Changed SQL Server declarative code and got PSQL TF Plan error #55

New issue

Closed

opened 2026-02-13 09:43:15 +00:00 by sven.schmidt · 1 comment

sven.schmidt commented

2026-02-13 09:43:15 +00:00

Description

On the second Terraform run, after changing the SQL Server user/database creation code, the STACKIT Terraform provider fails during the refresh/read of an existing PostgreSQL Flex database resource in state. The provider returns a different resource identity than what is stored in the Terraform state and Terraform aborts with Error: Unexpected Identity Change.

This happens although the plan itself is about creating SQL Server Flex resources. The failure occurs while reading stackitprivatepreview_postgresflexalpha_database.testDB.

Steps to reproduce

/*Copyright 2025 STACKIT GmbH & Co. KG <maintainer.email@stackit.cloud>

Use of this source code is governed by an MIT-style
license that can be found in the LICENSE file or at
https://opensource.org/licenses/MIT.*/

resource "stackitprivatepreview_postgresflexalpha_user" "testUser" {
  project_id  = var.tcc_project_id
  instance_id = data.terraform_remote_state.infra_db.outputs.postgres_instance_id
  name        = "testuser"
  roles       = ["createdb", "login"]
}


resource "stackitprivatepreview_postgresflexalpha_database" "testDB" {
  depends_on  = [stackitprivatepreview_postgresflexalpha_user.testUser]
  project_id  = var.tcc_project_id
  instance_id = data.terraform_remote_state.infra_db.outputs.postgres_instance_id
  name        = "testdb"
  owner       = stackitprivatepreview_postgresflexalpha_user.testUser.name
}


/*Copyright 2025 STACKIT GmbH & Co. KG <maintainer.email@stackit.cloud>

Use of this source code is governed by an MIT-style
license that can be found in the LICENSE file or at
https://opensource.org/licenses/MIT.*/

resource "stackitprivatepreview_sqlserverflexbeta_user" "testUser" {
  project_id  = var.tcc_project_id
  instance_id = data.terraform_remote_state.infra_db.outputs.sqlserver_instance_id
  username    = "testuser"
  roles = ["##STACKIT_DatabaseManager##",
    "##STACKIT_LoginManager##",
    "##STACKIT_ProcessManager##",
    "##STACKIT_ServerManager##",
    "##STACKIT_SQLAgentManager##",
    "##STACKIT_SQLAgentUser##",
  ]
}


resource "stackitprivatepreview_sqlserverflexbeta_database" "testDB" {
  depends_on  = [stackitprivatepreview_sqlserverflexbeta_user.testUser]
  project_id  = var.tcc_project_id
  instance_id = data.terraform_remote_state.infra_db.outputs.sqlserver_instance_id
  name        = "testdb"
  owner       = stackitprivatepreview_sqlserverflexbeta_user.testUser.username
}

Actual behavior

Terraform refreshes the existing PostgreSQL resources and fails during the read of:

stackitprivatepreview_postgresflexalpha_database.testDB

With the following error (excerpt):

data.terraform_remote_state.infra_db: Reading...
data.terraform_remote_state.infra_db: Read complete after 0s
stackitprivatepreview_postgresflexalpha_user.testUser: Refreshing state... [name=testuser]
stackitprivatepreview_postgresflexalpha_database.testDB: Refreshing state... [name=testdb]
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
Terraform planned the following actions, but then encountered a problem:
  # stackitprivatepreview_sqlserverflexbeta_database.testDB will be created
  + resource "stackitprivatepreview_sqlserverflexbeta_database" "testDB" {
      + collation           = (known after apply)
      + collation_name      = (known after apply)
      + compatibility       = (known after apply)
      + compatibility_level = (known after apply)
      + database_name       = (known after apply)
      + id                  = (known after apply)
      + instance_id         = "e5c5af15-d2c9-41bd-8523-77e0b96990f1"
      + name                = "testdb"
      + owner               = "testuser"
      + project_id          = "9a6b8cca-7d45-41b1-b5e5-68123db347af"
      + region              = "***"
    }
  # stackitprivatepreview_sqlserverflexbeta_user.testUser will be created
  + resource "stackitprivatepreview_sqlserverflexbeta_user" "testUser" {
      + default_database = (known after apply)
      + host             = (known after apply)
      + id               = (known after apply)
      + instance_id      = "e5c5af15-d2c9-41bd-8523-77e0b96990f1"
      + password         = (known after apply)
      + port             = (known after apply)
      + project_id       = "9a6b8cca-7d45-41b1-b5e5-68123db347af"
      + region           = "***"
      + roles            = [
          + "##STACKIT_DatabaseManager##",
          + "##STACKIT_LoginManager##",
          + "##STACKIT_ProcessManager##",
          + "##STACKIT_ServerManager##",
          + "##STACKIT_SQLAgentManager##",
          + "##STACKIT_SQLAgentUser##",
        ]
      + status           = (known after apply)
      + uri              = (known after apply)
      + user_id          = (known after apply)
      + username         = "testuser"
    }
Plan: 2 to add, 0 to change, 0 to destroy.
╷
│ Error: Unexpected Identity Change
│ 
│   with stackitprivatepreview_postgresflexalpha_database.testDB,
│   on 03-create-user-db-psql.tf line 15, in resource "stackitprivatepreview_postgresflexalpha_database" "testDB":
│   15: resource "stackitprivatepreview_postgresflexalpha_database" "testDB" {
│ 
│ During the read operation, the Terraform Provider unexpectedly returned a
│ different identity than the previously stored one.
│ 
│ This is always a problem with the provider and should be reported to the
│ provider developer.
│ 
│ Current Identity: tftypes.Object["database_id":tftypes.Number,
│ "instance_id":tftypes.String, "project_id":tftypes.String,
│ "region":tftypes.String]<"database_id":tftypes.Number<"16668">,
│ "instance_id":tftypes.String<"b6d9e5a5-36cf-4654-a649-325df8a9b55c">,
│ "project_id":tftypes.String<"9a6b8cca-7d45-41b1-b5e5-68123db347af">,
│ "region":tftypes.String<"b6d9e5a5-36cf-4654-a649-325df8a9b55c">>
│ 
│ New Identity: tftypes.Object["database_id":tftypes.Number,
│ "instance_id":tftypes.String, "project_id":tftypes.String,
│ "region":tftypes.String]<"database_id":tftypes.Number<"16668">,
│ "instance_id":tftypes.String<"***">,
│ "project_id":tftypes.String<"9a6b8cca-7d45-41b1-b5e5-68123db347af">,
│ "region":tftypes.String<"b6d9e5a5-36cf-4654-a649-325df8a9b55c">>
╵
::error::Terraform exited with code 1.

Notably, region appears to be populated with the Postgres instance_id in the “Current Identity”, and the “New Identity” differs (instance_id masked in the log). This identity mismatch aborts Terraform with exit code 1.

Expected behavior

On refresh/read, the provider must return a stable identity that matches what is stored in Terraform state.

Environment

OS:
Terraform version (see terraform --version): >= 0.14.0"
Version of the STACKIT Terraform provider: v0.0.11-alpha

