You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
azurerm_windows_function_app failes to change/update the WEBSITE_CONTENTAZUREFILECONNECTIONSTRING setting when the storage account keys have been rotated
#27339
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.
# The azure function app will be updated:# module.functionApp["D365FO-INT-CONS-PLAN"].azurerm_windows_function_app.functionApp will be updated in-place~ resource "azurerm_windows_function_app""functionApp" {
~ app_settings = {
+ "FUNCTIONS_EXTENSION_VERSION" = "~1"~"WEBSITE_CONTENTAZUREFILECONNECTIONSTRING" = (sensitive value)
+ "WEBSITE_NODE_DEFAULT_VERSION" = "6.5.0"# (57 unchanged elements hidden)
}
id = "/subscriptions/xxxxxx/resourceGroups/D365FO-xxxxx/providers/Microsoft.Web/sites/D365FO-xxxxx-CONS-PLAN"
name = "D365FO-xxxxx-CONS-PLAN"
tags = {
"CreatedBy" = "D365-Dxxxxx""displayName" = "Functions App Service""owner" = "xxxxxm""project" = "Test 365"
}
# (26 unchanged attributes hidden)# (3 unchanged blocks hidden)
}
Expected Behaviour
WEBSITE_CONTENTAZUREFILECONNECTIONSTRING should have been updated if a new key is rotated for the storage account, it even says so in the plan that it needs to change it.
Actual Behaviour
WEBSITE_CONTENTAZUREFILECONNECTIONSTRING retains the old key for the connection string for the storage account and it fails to update.
Steps to Reproduce
Create resources with terraform apply.
Change the storage account key by rotate.
Update resources with terraform apply.
Important Factoids
No response
References
Multiple such issues have been raised and on of them has been closed as well - #22174.
Other links maybe there as well - #21140 and #21212
The text was updated successfully, but these errors were encountered:
Tried to check the code to see what's going on with this connection string: relevant line - 913.
On the line 907 the state.AppSettings is initialized from the AppSettings from the Function App in Azure.
On the line 913 the code checks: take WEBSITE_CONTENTAZUREFILECONNECTIONSTRING, if it is not present, then assign the new value with the new access key.
⚠ Of course, the WEBSITE_CONTENTAZUREFILECONNECTIONSTRING is already present - we just read it ⚠
Let me summon authors of the previous PRs into this thread: @xiaxyi@jackofallops
Please correct me if I'm wrong in the code analysis
Is there an existing issue for this?
Community Note
Terraform Version
1.7.1
AzureRM Provider Version
3.116.0
Affected Resource(s)/Data Source(s)
azurerm_windows_function_app
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
WEBSITE_CONTENTAZUREFILECONNECTIONSTRING should have been updated if a new key is rotated for the storage account, it even says so in the plan that it needs to change it.
Actual Behaviour
WEBSITE_CONTENTAZUREFILECONNECTIONSTRING retains the old key for the connection string for the storage account and it fails to update.
Steps to Reproduce
Important Factoids
No response
References
Multiple such issues have been raised and on of them has been closed as well - #22174.
Other links maybe there as well - #21140 and #21212
The text was updated successfully, but these errors were encountered: