Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_linux_function_app doesn't recreate when service_plan_id changes #27798

Open
1 task done
dvasdekis opened this issue Oct 29, 2024 · 0 comments
Open
1 task done

Comments

@dvasdekis
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.9.8

AzureRM Provider Version

4.7.0

Affected Resource(s)/Data Source(s)

azurerm_linux_function_app

Terraform Configuration Files

# Create AzureRM Service Plan (needed to 'host' function app)
resource "azurerm_service_plan" "linuxasp-1" {
  name                = "myplan1"
  resource_group_name = "myRG"
  location            = "australiaeast"
  os_type             = "Linux"
  sku_name            = "EP1"
}

# Create another one
resource "azurerm_service_plan" "linuxasp-2" {
  name                = "myplan2"
  resource_group_name = "myRG"
  location            = "australiaeast"
  os_type             = "Linux"
  sku_name            = "EP1"
}

# Create a storage account - needed to hold Function app data
resource "azurerm_storage_account" "func_lake" {
  name                            = "myacct"
  resource_group_name             = "myRG"
  location                        = "australiaeast"
  account_tier                    = "Standard"
  allow_nested_items_to_be_public = false # Was allow_blob_public_access
  account_replication_type        = "LRS"
  account_kind                    = "StorageV2"
  is_hns_enabled                  = "true"
  access_tier                     = "Hot"
  min_tls_version                 = "TLS1_2"
  default_to_oauth_authentication = true
  public_network_access_enabled   = true
  # Must still be allowed for the function app to access the file storage (not blob storage)
  shared_access_key_enabled = true
}

# Working container for the function app
resource "azurerm_storage_data_lake_gen2_filesystem" "func_app_data" {
  name               = "funcapp-data"
  storage_account_id = azurerm_storage_account.func_lake.id
  lifecycle { prevent_destroy = false }
}

# Create a share for the function app 
resource "azurerm_storage_share" "fxapp-share" {
  name                 = "fxshare"
  quota                = 5000
}

# Create a function app
resource "azurerm_linux_function_app" "linuxfuncapp-c" {
  depends_on                    = [azurerm_storage_share.fxapp-share]
  name                          = "my-lfa"
  resource_group_name           = "myRG"
  location                      = "australiaeast"
  storage_account_name          = azurerm_storage_account.func_lake.name
  storage_account_access_key    = azurerm_storage_account.func_lake.primary_access_key
  # Issue occurs after first apply, when we change below from azurerm_service_plan.linuxasp-1.id to azurerm_service_plan.linuxasp-2.id
  service_plan_id               = azurerm_service_plan.linuxasp-1.id
  builtin_logging_enabled       = true
  identity { type = "SystemAssigned" }
 }

Debug Output/Panic Output

In plan we see:

# module.salifedlinuxfuncapp.azurerm_linux_function_app.linuxfuncapp-c will be updated in-place
~ resource "azurerm_linux_function_app" "linuxfuncapp-c" {
      id                                             = "/subscriptions/00000000-10a2-4d2e-bd00-000000000000/resourceGroups/rg-SharedSrvc-dev/providers/Microsoft.Web/sites/soils-lfa-datafed-dev"
      name                                           = "soils-lfa-datafed-dev"
    ~ service_plan_id                                = "/subscriptions/00000000-10a2-4d2e-bd00-000000000000/resourceGroups/rg-SharedSrvc-tst/providers/Microsoft.Web/serverFarms/sharedsrvc-lasp-main-tst" -> "/subscriptions/00000000-10a2-4d2e-bd00-000000000000/resourceGroups/rg-SharedSrvc-dev/providers/Microsoft.Web/serverFarms/sharedsrvc-lasp-main-dev"
      # (32 unchanged attributes hidden)
      # (3 unchanged blocks hidden)
  }

But upon apply we see:

