search

hashicorp / terraform-provider-azurerm

Terraform provider for Azure Resource Manager
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Mozilla Public License 2.0
4.51k stars 4.6k forks source link

Issue destroying azure cdn frontdoor domain association #22924

Open chiranjeevivarma3 opened 1 year ago

chiranjeevivarma3 commented 1 year ago

Is there an existing issue for this?

Community Note

Terraform Version

1.4.6

AzureRM Provider Version

3.58.0

Affected Resource(s)/Data Source(s)

azurerm_cdn_frontdoor_custom_domain_association

Terraform Configuration Files

Here is my terraform configuratiom

## Creating a default route for my custom domain
`
resource "azurerm_cdn_frontdoor_route" "route" {
  name                          = "${var.target_name}-cdn-route"
  cdn_frontdoor_endpoint_id     = azurerm_cdn_frontdoor_endpoint.endpoint[0].id
  cdn_frontdoor_origin_group_id = azurerm_cdn_frontdoor_origin_group.origin_group[0].id
  cdn_frontdoor_origin_ids      = [azurerm_cdn_frontdoor_origin.origin[0].id]
  enabled                       = true

  forwarding_protocol    = "MatchRequest"
  https_redirect_enabled = true
  patterns_to_match      = ["/*"]
  supported_protocols    = ["Http", "Https"]

  cdn_frontdoor_custom_domain_ids = [azurerm_cdn_frontdoor_custom_domain.custom_domain[0].id]
  link_to_default_domain          = false
  }
}

resource "azurerm_cdn_frontdoor_custom_domain_association" "custom_domain_association" {
  count                          = var.afd_enabled
  cdn_frontdoor_custom_domain_id = azurerm_cdn_frontdoor_custom_domain.custom_domain[0].id
  cdn_frontdoor_route_ids        = [azurerm_cdn_frontdoor_route.route[0].id]
}

## Creating an additional route for my additional custom domain
resource "azurerm_cdn_frontdoor_route" "route_additionaldomains" {
  for_each                      = var.afd_enabled == "1" ? toset(local.additionalDomains) : toset([])
  name                          = "${replace(each.key, ".", "-")}-cdn-route"
  cdn_frontdoor_endpoint_id     = azurerm_cdn_frontdoor_endpoint.endpoint[0].id
  cdn_frontdoor_origin_group_id = azurerm_cdn_frontdoor_origin_group.origin_group[0].id
  cdn_frontdoor_origin_ids      = [azurerm_cdn_frontdoor_origin.origin[0].id]
  enabled                       = true

  forwarding_protocol    = "MatchRequest"
  https_redirect_enabled = true
  patterns_to_match      = ["/*"]
  supported_protocols    = ["Http", "Https"]

  cdn_frontdoor_custom_domain_ids = [azurerm_cdn_frontdoor_custom_domain.custom_domain_additionaldomains[each.key].id]
  link_to_default_domain          = false
}

resource "azurerm_cdn_frontdoor_custom_domain_association" "custom_domain_association_additionalDomains" {
  for_each                       = var.afd_enabled == "1" ? toset(local.additionalDomains) : toset([])
  cdn_frontdoor_custom_domain_id = azurerm_cdn_frontdoor_custom_domain.custom_domain_additionaldomains[each.key].id
  cdn_frontdoor_route_ids        = [azurerm_cdn_frontdoor_route.route_additionaldomains[each.key].id]
}


