Error: Provider produced inconsistent final plan

[joachimsmits]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.9.5

AzureRM Provider Version

v3.116.0

Affected Resource(s)/Data Source(s)

azurerm_monitor_metric_alert

Terraform Configuration Files

resource "azurerm_monitor_metric_alert" "pip_ddos_or_not" {
  name                = "smar-pip-ddos-or-not-${azurerm_public_ip.pip.name}"
  resource_group_name = var.resource_group
  scopes              = [azurerm_public_ip.pip.id]

  target_resource_type     = "Microsoft.Network/publicIPAddresses"
  target_resource_location = var.location_full

  frequency   = "PT15M"
  window_size = "PT15M"

  severity = local.severity

  criteria {
    metric_namespace = "Microsoft.Network/publicIPAddresses"
    metric_name      = "IfUnderDDoSAttack"
    aggregation      = "Average"
    operator         = "GreaterThan"
    threshold        = lookup(var.thresholds, "smar-pip-ddos-or-not-${azurerm_public_ip.pip.name}", 0)
  }

  dynamic "action" {
    for_each = local.action_groups

    content {
      action_group_id = action.value
    }
  }

  dynamic "action" {
    for_each = {
    for k in var.pagerduty : k => k if k == "smar-pip-ddos-or-not-${azurerm_public_ip.pip.name}"
    }
    content {
      action_group_id = data.azurerm_monitor_action_group.pagerduty-webhook.id
    }
  }
}

Debug Output/Panic Output

When expanding the plan for
│ module.application_gateway.module.public_ip.azurerm_monitor_metric_alert.pip_ddos_or_not
│ to include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for
│ .action: planned set element
│ cty.ObjectVal(map[string]cty.Value{"action_group_id":cty.UnknownVal(cty.String),
│ "webhook_properties":cty.NullVal(cty.Map(cty.String))}) does not correlate
│ with any element in actual.
│ 
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.

Expected Behaviour

Create alert rule

Actual Behaviour

Error

Steps to Reproduce

No response

Important Factoids

Nope

References

When "Workaround" is added, it " works"...

resource "azurerm_monitor_metric_alert" "pip_ddos_or_not" { name = "smar-pip-ddos-or-not-${azurerm_public_ip.pip.name}" resource_group_name = var.resource_group scopes = [azurerm_public_ip.pip.id]

target_resource_type = "Microsoft.Network/publicIPAddresses" target_resource_location = var.location_full

frequency = "PT15M" window_size = "PT15M"

severity = local.severity

criteria { metric_namespace = "Microsoft.Network/publicIPAddresses" metric_name = "IfUnderDDoSAttack" aggregation = "Average" operator = "GreaterThan" threshold = lookup(var.thresholds, "smar-pip-ddos-or-not-${azurerm_public_ip.pip.name}", 0) }

dynamic "action" { for_each = local.action_groups

content {
  action_group_id = action.value
  webhook_properties = {
    Workaround = "applied"
  }
}

}

dynamic "action" { for_each = { for k in var.pagerduty : k => k if k == "smar-pip-ddos-or-not-${azurerm_public_ip.pip.name}" } content { action_group_id = data.azurerm_monitor_action_group.pagerduty-webhook.id webhook_properties = { Workaround = "applied" } } } }

[rcskosir]

:wave: Thanks for taking the time to open this issue. Do you mind rechecking which version of the AzureRM Provider you are seeing this bug? Version 3.x of the provider only goes up to 3.116, thanks!

[joachimsmits]

Installed hashicorp/azurerm v3.116.0 (signed by HashiCorp)