imported azurerm_cdn_endpoint_custom_domain should not recreated because of Uppercase G in resourceGroups

[StefanSchoof]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v1.1.2
on windows_amd64

• provider registry.terraform.io/hashicorp/azuread v2.14.0
• provider registry.terraform.io/hashicorp/azurerm v2.91.0

Affected Resource(s)

• azurerm_cdn_endpoint_custom_domain

Terraform Configuration Files

resource "azurerm_cdn_endpoint_custom_domain" "frontend_domain" {
  name            = replace(local.portal_url, ".", "-")
  cdn_endpoint_id = azurerm_cdn_endpoint.frontend_endpoint.id
  host_name       = local.portal_url
  cdn_managed_https {
    certificate_type = "Dedicated"
    protocol_type    = "ServerNameIndication"
    tls_version      = "TLS12"
  }
}

Debug Output

Terraform will perform the following actions:

  # azurerm_cdn_endpoint_custom_domain.frontend_domain must be replaced
-/+ resource "azurerm_cdn_endpoint_custom_domain" "frontend_domain" {
      ~ cdn_endpoint_id = "/subscriptions/<snip>/resourceGroups/<snip>/providers/Microsoft.Cdn/profiles/<snip>dev-cdn/endpoints/<snip>dev" -> "/subscriptions/<snip>/resourcegroups/<snip>/providers/Microsoft.Cdn/profiles/<snip>dev-cdn/endpoints/<snip>dev" # forces replacement
      ~ id              = "/subscriptions/<snip>/resourceGroups/<snip>/providers/Microsoft.Cdn/profiles/<snip>dev-cdn/endpoints/<snip>dev/customDomains/<snip>" -> (known after apply)
        name            = "<snip>"
        # (1 unchanged attribute hidden)


      - timeouts {}
        # (1 unchanged block hidden)
    }

Plan: 1 to add, 0 to change, 1 to destroy.

Panic Output

Expected Behaviour

After importing a existing azurerm_cdn_endpoint_custom_domain and a matching terraform config, an apply will not try to recreate the azurerm_cdn_endpoint_custom_domain. An case change in G of resourceGroups should be ignored.

Actual Behaviour

terraform want to destroy and recreate the azurerm_cdn_endpoint_custom_domain, because the existing resource has an Uppercase G in the endpoint_id in the /resourceGroups/ and the new should be have a lower case /resourcegroups/.

To acualy delete a custom domain, the DNS CName must removed before and added again after the destroy.

A workaround is to use lifecycle ignore_changes for the cdn_endpoint_id:

  lifecycle {
    ignore_changes = [
      cdn_endpoint_id
    ]
  }

Steps to Reproduce

1. Create an azure cdn enpoint custom domain by hand (needs a cname entry)
2. Create a config for azurerm_cdn_endpoint_custom_domain
3. Import this in tf
4. tf apply

Important Factoids

References

• Resource azurerm_user_assigned_identity -> parsing segment "staticResourceGroups": expected the segment "resourcegroups" to be "resourceGroups" #14853

[magodo]

@StefanSchoof Sorry that I can't reproduce this in my local. I've created every resource from Terraform, then create a endpoint custom domain and import it as you stated via Terraform and eveything works fine.

I'd like to know how do you create the azurerm_cdn_endpoint, did you have it in a long term but never refreshed, or did you also imported it, but with the incorrect case for G when running terraform import?

Also please check the terraform.tfstate file to see what schema_version is the azurerm_cdn_endpoint? E.g. in my case it is as below:

    {
      "mode": "managed",
      "type": "azurerm_cdn_endpoint",
      "name": "test",
      "provider": "provider[\"registry.terraform.io/hashicorp/azurerm\"]",
      "instances": [
        {
          "schema_version": 1,
          ...
        }
       ]
     }

[StefanSchoof]

Thanks for your work.

I found that much differences in our stages, because we did not use tf for the custom domain previously (a little reminder, that I should always go the extra mile, to have everything in IoC ;) ), that I recreated the custom domain that was affected. I did not think about that this may be needed to get more info for this bug. Sorry.

the import was done by the command (found it in my shell history):

terraform import azurerm_cdn_endpoint.frontend_endpoint /subscriptions/<snip>/resourcegroups/<snip>-frontend/providers/Microsoft.Cdn/profiles/<snip>dev-cdn/endpoints/<snip>dev

[magodo]

@StefanSchoof Thank you for confrimation 👍 Meanwhile I've submit a PR #14891, which should hopefully mitigate your incorrect import automatically.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.