azurerm_application_gateway_resource: Change in ordering of probes, http_listener, ...

[patst]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v0.15.3

Affected Resource(s)

• azurerm_application_gateway

Terraform Configuration Files

resource "azurerm_application_gateway" "waf" {
  tags                = var.default_tags
  name                = "agw-${local.resource_infix}-waf"
  resource_group_name = azurerm_resource_group.agw.name
  location            = azurerm_resource_group.agw.location

  sku {
    name = "WAF_v2"
    tier = "WAF_v2"
  }
...
  http_listener {
    name                           = "HttpsListener"
    frontend_ip_configuration_name = "AppGwPrivateFrontendIp"
    frontend_port_name             = "port_443"
    protocol                       = "Https"
    host_name                      = var.some_host_name
    ssl_certificate_name           = "SslCertificate"
  }
...

Expected Behaviour

If I add a new http_listener block I will see one changed block running tf plan.

Actual Behaviour

If I add another http_listener configuration the first one might be changed to contain the configuration of the second. In addition the first will be created new.
So their is a modification + creation:

      ~ http_listener {
          ~ host_name                      = "old-hostname" -> "newly-added-hostname"
            id                             = "/subscriptions/<id>/resourceGroups/rg-apim-box-gwc-waf/providers/Microsoft.Network/applicationGateways/<agw>/httpListeners/apiHttpsListener"
          ~ name                           = "aHttpsListener" -> "newly-added-name"
          ~ ssl_certificate_name           = "aSslCertificate" -> "newSslCertificate"
            # (8 unchanged attributes hidden)
        }
      + http_listener {
          + frontend_ip_configuration_name = "AppGwPrivateFrontendIp"
          + frontend_port_name             = "port_443"
          + host_name                      = "old-hostname"
          + name                           = "aHttpsListener"
          + protocol                       = "Https"
          + ssl_certificate_name           = "aSslCertificate"
        }

Steps to Reproduce

Create an Application Gateway with probes, listeners, etc. and then add new probes, listeners, etc.

Important Factoids

We have configured quite a long list of listeners, probes, etc. Adding one results in a lot of changes. With all this noise its hard so see what really changed.

References

I think we the ordering of the blocks is changing and because the blocks all have schema.TypeList (e.g. https://github.com/terraform-providers/terraform-provider-azurerm/blob/cc9493f573e3b4e2563097d72992d58cfb27e102/azurerm/internal/services/network/application_gateway_resource.go#L812 ) this results in changes.

We could change them to be Sets. But I'm not sure about the implications of that ;-)

What do you think?

[jeffwmiles]

This is a duplicate of #6896, which has been fixed on PR #7021 but won't be available until provider version 3.0 due to breaking changes.

[katbyte]

closing at a duplicate of #6896

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.