Unique resource name with `create_before_destroy` does not work

[kiweezi]

Terraform CLI and Provider Versions

CLI: v1.11.4
Provider: 3.7.2

Terraform Configuration

resource "random_id" "suffix" {
  byte_length = 3
}

resource "azurerm_linux_virtual_machine" "example" {
  name                = "vm-${var.name}-${random_id.suffix.hex}"
  resource_group_name = var.resource_group_name
  location            = var.location
  size                = var.vm_size

  admin_username                  = "myadmin"
  admin_password                  = random_password.virtual_machine.result
  disable_password_authentication = true
  patch_assessment_mode           = "AutomaticByPlatform"

  network_interface_ids = [
    azurerm_network_interface.example.id,
  ]

  os_disk {
    caching              = "ReadWrite"
    storage_account_type = "Standard_LRS"
  }

  source_image_reference {
    publisher = "Canonical"
    offer     = "ubuntu-24_04-lts"
    sku       = "server"
    version   = "latest"
  }

  lifecycle {
    create_before_destroy = true
  }
}

Expected Behavior

A new random_id resource is created and used by the new azurerm_linux_virtual_machine resource, before the old versions are then deleted.

Actual Behavior

Plan succeeds, but does not show replacement for random_id resource.

Apply fails with an error that a resource already exists with that name:

Error: A resource with the ID "/subscriptions//resourceGroups/rg-example/providers/Microsoft.Compute/virtualMachines/vm-example-e5b0a3" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_linux_virtual_machine" for more information.

Steps to Reproduce

1. Create the original resource with terraform apply.
2. Modify an attribute of the unique resource which requires recreation.
3. Run terraform apply again.

How much impact is this issue causing?

High

Logs

Error: A resource with the ID "/subscriptions//resourceGroups/rg-example/providers/Microsoft.Compute/virtualMachines/vm-example-e5b0a3" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_linux_virtual_machine" for more information.

Additional Information

Creating unique resource names for the purpose of using with create_before_destroy is referenced as a supported and intended use case in a number of pages in the provider docs. However, I couldn't find any examples of this in the docs, or online.

This resource can be used in conjunction with resources that have the create_before_destroy lifecycle flag set to avoid conflicts with unique names during the brief period where both the old and new resources exist concurrently.

In my case, I don't care what inputs or variables an operator of my module could provide. I only care that if it causes a resource to be recreated (causing disruption), it should be able to create a new one, before destroying the old one. In a number of cases in Azure, with many types of resource, this would require a unique name for both resources to ensure they do not conflict during this overlapping period.

I found a feature request in the main Terraform repo which seems to suggest this functionality does not work. The author's described use cases and attempted solutions perfectly encapsulate my issue.

I am quite confused as to why the comments would be added to the documentation if it was never designed to function. So I'm hoping I've missed something!

Code of Conduct

• I agree to follow this project's Code of Conduct