Error: `immutability_period_in_days` cannot be decreased once an immutability policy has been locked

[abicky]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.10.5

AzureRM Provider Version

4.17.0

Affected Resource(s)/Data Source(s)

azurerm_storage_container_immutability_policy

Terraform Configuration Files

terraform {
  required_version = ">=1.0"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "=4.17.0"
    }
  }
}

variable "subscription_id" {}

provider "azurerm" {
  features {}
  subscription_id = var.subscription_id
}

resource "azurerm_resource_group" "example" {
  name     = "example"
  location = "eastus"
}

resource "random_string" "name" {
  length  = 24
  numeric = false
  special = false
  upper   = false
}

resource "azurerm_storage_account" "main" {
  name                     = random_string.name.result
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

resource "azurerm_storage_container" "example" {
  name               = "example"
  storage_account_id = azurerm_storage_account.main.id
}

resource "azurerm_storage_container_immutability_policy" "example" {
  storage_container_resource_manager_id = azurerm_storage_container.example.id
  immutability_period_in_days           = 1
  locked                                = true
}

Debug Output/Panic Output

https://gist.github.com/abicky/6dbd84eec9dbb2290666b57825e1ac17

Expected Behaviour

terraform plan should succeed when immutability_period_in_days is increased:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # azurerm_storage_container_immutability_policy.example will be updated in-place
  ~ resource "azurerm_storage_container_immutability_policy" "example" {
        id                                    = "/subscriptions/<subscription-id>/resourceGroups/example/providers/Microsoft.Storage/storageAccounts/jqasqsrbutmolhoqorhlbkgh/blobServices/default/containers/example/immutabilityPolicies/default"
      ~ immutability_period_in_days           = 1 -> 2
        # (4 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Actual Behaviour

terraform plan fails when immutability_period_in_days is increased:

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: `immutability_period_in_days` cannot be decreased once an immutability policy has been locked
│
│   with azurerm_storage_container_immutability_policy.example,
│   on main.tf line 43, in resource "azurerm_storage_container_immutability_policy" "example":
│   43: resource "azurerm_storage_container_immutability_policy" "example" {
│
╵

Steps to Reproduce

1. Run terraform apply using the attached configuration file
2. Increase immutability_period_in_days in the configuration file
3. Run terraform plan

Important Factoids

none

References

The PR #28661 fixes this issue.