Address 409 conflict error on import#241
Open
mikedembek wants to merge 9 commits into
Open
Conversation
…isk as OS disk Add support for the os_managed_disk_id parameter on both azurerm_linux_virtual_machine and azurerm_windows_virtual_machine resources, allowing users to create VMs from existing managed disks (Attach mode). Changes: - variables.tf: Add os_managed_disk_id variable with format validation and mutual exclusivity check against source_image_resource_id - locals.tf: Add os_disk_is_imported local for readability - locals.auth.tf: Skip credential generation when os_managed_disk_id is set (admin_username=null, no random password/SSH key generation) - main.linux_vm.tf: Add os_managed_disk_id, conditionally null out ConflictsWith fields (admin_password, computer_name, custom_data, provision_vm_agent, patch_mode, patch_assessment_mode, bypass_platform_safety_checks, reboot_setting), update source_image_reference and admin_ssh_key conditions - main.windows_vm.tf: Same as Linux plus Windows-specific ConflictsWith fields (enable_automatic_updates, hotpatching_enabled) Provider behavior reference (azurerm_linux/windows_virtual_machine): - os_managed_disk_id ExactlyOneOf: admin_username, source_image_id, source_image_reference - ConflictsWith (shared): admin_password, computer_name, custom_data, provision_vm_agent, patch_mode, patch_assessment_mode, bypass_platform_safety_checks_on_user_schedule_enabled, reboot_setting - ConflictsWith (Windows): hotpatching_enabled, enable_automatic_updates - When set, Provider uses CreateOption=Attach and skips OsProfile Closes Azure#230 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Fix admin_password_linux/windows locals to return null when os_disk_is_imported, preventing random_password[0] resolution errors - Fix password_secret_count and ssh_secret_count to return 0 when os_disk_is_imported, skipping unnecessary Key Vault secret creation - Add lifecycle precondition to prevent os_managed_disk_id and os_disk.diff_disk_settings from being set simultaneously - Add examples/linux_os_managed_disk/ for e2e test coverage of the attach-from-managed-disk path - Update source_image_reference variable description to mention os_managed_disk_id mutual exclusivity - Run pre-commit to sync docs and formatting Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
When os_managed_disk_id is set from a computed resource attribute (e.g., azurerm_managed_disk.example.id), Terraform cannot determine the null check at plan time, causing 'count depends on resource attributes that cannot be determined' errors. Add os_disk_attach_mode (bool, default false) that users must set to true alongside os_managed_disk_id. This ensures count expressions are deterministic during planning. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add os_disk_is_imported check to admin_ssh_key local to skip SSH key generation when tls_private_key.this is empty in attach mode - Add os_disk_is_imported check to admin_ssh_key_secret_value local - Use coalesce(admin_username, 'imported') in credential secret names to prevent null string interpolation errors when admin_username is null in attach mode Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The AzureRM Provider enforces ConflictsWith between os_disk.storage_account_type and os_managed_disk_id. When attaching an existing managed disk, storage_account_type must be null since the disk type is already determined by the existing disk. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Azure rejects any change to the osProfile section of a VM after create with 409 PropertyChangeNotAllowed. The AzureRM provider sends every osProfile field on every UPDATE, and a few (allow_extension_operations, bypass_platform_safety_checks_on_user_schedule_enabled) ride into the payload regardless of attach-mode gating - the latter is normalized by the provider from null to its schema default. Suppress diffs on every osProfile sub-field via lifecycle.ignore_changes in both azurerm_linux_virtual_machine and azurerm_windows_virtual_machine so neither attach-mode imports nor greenfield drift trigger an update call Azure will reject. Layered on top of Azure#234 (os_disk_attach_mode), which conditionally defaults most osProfile fields to null at plan time. ignore_changes is the belt-and-suspenders that covers the fields Azure#234 cannot gate. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
microsoft-github-policy-service
Bot
added
the
Needs: Triage 🔍
mikedembek
changed the title
Author
|
@microsoft-github-policy-service agree company="Boyne Resorts" |
|
Thanks for working on this. I think this is very relevant for Azure Backup/Veeam restore scenarios. One question: does this PR also cover restored data disks managed through In a Veeam full VM restore, Azure changes the restored data disks to metadata like:
The module config still has the disks as normal empty managed disks, so Terraform plans replacement: create_option = "Import" -> "Empty" # forces replacement
storage_account_id = ".../veeamcpm-..." -> null # forces replacement |
1 task
Author
|
@EYEVO I haven't tested that, I'm using the terraform-azurerm-avm-res-compute-disk module for data disk management (which does work with this config). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This builds on the fix for #230 that @lonegunmanb made in #234 with a fix for #240.
Fixes #240
Closes #240
-->
Type of Change
Checklist