From d42f4933e5e72b3eeea36cbc15ccb7cdec862281 Mon Sep 17 00:00:00 2001 From: WS <20408400+WodansSon@users.noreply.github.com> Date: Fri, 24 Jan 2020 17:44:20 -0800 Subject: [PATCH] Bug: `azurerm_frontdoor` fix for caching issue (#5358) * Port PR to new code base * Update website/docs/r/front_door.html.markdown Co-Authored-By: Tom Harvey * Update website/docs/r/front_door.html.markdown Co-Authored-By: Tom Harvey * Update website/docs/r/front_door.html.markdown Co-Authored-By: Tom Harvey * Update website/docs/r/front_door.html.markdown Co-Authored-By: Tom Harvey * Update website/docs/r/front_door.html.markdown Co-Authored-By: Tom Harvey * Update website/docs/r/front_door.html.markdown Co-Authored-By: Tom Harvey * Update website/docs/r/front_door.html.markdown Co-Authored-By: Tom Harvey * Update website/docs/r/front_door.html.markdown Co-Authored-By: Tom Harvey * Update website/docs/r/front_door.html.markdown Co-Authored-By: Tom Harvey * Update website/docs/r/front_door.html.markdown Co-Authored-By: Tom Harvey * Update website/docs/r/front_door.html.markdown Co-Authored-By: Tom Harvey * Update website/docs/r/front_door.html.markdown Co-Authored-By: Tom Harvey * Update website/docs/r/front_door.html.markdown Co-Authored-By: Tom Harvey * Update website/docs/r/front_door.html.markdown Co-Authored-By: Tom Harvey * Update website/docs/r/front_door.html.markdown Co-Authored-By: Tom Harvey * Update website/docs/r/front_door.html.markdown Co-Authored-By: Tom Harvey * Progress * Saving progress * Almost right * Cache working * Fully working without defaults * Update docs to document new behavior * Fix tests and documentation * Add test case for cache regression * Fix test code terrafmt * Fixed linting error in comment * pull value through test * Update docs and remove commented code * Update test case * terrafmt * Minor doc update * Added nil check per PR review Co-authored-by: Tom Harvey Co-authored-by: kt --- .../frontdoor/resource_arm_front_door.go | 107 +++++++++--- ...rce_arm_front_door_firewall_policy_test.go | 108 +++++++++--- .../tests/resource_arm_front_door_test.go | 163 ++++++++++++++++++ .../internal/services/frontdoor/validate.go | 7 +- website/docs/r/front_door.html.markdown | 61 ++++--- 5 files changed, 368 insertions(+), 78 deletions(-) diff --git a/azurerm/internal/services/frontdoor/resource_arm_front_door.go b/azurerm/internal/services/frontdoor/resource_arm_front_door.go index 3bccc29a445b..899127785c60 100644 --- a/azurerm/internal/services/frontdoor/resource_arm_front_door.go +++ b/azurerm/internal/services/frontdoor/resource_arm_front_door.go @@ -172,6 +172,11 @@ func resourceArmFrontDoor() *schema.Resource { Required: true, ValidateFunc: ValidateBackendPoolRoutingRuleName, }, + "cache_enabled": { + Type: schema.TypeBool, + Optional: true, + Default: true, + }, "cache_use_dynamic_compression": { Type: schema.TypeBool, Optional: true, @@ -190,6 +195,7 @@ func resourceArmFrontDoor() *schema.Resource { Type: schema.TypeString, Optional: true, }, + // TODO: In 2.0 Switch default value from MatchRequest to HTTPSOnly #4627 "forwarding_protocol": { Type: schema.TypeString, Optional: true, @@ -602,6 +608,10 @@ func resourceArmFrontDoorRead(d *schema.ResourceData, meta interface{}) error { } resourceGroup := id.ResourceGroup name := id.Path["frontdoors"] + // Link to issue: https://github.com/Azure/azure-sdk-for-go/issues/6762 + if name == "" { + name = id.Path["Frontdoors"] + } resp, err := client.Get(ctx, resourceGroup, name) if err != nil { @@ -655,7 +665,7 @@ func resourceArmFrontDoorRead(d *schema.ResourceData, meta interface{}) error { return fmt.Errorf("Error setting `backend_pool_load_balancing`: %+v", err) } - if err := d.Set("routing_rule", flattenArmFrontDoorRoutingRule(properties.RoutingRules)); err != nil { + if err := d.Set("routing_rule", flattenArmFrontDoorRoutingRule(properties.RoutingRules, d.Get("routing_rule"))); err != nil { return fmt.Errorf("Error setting `routing_rules`: %+v", err) } } @@ -674,6 +684,10 @@ func resourceArmFrontDoorDelete(d *schema.ResourceData, meta interface{}) error } resourceGroup := id.ResourceGroup name := id.Path["frontdoors"] + // Link to issue: https://github.com/Azure/azure-sdk-for-go/issues/6762 + if name == "" { + name = id.Path["Frontdoors"] + } future, err := client.Delete(ctx, resourceGroup, name) if err != nil { @@ -1053,20 +1067,10 @@ func expandArmFrontDoorForwardingConfiguration(input []interface{}, frontDoorPat customForwardingPath := v["custom_forwarding_path"].(string) forwardingProtocol := v["forwarding_protocol"].(string) + backendPoolName := v["backend_pool_name"].(string) cacheUseDynamicCompression := v["cache_use_dynamic_compression"].(bool) cacheQueryParameterStripDirective := v["cache_query_parameter_strip_directive"].(string) - backendPoolName := v["backend_pool_name"].(string) - - useDynamicCompression := frontdoor.DynamicCompressionEnabledDisabled - - if cacheUseDynamicCompression { - useDynamicCompression = frontdoor.DynamicCompressionEnabledEnabled - } - - cacheConfiguration := &frontdoor.CacheConfiguration{ - QueryParameterStripDirective: frontdoor.Query(cacheQueryParameterStripDirective), - DynamicCompression: useDynamicCompression, - } + cacheEnabled := v["cache_enabled"].(bool) backend := &frontdoor.SubResource{ ID: utils.String(frontDoorPath + "/BackendPools/" + backendPoolName), @@ -1074,11 +1078,30 @@ func expandArmFrontDoorForwardingConfiguration(input []interface{}, frontDoorPat forwardingConfiguration := frontdoor.ForwardingConfiguration{ ForwardingProtocol: frontdoor.ForwardingProtocol(forwardingProtocol), - CacheConfiguration: cacheConfiguration, BackendPool: backend, OdataType: frontdoor.OdataTypeMicrosoftAzureFrontDoorModelsFrontdoorForwardingConfiguration, } + // Per the portal, if you enable the cache the cache_query_parameter_strip_directive + // is then a required attribute else the CacheConfiguration type is null + if cacheEnabled { + // Set the default value for dynamic compression or use the value defined in the config + dynamicCompression := frontdoor.DynamicCompressionEnabledEnabled + if !cacheUseDynamicCompression { + dynamicCompression = frontdoor.DynamicCompressionEnabledDisabled + } + + if cacheQueryParameterStripDirective == "" { + // Set Default Value for strip directive is not in the key slice and cache is enabled + cacheQueryParameterStripDirective = string(frontdoor.StripNone) + } + + forwardingConfiguration.CacheConfiguration = &frontdoor.CacheConfiguration{ + DynamicCompression: dynamicCompression, + QueryParameterStripDirective: frontdoor.Query(cacheQueryParameterStripDirective), + } + } + if customForwardingPath != "" { forwardingConfiguration.CustomForwardingPath = utils.String(customForwardingPath) } @@ -1107,7 +1130,16 @@ func flattenArmFrontDoorBackendPools(input *[]frontdoor.BackendPool) []map[strin if properties := v.BackendPoolProperties; properties != nil { result["backend"] = flattenArmFrontDoorBackend(properties.Backends) result["health_probe_name"] = flattenArmFrontDoorSubResource(properties.HealthProbeSettings, "HealthProbeSettings") + // Link to issue: https://github.com/Azure/azure-sdk-for-go/issues/6762 + if result["health_probe_name"] == "" { + result["health_probe_name"] = flattenArmFrontDoorSubResource(properties.HealthProbeSettings, "healthProbeSettings") + } + result["load_balancing_name"] = flattenArmFrontDoorSubResource(properties.LoadBalancingSettings, "LoadBalancingSettings") + // Link to issue: https://github.com/Azure/azure-sdk-for-go/issues/6762 + if result["load_balancing_name"] == "" { + result["load_balancing_name"] = flattenArmFrontDoorSubResource(properties.LoadBalancingSettings, "loadBalancingSettings") + } } output = append(output, result) } @@ -1314,20 +1346,29 @@ func flattenArmFrontDoorLoadBalancingSettingsModel(input *[]frontdoor.LoadBalanc return []interface{}{result} } -func flattenArmFrontDoorRoutingRule(input *[]frontdoor.RoutingRule) []interface{} { +func flattenArmFrontDoorRoutingRule(input *[]frontdoor.RoutingRule, oldBlocks interface{}) []interface{} { if input == nil { return make([]interface{}, 0) } - output := make([]interface{}, 0) + oldByName := map[string]map[string]interface{}{} + + for _, i := range oldBlocks.