Terraform wanting to redeploy azure vms for 'no' reason



  • I got a VM defined in terraform like this:

    resource "azurerm_linux_virtual_machine" "vm" {
      name                            = var.vm-name
      resource_group_name             = var.RG
      location                        = var.location
      size                            = var.vm-size
      admin_username                  = data.azurerm_key_vault_secret.username.value
      disable_password_authentication = true
      proximity_placement_group_id    = data.azurerm_proximity_placement_group.proximity-group.id
    

    tags = var.tags
    network_interface_ids = [
    azurerm_network_interface.nic.id,
    ]

    admin_ssh_key {
    username = data.azurerm_key_vault_secret.username.value
    public_key = data.azurerm_key_vault_secret.pub.value
    }

    os_disk {
    caching = "ReadWrite"
    storage_account_type = "Premium_ZRS"
    }

    source_image_reference {
    publisher = "Canonical"
    offer = "0001-com-ubuntu-server-focal"
    sku = "20_04-lts-gen2"
    version = "latest"
    }
    }

    Every time I run tf apply it thinks that the admin_username has been changed and wants to redeploy the machine. This is happening to several environments I'm working with so logically I'm doing something wrong but I can't figure out what..


  • QA Engineer

    So, in short, there is a bug/feature in terraform, and the posted solution was to output the keyvault_id from the keyvault module, then declaring the output value as a variable to pass into other modules. So when getting the secrets now, I use the output value as key_vault_id in the data-block for the secrets like this:

    data "azurerm_key_vault_secret" "username" {
      name         = var.username
      key_vault_id = var.keyvault_id
    }
    

    instead of this:

    data "azurerm_key_vault_secret" "username" {
      name         = var.username
      key_vault_id = data.azurerm_key_vault.kv.id
    }
    



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2