New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provider produced inconsistent final plan in azurerm_monitor_diagnostic_setting #25435
Comments
As a hot fix, managed to bypass the issue, by manually deleting the diagnostic settings, and re-appling the modules to re-create |
We tried the same thing but the diagnostic settings are created and still the pipelines are failing on the apply stage with the same error mentioned |
Hi @srikanth-vattey , thanks for submitting this! I tried to reproduce the issue with below config but seems I cannot. provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "test" {
name = "test-func-app-diag"
location = "west us"
}
resource "azurerm_storage_account" "test" {
name = "fadstorageahsga"
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_app_service_plan" "test" {
name = "azure-functions-test-ahsga"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
sku {
tier = "Standard"
size = "S1"
}
}
resource "azurerm_function_app" "test" {
name = "fadahsga"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
app_service_plan_id = azurerm_app_service_plan.test.id
storage_account_name = azurerm_storage_account.test.name
storage_account_access_key = azurerm_storage_account.test.primary_access_key
}
resource "azurerm_log_analytics_workspace" "test" {
name = "fad-test-01"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
sku = "PerGB2018"
retention_in_days = 30
}
data "azurerm_monitor_diagnostic_categories" "monitor_diagnostic_categories" {
resource_id = azurerm_function_app.test.id
}
resource "azurerm_monitor_diagnostic_setting" "monitor_diagnostic_setting" {
name = "test-func-app-diag"
target_resource_id = azurerm_function_app.test.id
log_analytics_workspace_id = azurerm_log_analytics_workspace.test.id
dynamic "enabled_log" {
for_each = data.azurerm_monitor_diagnostic_categories.monitor_diagnostic_categories.log_category_types
content {
category = enabled_log.value
}
}
dynamic "metric" {
for_each = data.azurerm_monitor_diagnostic_categories.monitor_diagnostic_categories.metrics
content {
category = metric.value
enabled = true
}
}
} Could you please share a minial config which can reproduce this? Or is it possible to share related logs of the 2024-04-01T08:14:09.279Z [DEBUG] provider.terraform-provider-azurerm: AzureRM Response for https://management.azure.com/subscriptions/xxx/resourceGroups/test-func-app-diag/providers/Microsoft.Web/sites/fadahsga/providers/Microsoft.Insights/diagnosticSettingsCategories?api-version=2021-05-01-preview:
HTTP/2.0 200 OK
Content-Length: 1380
Cache-Control: no-cache
Content-Type: application/json; charset=utf-8
Date: Mon, 01 Apr 2024 08:14:07 GMT
Expires: -1
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Cache: CONFIG_NOCACHE
X-Content-Type-Options: nosniff
X-Ms-Correlation-Request-Id: e04594ff-bcc3-450d-18e6-02c33293155c
X-Ms-Ratelimit-Remaining-Subscription-Reads: 11997
X-Ms-Request-Id: 05f22139-25e4-43c5-99a5-a59bfa410dab
X-Ms-Routing-Request-Id: JAPANEAST:20240401T081408Z:c33de9fc-8f97-417e-82d2-45b68ad2cf41
X-Msedge-Ref: Ref A: 94A24285F28043FEAFDF243C0C288189 Ref B: TYO201100117037 Ref C: 2024-04-01T08:14:07Z
{"value":[{"id":"/subscriptions/xxx/resourcegroups/test-func-app-diag/providers/microsoft.web/sites/fadahsga/providers/microsoft.insights/diagnosticSettingsCategories/FunctionAppLogs","type":"microsoft.insights/diagnosticSettingsCategories","name":"FunctionAppLogs","location":null,"kind":null,"tags":null,"properties":{"displayName":"Function Application Logs","categoryType":"Logs","categoryGroups":["audit","allLogs"]},"identity":null},{"id":"/subscriptions/xxx/resourcegroups/test-func-app-diag/providers/microsoft.web/sites/fadahsga/providers/microsoft.insights/diagnosticSettingsCategories/AppServiceAuthenticationLogs","type":"microsoft.insights/diagnosticSettingsCategories","name":"AppServiceAuthenticationLogs","location":null,"kind":null,"tags":null,"properties":{"displayName":"App Service Authentication logs (preview)","categoryType":"Logs","categoryGroups":["audit","allLogs"]},"identity":null},{"id":"/subscriptions/xxx/resourcegroups/test-func-app-diag/providers/microsoft.web/sites/fadahsga/providers/microsoft.insights/diagnosticSettingsCategories/AllMetrics","type":"microsoft.insights/diagnosticSettingsCategories","name":"AllMetrics","location":null,"kind":null,"tags":null,"properties":{"displayName":"AllMetrics","categoryType":"Metrics"},"identity":null}]}: timestamp=2024-04-01T08:14:09.278Z
2024-04-01T08:14:09.279Z [DEBUG] provider.terraform-provider-azurerm: AzureRM Response for https://management.azure.com/subscriptions/xxx/resourceGroups/test-func-app-diag/providers/Microsoft.Web/sites/fadahsga/providers/Microsoft.Insights/diagnosticSettingsCategories?api-version=2021-05-01-preview:
HTTP/2.0 200 OK
Content-Length: 1380
Cache-Control: no-cache
Content-Type: application/json; charset=utf-8