│ Error: updating Linux App Service (Subscription: "00000000-10a2-4d2e-bd00-000000000000"
│ Resource Group Name: "myRG"
│ Site Name: "my-lfa"): performing CreateOrUpdate: unexpected status 409 (409 Conflict) with response: {"Code":"Conflict","Message":"Cannot change the site my-lfa to the App Service Plan myplan2 due to hosting constraints.","Target":null,"Details":[{"Message":"Cannot change the site my-lfa to the App Service Plan myplan2 due to hosting constraints."},{"Code":"Conflict"},{"ErrorEntity":{"ExtendedCode":"59602","MessageTemplate":"Cannot change the site {0} to the App Service Plan {1} due to hosting constraints.","Parameters":["my-lfa","myplan2"],"Code":"Conflict","Message":"Cannot change the site my-lfa to the App Service Plan myplan2 due to hosting constraints."}}],"Innererror":null}
│
│   with module.salifedlinuxfuncapp.azurerm_linux_function_app.linuxfuncapp-c[0],
│   on ..\..\patterns\components\function_app\resources.tf line 609, in resource "azurerm_linux_function_app" "linuxfuncapp-c":
│  609: resource "azurerm_linux_function_app" "linuxfuncapp-c" {
│
│ updating Linux App Service (Subscription:
│ "00000000-10a2-4d2e-bd00-000000000000"
│ Resource Group Name: "myRG"
│ Site Name: "my-lfa"): performing CreateOrUpdate: unexpected
│  609: resource "azurerm_linux_function_app" "linuxfuncapp-c" {
│
│ updating Linux App Service (Subscription:
│ "00000000-10a2-4d2e-bd00-000000000000"
│ Resource Group Name: "myRG"
│ Site Name: "my-lfa"): performing CreateOrUpdate: unexpected
│ updating Linux App Service (Subscription:
│ "00000000-10a2-4d2e-bd00-000000000000"
│ Resource Group Name: "myRG"
│ Site Name: "my-lfa"): performing CreateOrUpdate: unexpected
│ status 409 (409 Conflict) with response:
│ {"Code":"Conflict","Message":"Cannot change the site my-lfa
"00000000-10a2-4d2e-bd00-000000000000"
│ Resource Group Name: "myRG"
│ Site Name: "my-lfa"): performing CreateOrUpdate: unexpected
│ status 409 (409 Conflict) with response:
│ {"Code":"Conflict","Message":"Cannot change the site my-lfa
│ status 409 (409 Conflict) with response:
│ {"Code":"Conflict","Message":"Cannot change the site my-lfa
│ to the App Service Plan myplan2 due to hosting
│ constraints.","Target":null,"Details":[{"Message":"Cannot change the site
│ my-lfa to the App Service Plan myplan2 due
│ constraints.","Target":null,"Details":[{"Message":"Cannot change the site
│ my-lfa to the App Service Plan myplan2 due
│ to hosting
│ my-lfa to the App Service Plan myplan2 due
│ to hosting
│ to hosting
│ change the site {0} to the App Service Plan {1} due to hosting
│ constraints.","Parameters":["my-lfa","myplan2"],"Code":"Conflict","Message":"Cannot
│ change the site my-lfa to the App Service Plan
│ myplan2 due to hosting constraints."}}],"Innererror":null}
╵
time=2024-10-29T12:21:19+10:00 level=error msg=terraform invocation failed in C:/mydrive/infra/ error=[C:/mydrive/infra/] exit status 1
time=2024-10-29T12:21:19+10:00 level=error msg=1 error occurred:
        * [C:/mydrive/infra/] exit status 1

Expected Behaviour

Terraform should mark the linuxfuncapp-c resource as needing to be replaced (tainted?), followed by a delete and replace of the funcapp on plan & apply.

Actual Behaviour

Terraform instead tried to perform an API call to change the hosting plan of the funcapp, which was denied by Azure.

Steps to Reproduce

terraform apply, then change the funapp definiton to myplan2, then terraform apply again

Important Factoids

No response

References

With this new PR #27531
you are likely to see a lot of folk wanting to change their app service plan, which means many are likely to run into this issue when they first migrate to the flex consumption plan.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant