Closed dossy closed 4 years ago
Was just gonna do this my self but with data objects.
From the portal it looks like it points to the endpoint and not the profile. What happens if you target the endpoint.id instead?
Also cnd_endpoint doesn't have a data source.
From the portal it looks like it points to the endpoint and not the profile. What happens if you target the endpoint.id instead?
While it "works" if you target the endpoint.id in that it doesn't throw an error, it doesn't trigger the creation of the cdnverify
CNAME record and otherwise doesn't seem to be doing the correct thing, and when you edit it in the Azure portal, the drop-down shows nothing selected, the CDN resource isn't selected.
When you select the CDN target manually in the Azure portal, then terraform import
it, the ID that's targeted is the ID of the CDN profile, not the CDN endpoint.
Hi @dossy
You need to explicitly create the azurerm_dns_cname_record
in Terraform. Speaking of the drop-down list of the A record (created via Terrafrom), it is just a visual issue of Portal, the CDN endpoint is indeed set to the A record, which you can verify by calling the API.
I have verified that the target_id
of a DNS A record is the ID of CDN endpoint. Would you please double check on your side? If this is still the case, then could you provide the terraform log so that we can further investigate?
@magodo, thanks for asking.
So, I selected the CDN resource in the Azure portal, then used Azure CLI to fetch the record with something like this:
$ az network dns record-set a show --resource-group REDACTED --zone-name domain.test --name @
And, the targetResource.id
in the response does point to the endpoint ID, not the CDN profile.
In Terraform, I define a resource azurerm_dns_a_record.apex
and use terraform import
to import the record from Azure.
At this point, there should be nothing to do, because the resource in Azure which was imported should mostly match the resource in TF. But, instead, when I terraform apply
I get this:
Terraform will perform the following actions:
# azurerm_dns_a_record.apex[0] will be updated in-place
~ resource "azurerm_dns_a_record" "apex" {
fqdn = "domain.test."
id = "/subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.Network/dnszones/domain.test/A/@"
name = "@"
records = []
resource_group_name = "REDACTED"
~ tags = {
+ "brand" = "REDACTED"
+ "environment" = "REDACTED"
}
~ target_resource_id = "/subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.Cdn/profiles/cdn/endpoints/cdn-endpoint" -> "/subscriptions/REDACTED/resourcegroups/REDACTED/providers/Microsoft.Cdn/profiles/cdn/endpoints/cdn-endpoint"
ttl = 300
zone_name = "domain.test"
timeouts {}
}
Plan: 0 to add, 1 to change, 0 to destroy.
So, the updated tags
I expect, but the target_resource_id
? What's interesting is they are identical strings except for one character: the lowercase g
in resourcegroups
vs. resourceGroups
.
In my TF configuration, I'm using target_resource_id = azurerm_cdn_endpoint.cdn-endpoint.id
which is a resource defined in the same configuration.
Where'd that lowercase g
come from?
@dossy where there a lower g in the inport? what does terraform state list say?
If Yes try terraform state rm and import with upper case g to see if there is a difference
Hi @dossy Thank you for providing the details!
Besides the g
, at least the ID is a endpoint ID :smile: The g
here is because some service will modify the case of some key word of ID (e.g. the resourceGroups
here), while they shouldn't. I can submit a PR to relax the casing for the target_resource_id
so that you will get this diff.
@tehho - The issue isn't with what's terraform import
'ed. The issue is the id
output from azurerm_cdn_endpoint
has resourcegroups
instead of resourceGroups
- not sure why this is happening, though.
@magodo in which case can we ensure the ID coming back from the CDN Endpoint resource is patched to the expected format (as we do for FrontDoor) - for users Resource ID's should be consistent/reliable where possible
This has been released in version 2.26.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:
provider "azurerm" {
version = "~> 2.26.0"
}
# ... other configuration ...
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!
Community Note
Terraform (and AzureRM Provider) Version
Affected Resource(s)
azurerm_dns_a_record
azurerm_cdn_profile
azurerm_cdn_endpoint
Terraform Configuration Files
Debug Output
(I cannot provide the entire log, but I've redacted names and IDs from the relevant portion of the log. Click to expand.)