Date: Mon, 01 Apr 2024 08:14:07 GMT
Expires: -1
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Cache: CONFIG_NOCACHE
X-Content-Type-Options: nosniff
X-Ms-Correlation-Request-Id: e04594ff-bcc3-450d-18e6-02c33293155c
X-Ms-Ratelimit-Remaining-Subscription-Reads: 11997
X-Ms-Request-Id: 05f22139-25e4-43c5-99a5-a59bfa410dab
X-Ms-Routing-Request-Id: JAPANEAST:20240401T081408Z:c33de9fc-8f97-417e-82d2-45b68ad2cf41
X-Msedge-Ref: Ref A: 94A24285F28043FEAFDF243C0C288189 Ref B: TYO201100117037 Ref C: 2024-04-01T08:14:07Z
{"value":[{"id":"/subscriptions/xxx/resourcegroups/test-func-app-diag/providers/microsoft.web/sites/fadahsga/providers/microsoft.insights/diagnosticSettingsCategories/FunctionAppLogs","type":"microsoft.insights/diagnosticSettingsCategories","name":"FunctionAppLogs","location":null,"kind":null,"tags":null,"properties":{"displayName":"Function Application Logs","categoryType":"Logs","categoryGroups":["audit","allLogs"]},"identity":null},{"id":"/subscriptions/xxx/resourcegroups/test-func-app-diag/providers/microsoft.web/sites/fadahsga/providers/microsoft.insights/diagnosticSettingsCategories/AppServiceAuthenticationLogs","type":"microsoft.insights/diagnosticSettingsCategories","name":"AppServiceAuthenticationLogs","location":null,"kind":null,"tags":null,"properties":{"displayName":"App Service Authentication logs (preview)","categoryType":"Logs","categoryGroups":["audit","allLogs"]},"identity":null},{"id":"/subscriptions/xxx/resourcegroups/test-func-app-diag/providers/microsoft.web/sites/fadahsga/providers/microsoft.insights/diagnosticSettingsCategories/AllMetrics","type":"microsoft.insights/diagnosticSettingsCategories","name":"AllMetrics","location":null,"kind":null,"tags":null,"properties":{"displayName":"AllMetrics","categoryType":"Metrics"},"identity":null}]}: timestamp=2024-04-01T08:14:09.278Z |
@teowa I also tried to create a reproduction with new resources without much luck. I only seem to observe the problem on my existing resources... I've attached some logs below to hopefully help figure out what is wrong... Logs
|
@teowa I experimented a little bit more and I think I got the relevant logs:
Note that I've also tried to add a
|
Issue updating an app service: Setup: resource "azurerm_linux_web_app" "app" {
name = local.app_name
resource_group_name = var.resource_groups.target.name
location = var.resource_groups.target.location
service_plan_id = data.azurerm_service_plan.service_plan.id
key_vault_reference_identity_id = var.app_service.key_vault_reference_identity_id
webdeploy_publish_basic_authentication_enabled = true
tags = var.tags
ftp_publish_basic_authentication_enabled = false
https_only = true
logs {
failed_request_tracing = true
detailed_error_messages = true
http_logs {
file_system {
retention_in_days = 2
retention_in_mb = 50
}
}
}
site_config {
app_command_line = var.app_service.site_config.app_command_line
http2_enabled = true
ftps_state = "Disabled"
always_on = var.app_service.site_config.always_on
health_check_path = var.app_service.site_config.health_check_path
health_check_eviction_time_in_min = 10
application_stack {
node_version = var.app_service.site_config.application_stack.node_version
dotnet_version = var.app_service.site_config.application_stack.dotnet_version
}
cors {
allowed_origins = ["https://${local.app_name}.azurewebsites.net"]
support_credentials = true
}
}
identity {
type = var.app_service.identity.type
identity_ids = var.app_service.identity.identity_ids
}
}
data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" {
resource_id = azurerm_linux_web_app.app.id
}
resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" {
name = "log-analytics"
target_resource_id = azurerm_linux_web_app.app.id
log_analytics_workspace_id = var.log_analytics_workspace.id
dynamic "enabled_log" {
for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories.log_category_types
content {
category = enabled_log.value
}
}
dynamic "metric" {
for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories.metrics
content {
category = metric.value
enabled = true
}
}
} Error: Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
<= read (data resources)
Terraform will perform the following actions:
# module.app_service.data.azurerm_monitor_diagnostic_categories.diagnostic_categories will be read during apply
# (depends on a resource or a module with changes pending)
<= data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" {
+ id = (known after apply)
+ log_category_groups = (known after apply)
+ log_category_types = (known after apply)
+ logs = (known after apply)
+ metrics = (known after apply)
+ resource_id = "/subscriptions/<subscription>/resourceGroups/<rg_name>/providers/Microsoft.Web/sites/<sitename>"
}
# module.app_service.azurerm_linux_web_app.app will be updated in-place
~ resource "azurerm_linux_web_app" "app" {
