@tombuildsstuff can I request the support for tags be introduced with this too? https://docs.microsoft.com/en-us/rest/api/application-gateway/applicationgateways/updatetags

@mb290 sure, I've updated the list :)

@thomastaylor312 can I request the support for key vault certificate integration for https pfx?
It would be great if I can use with vault id reference like azurerm_virtual_machine resource.

https://www.terraform.io/docs/providers/azurerm/r/virtual_machine.html#source_vault_id

(update @tombuildsstuff: this is now being tracked in #1536)

~Would this work include support for custom SslPolicy as mentioned in #1536? I don't see specific mention of it in the referenced issues.~

@guitarrapc Did you mean to tag me on this?

@thomastaylor312 Oh, I'm sorry, I was misspelled. I meant @tombuildsstuff.

@tombuildsstuff is this something actively being worked on now that the MS issue has been resolved? Aware that you're wanting to split up into multiple resources, I don't want to start doing PRs for any of the functionality I (selfishly) need if it's going to trip up over other people.

@mb290

is this something actively being worked on now that the MS issue has been resolved? Aware that you're wanting to split up into multiple resources, I don't want to start doing PRs for any of the functionality I (selfishly) need if it's going to trip up over other people.

We're not actively working on this at this time - but we may in the future now this is unblocked. If you're interested in sending a PR for some of this functionality (thanks in advance 😄) I'd suggest it's probably worth mentioning here / in the relevant GH issue so other folks are aware / don't start working on the same thing (and we can update the description above)?

It's worth noting that the API work required to allow splitting this into multiple resources hasn't been completed yet, so I don't believe we're able to proceed with that due to the validation requirements at the API end) - but I may have mis-interpreted which task you were referring to?

Thanks!

@tombuildsstuff the two bits of functionality i'm wanting to implement are:

~Tags - looks like this is now working with the recent MS fix so just a documentation update~ (@tombuildsstuff fixed in #2054).
~Documentation - the example actually has multiple different configurations all lumped in the same (with some syntax errors) so will tidy this up.~ (@tombuildsstuff fixed in #2054)
~SSL Ciphers - linking to #1536, #451 & #898~ (@tombuildsstuff this will be tracked in #1536)

Certainly not planning on undertaking the full split out of the provider - lets keep walking before I can run 😄.

@tombuildsstuff to ensure it doesn't get lost, can you add "Support for setting Diagnostic Logs" from https://github.com/terraform-providers/terraform-provider-azurerm/issues/1519 to the OP?

@supermathie done :)

Hi There,
Any update on implementing AGW Redirects to the Routing Rules?

Thanks

Another chase here. Maybe @tombuildsstuff ? I would love to get his working.

@steve-88 the enhancements to Application Gateway aren't something I don't expect us to get to it anytime soon - however we'd happily accept a community contribution for it :)

I too need the redirect stuff. @tombuildsstuff - what's the learning curve like for this stuff (for an experienced .Net dev but Go newbie)?

hey @RustyF

I too need the redirect stuff. @tombuildsstuff - what's the learning curve like for this stuff (for an experienced .Net dev but Go newbie)?

So there's a few changes required but it should be fairly familiar - once you've got Go installed you'd need to make the following changes:

1. Creating the schema for Redirect Rules e.g. https://github.com/terraform-providers/terraform-provider-azurerm/blob/c9fb7f220b16f4df0e6cf61700f6c30fbcb9472e/azurerm/resource_arm_application_gateway.go#L492-L559
2. Adding the property to the Create/Update method: https://github.com/terraform-providers/terraform-provider-azurerm/blob/c9fb7f220b16f4df0e6cf61700f6c30fbcb9472e/azurerm/resource_arm_application_gateway.go#L736
3. Setting the value back in the Read function: https://github.com/terraform-providers/terraform-provider-azurerm/blob/c9fb7f220b16f4df0e6cf61700f6c30fbcb9472e/azurerm/resource_arm_application_gateway.go#L818-L822
4. Adding an acceptance test to cover this: https://github.com/terraform-providers/terraform-provider-azurerm/blob/c9fb7f220b16f4df0e6cf61700f6c30fbcb9472e/azurerm/resource_arm_application_gateway_test.go#L175-L199
5. Adding some documentation for the new field: https://github.com/terraform-providers/terraform-provider-azurerm/blame/c9fb7f220b16f4df0e6cf61700f6c30fbcb9472e/website/docs/r/application_gateway.html.markdown#L264

There's details in the README about how to build the provider locally / run the tests - which should then be possible via:

TF_ACC=1 go test ./azurerm -v -timeout 120m -run=TestNameOrPrefixToRun -count=1

Hope that helps :)

Redirect rules are available in Azure Application Gateway for like a year and there are still no updates in terraform?!? I'm disappointed.

