Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Application Gateway redirect_configuration doesn't set "include_path" at all #6201

Closed
mharen opened this issue Mar 20, 2020 · 4 comments
Closed

Application Gateway redirect_configuration doesn't set "include_path" at all #6201

mharen opened this issue Mar 20, 2020 · 4 comments
Labels
enhancement service/application-gateway

Comments

@mharen
Copy link

mharen commented Mar 20, 2020

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

$ terraform -v
Terraform v0.12.21
+ provider.azurerm v2.2.0
+ provider.random v2.2.1

Affected Resource(s)

  • azurerm_application_gateway -> redirect_configuration

Terraform Configuration Files

provider "azurerm" {
  version                    = "=2.2.0"
  skip_provider_registration = true
  features {}
}

provider "random" {
  version = "=2.2.1"
}

resource "random_string" "suffix" {
  length  = 4
  lower   = true
  upper   = false
  number  = false
  special = false
}

resource "azurerm_resource_group" "example" {
  name     = "example-resources-${random_string.suffix.result}"
  location = "East US"
}

resource "azurerm_virtual_network" "example" {
  name                = "example-network-${random_string.suffix.result}"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  address_space       = ["10.254.0.0/16"]
}

resource "azurerm_subnet" "frontend" {
  name                 = "frontend"
  resource_group_name  = azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefix       = "10.254.0.0/24"
}

resource "azurerm_public_ip" "example" {
  name                = "example-pip"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  allocation_method   = "Dynamic"
  domain_name_label   = "example-${random_string.suffix.result}"
}

resource "azurerm_application_gateway" "example" {
  name                = "example-appgateway"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location

  sku {
    name     = "Standard_Small"
    tier     = "Standard"
    capacity = 1
  }

  gateway_ip_configuration {
    name      = "my-gateway-ip-configuration"
    subnet_id = azurerm_subnet.frontend.id
  }

  frontend_port {
    name = "http"
    port = 80
  }

  frontend_ip_configuration {
    name                 = "http"
    public_ip_address_id = azurerm_public_ip.example.id
  }

  backend_http_settings {
    name                  = "http"
    cookie_based_affinity = "Disabled"
    path                  = "/path1/"
    port                  = 80
    protocol              = "Http"
    request_timeout       = 1
  }

  http_listener {
    name                           = "http"
    frontend_ip_configuration_name = "http"
    frontend_port_name             = "http"
    protocol                       = "Http"
  }

  backend_address_pool { name = "backend" }

  redirect_configuration {
    name          = "vault"
    redirect_type = "Found"
    target_url    = "https://www.vaultproject.io"
    include_path  = false
  }

  redirect_configuration {
    name          = "terraform"
    redirect_type = "Found"
    target_url    = "https://www.terraform.io"
    include_path  = false
  }

  url_path_map {
    name                                = "map"
    default_redirect_configuration_name = "terraform"

    path_rule {
      name                        = "vault"
      paths                       = ["/vault"]
      redirect_configuration_name = "vault"
    }
  }

  request_routing_rule {
    name               = "http"
    rule_type          = "PathBasedRouting"
    http_listener_name = "http"
    url_path_map_name  = "map"
  }

}

output "public_ip_fqdn" {
  value = azurerm_public_ip.example.fqdn
}

Debug Output

https://gist.github.com/mharen/afbd217d673d3d3f658b1c844166bf1c

Expected Behavior

When creating a path-based redirect rule with include_path = false the rule should be created with include_path = false, and this flag should show up that way in the Azure Portal.

Actual Behavior

Terraform applies the configuration without reporting errors, but it does not set include_path. What's more, when I look at the rule in Azure the radio button for this option is entirely unselected. It should have "yes" or "no", but no option is selected.

image

Unfortunately, when this value is not set in Azure, the Application Gateway seems to act like it is set to true, which is the opposite of the default value in Terraform, and the opposite of what you want if you explicitly set it to false.

E.g. my example config creates a redirect:

    path_rule {
      name                        = "vault"
      paths                       = ["/vault"]
      redirect_configuration_name = "vault"
    }

  redirect_configuration {
    name          = "vault"
    redirect_type = "Found"
    target_url    = "https://www.vaultproject.io"
    include_path  = false
  }

Verify the bug:

$ curl -I example-mamj.eastus.cloudapp.azure.com
Location: https://www.vaultproject.io/vault

☝️ that redirect ends with /vault, the path, but it shouldn't.

If I go into the Azure portal and manually toggle the "include path" option to "no", then the redirect works as intended:

$ curl -I example-mamj.eastus.cloudapp.azure.com
Location: https://www.vaultproject.io

Steps to Reproduce

  1. terraform apply
  2. Test with above curl commands

Important Factoids

This happens for v2 Application Gateways, too.

The rule loses its value for "include path" every time you apply changes, too, so you have to go into the Azure portal to fix it every time you let Terraform change things about your gateway. This might not apply to every sort of change.
@mharen
Copy link
Author

mharen commented Apr 1, 2020

I suggest that this be considered a bug because the documented feature doesn't work, and damages the application gateway configuration.

@bailsman
Copy link
Contributor

bailsman commented Apr 16, 2020
edited
Loading

Hi @mharen - could you check if this is still an issue with v2.4.0 or later of the provider?

It should be fixed by #6175

@mharen
Copy link
Author

mharen commented Apr 17, 2020

I can confirm that updating to provider.azurerm v2.6.0 resolves this issue for me. Thank you!

@mharen mharen closed this as completed Apr 17, 2020
@ghost ghost removed the waiting-response label Apr 17, 2020
@ghost
Copy link

ghost commented May 17, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked and limited conversation to collaborators May 17, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement service/application-gateway
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tombuildsstuff @bailsman @mharen @katbyte