Terraform-provider-azurerm: JSON parse error on beta version of inline extension block for azure_linux_virtual_machine_scale_set resource.
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform (and AzureRM Provider) Version
Terraform v0.12.25
- provider.azurerm v2.26.0
Affected Resource(s)
azurerm_linux_virtual_machine_scale_set
Terraform Configuration Files
resource "azurerm_linux_virtual_machine_scale_set" "manager" {
name = "manager"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
sku = "Standard_DS2_v2"
instances = 3
lifecycle {
ignore_changes = [ instances ]
}
upgrade_mode = "Manual"
scale_in_policy = "OldestVM"
terminate_notification {
enabled = true
timeout = "PT5M"
}
overprovision = false
source_image_id = var.image_id
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
data_disk {
caching = "ReadWrite"
create_option = "FromImage"
disk_size_gb = 128
lun = 0
storage_account_type = "Standard_LRS"
}
data_disk {
caching = "ReadWrite"
create_option = "FromImage"
disk_size_gb = 256
lun = 1
storage_account_type = "Standard_LRS"
}
computer_name_prefix = "manager"
admin_username = "localadmin"
disable_password_authentication = true
admin_ssh_key {
username = "localadmin"
public_key = var.admin_public_key
}
network_interface {
name = "primary"
primary = true
ip_configuration {
name = "manager-ipconfig"
primary = true
subnet_id = azurerm_subnet.docker.id
}
}
extension {
name = "data_disk_encryption"
publisher = "Microsoft.Azure.Security"
type = "AzureDiskEncryptionForLinux"
type_handler_version = "1.1"
auto_upgrade_minor_version = false
settings = jsonencode({
"EncryptionOperation" = "EnableEncryption"
"KeyVaultResourceId" = azurerm_key_vault.vault.id
"KeyVaultURL" = azurerm_key_vault.vault.vault_uri
"VolumeType" = "DATA"
})
}
}
Debug Output
https://gist.github.com/brentonoloughlin/189c312e321baaa22d2c1e64c727e1fc
Expected Behavior
The Virtual Machine Scale Set resource should have been provisioned with the Azure Disk Encryption extension enabled.
the excerpt from terraform plan shows:
+ extension {
+ auto_upgrade_minor_version = false
+ name = "data_disk_encryption"
+ publisher = "Microsoft.Azure.Security"
+ settings = jsonencode(
{
+ EncryptionOperation = "EnableEncryption"
+ KeyVaultResourceId = "/subscriptions/37d41301-c255-4f06-95b4-902a713aeb5e/resourceGroups/vnet/providers/Microsoft.KeyVault/vaults/roughscale-vault"
+ KeyVaultURL = "https://roughscale-vault.vault.azure.net/"
+ VolumeType = "DATA"
}
)
+ type = "AzureDiskEncryptionForLinux"
+ type_handler_version = "1.1"
}
The same inline extension block code works successfully for the azurerm_virtual_machine_scale_set resource (with the same terraform version and azurerm provider version). For the 'azurerm_virtual_machine_scale_set' resource, the settings parameter from the terraform plan is slightly different (not sure if this is relevant):
+ extension {
+ auto_upgrade_minor_version = false
+ name = "data_disk_encryption"
+ provision_after_extensions = []
+ publisher = "Microsoft.Azure.Security"
+ settings = (known after apply)
+ type = "AzureDiskEncryptionForLinux"
+ type_handler_version = "1.1"
}
Actual Behavior
ARM_PROVIDER_VMSS_EXTENSIONS_BETA=true terraform apply results in:
Error: failed to parse JSON from `settings`: unexpected end of JSON input
on 60-vmss2.tf line 1, in resource "azurerm_linux_virtual_machine_scale_set" "manager":
1: resource "azurerm_linux_virtual_machine_scale_set" "manager" {
Steps to Reproduce
- Build custom image with attached data disks (image built by packer based on RHEL7 Marketplace image)
ARM_PROVIDER_VMSS_EXTENSIONS_BETA=true terraform apply
brentonoloughlin
All 7 comments
@brentonoloughlin did you try to add "protected_settings" field to extension block? Cuz I've had the same issue and resolved it just by add empty "protected_settings" field in my extension block.
pakhom
on 15 Sep 2020
Thanks @pakhom for the workaround. adding an empty protected_settings field worked.
Since this field is optional in the azurerm_virtual_machine_scale_set_extension resource, it should be similarly optional in the inline extension resource.
brentonoloughlin
on 17 Sep 2020
Ran into the same issue. Thanks for the work around!
xyzzykdj
on 21 Sep 2020
Any other updates on this? Adding:
protected_settings = ""
To my extension block didn't resolve this error for me.
bbreckenridge
on 27 Sep 2020
Any other updates on this? Adding:
protected_settings = ""
To my extension block didn't resolve this error for me.
protected_settings = jsonencode({})
worked for me.
brentonoloughlin
on 29 Sep 2020
Any other updates on this? Adding:
protected_settings = ""
To my extension block didn't resolve this error for me.protected_settings = jsonencode({})
worked for me.
Thanks for responding.
I was able to use the separate resource for creating an extension and set the VMSS to upgrade automatically and it resolved my issue.
bbreckenridge
on 29 Sep 2020
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 29 Oct 2020
Related issues
rudolphjacksonm
·
3Comments
MMollyy
·
3Comments
pdeva
·
3Comments
sam-cogan
·
3Comments
hashibot
·
3Comments
Most helpful comment
@brentonoloughlin did you try to add "protected_settings" field to extension block? Cuz I've had the same issue and resolved it just by add empty "protected_settings" field in my extension block.