([]interface{}) { + v := i.(map[string]interface{}) + + oldByName[v["name"].(string)] = v + } + output := make([]interface{}, 0) for _, v := range *input { result := make(map[string]interface{}) if id := v.ID; id != nil { result["id"] = *id } - if name := v.Name; name != nil { + + name := v.Name + if name != nil { result["name"] = *name } @@ -1349,21 +1390,37 @@ func flattenArmFrontDoorRoutingRule(input *[]frontdoor.RoutingRule) []interface{ v := brc.(frontdoor.ForwardingConfiguration) c["backend_pool_name"] = flattenArmFrontDoorSubResource(v.BackendPool, "BackendPools") + // Link to issue: https://github.com/Azure/azure-sdk-for-go/issues/6762 + if c["backend_pool_name"] == "" { + c["backend_pool_name"] = flattenArmFrontDoorSubResource(v.BackendPool, "backendPools") + } c["custom_forwarding_path"] = v.CustomForwardingPath c["forwarding_protocol"] = string(v.ForwardingProtocol) if cacheConfiguration := v.CacheConfiguration; cacheConfiguration != nil { - if queryParameter := cacheConfiguration.QueryParameterStripDirective; queryParameter != "" { - c["cache_query_parameter_strip_directive"] = string(queryParameter) + c["cache_enabled"] = true + if stripDirective := cacheConfiguration.QueryParameterStripDirective; stripDirective != "" { + c["cache_query_parameter_strip_directive"] = string(stripDirective) } else { c["cache_query_parameter_strip_directive"] = string(frontdoor.StripNone) } - c["cache_use_dynamic_compression"] = false - if dynamicCompression := cacheConfiguration.DynamicCompression; dynamicCompression != "" { - if dynamicCompression == frontdoor.DynamicCompressionEnabledEnabled { - c["cache_use_dynamic_compression"] = true + c["cache_use_dynamic_compression"] = bool(string(dynamicCompression) == string(frontdoor.DynamicCompressionEnabledEnabled)) + } + } else { + c["cache_enabled"] = false + + if name != nil { + //get `forwarding_configuration` + if o, ok := oldByName[*name]; ok { + ofcs := o["forwarding_configuration"].([]interface{}) + if len(ofcs) > 0 { + ofc := ofcs[0].(map[string]interface{}) + + c["cache_query_parameter_strip_directive"] = ofc["cache_query_parameter_strip_directive"] + c["cache_use_dynamic_compression"] = ofc["cache_use_dynamic_compression"] + } } } } @@ -1431,6 +1488,10 @@ func flattenArmFrontDoorFrontendEndpointsSubResources(input *[]frontdoor.SubReso for _, v := range *input { name := flattenArmFrontDoorSubResource(&v, "FrontendEndpoints") + // Link to issue: https://github.com/Azure/azure-sdk-for-go/issues/6762 + if name == "" { + name = flattenArmFrontDoorSubResource(&v, "frontendEndpoints") + } output = append(output, name) } diff --git a/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_firewall_policy_test.go b/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_firewall_policy_test.go index 4ab716b99448..528df275cdfe 100644 --- a/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_firewall_policy_test.go +++ b/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_firewall_policy_test.go @@ -209,37 +209,65 @@ resource "azurerm_frontdoor_firewall_policy" "import" { } func testAccAzureRMFrontDoorFirewallPolicy_update(data acceptance.TestData, update bool) string { - inner := "" if update { - inner = fmt.Sprintf(` -custom_rule { - name = "Rule2" - enabled = true - priority = 2 - rate_limit_duration_in_minutes = 1 - rate_limit_threshold = 10 - type = "MatchRule" - action = "Block" - - match_condition { - match_variable = "RemoteAddr" - operator = "IPMatch" - negation_condition = false - match_values = ["192.168.1.0/24"] + return testAccAzureRMFrontDoorFirewallPolicy_updated(data) + } + return fmt.Sprintf(` +resource "azurerm_resource_group" "test" { + name = "testAccRG-%d" + location = "%s" +} + +resource "azurerm_frontdoor_firewall_policy" "test" { + name = "testAccFrontDoorWAF%[1]d" + resource_group_name = azurerm_resource_group.test.name + enabled = true + mode = "Prevention" + redirect_url = "https://www.contoso.com" + custom_block_response_status_code = 403 + custom_block_response_body = "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg==" + + custom_rule { + name = "Rule1" + enabled = true + priority = 1 + rate_limit_duration_in_minutes = 1 + rate_limit_threshold = 10 + type = "MatchRule" + action = "Block" + + match_condition { + match_variable = "RemoteAddr" + operator = "IPMatch" + negation_condition = false + match_values = ["192.168.1.0/24", "10.0.0.0/24"] + } } - match_condition { - match_variable = "RequestHeader" - selector = "UserAgent" - operator = "Contains" - negation_condition = false - match_values = ["windows"] - transforms = ["Lowercase", "Trim"] + managed_rule { + type = "DefaultRuleSet" + version = "preview-0.1" + + override { + rule_group_name = "PHP" + + rule { + rule_id = "933111" + enabled = false + action = "Block" + } + } + } + + managed_rule { + type = "BotProtection" + version = "preview-0.1" } } -`) - } +`, data.RandomInteger, data.Locations.Primary) +} +func testAccAzureRMFrontDoorFirewallPolicy_updated(data acceptance.TestData) string { return fmt.Sprintf(` resource "azurerm_resource_group" "test" { name = "testAccRG-%d" @@ -248,7 +276,7 @@ resource "azurerm_resource_group" "test" { resource "azurerm_frontdoor_firewall_policy" "test" { name = "testAccFrontDoorWAF%[1]d" - resource_group_name = "${azurerm_resource_group.test.name}" + resource_group_name = azurerm_resource_group.test.name enabled = true mode = "Prevention" redirect_url = "https://www.contoso.com" @@ -272,7 +300,31 @@ resource "azurerm_frontdoor_firewall_policy" "test" { } } - %[3]s + custom_rule { + name = "Rule2" + enabled = true + priority = 2 + rate_limit_duration_in_minutes = 1 + rate_limit_threshold = 10 + type = "MatchRule" + action = "Block" + + match_condition { + match_variable = "RemoteAddr" + operator = "IPMatch" + negation_condition = false + match_values = ["192.168.1.0/24"] + } + + match_condition { + match_variable = "RequestHeader" + selector = "UserAgent" + operator = "Contains" + negation_condition = false + match_values = ["windows"] + transforms = ["Lowercase", "Trim"] + } + } managed_rule { type = "DefaultRuleSet" @@ -294,5 +346,5 @@ resource "azurerm_frontdoor_firewall_policy" "test" { version = "preview-0.1" } } -`, data.RandomInteger, data.Locations.Primary, inner) +`, data.RandomInteger, data.Locations.Primary) } diff --git a/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_test.go b/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_test.go index ede210cac5ab..693b739a83dc 100644 --- a/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_test.go +++ b/azurerm/internal/services/frontdoor/tests/resource_arm_front_door_test.go @@ -121,6 +121,45 @@ func TestAccAzureRMFrontDoor_waf(t *testing.T) { }) } +func TestAccAzureRMFrontDoor_EnableDisableCache(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_frontdoor", "test") + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMFrontDoorDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMFrontDoor_EnableCache(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMFrontDoorExists(data.ResourceName), + resource.TestCheckResourceAttr(data.ResourceName, "routing_rule.0.forwarding_configuration.0.cache_enabled", "true"), + resource.TestCheckResourceAttr(data.ResourceName, "routing_rule.0.forwarding_configuration.0.cache_use_dynamic_compression", "false"), + resource.TestCheckResourceAttr(data.ResourceName, "routing_rule.0.forwarding_configuration.0.cache_query_parameter_strip_directive", "StripNone"), + ), + }, + { + Config: