azurerm_linux_function_app doesn't save any property of the cors section in state files -- support_credentials or allowed_origins need to be modified always

[Joseluismantilla]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.5.4

AzureRM Provider Version

3.67,3.68

Affected Resource(s)/Data Source(s)

azurerm_linux_function_app

Terraform Configuration Files

Resource config

resource "azurerm_linux_function_app" "functionapp" {
  name                              = var.name
  resource_group_name               = var.resource_group_name
  location                          = var.location
  service_plan_id                   = var.appserviceplan_id
  storage_account_name              = var.storage_account_name
  storage_account_access_key        = var.sa_primary_access_key
  https_only                        = true
  tags                              = var.tags
  app_settings                      = var.app_settings
  site_config {   
    elastic_instance_minimum      = var.elastic_instance_minimum
    ftps_state                    = "Disabled"
    minimum_tls_version           = 1.2
    use_32_bit_worker             = var.use_32_bit_worker
    application_stack {
      dotnet_version              = var.application_stack["dotnet_version"]
      use_dotnet_isolated_runtime = true
    }
    cors {
      allowed_origins = var.cors_allowed_origins
      support_credentials = false # this value by default is false
    }
  }
  lifecycle {
    ignore_changes = [ tags ]
  }
}

Debug Output/Panic Output

The TF state file doesn't save any value for the cors section applying always the support_credentials default value every time you execute it.

Expected Behaviour

Save the current values in the tf state file.

Actual Behaviour

TF is not saving the cors section in the state file, applying always changes that it doesn't detect nor save. If you have 20 function apps, you must change these for the cors section, commonly, support_credentials if you don't set any value at allowed_origins.

Steps to Reproduce

No response

Important Factoids

No response

References

No response

[xiaxyi]

Thanks @Joseluismantilla for raising this issue, may i know if the value that you set to cors is the default one like below?

cors {
      allowed_origins = []
      support_credentials = false
    }

[Joseluismantilla]

Thanks @Joseluismantilla for raising this issue, may i know if the value that you set to cors is the default one like below?

cors {
      allowed_origins = []
      support_credentials = false
    }

Wichever value you assign there, it isn't being saved in the TF state file, therefore, every time it'll be updated, in fact you can ignore it to apply the default value in tf, the result is the same finally.

[dion-gionet]

I'm having the same issue on azurerm_windows_web_app

[Joseluismantilla]

In fact, I'm using terraform 1.5.5 with the provider version 3.69 and I can see:

In fact, you can see the symbol + when the tf doesn't show any value to be added.

Is this the expected behavior?

[spr0ut]

Still affects Terraform v1.5.7
provider registry.terraform.io/hashicorp/azurerm v3.83.0

Ignore changes is also not excluding this:

lifecycle {
    ignore_changes = [
      site_config[0].cors[0].support_credentials
    ]
}

[SirinivasK]

Though it's not an ideal fix, but the below will work, if we ignore "cors" completely.

  lifecycle {
    ignore_changes = [
      site_config[0].cors,
    ]
}

[berzns]

I'm also facing the same issue with azurerm_windows_function_app, hashicorp/azurerm v3.117.0 provider.
The workaround by @SirinivasK works but removes the ability to adjust CORS settings.