import for_each should not be able to reference the import target #36672
Description
Terraform Version
4.421.33Terraform Configuration Files
Starting: Terraform Init
==============================================================================
Task : Terraform
Description : Execute terraform commands to manage resources on AzureRM, Amazon Web Services(AWS) and Google Cloud Platform(GCP). v4.241.11
Version : 4.241.33
Author : Microsoft Corporation
Help : [Learn more about this task](https://aka.ms/devlabs/ado/tf/task/v4)
==============================================================================
/agent/_work/_tool/terraform/1.11.1/x64/terraform init -backend-config=storage_account_name=bovmijnrdcdevwestg -backend-config=container_name=mijnrdcdevwetfstatecnt001 -backend-config=key=Bovemij-mijnrdc-Acc-001.tfstate -backend-config=resource_group_name=bov-mijnrdc-dev-we-tf-rg-001 -backend-config=subscription_id=c50e3f67-8b25-43fe-9c07-4a22235ce0d9 -backend-config=tenant_id=ffe07873-d7b0-44f4-bd76-651315816bd1 -backend-config=client_id=*** -backend-config=oidc_token=*** -backend-config=use_oidc=true
Initializing the backend...
Successfully configured the backend "azurerm"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing modules...
Downloading git::https://k7jpbx4wguautb7uvbrjsbapzq73hgz6euijypyzwc4s7v7gyyca@dev.azure.com/Bovemij/Azure%20Cloud/_git/Terraform-Modules?ref=36c1c924a6892931f80a12b0fbf7cfc8861c2176 for app_configuration...
- app_configuration in .terraform/modules/app_configuration/general/app_configuration
Downloading git::https://k7jpbx4wguautb7uvbrjsbapzq73hgz6euijypyzwc4s7v7gyyca@dev.azure.com/Bovemij/Azure%20Cloud/_git/Terraform-Modules?ref=36c1c924a6892931f80a12b0fbf7cfc8861c2176 for application_insights...
- application_insights in .terraform/modules/application_insights/monitor/app_insights
Downloading git::https://k7jpbx4wguautb7uvbrjsbapzq73hgz6euijypyzwc4s7v7gyyca@dev.azure.com/Bovemij/Azure%20Cloud/_git/Terraform-Modules?ref=36c1c924a6892931f80a12b0fbf7cfc8861c2176 for appservice_mijnrdc...
- appservice_mijnrdc in .terraform/modules/appservice_mijnrdc/compute/windows_web_app
Downloading git::https://k7jpbx4wguautb7uvbrjsbapzq73hgz6euijypyzwc4s7v7gyyca@dev.azure.com/Bovemij/Azure%20Cloud/_git/Terraform-Modules?ref=36c1c924a6892931f80a12b0fbf7cfc8861c2176 for asp_frontend...
- asp_frontend in .terraform/modules/asp_frontend/compute/service_plan
Downloading git::https://k7jpbx4wguautb7uvbrjsbapzq73hgz6euijypyzwc4s7v7gyyca@dev.azure.com/Bovemij/Azure%20Cloud/_git/Terraform-Modules?ref=36c1c924a6892931f80a12b0fbf7cfc8861c2176 for bovemij...
- bovemij in .terraform/modules/bovemij/bovemij
Downloading git::https://k7jpbx4wguautb7uvbrjsbapzq73hgz6euijypyzwc4s7v7gyyca@dev.azure.com/Bovemij/Azure%20Cloud/_git/Terraform-Modules?ref=36c1c924a6892931f80a12b0fbf7cfc8861c2176 for key_vault_002...
- key_vault_002 in .terraform/modules/key_vault_002/general/key_vault
Downloading git::https://k7jpbx4wguautb7uvbrjsbapzq73hgz6euijypyzwc4s7v7gyyca@dev.azure.com/Bovemij/Azure%20Cloud/_git/Terraform-Modules?ref=36c1c924a6892931f80a12b0fbf7cfc8861c2176 for log_analytics_workspace...