I used a null_resource with local_provisioner but that's a workaround and my deploy takes longer now.

@tombuildsstuff Since this is being used as a major tracking issue I am actually interested in creating the resources in #1893 are the namings of all of those resources good? Should we discuss that here?

Not only are they not interested in adding it...when you configure it manually, terraform has the cheek to revert it
~ azurerm_application_gateway.agw_web
request_routing_rule.4.backend_address_pool_name: "" => "xx-web-prod-agw-bepool"
request_routing_rule.4.backend_http_settings_name: "" => "www.xxxxx.com-http"

@steve-88 based on this and the comment above https://github.com/terraform-providers/terraform-provider-azurerm/issues/1576#issuecomment-422938664

They are more than willing to accept a patch. So I wouldn't say they aren't interested in adding it, but that they have other priorities. Maintainers have lots of requests they can't do them all at once.

Hello Guys,

Have you already implemented pick hostname from backend ?

best regards

@seitosan support for this is being tracked in #1875 (I'm going to minimise these two comments since this is being tracked in another thread)

@tombuildsstuff Since this is being used as a major tracking issue I am actually interested in creating the resources in #1893 are the namings of all of those resources good? Should we discuss that here?

@hdost the API doesn't support this at this time - so I don't think we can plan this at this time, unfortunately, incase things change.

Guys, due to terraform not having this implemented yet, is there a way to avoid terraform overwriting my rules for http>https redirection which i configure using local-provisioner? Thanks!

provisioner "local-exec" {
    command     = "az network application-gateway redirect-config create --gateway-name ${azurerm_application_gateway.aag.name} -g ${var.rgs_name} -n ${var.prefix}-http-to-https --type Permanent --include-path true --include-query-string true --target-listener ****-listener"
}

provisioner "local-exec" {
    command     = "az network application-gateway rule create --gateway-name ${azurerm_application_gateway.aag.name} -g ${var.rgs_name} -n ${var.prefix}-Rule-http-https --rule-type Basic --http-listener ***http-listener --redirect-config ${var.prefix}-http-to-https"
}
lifecycle {
  ignore_changes = ["provisioner"]
}

~ azurerm_application_gateway.aag
request_routing_rule.#: "2" => "1"
request_routing_rule.1.http_listener_name: "*-listener" => ""
request_routing_rule.1.name: "-Rule-http-https" => ""
request_routing_rule.1.rule_type: "Basic" => ""

@dopsy Yes i used local-exec to customize the pickhostname. I supposed you can used it to overwriting your rules.

I have an issue with this kind of script, if you redeploy your application, the terraform will rollback your script and erase your local-exec. I haven't found the way to persist this configuration.

For now i have found a workaround, which might be useful for someone else. I have added ignore_changes block to ignore routing rule, so my local-exec part doesnt get overwritten for routing rules needed to have http to https redirection. Same should be working for other block needed.

resource "azurerm_application_gateway" "aag" {
name = "${var.prefix}-aag"
resource_group_name = "${var.rgs_name}"
location = "${var.region}"

lifecycle {
ignore_changes = [
"request_routing_rule"
]
}

👋

Since this is a meta-issue containing a few different issues, to try and better keep track of what's outstanding in this issue I've gone through and updated comments inline to mark what's fixed (and hidden some comments).

2054 brings a bunch of fixes to the Application Gateway resource (some of which are outlined below) - once that's merged it should be possible to add the functionality outlined above.

• documentation's been rewritten
• ssl certificates/passwords no longer continually diff
• tags support (it was technically already present, but we've documented it now 😄)
• and a ton of bug fixes for things that weren't being set into the state separately

Thanks!

The description mentions #1519 is fixed by #2054. However, #1519 also requests the probe setting "pickHostNameFromBackendHttpSettings". Should I create a new feature request for that or should this be added to this meta-issue?

Any updates on Support for Redirect Rules (#552) ? The upstream azure api bug for that issue has been fixed for 4 months now.

I too would like an update on the redirect rules for the application gateway #552. Is there a timeline for this implementation, or did @RustyF make any progress?

