[Windows FunctionApp] exit status 1 - ".../Microsoft.Web/sites/sandbox-training-zguerrouj-func/config/web": ID was missing the slots element

[jeremybouchet44]

Versions used :

1. aztfy version : 0.4.0 (cd5e46e)
2. azurerm provider version : 3.7.0

Constats :

I try to import and built terraform files for an windows FunctionApp resource.

• Aztfy detects well the Windows FunctionApp resource (azurerm_windows_function_app on Terraform view) and I successed to build the terraform file main.tf :

/subscriptions/da2e245c-1da4-409b-9b54-81016ca9ae8f/resourceGroups/sandbox-training-zguerrouj-resource-group/providers/Microsoft.Web/sites/sandbox-training-zguerrouj-func

• Also Aztfy detects as a new resource such as below :

/subscriptions/da2e245c-1da4-409b-9b54-81016ca9ae8f/resourceGroups/sandbox-training-zguerrouj-resource-group/providers/Microsoft.Web/sites/sandbox-training-zguerrouj-func/config/web

Normally that should concern an Windows FunctionApp slot resource (azurerm_windows_function_app_slot on Terraform view : https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_function_app_slot).

Error encountered :

So with aztfy I tried to declare it with azurerm_windows_function_app_slot.resourcenametest but I encounters the error :

exit status 1 Error: parsing Resource ID "/subscriptions/da2e245c-1da4-409b-9b54-81016ca9ae8f/resourceGroups/sandbox-training-zguerrouj-resource-group/providers/Microsoft.Web/sites/sandbox-training-zguerrouj-func/config/web": ID was missing the slotselement

Needs :

Is anyone already encountered this behaviour ? Please is anyone already fixed this error to import an Windows FunctionApp with aztfy ?

[magodo]

@jeremybouchet44 Thank you for openning this!

/subscriptions/da2e245c-1da4-409b-9b54-81016ca9ae8f/resourceGroups/sandbox-training-zguerrouj-resource-group/providers/Microsoft.Web/sites/sandbox-training-zguerrouj-func/config/web is not a slot resource, the azurerm_windows_function_app_slot has the form of /subscriptions/da2e245c-1da4-409b-9b54-81016ca9ae8f/resourceGroups/sandbox-training-zguerrouj-resource-group/providers/Microsoft.Web/sites/sandbox-training-zguerrouj-func/slots/<name>.

Terraform models differently than Azure, e.g. in Terraform you only have two resources: azurerm_windows_function_app and azurerm_windows_function_app_slot. While after provisioning them, there are a bunch of resources being created at Azure side, which (currently) is shown in the exported import list. You'd want to skip most of them, and only mark the two ids among them to be imported into their TF corresponding resources.

[jeremybouchet44]

Hello @magodo,

ok but I don't understand why in the "main.tf'" file built by aztfy I find only these lines, it lack many parameters for the FunctionApp such as http2_enabled, ftps_state, minimum_tls_version, etc... :

Below the main.tf file built by Aztfy :

resource "azurerm_function_app" "training-zguerrouj_functionApp" {
  app_service_plan_id        = "/subscriptions/da2e245c-1da4-409b-9b54-81016ca9ae8f/resourceGroups/sandbox-training-zguerrouj-resource-group/providers/Microsoft.Web/serverfarms/sandbox-training-zguerrouj-func-plan"
  https_only                 = true
  location                   = "westeurope"
  name                       = "sandbox-training-zguerrouj-func"
  resource_group_name        = "sandbox-training-zguerrouj-resource-group"
  storage_account_access_key = "byqAkSEHys68cnaOUXqqVmbCBmpniIeeg7JqLxkc0l46Hz2QTmzO8LAieiIiTy6SA+aKFRjavKNT9w0h2v0Arw=="
  storage_account_name       = "sdbxtrainzgufa"
  tags = {
    DEPARTMENT  = "TRAINING_ITPOS"
    ENVIRONMENT = "sandbox"
    OWNER       = "zguerrouj@d-edge.com"
    PLATFORM    = "OTHER"
    PRODUCT     = "TRAINING"
    SOLUTION    = "ITOPS"
  }
  version = "~3"
  identity {
    type = "SystemAssigned"
  }
  depends_on = [
    azurerm_app_service_plan.training-zguerrouj_AppServicePlan,
  ]
}

How do you explain that Aztfy detects the below points of configuration for this FunctionApp (cf. attached picture) ? You think really these ones aren't necessary to declare completely the FunctionApp resource. I'm not of your advice.

