Creating App Configuration Services and Config Values In Azure Using Terraform
UPDATE: It would appear that the azurerm provider now natively supports App Config Values as of v2.75.0 azurerm_app_configuration_key | Resources | hashicorp/azurerm | Terraform Registry so my advice would be to move to the latest version of the provider and use the native code.
Introduction
Have you ever found yourself in a situation when you’re deploying a micro-service architecture, and you need to have configuration from one service, shared across to another service? Maybe its the uri of a Function App, or an endpoint uri for a KeyVault?
How do you do this?
Well you could have your standard .env files, you could maybe look to centralise some sort of json app config file, or you could let the cloud do the hard work for you.
Enter Azure App Configuration services. If you don’t know what this service is or does, then please read the docs here: What is Azure App Configuration? | Microsoft Docs as I won’t be going into too much depth here about the how and why.
The Code
So what does this do? Well firstly it will provision me a nice new Azure App Configuration resource (azurerm_app_configuration | Resources | hashicorp/azurerm | Terraform Registry)
However, sadly, the azurerm provider doesn’t support writing config key value pairs into this lovely new service we created 😢 so what to do?
Well it turns out that the local-exec provisioner is ideal for helping us out here. If you are unsure about what this provisioner does please take a look at the docs here: Provisioner: local-exec — Terraform by HashiCorp
A Word Of Warning
While this solution is nice and simple, it does have a few caveats:
- If you change the values/resources being provisioned by the
local-execthen TF will not destroy those keys in the App Configuration service. - local-exec is not an ideal way to do this, see the notes below for an alternative that will provide better lifecycle support.
- There are currently issues raised with the
azurermprovider to add this functionality, so it may cause you to have to update your terraform in the future.
Final Thoughts
When I first started looking into ways to do this, I did come up with a complicated solution using the excellent Shell Provider written by Scott Winkler. This provider allows a much richer integration to the Terraform lifecycle and would allow me to have update and delete hooks to change and delete values as necessary, however, I later abandoned this as it seemed to be leaking the secret values for my App Configuration Service keys out into the console.
As the App Configuration service can only accept one Key Value pair with a unique name, it will just overwrite a key that already exists, so updating is easy and a freebie, which just leaves delete, and I decided that was a small risk.
Thanks for reading and I hope this information helps someone else in the future.