- log_analytics_workspace in .terraform/modules/log_analytics_workspace/monitor/log_analytics_workspace
Downloading git::https://k7jpbx4wguautb7uvbrjsbapzq73hgz6euijypyzwc4s7v7gyyca@dev.azure.com/Bovemij/Azure%20Cloud/_git/Terraform-Modules for pe_appcs_001...
- pe_appcs_001 in .terraform/modules/pe_appcs_001/networking/private_endpoint
Downloading git::https://k7jpbx4wguautb7uvbrjsbapzq73hgz6euijypyzwc4s7v7gyyca@dev.azure.com/Bovemij/Azure%20Cloud/_git/Terraform-Modules for pe_mijnrdc_app_001...
- pe_mijnrdc_app_001 in .terraform/modules/pe_mijnrdc_app_001/networking/private_endpoint
Downloading git::https://k7jpbx4wguautb7uvbrjsbapzq73hgz6euijypyzwc4s7v7gyyca@dev.azure.com/Bovemij/Azure%20Cloud/_git/Terraform-Modules?ref=36c1c924a6892931f80a12b0fbf7cfc8861c2176 for storage_account...
- storage_account in .terraform/modules/storage_account/storage/storage_account
Downloading git::https://k7jpbx4wguautb7uvbrjsbapzq73hgz6euijypyzwc4s7v7gyyca@dev.azure.com/Bovemij/Azure%20Cloud/_git/Terraform-Modules?ref=36c1c924a6892931f80a12b0fbf7cfc8861c2176 for storage_account_libs...
- storage_account_libs in .terraform/modules/storage_account_libs/storage/storage_account
Initializing provider plugins...
- Finding hashicorp/azurerm versions matching ">= 3.68.0, >= 3.97.1, 3.117.0, < 4.0.0"...
- Installing hashicorp/azurerm v3.117.0...
- Installed hashicorp/azurerm v3.117.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
Debug Output
Starting: Terraform Plan
==============================================================================
Task : Terraform
Description : Execute terraform commands to manage resources on AzureRM, Amazon Web Services(AWS) and Google Cloud Platform(GCP). v4.241.11
Version : 4.241.33
Author : Microsoft Corporation
Help : [Learn more about this task](https://aka.ms/devlabs/ado/tf/task/v4)
==============================================================================
/agent/_work/_tool/terraform/1.11.1/x64/terraform providers
Providers required by configuration:
.
├── provider[registry.terraform.io/hashicorp/azurerm] 3.117.0
├── module.application_insights
│ └── provider[registry.terraform.io/hashicorp/azurerm] >= 3.97.1, < 4.0.0
├── module.appservice_mijnrdc
│ └── provider[registry.terraform.io/hashicorp/azurerm] >= 3.68.0, < 4.0.0
├── module.pe_mijnrdc_app_001
│ └── provider[registry.terraform.io/hashicorp/azurerm] >= 3.68.0, < 4.0.0
├── module.storage_account_libs
│ └── provider[registry.terraform.io/hashicorp/azurerm] >= 3.68.0, < 4.0.0
├── module.asp_frontend
│ └── provider[registry.terraform.io/hashicorp/azurerm] >= 3.68.0, < 4.0.0
├── module.key_vault_002
│ └── provider[registry.terraform.io/hashicorp/azurerm] >= 3.68.0, < 4.0.0
├── module.log_analytics_workspace
│ └── provider[registry.terraform.io/hashicorp/azurerm] >= 3.68.0, < 4.0.0
├── module.bovemij
├── module.pe_appcs_001
│ └── provider[registry.terraform.io/hashicorp/azurerm] >= 3.68.0, < 4.0.0
├── module.app_configuration
│ └── provider[registry.terraform.io/hashicorp/azurerm] >= 3.68.0, < 4.0.0
└── module.storage_account
└── provider[registry.terraform.io/hashicorp/azurerm] >= 3.68.0, < 4.0.0
Providers required by state:
provider[registry.terraform.io/hashicorp/azurerm]
/agent/_work/_tool/terraform/1.11.1/x64/terraform plan -var-file=variables/acc.tfvars -out=/agent/_work/3/Acceptance.tfplan -input=false -detailed-exitcode
data.azurerm_private_dns_zone.azurewebsites_net: Reading...
Expected Behavior
The resource should have been improted using this code:
resource "azurerm_app_service_custom_hostname_binding" "mijn_staging_rdc_nl" {
count = var.web_app_slot_count
hostname = "mijn${var.environment_suffix}-staging.rdc.nl"
app_service_name = "${module.appservice_mijnrdc.name}/staging"
resource_group_name = data.azurerm_resource_group.app.name
ssl_state = module.bovemij.azurerm_app_service_custom_hostname_binding.ssl_state.sni_enabled
thumbprint = data.azurerm_key_vault_certificate.ssl_certificate_staging[0].thumbprint
}
The import:
import {
for_each = azurerm_app_service_custom_hostname_binding.mijn_staging_rdc_nl
id = "/subscriptions/70a78144-133c-4b49-a2e2-8dce46cfc325/resourceGroups/bov-mijnrdc-acc-we-app-rg-001/providers/Microsoft.Web/sites/bov-mrdc-acc-mijnrdc-we-app-001/hostNameBindings/mijn-acc-staging.rdc.nl"
to = azurerm_app_service_custom_hostname_binding.mijn_staging_rdc_nl[each.key]
}
Another way to generate the same error:
import {
for_each = { for idx, val in azurerm_app_service_custom_hostname_binding.mijn_staging_rdc_nl : idx => val }
id = "/subscriptions/70a78144-133c-4b49-a2e2-8dce46cfc325/resourceGroups/bov-mijnrdc-acc-we-app-rg-001/providers/Microsoft.Web/sites/bov-mrdc-acc-mijnrdc-we-app-001/hostNameBindings/mijn-acc-staging.rdc.nl"
to = azurerm_app_service_custom_hostname_binding.mijn_staging_rdc_nl[each.key]
}
My initial attampt that generated a differet error:
import {
# count = var.web_app_slot_count does not work here
id = "/subscriptions/70a78144-133c-4b49-a2e2-8dce46cfc325/resourceGroups/bov-mijnrdc-acc-we-app-rg-001/providers/Microsoft.Web/sites/bov-mrdc-acc-mijnrdc-we-app-001/hostNameBindings/mijn-acc-staging.rdc.nl"
to = azurerm_app_service_custom_hostname_binding.mijn_staging_rdc_nl[0]
}
Actual Behavior
My Azure DevOps pipeline failed.
!!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!
Terraform crashed! This is always indicative of a bug within Terraform.
Please report the crash with Terraform[1] so that we can fix this.
When reporting bugs, please include your terraform version, the stack trace
shown below, and any additional information which may help replicate the issue.
[1]: https://github.com/hashicorp/terraform/issues
!!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!
Note:
My initial import yielded a different error:
data.azurerm_key_vault.ssl_certificate_keyvault: Read complete after 2s [id=/subscriptions/70a78144-133c-4b49-a2e2-8dce46cfc325/resourceGroups/bov-mijnrdc-acc-we-infra-rg-001/providers/Microsoft.KeyVault/vaults/bov-mrdc-acc-we-kv-001]
data.azurerm_key_vault_certificate.ssl_certificate: Reading...
