Search code examples
azureterraformazure-functionsazure-application-insights

Terraform Hidden Links for Azure Function App

I was trying to import an existing function app into my terraform configuration, terraform plan shows that the existing function app has something called hidden links, specifically three hidden links related to application insights:

"hidden-link: /app-insights-conn-string"         = "InstrumentationKey=********;IngestionEndpoint=********/"
"hidden-link: /app-insights-instrumentation-key" = "********"
"hidden-link: /app-insights-resource-id"         = "/subscriptions/********/resourceGroups/*******/providers/microsoft.insights/components/*******"

I am trying to understand these as when I create a function app from scratch using this same terraform config, it doesn't have any hidden links, I can just configure app insights by passing "application_insights_connection_string" into the configuration and it works. But it seems for the one created manually on portal, azure added these links in the background somehow and now wants terraform to import them.

I have read that I should keep these hidden links imported into my config, as per this thread of discussion here - https://github.com/hashicorp/terraform-provider-azurerm/issues/16569

I need some opinion from experts out there as to what is the ideal solution?

  1. Should I import them, in which case the config will now have a new section of hidden links and it will be created for any other new function app from that config?

  2. Should I put them in a ignore changes block in lifecycle? the import then ignores them, but I don't know if that's a good thing.

    lifecycle { ignore_changes = [ tags["hidden-link: /app-insights-instrumentation-key"], tags["hidden-link: /app-insights-resource-id"], tags["hidden-link: /app-insights-conn-string"] ] }

Any ideas are welcome and if anyone else has faced this, please let me know.

Solution

  • Generally I would recommend looking into the Azure Verified Modules before building everything by scratch. Can save you a lot of time and headaches ;-) https://azure.github.io/Azure-Verified-Modules/

    https://github.com/Azure/terraform-azurerm-avm-res-web-site

    The hidden-link tag is used to link application insights with your function. Both options you mentioned are totally valid, either add the tag to the TF file

    Something like:

    tags = merge(var.tags,{"hidden-link:${azurerm_application_insights.myAppInsights.id}":"Resource"})

    Or disable the lifecycle changes

    lifecycle {
     ignore_changes = [tags] 
   }