It would indeed be awesome to get these AGW redirect requests sorted

@Moeser @kansberry @steve-88 unfortunately we don't have a timeframe for us implementing this, but we'd happily accept a community contribution for this functionality if someone's interested in adding support for this in the interim - there's some more information here: https://github.com/terraform-providers/terraform-provider-azurerm/issues/1576#issuecomment-422938664

I'm still alive :) and (just) making a start on it.

Hi Tom

What branch are those changes from or is it a defunct branch now as seems to be a free-floating commit?

Thanks in advance

Russ

From: Tom Harvey notifications@github.com
Sent: 19 September 2018 21:01
To: terraform-providers/terraform-provider-azurerm terraform-provider-azurerm@noreply.github.com
Cc: Russ Freeman russ@freeman.io; Mention mention@noreply.github.com
Subject: Re: [terraform-providers/terraform-provider-azurerm] Bug Fixes/Enhancements to Application Gateway (#1576)

hey @RustyF https://github.com/RustyF

I too need the redirect stuff. @tombuildsstuff https://github.com/tombuildsstuff - what's the learning curve like for this stuff (for an experienced .Net dev but Go newbie)?

So there's a few changes required but it should be fairly familiar - once you've got Go installed you'd need to make the following changes:

1. Creating the schema for Redirect Rules e.g. https://github.com/terraform-providers/terraform-provider-azurerm/blob/c9fb7f220b16f4df0e6cf61700f6c30fbcb9472e/azurerm/resource_arm_application_gateway.go#L492-L559
2. Adding the property to the Create/Update method: https://github.com/terraform-providers/terraform-provider-azurerm/blob/c9fb7f220b16f4df0e6cf61700f6c30fbcb9472e/azurerm/resource_arm_application_gateway.go#L736
3. Setting the value back in the Read function: https://github.com/terraform-providers/terraform-provider-azurerm/blob/c9fb7f220b16f4df0e6cf61700f6c30fbcb9472e/azurerm/resource_arm_application_gateway.go#L818-L822
4. Adding an acceptance test to cover this: https://github.com/terraform-providers/terraform-provider-azurerm/blob/c9fb7f220b16f4df0e6cf61700f6c30fbcb9472e/azurerm/resource_arm_application_gateway_test.go#L175-L199
5. Adding some documentation for the new field: https://github.com/terraform-providers/terraform-provider-azurerm/blame/c9fb7f220b16f4df0e6cf61700f6c30fbcb9472e/website/docs/r/application_gateway.html.markdown#L264

There's details in the README https://github.com/terraform-providers/terraform-provider-azurerm#developing-the-provider about how to build the provider locally / run the tests - which should then be possible via:

TF_ACC=1 go test ./azurerm -v -timeout 120m -run=TestNameOrPrefixToRun -count=1

Hope that helps :)

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub https://github.com/terraform-providers/terraform-provider-azurerm/issues/1576#issuecomment-422938664 , or mute the thread https://github.com/notifications/unsubscribe-auth/AAQ7XbpbauNph9Z3-7G76uS8N8YoqSZiks5ucqJ9gaJpZM4VQOkh . https://github.com/notifications/beacon/AAQ7XWM_686HA8vzUOgaRGr-3Mw4cZhoks5ucqJ9gaJpZM4VQOkh.gif

@RustyF master - it's just that file's been refactored since then :)

@RustyF any luck?

There's not a lot to do but it's just taking me ages as I'm learning Go and grokking the overall design at the same time.

Hi, I've been working on adding support for Custom errors to the application gateway resource. @tombuildsstuff would you like to add this new feature to the enhancements list?

Should I open a pull request? I have the code in this repo

@mcharriere

Hi, I've been working on adding support for Custom errors to the application gateway resource. @tombuildsstuff would you like to add this new feature to the enhancements list?

Rather than extending this issue further, would you mind opening a separate issue for that?

Should I open a pull request? I have the code in this repo

That'd be great, thanks - we can take a look once it's open :)

Thanks!

@tombuildsstuff

Hi, I've been working on adding support for Custom errors to the application gateway resource. @tombuildsstuff would you like to add this new feature to the enhancements list?

Rather than extending this issue further, would you mind opening a separate issue for that?

I've just realized that there is another issue open (#2364) related with custom errors. Thanks!

Guys, any update on AGW redirect functionality implementation (as well as http2 option) ? Microsoft released it in 2017 and we still do not have it here. It is really critical functionality and quite default in load balancing world. So it would be really nice to have it here and rid out from powershell finally.

You're in luck - PR should be done this week. Just working on some validation. I have no idea how the release cycle works here but I'm sure it won't be that long.

