Cannot add or remove `ipv4_firewall_rule` on existing `azurerm_analysis_services_server` without modifying `power_bi_service_enabled`

[c-mehring]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

After updating azurerm provider from v3.103.0 to v3.116.0 I cannot add or remove firewall-rules on existing resource without changing the property power_bi_service_enabled. Seems the two properties have to be together in each update-request if one of them is modified.

Terraform Version

1.5.7

AzureRM Provider Version

3.116.0

Affected Resource(s)/Data Source(s)

azurerm_analysis_services_server

Terraform Configuration Files

resource "azurerm_analysis_services_server" "analysis-services-server" {
  name                     = "reportingcache"
  location                 = "westeurope"
  resource_group_name      = "reporting-rg"
  sku                      = "B1"
  admin_users              = [ xxx ]
  power_bi_service_enabled = true

  # add or remove this rule on existing deployment to produce error
  ipv4_firewall_rule {
    name        = "rule_abc"
    range_end   = "10.0.10.1"
    range_start = "10.0.10.10"
  }

}

Debug Output/Panic Output

Error: updating Server (Subscription: "0000"
│ Resource Group Name: "reporting-rg"
│ Server Name: "reportingcache"): performing Update: unexpected status 400 (400 Bad Request) with error: BadRequest: Firewall settings to enable Power BI Service can be  specified only if firewall rules are specified and vice versa.

Expected Behaviour

The added firewall rule should be accepted and available on resource (or removed when I delete it from configuration).

Actual Behaviour

Update is rejected caused by missing field power_bi_service_enabled.

Steps to Reproduce

1. tf apply configuration for the first time to create new resource
2. Edit tf-config and remove ipv4_firewall_rule
3. tf apply the changed config

Important Factoids

No response

References

After reading the code I think the changed behavior was introduced by PR #26456 in v3.110.0``

[jiaweitao001]

Hi @c-mehring , thanks for opening this issue. I've reproduced this by following the steps provided above. I'll keep investigating and keep you posted about the root cause here.