azurerm_windows_web_app resets java stack settings

garoplin commented 1 year ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.4.6

AzureRM Provider Version

3.390/3.48.0

Affected Resource(s)/Data Source(s)

azurerm_windows_web_app

Terraform Configuration Files

application_stack {
      current_stack                =  "java" : 
      java_version                 = "17.0.2"
      tomcat_version               = "9.0.62"
      java_embedded_server_enabled =  null
    }

Debug Output/Panic Output

{"id":"/subscriptions/…”,”name":"metadata","type":"Microsoft.Web/sites/config","location":"East US 2","tags”:{…},”properties":{"CURRENT_STACK":"java"}}: timestamp=2023-08-14T11:20:39.392Z
2023-08-14T11:20:39.395Z [WARN]  Provider "provider["registry.terraform.io/hashicorp/azurerm"]" produced an unexpected new value for module.some-name.azurerm_windows_web_app.default[0], but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .site_config[0].cors: block count changed from 1 to 0
      - .site_config[0].application_stack[0].java_version: was cty.StringVal("17.0.2"), but now cty.StringVal("")
      - .site_config[0].application_stack[0].tomcat_version: was cty.StringVal("9.0.62"), but now cty.StringVal("")
�[0m�[1mmodule.some-name.azurerm_windows_web_app.default[0]: Modifications complete after 23s [id=…]�[0m
2023-08-14T11:20:39.397Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2023-08-14T11:20:39.401Z [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/hashicorp/azurerm/3.48.0/linux_amd64/terraform-provider-azurerm_v3.48.0_x5 pid=2483
2023-08-14T11:20:39.402Z [DEBUG] provider: plugin exited
2023-08-14T11:20:39.402Z [DEBUG] states/remote: state read serial is: 5; serial is: 5
2023-08-14T11:20:39.402Z [DEBUG] states/remote: state read lineage is:
2023-08-14T11:20:39.405Z [DEBUG] Azure Backend Request:

Expected Behaviour

I have already configured and running app service for a long time, but I've imported the app service under terraform. When running terraform plan after successfulimport it doesn't show any changes. However, after apply terraform resets stack settings, from Java 17 to Java 11 and disables tomcat:

Then, when the app is in this incorrect state and i run terraform plan once again, it sees that the change needs to be done (11 -> 17 and tomcat -> 9.0.62) and the apply fixes the issue. I've tried running it many times and each time the apply which doesn't show any changes deletes stack settings. I've tried this both on 3.39.0 and 3.48.0 azurerm version

Actual Behaviour

Terraform plan doesn't resets stack settings in application

Steps to Reproduce

No response

Important Factoids

No response

References

No response

garoplin commented 1 year ago

I have a interesting log from terraform apply in debug mode:

{"id":"/subscriptions/…”,”name":"metadata","type":"Microsoft.Web/sites/config","location":"East US 2","tags”:{…},”properties":{"CURRENT_STACK":"java"}}: timestamp=2023-08-14T11:20:39.392Z 2023-08-14T11:20:39.395Z [WARN] Provider "provider[\"registry.terraform.io/hashicorp/azurerm\"]" produced an unexpected new value for module.some-name.azurerm_windows_web_app.default[0], but we are tolerating it because it is using the legacy plugin SDK. The following problems may be the cause of any confusing errors from downstream operations: - .site_config[0].cors: block count changed from 1 to 0 - .site_config[0].application_stack[0].java_version: was cty.StringVal("17.0.2"), but now cty.StringVal("") - .site_config[0].application_stack[0].tomcat_version: was cty.StringVal("9.0.62"), but now cty.StringVal("") [0m[1mmodule.some-name.azurerm_windows_web_app.default[0]: Modifications complete after 23s [id=…][0m 2023-08-14T11:20:39.397Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF" 2023-08-14T11:20:39.401Z [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/hashicorp/azurerm/3.48.0/linux_amd64/terraform-provider-azurerm_v3.48.0_x5 pid=2483 2023-08-14T11:20:39.402Z [DEBUG] provider: plugin exited 2023-08-14T11:20:39.402Z [DEBUG] states/remote: state read serial is: 5; serial is: 5 2023-08-14T11:20:39.402Z [DEBUG] states/remote: state read lineage is: 2023-08-14T11:20:39.405Z [DEBUG] Azure Backend Request:

hribeiro-msft commented 1 year ago

Adding some information here that might help for this issue. I did some tests directly with the REST API for web Apps and I was able to find that whenever there is a request to the endpoint PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}?api-version=2022-03-01

and the properties passed don't include And the property is also not included the values of the javaContainer, javaContainerVersion, javaVersion are kept. On the other hand every time that javaContainer, javaContainerVersion, javaVersion is not passed to the payload and use32BitWorkerProcess is passed, independent if is true or false, the javaContainer, javaContainerVersion, javaVersion will be reset to null on the config/web.

My suggestion that might fix this is to, whenever you have use32BitWorkerProcess in the body of that request, you should also include the value of the javaContainer, javaContainerVersion, javaVersion Just keep in mind that the value of these 3 properties will not be visible on the web/sites but instead it will be on the config/web, endpoint: GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/config/web?api-version=2022-03-01

Hope this helps solve the issue through the azurerm module.

