azurerm_windows_virtual_machine_scale_set | azurerm_linux_virtual_machine_scale_set | azurerm_orchestrated_virtual_machine_scale_set - expose the action attribute in the automatic_instance_repair code block

[WodansSon]

Community Note

• Please vote on this PR by adding a 👍 reaction to the original PR to help the community and maintainers prioritize for review
• Please do not leave "+1" or "me too" comments, they generate extra noise for PR followers and do not help prioritize for review

Description

Exposes the action attribute in the automatic_instance_repair code block for the azurerm_windows_virtual_machine_scale_set, azurerm_linux_virtual_machine_scale_set, and azurerm_orchestrated_virtual_machine_scale_set resources which has now GA'ed.

PR Checklist

• I have followed the guidelines in our Contributing Documentation.
• I have checked to ensure there aren't other open Pull Requests for the same update/change.
• I have checked if my changes close any open issues. If so please include appropriate closing keywords below.
• I have updated/added Documentation as required written in a helpful and kind way to assist users that may be unfamiliar with the resource / data source.
• I have used a meaningful PR title to help maintainers and other users understand this change and help prevent duplicate work.
  For example: “resource_name_here - description of change e.g. adding property new_property_name_here”

Changes to existing Resource / Data Source

• I have added an explanation of what my changes do and why I'd like you to include them (This may be covered by linking to an issue above, but may benefit from additional explanation).
• I have written new tests for my resource or datasource changes & updated any relevent documentation.
• I have successfully run tests with my changes locally. If not, please provide details on testing challenges that prevented you running the tests.
• (For changes that include a state migration only). I have manually tested the migration path between relevant versions of the provider.

Testing

• My submission includes Test coverage as described in the Contribution Guide and the tests pass. (if this is not possible for any reason, please include details of why you did or could not add test coverage)

Change Log

Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.

• azurerm_linux_virtual_machine_scale_set - expose the action attribute in the automatic_instance_repair code block
• azurerm_orchestrated_virtual_machine_scale_set - expose the action attribute in the automatic_instance_repair code block
• azurerm_windows_virtual_machine_scale_set - expose the action attribute in the automatic_instance_repair code block

This is a (please select all that apply):

• Bug Fix
• New Feature (ie adding a service, resource, or data source)
• Enhancement
• Breaking Change

Related Issue(s)

Supersedes PR #22330

Note

If this PR changes meaningfully during the course of review please update the title and description as required.

[stephybun]

Thanks @WodansSon! In addition to the one minor comment left in-line, there is also a test failure:

------- Stdout: -------
=== RUN   TestAccLinuxVirtualMachineScaleSet_otherAutomaticRepairsPolicy
=== PAUSE TestAccLinuxVirtualMachineScaleSet_otherAutomaticRepairsPolicy
=== CONT  TestAccLinuxVirtualMachineScaleSet_otherAutomaticRepairsPolicy
    testcase.go:113: Step 1/8 error: After applying this test step, the plan was not empty.
        stdout:
        Terraform used the selected providers to generate the following execution
        plan. Resource actions are indicated with the following symbols:
          ~ update in-place
        Terraform will perform the following actions:
          # azurerm_linux_virtual_machine_scale_set.test will be updated in-place
          ~ resource "azurerm_linux_virtual_machine_scale_set" "test" {
                id                                                = "/subscriptions/*******/resourceGroups/acctestRG-240605072813414110/providers/Microsoft.Compute/virtualMachineScaleSets/acctestvmss-240605072813414110"
                name                                              = "acctestvmss-240605072813414110"
                # (25 unchanged attributes hidden)
              ~ automatic_instance_repair {
                  ~ action       = "Replace" -> "Restart"
                    # (2 unchanged attributes hidden)
                }
              ~ network_interface {
                  + dns_servers                   = []
                    name                          = "example"
                    # (3 unchanged attributes hidden)
                  ~ ip_configuration {
                      + application_gateway_backend_address_pool_ids = []
                      + application_security_group_ids               = []
                        name                                         = "internal"
                        # (5 unchanged attributes hidden)
                    }
                }
                # (4 unchanged blocks hidden)
            }
        Plan: 0 to add, 1 to change, 0 to destroy.
--- FAIL: TestAccLinuxVirtualMachineScaleSet_otherAutomaticRepairsPolicy (457.25s)
FAIL

[stephybun]

We can replace these with

Suggested change

	ValidateFunc: validation.StringInSlice([]string{
	string(virtualmachinescalesets.RepairActionReimage),
	string(virtualmachinescalesets.RepairActionRestart),
	string(virtualmachinescalesets.RepairActionReplace),
	}, false),
	ValidateFunc: validation.StringInSlice(virtualmachinescalesets.PossibleValuesForRepairAction(), false),

[WodansSon]

Fixed.

