Open pacorreia opened 2 years ago
Hey team,
for some reason this issue was removed the bug label, and one got eyes into this, is a bit of concerning issue, please do the triage
Hi. It seems solved in the last Azurerm provider version v3.42.0
@dcd000 part of yes, but I've noticed another thing as described in this issue:
Also noticed that, when we don't ignore changes to docker properties, and we edit in Azure Portal, Terraform reports that there was a change, e.g.:
In terraform we set registry url without https We go to Azure Portal and update a tag Run terraform plan and registry_url shows a drift, reads https:// and when applying will remove it Same happens for image name, we set it without registry url prefix, and after a change in portal, terraform reports it as having registry url as part for image name.
I don't get it why this issue was not being monitored and related as well
I think that as of version v3.42 registry_url must use https because it is directly used to populate the DOCKER_REGISTRY_SERVER_URL app setting and this must include the protocol Try with registry_url = https://azurerm_container_registry.acr.login_server
We're seeing this same behaviour but in a azurerm_linux_web_app
. Specifically, when the docker/private registry values are set inside of the application_stack
block, the server's name is being added to the image name (e.g.: Full Image Name and Tag
field in Azure).
What this translates to is the Web App trying to pull host/host/image:tag
, which is failing (because it should be host/image:tag
), and the application is crashing.
The only work-around we have, currently, is to set the appropriate values via Az CLI (e.g.: az webapp config container set
) and these values are respected (notably: it looks like DOCKER_CUSTOM_IMAGE_NAME
is the value respected).
Looking at the audit trail in Azure, it is evident that the double-host value is being applied to the linuxFxVersion
field; however, we are not modifying anything in the Web App configuration (in terraform) to trigger this change. In fact, the terraform plan notes that the application stack has no changes.
We have reproduced this on 3.83.0 and 3.103.1 (latest at the time of this comment) of the AzureRM provider in terraform.
This sounds a core issue, with significant impact and that needs a through review in the code, and for these reasons, a priority.
Is there an existing issue for this?
Community Note
Terraform Version
1.2.6
AzureRM Provider Version
3.17.0
Affected Resource(s)/Data Source(s)
azurerm_linux_function_app
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
The docker image name, tag and registry url should have remained intact with ignore_changes setup:
Actual Behaviour
image name is set to https imagetag gets the registry url prefixed to original image name like "//someacr.azureact.io/repo/image"
Steps to Reproduce
For this case no actual docker image needs to be present!
Also noticed that, when we don't ignore changes to docker properties, and we edit in Azure Portal, Terraform reports that there was a change, e.g.:
@james-bjss might provide more info on code analysis we did to azurerm provider.
Important Factoids
No response
References
No response