Link to the REST API docs: https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/create-or-update https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/get-configuration

@myc2h6o if you can help checking this it would be great.

garoplin commented 1 year ago

Hi Hugo, thank you for the analysis. I'm just wondering how can I enforce this. I do not have control over the request body that is being sent. The fact that PUT request does not include javaVersion and the rest of the parameters seem to be the problem in the first place. All I could do was to change use32BitWorkerProcess parameter to false but this didn't help. So is one think to call api explicitly but the other to enforce this body underneath terraform.

Best regards, Pawel

From: Hugo Ribeiro @.> Sent: Thursday, September 7, 2023 18:40 To: hashicorp/terraform-provider-azurerm @.> Cc: Pawel Zych @.>; Author @.> Subject: Re: [hashicorp/terraform-provider-azurerm] azurerm_windows_web_app resets java stack settings (Issue #22855)

Adding some information here that might help for this issue. I did some tests directly with the REST API for web Apps and I was able to find that whenever there is a request to the endpoint PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}?api-version=2022-03-01 https://management.azure.com/subscriptions/%7BsubscriptionId%7D/resourceGroups/%7BresourceGroupName%7D/providers/Microsoft.Web/sites/%7Bname%7D?api-version=2022-03-01

and the properties passed don't include [image]https://user-images.githubusercontent.com/80255927/266383354-81b5fe0c-b148-43af-8efe-a887751998f8.png And the property [image]https://user-images.githubusercontent.com/80255927/266383519-663832ff-fa44-4477-87c9-90b2edcd9343.png is also not included the values of the javaContainer, javaContainerVersion, javaVersion are kept. On the other hand every time that javaContainer, javaContainerVersion, javaVersion is not passed to the payload and use32BitWorkerProcess is passed, independent if is true or false, the javaContainer, javaContainerVersion, javaVersion will be reset to null on the config/web.

My suggestion that might fix this is to, whenever you have use32BitWorkerProcess in the body of that request, you should also include the value of the javaContainer, javaContainerVersion, javaVersion Just keep in mind that the value of these 3 properties will not be visible on the web/sites but instead it will be on the config/web, endpoint: GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/config/web?api-version=2022-03-01 https://management.azure.com/subscriptions/%7BsubscriptionId%7D/resourceGroups/%7BresourceGroupName%7D/providers/Microsoft.Web/sites/%7Bname%7D/config/web?api-version=2022-03-01

Hope this helps solve the issue.

Link to the REST API docs: https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/create-or-update https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/get-configuration

— Reply to this email directly, view it on GitHubhttps://github.com/hashicorp/terraform-provider-azurerm/issues/22855#issuecomment-1710470926, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AS4OJFHU2KCW3K7OBHABXRLXZH2G3ANCNFSM6AAAAAA3H7THHE. You are receiving this because you authored the thread.Message ID: @.***>

hribeiro-msft commented 12 months ago

I am adding the repro code and steps for reproduce this issue to help the azurerm team to investigate:

1) Deploy this code with terraform apply

` terraform {

required_version = ">=0.12"

required_providers { azurerm = { source = "hashicorp/azurerm" version = "~>3.24" } } }

provider "azurerm" { features {} }

resource "azurerm_resource_group" "HSR-WebApp-0" { location = "eastus" name = "HSR-WebApp-01" } resource "azurerm_service_plan" "HSR-WebApp-1" { location = "eastus" name = "HSR-ASP-B1" os_type = "Windows" resource_group_name = azurerm_resource_group.HSR-WebApp-0.name sku_name = "B1" tags = { displayName = "HostingPlan" } depends_on = [ azurerm_resource_group.HSR-WebApp-0, ] }

resource "azurerm_windows_web_app" "HSR-WebApp-3" { client_affinity_enabled = true https_only = true location = azurerm_service_plan.HSR-WebApp-1.location name = "HSR-JavaTomcat-B1" resource_group_name = azurerm_resource_group.HSR-WebApp-0.name service_plan_id = azurerm_service_plan.HSR-WebApp-1.id

site_config { ftps_state = "FtpsOnly" http2_enabled = true application_stack { current_stack = "java" java_version = "17.0.2" tomcat_version = "9.0.62" java_embedded_server_enabled = null } }

depends_on = [ azurerm_service_plan.HSR-WebApp-1, ] }

`

2) check the stack on the config, you should see something like: "javaVersion": "17.0.2", "javaContainer": "TOMCAT", "javaContainerVersion": "9.0.62",

3)Change one property for instance http2_enabled = false and run terraform apply again.

4) check the stack on the config, you should see something like: "javaVersion": null, "javaContainer": null, "javaContainerVersion": null,

hribeiro-msft commented 11 months ago

@xiaxyi let us know if something can be done about this from azurerm side. Thank you

garoplin commented 6 months ago

@xiaxyi, is there any update on this?

garoplin commented 4 months ago

@xiaxyi, following up on that

hashicorp / terraform-provider-azurerm