Terraform-provider-azurerm: azurerm_app_service app_settings not saved to tf state
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform (and AzureRM Provider) Version
Terraform v0.12.16
- provider.azurerm v1.37.0
Affected Resource(s)
azurerm_app_service
Terraform Configuration Files
resource "azurerm_app_service" "app-servicePlanResourceGroup-dev" {
name = "app-servicePlanResourceGroup-dev"
location = var.location
resource_group_name = azurerm_resource_group.app-servicePlanResourceGroup-dev.name
app_service_plan_id = azurerm_app_service_plan.app-servicePlanResourceGroup-dev.id
https_only = true
site_config {
always_on = true
dotnet_framework_version = "v4.0"
remote_debugging_enabled = false
scm_type = "GitHub"
# Deployment option for GitHub not yet supported
# (configure manually in azure portal for now - Deployment Center (Preview))
# https://github.com/terraform-providers/terraform-provider-azurerm/issues/1104
# note - we ignore changes to this to not destroy it
# scm_type = "GitHub"
# not yet released
# ftps_state = "Disabled"
http2_enabled = true
}
app_settings = {
CMSAzureAccountName = azurerm_storage_account.app-servicePlanResourceGroup-dev.name
CMSAzureSharedKey = azurerm_storage_account.app-servicePlanResourceGroup-dev.primary_access_key
CMSHashStringSalt = data.vault_generic_secret.app-servicePlanResourceGroup-dev-cms-hash-string-salt.data["value"]
MobileAppsManagement_EXTENSION_VERSION = "latest"
PortfolioCentreApiKey = data.vault_generic_secret.app-servicePlanResourceGroup-dev.data["value"]
redis_hostname = azurerm_redis_cache.app-servicePlanResourceGroup-dev.hostname
redis_access_key = azurerm_redis_cache.app-servicePlanResourceGroup-dev.primary_access_key
WEBSITE_HTTPLOGGING_RETENTION_DAYS = "2"
}
# use this once GitHub scm_type is implemented (see above)
# "deployment_branch" = "develop"
connection_string {
name = "CMSConnectionString"
type = "SQLServer"
value = "Server=tcp:${azurerm_sql_server.app-servicePlanResourceGroup-dev.name}.database.windows.net,1433;Initial Catalog=${azurerm_sql_database.app-servicePlanResourceGroup-dev.name};Persist Security Info=False;User ID=${data.vault_generic_secret.app-servicePlanResourceGroup-dev-sql_admin_user.data["value"]};Password=${data.vault_generic_secret.app-servicePlanResourceGroup-dev-sql_admin_password.data["value"]};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;Max Pool Size=${var.app-servicePlanResourceGroup-connection-pool-size};"
}
connection_string {
name = "AzureWebJobsStorage"
type = "Custom"
value = "DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.app-servicePlanResourceGroup-dev.name};AccountKey=${azurerm_storage_account.app-servicePlanResourceGroup-dev.secondary_access_key};EndpointSuffix=core.windows.net"
}
connection_string {
name = "AzureWebJobsDashboard"
type = "Custom"
value = "DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.app-servicePlanResourceGroup-dev.name};AccountKey=${azurerm_storage_account.app-servicePlanResourceGroup-dev.primary_access_key};EndpointSuffix=core.windows.net"
}
connection_string {
name = "letsencrypt:app-servicePlanResourceGroup-dev-clientSecret"
type = "Custom"
value = data.vault_generic_secret.letsencrypt-app-servicePlanResourceGroup-dev-client-secret.data["value"]
}
lifecycle {
ignore_changes = [
site_config["scm_type"],
]
}
tags = {
environment = "development"
}
depends_on = [azurerm_app_service_plan.app-servicePlanResourceGroup-dev]
}
Debug Output
