HCL synth: key-value secret list is synhesized incorrectly to HCL

[Hi-Fi]

Expected Behavior

When creating Azure Container App Job using Azapi provider with TS code:

      secrets: [
        {
          name: "organization-url",
          value: "https://dev.azure.com/example-org"
        }
      ]

It's expected to be synthesized according given value (https://learn.microsoft.com/en-us/azure/templates/microsoft.app/jobs?pivots=deployment-language-terraform#secret-2). Note that documentation is incorrect in a way that is expects content needing to be JSON string, which is not the case with newer AzAPI.

Correct HCL from that would probably be like:

secrets = [
  {
    name = "organization-url"
   value = "https://dev.azure.com/example-org"
  }
]

Actual Behavior

Value in HCL is:

secrets = {
  0 = https : //dev.azure.com/OP-Azure-Development
}

With JSON formatting same core produces value:

"secrets": [
                {
                  "name": "organization-url",
                  "value": "https://dev.azure.com/example-org"
                }
              ],

Steps to Reproduce

1. Provide simple AZAPI resource definition (note that definition is missing some values, but it doesn't matter in synth):

    new AzapiProvider(this, 'azapi', {});
    new Resource(this, 'aca', {
      type: 'Microsoft.App/jobs@2024-02-02-preview',
      name: 'test-job',
      location: 'eastus',
      parentId: '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg',
      body: {
        properties: {
          secrets: [
            {
              name: 'secret1',
              value: 'secret1-value'
            }
          ]
        }
      }
    });
   

2. Synthesize both HCL and JSON versions of stack
3. Check validity

Versions

language: typescript
cdktf-cli: 0.20.8
node: v20.13.1
cdktf: 0.20.8
constructs: 10.3.0
jsii: null
terraform: 1.9.4
arch: arm64
os: darwin 23.6.0
providers
azure/azapi@undefined (LOCAL)
        terraform provider version: 1.15.0

Providers

┌───────────────┬──────────────────┬───────┬────────────┬──────────────┬─────────────────┐
│ Provider Name │ Provider Version │ CDKTF │ Constraint │ Package Name │ Package Version │
├───────────────┼──────────────────┼───────┼────────────┼──────────────┼─────────────────┤
│ azure/azapi   │ 1.15.0           │       │            │              │                 │
└───────────────┴──────────────────┴───────┴────────────┴──────────────┴─────────────────┘

Gist

No response

Possible Solutions

No response

Workarounds

JSON works fine, but as we would like to utilize some Terraform tooling and Sonarqube with the code, HCL version is required.

Anything Else?

It seems that issue is somehow related to keys name and value (even environment variables with same keys work fine).

With TS code using secret reference:

secrets: [
            {
              name: 'secret1',
              keyVaultUrl: 'secret1-value'
            }
          ]

HCL has is:

secrets = {
        0 = {
          name        = "secret1"
          keyVaultUrl = "secret1-value"
        }
      }

And JSON:

"secrets": [
              {
                "keyVaultUrl": "secret1-value",
                "name": "secret1"
              }
            ]

References

No response

Help Wanted

• I'm interested in contributing a fix myself

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment