Today I am using terraform over azure to manage a serverless application infrastructure. I installed an ubuntu WSL over win10 to avoid problems with enviroment variables.
- Ubuntu 20.04.02 LTS (over wsl on win10)
- Terraform v0.14.7
- Azurerm v2.56.0
- azure-cli 2.23
On azure we have deployed an app_service_plan, a function_app, a key_vault, an storage_account...etc
Terraform init worked well. Terraform plan is telling me that there is a change to do in the function_app:
~ resource "azurerm_function_app" "myfunction" {
~ app_settings {
~ "AzureWebJobsStorage" = "[...]Key2[...]" -> "[...]Key1[...]" #(obviusly, I won't show key1 and key2)
}
}
If I run a terraform apply, this access_key never change and the terraform plan command shows again that there is a change to do.
Searching on the terraform files I found the specific function_app.tf file, and inside it I have this:
app_settings {
[...]
AzureWebJobsStorage = azurerm_storage_account.mystorage.primary_connection_string
[...]
}
Using terraform console command, I searched for the state data for azurerm_storage_account.mystorage finding this:
[...]
"primary_access_key" = "key2"
"primary_connection_string" = "[...]key2[...]"
[...]
"secondary_access_key" = "Key1"
"secondary_connection_string" = "[...]key1[...]"
[...]
Now the question is: why the primary key (on terraform state) is the Key2(on azure portal) and the secondary is the Key1? Where is that configured and how can I change it? (I searched that in the storage account file (stacc.tf), but there is nothing configured about that... maybe I must specify which key is the primary here?)