azurerm_network_watcher_flow_log resources to be recreated after azurerm provider upgrade

[smitp11]

Terraform (and AzureRM Provider) Version

hashicorp/azurerm v2.73.0
terraform v0.14.9

Affected Resource(s)

azurerm_network_watcher_flow_log

Terraform Configuration Files

resource "azurerm_network_watcher_flow_log" "nsg-dap-apps-flow-log" {
  network_watcher_name = azurerm_network_watcher.network-watcher-cc.name
  resource_group_name  = azurerm_resource_group.network-watcher-resource-group.name
 
  network_security_group_id = azurerm_network_security_group.nsg-dap-apps.id
  storage_account_id        = azurerm_storage_account.dap_core_sa_la.id
  enabled                   = true

  version                   = 2

  retention_policy {
    enabled = true
    days    = 60
  }

  traffic_analytics {
    enabled               = true
    workspace_id          = data.azurerm_log_analytics_workspace.lgawdap.workspace_id
    workspace_region      = data.azurerm_log_analytics_workspace.lgawdap.location
    workspace_resource_id = data.azurerm_log_analytics_workspace.lgawdap.id
    interval_in_minutes   = 10
  }
}

Debug Output

Panic Output

Expected Behaviour

terraform plan shows 0 (zero) changes.

Actual Behaviour

terraform plan shows changes whereby it is trying to add the azurerm_network_watcher_flow_log resources as if they do not exist. Under 2.53.0 and the upgrade version a terraform state show against an affected flow log resource, it responds successfully and the output is as expected. Even removing the traffic_analysis block makes no difference.

Steps to Reproduce

Attempted upgrade of AzureRM provider from 2.53.0 -> 2.73.0 / 2.76.0 & 2.78.0

Important Factoids

References

#12990

[umersyed]

Any update on this one?

[smitp11]

This issue is resolved now.

The issue was after the upgrade that the NSG flow log that existed was no longer in the state file but still existed in Azure. On investigation it was noted that the NSG flow log name was incorrect, this caused Terraform to no longer find it, either in a terraform plan or terraform state show. The resolution was to delete the NSG flow log from Azure and run the terraform apply, this redeployed the flow logs and a subsequent terraform plan showed no changes.

The name of the NSG flow changed and was now prefixed with Microsoft.Network, previously it was not.

This is a strange one, because we originally deployed these flow logs with Terraform , the name change was only noticed after the provider upgrade caused them to show in the plan.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.