### Debug Output/Panic Output

```shell
`
Error: deleting Front Door Custom Domain Association: (Association Name "wildcard-mcvr-span2-example-app" / Profile Name "mcvr-span-cdn" / Resource Group "mcvr-span-rg"): Front Door Custom Domain: (Custom Domain Name "wildcard-mcvr-span2-example-app" / Profile Name "mcvr-span-cdn" / Resource Group "mcvr-span-rg"): updating the association with Front Door Route: (Route Name "mcvr-span2-example-app-cdn-route" / Afd Endpoint Name "mcvr-span-cdn-ep" / Profile Name "mcvr-span-cdn" / Resource Group "mcvr-span-rg"): cdn.RoutesClient#Update: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest" Message="The route domains, paths and protocols configuration has a conflict. More information: Domain: mcvr-span-cdn-ep, Path pattern: /*, Protocol: Https cannot be added to Route mcvr-span2-example-app-cdn-route as this combination already exists in Endpoint mcvr-span-cdn-ep, Route mcvr-span-cdn-route.."

### Actual Behaviour

while destroying Front Door Custom Domain Association resource its trying to update the route properties and pointing to the default domain (xxx-hnecbxbxaucnhhc9.z01.azurefd.net) whose default route properties are the same. This led to the above issue.
WodansSon commented 1 year ago

@chiranjeevivarma3, thank you for opening this issue, but this appears to be a configuration issue where both of the patterns_to_match in the azurerm_cdn_frontdoor_route resources are a wildcard (e.g., /*)?

The azurerm_cdn_frontdoor_domain_association resource is named poorly, it is actually a disassociation resource in reality. This was done to facilitate a single apply/destroy within terraform without having conflicts during the destruction of the resources. The association resource, once it has removed the final custom domain that is associated with the route, will enable the link to default domain, since that is required by Frontdoor for all Frontdoor routes. I believe the only way around this currently is to change the patterns_to_match in your default domain to be unique.

logamanig commented 1 year ago

Hi @WodansSon , A route cannot be reused and can be assigned to only one Origin Group. How can we use same patterns_to_match values across origin groups?

chiranjeevivarma3 commented 1 year ago

@WodansSon Thanks for responding back.

Based on your comment, what I understand is that it's not a configuration issue; rather, it's a workaround to facilitate the destruction with Terraform. We previously used the same configuration with classic Terraform resources, and it was working fine.

It would be beneficial to have a workaround for a clean destroy since we don't encounter any issues with creation.

dkopec commented 3 months ago

I am encountering this same issue however it looks to been any further work on this @WodansSon?

The behavior seems to be transitory in nature as after 2 runs failing the third goes through.

First runs errors:

Error: deleting Front Door Custom Domain Association: (Association Name "fdcd-project-startup-apidev205-aeiengdev-tools" / Profile Name "afd-core-cd-dev-cus-f4f8" / Resource Group "rg-core-cd-dev-cus"): Front Door Custom Domain: (Custom Domain Name "fdcd-project-startup-apidev205-aeiengdev-tools" / Profile Name "afd-core-cd-dev-cus-f4f8" / Resource Group "rg-core-cd-dev-cus"): waiting to update the association with Front Door Route: (Route Name "fdr-cd-project-startup-dev205-cus" / Afd Endpoint Name "fde-hosts" / Profile Name "afd-core-cd-dev-cus-f4f8" / Resource Group "rg-core-cd-dev-cus"): Code="BadRequest" Message="Hostname: fde-hosts-f5eefnafd8hfhffb.a01.azurefd.net, Path pattern: /*, Protocol: Https cannot be added to Route fdr-cd-project-startup-dev205-cus as this combination already exists in Endpoint fde-hosts-f5eefnafd8hfhffb.a01.azurefd.net, Route fdr-cd-designhub-dev205-cus."

Error: deleting Front Door Custom Domain Association: (Association Name "fdcd-designhubdev205-aeiengdev-tools" / Profile Name "afd-core-cd-dev-cus-f4f8" / Resource Group "rg-core-cd-dev-cus"): Front Door Custom Domain: (Custom Domain Name "fdcd-designhubdev205-aeiengdev-tools" / Profile Name "afd-core-cd-dev-cus-f4f8" / Resource Group "rg-core-cd-dev-cus"): updating the association with Front Door Route: (Route Name "fdr-site-cd-designhub-dev205-cus" / Afd Endpoint Name "fde-clients" / Profile Name "afd-core-cd-dev-cus-f4f8" / Resource Group "rg-core-cd-dev-cus"): cdn.RoutesClient#Update: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest" Message="The route domains, paths and protocols configuration has a conflict. More information: Hostname: fde-clients-gudwhjgzbqaqacfn.a01.azurefd.net, Path pattern: /*, Protocol: Https cannot be added to Route fdr-site-cd-designhub-dev205-cus as this combination already exists in Endpoint fde-clients-gudwhjgzbqaqacfn.a01.azurefd.net, Route fdr-site-cd-project-startup-dev205-cus.."