``` 2020/08/20 16:34:46 [DEBUG] azurerm_dns_a_record.apex[0]: applying the planned Create change 2020/08/20 16:34:46 [TRACE] GRPCProvider: ApplyResourceChange 2020-08-20T16:34:46.861-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: [DEBUG] AzureRM Request: 2020-08-20T16:34:46.861-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: GET /subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.Network/dnsZones/domain.test/A/@?api-version=2018-05-01 HTTP/1.1 2020-08-20T16:34:46.861-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: Host: management.azure.com 2020-08-20T16:34:46.861-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: User-Agent: Go/go1.14.5 (amd64-darwin) go-autorest/v14.0.0 Azure-SDK-For-Go/v44.2.0 dns/2018-05-01 HashiCorp Terraform/0.12.29 (+https://www.terraform.io) Terraform Plugin SDK/1.13.1 terraform-provider-azurerm/2.24.0 pid-222c6c49-1b0a-5959-a213-6608f9eb8820 2020-08-20T16:34:46.861-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: X-Ms-Correlation-Request-Id: REDACTED 2020-08-20T16:34:46.861-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: Accept-Encoding: gzip 2020-08-20T16:34:46.861-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: 2020-08-20T16:34:46.861-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: 2020-08-20T16:34:47.196-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: [DEBUG] AzureRM Response for https://management.azure.com/subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.Network/dnsZones/domain.test/A/@?api-version=2018-05-01: 2020-08-20T16:34:47.196-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: HTTP/2.0 404 Not Found 2020-08-20T16:34:47.196-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: Content-Length: 170 2020-08-20T16:34:47.196-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: Cache-Control: private 2020-08-20T16:34:47.196-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: Content-Type: application/json; charset=utf-8 2020-08-20T16:34:47.196-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: Date: Thu, 20 Aug 2020 20:34:46 GMT 2020-08-20T16:34:47.196-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: Server: Microsoft-IIS/10.0 2020-08-20T16:34:47.196-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: Strict-Transport-Security: max-age=31536000; includeSubDomains 2020-08-20T16:34:47.196-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: X-Content-Type-Options: nosniff 2020-08-20T16:34:47.196-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: X-Ms-Correlation-Request-Id: REDACTED 2020-08-20T16:34:47.196-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: X-Ms-Ratelimit-Remaining-Subscription-Resource-Requests: 499 2020-08-20T16:34:47.196-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: X-Ms-Request-Id: REDACTED 2020-08-20T16:34:47.196-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: X-Ms-Routing-Request-Id: REDACTED 2020-08-20T16:34:47.196-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: X-Powered-By: ASP.NET 2020-08-20T16:34:47.196-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: 2020-08-20T16:34:47.196-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: {"code":"NotFound","message":"The resource record '@' does not exist in resource group 'REDACTED' of subscription 'REDACTED'."} 2020-08-20T16:34:47.197-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: [DEBUG] AzureRM Request: 2020-08-20T16:34:47.197-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: PUT /subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.Network/dnsZones/domain.test/A/@?api-version=2018-05-01 HTTP/1.1 2020-08-20T16:34:47.197-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: Host: management.azure.com 2020-08-20T16:34:47.197-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: User-Agent: Go/go1.14.5 (amd64-darwin) go-autorest/v14.0.0 Azure-SDK-For-Go/v44.2.0 dns/2018-05-01 HashiCorp Terraform/0.12.29 (+https://www.terraform.io) Terraform Plugin SDK/1.13.1 terraform-provider-azurerm/2.24.0 pid-222c6c49-1b0a-5959-a213-6608f9eb8820 2020-08-20T16:34:47.197-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: Content-Length: 254 2020-08-20T16:34:47.197-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: Content-Type: application/json; charset=utf-8 2020-08-20T16:34:47.197-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: X-Ms-Correlation-Request-Id: REDACTED 2020-08-20T16:34:47.197-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: Accept-Encoding: gzip 2020-08-20T16:34:47.197-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: 2020-08-20T16:34:47.197-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: {"properties":{"ARecords":[],"TTL":300,"metadata":{"brand":"BB","environment":"production"},"targetResource":{"id":"/subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.Cdn/profiles/cdn"}}} 2020-08-20T16:34:47.636-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: [DEBUG] AzureRM Response for https://management.azure.com/subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.Network/dnsZones/domain.test/A/@?api-version=2018-05-01: 2020-08-20T16:34:47.636-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: HTTP/2.0 400 Bad Request 2020-08-20T16:34:47.636-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: Content-Length: 250 2020-08-20T16:34:47.636-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: Cache-Control: private 2020-08-20T16:34:47.636-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: Content-Type: application/json; charset=utf-8 2020-08-20T16:34:47.636-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: Date: Thu, 20 Aug 2020 20:34:47 GMT 2020-08-20T16:34:47.636-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: Server: Microsoft-IIS/10.0 2020-08-20T16:34:47.636-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: Strict-Transport-Security: max-age=31536000; includeSubDomains 2020-08-20T16:34:47.636-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: X-Content-Type-Options: nosniff 2020-08-20T16:34:47.636-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: X-Ms-Correlation-Request-Id: REDACTED 2020-08-20T16:34:47.636-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: X-Ms-Ratelimit-Remaining-Subscription-Resource-Requests: 11998 2020-08-20T16:34:47.636-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: X-Ms-Request-Id: REDACTED 2020-08-20T16:34:47.636-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: X-Ms-Routing-Request-Id: REDACTED 2020-08-20T16:34:47.636-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: X-Powered-By: ASP.NET 2020-08-20T16:34:47.636-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: 2020-08-20T16:34:47.636-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.24.0_x5: {"code":"BadRequest","message":"Reference records are not supported for resource '\/subscriptions\/REDACTED\/resourceGroups\/REDACTED\/providers\/Microsoft.Cdn\/profiles\/cdn from no visitor picked'"} 2020/08/20 16:34:47 [DEBUG] azurerm_dns_a_record.apex[0]: apply errored, but we're indicating that via the Error pointer rather than returning it: Error creating/updating DNS A Record "@" (Zone "domain.test" / Resource Group "REDACTED"): dns.RecordSetsClient#CreateOrUpdate: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="BadRequest" Message="Reference records are not supported for resource '/subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.Cdn/profiles/cdn from no visitor picked'" 2020/08/20 16:34:47 [TRACE]Panic Output
N/A
Expected Behavior
The apex record
@
should have been created in the Azure DNS zone, as an alias resource pointing at the Azure CDN profilecdn
.Actual Behavior
Steps to Reproduce
terraform apply
Important Factoids
N/A
References
N/A