cdn_frontdoor_origin_path value is getting removed automatically which is causing the sites to throw errors

[amandabasara]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.6.4

AzureRM Provider Version

3.81.0

Affected Resource(s)/Data Source(s)

resource azurerm_cdn_frontdoor_route

Terraform Configuration Files

variable "prefix"{
  default = "ivan-"
}
provider "azurerm" {
  features {}
}
resource "azurerm_resource_group" "example" {
  name     = "${var.prefix}example-cdn-frontdoor"
  location = "West Europe"
}
resource "azurerm_dns_zone" "example" {
  name                = "${var.prefix}example1.com"
  resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_cdn_frontdoor_profile" "example" {
  name                = "${var.prefix}example-profile"
  resource_group_name = azurerm_resource_group.example.name
  sku_name            = "Standard_AzureFrontDoor"
}

resource "azurerm_cdn_frontdoor_origin_group" "example" {
  name                     = "${var.prefix}example-originGroup"
  cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.example.id

  load_balancing {
    additional_latency_in_milliseconds = 0
    sample_size                        = 16
    successful_samples_required        = 3
  }
}
resource "azurerm_cdn_frontdoor_origin" "example" {
  name                          = "${var.prefix}example-origin"
  cdn_frontdoor_origin_group_id = azurerm_cdn_frontdoor_origin_group.example.id
  enabled                       = true

  certificate_name_check_enabled = false

  host_name          = "host.com"
  http_port          = 80
  https_port         = 443
  origin_host_header = "www.host.com"
  priority           = 1
  weight             = 1
}
resource "azurerm_cdn_frontdoor_endpoint" "example" {
  name                     = "${var.prefix}example-endpoint"
  cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.example.id
}
resource "azurerm_cdn_frontdoor_rule_set" "example" {
  name                     = "IvanExampleRuleSet"
  cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.example.id
}
resource "azurerm_cdn_frontdoor_custom_domain" "host" {
  name                     = "${var.prefix}host-custom-domain"
  cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.example.id
  dns_zone_id              = azurerm_dns_zone.example.id
  host_name                = join(".", ["host", azurerm_dns_zone.example.name])

  tls {
    certificate_type    = "ManagedCertificate"
    minimum_tls_version = "TLS12"
  }
}
resource "azurerm_cdn_frontdoor_custom_domain" "custom" {
  name                     = "${var.prefix}custom-custom-domain"
  cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.example.id
  dns_zone_id              = azurerm_dns_zone.example.id
  host_name                = join(".", ["custom", azurerm_dns_zone.example.name])

  tls {
    certificate_type    = "ManagedCertificate"
    minimum_tls_version = "TLS12"
  }
}
resource "azurerm_dns_cname_record" "example" {
  depends_on = [azurerm_cdn_frontdoor_route.example1]

  name                = "ivanhost"
  zone_name           = azurerm_dns_zone.example.name
  resource_group_name = azurerm_resource_group.example.name
  ttl                 = 3600
  record              = azurerm_cdn_frontdoor_endpoint.example.host_name
}
resource "azurerm_cdn_frontdoor_route" "example1" {
  for_each                      = var.loop
  name                          = each.value["name"]
  cdn_frontdoor_endpoint_id     = each.value["cdn_frontdoor_endpoint_id"]
  cdn_frontdoor_origin_group_id = each.value["cdn_frontdoor_origin_group_id"]
  cdn_frontdoor_origin_ids      = each.value["cdn_frontdoor_origin_ids"]
  patterns_to_match             = each.value["patterns_to_match"]
  supported_protocols           = each.value["supported_protocols"]
  #cdn_frontdoor_origin_path     = each.value["cdn_frontdoor_origin_path"]
  link_to_default_domain = each.value["link_to_default_domain"]
  cdn_frontdoor_custom_domain_ids =each.value["cdn_frontdoor_custom_domain_ids"]
  cdn_frontdoor_origin_path       = each.value["cdn_frontdoor_origin_path"] == "" || each.value["cdn_frontdoor_origin_path"] == null ? "/" : each.value["cdn_frontdoor_origin_path"]

# BY ADDING THIS CACHE SUB-BLOCK, IT NULLS OUT THE ORIGIN PATH AT APPLY TIME

cache {
    query_string_caching_behavior = null
    query_strings                 = null
    compression_enabled           = true
    content_types_to_compress     = ["text/plain","text/html", "text/html", "text/javascript", "application/x-javascript", "application/javascript", "application/json", "application/xml"]
  }
}
resource "azurerm_cdn_frontdoor_custom_domain_association" "host" {
  cdn_frontdoor_custom_domain_id = azurerm_cdn_frontdoor_custom_domain.host.id
  cdn_frontdoor_route_ids        = [azurerm_cdn_frontdoor_route.example1["USEkey1"].id]
}
resource "azurerm_cdn_frontdoor_custom_domain_association" "custom" {
  cdn_frontdoor_custom_domain_id = azurerm_cdn_frontdoor_custom_domain.custom.id
  cdn_frontdoor_route_ids        = [azurerm_cdn_frontdoor_route.example1["USEkey2"].id]
}

Debug Output/Panic Output

Apply Time

[WARN]  Provider "provider[\"registry.terraform.io/hashicorp/azurerm\"].example" produced an unexpected new value for module.MODULENAME, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .cdn_frontdoor_origin_path: was cty.StringVal("/"), but now cty.StringVal("")
[TRACE] GRPCProvider: GetProviderSchema
[TRACE] GRPCProvider: returning cached schema: EXTRA_VALUE_AT_END=registry.terraform.io/hashicorp/azurerm

Next Plan

# module.MODULENAME will be updated in-place
 ~ resource "azurerm_cdn_frontdoor_route" "cdn_frontdoor_route" {
   + cdn_frontdoor_origin_path       = "/"

...

Expected Behaviour

When cache settings are modified from Azure Portal UI this cdn_frontdoor_origin_path is not nulled after "Update". I would expect this to be case with Terraform modifications as well.

Actual Behaviour

Every time when some of the settings in cache { } block are changed or block is removed or added - Terraform applies this change, but ignores what is set in Terraform configuration code for argument cdn_frontdoor_origin_path and replaces it with a null value. The next apply tracks the configuration and re-adds value of cdn_frontdoor_origin_path which is reported in customer's plan/apply :

+ cdn_frontdoor_origin_path = "/"

This behavior is not happening when changing cache settings from Azure portal UI.

Steps to Reproduce

Please find attached example Terraform code to build infrastructure where you can add and remove the cache block to see the behavior described.

Important Factoids

If customer changes cache settings and does back-to-back apply runs, it will reset the value to match the configuration. Not ideal for a workaround.

References

No response

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.