azurerm_api_management : fix API Management global policy is deleted temporarily issue
#23474
Conversation
sinbai
changed the title
azurerm_api_management : fix issue 23396azurerm_api_management : fix API Management global policy is deleted temporarily issue
There was a problem hiding this comment.
@sinbai Thanks for working on this. We will need to conditionally delete the policy in the update func, otherwise it will be impossible to remove / nothing will happen if it is removed from configuration.
Hi @manicminer thanks for your feedback. The code has been updated. Could you please take another look? |
| } else { | ||
| oldPolicy, newPolicy := d.GetChange("policy") | ||
| if len(oldPolicy.([]interface{})) > 0 && len(newPolicy.([]interface{})) == 0 { | ||
| if resp, err := policyClient.Delete(ctx, policyServiceId, policy.DeleteOperationOptions{}); err != nil { | ||
| if !response.WasNotFound(resp.HttpResponse) { | ||
| return fmt.Errorf("removing Policies from %s: %+v", id, err) | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
Rather than trying to determine whether the policy list has changed from >zero to zero elements, we should just check whether the current length is zero. Users can use ignore_changes if they do not wish to manage this property.
There was a problem hiding this comment.
Thanks for your time, the code has been updated, could you please take a look again?
There was a problem hiding this comment.
Hi @manicminer I removed the conditional policy deletion in the update func because I assume that if d.HasChange("policy") and policyContract == nil, there is only one possibility, which is to change the computed + optional property policy from being configured to being empty(policy = [] ) in TF configuration. So I assume that there is no need to add a conditional deletion here, any feedback feel free let me know, thank you.
There was a problem hiding this comment.
Thanks for this PR @sinbai.
It looks like this change may have introduced some test failures? It's difficult to tell given the number of failures in the acceptance tests but this error message shows up a couple of times and isn't found on the tests run against the main branch - could you please investigate?
------- Stdout: -------
=== RUN TestAccApiManagement_softDeleteRecovery
=== PAUSE TestAccApiManagement_softDeleteRecovery
=== CONT TestAccApiManagement_softDeleteRecovery
testcase.go:113: Step 4/5 error: Error running apply: exit status 1
Error: recovering Service (Subscription: "*******"
Resource Group Name: "acctestRG-231030123449622871"
Service Name: "acctestAM-231030123449622871"): unexpected status 409 with error: ServiceLocked: The API Service acctestAM-231030123449622871 is transitioning at this time. Please try the request again later.
with azurerm_api_management.test,
on terraform_plugin_test.tf line 26, in resource "azurerm_api_management" "test":
26: resource "azurerm_api_management" "test" {
--- FAIL: TestAccApiManagement_softDeleteRecovery (329.46s)
FAIL
------- Stdout: -------
=== RUN TestAccApiManagement_identityUserAssignedHostnameConfigurationsKeyVaultId
=== PAUSE TestAccApiManagement_identityUserAssignedHostnameConfigurationsKeyVaultId
=== CONT TestAccApiManagement_identityUserAssignedHostnameConfigurationsKeyVaultId
testing_new.go:90: Error running post-test destroy, there may be dangling resources: exit status 1
Error: purging the deleted Service (Subscription: "*******"
Resource Group Name: "acctestRG-231030122614304293"
Service Name: "acctestAM-231030122614304293"): unexpected status 409 with error: ServiceLocked: The API Service acctestAM-231030122614304293 is transitioning at this time. Please try the request again later.
--- FAIL: TestAccApiManagement_identityUserAssignedHostnameConfigurationsKeyVaultId (1745.41s)
FAIL
Hi @stephybun thank you for your time. I don't think this change would cause the above tests to fail, as this change only affects the case where the |
|
@sinbai the large amount of eventual consistency failures in APIM is making it quite difficult to validate fixes or enhancements to resources within this service. Could you please investigate and open a separate PR to fix these? It's becoming problematic for all APIM PRs. cc. @mybayern1974 |
|
@sinbai - any updates? |
Hi @katbyte after investigation, it was found that while deleting the resourcegroup, the Resources_ListByResourceGroup API discovered that the APIM service existed. In fact, calling the ApiManagementService_Get API at this time found that the APIM service no longer exists. I assume that this is an API eventual consistency issue. I have contacted the service team and have received no valuable information so far. On the Terraform side, I think all I can do now is add |
this doesn't fix it for the end user thou
so you have actually confirmed that the rg thinks the apim service is still within? What is that api call returning? but then a d.get does not show it? |
Hi @katbyte , thanks for your response. Yes, I added code in TF and when the eventual consistency issue occurs, I got the following logs, see below for details: • The log of calling the ApiManagementService_Get API after APIM service deletion is complete, before calling Resources_ListByResourceGroup:
• The log of calling the Resources_ListByResourceGroup API after getting the Api service does not exist:
|
sinbai
force-pushed
the
apim/fix_issue_23396
branch
from
ed4d809 to
a81b2a4
Compare
The purpose of this PR:
Test result:
PASS: TestAccApiManagement_policy (2754.61s)