terraform-provider-azurerm: Cannot destroy Azure Firewall

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave “+1” or “me too” comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v0.15.1 on linux_amd64

Affected Resource(s)

  • azurerm_firewall

Terraform Configuration Files

resource "azurerm_firewall" "azfw" {
  name = format("%s-%s-%s-%s", var.name_prefix, var.environment, var.location_[redacted]_name, "fw")
  location = var.location
  resource_group_name = var.resource_group_name
  tags = var.tags
  ip_configuration {
    name = "IpConf"
    subnet_id = azurerm_subnet.azfw-subnet.id
    public_ip_address_id = azurerm_public_ip.azfw-public-ip.id
  }
}

Debug Output

  • Reusing previous version of hashicorp/kubernetes from the dependency lock file
  • Reusing previous version of hashicorp/helm from the dependency lock file
  • Reusing previous version of hashicorp/null from the dependency lock file
  • Reusing previous version of hashicorp/external from the dependency lock file
  • Reusing previous version of hashicorp/azurerm from the dependency lock file
  • Reusing previous version of hashicorp/tls from the dependency lock file
  • Installing hashicorp/kubernetes v1.13.3…
  • Installed hashicorp/kubernetes v1.13.3 (signed by HashiCorp)
  • Installing hashicorp/helm v1.3.2…
  • Installed hashicorp/helm v1.3.2 (signed by HashiCorp)
  • Installing hashicorp/null v3.0.0…
  • Installed hashicorp/null v3.0.0 (signed by HashiCorp)
  • Installing hashicorp/external v2.0.0…
  • Installed hashicorp/external v2.0.0 (signed by HashiCorp)
  • Installing hashicorp/azurerm v2.92.0…
  • Installed hashicorp/azurerm v2.92.0 (signed by HashiCorp)
  • Installing hashicorp/tls v3.0.0…
  • Installed hashicorp/tls v3.0.0 (signed by HashiCorp)
  • Installing hashicorp/http v2.0.0…
  • Installed hashicorp/http v2.0.0 (signed by HashiCorp)

Terraform has been successfully initialized!

Error: deleting Azure Firewall Firewall: (Azure Firewall Name “[redacted]” / Resource Group “[redacted]”) : network.AzureFirewallsClient#Delete: Failure sending request: StatusCode=415 – Original Error: Code=“UnsupportedMediaType” Message=“The content media type ‘’ is not supported. Only ‘application/json’ is supported.”

Panic Output

Expected Behaviour

Azure Firewall resource should be successfully destroyed.

Actual Behaviour

Terraform destroy failed.

Steps to Reproduce

  • terraform destroy

Important Factoids

References

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Reactions: 42
  • Comments: 23 (3 by maintainers)

Most upvoted comments

As a workaround you can invoke az network firewall delete with AZ cli before terraform destroy. Not the best solution, but it worked in our case.

+4
earthquakesan on Feb 5, 2022

@jhendrixMSFT I have been deploying and destroying Azure Firewall resources using Terraform (with azurerm: 2.79) since December 2021, and I was able to destroy and deploy the resources successfully without any issue until mid of January 2022. For the last two weeks, I was not able to destroy the Azure Firewall resources due to the mentioned error (and have also tried bumping the azurerm to 2.92 as well)

+3
athiththan11 on Feb 1, 2022

@jhendrixMSFT I was developing/deploying Firewall using terraform in January this year and did not have this problem. I can not say exactly when it happened, but it looks like a recent problem (i.e. we encountered it first time last week~).

+3
earthquakesan on Feb 1, 2022

@magodo whilst this is being fixed within the Azure SDK/API’s, would you mind updating the Delete call to manually set this header for the moment? We’ve done this in a few other places by lifting the Azure SDK method into an azuresdkhacks package and customizing it as necessary fwiw e.g.: https://github.com/hashicorp/terraform-provider-azurerm/blob/main/internal/services/securitycenter/azuresdkhacks/security_center_contact.go

+2
tombuildsstuff on Feb 8, 2022

Same here, it worked ever since the resource azurerm_firewall existed, until recently/

+2
geekzter on Feb 1, 2022

The firewall client is using azure go sdk 2021-05-01. There is a DeletePreparer function, which configures request using autorest, but does not include autorest.AsContentType("application/json; charset=utf-8") line as in this PR.

What’s weird for me: in the same azurefirewalls.go, the content type is set for request when creating/updating Azure Firewall.

For me it looks like the azure-go-sdk library needs a fix - it is a one-line fix, not sure about release process here - and how to bump versions in this terraform provider afterwards.

P.S. I am here, because we have the same issue.

+2
earthquakesan on Feb 1, 2022

Faced the same issue of “Error deleting Azure Firewall” today. To confirm the impact of the issue based on above comments, I tried out the sample Firewall code from the official Terraform docs. I was able to replicate the issue for various combinations of Terraform versions (1.0.2, 0.14.11) and AzureRM providers (2.92.0, 2.80.0, 2.63.0, 2.25.0, 2.2.0). Since different versions of the Azure Go SDK are used in the various AzureRM versions, this doesn’t look to be an issue related to a version but something common to most of them.

This is quite scary since we use versions to avoid exactly this kind of scenario.

+1
rohithegde on Feb 8, 2022

Likewise, I’ve been adding/removing Azure firewalls with Terraform without incident over the last few months. Not tried in the last week or so though.

+1
rowco on Feb 1, 2022
Read more comments on GitHub
← terraform-provider-azurerm: Cannot delete a non empty file share storage
terraform-provider-azurerm: Cannot make Docker Compose based App Services with new App Service resources →