Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[New Resource:] azurerm_cdn_frontdoor_custom_domain_association - rework associations with azurerm_cdn_frontdoor_route #18600

Merged
merged 61 commits into from
Oct 14, 2022

Conversation

WodansSon
Copy link
Collaborator

@WodansSon WodansSon commented Sep 30, 2022

Added Functionality:

  • Exposed a new resource: azurerm_cdn_frontdoor_custom_domain_association to manage the azurerm_cdn_frontdoor_custom_domain association with one or more azurerm_cdn_frontdoor_route resource(s) upon deletion to avoid the service side error This resource is still associated with a route. Please delete the association with the route first before deleting this resource.

  • Exposed two new fields in the azurerm_cdn_frontdoor_route resource to incorporate user feedback around the current implementation of the existing resources and to more closely follow the current experience exposed by the Azure Portal UI:

    • cdn_frontdoor_custom_domain_ids: Allows the CDN FrontDoor Route resource to be associated with multiple CDN FrontDoor Custom Domain resources.

    • link_to_default_domain: Allows the resource to enable/disable if the CDN FrontDoor Route is to be associated with the default CDN FrontDoor Endpoint or not.

Deprecated Resource/Fields:

  • The azurerm_cdn_route_disable_link_to_default_domain resource, while it is functional, to be removed in AzureRM Provider v4.0, added documentation stating that this resource should no longer be used. Functionality of this resource has been moved to the azurerm_cdn_frontdoor_route field link_to_default_domain as mentioned above.

  • The azurerm_cdn_frontdoor_custom_domain field associate_with_cdn_frontdoor_route_id, is no longer functional and will result in an error if defined in the configuration file. Functionality of this field has been moved to the azurerm_cdn_frontdoor_route field cdn_frontdoor_custom_domain_ids as mentioned above. The reason this field can not be deprecated in the normal fashion is because if left exposed it will raise a cycle error due to the circular reference created by the cdn_frontdoor_custom_domain_ids field that is now exposed on the CDN FrontDoor Route resource.

Developers Thoughts:

Actually, now that I think about it, it may be a better option to remove the azurerm_cdn_route_disable_link_to_default_domain resource completely, move the custom domains and the link to default domain back to the route resource then add a azurerm_cdn_frontdoor_custom_domain_association resource that would link the route(s) to the custom domain to manage removing the custom domain from the route(s) custom domain associations due to the incompatibility of the API and Terraform. By doing this on the custom domain association resource it could then remove the reference to the custom domain from the route before the custom domain is actually deleted and avoid the FrontDoor service throwing the "custom domain is associated with route" error when deleting the custom domain due to the dependency graph that is generated by Terraform because the custom domain resource does not have a reference to the route. Granted, it is still sorta weird, but seems to me to be the more correct behavior for the resource while still allowing for the Terraform single apply/destroy to still work correctly. 🤔

(fixes #18598)
(fixes #18613)
(fixes #18656)

@WodansSon WodansSon changed the title [WIP]azurerm_cdn_frontdoor_profile_custom_domain - deprecate associate_with_cdn_frontdoor_route_id for associate_with_cdn_frontdoor_route_ids [WIP]azurerm_cdn_frontdoor_custom_domain - deprecate associate_with_cdn_frontdoor_route_id for associate_with_cdn_frontdoor_route_ids Oct 1, 2022
@WodansSon WodansSon modified the milestones: v3.26.0, Future Oct 6, 2022
@WodansSon WodansSon changed the title [WIP]azurerm_cdn_frontdoor_custom_domain - deprecate associate_with_cdn_frontdoor_route_id for associate_with_cdn_frontdoor_route_ids [WIP]azurerm_cdn_frontdoor_custom_domain - rework associations with azurerm_cdn_frontdoor_route Oct 6, 2022
@WodansSon WodansSon changed the title [WIP]azurerm_cdn_frontdoor_custom_domain - rework associations with azurerm_cdn_frontdoor_route azurerm_cdn_frontdoor_custom_domain - rework associations with azurerm_cdn_frontdoor_route Oct 8, 2022
@WodansSon WodansSon requested a review from katbyte October 8, 2022 03:21
@WodansSon
Copy link
Collaborator Author

image

@WodansSon WodansSon dismissed tombuildsstuff’s stale review October 13, 2022 06:40

All PR comments have been addressed except for 5 which request further clarification

Copy link
Collaborator

@katbyte katbyte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - discusses all open questions in slack

@WodansSon WodansSon merged commit 281c710 into main Oct 14, 2022
@WodansSon WodansSon deleted the b_frontdoor_custom_domains branch October 14, 2022 01:09
WodansSon added a commit that referenced this pull request Oct 14, 2022
@github-actions
Copy link

This functionality has been released in v3.27.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@sinacek
Copy link
Contributor

sinacek commented Oct 17, 2022

Hi, I would like to ask you, how to manage removing of custom domain.

