on every apply.

Note due to the sensitivity of other apis i cannot risk doing a full apply as it is very important that the api's are linked to the correct gateways.

Steps to Reproduce

terraform apply again

Important Factoids

I am applying with --target

References

No response

[rncwnd79]

This issue is independant from the use of --target. Even with a revision specified in the api, the problem persists. Seems like rev is not consistently used as part of the id.