data.azurerm_key_vault_certificate.ssl_certificate: Read complete after 0s [id=https://bov-mrdc-acc-we-kv-001.vault.azure.net/certificates/mijn-acc-rdc-nl/60cb2e0d5c51406a8702dda18c1bb269]
azurerm_app_service_custom_hostname_binding.mijn_rdc_nl: Preparing import... [id=/subscriptions/70a78144-133c-4b49-a2e2-8dce46cfc325/resourceGroups/bov-mijnrdc-acc-we-app-rg-001/providers/Microsoft.Web/sites/bov-mrdc-acc-mijnrdc-we-app-001/hostNameBindings/mijn-acc.rdc.nl]
azurerm_role_assignment.storage_blob_data_contributor_app: Refreshing state... [id=/subscriptions/70a78144-133c-4b49-a2e2-8dce46cfc325/resourceGroups/bov-mijnrdc-acc-we-app-rg-001/providers/Microsoft.Storage/storageAccounts/bovmijnrdcaccwestg001/providers/Microsoft.Authorization/roleAssignments/91eac5d9-885a-4e7a-f9ea-742e9038c2ab]
module.key_vault_002.azurerm_key_vault_access_policy.access_policy["bov_mijnrdc_devops_tf_sc"]: Refreshing state... [id=/subscriptions/70a78144-133c-4b49-a2e2-8dce46cfc325/resourceGroups/bov-mijnrdc-acc-we-app-rg-001/providers/Microsoft.KeyVault/vaults/bov-mrdc-acc-we-kv-002/objectId/ea163101-fa9a-423f-8349-0f005a2f0ffb]
module.key_vault_002.azurerm_key_vault_access_policy.access_policy["sub_bovemij_mijnrdc_infra_grp"]: Refreshing state... [id=/subscriptions/70a78144-133c-4b49-a2e2-8dce46cfc325/resourceGroups/bov-mijnrdc-acc-we-app-rg-001/providers/Microsoft.KeyVault/vaults/bov-mrdc-acc-we-kv-002/objectId/f267c909-2b09-456a-a255-3781c01e1cf4]
azurerm_role_assignment.storage_table_data_contributor_app: Refreshing state... [id=/subscriptions/70a78144-133c-4b49-a2e2-8dce46cfc325/resourceGroups/bov-mijnrdc-acc-we-app-rg-001/providers/Microsoft.Storage/storageAccounts/bovmijnrdcaccwestg001/providers/Microsoft.Authorization/roleAssignments/4f4e05f7-8978-c599-a26e-23e12c061f4c]
azurerm_app_service_custom_hostname_binding.mijn_rdc_nl: Refreshing state... [id=/subscriptions/70a78144-133c-4b49-a2e2-8dce46cfc325/resourceGroups/bov-mijnrdc-acc-we-app-rg-001/providers/Microsoft.Web/sites/bov-mrdc-acc-mijnrdc-we-app-001/hostNameBindings/mijn-acc.rdc.nl]
module.pe_mijnrdc_app_001.azurerm_private_endpoint.private_endpoints: Refreshing state... [id=/subscriptions/70a78144-133c-4b49-a2e2-8dce46cfc325/resourceGroups/bov-mijnrdc-acc-we-app-rg-001/providers/Microsoft.Network/privateEndpoints/bov-mijnrdc-acc-mijnrdc-app-001-we-pep-001]
azurerm_role_assignment.app_configuration_data_reader_app: Refreshing state... [id=/subscriptions/70a78144-133c-4b49-a2e2-8dce46cfc325/resourceGroups/bov-mijnrdc-acc-we-app-rg-001/providers/Microsoft.AppConfiguration/configurationStores/bov-mijnrdc-acc-we-appcs-001/providers/Microsoft.Authorization/roleAssignments/b2e9bf2c-7be9-0290-9aa5-f7e15fc72263]
module.key_vault_002.azurerm_key_vault_access_policy.access_policy["appservice_mijnrdc"]: Refreshing state... [id=/subscriptions/70a78144-133c-4b49-a2e2-8dce46cfc325/resourceGroups/bov-mijnrdc-acc-we-app-rg-001/providers/Microsoft.KeyVault/vaults/bov-mrdc-acc-we-kv-002/objectId/57b2d97b-e869-4d37-90ea-bb2714972646]
Terraform planned the following actions, but then encountered a problem:
# azurerm_app_service_custom_hostname_binding.mijn_rdc_nl will be imported
resource "azurerm_app_service_custom_hostname_binding" "mijn_rdc_nl" {
app_service_name = "bov-mrdc-acc-mijnrdc-we-app-001"
hostname = "mijn-acc.rdc.nl"
id = "/subscriptions/70a78144-133c-4b49-a2e2-8dce46cfc325/resourceGroups/bov-mijnrdc-acc-we-app-rg-001/providers/Microsoft.Web/sites/bov-mrdc-acc-mijnrdc-we-app-001/hostNameBindings/mijn-acc.rdc.nl"
resource_group_name = "bov-mijnrdc-acc-we-app-rg-001"
ssl_state = "SniEnabled"
thumbprint = "BEF32A2749FF6C568B72D358561798AE6FC05186"
virtual_ip = null
}
Plan: 1 to import, 0 to add, 0 to change, 0 to destroy.