Scenario:

  • 1st run of TF - create
    • create custom domain
    • add id of custom domain to cdn_frontdoor_custom_domain_ids in route
  • 2nd run of TF - delete
    • remove custom domain will fail, because is associated to route

So I dont know, how to do it properly.

resource "azurerm_cdn_frontdoor_custom_domain" "domain" {
  name                     = replace(var.name, ".", "-")
  cdn_frontdoor_profile_id = var.frontdoor_profile_id
  dns_zone_id              = var.dns_zone_id
  host_name                = var.name

  tls {
    certificate_type    = "ManagedCertificate"
    minimum_tls_version = "TLS12"
  }
}


resource "azurerm_cdn_frontdoor_route" "route" {

  name                          = "myroute"
  cdn_frontdoor_endpoint_id     = azurerm_cdn_frontdoor_endpoint.endpoint.id
  cdn_frontdoor_origin_group_id = azurerm_cdn_frontdoor_origin_group.group.id
  cdn_frontdoor_origin_ids      = [azurerm_cdn_frontdoor_origin.origins.id]
  cdn_frontdoor_rule_set_ids    = []
  enabled                       = true

  forwarding_protocol    = "HttpsOnly"
  https_redirect_enabled = true
  patterns_to_match      = ["/*"]
  supported_protocols    = ["Http", "Https"]

  cdn_frontdoor_custom_domain_ids = [var.custom_domain_id]
  link_to_default_domain = true

  depends_on = [azurerm_cdn_frontdoor_custom_domain.domain]
}

@rlees85
Copy link

rlees85 commented Oct 17, 2022

It baffles me a bit that we have to associate the custom domains to the route using cdn_frontdoor_custom_domain_ids and then we have to associate the routes to the custom domain using resource azurerm_cdn_frontdoor_custom_domain_association.

Surely just the resource azurerm_cdn_frontdoor_custom_domain_association would be enough?

@benj-ch
Copy link

benj-ch commented Oct 18, 2022

I was also hoping the azurerm_cdn_frontdoor_custom_domain_association resource would be enough but it seems not.

I quote the "Developers Thoughts"

By doing this on the custom domain association resource it could then remove the reference to the custom domain from the route before the custom domain is actually deleted and avoid the FrontDoor service throwing the "custom domain is associated with route" error when deleting the custom domain due to the dependency graph that is generated by Terraform because the custom domain resource does not have a reference to the route

It's not convenient to use

@ppieprzycki
Copy link

Hi
Can someone please explain a little bit more when and how the resource "azurerm_cdn_frontdoor_custom_domain_association" should be used?

With the provider 3.28.0 I can see that I cannot just use "azurerm_cdn_frontdoor_custom_domain_association" without associating domain earlier in "azurerm_cdn_frontdoor_route" with "cdn_frontdoor_custom_domain_ids "
What is of use of this resource then ? Should I use it in new setup and do I need such a association twice ?

Regards

@benj-ch
Copy link

benj-ch commented Oct 27, 2022

The association between the custom domain and the routes is only done with the "azurerm_cdn_frontdoor_route" resource and the property "cdn_frontdoor_custom_domain_ids".

The "azurerm_cdn_frontdoor_custom_domain_association" is only used when you remove a custom domain to remove the association with the routes before the custom domain itself is deleting.
Otherwise, you'll receive an error "This resource is still associated with a route. Please delete the association with the route first before deleting this resource".
So, you have to use "azurerm_cdn_frontdoor_custom_domain_association" each time you associate a custom domain to one or multiple routes.

The "azurerm_cdn_frontdoor_custom_domain_association" should contain all routes associated with the custom domain.

@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.