Terraform-provider-azurerm: Azure Front Door: Multiple health probes/load balancing rules result in unexpected resource modifying
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform (and AzureRM Provider) Version
Terraform v0.12.17
- provider.azuread v0.3.1
- provider.azurerm v1.41.0
Affected Resource(s)
azurerm_frontdoor
Terraform Configuration Files
This creates a front door with
- 2 routing rules
- 2 load balancing rules
- 2 health probes
- 2 backend pools
locals {
frontdoor_name = "badger-test-frontdoor"
}
resource "azurerm_resource_group" "test_frontdoor" {
name = "test-frontdoor"
location = "uksouth"
}
resource "azurerm_frontdoor" "test_frontdoor" {
name = local.frontdoor_name
location = "global"
resource_group_name = azurerm_resource_group.test_frontdoor.name
enforce_backend_pools_certificate_name_check = false
frontend_endpoint {
name = "defaultfrontend"
host_name = "${local.frontdoor_name}.azurefd.net"
custom_https_provisioning_enabled = false
}
#<######## PoolA #########>
routing_rule {
name = "PoolARoutingRule"
accepted_protocols = ["Https"]
patterns_to_match = ["/poola/*"]
frontend_endpoints = ["defaultfrontend"]
forwarding_configuration {
forwarding_protocol = "MatchRequest"
backend_pool_name = "PoolA"
}
}
backend_pool_load_balancing {
name = "PoolALB"
additional_latency_milliseconds = 0
sample_size = 4
successful_samples_required = 2
}
backend_pool_health_probe {
name = "PoolAHealth"
protocol = "Https"
}
backend_pool {
name = "PoolA"
load_balancing_name = "PoolALB"
health_probe_name = "PoolAHealth"
backend {
host_header = "google.com"
address = "google.com"
http_port = 80
https_port = 443
weight = 75
enabled = true
}
}
#</######## Pool A #########/>
#<######## PoolB #########>
routing_rule {
name = "PoolBRoutingRule"
accepted_protocols = ["Https"]
patterns_to_match = ["/poolb/*"]
frontend_endpoints = ["defaultfrontend"]
forwarding_configuration {
forwarding_protocol = "MatchRequest"
backend_pool_name = "PoolB"
}
}
backend_pool_load_balancing {
name = "PoolBLB"
additional_latency_milliseconds = 0
sample_size = 4
successful_samples_required = 2
}
backend_pool_health_probe {
name = "PoolBHealth"
protocol = "Https"
}
backend_pool {
name = "PoolB"
load_balancing_name = "PoolBLB"
health_probe_name = "PoolBHealth"
backend {
host_header = "google.com"
address = "google.com"
http_port = 80
https_port = 443
weight = 75
enabled = true
}
}
#</######## Pool B #########/>
}
Debug Output
https://gist.github.com/BadgerCode/1f7b1c986f5ace144f1311c4c78d87e2
Expected Behavior
No changes to report.
Actual Behavior
Terraform will perform the following actions:
# azurerm_frontdoor.test_frontdoor will be updated in-place
~ resource "azurerm_frontdoor" "test_frontdoor" {
cname = "badger-test-frontdoor.azurefd.net"
enforce_backend_pools_certificate_name_check = false
id = "/subscriptions/7250f5c3-fb37-401c-a4e3-bd9591f0ff60/resourcegroups/test-frontdoor/providers/Microsoft.Network/frontdoors/badger-test-frontdoor"
load_balancer_enabled = true
location = "global"
name = "badger-test-frontdoor"
resource_group_name = "test-frontdoor"
tags = {}
backend_pool {
health_probe_name = "PoolAHealth"
id = "/subscriptions/7250f5c3-fb37-401c-a4e3-bd9591f0ff60/resourcegroups/test-frontdoor/providers/Microsoft.Network/Frontdoors/badger-test-frontdoor/BackendPools/PoolA"
load_balancing_name = "PoolALB"
name = "PoolA"
backend {
address = "google.com"
enabled = true
host_header = "google.com"
http_port = 80
https_port = 443
priority = 1
weight = 75
}
}
backend_pool {
health_probe_name = "PoolBHealth"
id = "/subscriptions/7250f5c3-fb37-401c-a4e3-bd9591f0ff60/resourcegroups/test-frontdoor/providers/Microsoft.Network/Frontdoors/badger-test-frontdoor/BackendPools/PoolB"
load_balancing_name = "PoolBLB"
name = "PoolB"
backend {
address = "google.com"
enabled = true
host_header = "google.com"
http_port = 80
https_port = 443
priority = 1
weight = 75
}
}
~ backend_pool_health_probe {
id = "/subscriptions/7250f5c3-fb37-401c-a4e3-bd9591f0ff60/resourcegroups/test-frontdoor/providers/Microsoft.Network/Frontdoors/badger-test-frontdoor/HealthProbeSettings/PoolBHealth"