• /subscriptions/da2e245c-1da4-409b-9b54-81016ca9ae8f/resourceGroups/sandbox-training-zguerrouj-resource-group/providers/Microsoft.Web/sites/sandbox-training-zguerrouj-func/config/web
• /subscriptions/da2e245c-1da4-409b-9b54-81016ca9ae8f/resourceGroups/sandbox-training-zguerrouj-resource-group/providers/Microsoft.Web/sites/sandbox-training-zguerrouj-func/basicPublishingCredentialsPolicies/ftp
• /subscriptions/da2e245c-1da4-409b-9b54-81016ca9ae8f/resourceGroups/sandbox-training-zguerrouj-resource-group/providers/Microsoft.Web/sites/sandbox-training-zguerrouj-func/basicPublishingCredentialsPolicies/scm

Expected main.tf file (Extract of our Terraform module for the FunctionApp that we used in my company) :

Normally the main.tf file should be as below :

resource "azurerm_windows_function_app" "main_func" {
  name                       = length(var.extended_name) > 0 ? "${local.namespace}-${var.extended_name}-func" : "${local.namespace}-func"
  resource_group_name        = var.resource_group_name
  location                   = var.location
  service_plan_id            = length(var.existing_app_service_plan_name) > 0 ? var.existing_app_service_plan_id : azurerm_service_plan.main_func[0].id
  storage_account_name       = azurerm_storage_account.main_func.name
  storage_account_access_key = azurerm_storage_account.main_func.primary_access_key

  functions_extension_version = var.function_engine_version

  app_settings = merge({
    "WEBSITE_RUN_FROM_PACKAGE" = "1",
    "FUNCTIONS_WORKER_RUNTIME" = "node"
    },
    WEBSITE_NODE_DEFAULT_VERSION   = "~14"
    SCM_DO_BUILD_DURING_DEPLOYMENT = "false"
  )

  # Best practice security
  identity {
    type = "SystemAssigned"
  }
  site_config {
    use_32_bit_worker   = false
    ftps_state          = "Disabled"
    minimum_tls_version = 1.2
    http2_enabled       = true
  }
  https_only = true
}

The config with site_config should be present in the main.tf file built by Aztfy such as :

site_config {
    use_32_bit_worker   = false
    ftps_state          = "Disabled"
    minimum_tls_version = 1.2
    http2_enabled       = true
  }
  https_only = true
}

[jeremybouchet44]

@magodo please reopen this issue !

[magodo]

@jeremybouchet44 Unfortunately, due to the complexity of different resources and the underlying Terraform plugin SDK. We (and probably all the other existing tools) are not able to 100% generate all the properties in the generated configurations. The only thing we are trying to guarantee here is to guarantee the terraform plan shows no diff, which provides the users a good start point to manage resources via Terraform - there is a long way towards the target that every property is populated and can be manage on out of the box.

For the additional resources, that said, Terraform has a different modeling than Azure. E.g. When you create a azurerm_windows_function_app, there is only one resource in Terraform state file. Whilst there are multiple resources (as you saw) created in the Azure. The import list only expect you to specify the valid resource id in context of Terraform, that's why I said you only need to specify those and leave the others as to be skipped.

[jeremybouchet44]

ok I understand the situation, for the moment Aztfy can't build all the Terraform code for an Azure resource in the case of a resource which contains a lot of parameters such as an FunctionApp. May be a day Aztfy will build a full main.tf file with all parameters. Thank you for your explanations.

[magodo]

@jeremybouchet44 Sorry for this... If you really want all the properties, you can have a try on https://github.com/magodo/tfadd: tfadd state -full -target azurerm_windows_function_app_slot.test. This will instead generate all the non-computed properties. That said, due to some adhoc logic (e.g. validation on cross-attribute constraints), the code might still need to be trimed manually.