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# azurerm_app_service.corpsite-dev will be updated in-place
~ resource "azurerm_app_service" "corpsite-dev" {
app_service_plan_id = "/subscriptions/xxxxxxxxxxxxxx/resourceGroups/app-service/providers/Microsoft.Web/serverfarms/app-service"
~ app_settings = {
"CMSAzureAccountName" = "app-service"
"CMSAzureSharedKey" = "xxxxxxxxxxxxx"
"CMSHashStringSalt" = "xxxxxxxxx"
"MobileAppsManagement_EXTENSION_VERSION" = "latest"
"PortfolioCentreApiKey" = "xxxxxxxx"
+ "WEBSITE_HTTPLOGGING_RETENTION_DAYS" = "2"
"redis_access_key" = "xxxxxxxxxxxxx"
"redis_hostname" = "xxxxxxxxxxxxxx"
}
client_affinity_enabled = true
client_cert_enabled = false
default_site_hostname = "xxxxxxxxx.azurewebsites.net"
enabled = true
https_only = true
id = "/subscriptions/xxxxxxxxxxxxxx/resourceGroups/app-service/providers/Microsoft.Web/sites/scg-corpsite-dev"
location = "australiaeast"
name = "scg-corpsite-dev"
outbound_ip_addresses = "xxxxxxxxxxxxx"
possible_outbound_ip_addresses = "xxxxxxxxxxxxxx"
resource_group_name = "app-service"
site_credential = [
{
password = "xxxxxxxxxxxxxx"
username = "xxxxxxxxxxxxx"
},
]
source_control = [
{
branch = "develop"
repo_url = "xxxxxxxxxxxxx"
},
]
tags = {
"environment" = "development"
}
auth_settings {
additional_login_params = {}
allowed_external_redirect_urls = []
enabled = false
token_refresh_extension_hours = 0
token_store_enabled = false
}
connection_string {
name = "AzureWebJobsDashboard"
type = "Custom"
value = (sensitive value)
}
connection_string {
name = "AzureWebJobsStorage"
type = "Custom"
value = (sensitive value)
}
connection_string {
name = "CMSConnectionString"
type = "SQLServer"
value = (sensitive value)
}
connection_string {
name = "xxxxxxxx"
type = "Custom"
value = (sensitive value)
}
logs {
application_logs {
}
http_logs {
file_system {
retention_in_days = 2
retention_in_mb = 35
}
}
}
site_config {
always_on = true
default_documents = []
dotnet_framework_version = "v4.0"
ftps_state = "AllAllowed"
http2_enabled = true
ip_restriction = []
local_mysql_enabled = false
managed_pipeline_mode = "Integrated"
min_tls_version = "1.2"
remote_debugging_enabled = false
remote_debugging_version = "VS2019"
scm_type = "GitHub"
use_32_bit_worker_process = false
websockets_enabled = false
cors {
allowed_origins = []
support_credentials = false
}
}
}
Plan: 0 to add, 1 to change, 0 to destroy.
Panic Output
Expected Behavior
No Changes once terraform is applied
Actual Behavior
At every terraform plan/apply it wants to update the WEBSITE_HTTPLOGGING_RETENTION_DAYS
Steps to Reproduce
terraform apply
Important Factoids
References
- #0000
guri-s
All 5 comments
The WEBSITE_HTTPLOGGING_RETENTION_DAYS property is removed before saving it to the state. Explains your issue but I'm pretty sure there is some reason why this is done.
brennerm
on 5 Dec 2019
App service uses app settings internally for both app and HTTP logging, but they should be configured using the logs block in terraform
phekmat
on 10 Dec 2019
🎉1
@phekmat Seems like you are right. :+1:
@guri-s Removing the WEBSITE_HTTPLOGGING_RETENTION_DAYS from your app_settings and only keeping the logs block should resolve your problem.
brennerm
on 10 Dec 2019
🎉1
Thanks @phekmat configuring logging via logs block fixed the issue.
guri-s
on 11 Dec 2019
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 10 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings
Related issues
MMollyy
·
3Comments
alant94
·
3Comments
Faaux
·
3Comments
Lachlan-White
·
3Comments
jansepke
·
3Comments