-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Always destroying and rebuilding backend_address_pool
in azurerm_application_gateway
resource
#23099
Open
1 task done
Labels
Comments
Hi @Karthik6615 , I tried to reproduce the issue but seems I can't with below tf config. Could you help provide more details about the config? Thanks. tf configterraform {
required_providers {
azurerm = {
version = "=3.67.0"
}
}
}
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "test" {
name = "test-resources"
location = "West Europe"
}
resource "azurerm_virtual_network" "test" {
name = "test-network1"
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location
address_space = ["10.254.0.0/16"]
}
resource "azurerm_subnet" "frontend" {
name = "frontend"
resource_group_name = azurerm_resource_group.test.name
virtual_network_name = azurerm_virtual_network.test.name
address_prefixes = ["10.254.0.0/24"]
}
resource "azurerm_subnet" "backend" {
name = "backend"
resource_group_name = azurerm_resource_group.test.name
virtual_network_name = azurerm_virtual_network.test.name
address_prefixes = ["10.254.2.0/24"]
}
resource "azurerm_public_ip" "test" {
name = "test-pip"
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location
allocation_method = "Static"
sku = "Standard"
}
resource "azurerm_network_security_group" "test" {
name = "acctest-NSG"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
}
resource "azurerm_subnet_network_security_group_association" "test" {
subnet_id = azurerm_subnet.backend.id
network_security_group_id = azurerm_network_security_group.test.id
}
resource "azurerm_network_security_rule" "client" {
name = "Client_communication_to_API_Management"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "80"
source_address_prefix = "VirtualNetwork"
destination_address_prefix = "VirtualNetwork"
resource_group_name = azurerm_resource_group.test.name
network_security_group_name = azurerm_network_security_group.test.name
}
resource "azurerm_network_security_rule" "secure_client" {
name = "Secure_Client_communication_to_API_Management"
priority = 110
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "443"
source_address_prefix = "VirtualNetwork"
destination_address_prefix = "VirtualNetwork"
resource_group_name = azurerm_resource_group.test.name
network_security_group_name = azurerm_network_security_group.test.name
}
resource "azurerm_network_security_rule" "endpoint" {
name = "Management_endpoint_for_Azure_portal_and_Powershell"
priority = 120
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "3443"
source_address_prefix = "ApiManagement"
destination_address_prefix = "VirtualNetwork"
resource_group_name = azurerm_resource_group.test.name
network_security_group_name = azurerm_network_security_group.test.name
}
resource "azurerm_network_security_rule" "authenticate" {
name = "Authenticate_To_Azure_Active_Directory"
priority = 200
direction = "Outbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_ranges = ["80", "443"]
source_address_prefix = "ApiManagement"
destination_address_prefix = "VirtualNetwork"
resource_group_name = azurerm_resource_group.test.name
network_security_group_name = azurerm_network_security_group.test.name
}
resource "azurerm_api_management" "test1" {
name = "test-apim2101"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
publisher_name = "My Company"
publisher_email = "company@terraform.io"
sku_name = "Developer_1"
virtual_network_type = "Internal"
virtual_network_configuration {
subnet_id = azurerm_subnet.backend.id
}
}
resource "azurerm_api_management" "test2" {
name = "test-apim2102"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
publisher_name = "My Company"
publisher_email = "company@terraform.io"
sku_name = "Developer_1"
virtual_network_type = "Internal"
virtual_network_configuration {
subnet_id = azurerm_subnet.backend.id
}
}
# since these variables are re-used - a locals block makes this more maintainable
locals {
backend_address_pool_name = "${azurerm_virtual_network.test.name}-beap"
backend_address_pool_name2 = "${azurerm_virtual_network.test.name}-beap2"
frontend_port_name = "${azurerm_virtual_network.test.name}-feport"
frontend_ip_configuration_name = "${azurerm_virtual_network.test.name}-feip"
http_setting_name = "${azurerm_virtual_network.test.name}-be-htst"
listener_name = "${azurerm_virtual_network.test.name}-httplstn"
request_routing_rule_name = "${azurerm_virtual_network.test.name}-rqrt"
redirect_configuration_name = "${azurerm_virtual_network.test.name}-rdrcfg"
}
resource "azurerm_application_gateway" "network" {
name = "test-appgateway"
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location
sku {
name = "Standard_v2"
tier = "Standard_v2"
capacity = 2
}
gateway_ip_configuration {
name = "my-gateway-ip-configuration"
subnet_id = azurerm_subnet.frontend.id
}
frontend_port {
name = local.frontend_port_name
port = 80
}
frontend_ip_configuration {
name = local.frontend_ip_configuration_name
public_ip_address_id = azurerm_public_ip.test.id
}
backend_address_pool {
name = local.backend_address_pool_name
ip_addresses = azurerm_api_management.test1.private_ip_addresses
}
backend_address_pool {
name = local.backend_address_pool_name2
ip_addresses = azurerm_api_management.test2.private_ip_addresses
}
backend_http_settings {
name = local.http_setting_name
cookie_based_affinity = "Disabled"
path = "/path1/"
port = 80
protocol = "Http"
request_timeout = 60
}
http_listener {
name = local.listener_name
frontend_ip_configuration_name = local.frontend_ip_configuration_name
frontend_port_name = local.frontend_port_name
protocol = "Http"
}
request_routing_rule {
name = local.request_routing_rule_name
priority = 10
rule_type = "Basic"
http_listener_name = local.listener_name
backend_address_pool_name = local.backend_address_pool_name
backend_http_settings_name = local.http_setting_name
}
} |
@Karthik6615 , seems this is related to PR #19963. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there an existing issue for this?
Community Note
Terraform Version
1.5.4
AzureRM Provider Version
3.67.0
Affected Resource(s)/Data Source(s)
azurerm_application_gateway
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
Shouldn't be any changes while running terraform plan
Actual Behaviour
Panic output as described above
Steps to Reproduce
No response
Important Factoids
No response
References
No response
The text was updated successfully, but these errors were encountered: