Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Forced block re-creation on existing (dynamic) request_routing_rule blocks (Azure Application Gateway WAF V2) #8299

Closed
aport1996 opened this issue Aug 31, 2020 · 2 comments
Closed

Forced block re-creation on existing (dynamic) request_routing_rule blocks (Azure Application Gateway WAF V2) #8299

aport1996 opened this issue Aug 31, 2020 · 2 comments
Labels
bug duplicate service/application-gateway

Comments

@aport1996
Copy link

aport1996 commented Aug 31, 2020
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

v0.13.0

Affected Resource(s)

  • azurerm_application_gateway

Terraform Configuration Files

  dynamic request_routing_rule {
    for_each = var.application_gateway_request_routing_rule

    content  {
    http_listener_name = request_routing_rule.value["http_listener_name"]
    name = request_routing_rule.value["name"]
    redirect_configuration_name = request_routing_rule.value["redirect_configuration_name"]
    rule_type  = request_routing_rule.value["rule_type"]
    backend_address_pool_name = request_routing_rule.value["backend_address_pool_name"]
    backend_http_settings_name = request_routing_rule.value["backend_http_settings_name"]
    url_path_map_name = request_routing_rule.value["url_path_map_name"]
    }  
  }  


application_gateway_request_routing_rule = [ 
  {
    http_listener_name          = "HTTP-DEV-PORTAL-LISTENER" 
    name                        = "PORTAL-DEV-HTTPS-REDIRECT-RULE" 
    redirect_configuration_name = "PORTAL-DEV-HTTPS-REDIRECT"
    rule_type                   = "Basic"  
    backend_address_pool_name  = null
    backend_http_settings_name = null
    url_path_map_name  = null    
  },
  {
     http_listener_name          = "HTTPS-ORG-BUILD-LISTENER" 
     name                        = "ORG-BUILD-WEB-HTTPS" 
     redirect_configuration_name = null
     rule_type                   = "Basic"  
     backend_address_pool_name  = "ORG-BUILD-WEBSITE"
     backend_http_settings_name = "ORG-BUILD-WEBSITE"
     url_path_map_name  = null    
   },  
   {
     http_listener_name          = "HTTPS-APPTEST-LISTENER" 
     name                        = "APPTEST-WEB-HTTPS" 
     redirect_configuration_name = null
     rule_type                   = "Basic"  
     backend_address_pool_name  = "ORG-APPTEST-WEBAPP"
     backend_http_settings_name = "ORG-APPTEST-WEBAPP"
     url_path_map_name  = null  
   },      
   {
     http_listener_name          = "HTTPS-DEV-PORTAL-LISTENER" 
     name                        = "PORTAL-DEV-HTTPS-RULE" 
     redirect_configuration_name = null
     rule_type                   = "PathBasedRouting"  
     backend_address_pool_name  = null
     backend_http_settings_name = null
     url_path_map_name  = "PORTAL-DEV-APIM"
   },  
   {
     http_listener_name          = "HTTP-TST-PORTAL-LISTENER" 
     name                        = "PORTAL-TST-HTTPS-REDIRECT-RULE" 
     redirect_configuration_name = "PORTAL-TST-HTTPS-REDIRECT"
     rule_type                   = "Basic"  
     backend_address_pool_name  = null
     backend_http_settings_name = null
     url_path_map_name  = null 
   },    
   {
     http_listener_name          = "HTTPS-TST-PORTAL-LISTENER" 
     name                        = "PORTAL-TST-APIMPATH-RULE" 
     redirect_configuration_name = null
     rule_type                   = "PathBasedRouting"  
     backend_address_pool_name  = null
     backend_http_settings_name = null
     url_path_map_name  = "PORTAL-TST-APIM"
   },          
   {
     http_listener_name          = "HTTPS-TST-TEST-LISTENER" 
     name                        = "TEST-TST-HTTPS-RULE" 
     redirect_configuration_name = null
     rule_type                   = "PathBasedRouting"  
     backend_address_pool_name  = "TEST-TST-WEBAPP"
     backend_http_settings_name = "TEST-TST-WEBAPP-SETTING"
     url_path_map_name  = "TEST-TST-APIREDIRECTION"
   }                 
]

variable "application_gateway_request_routing_rule" {
  type = list(object({ http_listener_name = string, name = string, redirect_configuration_name = string, rule_type = string, backend_address_pool_name = string, backend_http_settings_name = string, url_path_map_name = string }))
}

Expected Behavior

Run terraform plan and see a No changes, infrastructure up-to-date message. Or, at least in the following terraform plan after the terraform apply command has been fully executed.