testAccAzureRMFrontDoor_DisableCache(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMFrontDoorExists(data.ResourceName), + resource.TestCheckResourceAttr(data.ResourceName, "routing_rule.0.forwarding_configuration.0.cache_enabled", "false"), + resource.TestCheckResourceAttr(data.ResourceName, "routing_rule.0.forwarding_configuration.0.cache_use_dynamic_compression", "false"), + resource.TestCheckResourceAttr(data.ResourceName, "routing_rule.0.forwarding_configuration.0.cache_query_parameter_strip_directive", "StripNone"), + ), + }, + { + Config: testAccAzureRMFrontDoor_EnableCache(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMFrontDoorExists(data.ResourceName), + resource.TestCheckResourceAttr(data.ResourceName, "routing_rule.0.forwarding_configuration.0.cache_enabled", "true"), + resource.TestCheckResourceAttr(data.ResourceName, "routing_rule.0.forwarding_configuration.0.cache_use_dynamic_compression", "false"), + resource.TestCheckResourceAttr(data.ResourceName, "routing_rule.0.forwarding_configuration.0.cache_query_parameter_strip_directive", "StripNone"), + ), + }, + data.ImportStep(), + }, + }) +} + func testCheckAzureRMFrontDoorExists(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { client := acceptance.AzureProvider.Meta().(*clients.Client).Frontdoor.FrontDoorsClient @@ -410,3 +449,127 @@ resource "azurerm_frontdoor" "test" { } `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger) } + +func testAccAzureRMFrontDoor_DisableCache(data acceptance.TestData) string { + return fmt.Sprintf(` +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +locals { + backend_name = "backend-bing" + endpoint_name = "frontend-endpoint" + health_probe_name = "health-probe" + load_balancing_name = "load-balancing-setting" +} + +resource "azurerm_frontdoor" "test" { + name = "acctestfd-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + enforce_backend_pools_certificate_name_check = false + + routing_rule { + name = "routing-rule" + accepted_protocols = ["Http", "Https"] + patterns_to_match = ["/*"] + frontend_endpoints = [local.endpoint_name] + forwarding_configuration { + forwarding_protocol = "MatchRequest" + backend_pool_name = local.backend_name + cache_enabled = false + } + } + + backend_pool_load_balancing { + name = local.load_balancing_name + } + + backend_pool_health_probe { + name = local.health_probe_name + } + + backend_pool { + name = local.backend_name + backend { + host_header = "www.bing.com" + address = "www.bing.com" + http_port = 80 + https_port = 443 + } + + load_balancing_name = local.load_balancing_name + health_probe_name = local.health_probe_name + } + + frontend_endpoint { + name = local.endpoint_name + host_name = "acctestfd-%d.azurefd.net" + custom_https_provisioning_enabled = false + } +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) +} + +func testAccAzureRMFrontDoor_EnableCache(data acceptance.TestData) string { + return fmt.Sprintf(` +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +locals { + backend_name = "backend-bing" + endpoint_name = "frontend-endpoint" + health_probe_name = "health-probe" + load_balancing_name = "load-balancing-setting" +} + +resource "azurerm_frontdoor" "test" { + name = "acctestfd-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + enforce_backend_pools_certificate_name_check = false + + routing_rule { + name = "routing-rule" + accepted_protocols = ["Http", "Https"] + patterns_to_match = ["/*"] + frontend_endpoints = [local.endpoint_name] + + forwarding_configuration { + forwarding_protocol = "MatchRequest" + backend_pool_name = local.backend_name + } + } + + backend_pool_load_balancing { + name = local.load_balancing_name + } + + backend_pool_health_probe { + name = local.health_probe_name + } + + backend_pool { + name = local.backend_name + backend { + host_header = "www.bing.com" + address = "www.bing.com" + http_port = 80 + https_port = 443 + } + + load_balancing_name = local.load_balancing_name + health_probe_name = local.health_probe_name + } + + frontend_endpoint { + name = local.endpoint_name + host_name = "acctestfd-%d.azurefd.net" + custom_https_provisioning_enabled = false + } +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) +} diff --git a/azurerm/internal/services/frontdoor/validate.go b/azurerm/internal/services/frontdoor/validate.go index 007a0ce96cdc..0a78075a9d85 100644 --- a/azurerm/internal/services/frontdoor/validate.go +++ b/azurerm/internal/services/frontdoor/validate.go @@ -51,19 +51,20 @@ func ValidateFrontdoorSettings(d *schema.ResourceDiff) error { // Check 0. validate that at least one routing configuration exists per routing rule if len(redirectConfig) == 0 && len(forwardConfig) == 0 { - return fmt.Errorf(`"routing_rule":%q is invalid. you must have either a "redirect_configuration" or a "forwarding_configuration" defined for the "routing_rule":%q `, routingRuleName, routingRuleName) + return fmt.Errorf(`routing_rule %s block is invalid. you must have either a "redirect_configuration" or a "forwarding_configuration" defined for the routing_rule %s`, routingRuleName, routingRuleName) } // Check 1. validate that only one configuration type is defined per routing rule if len(redirectConfig) == 1 && len(forwardConfig) == 1 { - return fmt.Errorf(`"routing_rule":%q is invalid. "redirect_configuration" conflicts with "forwarding_configuration". You can only have one configuration type per each routing rule`, routingRuleName) + return fmt.Errorf(`routing_rule %s block is invalid. "redirect_configuration" conflicts with "forwarding_configuration". You can only have one configuration type per each routing rule`, routingRuleName) } // Check 2. routing rule is a forwarding_configuration type make sure the backend_pool_name exists in the configuration file if len(forwardConfig) > 0 { fc := forwardConfig[0].(map[string]interface{}) + if err := VerifyBackendPoolExists(fc["backend_pool_name"].(string), backendPools); err != nil { - return fmt.Errorf(`"routing_rule":%q is invalid. %+v`, routingRuleName, err) + return fmt.Errorf(`routing_rule %s is invalid. %+v`, routingRuleName, err) } } diff --git a/website/docs/r/front_door.html.markdown b/website/docs/r/front_door.html.markdown index 1fe5c035f5c1..87136435d8bc 100644 --- a/website/docs/r/front_door.html.markdown +++ b/website/docs/r/front_door.html.markdown @@ -20,6 +20,11 @@ Below are some of the key scenarios that Azure Front Door Service addresses: ## Example Usage ```hcl +resource "azurerm_resource_group" "example" { + name = "FrontDoorExampleResourceGroup" + location = "EastUS2" +} + resource "azurerm_frontdoor" "example" { name = "example-FrontDoor" location = "${azurerm_resource_group.example.location}" @@ -70,11 +75,11 @@ resource "azurerm_frontdoor" "example" { The following arguments are supported: -* `name` - (Required) Name of the Front Door which is globally unique. Changing this forces a new resource to be created. +* `name` - (Required) Specifies the name of the Front Door service. Changing this forces a new resource to be created. -* `resource_group_name` - (Required) Name of the Resource group within the Azure subscription. Changing this forces a new resource to be created. +* `resource_group_name` - (Required) Specifies the name of the Resource Group in which the Front Door service should exist. Changing this forces a new resource to be created. -* `location` - (Required) Resource location. Changing this forces a new resource to be created. +* `location` - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. * `backend_pool` - (Required) A `backend_pool` block as defined below. @@ -82,9 +87,9 @@ The following arguments are supported: * `backend_pool_load_balancing` - (Required) A `backend_pool_load_balancing` block as defined below. -* `enforce_backend_pools_certificate_name_check` - (Required) Whether to enforce certificate name check on HTTPS requests to all backend pools. No effect on non-HTTPS requests. Permitted values are `true` or `false`. +* `enforce_backend_pools_certificate_name_check` - (Required) Enforce certificate name check on `HTTPS` requests to all backend pools, this setting will have no effect on `HTTP` requests. Permitted values are `true` or `false`. -* `load_balancer_enabled` - (Optional) Operational status of the Front Door load balancer. Permitted values are `true` or `false` Defaults to `true`. +* `load_balancer_enabled` - (Optional) Should the Front Door Load Balancer be Enabled? Defaults to `true`. * `friendly_name` - (Optional) A friendly name for the Front Door service. @@ -92,24 +97,26 @@ The following arguments are supported: * `routing_rule` - (Required) A `routing_rule` block as defined below. -* `tags` - (Optional) Resource tags. +* `tags` - (Optional) A mapping of tags to assign to the resource. --- The `backend_pool` block supports the following: -* `name` - (Required) The name of the `Backend Pool`. +* `name` - (Required) Specifies the name of the Backend Pool. * `backend` - (Required) A `backend` block as defined below. -* `load_balancing_name` - (Required) The name property of the `backend_pool_load_balancing` block whithin this resource to use for the `Backend Pool`. +* `load_balancing_name` - (Required) Specifies the name of the `backend_pool_load_balancing` block within this resource to use for this `Backend Pool`. -* `health_probe_name` - (Required) The name property of a `backend_pool_health_probe` block whithin this resource to use for the `Backend Pool`. +* `health_probe_name` - (Required) Specifies the name of the `backend_pool_health_probe` block whithin this resource to use for this `Backend Pool`. --- The `backend` block supports the following: +* `enabled` - (Optional) Specifies if the backend is enabled or not. Valid options are `true` or `false`. Defaults to `true`. + * `address` - (Required) Location of the backend (IP address or FQDN) * `host_header` - (Required) The value to use as the host header sent to the backend. @@ -126,35 +133,39 @@ The `backend` block supports the following: The `frontend_endpoint` block supports the following: -* `name` - (Required) The name of the Frontend Endpoint. - -* `host_name` - (Required) The host name of the Frontend Endpoint. Must be a domain name. +* `name` - (Required) Specifies the name of the `frontend_endpoint`. -* `custom_https_provisioning_enabled` - (Required) Whether to allow HTTPS protocol for a custom domain that's associated with Front Door to ensure sensitive data is delivered securely via TLS/SSL encryption when sent across the internet. Valid options are `true` or `false`. +* `host_name` - (Required) Specifies the host name of the `frontend_endpoint`. Must be a domain name. * `session_affinity_enabled` - (Optional) Whether to allow session affinity on this host. Valid options are `true` or `false` Defaults to `false`. * `session_affinity_ttl_seconds` - (Optional) The TTL to use in seconds for session affinity, if applicable. Defaults to `0`. +* `custom_https_provisioning_enabled` - (Required) Should the HTTPS protocol be enabled for a custom domain associated with the Front Door? + +* `custom_https_configuration` - (Optional) A `custom_https_configuration` block as defined below. + +-> **NOTE:** This block is required when `custom_https_provisioning_enabled` is set to `true`. + * `web_application_firewall_policy_link_id` - (Optional) Defines the Web Application Firewall policy `ID` for each host. --- The `backend_pool_health_probe` block supports the following: -* `name` - (Required) The