[WodansSon]

The test failures are due to other v4.0 issues not related to this PR:

[stephybun]

Thanks @WodansSon. I have a question about the behaviour and there are some minor things to fix up as well. Once those are resolved and the relevant tests pass then this should be good to go.

[WodansSon]

All of the failures are not related to this PR and are service related or test misconfigurations in v4.0:

[stephybun]

Thanks @WodansSon! I was hoping this would be good to go now, but there is a scenario which we have not tested for and raises some questions which would be good to have answered before we proceed with the current behaviour:

How would a user remove automatic_instance_repair if they wanted to removed health_probe_id?

I messed around with this in an attempt to understand what that update path would look like but removing automatic_instance_repair with health_probe_id unset in the config results in an API error even though automatic_instance_repair isn't in the payload which raises questions as to how the Service Team want the interplay between these two properties to work.

PATCH request payload:

{
  "properties": {
    "upgradePolicy": {
      "mode": "Manual"
    },
    "virtualMachineProfile": {
      "networkProfile": {
        "networkInterfaceConfigurations": [
          {
            "name": "example",
            "properties": {
              "dnsSettings": {
                "dnsServers": []
              },
              "enableAcceleratedNetworking": false,
              "enableIPForwarding": false,
              "ipConfigurations": [
                {
                  "name": "internal",
                  "properties": {
                    "applicationGatewayBackendAddressPools": [],
                    "applicationSecurityGroups": [],
                    "loadBalancerBackendAddressPools": [
                      {
                        "id": "***"
                      }
                    ],
                    "loadBalancerInboundNatPools": [
                      {
                        "id": "***"
                      }
                    ],
                    "primary": true,
                    "privateIPAddressVersion": "IPv4",
                    "subnet": {
                      "id": "***"
                    }
                  }
                }
              ],
              "primary": true
            }
          }
        ]
      },
      "storageProfile": {
        "imageReference": {
          "offer": "UbuntuServer",
          "publisher": "Canonical",
          "sku": "16.04-LTS",
          "version": "latest"
        }
      }
    }
  }
}

Response:

{
  "error": {
    "code": "BadRequest",
    "message": "Automatic repairs not supported for this Virtual Machine Scale Set because a health probe or health extension was not provided."
  }
}

Could you raise this and get some clarification?

[stephybun]

Nit-picking here but strictly speaking this isn't correct. Since the property has Computed set users can remove this from their config without hitting any API limitations or experiencing a diff so I think this should be removed, or perhaps rephrased?

[WodansSon]

Fixed.

[stephybun]

Not sure if a commit is missing here but these have not been changed?

[WodansSon]

I believe I misunderstood what you were saying, now that I have read it a few more times, what you want is for the note to be removed since if you remove it from the config is will just pull it from state?

[stephybun]

Ditto here

[WodansSon]

Fixed.

[WodansSon]

@stephybun :

How would a user remove automatic_instance_repair if they wanted to removed health_probe_id?

I messed around with this in an attempt to understand what that update path would look like but removing automatic_instance_repair with health_probe_id unset in the config results in an API error even though automatic_instance_repair isn't in the payload which raises questions as to how the Service Team want the interplay between these two properties to work.

IIRC, once the automatic_instance_repair is enabled it cannot be removed from the VMSS resource, however you can suspend it via a separate API call, which I have not exposed, nor was I asked too, but you can disable it via the enabled field in the code block. The suspend bit might be a later ask from the service team?

Viewing and updating the service state of automatic instance repairs policy

[stephybun]

I see, it's just a bit jarring to receive the following error:
"message": "Automatic repairs not supported for this Virtual Machine Scale Set because a health probe or health extension was not provided."
When neither automatic repairs and health probe ID are sent in the payload. If the Service Team are open to feedback here then a more contextual error message would go a long way and have saved us some back and forth on this, e.g.

Automatic repairs have been enabled for this Virtual Machine Scale Set previously and cannot be removed

In any case, the comment I left on the docs doesn't seem to have been addressed or there's a commit missing? Once that's sorted and been applied to all three docs then this should be good to go!

[stephybun]

No need to fix this here and now but just so you're aware this is a legacy pattern. If you see more like these, they should be updated to use the ID to be consistent and up to date with the rest of the provider.

Suggested change

	return fmt.Errorf("managed disk %q (Resource Group %q) was not found", name, resourceGroup)
	return fmt.Errorf("%s was not found", id)

[stephybun]

Not sure if a commit is missing here but these have not been changed?

[WodansSon]

[stephybun]

Thanks @WodansSon LGTM 👍

[NaveenKumar-Y]

When automatic_instance_repair is used in linux vmss module, even though when we set enable=false, it is taking it as true,
Provider version : v3.116.0

In main.tf:

variable:

In Terraform Plan:

Terraform apply error:

FYI - The same setup is working with provider version : v3.113.0

@stephybun @WodansSon

[NaveenKumar-Y]

@WodansSon @stephybun

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.