~ app_settings = {
~ "APPLICATIONINSIGHTS_CONNECTION_STRING" = (sensitive value)
# (7 unchanged elements hidden)
}
id = "/subscriptions/<subscription>/resourceGroups/<rg_name>/providers/Microsoft.Web/sites/<sitename>"
name = "<sitename>"
tags = {
"Department" = "DOH"
"git_branch_name" = "main"
"git_remote_origin_url" = "[https://HealthDevOps@dev.azure.com/HealthDevOps/Patient-Facing-Interface/_git/Patient-Facing-Interface"](https://HealthDevOps@dev.azure.com/HealthDevOps/Patient-Facing-Interface/_git/Patient-Facing-Interface%22)
"managed_by_iac" = "terraform"
"managed_by_sp" = "b2b4e62c-0615-4855-92ec-92457d381c8d"
"security_environment" = "nonprod"
}
# (24 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# module.app_service.azurerm_monitor_diagnostic_setting.diagnostic_setting will be updated in-place
~ resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" {
id = "/subscriptions/<subscription>/resourceGroups/<rg_name>/providers/Microsoft.Web/sites/<sitename>|log-analytics"
name = "log-analytics"
# (5 unchanged attributes hidden)
- metric {
- category = "AllMetrics" -> null
- enabled = true -> null
- retention_policy {
- days = 0 -> null
- enabled = false -> null
}
}
# (13 unchanged blocks hidden)
}
...
╷
│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for
│ module.app_service.azurerm_monitor_diagnostic_setting.diagnostic_setting
│ to include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for
│ .enabled_log: planned set element
│ cty.ObjectVal(map[string]cty.Value{"category":cty.StringVal("AppServiceAppLogs"),
│ "category_group":cty.StringVal(""),
│ "retention_policy":cty.ListVal([]cty.Value{cty.ObjectVal(map[string]cty.Value{"days":cty.NumberIntVal(0),
│ "enabled":cty.False})})}) does not correlate with any element in actual.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for
│ module.app_service.azurerm_monitor_diagnostic_setting.diagnostic_setting
│ to include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for
│ .enabled_log: planned set element
│ cty.ObjectVal(map[string]cty.Value{"category":cty.StringVal("AppServiceAuditLogs"),
│ "category_group":cty.StringVal(""),
│ "retention_policy":cty.ListVal([]cty.Value{cty.ObjectVal(map[string]cty.Value{"days":cty.NumberIntVal(0),
│ "enabled":cty.False})})}) does not correlate with any element in actual.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for
│ module.app_service.azurerm_monitor_diagnostic_setting.diagnostic_setting
│ to include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for
│ .enabled_log: planned set element
│ cty.ObjectVal(map[string]cty.Value{"category":cty.StringVal("AppServiceConsoleLogs"),
│ "category_group":cty.StringVal(""),
│ "retention_policy":cty.ListVal([]cty.Value{cty.ObjectVal(map[string]cty.Value{"days":cty.NumberIntVal(0),
│ "enabled":cty.False})})}) does not correlate with any element in actual.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for
│ module.app_service.azurerm_monitor_diagnostic_setting.diagnostic_setting
│ to include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for
│ .enabled_log: planned set element
│ cty.ObjectVal(map[string]cty.Value{"category":cty.StringVal("AppServiceHTTPLogs"),
│ "category_group":cty.StringVal(""),
│ "retention_policy":cty.ListVal([]cty.Value{cty.ObjectVal(map[string]cty.Value{"days":cty.NumberIntVal(0),
│ "enabled":cty.False})})}) does not correlate with any element in actual.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for
│ module.app_service.azurerm_monitor_diagnostic_setting.diagnostic_setting
│ to include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for
│ .enabled_log: planned set element
│ cty.ObjectVal(map[string]cty.Value{"category":cty.StringVal("AppServiceIPSecAuditLogs"),
│ "category_group":cty.StringVal(""),
│ "retention_policy":cty.ListVal([]cty.Value{cty.ObjectVal(map[string]cty.Value{"days":cty.NumberIntVal(0),
│ "enabled":cty.False})})}) does not correlate with any element in actual.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for
│ module.app_service.azurerm_monitor_diagnostic_setting.diagnostic_setting
│ to include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for
│ .enabled_log: planned set element
│ cty.ObjectVal(map[string]cty.Value{"category":cty.StringVal("AppServicePlatformLogs"),
│ "category_group":cty.StringVal(""),
│ "retention_policy":cty.ListVal([]cty.Value{cty.ObjectVal(map[string]cty.Value{"days":cty.NumberIntVal(0),
│ "enabled":cty.False})})}) does not correlate with any element in actual.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for
│ module.app_service.azurerm_monitor_diagnostic_setting.diagnostic_setting
│ to include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for
│ .enabled_log: block set length changed from 6 to 7.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
╵
Releasing state lock. This may take a few moments...
