Fix #31965: Force recreation when policy definition parameter names change

jiaweitao001 · Copilot · jiaweitao001 · commit e2e7ba38c496 · 2026-03-18T10:07:47.000+08:00
The CustomizeDiff logic previously only handled parameter count decreases,
but did not detect parameter renames (where count stays the same but names
change). Azure API does not allow parameter name changes during update.

This change iterates through old parameter names and forces recreation if
any are missing from the new parameters, handling both removal and rename.

Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/internal/services/policy/policy_definition_resource.go b/internal/services/policy/policy_definition_resource.go
@@ -45,7 +45,7 @@ func resourceArmPolicyDefinition() *pluginsdk.Resource {
 		Schema: resourceArmPolicyDefinitionSchema(),
 
 		CustomizeDiff: pluginsdk.CustomizeDiffShim(func(ctx context.Context, d *pluginsdk.ResourceDiff, v interface{}) error {
-			// `parameters` cannot have values removed so we'll ForceNew if there are less parameters between Terraform runs
+			// `parameters` cannot have values removed or renamed so we'll ForceNew if any parameter names are removed/changed
 			if d.HasChange("parameters") {
 				oldParametersRaw, newParametersRaw := d.GetChange("parameters")
 				if oldParametersString := oldParametersRaw.(string); oldParametersString != "" {
@@ -64,8 +64,11 @@ func resourceArmPolicyDefinition() *pluginsdk.Resource {
 						return fmt.Errorf("expanding JSON for `parameters`: %+v", err)
 					}
 
-					if len(newParameters) < len(oldParameters) {
-						return d.ForceNew("parameters")
+					// ForceNew if parameters were removed or renamed
+					for oldKey := range oldParameters {
+						if _, exists := newParameters[oldKey]; !exists {
+							return d.ForceNew("parameters")
+						}
 					}
 				}
 			}

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ func resourceArmPolicyDefinition() *pluginsdk.Resource {`
`45`	`45`	`Schema: resourceArmPolicyDefinitionSchema(),`
`46`	`46`
`47`	`47`	`CustomizeDiff: pluginsdk.CustomizeDiffShim(func(ctx context.Context, d *pluginsdk.ResourceDiff, v interface{}) error {`
`48`		- // `parameters` cannot have values removed so we'll ForceNew if there are less parameters between Terraform runs
	`48`	+ // `parameters` cannot have values removed or renamed so we'll ForceNew if any parameter names are removed/changed
`49`	`49`	`if d.HasChange("parameters") {`
`50`	`50`	`oldParametersRaw, newParametersRaw := d.GetChange("parameters")`
`51`	`51`	`if oldParametersString := oldParametersRaw.(string); oldParametersString != "" {`
`@@ -64,8 +64,11 @@ func resourceArmPolicyDefinition() *pluginsdk.Resource {`
`64`	`64`	return fmt.Errorf("expanding JSON for `parameters`: %+v", err)
`65`	`65`	`}`
`66`	`66`
`67`		`- if len(newParameters) < len(oldParameters) {`
`68`		`- return d.ForceNew("parameters")`
	`67`	`+ // ForceNew if parameters were removed or renamed`
	`68`	`+ for oldKey := range oldParameters {`
	`69`	`+ if _, exists := newParameters[oldKey]; !exists {`
	`70`	`+ return d.ForceNew("parameters")`
	`71`	`+ }`
`69`	`72`	`}`
`70`	`73`	`}`
`71`	`74`	`}`