Error: deleting Front Door Custom Domain Association: (Association Name "fdcd-permissionsdev205-aeiengdev-tools" / Profile Name "afd-core-cd-dev-cus-f4f8" / Resource Group "rg-core-cd-dev-cus"): Front Door Custom Domain: (Custom Domain Name "fdcd-permissionsdev205-aeiengdev-tools" / Profile Name "afd-core-cd-dev-cus-f4f8" / Resource Group "rg-core-cd-dev-cus"): updating the association with Front Door Route: (Route Name "fdr-site-cd-permissions-dev205-cus" / Afd Endpoint Name "fde-clients" / Profile Name "afd-core-cd-dev-cus-f4f8" / Resource Group "rg-core-cd-dev-cus"): cdn.RoutesClient#Update: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest" Message="The route domains, paths and protocols configuration has a conflict. More information: Hostname: fde-clients-gudwhjgzbqaqacfn.a01.azurefd.net, Path pattern: /*, Protocol: Https cannot be added to Route fdr-site-cd-permissions-dev205-cus as this combination already exists in Endpoint fde-clients-gudwhjgzbqaqacfn.a01.azurefd.net, Route fdr-site-cd-project-startup-dev205-cus.."

Error: deleting Front Door Custom Domain Association: (Association Name "fdcd-designhub-apidev205-aeiengdev-tools" / Profile Name "afd-core-cd-dev-cus-f4f8" / Resource Group "rg-core-cd-dev-cus"): Front Door Custom Domain: (Custom Domain Name "fdcd-designhub-apidev205-aeiengdev-tools" / Profile Name "afd-core-cd-dev-cus-f4f8" / Resource Group "rg-core-cd-dev-cus"): waiting to update the association with Front Door Route: (Route Name "fdr-cd-designhub-dev205-cus" / Afd Endpoint Name "fde-hosts" / Profile Name "afd-core-cd-dev-cus-f4f8" / Resource Group "rg-core-cd-dev-cus"): Code="BadRequest" Message="Hostname: fde-hosts-f5eefnafd8hfhffb.a01.azurefd.net, Path pattern: /*, Protocol: Https cannot be added to Route fdr-cd-designhub-dev205-cus as this combination already exists in Endpoint fde-hosts-f5eefnafd8hfhffb.a01.azurefd.net, Route fdr-cd-project-startup-dev205-cus."

second:

Error: deleting Front Door Custom Domain Association: (Association Name "fdcd-designhubdev205-aeiengdev-tools" / Profile Name "afd-core-cd-dev-cus-f4f8" / Resource Group "rg-core-cd-dev-cus"): Front Door Custom Domain: (Custom Domain Name "fdcd-designhubdev205-aeiengdev-tools" / Profile Name "afd-core-cd-dev-cus-f4f8" / Resource Group "rg-core-cd-dev-cus"): waiting to update the association with Front Door Route: (Route Name "fdr-site-cd-designhub-dev205-cus" / Afd Endpoint Name "fde-clients" / Profile Name "afd-core-cd-dev-cus-f4f8" / Resource Group "rg-core-cd-dev-cus"): Code="BadRequest" Message="Hostname: fde-clients-gudwhjgzbqaqacfn.a01.azurefd.net, Path pattern: /*, Protocol: Https cannot be added to Route fdr-site-cd-designhub-dev205-cus as this combination already exists in Endpoint fde-clients-gudwhjgzbqaqacfn.a01.azurefd.net, Route fdr-site-cd-permissions-dev205-cus."

Error: deleting Front Door Custom Domain Association: (Association Name "fdcd-permissionsdev205-aeiengdev-tools" / Profile Name "afd-core-cd-dev-cus-f4f8" / Resource Group "rg-core-cd-dev-cus"): Front Door Custom Domain: (Custom Domain Name "fdcd-permissionsdev205-aeiengdev-tools" / Profile Name "afd-core-cd-dev-cus-f4f8" / Resource Group "rg-core-cd-dev-cus"): waiting to update the association with Front Door Route: (Route Name "fdr-site-cd-permissions-dev205-cus" / Afd Endpoint Name "fde-clients" / Profile Name "afd-core-cd-dev-cus-f4f8" / Resource Group "rg-core-cd-dev-cus"): Code="BadRequest" Message="Hostname: fde-clients-gudwhjgzbqaqacfn.a01.azurefd.net, Path pattern: /*, Protocol: Https cannot be added to Route fdr-site-cd-permissions-dev205-cus as this combination already exists in Endpoint fde-clients-gudwhjgzbqaqacfn.a01.azurefd.net, Route fdr-site-cd-designhub-dev205-cus."

Third is green.

Is this a order of operations type situation? We cannot use a alternative path pattern for this project.

BernhardRode commented 1 month ago

Same issue here.