Overview
In Azure Front Door Rule sets, a rule consists of none or some match conditions and an action. The request path match condition identifies requests that include the specified path in the request URL. You can specify multiple values to match, which will be combined using OR logic.
The path is the part of the URL after the hostname and a slash. For example, in the URL https://www.contoso.com/files/secure/file1.pdf
, the path is files/secure/file1.pdf
.
As per this Microsoft article, value of the request path could be One or more string or integer values representing the value of the request path to match. If you specify a leading slash, it's ignored.
Problem
Though Microsoft says in it's article , the leading slash is ignored, you should be able to configure the request path with a leading slash from the Azure Cloud portal.
When trying this from terraform, using below code and running terraform plan
, you get the error "conditions.0.url_path_condition.0.match_values.0" must not begin with the URLs leading slash(e.g. /), got "/"
terraform {
required_version = ">=1.3.6"
cloud {
organization = <Terraform_Cloud_Organization_Name>
workspaces {
name = <Terraform_Cloud_Workspace_Name>
}
}
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=3.65.0"
}
}
}
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "rg" {
location = var.resource_group_location
name = var.resource_group_name
}
resource "azurerm_cdn_frontdoor_profile" "example" {
name = "example-profile-afd"
resource_group_name = azurerm_resource_group.rg.name
sku_name = "Standard_AzureFrontDoor"
}
resource "azurerm_cdn_frontdoor_endpoint" "example" {
name = "example-endpoint-afd"
cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.example.id
tags = {
endpoint = "contoso.com"
}
}
resource "azurerm_cdn_frontdoor_origin_group" "example" {
name = "example-originGroup-afd"
cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.example.id
session_affinity_enabled = true
restore_traffic_time_to_healed_or_new_endpoint_in_minutes = 10
health_probe {
interval_in_seconds = 240
path = "/healthProbe"
protocol = "Https"
request_type = "GET"
}
load_balancing {
additional_latency_in_milliseconds = 0
sample_size = 16
successful_samples_required = 3
}
}
resource "azurerm_cdn_frontdoor_origin" "example" {
name = "example-origin"
cdn_frontdoor_origin_group_id = azurerm_cdn_frontdoor_origin_group.example.id
enabled = true
certificate_name_check_enabled = false
host_name = azurerm_cdn_frontdoor_endpoint.example.host_name
http_port = 80
https_port = 443
origin_host_header = "contoso.com"
priority = 1
weight = 500
}
resource "azurerm_cdn_frontdoor_rule_set" "example" {
name = "exampleruleset"
cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.example.id
}
resource "azurerm_cdn_frontdoor_rule" "example" {
depends_on = [azurerm_cdn_frontdoor_origin_group.example, azurerm_cdn_frontdoor_origin.example]
name = "examplerule"
cdn_frontdoor_rule_set_id = azurerm_cdn_frontdoor_rule_set.example.id
order = 1
actions {
url_redirect_action {
redirect_type = "PermanentRedirect"
redirect_protocol = "MatchRequest"
query_string = "clientIp={client_ip}"
destination_path = "/exampleredirection"
destination_hostname = "contoso.com"
destination_fragment = "UrlRedirect"
}
url_rewrite_action {
destination = "/index.html"
source_pattern = "/"
}
}
conditions {
url_path_condition {
match_values = ["/"]
operator = "Equal"
}
}
}
terraform plan
, you get the following error:Solution
Upgrade the azure provider to latest version (or at least on 3.68) using the command terraform init -upgrade
, and then run the terraform plan. This should fix the issue.
Update the azurerm provider by updating the version section as below:
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">=3.65.0"
}
}
terraform init -upgrade
Now run terraform plan
and it should run successfully:
Additional Information