After upgrading terraform to 0.14.0 and azurerm to 2.65.0 I got three errors regarding ssl certificate configuration in the application gateway section.
Error: expected “ssl_certificate.0.key_vault_secret_id” to not be an empty string, got
on ~/modules/someservice/gateways.tf line 120, in resource "azurerm_application_gateway" "network":
102: ssl_certificate {
Error: Computed attributes cannot be set
on ~/modules/someservice/gateways.tf line 120, in resource "azurerm_application_gateway" "network":
120: ssl_certificate {
Computed attributes cannot be set, but a value was set for
“ssl_certificate.0.id”.
Error: Computed attributes cannot be set
on ~/modules/someservice/gateways.tf line 120, in resource "azurerm_application_gateway" "network":
120: ssl_certificate {
Computed attributes cannot be set, but a value was set for
“ssl_certificate.0.public_cert_data”.
But key_vault_secret_id configuratiom is not existing in my code:
ssl_certificate {
name = local.certificate_name
data = filebase64("./ssl-cert/appgwcert.pfx")
password = "SecretPwd"
}
Snippet of the application gateway:
terraform {
required_version = "= 0.14.0"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "2.65.0"
}
}
}
provider "azurerm" {
features {}
}
# #################################################################
resource "azurerm_public_ip" "pub-ip" {
name = "appgw-pubIP"
resource_group_name = local.resour_group_name
location = local.resour_group_location
allocation_method = "Dynamic"
}
resource "azurerm_subnet" "subnet-01" {
name = "seubnet-app-gateway"
resource_group_name = local.resour_group_name
virtual_network_name = "vnet-app-gateway"
address_prefixes = ["10.21.0.0/24"]
}
# since these variables are re-used - a locals block makes this more maintainable
locals {
resour_group_name = "app-gateway-test-01"
resour_group_location = "westus2"
backend_address_pool_name = "backend-pool-test-01"
frontend_port_name = "port_443"
frontend_ip_configuration_name = "appGwPublicFrontendIp"
http_setting_name = "http-settings-test-01"
listener_name = "https-listener-01"
request_routing_rule_name = "routrul-test-01"
certificate_name = "appgw-cert-test-01"
}
resource "azurerm_application_gateway" "network" {
name = "app-gateway-test-01"
resource_group_name = local.resour_group_name
location = local.resour_group_location
sku {
name = "Standard_V2"
tier = "Standard"
capacity = 2
}
gateway_ip_configuration {
name = "appGatewayIpConfig"
subnet_id = azurerm_subnet.subnet-01.id
}
frontend_port {
name = local.frontend_port_name
port = 443
}
frontend_ip_configuration {
name = local.frontend_ip_configuration_name
public_ip_address_id = azurerm_public_ip.pub-ip.id
}
backend_address_pool {
name = local.backend_address_pool_name
}
backend_http_settings {
name = local.http_setting_name
cookie_based_affinity = "Disabled"
port = 80
protocol = "Http"
request_timeout = 20
}
http_listener {
name = local.listener_name
frontend_ip_configuration_name = local.frontend_ip_configuration_name
frontend_port_name = local.frontend_port_name
protocol = "Https"
ssl_certificate_name = local.certificate_name
}
ssl_certificate {
name = local.certificate_name
# reference the dummy certificate
data = filebase64("./ssl-cert/appgwcert.pfx")
# this is only a dummy and not the actual certificate to be used thus no harm in storing the password
password = "SecretPwd"
}
request_routing_rule {
name = local.request_routing_rule_name
rule_type = "Basic"
http_listener_name = local.listener_name
backend_address_pool_name = local.backend_address_pool_name
backend_http_settings_name = local.http_setting_name
}
lifecycle {
ignore_changes = [ssl_certificate, http_listener]
}
}
I have no idea how to fix it?