Function App does Not Modify/manage WEBSITE_CONTENTAZUREFILECONNECTIONSTRING & WEBSITE_CONTENTSHARE with App plan or storage account switch

drdamour commented 3 years ago

If you switch your app plan from standard to dynamic for a function app the special logic for app config vars WEBSITE_CONTENTAZUREFILECONNECTIONSTRING & WEBSITE_CONTENTSHARE implemented as part of https://github.com/terraform-providers/terraform-provider-azurerm/issues/1453 doesn't seem to be accounted for.

additionally if you change the storage account for the function app such that it is recreated, the WEBSITE_CONTENTAZUREFILECONNECTIONSTRING does not get updated (but AzureWebJobsStorage seems to be updated)

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v0.12.29

provider.azuread v0.9.0
provider.azurerm v2.39.0
provider.null v2.1.2

Affected Resource(s)

azurerm_function_app

Terraform Configuration Files

resource "azurerm_resource_group" "example" {
  name     = "azure-functions-test-rg"
  location = "westus2"
}

resource "azurerm_storage_account" "example" {
  name                     = "functionsapptestsa"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

resource "azurerm_app_service_plan" "example" {
  name                = "azure-functions-test-service-plan"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  sku {
    tier = "Standard"
    size = "S1"
  }
}

resource "azurerm_function_app" "example" {
  name                       = "test-azure-functions"
  location                   = azurerm_resource_group.example.location
  resource_group_name        = azurerm_resource_group.example.name
  app_service_plan_id        = azurerm_app_service_plan.example.id
  storage_account_name       = azurerm_storage_account.example.name
  storage_account_access_key = azurerm_storage_account.example.primary_access_key
}

at first then switched it to

resource "azurerm_resource_group" "example" {
  name     = "azure-functions-test-rg"
  location = "westus2"
}

resource "azurerm_storage_account" "example" {
  name                     = "functionsapptestsa"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

resource "azurerm_app_service_plan" "example" {
  name                = "azure-functions-test-service-plan"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  sku {
    tier = "Dynamic"
    size = "Y1"
  }
}

resource "azurerm_function_app" "example" {
  name                       = "test-azure-functions"
  location                   = azurerm_resource_group.example.location
  resource_group_name        = azurerm_resource_group.example.name
  app_service_plan_id        = azurerm_app_service_plan.example.id
  storage_account_name       = azurerm_storage_account.example.name
  storage_account_access_key = azurerm_storage_account.example.primary_access_key
}

Debug Output

Panic Output

Expected Behaviour

Expect the WEBSITE_CONTENTAZUREFILECONNECTIONSTRING & WEBSITE_CONTENTSHARE app config settings to be created...or maybe the whole function app to be marked delete & Add needed

Actual Behaviour

WEBSITE_CONTENTAZUREFILECONNECTIONSTRING & WEBSITE_CONTENTSHARE are not created and you get a warning in azure portal about storage being misconfigured

Steps to Reproduce

terraform apply the initial with standard plan sku to create the function app
verify WEBSITE_CONTENTAZUREFILECONNECTIONSTRING & WEBSITE_CONTENTSHARE are not created
alter the tf to switch to the dyanmic sku
terraform apply the updated tf
only the service plan is changed and it's modified in place
verify service plan is now consumption
verify WEBSITE_CONTENTAZUREFILECONNECTIONSTRING & WEBSITE_CONTENTSHARE are still not created
destroy everything
terraform apply the updated tf notice that WEBSITE_CONTENTAZUREFILECONNECTIONSTRING & WEBSITE_CONTENTSHARE are now present

Important Factoids

These app configs are weird because they look up the chain of resources (from function app to it's app plan) to figure out if they should conditionally be applied. i'm guessing it's related to being modified in place so nothing knows the functino app is "tainted".

References

1453 - seems to be what originally implemented this

rcskosir commented 1 year ago

Thanks for opening this issue. This was a problem in the 2.x version of the provider which is no longer actively maintained. If this is still an issue with the 3.x version of the provider please do let us know by opening a new issue, thanks!

github-actions[bot] commented 6 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashicorp / terraform-provider-azurerm