Oh, no idea about the http2 bit - I'll have a look.

@stankevicius, on the version of code I'm looking at, the http2 option (a property directly against the AGW) , i.e. enable_http2, is already there? Or is there a http2 option specifically related to redirection? I can't see that.

You're in luck - PR should be done this week. Just working on some validation. I have no idea how the release cycle works here but I'm sure it won't be that long.

Oh, no idea about the http2 bit - I'll have a look.

Finally! Thank you :)

@RustyF Thank you as well!

@stankevicius @RustyF - I have already implemented the HTTP2 Option in this pr https://github.com/terraform-providers/terraform-provider-azurerm/pull/2735

@stankevicius Can you clarify what you mean by redirection?

@ghostinthewires Search for "redirect" on this issue page and you'll be directed to #552 . Seems that HTTP to HTTPS redirect rules are the primary need.

Correct. We do a lot of http to https redirection.

@ghostinthewires
Yup, I see that http2 option support is really implemented but it is not documented under https://www.terraform.io/docs/providers/azurerm/r/application_gateway.html So I missed it. Thank you for it.

Answer to the second question is http to https redirection between listeners. This is really critical as this rule is going as a default one in almost all cases.

In powershell it looks like as provided below:
`
provisioner "local-exec" {
command = "az network application-gateway redirect-config create --gateway-name ${azurerm_application_gateway.name} -g ${var.resource_group_name} -n http-to-https-redirconfig --type Permanent --include-path true --include-query-string true --target-listener https-listener"
}

provisioner "local-exec" {
command = "az network application-gateway rule create --gateway-name ${azurerm_application_gateway.name} -g ${var.resource_group_name} -n http-to-https-rule --rule-type Basic --http-listener http-listener --redirect-config http-to-https-redirconfig"
}
`

Hi @stankevicius - It is in that document here as was part of my pr: https://www.terraform.io/docs/providers/azurerm/r/application_gateway.html#http2_enabled

OK, I understand your issue now. Thanks for the clarification

@ghostinthewires thanks in advanced.

By the way, "http2_enabled" is exported attribute name only and not the one which we can use in terraform main.tf when we would like enable/disable http2. So real parameter name that we should use is "enable_http2 = true" (I find out it from source code) and this one is missing in app gateway parameters usage description in the same page which you provided.

@stankevicius - Good spot, have raised a pr to get this corrected in the docs

Are we covering ssl_policy here in this enhancement ticket?

https://github.com/terraform-providers/terraform-provider-azurerm/issues/898

I see the above ticket is closed, but there is no references to that feature request here

You're in luck - PR should be done this week. Just working on some validation. I have no idea how the release cycle works here but I'm sure it won't be that long.

Oh, no idea about the http2 bit - I'll have a look.

Hi @RustyF, as far as I understand you are working on redirect functionality, is it right? When you think it will be ready?
Thanks!

Why doesn't "Support for Hostname" cover the ability to set host name on backend_http_settings? The "pick_host_name_from_backend_address" is a totally separate setting, and not the http settings host name. Eg the New-AzureRmApplicationGatewayBackendHttpSettings -HostName parameter

@Mobe1969 I'm opening a PR with that feature.

@mobe1969. I see what you mean now. Thanks. Would be great to have support for it.

Huge :+1: for Support for Redirect Rules (https://github.com/terraform-providers/terraform-provider-azurerm/issues/552). This one is fairly critical for us; right now we use a workaround via az network application-gateway commands but it's not always great.

Hello @stankevicius and others.

For those using the above referenced workaround with local-exec and azcli, how do you get around the error below when trying to update other properties gateway in terraform like WAF Config.

1 error(s) occurred:

• azurerm_application_gateway.application: Error Creating/Updating Application Gateway "appgw" (Resource Group "RGname"): network.ApplicationGatewaysClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="ApplicationGatewayRequestRoutingRuleMustReference" Message="Request Routing Rule /subscriptions/XXXXXXX/resourceGroups/RGname/providers/Microsoft.Network/applicationGateways/appg/requestRoutingRules/rulename must reference a BackendAddressPool." Details=[]

Thanks

@stonefury the workaround does not work. I was actually quoting a response from @dopsy earlier to let him know and wondering if anyone had found something that works.
The issue is now one cannot update AppGateway via terraform if creating this custom redirect rule with azcli, this is really bad if you need to update AppG often to add new sites or are in the middle of a new project and are tweaking AppGw often.