Actual Behavior

When running terraform plan terraform keeps outputs actions where it's trying to re-create these blocks (we have other dynamic blocks configured pretty much with the same layout within the same resource, that don't give these issues), even after terraform apply is executed the following terraform plan output will be the same. The only difference I noticed is that if I leave only 1 block of this type and run terraform apply by allowing it to remove the existing blocks, and then run terraform plan again, it will then confirm that there are no changes, but as soon as I add again even one more block to the configuration, it will create it but then terraform plan will always output the destruction of the existing blocks, followed by a re-creation.

With this output, when runnin terraform apply the modification on the app_gateway resource takes 2 seconds, which I'm sure means that terraform actually doesn't do anything on the resource in this case (which is also confirmed by the fact that terraform keeps trying to do the same thing with every terraform plan/apply test).

     - request_routing_rule {
          - http_listener_id            = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/httpListeners/HTTP-DEV-PORTAL-LISTENER" -> null
          - http_listener_name          = "HTTP-DEV-PORTAL-LISTENER" -> null
          - id                          = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/requestRoutingRules/PORTAL-DEV-HTTPS-REDIRECT-RULE" -> null
          - name                        = "PORTAL-DEV-HTTPS-REDIRECT-RULE" -> null
          - redirect_configuration_id   = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/redirectConfigurations/PORTAL-DEV-HTTPS-REDIRECT" -> null
          - redirect_configuration_name = "PORTAL-DEV-HTTPS-REDIRECT" -> null
          - rule_type                   = "Basic" -> null
        }
      - request_routing_rule {
          - http_listener_id            = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/httpListeners/HTTP-TST-PORTAL-LISTENER" -> null
          - http_listener_name          = "HTTP-TST-PORTAL-LISTENER" -> null
          - id                          = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/requestRoutingRules/PORTAL-TST-HTTPS-REDIRECT-RULE" -> null
          - name                        = "PORTAL-TST-HTTPS-REDIRECT-RULE" -> null
          - redirect_configuration_id   = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/redirectConfigurations/PORTAL-TST-HTTPS-REDIRECT" -> null
          - redirect_configuration_name = "PORTAL-TST-HTTPS-REDIRECT" -> null
          - rule_type                   = "Basic" -> null
        }
      - request_routing_rule {
          - http_listener_id   = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/httpListeners/HTTPS-DEV-PORTAL-LISTENER" -> null
          - http_listener_name = "HTTPS-DEV-PORTAL-LISTENER" -> null
          - id                 = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/requestRoutingRules/PORTAL-DEV-HTTPS-RULE" -> null
          - name               = "PORTAL-DEV-HTTPS-RULE" -> null
          - rule_type          = "PathBasedRouting" -> null
          - url_path_map_id    = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/urlPathMaps/PORTAL-DEV-APIM" -> null
          - url_path_map_name  = "PORTAL-DEV-APIM" -> null
        }
      - request_routing_rule {
          - http_listener_id   = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/httpListeners/HTTPS-TST-PORTAL-LISTENER" -> null
          - http_listener_name = "HTTPS-TST-PORTAL-LISTENER" -> null
          - id                 = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/requestRoutingRules/PORTAL-TST-APIMPATH-RULE" -> null
          - name               = "PORTAL-TST-APIMPATH-RULE" -> null
          - rule_type          = "PathBasedRouting" -> null
          - url_path_map_id    = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/urlPathMaps/PORTAL-TST-APIM" -> null
          - url_path_map_name  = "PORTAL-TST-APIM" -> null
        }
      - request_routing_rule {
          - http_listener_id   = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/httpListeners/HTTPS-TST-TEST-LISTENER" -> null
          - http_listener_name = "HTTPS-TST-TEST-LISTENER" -> null
          - id                 = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/requestRoutingRules/TEST-TST-HTTPS-RULE" -> null
          - name               = "TEST-TST-HTTPS-RULE" -> null
          - rule_type          = "PathBasedRouting" -> null
          - url_path_map_id    = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/urlPathMaps/TEST-TST-APIREDIRECTION" -> null
          - url_path_map_name  = "TEST-TST-APIREDIRECTION" -> null
        }
      + request_routing_rule {
          + http_listener_id            = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/httpListeners/HTTP-DEV-PORTAL-LISTENER"
          + http_listener_name          = "HTTP-DEV-PORTAL-LISTENER"
          + id                          = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/requestRoutingRules/PORTAL-DEV-HTTPS-REDIRECT-RULE"
          + name                        = "PORTAL-DEV-HTTPS-REDIRECT-RULE"
          + redirect_configuration_id   = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/redirectConfigurations/PORTAL-DEV-HTTPS-REDIRECT"
          + redirect_configuration_name = "PORTAL-DEV-HTTPS-REDIRECT"
          + rule_type                   = "Basic"
        }
      + request_routing_rule {
          + http_listener_id            = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/httpListeners/HTTP-TST-PORTAL-LISTENER"
          + http_listener_name          = "HTTP-TST-PORTAL-LISTENER"
          + id                          = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/requestRoutingRules/PORTAL-TST-HTTPS-REDIRECT-RULE"
          + name                        = "PORTAL-TST-HTTPS-REDIRECT-RULE"
          + redirect_configuration_id   = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/redirectConfigurations/PORTAL-TST-HTTPS-REDIRECT"
          + redirect_configuration_name = "PORTAL-TST-HTTPS-REDIRECT"
          + rule_type                   = "Basic"
        }
      + request_routing_rule {
          + http_listener_id   = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/httpListeners/HTTPS-DEV-PORTAL-LISTENER"
          + http_listener_name = "HTTPS-DEV-PORTAL-LISTENER"
          + id                 = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/requestRoutingRules/PORTAL-DEV-HTTPS-RULE"
          + name               = "PORTAL-DEV-HTTPS-RULE"
          + rule_type          = "PathBasedRouting"
          + url_path_map_id    = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/urlPathMaps/PORTAL-DEV-APIM"
          + url_path_map_name  = "PORTAL-DEV-APIM"
        }
      + request_routing_rule {
          + http_listener_id   = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/httpListeners/HTTPS-TST-PORTAL-LISTENER"
          + http_listener_name = "HTTPS-TST-PORTAL-LISTENER"
          + id                 = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/requestRoutingRules/PORTAL-TST-APIMPATH-RULE"
          + name               = "PORTAL-TST-APIMPATH-RULE"
          + rule_type          = "PathBasedRouting"
          + url_path_map_id    = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/urlPathMaps/PORTAL-TST-APIM"
          + url_path_map_name  = "PORTAL-TST-APIM"
        }
      - request_routing_rule {
          - backend_address_pool_id    = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/backendAddressPools/ORG-BUILD-WEBSITE" -> null
          - backend_address_pool_name  = "ORG-BUILD-WEBSITE" -> null
          - backend_http_settings_id   = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/backendHttpSettingsCollection/ORG-BUILD-WEBSITE" -> null
          - backend_http_settings_name = "ORG-BUILD-WEBSITE" -> null
          - http_listener_id           = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/httpListeners/HTTPS-ORG-BUILD-LISTENER" -> null
          - http_listener_name         = "HTTPS-ORG-BUILD-LISTENER" -> null
          - id                         = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/requestRoutingRules/ORG-BUILD-WEB-HTTPS" -> null
          - name                       = "ORG-BUILD-WEB-HTTPS" -> null
          - rule_type                  = "Basic" -> null
        }
      + request_routing_rule {
          + backend_address_pool_id    = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/backendAddressPools/ORG-BUILD-WEBSITE"
          + backend_address_pool_name  = "ORG-BUILD-WEBSITE"
          + backend_http_settings_id   = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/backendHttpSettingsCollection/ORG-BUILD-WEBSITE"
