Terraform-provider-azurerm: azurerm_frontdoor_firewall_policy - name not retrieved after import, forced replacement

Created on 24 Sep 2019 · 4Comments · Source: terraform-providers/terraform-provider-azurerm

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Affected Resource(s)

azurerm_frontdoor_firewall_policy

Terraform Configuration Files

When importing the resource, its name is not recovered:
name = ""

So I declared the name value in the terraform.tfstate file in order to avoid a replacement when applying the configuration file.
When I try to create the resource configuration file and do a terraform plan, here is what I get:

name = "namexxxx" # forces replacement

Terraform does not take into account that I declare a value or not, and I will even say that the "name" parameter of the tfstate file is not supported. If that would have been the case I imagine that I will have rather obtained:
name = null -> namexxxx

Moreover, I currently do a lot of import of resource and I very often see that all the configuration parameters are not taken over by the import.
I assume this will be improved when the import automatically creates the configuration files.

Did you encounter the same problem?

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp

Debug Output

Panic Output

Expected Behavior

Actual Behavior

Steps to Reproduce

terraform plan

Important Factoids

References

#0000

bug servicfrontdoor

Source

aberva

All 4 comments

@aberva Thanks for opening this issue and bringing this to our attention. I am currently unable to repro this issue locally. Below are the steps I took to attempt to repro your issue:

First, I created a terraform configuration file that looks like this:

resource "azurerm_resource_group" "test" {
  name     = "repro-4418"
  location = "West US"
}

Then I ran the following command:

terraform apply -auto-approve

Once my Resource Group was created I then imported my azurerm_frontdoor_firewall_policy resource by running the following command:

terraform import azurerm_frontdoor_firewall_policy.test /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/repro-4418/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/reprofor4418name

I then check the terraform.tfstate file, to verify that the name attribute has in fact been imported:

  "mode": "Detection",
  "name": "reprofor4418name",
  "redirect_url": "https://www.contoso.com",
  "resource_group_name": "repro-4418",
  "tags": {}

I then modify my configuration file based on the terraform.tfstate(including the imported name attribute) like this:

resource "azurerm_resource_group" "test" {
  name     = "repro-4418"
  location = "West US"
}

resource "azurerm_frontdoor_firewall_policy" "test" {
  name                              = "reprofor4418name"
  resource_group_name               = azurerm_resource_group.test.name
  enabled                           = true
  mode                              = "Detection"
  redirect_url                      = "https://www.contoso.com"
  custom_block_response_status_code = 200

  custom_rule {
    name                           = "customerulenameimport"
    priority                       = 1
    enabled                        = true
    type                           = "MatchRule"
    rate_limit_duration_in_minutes = 1
    rate_limit_threshold           = 100
    action                         = "Redirect"

    match_condition {
      # Request variable to compare with.
      match_variable     = "RemoteAddr"
      operator           = "GeoMatch"
      match_values       = ["AF","AD","AM","AT"]
    }
  }

  managed_rule {
    type      = "DefaultRuleSet"
    version   = "1.0"
  }

  managed_rule {
    type      = "BotProtection"
    version   = "preview-0.1"
  }
}

Once that was complete I ran a terraform plan command, which has the following output:

jcline@SERVERNAME:~/4418$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

azurerm_resource_group.test: Refreshing state... [id=/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/repro-4418]
azurerm_frontdoor_firewall_policy.test: Refreshing state... [id=/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/repro-4418/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/reprofor4418name]

------------------------------------------------------------------------

No changes. Infrastructure is up-to-date.

This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, no
actions need to be performed.
jcline@SERVERNAME:~/4418$

Are my repro steps correct in following what you did to get your error? If not please correct me so I can repro your issue and investigate further. If you could attach the following to a reply it would be very helpful for me to address this issue:

1) Terraform version
2) Provider version
3) Your configuration file

WodansSon on 25 Sep 2019

@jeffreyCline Thanks

Thank you for this quick return
I found the cause of the problem by comparing your import command and the one I used.
Indeed, there is a slight difference but it gives a different result.

Your import command :

terraform import azurerm_frontdoor_firewall_policy.test /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/repro-4418/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/reprofor4418name

My import command :
terraform import azurerm_frontdoor_firewall_policy.test /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/repro-4418/providers/Microsoft.Network/frontdoorWebApplicationFirewallPolicies/reprofor4418name

Your result :

{ "mode": "managed", "type": "azurerm_frontdoor_firewall_policy", "name": "XXXXXX", "provider": "provider.azurerm", "instances": [ { "schema_version": 0, "attributes": { "custom_block_response_body": null, "custom_block_response_status_code": null, "custom_rule": [], "enabled": null, "frontend_endpoint_ids": null, "id": "/subscriptions/xxxxx-xxxx-xxxx-xxxxxx-xxxx/resourceGroups/xxxxxxxxx/providers/Microsoft.Network/frontdoorWebApplicationFirewallPolicies/xxxxxxx", "location": null, "managed_rule": [], "mode": null, "name": "", "redirect_url": null, "resource_group_name": "xxxxxxx", "tags": {} }, "private": "xxxxxxxxxx" } ] },

My result :

{ "mode": "managed", "type": "azurerm_frontdoor_firewall_policy", "name": "XXXXXX", "provider": "provider.azurerm", "instances": [ { "schema_version": 0, "attributes": { "custom_block_response_body": "", "custom_block_response_status_code": 403, "custom_rule": [], "enabled": true, "frontend_endpoint_ids": [ "/subscriptions/xxxxx-xxxx-xxxx-xxxxxx-xxxx/resourcegroups/xxxxxxxxx/providers/Microsoft.Network/frontdoors/frallfdprd0001/frontendendpoints/xxxxxxxxx-xxxxx-xxxx" ], "id": "/subscriptions/xxxxx-xxxx-xxxx-xxxxxx-xxxx/resourceGroups/xxxxxxxxx/providers/Microsoft.Network/frontdoorwebapplicationfirewallpolicies/xxxxxxx", "location": "global", "managed_rule": [ { "override": [], "type": "DefaultRuleSet", "version": "1.0" } ], "mode": "Prevention", "name": "xxxxxxxxxx", "redirect_url": "", "resource_group_name": "xxxxxxx", "tags": {} }, "private": "xxxxxxxxxx" } ] },

I used the resource id as indicated on the HashiCorp documentation, so I copied the resource id provided from the Azure portal.
Out of this one to capital letters:
frontdoorWebApplicationFirewallPolicies

I think that my problems of incomplete import of certain resources would be due to a case-sensitive problem which is not iso between that of Microsoft and that of Terraform.

I take the opportunity to say that there is a problem on the official documentation of azurerm_frontdoor_firewall_policy.
The current title is azurerm_web_application_firewall_policy and not azurerm_frontdoor_firewall_policy. :)

Thank you very much for your help. :)

aberva on 25 Sep 2019

👍1

@aberva , you're welcome and indeed there was/is an issue with the docs which I didn't notice until after release, but I quickly fixed them with this PR so that issue will be fixed with the release of v1.35.0.

I'm going to go ahead and close this as I understand your issue has been resolved and I am very happy that I was able to help. 😃

WodansSon on 25 Sep 2019

👍1

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!