azurerm_machine_learning_compute_cluster Recreates when I change le list of `identity_ids` for UserAssigned

Uranium2 commented 5 months ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

v1.6.4

AzureRM Provider Version

~>3.0

Affected Resource(s)/Data Source(s)

azurerm_machine_learning_compute_cluster

Terraform Configuration Files

resource "azurerm_machine_learning_compute_cluster" "cluster" {
  name     = "my_compute_cluster"
  location = "westeurope"

  vm_priority                   = "LowPriority"
  vm_size                       = "STANDARD_DS13_V2"
  machine_learning_workspace_id = module.mlw_01.id
  subnet_resource_id            = module.subnet_mlw.id

  ssh_public_access_enabled = false
  node_public_ip_enabled    = false

  identity {
    type = "UserAssigned"
    identity_ids = concat(values( # List of strings of user managed identities
      module.aml_compute_instance_managed_id_databricks_sp)[*].managed_identity.id,
      [azurerm_user_assigned_identity.compute_cluster_managed_identity.id]
    )
  }

  scale_settings {
    min_node_count                       = 0
    max_node_count                       = 10
    scale_down_nodes_after_idle_duration = "PT5M"
  }
}

Debug Output/Panic Output

# azurerm_machine_learning_compute_cluster.cluster["my-compute-cluster"] must be replaced
-/+ resource "azurerm_machine_learning_compute_cluster" "cluster" {
      ~ id                            = "/subscriptions/.../resourceGroups/.../providers/Microsoft.MachineLearningServices/workspaces/XXXXXX/computes/my-compute-cluster" -> (known after apply)
        name                          = "my-compute-cluster"
        # (8 unchanged attributes hidden)

      ~ identity {
          ~ identity_ids = [ # forces replacement
              - "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/XXXXXXX-XXXX-identity",
              - "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/XXXXXXX-XXXX-identity",
              - "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/XXXXXXX-XXXX-identity",
              - "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/XXXXXXX-XXXX-identity",
              - "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/XXXXXXX-XXXX-identity",
              - "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/XXXXXXX-XXXX-identity",
              - "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/XXXXXXX-XXXX-identity",
              - "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/XXXXXXX-XXXX-identity",
              - "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/XXXXXXX-XXXX-identity",
              - "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/XXXXXXX-XXXX-identity",
              - "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/XXXXXXX-XXXX-identity",
              - "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/XXXXXXX-XXXX-identity",
              - "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/XXXXXXX-XXXX-identity",
              - "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/XXXXXXX-XXXX-identity",
              - "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/XXXXXXX-XXXX-identity",
              - "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/XXXXXXX-XXXX-identity",
              - "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/XXXXXXX-XXXX-identity",
              - "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/XXXXXXX-XXXX-identity",
              - "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/XXXXXXX-XXXX-identity",
              - "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/XXXXXXX-XXXX-identity",
              - "/subscriptions/.../resourceGroups/.../providers/Microsoft.ManagedIdentity/userAssignedIdentities/aml-compute-cluster-XXXX-identity",
            ] -> (known after apply) # forces replacement
          + principal_id = (known after apply)
          ~ tenant_id    = "xxxxxxxxxxxxxxxxxxxxxxxxxxx" -> (known after apply)
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }

Expected Behaviour

I expected the ressource to stay the same, and only modify the identity_ids of identity block.

Actual Behaviour

The all ressource is replaced, making all the compute cluster unavailable for 10 minutes when I add a new Managed Identity to each compute clusters.

Steps to Reproduce

Create a Machine Learning Workspace, create X managed Identities in Azure, Create one compute cluster and assign X managed indentities. Apply. Remove or add a managed identity, reapply

Important Factoids

No response

References

No response

xuzhang3 commented 4 months ago

Public released API does not support updating the identity. Portal can update identities because it uses the unreleased v2020-02-02

github-actions[bot] commented 1 month ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashicorp / terraform-provider-azurerm