## Description On the second Terraform run, after changing the SQL Server user/database creation code, the STACKIT Terraform provider fails during the refresh/read of an existing PostgreSQL Flex database resource in state. The provider returns a different resource identity than what is stored in the Terraform state and Terraform aborts with Error: Unexpected Identity Change. This happens although the plan itself is about creating SQL Server Flex resources. The failure occurs while reading stackitprivatepreview_postgresflexalpha_database.testDB. ## Steps to reproduce  ```terraform /*Copyright 2025 STACKIT GmbH & Co. KG <maintainer.email@stackit.cloud> Use of this source code is governed by an MIT-style license that can be found in the LICENSE file or at https://opensource.org/licenses/MIT.*/ resource "stackitprivatepreview_postgresflexalpha_user" "testUser" { project_id = var.tcc_project_id instance_id = data.terraform_remote_state.infra_db.outputs.postgres_instance_id name = "testuser" roles = ["createdb", "login"] } resource "stackitprivatepreview_postgresflexalpha_database" "testDB" { depends_on = [stackitprivatepreview_postgresflexalpha_user.testUser] project_id = var.tcc_project_id instance_id = data.terraform_remote_state.infra_db.outputs.postgres_instance_id name = "testdb" owner = stackitprivatepreview_postgresflexalpha_user.testUser.name } /*Copyright 2025 STACKIT GmbH & Co. KG <maintainer.email@stackit.cloud> Use of this source code is governed by an MIT-style license that can be found in the LICENSE file or at https://opensource.org/licenses/MIT.*/ resource "stackitprivatepreview_sqlserverflexbeta_user" "testUser" { project_id = var.tcc_project_id instance_id = data.terraform_remote_state.infra_db.outputs.sqlserver_instance_id username = "testuser" roles = ["##STACKIT_DatabaseManager##", "##STACKIT_LoginManager##", "##STACKIT_ProcessManager##", "##STACKIT_ServerManager##", "##STACKIT_SQLAgentManager##", "##STACKIT_SQLAgentUser##", ] } resource "stackitprivatepreview_sqlserverflexbeta_database" "testDB" { depends_on = [stackitprivatepreview_sqlserverflexbeta_user.testUser] project_id = var.tcc_project_id instance_id = data.terraform_remote_state.infra_db.outputs.sqlserver_instance_id name = "testdb" owner = stackitprivatepreview_sqlserverflexbeta_user.testUser.username } ```  ## Actual behavior Terraform refreshes the existing PostgreSQL resources and fails during the read of: stackitprivatepreview_postgresflexalpha_database.testDB With the following error (excerpt): ```terraform data.terraform_remote_state.infra_db: Reading... data.terraform_remote_state.infra_db: Read complete after 0s stackitprivatepreview_postgresflexalpha_user.testUser: Refreshing state... [name=testuser] stackitprivatepreview_postgresflexalpha_database.testDB: Refreshing state... [name=testdb] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform planned the following actions, but then encountered a problem: # stackitprivatepreview_sqlserverflexbeta_database.testDB will be created + resource "stackitprivatepreview_sqlserverflexbeta_database" "testDB" { + collation = (known after apply) + collation_name = (known after apply) + compatibility = (known after apply) + compatibility_level = (known after apply) + database_name = (known after apply) + id = (known after apply) + instance_id = "e5c5af15-d2c9-41bd-8523-77e0b96990f1" + name = "testdb" + owner = "testuser" + project_id = "9a6b8cca-7d45-41b1-b5e5-68123db347af" + region = "***" } # stackitprivatepreview_sqlserverflexbeta_user.testUser will be created + resource "stackitprivatepreview_sqlserverflexbeta_user" "testUser" { + default_database = (known after apply) + host = (known after apply) + id = (known after apply) + instance_id = "e5c5af15-d2c9-41bd-8523-77e0b96990f1" + password = (known after apply) + port = (known after apply) + project_id = "9a6b8cca-7d45-41b1-b5e5-68123db347af" + region = "***" + roles = [ + "##STACKIT_DatabaseManager##", + "##STACKIT_LoginManager##", + "##STACKIT_ProcessManager##", + "##STACKIT_ServerManager##", + "##STACKIT_SQLAgentManager##", + "##STACKIT_SQLAgentUser##", ] + status = (known after apply) + uri = (known after apply) + user_id = (known after apply) + username = "testuser" } Plan: 2 to add, 0 to change, 0 to destroy. ╷ │ Error: Unexpected Identity Change │ │ with stackitprivatepreview_postgresflexalpha_database.testDB, │ on 03-create-user-db-psql.tf line 15, in resource "stackitprivatepreview_postgresflexalpha_database" "testDB": │ 15: resource "stackitprivatepreview_postgresflexalpha_database" "testDB" { │ │ During the read operation, the Terraform Provider unexpectedly returned a │ different identity than the previously stored one. │ │ This is always a problem with the provider and should be reported to the │ provider developer. │ │ Current Identity: tftypes.Object["database_id":tftypes.Number, │ "instance_id":tftypes.String, "project_id":tftypes.String, │ "region":tftypes.String]<"database_id":tftypes.Number<"16668">, │ "instance_id":tftypes.String<"b6d9e5a5-36cf-4654-a649-325df8a9b55c">, │ "project_id":tftypes.String<"9a6b8cca-7d45-41b1-b5e5-68123db347af">, │ "region":tftypes.String<"b6d9e5a5-36cf-4654-a649-325df8a9b55c">> │ │ New Identity: tftypes.Object["database_id":tftypes.Number, │ "instance_id":tftypes.String, "project_id":tftypes.String, │ "region":tftypes.String]<"database_id":tftypes.Number<"16668">, │ "instance_id":tftypes.String<"***">, │ "project_id":tftypes.String<"9a6b8cca-7d45-41b1-b5e5-68123db347af">, │ "region":tftypes.String<"b6d9e5a5-36cf-4654-a649-325df8a9b55c">> ╵ ::error::Terraform exited with code 1. ``` Notably, region appears to be populated with the Postgres instance_id in the “Current Identity”, and the “New Identity” differs (instance_id masked in the log). This identity mismatch aborts Terraform with exit code 1. ## Expected behavior On refresh/read, the provider must return a stable identity that matches what is stored in Terraform state. ## Environment - OS: - Terraform version (see `terraform --version`): `>= 0.14.0"` - Version of the STACKIT Terraform provider: `v0.0.11-alpha`