Trying to update the value for the `identity.type` argument for the `azurerm_container_group` resource throws error

[hknutsen]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.9.8

AzureRM Provider Version

4.9.0

Affected Resource(s)/Data Source(s)

azurerm_container_group

Terraform Configuration Files

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "example" {
  name     = "example-rg"
  location = "northeurope"
}

resource "azurerm_log_analytics_workspace" "example" {
  name                = "example-log"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
}

resource "azurerm_container_group" "example" {
  name                = "example-ci"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  os_type             = "Linux"

  container {
    name   = "hello-world"
    image  = "mcr.microsoft.com/azuredocs/aci-helloworld:latest"
    cpu    = 1
    memory = 1

    ports {
      port     = 443
      protocol = "TCP"
    }
  }

  diagnostics {
    log_analytics {
      workspace_id  = azurerm_log_analytics_workspace.example.workspace_id
      workspace_key = azurerm_log_analytics_workspace.example.primary_shared_key
    }
  }

  # identity {
  #   type = "SystemAssigned"
  # }
}

Debug Output/Panic Output

╷
│ Error: updating Container Group (Subscription: "***"
│ Resource Group Name: "example-rg"
│ Container Group Name: "example-ci"): performing ContainerGroupsCreateOrUpdate: unexpected status 400 (400 Bad Request) with error: InvalidLogAnalytics: The log analytics setting is invalid. WorkspaceId and WorkspaceKey should not be null or empty.       
│
│   with azurerm_container_group.example,
│   on main.tf line 16, in resource "azurerm_container_group" "example":
│   16: resource "azurerm_container_group" "example" {
│
╵

Expected Behaviour

When uncommenting the identity block, Terraform should enable the system-assigned identity for the container group.

Actual Behaviour

When uncommenting the identity block, Terraform throws an error when trying to update the container group.

Steps to Reproduce

1. terraform init
2. terraform apply
3. Uncomment the identity block
4. terraform apply

Important Factoids

No response

References

No response

[hadiulla]

i am able to reproduce the issue and here is my observation.

• The PUT containerGroups api need workspace_id and workspace_key to update the resource.
• The provider calls the GET containerGroups api and uses the response body as payload for PUT request.
• However the GET containerGroups api returns only workspaceId but not workspacekey. Hence the error.