name of the Azure Front Door Backend Health Probe. +* `name` - (Required) Specifies the name of the Health Probe. -* `path` - (Optional) The path to use for the Backend Health Probe. Default is `/`. +* `path` - (Optional) The path to use for the Health Probe. Default is `/`. -* `protocol` - (Optional) Protocol scheme to use for the Backend Health Probe. Defaults to `Http`. +* `protocol` - (Optional) Protocol scheme to use for the Health Probe. Defaults to `Http`. -* `interval_in_seconds` - (Optional) The number of seconds between health probes. Defaults to `120`. +* `interval_in_seconds` - (Optional) The number of seconds between each Health Probe. Defaults to `120`. --- The `backend_pool_load_balancing` block supports the following: -* `name` - (Required) The name of the Azure Front Door Backend Load Balancer. +* `name` - (Required) Specifies the name of the Load Balancer. * `sample_size` - (Optional) The number of samples to consider for load balancing decisions. Defaults to `4`. @@ -166,7 +177,7 @@ The `backend_pool_load_balancing` block supports the following: The `routing_rule` block supports the following: -* `name` - (Required) The name of the Front Door Backend Routing Rule. +* `name` - (Required) Specifies the name of the Routing Rule. * `frontend_endpoints` - (Required) The names of the `frontend_endpoint` blocks whithin this resource to associate with this `routing_rule`. @@ -184,11 +195,13 @@ The `routing_rule` block supports the following: The `forwarding_configuration` block supports the following: -* `backend_pool_name` - (Required) The name of the Front Door Backend Pool. +* `backend_pool_name` - (Required) Specifies the name of the Backend Pool to forward the incoming traffic to. + +* `cache_enabled` - (Optional) Specifies whether to Enable caching or not. Valid options are `true` or `false`. Defaults to `true`. -* `cache_use_dynamic_compression` - (Optional) Whether to use dynamic compression when caching. Valid options are `true` or `false`. Defaults to `true`. +* `cache_use_dynamic_compression` - (Optional) Whether to use dynamic compression when caching. Valid options are `true` or `false`. Defaults to `false`. -* `cache_query_parameter_strip_directive` - (Optional) Defines cache behavior in releation to query string parameters. Valid options are `StripAll` or `StripNone`. Defaults to `StripNone` +* `cache_query_parameter_strip_directive` - (Optional) Defines cache behavior in releation to query string parameters. Valid options are `StripAll` or `StripNone`. Defaults to `StripNone`. * `custom_forwarding_path` - (Optional) Path to use when constructing the request to forward to the backend. This functions as a URL Rewrite. Default behavior preserves the URL path. @@ -200,7 +213,7 @@ The `redirect_configuration` block supports the following: * `custom_host` - (Optional) Set this to change the URL for the redirection. -* `redirect_protocol` - (Optional) Protocol to use when redirecting. Valid options are `HttpOnly`, `HttpsOnly`, `MatchRequest`. Defaults to `MatchRequest` +* `redirect_protocol` - (Optional) Protocol to use when redirecting. Valid options are `HttpOnly`, `HttpsOnly`, or `MatchRequest`. Defaults to `MatchRequest` * `redirect_type` - (Optional) Status code for the redirect. Valida options are `Moved`, `Found`, `TemporaryRedirect`, `PermanentRedirect`. Defaults to `Found` @@ -218,7 +231,7 @@ The `custom_https_configuration` block supports the following: The following attributes are only valid if `certificate_source` is set to `AzureKeyVault`: -* `azure_key_vault_certificate_vault_id` - (Required) The `id` of the Key Vault containing the SSL certificate. +* `azure_key_vault_certificate_vault_id` - (Required) The ID of the Key Vault containing the SSL certificate. * `azure_key_vault_certificate_secret_name` - (Required) The name of the Key Vault secret representing the full certificate PFX.