Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

terraform plan show state change without code change #7215

Closed
CharmanderJieniJieni opened this issue Jun 4, 2020 · 11 comments · Fixed by #10628
Closed

terraform plan show state change without code change #7215

CharmanderJieniJieni opened this issue Jun 4, 2020 · 11 comments · Fixed by #10628
Assignees
@magodo
Labels
service/monitor service/mssql Microsoft SQL Server upstream/microsoft Indicates that there's an upstream issue blocking this issue/PR

Comments

@CharmanderJieniJieni
Copy link

Community Note

Terraform (and AzureRM Provider) Version

Terraform v0.12.26

  • provider.azuread v0.8.0
  • provider.azurerm v2.8.0
  • provider.random v2.2.1

Affected Resource(s)

azurerm_sql_database

  • azurerm_sql_database

Terraform Configuration Files

see code here

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp

Debug Output

  • log {
    - category = "AutomaticTuning" -> null
    - enabled = true -> null

        - retention_policy {
        - days    = 0 -> null
        - enabled = true -> null
      }
  }
+ log {
    + category = "AutomaticTuning"
    + enabled  = true

    + retention_policy {
        + enabled = true
      }
  }
- log {
    - category = "Blocks" -> null
    - enabled  = true -> null

    - retention_policy {
        - days    = 0 -> null
        - enabled = true -> null
      }
  }
+ log {
    + category = "Blocks"
    + enabled  = true

    + retention_policy {
        + enabled = true
      }
  }
- log {
    - category = "DatabaseWaitStatistics" -> null
    - enabled  = true -> null

    - retention_policy {
        - days    = 0 -> null
        - enabled = true -> null
      }
  }
+ log {
    + category = "DatabaseWaitStatistics"
    + enabled  = true

    + retention_policy {
        + enabled = true
      }
  }
- log {
    - category = "Deadlocks" -> null
    - enabled  = true -> null

    - retention_policy {
        - days    = 0 -> null
        - enabled = true -> null
      }
  }
+ log {
    + category = "Deadlocks"
    + enabled  = true

    + retention_policy {
        + enabled = true
      }
  }
- log {
    - category = "DevOpsOperationsAudit" -> null
    - enabled  = false -> null

    - retention_policy {
        - days    = 0 -> null
        - enabled = false -> null
      }
  }
- log {
    - category = "Errors" -> null
    - enabled  = true -> null

    - retention_policy {
        - days    = 0 -> null
        - enabled = true -> null
      }
  }
+ log {
    + category = "Errors"
    + enabled  = true

    + retention_policy {
        + enabled = true
      }
  }
- log {
    - category = "QueryStoreRuntimeStatistics" -> null
    - enabled  = true -> null

    - retention_policy {
        - days    = 0 -> null
        - enabled = true -> null
      }
  }
+ log {
    + category = "QueryStoreRuntimeStatistics"
    + enabled  = true

    + retention_policy {
        + enabled = true
      }
  }
- log {
    - category = "QueryStoreWaitStatistics" -> null
    - enabled  = true -> null

    - retention_policy {
        - days    = 0 -> null
        - enabled = true -> null
      }
  }
+ log {
    + category = "QueryStoreWaitStatistics"
    + enabled  = true

    + retention_policy {
        + enabled = true
      }
  }
- log {
    - category = "SQLInsights" -> null
    - enabled  = true -> null

    - retention_policy {
        - days    = 0 -> null
        - enabled = true -> null
      }
  }
+ log {
    + category = "SQLInsights"
    + enabled  = true

    + retention_policy {
        + enabled = true
      }
  }
- log {
    - category = "SQLSecurityAuditEvents" -> null
    - enabled  = false -> null

    - retention_policy {
        - days    = 0 -> null
        - enabled = false -> null
      }
  }
- log {
    - category = "Timeouts" -> null
    - enabled  = true -> null

    - retention_policy {
        - days    = 0 -> null
        - enabled = true -> null
      }
  }
+ log {
    + category = "Timeouts"
    + enabled  = true

    + retention_policy {
        + enabled = true
      }
  }

Panic Output

Expected Behavior

nothing should be changed

Actual Behavior

everytime we trigger terraform plan, the output shows up which indicates there is going to be listed changes, even there is no code change at all

