Plan not detecting changes from the state. Always rebuilding everything

Terraform Providers Azure
1

I am using Terraform (13.5) to manage Logic apps in Azure. Every time I run a plan it seems to think everything needs to be destroyed and recreated - e.g. Plan: 31 to add, 108 to change, 31 to destroy.

Why could this be?

I have checked my backend state file and parameters, tags etc all look to be in there yet the plan wants to update, create, delete them.

I am running Terraform in Azure DevOps pipelines.

I am new to Terraform and this is a show stopper for me! Any help whatsoever would be very gratefully appreciated.

Many thanks,
Annie.

Plan file snippet:
<= data “azurerm_logic_app_workflow” “integration_outgoing_deadletter_alert_logic_app” {
~ access_endpoint = “https://xxxremoved” -> (known after apply)
~ connector_endpoint_ip_addresses = -> (known after apply)
~ connector_outbound_ip_addresses = [

  • “xx.xxx.x11.0/28”,
  • “xx.xxx.x7.x05”,
  • “xx.xxx.x24.x3”,
  • “xx.xxx.x2.x85”,
    ] -> (known after apply)
    ~ id = “/subscriptions/***/resourceGroups/Integration-DEV/providers/Microsoft.Logic/workflows/integration-outgoing-deadletter-alert” -> (known after apply)
    ~ location = “ukwest” -> (known after apply)
  • logic_app_integration_account_id = (known after apply)
    name = “integration-outgoing-deadletter-alert”
    ~ parameters = {
  • “$connections” = “”
  • “integration_error_email_address” = “errorsxxxxx@x.com
  • “integration_error_from_email_address” = “xxx@x.com
  • “loxam_notification_base_url” = “https://xxx-notifications.azurewebsites.net/api/xxx/email
    } -> (known after apply)
    resource_group_name = “Integration-DEV”
    ~ tags = {
  • “Incoming” = “false”
  • “Outgoing” = “true”
  • “Salesforce” = “true”
  • “Telisca” = “true”
    } -> (known after apply)
    ~ workflow_endpoint_ip_addresses = [
  • “xx.xxx.x8.98”,
  • “xx.xxx.x1.1x5”,
  • “xx.xxx.x3.1x4”,
  • “xx.xxx.xx9.x50”,
    ] -> (known after apply)
    ~ workflow_outbound_ip_addresses = [
  • “xx.xxx.54.1x5”,
  • “xx.xxx.45.2x8”,
  • “xx.xxx.x7.1x6”,
  • “xx.xxx.1x4.77”,
  • “xx.xxx.1x2.1x2”,
  • “xx.xxx.11x.36”,
  • “xx.xxx.11x.1x9”,
  • “xx.xxx.1x9.x3”,
    ] -> (known after apply)

~ workflow_schema = “https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#” -> (known after apply)
~ workflow_version = “1.0.0.0” -> (known after apply)

  • timeouts {
  • read = (known after apply)
    }
    }

State file snippet:
{
“mode”: “data”,
“type”: “azurerm_logic_app_workflow”,
“name”: “integration_outgoing_deadletter_alert_logic_app”,
“provider”: “provider[“registry.terraform.io/hashicorp/azurerm"]",
“instances”: [
{
“schema_version”: 0,
“attributes”: {
“access_endpoint”: " https://xxxremoved “,
“connector_endpoint_ip_addresses”: ,
“connector_outbound_ip_addresses”: [
“xx.xxx.211.0/28”,
“xx.xxx.47.105”,
“xx.xxx.124.13”,
“xx.xxx.52.185”
],
“id”: “/subscriptions/xxx/resourceGroups/Integration-DEV/providers/Microsoft.Logic/workflows/integration-outgoing-deadletter-alert”,
“location”: “ukwest”,
“logic_app_integration_account_id”: null,
“name”: “integration-outgoing-deadletter-alert”,
“parameters”: {
“$connections”: “”,
“integration_error_email_address”: “errorsxxxxx@x.com “,
“integration_error_from_email_address”: “xxx@x.com “,
“loxam_notification_base_url”: " https://xxx-notifications.azurewebsites.net/api/xxx/email "
},
“resource_group_name”: “Integration-DEV”,
“tags”: {
“Incoming”: “false”,
“Outgoing”: “true”,
“Salesforce”: “true”,
“Telisca”: “true”
},
“timeouts”: null,
“workflow_endpoint_ip_addresses”: [
“xx.xxx.48.98”,
“xx.xxx.x1.1x5”,
“xx.xxx.x3.xx4”,
“xx.xxx.1x9.1x0”
],
“workflow_outbound_ip_addresses”: [
" xx.xxx.54.1x5”,
" xx.xxx.x5.2x8”,
" xx.xxx.47.1x6”,
" xx.xxx.1x4.x7”,
" xx.xxx.112.112”,
" xx.xxx.1x3.36”,
" xx.xxx.118.1x9”,
" xx.xxx.11x.x3"
],
“workflow_schema”: “https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#”,
“workflow_version”: “1.0.0.0”
}
}
]
},

Resource definition in main.tf

Create the alert logic apps

resource “azurerm_resource_group_template_deployment” “integration_outgoing_deadletter_alert_logic_app” {
depends_on = [azurerm_resource_group_template_deployment.service_bus_api_connection]
name = var.workflows_integration_outgoing_deadletter_alert_name
resource_group_name = var.resource_group_name
deployment_mode = “Incremental”
template_content = templatefile("${path.module}/arm/logic-apps/alerts/integration-outgoing-deadletter-alert.json", {
“servicebus_id” = local.servicebus_id
“region” = data.azurerm_resource_group.resource_group.location
“connections_servicebus_name” = var.connections_servicebus_name
“servicebus_connection_id” = local.servicebus_connection_id
“servicebus_connection_string” = azurerm_servicebus_namespace.service_bus.default_primary_connection_string
“workflows_integration_outgoing_deadletter_alert_name” = var.workflows_integration_outgoing_deadletter_alert_name
“loxam_notification_base_url” = var.loxam_notification_base_url
“integration_error_email_address” = var.integration_error_email_address
“integration_error_from_email_address” = var.integration_error_from_email_address
})
}

data “azurerm_logic_app_workflow” “integration_outgoing_deadletter_alert_logic_app” {
depends_on = [azurerm_resource_group_template_deployment.integration_outgoing_deadletter_alert_logic_app]
name = azurerm_resource_group_template_deployment.integration_outgoing_deadletter_alert_logic_app.name
resource_group_name = data.azurerm_resource_group.resource_group.name
}

2

Hi @MacAnnie74,
could you kindly format your code and logs within triple back-ticks so that it’s easier to read?

Would it also be possible to upload the terraform plan output completely (anonymising is ok)?