╷
│ Error: Configuration for import target does not exist
│
│ The configuration for the given import
│ azurerm_app_service_custom_hostname_binding.mijn_staging_rdc_nl[0] does not
│ exist. All target instances must have an associated configuration to be
│ imported.
╵
##[warning]Can't find loc string for key: TerraformPlanFailed
##[error]Error: TerraformPlanFailed 1
Finishing: Terraform Plan
Steps to Reproduce
- Terraform
resource "azurerm_app_service_custom_hostname_binding" "mijn_staging_rdc_nl" {
count = var.web_app_slot_count
hostname = "mijn${var.environment_suffix}-staging.rdc.nl"
app_service_name = "${module.appservice_mijnrdc.name}/staging"
resource_group_name = data.azurerm_resource_group.app.name
ssl_state = module.bovemij.azurerm_app_service_custom_hostname_binding.ssl_state.sni_enabled
thumbprint = data.azurerm_key_vault_certificate.ssl_certificate_staging[0].thumbprint
}
import {
for_each = azurerm_app_service_custom_hostname_binding.mijn_staging_rdc_nl
id = "/subscriptions/70a78144-133c-4b49-a2e2-8dce46cfc325/resourceGroups/bov-mijnrdc-acc-we-app-rg-001/providers/Microsoft.Web/sites/bov-mrdc-acc-mijnrdc-we-app-001/hostNameBindings/mijn-acc-staging.rdc.nl"
to = azurerm_app_service_custom_hostname_binding.mijn_staging_rdc_nl[each.key]
}
```
2. Pipeline (Azure DevOps, Yaml)
```
- task: TerraformTaskV4@4
displayName: 'Terraform Init'
inputs:
workingDirectory: Terraform
backendServiceArm: ${{ parameters.backendServiceArm }}
backendAzureRmResourceGroupName: ${{ parameters.backendAzureRmResourceGroupName }}
backendAzureRmStorageAccountName: ${{ parameters.backendAzureRmStorageAccountName }}
backendAzureRmContainerName: ${{ parameters.backendAzureRmContainerName }}
backendAzureRmKey: ${{ parameters.backendAzureRmKey }}
- task: TerraformTaskV4@4
displayName: 'Terraform Apply'
inputs:
provider: 'azurerm'
command: 'apply'
commandOptions: '-input=false $(Pipeline.Workspace)/${{ parameters.environmentName }}.tfplan'
workingDirectory: Terraform
environmentServiceNameAzureRM: ${{ parameters.environmentServiceNameAzureRM }}
```
### Additional Context
Running through Azure Devops Pipeline
```
- task: TerraformTaskV4@4
displayName: 'Terraform Init'
inputs:
workingDirectory: Terraform
backendServiceArm: ${{ parameters.backendServiceArm }}
backendAzureRmResourceGroupName: ${{ parameters.backendAzureRmResourceGroupName }}
backendAzureRmStorageAccountName: ${{ parameters.backendAzureRmStorageAccountName }}
backendAzureRmContainerName: ${{ parameters.backendAzureRmContainerName }}
backendAzureRmKey: ${{ parameters.backendAzureRmKey }}
- task: TerraformTaskV4@4
displayName: 'Terraform Apply'
inputs:
provider: 'azurerm'
command: 'apply'
commandOptions: '-input=false $(Pipeline.Workspace)/${{ parameters.environmentName }}.tfplan'
workingDirectory: Terraform
environmentServiceNameAzureRM: ${{ parameters.environmentServiceNameAzureRM }}
```
### References
_No response_
### Generative AI / LLM assisted development?
CoPilot