aztfexport: Imported properties fails validation on terraform plan because of case sensitivity.
azurerm_network_security_rule seams to import properties from Azure without any regard of case sensitivity.
"azurerm_network_security_rule": /SUBSCRIPTIONS/{}/RESOURCEGROUPS/{}/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/{}/SECURITYRULES/{}",
Reference A NSG rule in Azure;
"properties": {
"securityRules": [
{
"name": "SMB",
"properties": {
"protocol": "TCP", // upper case
"sourcePortRange": "*",
"destinationPortRange": "445",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 310,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
}
]
}
},
At ‘terraform plan’ the validation fails at wrong protocol; “
Error: expected protocol to be one of [* Tcp Udp Icmp Ah Esp], got TCP”
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Reactions: 2
- Comments: 16
@KlasPihl Thank you for submitting this!
This is actually not a bug in
aztfy, but an inconsistency between the provider behavior (only allowsTcpsince v3.0) and the service behavior (case insensitive), which is tracked in: https://github.com/hashicorp/terraform-provider-azurerm/issues/16092.What
aztfydoes is simply callterraform importand convert the state to config. This means thepropertyis set asTCPin the state after importing. This always indicates that in the remote platform, theprotocolis set asTCP. So I assume after you manually change this to beTcp, you’ll hit a plan diff for it.I’ll keep this issue open for tracking purpose.