New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
azurerm_*_web_app_slot
,azurerm_*_web_app
- Remove unwanted app settings values during update
#25661
base: main
Are you sure you want to change the base?
Conversation
azurerm_*_web_app_slot
,azurerm_*_web_app
- Remove unwanted app settings valuesazurerm_*_web_app_slot
,azurerm_*_web_app
- Remove unwanted app settings values during update
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for splitting this out into a separate PR @Apokalypt.
Having done some digging on this, it appears that this behaviour you're trying to change is intended and changing it would introduce a regression.
Please see the original PR where this was added #19685
As well as these issues that were fixed by it #16302 #17546 #17123
Furthermore the tests that were added here don't appear to be highlighting any issues, e.g. I've copied and run them on main and they pass successfully without any diffs.
As far as I can tell, if health_check_eviction_time_in_min
isn't set in the user's config then all we're doing here is setting it to the APIs default value which means there shouldn't be any impact. Would you be able to provide some more detail on why this is causing issues for you?
Oh, you're right @stephybun . With this such code I've created a regression. I will check in few minutes if I can find a better approach. Regarding the problem, I'll try to be more precise. When my team tries to update the ip restrictions (or other value in the site config) of a web app (slot or not), they have observed that the web app restarts 2 times when using Terraform whereas it does not restart if they use the Azure interface. What's more, with Terraform, they found themselves with a new environment variable (WEBSITE_HEALTHCHECK_MAXPINGFAILURES) set to 0, even though they hadn't configured it on Terraform and health check was disabled on Azure... ExampleLet's imagine a web app without health check + without keys/values in app settings + with IP restrictions created using Terraform.
If we follow the code, here's what happens when we want to update an ip restriction (we have the same behavior with any value modified in the site config):
ConclusionWhen performing the above changes, the application should not restart and the key "WEBSITE_HEALTHCHECK_MAXPINGFAILURES" should not be set even to 0. Furthermore, when you do a Tests
I need to check how they works but it may be due to the fact that Web App is parsed and therefore the app settings is always removed (as shown in step 2 of the example)... Will give it another try 馃憤 |
I will wait for your answer @stephybun to know if you have any idea but also to make sure that this example help you to understand the problem (sorry to not have been clearer at the beginning) |
Appreciate the detail @Apokalypt. Whilst I'm not sure that setting From conversations with our SME on App Service, the way the @jackofallops mind taking a look at this one next week? |
I've just had two ideas about this property to solve the "bug". In my opinion, it would be interesting to implement both (I can do it in this PR) @stephybun 1st ProposalSet the value only if the "healthCheckPath" is provided since it's required to enable health check (cf documentation). Without this property, the environment variable is useless 2nd ProposalWouldn't it be interesting to add a control to allow only authorized values (between 2 and 10, cf documentation)? So, instead of always defining the environment variable, we could define it only when the value is valid. Since 0 is the default value in Go for an int64 when not manually defined, this would avoid setting a value when the user doesn't define it in his Terraform schema. |
Hi @Apokalypt - I'm going to be taking a look over this while @stephybun is looking into another piece of work. wrt to the 2nd proposal. We have a requirement in Terraform to use the values provided by user configuration and we need to be able to read those back or we will have a diff in the plan/post-apply as the config and state will not match if the value read back doesn't match what is in config, so we unfortunately cannot take this approach. I'm going to take a look into the code paths around this to see if I can find a route capable of removing the undesired outcomes without introducing any regression. I'll post here or submit a review as soon as I have anything. Thanks for your efforts so far and for your patience! |
Community Note
Description
During an update, app settings are sent two times :
CreateOrUpdate
UpdateApplicationSettings
The problem is that on the second call, the "WEBSITE_HEALTHCHECK_MAXPINGFAILURES" value is set, regardless of the user's terraform configuration.
In fact, if the user has configured
site_config.0.health_check_eviction_time_in_min
, the correct value will be set, but if it is not configured, the value 0 will be set (from memory, without warning in the plan).PR Checklist
Changes to existing Resource / Data Source
Testing
Change Log
azurerm_linux_web_app
- Don't set "WEBSITE_HEALTHCHECK_MAXPINGFAILURES" during update if it's not configured by the userazurerm_linux_web_app_slot
- Don't set "WEBSITE_HEALTHCHECK_MAXPINGFAILURES" during update if it's not configured by the userazurerm_windows_web_app
- Don't set "WEBSITE_HEALTHCHECK_MAXPINGFAILURES" during update if it's not configured by the userazurerm_windows_web_app_slot
- Don't set "WEBSITE_HEALTHCHECK_MAXPINGFAILURES" during update if it's not configured by the userThis is a (please select all that apply):
Related Issue(s)
None