Terraform wants to destroy backup resource because of capitalization of resource group name

[bandarr]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.9.3

AzureRM Provider Version

3.113.0

Affected Resource(s)/Data Source(s)

azurerm_backup_protected_vm

Terraform Configuration Files

resource "azurerm_backup_protected_vm" "some-vm-daily" {
  resource_group_name = azurerm_resource_group.backup.name
  recovery_vault_name = azurerm_recovery_services_vault.myvault.name
  source_vm_id        = azurerm_windows_virtual_machine.some-vm.id
  backup_policy_id    = azurerm_backup_policy_vm.daily.id
}

Debug Output/Panic Output

# azurerm_backup_protected_vm.some-vm-daily must be replaced
...
 ~ source_vm_id        = "/subscriptions/xxx/resourceGroups/RG-SOMERESOURCEGROUPNAME/providers/Microsoft.Compute/virtualMachines/vm-SomeVM" -> "/subscriptions/xxx/resourceGroups/rg-SomeResourceGroupName/providers/Microsoft.Compute/virtualMachines/vm-SomeVM" # forces replacement

Expected Behaviour

Terraform should ignore the difference in capitalization for a resource group name, as resource group names are case-insensitive.

Actual Behaviour

Terraform wants to destroy the backup_protected_vm resource, but never actually does. Instead, we get caught in a loop

Steps to Reproduce

A VM exists in the azure portal and in terraform. The only difference between Azure and tf is that the VM's resource group name differ in CAPITALIZATION between tf and the Azure Portal, e.g., "rg-SomeResourceGroup" in terraform and "RG-SOMERESOURCEGROUP' in the Azure portal (due to some previous strangeness between tf and the Azure RM API).

A backup_protected_vm resource already exists for the VM. Run terraform plan with no other changes. Terraform will want to replace the backup_protected_vm resource due to the capitalization difference. During "apply", the output indicates that it is destroying and recreating the backup_protected_vm resource, but doesn't actually destroy it. Thankfully, it's a "no-op"

What happens after that is that the "destroy backup_protected_vm" always appears in subsequent plans.

Important Factoids

No response

References

No response

[bandarr]

A little more detail. Today, tf destroyed and recreated the backup instance. It deleted, then undeleted the restore points. Another plan revealed that it wanted to destroy and recreate the backup instance AGAIN. This is not ideal behavior.