##[error]Terraform command 'apply' failed with exit code '1'.
##[error]╷
│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for
│ module.app_service.azurerm_monitor_diagnostic_setting.diagnostic_setting
│ to include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for
│ .enabled_log: planned set element
│ cty.ObjectVal(map[string]cty.Value{"category":cty.StringVal("AppServiceAppLogs"),
│ "category_group":cty.StringVal(""),
│ "retention_policy":cty.ListVal([]cty.Value{cty.ObjectVal(map[string]cty.Value{"days":cty.NumberIntVal(0),
│ "enabled":cty.False})})}) does not correlate with any element in actual.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for
│ module.app_service.azurerm_monitor_diagnostic_setting.diagnostic_setting
│ to include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for
│ .enabled_log: planned set element
│ cty.ObjectVal(map[string]cty.Value{"category":cty.StringVal("AppServiceAuditLogs"),
│ "category_group":cty.StringVal(""),
│ "retention_policy":cty.ListVal([]cty.Value{cty.ObjectVal(map[string]cty.Value{"days":cty.NumberIntVal(0),
│ "enabled":cty.False})})}) does not correlate with any element in actual.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for
│ module.app_service.azurerm_monitor_diagnostic_setting.diagnostic_setting
│ to include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for
│ .enabled_log: planned set element
│ cty.ObjectVal(map[string]cty.Value{"category":cty.StringVal("AppServiceConsoleLogs"),
│ "category_group":cty.StringVal(""),
│ "retention_policy":cty.ListVal([]cty.Value{cty.ObjectVal(map[string]cty.Value{"days":cty.NumberIntVal(0),
│ "enabled":cty.False})})}) does not correlate with any element in actual.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for
│ module.app_service.azurerm_monitor_diagnostic_setting.diagnostic_setting
│ to include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for
│ .enabled_log: planned set element
│ cty.ObjectVal(map[string]cty.Value{"category":cty.StringVal("AppServiceHTTPLogs"),
│ "category_group":cty.StringVal(""),
│ "retention_policy":cty.ListVal([]cty.Value{cty.ObjectVal(map[string]cty.Value{"days":cty.NumberIntVal(0),
│ "enabled":cty.False})})}) does not correlate with any element in actual.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for
│ module.app_service.azurerm_monitor_diagnostic_setting.diagnostic_setting
│ to include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for
│ .enabled_log: planned set element
│ cty.ObjectVal(map[string]cty.Value{"category":cty.StringVal("AppServiceIPSecAuditLogs"),
│ "category_group":cty.StringVal(""),
│ "retention_policy":cty.ListVal([]cty.Value{cty.ObjectVal(map[string]cty.Value{"days":cty.NumberIntVal(0),
│ "enabled":cty.False})})}) does not correlate with any element in actual.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for
│ module.app_service.azurerm_monitor_diagnostic_setting.diagnostic_setting
│ to include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for
│ .enabled_log: planned set element
│ cty.ObjectVal(map[string]cty.Value{"category":cty.StringVal("AppServicePlatformLogs"),
│ "category_group":cty.StringVal(""),
│ "retention_policy":cty.ListVal([]cty.Value{cty.ObjectVal(map[string]cty.Value{"days":cty.NumberIntVal(0),
│ "enabled":cty.False})})}) does not correlate with any element in actual.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for
│ module.app_service.azurerm_monitor_diagnostic_setting.diagnostic_setting
│ to include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/azurerm" produced an invalid new value for
│ .enabled_log: block set length changed from 6 to 7.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
|
Is there an existing issue for this?
Community Note
Terraform Version
1.7.4
AzureRM Provider Version
3.94.0
Affected Resource(s)/Data Source(s)
azurerm_monitor_diagnostic_setting
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
No response
Actual Behaviour
No response
Steps to Reproduce
Important Factoids
No response
References
No response
The text was updated successfully, but these errors were encountered: