Terraform-provider-azurerm: azurerm_automation_account does not add default modules to Terraform state resulting in errors
Community Note
- Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform (and AzureRM Provider) Version
Terraform v0.13.2
provider[registry.terraform.io/hashicorp/azurerm] >= 2.18.0
Affected Resource(s)
- `azurerm_automation_account
Terraform Configuration Files
resource "azurerm_automation_account" "automation_account" {
name = var.AUTOMATION_ACCOUNT_NAME
sku_name = "Basic"
location = azurerm_resource_group.automation_dsc_rg.location
resource_group_name = azurerm_resource_group.automation_dsc_rg.name
}
Debug Output
There is not any debug output as the resource (automation account) is created successfully, however, the default modules that are created as part of creating the automation_account are not added to Terraform state.
This causes issues if you then try to install an updated version of the default module via Terraform. Terraform sees that the module exists in Azure Automation account and says to first add those resources to Terraform state before trying to update.
Panic Output
No panic.
Expected Behavior
When creating an automation account using azurerm_automation_account, the default modules that are installed into the automation account are added to Terraform state in addition to the automation account itself.
Actual Behavior
Essentially, when you create an Azure Automation Account using azurerm_automation_account, the Automation Account automatically adds numerous modules into the Account by default.聽
聽
If as part of the deployment you then try to update the existing modules to a newer version, the deployment fails with an error saying that the resource already exists and it needs to be added to Terraform state.
聽
As I鈥檓 typing this, one thought that comes to mind is that we could try to run a PowerShell script dependent on the completion of the creation of the Automation Account that deletes the existing modules and then the deployment re-deploys the modules as needed.聽 Any thoughts on this?
聽
Ideally the modules would be added into Terraform state as part of the Automation Account creation resource.
Steps to Reproduce
terraform apply- Review the created automation account in the Azure Portal
- Click on "modules" to view the list of default modules added to the Automation Account at creation.
- See attached image with list of default modules available in a newly created Automation Account.
Important Factoids
Nothing to add. situation is the same in Azure Public Cloud and Azure Government.
References
N/A
- #0000
robcamer
All 6 comments
@robcamer because automation account and automation module are different resources, terraform should not create one resource and import the state of other resource automatically. For any existing resources, users should use "terraform import" first
njuCZ
on 17 Sep 2020
These are not existing resources. They are getting created when the azure automation account is created. Having to do an import breaks CD tooling like github actions or azure devops if your trying to automate deployments.
rguthriemsft
on 18 Sep 2020
Agreed - this is a bug, presumably we should be removing these modules by default then allowing users to re-add them using the resources at the specific version they're expecting; but this is a major change so that'd need to wait for 3.0
tombuildsstuff
on 18 Sep 2020
8286 Discussed that these are default global modules and not removable. Terraform needs to correctly contain default state and should not require any manual interventions (i.e. "terraform import") to be able to work with an object from it's default state. These global modules are not removable, but are upgradable. Terraform needs to have the correct state of being after an object is deployed, including any of the objects "default" subcomponents.
ruandersMSFT
on 21 Sep 2020
Yes, found this in the docs as well: https://docs.microsoft.com/en-us/azure/automation/shared-resources/modules
"The following table lists modules that Azure Automation imports by default when you create your Automation account. Automation can import newer versions of these modules. However, you can't remove the original version from your Automation account, even if you delete a newer version. Note that these default modules include several AzureRM modules."\
agree with @ruandersMSFT feedback above.
robcamer
on 25 Sep 2020
@robcamer Correct. Take a look at the comments I had provided in issue #8286 (duplicate issue to this one), in which I outlined the Default Modules. In that issue, you'll also notice use of an ARM Template resource block which I have been able to successfully use as a temporary work around until such time that this can be fixed properly as part of future major update to Terraform to successfully import this default object state into Terraform State.
ruandersMSFT
on 25 Sep 2020
Related issues
mikemorris
路
3Comments
steffencircle
路
3Comments
rudolphjacksonm
路
3Comments
alant94
路
3Comments
voyera
路
3Comments
Most helpful comment
8286 Discussed that these are default global modules and not removable. Terraform needs to correctly contain default state and should not require any manual interventions (i.e. "terraform import") to be able to work with an object from it's default state. These global modules are not removable, but are upgradable. Terraform needs to have the correct state of being after an object is deployed, including any of the objects "default" subcomponents.