@bostonmoto Thanks for replying back. I jumped the gun there.

@jcsturges - I don't suppose you have any magic that lets you use the cli to do your re-direct rules and then subsequently apply updates via terraform without breaking the whole thing?

With @katbyte and @tombuildsstuff help, redirect rules support is now merged

@RustyF Does this mean we can start using it in our code? What is the next steps?

@steve-88 Basic source code and project lifecycle management stuff, but tl;dr; this will release with version 1.24.0 of the provider which does not yet have a release date as of this comment.

If you look at the CHANGELOG.md provided in the master branch (now that the PR has been accepted to add the feature), you will see the following note (https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/CHANGELOG.md):

azurerm_application_gateway - support for redirect rules [GH-2908]

If you git blame your friend there: https://github.com/terraform-providers/terraform-provider-azurerm/pull/2908

There's our man @RustyF , bravo! Cheers for the very important feature addition!

Though a date is not yet set, you're always welcome to follow the Milestones on any Github project, which is usually a good clue on when project maintainers think they're going to be ready to release a given version tag. 1.24.0's appears to reside here (https://github.com/terraform-providers/terraform-provider-azurerm/pulls?q=is%3Aopen+is%3Apr+milestone%3Av1.24.0). Seven open issues as of this last comment edit, but some look old enough that it looks like this project doesn't require 100% of its milestone issues to complete to push a version (not a huge deal and not at all uncommon).

Hey,

is there a possiblilty to enable the advanced rule configuration for the WAF. I would like to disbale single rules of the ruleset REQUEST-942-APPLICATION-ATTACK-SQLI

Are we covering ssl_policy here in this enhancement ticket?

898

I see the above ticket is closed, but there is no references to that feature request here

We are also waiting for ssl_policy. There's another ticket which has been closed in favor of this one.
https://github.com/terraform-providers/terraform-provider-azurerm/issues/451

@alert101 #1536

@tombuildsstuff I was attempting to use the new redirection capability this morning and got blocked almost immediately and am confused on why it was implemented the way it was. We run App Gateways using Path Based rules so that we can cover an entire solution with a single cert. We are implementing auto renewing LetsEncrypt certs that require the need to access a storage account that is reached via a redirect configuration on the App Gateway rule. The way the redirect feature is implemented in the provider, we can't do both but we can easily configure the coexistence of the 2 via the portal without breaking anything. So, confused as to why it this is not possible via the provider?

@Phydeauxman as I've just added the redirect functionality, I'm keen to help with this. However, I don't understand the coexistence you're talking about. You should be able to have path-based redirects but I guess this isn't what you mean? If you can elaborate in any way, share configs or portal screenshots, that would help. Or is this coexistence with another Gateway feature?

@RustyF there is a lot of confusion when it comes to the different pieces of an App Gateway. On a Request Routing Rule, there are path based maps where you can map traffic patterns to a specific backendpool/httpsetting and then there is redirection where you can send traffic to another listener, or an external URL. I am able to configure a request routing rule via the portal to have both but the code you implemented in the provider does not support this. The provider code is either one or the other.

@Phydeauxman do you get an error or what happens when you try to use both those features in the code? The update documention lists 2 optional sections for both redirect rules and path based routing.
https://www.terraform.io/docs/providers/azurerm/r/application_gateway.html

@bostonmoto the error tells you that you can use them together...it is one or the other...which the documentation states. My question was why was it implemented this way when thru the portal, I can configure both to co-exist?

Let's assume the validation is too restrictive and I will aim (this week is the plan) to revise it. I still need to understand what the two conflicting configs are as I did experience some mutual exclusions when I was testing it. Those "Default.." settings definitely have some conflict with specific rules I'm just not sure which scenario is OK yet.

Hi @Phydeauxman - are you able to send me the fragment of redirect config you've tried to add? I will turn it into a failing test that I can then work against. Feel free to anonymise it, of course 😉

@RustyF below is the configuration block in my App Gateway that will throw a validation error but can be effected via the portal:

# Path-based routing rule for UI
request_routing_rule {
name                        = "${var.projectPrefix}-${var.les_naming_suffix}-rule"
rule_type                   = "PathBasedRouting"
http_listener_name          = "${var.projectPrefix}-${var.les_naming_suffix}-listener"
backend_address_pool_name   = "${data.terraform_remote_state.apps.lesapp_name}-beap"
backend_http_settings_name  = "${data.terraform_remote_state.apps.lesapp_name}"
redirect_configuration_name = "LetsEncryptChallenge"
url_path_map_name           = "${var.projectPrefix}-${var.les_naming_suffix}"
}

url_path_map {
  name = "${var.projectPrefix}-${var.les_naming_suffix}"
  default_backend_address_pool_name  = "${data.terraform_remote_state.apps.lesapp_name}-beap"
  default_backend_http_settings_name = "${data.terraform_remote_state.apps.lesapp_name}"

path_rule {
  name                       = "${data.terraform_remote_state.apps.lesapiapp_name}"
  paths                      = ["/api*"]
  backend_address_pool_name  = "${data.terraform_remote_state.apps.lesapiapp_name}-beap"
  backend_http_settings_name = "${data.terraform_remote_state.apps.lesapiapp_name}"
  }
}

This is from the documentation:
backend_http_settings_name - (Optional) The Name of the Backend HTTP Settings Collection to use for this Path Rule. Cannot be set if redirect_configuration_name is set.

redirect_configuration_name - (Optional) The Name of a Redirect Configuration to use for this Path Rule. Cannot be set if backend_address_pool_name or backend_http_settings_name is set.

Thanks for the snippet @Phydeauxman . Have you tried removing backend_address_pool_name and backend_http_settings_name from the main request_routing_rule config? I think those are not required (and hence the issue). I believe this is the purpose of the default... entries on url_path_map.

(I would do it myself but I'm at work at the moment!)

@RustyF I have not tried that but will.

Thanks @Phydeauxman look forward to hearing your updates.

@RustyF @bostonmoto been doing some testing on this today and getting some different results than what I originally got. First off, below is an image of the redirection configuration I was trying to effect:

The Terraform implementation of the redirect_configuration definition does not provide a way to define the Path field.

When I start from scratch with no existing App Gateway and I attempt to apply the config below, it gives me no warnings and the apply says it is going to do what I have in the config:

This apply will fail with the following error:

If I remove the include_path property from the redirect_configuration block (property defaults to false), the apply error goes away and the Gateway gets created but it does not create the redirection configuration. My assumption is because a value for the required Path field is not present.

@Phydeauxman There is no Path field in the GO SDK.

Could you try something like the following?:

  request_routing_rule {
    name               = "${var.ui_rule_name}-rule"
    rule_type          = "PathBasedRouting"
    http_listener_name = "${var.projectPrefix}-${var.ui_listener_name}-listener"
    url_path_map_name  = "${var.ui_rule_name}"
  }

  redirect_configuration {
    name          = "LetsEncryptChallenge"
    redirect_type = "Permanent"
    target_url    = "https://lechallenge.blob.core.windows.net/public"
  }

  url_path_map {
    name                               = "${var.ui_rule_name}"
    default_backend_address_pool_name  = "${data.terraform_remote_state.apps.uiapp_name}"
    default_backend_http_settings_name = "${data.terraform_remote_state.apps.uiapp_name}"

    path_rule {
      name                        = "letsencrypt"
      paths                       = ["/.well-known/challenge/*"]
      redirect_configuration_name = "LetsEncryptChallenge"
    }
  }

I haven't tested it, but I think that this is the way to achieve what you want.

@mcharriere appears that is not going to work either:

@mcharriere I actually went back thru this again and discovered that even though the apply throws that error...it does create the App Gateway with the rule just as I intended it to be. The by product is though...it throws that error, and you can't change or destroy the App Gateway with Terraform now. You have to manually change it or delete it.

@Phydeauxman Yep, I've tested it myself and I've got it working without that validation placed there.
It's also odd that all those validations are inside the flatten function.
I'll test it a bit more and I'll try to send a fix for it.

Thanks for both looking at this - I’m not at my computer at the moment but I couldn’t find that path parameter in the Azure SDK docs either so the GUI is obviously mapping it onto something else. It’s quite possible that the validation isn’t quite right; the docs are a bit lacking in explaining the mutual exclusions. Btw, placing validation in the flatten function appears to be the convention but I don’t have any previous experience to validate that 🤔

@RustyF no worries...it takes a village. Not the first time the SDK or documentation from MS was lacking...nor will it be the last.

Should this be closed? Most if not all of the issues here are fixed, and would probably be better tracked as individual issues anyway?

Hey all. It looks like we got all but one of the issues in this thread so I'll be closing it down. The only one we missed was #1274 which we weren't able to reproduce. If anyone has more information on that please open a new issue with additional information and steps to reproduce.

This has been released in version 1.28.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 1.28.0"
}
# ... other configuration ...

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!