Steps to Reproduce

terraform plan

Important Factoids

References

  • #0000
@magodo magodo self-assigned this Jun 5, 2020
@magodo magodo added service/monitor service/mssql Microsoft SQL Server labels Jun 5, 2020
@magodo
Copy link
Collaborator

magodo commented Jun 5, 2020

@CharmanderJieniJieni Thank you for opening this issue 👍
The reason you are facing this diff is that you missed two log categories: DevOpsOperationsAudit and SQLSecurityAuditEvents, which are set by the service side if you didn't explicitly specify. So when you do a diff after apply, are actually telling terraform to remove DevOpsOperationsAudit and SQLSecurityAuditEvents from log, that's why you are getting a diff. So when you want to change log, you need to specify it as a whole (not partially).

@CharmanderJieniJieni
Copy link
Author

Thanks @magodo , I added those two into variable file and no longer see that issue, however, when I run terraform plan I am still seeing below change

~ threat_detection_policy {
        disabled_alerts      = []
        email_account_admins = "Disabled"
        email_addresses      = [
            "[email protected]",
        ]
        retention_days       = 30
        state                = "Enabled"
      ~ use_server_default   = "Disabled" -> "enabled"
    }
}

Even through I already set 'use_server_default' to 'enabled' to begin with. Is there a reason for that?

@magodo
Copy link
Collaborator

magodo commented Jun 5, 2020

@CharmanderJieniJieni What is the current config for the azurerm_sql_database? Isn't it the one you linked above? https://github.com/CharmanderJieniJieni/Terraform/blob/99a12f610c1036e03a54f14249bf196e94b83806/sql-database.tf#L14
(As the config marked unmodified above is not the same as the ones in the link)

Would you please provide the detailed step to reproduce this?

@CharmanderJieniJieni
Copy link
Author

@magodo yes, if you do a terraform apply to deploy the resource, then do a terraform plan without any changes, it will show ~ use_server_default = "Disabled" -> "enabled"

@CharmanderJieniJieni
Copy link
Author

I checked in the state file, basically even we set use_server_default = "Enabled", in the state file it is still showing as "use_server_default": "Disabled"

@magodo
Copy link
Collaborator

magodo commented Jun 8, 2020

This seems to be an API issue, I have submitted an issue Azure/azure-rest-api-specs#9762 to track that. I suggest you to either leave threat_detection_policy if you intend to use the server default policy or use the new resource set: mssql_server, mssql_database and mssql_server_security_alert_policy (which only allow server-side policy setting),

@aport1996 aport1996 mentioned this issue Jun 9, 2020
Closed
@magodo magodo added the upstream/microsoft Indicates that there's an upstream issue blocking this issue/PR label Jun 10, 2020
@bcline760
Copy link

Has anyone been able to make communication to Microsoft about the upstream bug? We're running into this issue as well.

@GrooveGod
Copy link

Any updates on this? Still occurring in AzureRM 2.39.

~ threat_detection_policy { ...
   ~ use_server_default   = "Disabled" -> "Enabled"
}

@pearcec
Copy link
Contributor

pearcec commented Feb 11, 2021

Related, duplicate #4556 ?

@magodo magodo mentioned this issue Feb 18, 2021
Merged
katbyte pushed a commit that referenced this issue Feb 26, 2021
@magodo
azurerm_sql_database: deprecate use_server_default (#10628)
873f24b 
Per this comment, the useServerDefault in Swagger (i.e. use_server_default in TF) is now deprecated and should be ignored.

This further fixes #7215, #4556.
@katbyte katbyte reopened this Feb 26, 2021
@favoretti
Copy link
Collaborator

Thanks for opening this issue! Since this issue has been reported a long time ago and relates to an older version of provider - I'm going to close it. If this is still relevant and occurring on the latest version of terraform and provider please do open a new issue!

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 20, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@magodo magodo

Labels
service/monitor service/mssql Microsoft SQL Server upstream/microsoft Indicates that there's an upstream issue blocking this issue/PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

azurerm_sql_database: deprecate use_server_default magodo/terraform-provider-azurerm
7 participants
@pearcec @favoretti @katbyte @magodo @bcline760 @CharmanderJieniJieni @GrooveGod