azurerm_cosmosdb_account and misleading setting access_key_metadata_writes_enabled

[jamesbwilkinson]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.7.0

AzureRM Provider Version

4.9.0

Affected Resource(s)/Data Source(s)

azurerm_cosmosdb_account

Terraform Configuration Files

Is related to specific setting "access_key_metadata_writes_enabled" of azurerm_cosmosdb_account.

There are 2 issues here.

1. The wording of this setting is misleading and opposite to the Azure setting. This setting defaults to true in Terraform which makes the Azure resource setting "disableKeyBasedMetadataWriteAccess" set to false.

This leads to some confusion as the wording used in Terraform and Azure settings are in conflict. Could this please be aligned?

Suggestion "access_key_metadata_writes_disabled"

2. The default setting in stated as true, which is not correct. It defaults to false when verifying that on the Azure side.

Debug Output/Panic Output

NA

Expected Behaviour

No response

Actual Behaviour

No response

Steps to Reproduce

No response

Important Factoids

No response

References

No response

[neil-yechenwei]

Thanks for raising this issue. It's by TF design since "xxx_enabled" meets TF style. Service team confirmed that the default value of DisableKeyBasedMetadataWriteAccess is false, which means access_key_metadata_writes_enabled in TF is enabled. So it's expected.