Azure – How to handle resource changes after provider upgrade in terraform?

General

I was able to update the provider properly - i hope at least. I would like to share my experience, maybe it would help other beginners. This is not a professional guide, but just my experience that i want to share.

First of all you have to remove ALL resources affected by the provider upgrade and then re-import them. What does that mean?

The new provider will contain divers changes on different resources. For example:

• Removed deprecated attributes (attribute is completely removed)
• Superseded attribute (attribute is replaced by another).
• Renamed attributes
• Superseded resources (here the resource can be deprecated or removed by the upgraded version)

Note

The migration guide describes how you can migrate from deprecated resources, but the workflow for attribute changes is the same. How i understood it. This is the only guide that i found.

terraform plan will show you one or several errors for affected resources.

If your terraform configuration is complex and huge, then you shouldn't try to remove and re-import them all at once. Just go step by step and fix one affected resource successively.

terraform plan can show changes although he shouldn't.

• Check the force replacement attribute accurately and understand why terraform detects changes. It's seems be obvious but it doesn't have to.
• There can be a type change e.g. int -> string
• If the affected change is a kind of missing secret, then you can try to add the secret manually as the value to the related attribute in the state file and run terraform plan again.
• Or there can be also a bug by the provider. So if you can't understand the detected change try to search the issues of the provider - mostly on github. Don't get confused if you can't find any related issue, maybe you have found a bug. Then just create a new issue.

You will also face some other errors or bugs related to terraform itself. You have to search for a workaround patiently, so that you can continue apply the resource changes.

Try to figure out resource changes or to ignore an error for this moment that occurs in another module with resource targeting.

How To

1. ---> !! BACKUP YOUR STATE FILE !! <---: You have to backup your state file before you start manipulating the state file. You will be able to restore the state of the backed state file if something goes wrong. Also you can use the backed up state file for finding needed ids when you have to import the resource.

2. Get Affected Resource: How you can find all affected resources? After the upgrade the provider will not be able to parse the state file, if a resource contains changes - like i described in the question above. You will get an error for affected resources. Then you can check the changes for this affected resource in the upgrade guide of the provider - can be found in the provider register e.g. azurerm.

3. Terraform Configuration: Now you have to apply the changes for the affected resources in the terraform configuration modules before you can import them like described in the migration guide.

4. Remove Outdated Resource: Like described in the the migration guide you have to remove the outdated resource from the state file because it contains the old format of the resource. The new provider is not able to handle these resources from the state file. They must be re-imported with the new provider.

5. Import Removed Resource: After you removed the resource you have to re-import it also described in the migration guide. Check the terraform import documentation for better understanding and usage.