Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ApplicationGatewayWebApplicationFirewallPolicies expects a lowercase a starting at version 3.68.0 #23378

Open
1 task done
TMethod opened this issue Sep 25, 2023 · 2 comments

Comments

@TMethod
Copy link

TMethod commented Sep 25, 2023

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.5.6

AzureRM Provider Version

3.74.0

Affected Resource(s)/Data Source(s)

azurerm_application_gateway

Terraform Configuration Files

resource "azurerm_application_gateway" "example" {

firewall_policy_id = /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/example-resource-group/providers/Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/ApplicationGatewayWebApplicationFirewallPolicyValue

}

Debug Output/Panic Output

Error: parsing "/subscriptions/12345/resourceGroups/example-rg/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/example-waf": parsing segment "staticApplicationGatewayWebApplicationFirewallPolicies": parsing the ApplicationGatewayWebApplicationFirewallPolicy ID: the segment at position 6 didn't match

Expected Behaviour

It should not show an error when the A in ApplicationGatewayWebApplicationFirewallPolicy is capitalized.

This shows as ApplicationGatewayWebApplicationFirewallPolicy within the Azure portal. However, azurerm is expecting the a to be lowercase.

I feel like azurerm should be updated to match what is shown in the portal.

Actual Behaviour

Validation error

Steps to Reproduce

No response

Important Factoids

No response

References

No response

@teowa
Copy link
Contributor

teowa commented Sep 28, 2023

Hi @TMethod , thanks for submitting this issue. After PR #22455, the azurerm_web_application_firewall_policy is migrated new SDK, and its ID validator has been strengthend to force the applicationGatewayWebApplicationFirewallPolicy segment to make it more consistent in Terraform. Please use the lower case a or use the reference firewall_policy_id = azurerm_web_application_firewall_policy.example.id or firewall_policy_id = data.azurerm_web_application_firewall_policy.example.id.
Thanks.

@stevensystems
Copy link

Actually when doing as supposed by @teowa , this results to an always recurring in-pace-upgrade when assigning the policy to the gateway using "azapi_update_resource".

Input:

resource "azurerm_web_application_firewall_policy" "mypolicy" {
  name                = "MyFwPolicyName"
  resource_group_name = var.resource_group
  location            =var.location

  policy_settings {
    enabled                     = true
    mode                        = "Prevention"
    request_body_check          = false
    file_upload_limit_in_mb     = 100
    max_request_body_size_in_kb = 128
  }  
}

resource "azapi_update_resource" "appgw_update" {
  type        = "Microsoft.Network/applicationGateways@2023-05-01"
  resource_id = azurerm_application_gateway.myappgw.id
  
  body = jsonencode({
    properties = {
      firewallPolicy = {
        id : "${azurerm_web_application_firewall_policy.mypolicy.id}"
      }  
    }
  })
}

Result (plan)

 # azapi_update_resource.appgw_azure_ingress will be updated in-place
  ~ resource "azapi_update_resource" "appgw_azure_ingress" {
      ~ body                    = jsonencode(
          ~ {
              ~ properties = {
                  ~ firewallPolicy  = {
                      ~ id = "/subscriptions/<GUID>/resourceGroups/MyResourceGroup/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/MyFwPolicyName" -> "/subscriptions/<GUID>/resourceGroups/MyResourceGroup/providers/Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/MyFwPolicyName"
                    }
                    # (3 unchanged attributes hidden)
                }
            }
        )
        id                      = "/subscriptions/<GUID>/resourceGroups/MyResourceGroup/providers/Microsoft.Network/applicationGateways/appgw-ingress"
        name                    = "appgw-ingress"
      ~ output                  = jsonencode({}) -> (known after apply)
        # (5 unchanged attributes hidden)
    }

The thing is, that the Azure API and in result azurerm_web_application_firewall_policy.example.id is returning ApplicationGatewayWebApplicationFirewallPolicies with a capitalized A.

Therefore my plan always tries to re-apply, when using provider >= 3.68 with the lower case syntax.

My current workaround is to use provider < 3.68 and re-import the resource "azurerm_application_gateway" using the capitalized A syntax:

terraform import azurerm_application_gateway.azure_ingress /subscriptions/<GUID>/resourceGroups/MyResourceGroup/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/MyFwPolicyName

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants