Question 308028 in Azure Question posted in
The official documentation to get you started can be found here.

Azure – AzAPI schema_validation_enabled bug

why isn’t ignore_body_changes working for AzApi Terraform provider. (am I doing something wrong?)

│ Error: embedded schema validation failed: the `body` is invalid:
│ `properties.template.containers.0.resources.ephemeralStorage` is not expected here, it's read only
│ `properties.template.containers.1.resources.ephemeralStorage` is not expected here, it's read only
│  You can try to update `azapi` provider to the latest version or disable the validation using the feature flag `schema_validation_enabled = false` within the resource block
│ 
│   with azapi_resource.job,
│   on main.tf line 58, in resource "azapi_resource" "job":
│   58: resource "azapi_resource" "job" {

https://github.com/Azure/terraform-provider-azapi/releases shows that in version 1.9.0 they added ignore_body_changes

I’ve tried both 1.9.0 and 1.10.0 to create an Azure Container App Job and in both cases, the plan / apply works and creates my job, using the the MS provided starter image:

resource "azapi_resource" "job" {
  type = "Microsoft.App/jobs@2023-05-01"
  name = local.job_name
  parent_id = azurerm_resource_group.rg.id
  
  location = azurerm_resource_group.rg.location

  identity {
    type = "SystemAssigned"
  }

  body = jsonencode({
   "properties": {
      "configuration": {
          "manualTriggerConfig": {
              "parallelism": 1,
              "replicaCompletionCount": 1
          },
          "replicaRetryLimit": 0,
          "replicaTimeout": 30,
          "triggerType": "Manual"
      },
      "environmentId": "${data.azurerm_container_app_environment.ace.id}",
      "template": {
          "containers": [
              {
                  "image": "mcr.microsoft.com/k8se/quickstart-jobs:latest",
                  "name": "main",
                  "resources": {
                      "cpu": 0.25,
                      "memory": "0.5Gi"
                  }
              }
          ]
      }
    } 
  })

  response_export_values    = ["*"]
  schema_validation_enabled = false
  
  ignore_body_changes       = [
    "properties.configuration",
    "properties.environmentId",
    "properties.template"
  ]

  lifecycle {
    ignore_changes = all
  }
}

After resource creation, the source code pipeline updates the configuration using the AZ CLI. In my case, I’m adding a second image as a sidecar and updating the main image, both of which are references to images in my ACR… and that all works.

The issue is that if I then replan or attempt to destory the resource in Terraform, I get the error referenced above.

I created issue 382 on the AzApi provider, but was curious if anyone here had suggestions around how I can avoid the issue.

Maybe I’m just doing something wrong???

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    turns out, I just needed to explicitly ignore template.container changes:

      ignore_body_changes       = [
    "properties.template.containers",
    "properties.configuration",
    "properties.template"
  ]

    https://github.com/Azure/terraform-provider-azapi/issues/382#issuecomment-1853203032


  2. 0

    I tried to provision AzAPI schema_validation and I was able to provision the requirement successfully.

    The ignore_body_changes attribute, introduced in version 1.9.0 of the azapi provider, is supposed to allow you to specify parts of the resource body that Terraform should ignore during the plan and apply phases.

    The error message suggests that the ephemeralStorage property is read-only and shouldn’t be included in the body of the resource.

    Try removing or adjusting the part of your configuration that references ephemeralStorage to see if that resolves the issue.

    As mentioned, I tried the demo configuration based on the information provider using main and sidecar images.

    My demo Terraform configuration:

    terraform {
  required_providers {
    azapi = {
      source = "azure/azapi"
      version = "1.10.0"
    }
  }
}

provider "azapi" {
}

provider "azurerm" {
    features {}
}

resource "azurerm_resource_group" "example" {
  name     = "demorg-vksb"
  location = "West Europe"
}

resource "azurerm_log_analytics_workspace" "example" {
  name                = "acctest-01"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  sku                 = "PerGB2018"
  retention_in_days   = 30
}

resource "azurerm_container_app_environment" "example" {
  name                       = "vk-environment"
  location                   = azurerm_resource_group.example.location
  resource_group_name        = azurerm_resource_group.example.name
  log_analytics_workspace_id = azurerm_log_analytics_workspace.example.id
}

# Azure Container App Job
resource "azapi_resource" "job" {
  type    = "Microsoft.App/jobs@2023-05-01"
  name    = "vksbjob111"
  parent_id = azurerm_resource_group.example.id
  location = azurerm_resource_group.example.location

  identity {
    type = "SystemAssigned"
  }

  body = jsonencode({
    properties = {
      configuration = {
        manualTriggerConfig = {
          parallelism = 1,
          replicaCompletionCount = 1
        },
        replicaRetryLimit = 0,
        replicaTimeout = 30,
        triggerType = "Manual"
      },
      environmentId = "${azurerm_container_app_environment.example.id}",
      template = {
        containers = [
          {
            image = "myacr.azurecr.io/main-app:v1",  # Main container image
            name = "main",
            resources = {
              cpu = 0.25,
              memory = "0.5Gi"
            }
          },
          {
            image = "myacr.azurecr.io/sidecar-app:v1",  # Sidecar container image
            name = "sidecar",
            resources = {
              cpu = 0.25,
              memory = "0.5Gi"
            }
          }
        ]
      }
    }
  })

  response_export_values    = ["*"]
  schema_validation_enabled = false
  
   ignore_body_changes       = [
    "properties.configuration",
    "properties.environmentId",
    "properties.template"
  ]

  lifecycle {
    ignore_changes = all
  }
}

    Output:
    enter image description here

    enter image description here

    Now I try to make changes in the main configuration and make the sidecar parameters with default values and with the parameters

    response_export_values    = ["*"]
  schema_validation_enabled = false
  
   ignore_body_changes       = [
    "properties.configuration",
    "properties.environmentId",
    "properties.template"
  ]

  lifecycle {
    ignore_changes = all
  }

    and rerunning the steps of terraform and check if terraform is able to skip the changes that you make.

      resources = {
              cpu = 0.50,
              memory = "1Gi"
            }

    terraform plan:

    enter image description here

    terraform destroy:

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search