azurerm_cdn_frontdoor_origin_group change removes health probes

johnburns320 commented 1 year ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.4.6

AzureRM Provider Version

v3.60.0

Affected Resource(s)/Data Source(s)

azurerm_cdn_frontdoor_origin_group

Terraform Configuration Files

resource "azurerm_resource_group" "front_door_01" {
  name     = "resourcegroup1"
  location = <redacted>
}

resource "azurerm_cdn_frontdoor_profile" "default_01" {
  name                = "profile1"
  resource_group_name = azurerm_resource_group.front_door_01.name
  sku_name            = "Premium_AzureFrontDoor"
}

resource "azurerm_cdn_frontdoor_origin_group" "group1" {
  name                                                      = "group1"
  cdn_frontdoor_profile_id                                  = azurerm_cdn_frontdoor_profile.default_01.id
  restore_traffic_time_to_healed_or_new_endpoint_in_minutes = 1
  session_affinity_enabled                                  = false

  health_probe {
    protocol            = "Https"
    interval_in_seconds = 30
    request_type        = "GET"
    path                = "/healthz"
  }

  load_balancing {
    additional_latency_in_milliseconds = 0
    successful_samples_required        = 2
  }
}

Debug Output/Panic Output

https://gist.github.com/johnburns320/248b1bce64ef1232cab4a24abed43486

Expected Behaviour

The origin group health probes should have remained intact.

Actual Behaviour

The origin group health probes were removed.

Steps to Reproduce

Provision an Azure Front Door Classic SKU profile including a similar origin group.
Migrate the provisioned Classic Front Door to the Standard or Premium SKU.
Create a Terraform module with resources specified above.
Import the origin group from the migrated Premium SKU profile into the state file.
Run a plan. This should indicate a "change" to the new but currently unused restore_traffic_time_to_healed_or_new_endpoint_in_minutes argument.
Apply the plan changes.

Important Factoids

No response

References

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cdn_frontdoor_origin_group#restore_traffic_time_to_healed_or_new_endpoint_in_minutes

benj-ch commented 6 months ago

The issue also appears when you create a fresh Front Door Premium and you change the session_affinity_enabled parameters.

dstewart-minitab commented 3 months ago

We have also ran into this issue. Enabling session affinity on an origin removes the health probe without being included in the plan changes. Subsequent plan/apply will show the missing health probe and want to add it back.

rolls-mtb commented 3 months ago

it looks like the request to update session affinity is leaving health probe settings null, so azure is removing them. saw this in the debug when we reproduced the issue locally.

Content-Length: 76
Content-Type: application/json; charset=utf-8
X-Ms-Correlation-Request-Id: 
Accept-Encoding: gzip

{"properties":{"healthProbeSettings":null,"sessionAffinityState":"Enabled"}}: timestamp

hashicorp / terraform-provider-azurerm