auth_settings not applying to state file above version 3.44.1

[Weasle74]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.4.4

AzureRM Provider Version

3.45.0

Affected Resource(s)/Data Source(s)

azurerm_windows_web_app.windows_web, azurerm_windows_function_app

Terraform Configuration Files

Is this needed ?

Debug Output/Panic Output

# azurerm_windows_web_app.windows_web["webappname"] will be updated in-place
  ~ resource "azurerm_windows_web_app" "windows_web" {
        id                                = "/subscriptions/000000000-000000-000000-00000-0000000000000/resourceGroups/nm-000-web-plans-rg/providers/Microsoft.Web/sites/nm-000-web-routing-ealz88nv"
        name                              = "webappname"
        tags                              = {
            "business_owner"        = "Dev"
            "data_sensitivity"      = "High"
            "docs_location"         = ""
            "environment"           = "nm1"
            "function_of_component" = "Serves a single App or API"
            "function_of_system"    = "Serve API and APP traffic from App Services"
            "name_of_system"        = "App Services"
            "namespace_environment" = "nm-000"
            "parent"                = "nm-000-web-plan-general"
            "rto"                   = "30m"
            "tech_owner"            = "Dev"
        }
        # (19 unchanged attributes hidden)

      + auth_settings {
          + allowed_external_redirect_urls = (known after apply)
          + enabled                        = false
          + token_refresh_extension_hours  = 0
          + token_store_enabled            = false
        }

Expected Behaviour

In version 3.10.0, 3.44.1 this is working fine. The settings have been committed to the statefile and it works moved up the providers to 3.45.0 and terraform states its going to apply the auth settings. I have applied these and then re ran a plan and it wants to continually apply the auth settings. Checked in the statefile and these are no longer there.

Actual Behaviour

Its trying to apply the auth settings time and time again. These are not being saved into the statefile.

Steps to Reproduce

Build a web app and see if the settings have been applied.

azurerm_windows_web_app.windows_web["webappname"] will be updated in-place

~ resource "azurerm_windows_web_app" "windows_web" {
id = "/subscriptions/000000000-000000-000000-00000-0000000000000/resourceGroups/nm-000-web-plans-rg/providers/Microsoft.Web/sites/nm-000-web-routing-ealz88nv"
name = "webappname"
tags = {
"business_owner" = "Dev"
"data_sensitivity" = "High"
"docs_location" = ""
"environment" = "nm1"
"function_of_component" = "Serves a single App or API"
"function_of_system" = "Serve API and APP traffic from App Services"
"name_of_system" = "App Services"
"namespace_environment" = "nm-000"
"parent" = "nm-000-web-plan-general"
"rto" = "30m"
"tech_owner" = "Dev"
}
# (19 unchanged attributes hidden)

  + auth_settings {
      + allowed_external_redirect_urls = (known after apply)
      + enabled                        = false
      + token_refresh_extension_hours  = 0
      + token_store_enabled            = false
    }

Important Factoids

No response

References

Apologies I searched Github looking for this issue and not come across its. First time posting on here so be gentle please :)

[xiaxyi]

Thanks @Weasle74 for raising this issue, can you share your full TF config with me so I can have a better understanding of the detailed behavior?

[Weasle74]

Thank you for replying @xiaxyi

What's the best way to share this with you ?

[Weasle74]

I have done some more testing and it seems if auth_settings is true it applies values to the statefile. If set to false it sets a auth_settings = [] in the statefile and tries to apply this over and over again. I commented the code which in effects removes auth_settings and adds the values of [] the same as false to the state file but does not apply over and over.

So my guess is this is a change to the provider. You have two options, Enabled or you do not specified in the code block auth_settings.

It threw me as false was working in previous version. My guess is this is intended behaviour?

[pacoguzman]

We're suffering the same issue, statefile is not update and it tries over and over to do it making it continuous drift.

[xiaxyi]

@Weasle74 you can just copy/ paste the full config in comment like below example:

example code

[Weasle74]

`resource "azurerm_windows_function_app" "function_app" {
name = name
resource_group_name = .name
location = location
service_plan_id = id

This block only works if set to true https://github.com/hashicorp/terraform-provider-azurerm/issues/21320
auth_settings {
enabled                       = false
token_refresh_extension_hours = 0

}`

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_function_app

Documentation says its optional. We were setting it to false which is where we were getting the issue when incrementing the provider. So we commented the code for this argument. we no longer get the issue. Which means if you set it to false it ill continue to try and apply the settings every time you do a apply.

[xiaxyi]

@Weasle74 You may check the mention pr for the fix. Feel free to let me know if you have any question.