"already exists - ... needs to be imported into the State..." Error during clean first deployment since v2.x

[renereinert]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v0.12.24

• provider.azurerm v2.4.0
• provider.local v1.4.0

Affected Resource(s)

• azurerm_resource_group
• azurerm_public_ip
• azurerm_application_gateway
• azurerm_monitor_diagnostic_setting

Terraform Configuration Files

data "local_file" "labagw" {
    filename = "../../..pem"
}
resource "azurerm_resource_group" "labagw" {
  name                        = "<...>-rg"
}

resource "azurerm_public_ip" "labagw" {
  name                        = "<...>-pip"
  resource_group_name         = azurerm_resource_group.labagw.name
}

resource "azurerm_monitor_diagnostic_setting" "labagw" {
  name                        = "<...>-diag"
  target_resource_id          = azurerm_application_gateway.labagw.id
  log_analytics_workspace_id  = var.logAnalyticsID
 }

resource "azurerm_application_gateway" "labagw" {
  name                        = "<...>-agw"
  resource_group_name         = azurerm_resource_group.labagw.name
}

Debug Output

Error: A resource with the ID "/subscriptions/xxx/resourcegroups/<...>-rg/providers/microsoft.network/applicationgateways/<...>-agw/providers/microsoft.insights/diagnosticSettings/<...>-diag" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_monitor_diagnostic_setting" for more information.
on main.tf line 18, in resource "azurerm_monitor_diagnostic_setting" "labagw"

Actual Behavior

We try to add 'azurerm_monitor_diagnostic_setting' to our 'azurerm_application_gateway'. The 'log_analytics_workspace_id' is passed via '-var'. All resources has been deployed via terraform 1.44 so far. We updated to v2.4 and receive the upper error. "Terraform apply" only succeed if we out comment "azurerm_monitor_diagnostic_setting".

Steps to Reproduce

Delete all resources, delete the state file and deploy from scratch.

1. terraform apply

Important Factoids

worked in v 1.x like it should.

[tombuildsstuff]

hi @renereinert

Thanks for opening this issue

In version 2.0 of the Azure Provider we fixed a bug where resources that already existed in Azure could be "adopted" by Terraform, since Azure has Upsert API's for a lot of API's (more details can be found in #2807). This is important because whilst some Azure API's have Upsert API's - certain fields can only be changed on existing resources by deleting/re-creating these resources.

As such when attempting to "create" a resource in version 2.0 or later of the Azure Provider, we first check for the presence of an existing resource with the same Name and Resource Group in Azure - and if this exists we ask that users import this via the error you're seeing.

Since Terraform is Stateful (and tracks the State of resources in it's Statefile) - these resources which Terraform may think it can "create" (but already exist) need to be imported into the Statefile via Terraform's Import functionality.

As such you'll need to import these existing resources into the Statefile so that Terraform can detect changes to them - details of how to import each resource can be found in the documentation for each resource (for example, here's how to import an App Service) - more details on Terraform Import can be found here - however since this is an intentional behaviour I'm going to close this issue for the moment.

Thanks!

[renereinert]

@tombuildsstuff how can i import a resource which is not existing in this moment.
As you refer I need to import "azurerm_monitor_diagnostic_setting" which is created right in that moment?

[tombuildsstuff]

@renereinert since Monitor Diagnostic Settings are defined outside of a regular Resource Group (and as such aren't deleted when items within the Resource Group are) it's likely this hasn't been fully deleted unfortunately.

From Terraform's side we look this up based on the Resource ID and the Name being passed in - as such I'd suggest checking the Azure Portal to confirm that this has been fully deleted; alternatively you should be able to specify another name for this to confirm this.

Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!