fix: maintain frontdoor tags (#62)

* fix: preserve azure frontdoor waf policy tags between updates * feat: add example tags to test preservation
alec-pinson · Jan 10, 2023 · 6fb4e68 · 6fb4e68
1 parent ce400e5
commit 6fb4e68
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/azure.go b/azure.go
@@ -211,8 +211,13 @@ func (fd *AzureFrontDoor) update() int {
 
 	azfd := frontdoor.NewPoliciesClient(fd.SubscriptionId)
 	azfd.Authorizer, _ = a.authorize()
+
+	// Read current state of azure frontdoor
+	azfdget, _ := azfd.Get(context.Background(), fd.ResourceGroup, fd.PolicyName)
+
 	_, err := azfd.CreateOrUpdate(context.Background(), fd.ResourceGroup, fd.PolicyName, frontdoor.WebApplicationFirewallPolicy{
 		Location: to.StringPtr("Global"),
+		Tags:     azfdget.Tags, // Preserve tags for existing policies.
 		WebApplicationFirewallPolicyProperties: &frontdoor.WebApplicationFirewallPolicyProperties{
 			PolicySettings: &frontdoor.PolicySettings{
 				EnabledState:                  frontdoor.PolicyEnabledStateEnabled,

diff --git a/terraform/frontdoor.tf b/terraform/frontdoor.tf
@@ -12,6 +12,11 @@ resource "azurerm_frontdoor_firewall_policy" "this" {
     https://xyz.com/ip-whitelister
   */
   lifecycle { ignore_changes = [custom_rule, managed_rule] }
+
+  tags = {
+    name       = var.name
+    created-by = "terraform"
+  }
 }
 
 output "azure_frontdoor_policy" {