azureterraform-provider-azureazapi

AzAPI schema_validation_enabled bug

why isn't ignore_body_changes working for AzApi Terraform provider. (am I doing something wrong?)

│ Error: embedded schema validation failed: the `body` is invalid:
│ `properties.template.containers.0.resources.ephemeralStorage` is not expected here, it's read only
│ `properties.template.containers.1.resources.ephemeralStorage` is not expected here, it's read only
│  You can try to update `azapi` provider to the latest version or disable the validation using the feature flag `schema_validation_enabled = false` within the resource block
│ 
│   with azapi_resource.job,
│   on main.tf line 58, in resource "azapi_resource" "job":
│   58: resource "azapi_resource" "job" {

https://github.com/Azure/terraform-provider-azapi/releases shows that in version 1.9.0 they added ignore_body_changes

I've tried both 1.9.0 and 1.10.0 to create an Azure Container App Job and in both cases, the plan / apply works and creates my job, using the the MS provided starter image:

resource "azapi_resource" "job" {
  type = "Microsoft.App/jobs@2023-05-01"
  name = local.job_name
  parent_id = azurerm_resource_group.rg.id
  
  location = azurerm_resource_group.rg.location

  identity {
    type = "SystemAssigned"
  }

  body = jsonencode({
   "properties": {
      "configuration": {
          "manualTriggerConfig": {
              "parallelism": 1,
              "replicaCompletionCount": 1
          },
          "replicaRetryLimit": 0,
          "replicaTimeout": 30,
          "triggerType": "Manual"
      },
      "environmentId": "${data.azurerm_container_app_environment.ace.id}",
      "template": {
          "containers": [
              {
                  "image": "mcr.microsoft.com/k8se/quickstart-jobs:latest",
                  "name": "main",
                  "resources": {
                      "cpu": 0.25,
                      "memory": "0.5Gi"
                  }
              }
          ]
      }
    } 
  })

  response_export_values    = ["*"]
  schema_validation_enabled = false
  
  ignore_body_changes       = [
    "properties.configuration",
    "properties.environmentId",
    "properties.template"
  ]

  lifecycle {
    ignore_changes = all
  }
}

After resource creation, the source code pipeline updates the configuration using the AZ CLI. In my case, I'm adding a second image as a sidecar and updating the main image, both of which are references to images in my ACR... and that all works.

The issue is that if I then replan or attempt to destory the resource in Terraform, I get the error referenced above.

I created issue 382 on the AzApi provider, but was curious if anyone here had suggestions around how I can avoid the issue.

Maybe I'm just doing something wrong???

Solution

  • turns out, I just needed to explicitly ignore template.container changes:

      ignore_body_changes       = [
    "properties.template.containers",
    "properties.configuration",
    "properties.template"
  ]

    https://github.com/Azure/terraform-provider-azapi/issues/382#issuecomment-1853203032