          + backend_http_settings_name = "ORG-BUILD-WEBSITE"
          + http_listener_id           = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/httpListeners/HTTPS-ORG-BUILD-LISTENER"
          + http_listener_name         = "HTTPS-ORG-BUILD-LISTENER"
          + id                         = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/requestRoutingRules/ORG-BUILD-WEB-HTTPS"
          + name                       = "ORG-BUILD-WEB-HTTPS"
          + rule_type                  = "Basic"
        }
      - request_routing_rule {
          - backend_address_pool_id    = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/backendAddressPools/ORG-APPTEST-WEBAPP" -> null
          - backend_address_pool_name  = "ORG-APPTEST-WEBAPP" -> null
          - backend_http_settings_id   = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/backendHttpSettingsCollection/ORG-APPTEST-WEBAPP" -> null
          - backend_http_settings_name = "ORG-APPTEST-WEBAPP" -> null
          - http_listener_id           = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/httpListeners/HTTPS-APPTEST-LISTENER" -> null
          - http_listener_name         = "HTTPS-APPTEST-LISTENER" -> null
          - id                         = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/requestRoutingRules/APPTEST-WEB-HTTPS" -> null
          - name                       = "APPTEST-WEB-HTTPS" -> null
          - rule_type                  = "Basic" -> null
        }
      + request_routing_rule {
          + backend_address_pool_id    = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/backendAddressPools/ORG-APPTEST-WEBAPP"
          + backend_address_pool_name  = "ORG-APPTEST-WEBAPP"
          + backend_http_settings_id   = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/backendHttpSettingsCollection/ORG-APPTEST-WEBAPP"
          + backend_http_settings_name = "ORG-APPTEST-WEBAPP"
          + http_listener_id           = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/httpListeners/HTTPS-APPTEST-LISTENER"
          + http_listener_name         = "HTTPS-APPTEST-LISTENER"
          + id                         = "/subscriptions/xxxxx/resourceGroups/TEST-RESOURCE-GROUP/providers/Microsoft.Network/applicationGateways/TEST-APPLICATION-GATEWAY/requestRoutingRules/APPTEST-WEB-HTTPS"
          + name                       = "APPTEST-WEB-HTTPS"
          + rule_type                  = "Basic"
        }
      + request_routing_rule {
          + backend_address_pool_id    = (known after apply)
          + backend_address_pool_name  = "TEST-TST-WEBAPP"
          + backend_http_settings_id   = (known after apply)
          + backend_http_settings_name = "TEST-TST-WEBAPP-SETTING"
          + http_listener_id           = (known after apply)
          + http_listener_name         = "HTTPS-TST-TEST-LISTENER"
          + id                         = (known after apply)
          + name                       = "TEST-TST-HTTPS-RULE"
          + redirect_configuration_id  = (known after apply)
          + rewrite_rule_set_id        = (known after apply)
          + rule_type                  = "PathBasedRouting"
          + url_path_map_id            = (known after apply)
          + url_path_map_name          = "TEST-TST-APIREDIRECTION"
        }

Steps to Reproduce

  1. Add more than one request_routing_rule block to the application gateway's configuration
  2. terraform plan -out filename
  3. Notice that terraform tries to remove and re-create any existing request_routing_rule block
  4. terraform apply filename
  5. Check terraform plan again and notice that terraform tries to do the same thing again, as if terraform apply hasn't actually done anything.
@tombuildsstuff
Copy link
Contributor

hi @Nyxbiker

Thanks for opening this issue :)

Taking a look through this appears to be a duplicate of #6896 - rather than having multiple issues open tracking the same thing I'm going to close this issue in favour of that one; would you mind subscribing to #6896 for updates?

Thanks!

@ghost
Copy link

ghost commented Sep 30, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Sep 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug duplicate service/application-gateway
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tombuildsstuff @aport1996