Context deadline exceeded error during Frontdoor deployment in Azure using Terraform

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.9.5

AzureRM Provider Version

4.0.1

Affected Resource(s)/Data Source(s)

azurerm_frontdoor

Terraform Configuration Files

resource "azurerm_frontdoor" "shared" {
  name                = azurerm_resource_group.shared.name
  resource_group_name = azurerm_resource_group.shared.name

  dynamic "routing_rule" {
    for_each = var.region_env
    content {
      name               = routing_rule.key
      accepted_protocols = ["Https"]
      patterns_to_match  = ["/*"]
      frontend_endpoints = concat([for c in var.region_env[routing_rule.key]["pool1"] : split(":", c)[0]], [for c in var.region_env[routing_rule.key]["pool2"] : split(":", c)[0]]) 
      forwarding_configuration {
        backend_pool_name = routing_rule.key
      }
    }
  }

  routing_rule {
    name               = "Http2Https"
    accepted_protocols = ["Http"]
    patterns_to_match  = ["/*"]
    frontend_endpoints = local.customer_frontdoor
    redirect_configuration {
      redirect_protocol = "HttpsOnly"
      redirect_type     = "PermanentRedirect"
    }
  }

  backend_pool_load_balancing {
    name = "sharedLoadBalancingSettings"
  }

  backend_pool_health_probe {
    name                = "sharedHealthProbeSetting"
    protocol            = "Https"
    probe_method        = "HEAD"
    interval_in_seconds = 30
  }

  dynamic "backend_pool" {
    for_each = var.region_env
    content {
      name = backend_pool.key
      backend {
        host_header = "" 
        address     = "example-${backend_pool.key}.trafficmanager.net"  # Placeholder for backend address
        http_port   = 80
        https_port  = 443
      }
      load_balancing_name = "sharedLoadBalancingSettings"
      health_probe_name   = "sharedHealthProbeSetting"
    }
  }

  backend_pool_settings {
    enforce_backend_pools_certificate_name_check = false
    backend_pools_send_receive_timeout_seconds   = 240
  }

  frontend_endpoint {
    name                                    = azurerm_resource_group.shared.name
    host_name                               = "${azurerm_resource_group.shared.name}.azurefd.net"  # Placeholder for frontend endpoint
    web_application_firewall_policy_link_id = azurerm_frontdoor_firewall_policy.shared.id
  }

  dynamic "frontend_endpoint" {
    for_each = toset(local.customer_frontdoor)
    content {
      name                                    = split(":", frontend_endpoint.key)[0]
      host_name                               = "${split(":", frontend_endpoint.key)[0]}.example.net"  # Placeholder for host name
      web_application_firewall_policy_link_id = azurerm_frontdoor_firewall_policy.shared.id
    }
  }
  tags = var.tag
  depends_on = [
    azurerm_resource_group.shared, azurerm_key_vault.shared, azurerm_frontdoor_firewall_policy.shared, azurerm_dns_cname_record.shared,
  ]
}

resource "azurerm_frontdoor_custom_https_configuration" "shared" {
  for_each                          = toset(local.customer_frontdoor)
  frontend_endpoint_id              = "${var.frontend_id}/${each.key}"
  custom_https_provisioning_enabled = true
  custom_https_configuration {
    certificate_source                      = "AzureKeyVault"
    azure_key_vault_certificate_secret_name = "example-certificate"  # Placeholder for certificate name
    azure_key_vault_certificate_vault_id    = azurerm_key_vault.shared.id
  }
  depends_on = [
    azurerm_frontdoor.shared, azurerm_dns_cname_record.shared,
  ]
}

resource "azurerm_frontdoor_firewall_policy" "shared" {
  name                              = replace(azurerm_resource_group.shared.name, "-", "")
  resource_group_name               = azurerm_resource_group.shared.name
  enabled                           = true
  mode                              = "Detection"
  custom_block_response_status_code = 403
  managed_rule {
    type    = "DefaultRuleSet"
    version = "1.0"
  }
  managed_rule {
    type    = "Microsoft_BotManagerRuleSet"
    version = "1.0"
  }
  tags = var.tag
  depends_on = [
    azurerm_resource_group.shared,
  ]
}

Debug Output/Panic Output

2024-09-23T21:14:38.842+0200 [DEBUG] provider.terraform-provider-azurerm_v4.0.1_x5: [DEBUG] AzureRM Response Error: Get "https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Network/frontDoors/{front-door-name}/frontendEndpoints/{frontend-endpoint-name}?api-version=2020-05-01": context deadline exceeded for https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Network/frontDoors/{front-door-name}/frontendEndpoints/{frontend-endpoint-name}?api-version=2020-05-01
2024-09-23T21:14:38.850+0200 [ERROR] provider.terraform-provider-azurerm_v4.0.1_x5: Response contains error diagnostic: tf_req_id=be1d8515-25cf-964b-5417-2b90aa3975aa tf_resource_type=azurerm_frontdoor tf_rpc=ReadResource @caller=github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov5/internal/diag/diagnostics.go:58 diagnostic_severity=ERROR diagnostic_detail="" diagnostic_summary="retrieving FrontEnd Endpoint Information: retrieving Custom HTTPS Configuration for Frontend Endpoint \"{frontend-endpoint-name}\" (FrontDoor \"{front-door-name}\" / Resource Group \"{resource-group}\"): frontdoors.FrontDoorsClient#FrontendEndpointsGet: Failure sending request: StatusCode=0 -- Original Error: context deadline exceeded" tf_proto_version=5.6 tf_provider_addr=registry.terraform.io/hashicorp/azurerm @module=sdk.proto timestamp="2024-09-23T21:14:38.850+0200"
2024-09-23T21:14:38.851+0200 [ERROR] vertex "azurerm_frontdoor.shared" error: retrieving FrontEnd Endpoint Information: retrieving Custom HTTPS Configuration for Frontend Endpoint "{frontend-endpoint-name}" (FrontDoor "{front-door-name}" / Resource Group "{resource-group}"): frontdoors.FrontDoorsClient#FrontendEndpointsGet: Failure sending request: StatusCode=0 -- Original Error: context deadline exceeded
2024-09-23T21:14:38.851+0200 [ERROR] vertex "azurerm_frontdoor.shared (expand)" error: retrieving FrontEnd Endpoint Information: retrieving Custom HTTPS Configuration for Frontend Endpoint "{frontend-endpoint-name}" (FrontDoor "{front-door-name}" / Resource Group "{resource-group}"): frontdoors.FrontDoorsClient#FrontendEndpointsGet: Failure sending request: StatusCode=0 -- Original Error: context deadline exceeded
2024-09-23T21:14:41.310+0200 [WARN]  Planning encountered errors, so plan is not applyable

Expected Behaviour

Terraform should consistently retrieve the FrontEnd Endpoint Information for the Azure FrontDoor resource without encountering a context deadline exceeded error. The plan and apply operations should complete successfully across all endpoints without intermittent failures.

Actual Behaviour

Terraform encountered a context deadline exceeded error while attempting to retrieve the FrontEnd Endpoint Information for the Azure FrontDoor resource. This caused the Terraform plan/apply to fail during the process. Notably, this error does not occur consistently—sometimes the process succeeds, but it fails more frequently. Additionally, each time the error occurs, it reports a different endpoint as the source of failure.

Steps to Reproduce

No response

Important Factoids

No response

References

No response

hashicorp / terraform-provider-azurerm