interval_in_seconds = 120
~ name = "PoolBHealth" -> "PoolAHealth"
path = "/"
protocol = "Https"
}
+ backend_pool_health_probe {
+ interval_in_seconds = 120
+ name = "PoolBHealth"
+ path = "/"
+ protocol = "Https"
}
~ backend_pool_load_balancing {
additional_latency_milliseconds = 0
id = "/subscriptions/7250f5c3-fb37-401c-a4e3-bd9591f0ff60/resourcegroups/test-frontdoor/providers/Microsoft.Network/Frontdoors/badger-test-frontdoor/LoadBalancingSettings/PoolBLB"
~ name = "PoolBLB" -> "PoolALB"
sample_size = 4
successful_samples_required = 2
}
+ backend_pool_load_balancing {
+ additional_latency_milliseconds = 0
+ name = "PoolBLB"
+ sample_size = 4
+ successful_samples_required = 2
}
frontend_endpoint {
custom_https_provisioning_enabled = false
host_name = "badger-test-frontdoor.azurefd.net"
id = "/subscriptions/7250f5c3-fb37-401c-a4e3-bd9591f0ff60/resourcegroups/test-frontdoor/providers/Microsoft.Network/frontdoors/badger-test-frontdoor/frontendendpoints/defaultfrontend"
name = "defaultfrontend"
session_affinity_enabled = false
session_affinity_ttl_seconds = 0
}
routing_rule {
accepted_protocols = [
"Https",
]
enabled = true
frontend_endpoints = [
"defaultfrontend",
]
id = "/subscriptions/7250f5c3-fb37-401c-a4e3-bd9591f0ff60/resourcegroups/test-frontdoor/providers/Microsoft.Network/Frontdoors/badger-test-frontdoor/RoutingRules/PoolARoutingRule"
name = "PoolARoutingRule"
patterns_to_match = [
"/poola/*",
]
forwarding_configuration {
backend_pool_name = "PoolA"
cache_query_parameter_strip_directive = "StripNone"
cache_use_dynamic_compression = false
forwarding_protocol = "MatchRequest"
}
}
routing_rule {
accepted_protocols = [
"Https",
]
enabled = true
frontend_endpoints = [
"defaultfrontend",
]
id = "/subscriptions/7250f5c3-fb37-401c-a4e3-bd9591f0ff60/resourcegroups/test-frontdoor/providers/Microsoft.Network/Frontdoors/badger-test-frontdoor/RoutingRules/PoolBRoutingRule"
name = "PoolBRoutingRule"
patterns_to_match = [
"/poolb/*",
]
forwarding_configuration {
backend_pool_name = "PoolB"
cache_query_parameter_strip_directive = "StripNone"
cache_use_dynamic_compression = false
forwarding_protocol = "MatchRequest"
}
}
}
Plan: 0 to add, 1 to change, 0 to destroy.
Steps to Reproduce
terraform apply- Accept the changes
- Wait for the changes to finish
terraform apply
BadgerCode
👍15
All 6 comments
We are still experiencing this issue.
Applying the same front door plan repeatedly results in changes to the backend_pool_health_probe and backend_pool_load_balancing rules every time.
BadgerCode
on 11 Feb 2020
I am having the same experience, it looks like its just shifting order.
in other words, it checks the order and presence of the items, instead of just the presence of the items.
i am using Terraform v0.12.20 and azurerm 1.44 btw.
i have the same experience with the: azurerm_frontdoor_firewall_policy and the custom_rule.
Blankf
on 17 Feb 2020
👍2
@Blankf can you open a new issue for the azurerm_frontdoor_firewall_policy so I can investigate that separate from this issue?
WodansSon
on 27 Feb 2020
🎉1
This has been released in version 2.1.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:
provider "azurerm" {
version = "~> 2.1.0"
}
# ... other configuration ...
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 11 Mar 2020
🎉1
I am still seeing this issue after using the 2.1 provider. Is anyone else experiencing this?
mluker
on 17 Mar 2020
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!
hashibot[bot]
on 3 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings
Related issues
tombuildsstuff
·
89Comments
tombuildsstuff
·
36Comments
hashibot[bot]
·
29Comments
srusru
·
44Comments
sukhmeet
·
31Comments
Most helpful comment
I am having the same experience, it looks like its just shifting order.
in other words, it checks the order and presence of the items, instead of just the presence of the items.
i am using Terraform v0.12.20 and azurerm 1.44 btw.
i have the same experience with the: azurerm_frontdoor_firewall_policy and the custom_rule.