function app "use_32_bit_worker" set to false not creating 64 bit platform with first attempt

[mg-8]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.2.2

AzureRM Provider Version

3.20.0

Affected Resource(s)/Data Source(s)

azurerm_windows_function_app

Terraform Configuration Files

resource "azurerm_windows_function_app" "this" {

  name                       = var.function_app.name
  resource_group_name        = var.resource_group.name
  location                   = var.resource_group.location
  service_plan_id            = data.azurerm_service_plan.this.id
  storage_account_name       = azurerm_storage_account.this.name
  storage_account_access_key = sensitive(azurerm_storage_account.this.primary_access_key)
  https_only                 = true
  client_certificate_enabled = true
  client_certificate_mode    = "Required"

  identity {
    type         = "UserAssigned"
    identity_ids = [data.azurerm_user_assigned_identity.this.id]
  }

  site_config {
    pre_warmed_instance_count = "1"
    http2_enabled             = true
    use_32_bit_worker         = false
    vnet_route_all_enabled    = "true"
    application_insights_connection_string = sensitive(data.azurerm_application_insights.this.connection_string)
    application_insights_key               = sensitive(data.azurerm_application_insights.this.instrumentation_key)
  }

  app_settings = {
    vnet_route_all_enabled = "1"
  }

  lifecycle {
    ignore_changes = [
      tags,
    ]
  }

  depends_on = [
    azurerm_storage_account.this,
  ]
}

Debug Output/Panic Output

As per below output, it must create 64 bit platform with terraform apply but it does not, however, if I rerun terraform apply second time it changes the use_32_bit_worker value from ture -> false to make it 64 bit platform.

# module.function_app["syd-non-app-func-app-01"].azurerm_windows_function_app.this will be created
  + resource "azurerm_windows_function_app" "this" {
      + app_settings                      = {
          + "vnet_route_all_enabled" = "1"
        }
      + builtin_logging_enabled           = true
      + client_certificate_enabled        = true
      + client_certificate_mode           = "Required"
      + content_share_force_disabled      = false
      + custom_domain_verification_id     = (sensitive value)
      + daily_memory_time_quota           = 0
      + default_hostname                  = (known after apply)
      + enabled                           = true
      + functions_extension_version       = "~4"
      + https_only                        = true
      + id                                = (known after apply)
      + key_vault_reference_identity_id   = (known after apply)
      + kind                              = (known after apply)
      + location                          = "australiaeast"
      + name                              = "syd-non-app-func-app-01"
      + outbound_ip_address_list          = (known after apply)
      + outbound_ip_addresses             = (known after apply)
      + possible_outbound_ip_address_list = (known after apply)
      + possible_outbound_ip_addresses    = (known after apply)
      + resource_group_name               = "syd-non-app-rg"
      + service_plan_id                   = "/subscriptions/xxxxx/resourceGroups/syd-non-app-rg/providers/Microsoft.Web/serverfarms/syd-non-app-func-app-svc-plan-01"
      + site_credential                   = (known after apply)
      + storage_account_access_key        = (sensitive value)
      + storage_account_name              = "stfuncapp01"
      + storage_uses_managed_identity     = false

      + auth_settings {
          + additional_login_parameters    = (known after apply)
          + allowed_external_redirect_urls = (known after apply)
          + default_provider               = (known after apply)
          + enabled                        = (known after apply)
          + issuer                         = (known after apply)
          + runtime_version                = (known after apply)
          + token_refresh_extension_hours  = (known after apply)
          + token_store_enabled            = (known after apply)
          + unauthenticated_client_action  = (known after apply)

          + active_directory {
              + allowed_audiences          = (known after apply)
              + client_id                  = (known after apply)
              + client_secret              = (sensitive value)
              + client_secret_setting_name = (known after apply)
            }

          + facebook {
              + app_id                  = (known after apply)
              + app_secret              = (sensitive value)
              + app_secret_setting_name = (known after apply)
              + oauth_scopes            = (known after apply)
            }

          + github {
              + client_id                  = (known after apply)
              + client_secret              = (sensitive value)
              + client_secret_setting_name = (known after apply)
              + oauth_scopes               = (known after apply)
            }

          + google {
              + client_id                  = (known after apply)
              + client_secret              = (sensitive value)
              + client_secret_setting_name = (known after apply)
              + oauth_scopes               = (known after apply)
            }

          + microsoft {
              + client_id                  = (known after apply)
              + client_secret              = (sensitive value)
              + client_secret_setting_name = (known after apply)
              + oauth_scopes               = (known after apply)
            }

          + twitter {
              + consumer_key                 = (known after apply)
              + consumer_secret              = (sensitive value)
              + consumer_secret_setting_name = (known after apply)
            }
        }

      + identity {
          + identity_ids = [
              + "/subscriptions/xxxx/resourceGroups/syd-non-app-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id-funcapp-01",
            ]
          + principal_id = (known after apply)
          + tenant_id    = (known after apply)
          + type         = "UserAssigned"
        }

      + site_config {
          + always_on                              = (known after apply)
          + app_scale_limit                        = (known after apply)
          + application_insights_connection_string = (sensitive value)
          + application_insights_key               = (sensitive value)
          + default_documents                      = (known after apply)
          + detailed_error_logging_enabled         = (known after apply)
          + elastic_instance_minimum               = (known after apply)
          + ftps_state                             = "Disabled"
          + health_check_eviction_time_in_min      = (known after apply)
          + http2_enabled                          = true
          + ip_restriction                         = (known after apply)
          + load_balancing_mode                    = "LeastRequests"
          + managed_pipeline_mode                  = "Integrated"
          + minimum_tls_version                    = "1.2"
          + pre_warmed_instance_count              = 1
          + remote_debugging_enabled               = false
          + remote_debugging_version               = (known after apply)
          + scm_ip_restriction                     = (known after apply)
          + scm_minimum_tls_version                = "1.2"
          + scm_type                               = (known after apply)
          + scm_use_main_ip_restriction            = false
          + use_32_bit_worker                      = false
          + vnet_route_all_enabled                 = true
          + websockets_enabled                     = false
          + windows_fx_version                     = (known after apply)
          + worker_count                           = (known after apply)
        }
    }

Rerun terraform plan/apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.function_app["acs-syd-non-app-func-app-01"].azurerm_windows_function_app.this will be updated in-place
  ~ resource "azurerm_windows_function_app" "this" {
        id                                = "/subscriptions/xxxxx/resourceGroups/syd-non-app-rg/providers/Microsoft.Web/sites/syd-non-app-func-app-01"
        name                              = "syd-non-app-func-app-01"
        # (25 unchanged attributes hidden)

      ~ site_config {
          ~ use_32_bit_worker                      = true -> false
            # (30 unchanged attributes hidden)
        }
        # (2 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Expected Behaviour

use_32_bit_worker = false must create 64 bit platform

Actual Behaviour

It's creating 32 bit platform

Steps to Reproduce

Run terraform apply twice

Important Factoids

No response

References

No response

[xiaxyi]

Thanks @mg-8 for raising this issue, let me check the behavior and I will submit a pr for the fix once confirmed.

[mg-8]

Thanks @mg-8 for raising this issue, let me check the behavior and I will submit a pr for the fix once confirmed.

any luck fixing this issue?

[tjrobinson]

Possibly related: https://github.com/hashicorp/terraform-provider-azurerm/issues/16211

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.