Application Gateway Listener WAF policies incorrectly considering case

[marciobarbato]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.5.3

AzureRM Provider Version

3.65

Affected Resource(s)/Data Source(s)

azurerm_application_gateway

Terraform Configuration Files

resource "azurerm_application_gateway" "this" {
...
  dynamic "http_listener" {
    iterator = listener
    for_each = local.listeners
    content {
      name                           = listener.value.name
      firewall_policy_id             = try(listener.value.policy, null)
....
}

Debug Output/Panic Output

│ Error: ID was missing the `ApplicationGatewayWebApplicationFirewallPolicies` element
│
│   with module.EUWE01NPRDAGW02.azurerm_application_gateway.this,
│   on ..\..\..\..\Baselines\appGateway\baseline.tf line 2, in resource "azurerm_application_gateway" "this":

Expected Behaviour

While associating a WAF policy ID to listener, terraform is case-sensitive in WAF policy ID, however it's validation is not following azure portal policy id case. Example:

Fails with:
/subscriptions/subsID/resourceGroups/RGName/providers/Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/policyName

Validation passes:
/subscriptions/subsID/resourceGroups/RGName/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/policyName

Listener to be created and WAF policies correctly associated.

Actual Behaviour

terraform fails with
| Error: ID was missing the ApplicationGatewayWebApplicationFirewallPolicies element

Steps to Reproduce

copy WAF policy ID from azure portal and try to run it

That issue started with PR #21238

Important Factoids

No response

References

No response

[marciobarbato]

updated PR to #21238

relevant issue: #21224

[myc2h6o]

Hi @marciobarbato terraform is currently considering static segment in ID case sensitively in order to let the ID be consistent accross the provider, and the ID could be different from what is being shown from Azure Portal. you'd need to update applicationGatewayWebApplicationFirewallPolicies to ApplicationGatewayWebApplicationFirewallPolicies in the local variables.

[marciobarbato]

sure, thanks for the clarification, that was the path that I took and my code is working, I just don't understand the decision on choosing a different path than what is shown over the portal.

Feel free to close this issue.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.