Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Microsoft.Management/managementGroups/settings #688

Open
HenryGelderbloem opened this issue Dec 5, 2024 · 2 comments
Open

Microsoft.Management/managementGroups/settings #688

HenryGelderbloem opened this issue Dec 5, 2024 · 2 comments
Labels
upstream-api

Comments

@HenryGelderbloem
Copy link

HenryGelderbloem commented Dec 5, 2024
edited
Loading

When using azapi_resource to set the default management group (see code below), subsequent plans and applies always find changes. This is because it pulls the Management Group name instead of the Management Group ID.

# Configuration of the default Management Group for all new Subscriptions. 
resource "azapi_resource" "default_mg" {
  type      = "Microsoft.Management/managementGroups/settings@2023-04-01"
  name      = "default"
  parent_id = data.azurerm_management_group.root_mg.id
  body = {
    properties = {
      defaultManagementGroup               = "${azurerm_management_group.sandbox.name}"
      requireAuthorizationForGroupCreation = true
    }
  }
}


Terraform will perform the following actions:

  # module.management_groups.azapi_resource.default_mg will be updated in-place
  ~ resource "azapi_resource" "default_mg" {
      ~ body                      = {
          ~ properties = {
              ~ defaultManagementGroup               = "mg-sandbox" -> "/providers/Microsoft.Management/managementGroups/mg-sandbox"
                # (1 unchanged attribute hidden)
            }
        }
        id                        = "/providers/Microsoft.Management/managementGroups/xxx/settings/default"
        name                      = "default"
      ~ output                    = {
          - id         = "/providers/Microsoft.Management/managementGroups/xxx/settings/default"
          - properties = {
              - tenantId = "xxx"
            }
          - type       = "Microsoft.Management/managementGroups/settings"
        } -> (known after apply)
        # (5 unchanged attributes hidden)
    }

I cannot set the default management group using the management group name of display name as it states I must use the ID. I can get around this issue with completing the initial deployment then on a subsequent deployment change the defaultManagementGroup value to the management group name.
@ms-henglu
Copy link
Member

Hi @HenryGelderbloem ,

Thank you for taking time to report this issue.

Let me know if I misunderstood the issue, the defaultManagementGroup requires the ID of the management group as it says in the doc. But the terraform plan finds the value in the remote state becomes the name of the management group.

I believe it's either an API issue or a document issue.

Please try:

  1. Use management group name in the defaultManagementGroup to create the resource.
  2. Add the lifecycle.ignore_changes to suppress the differences.

@HenryGelderbloem
Copy link
Author

@ms-henglu

Thanks for responding so quick. I can confirm the following:

  1. You must use the Management Group ID when configuring the defaultManagementGroup otherwise you will get an error.
  2. Adding lifecycle.ignore_changes prevents this from being an issue at subsequent plans.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
upstream-api
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@HenryGelderbloem @ms-henglu