azurerm_automation_account does not add default modules to Terraform state resulting in errors

[robcamer]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v0.13.2 provider[registry.terraform.io/hashicorp/azurerm] >= 2.18.0

Affected Resource(s)

• `azurerm_automation_account

Terraform Configuration Files

resource "azurerm_automation_account" "automation_account" {
  name                = var.AUTOMATION_ACCOUNT_NAME
  sku_name            = "Basic"
  location            = azurerm_resource_group.automation_dsc_rg.location
  resource_group_name = azurerm_resource_group.automation_dsc_rg.name
}

Debug Output

There is not any debug output as the resource (automation account) is created successfully, however, the default modules that are created as part of creating the automation_account are not added to Terraform state.

This causes issues if you then try to install an updated version of the default module via Terraform. Terraform sees that the module exists in Azure Automation account and says to first add those resources to Terraform state before trying to update.

Panic Output

No panic.

Expected Behavior

When creating an automation account using azurerm_automation_account, the default modules that are installed into the automation account are added to Terraform state in addition to the automation account itself.

Actual Behavior

Essentially, when you create an Azure Automation Account using azurerm_automation_account, the Automation Account automatically adds numerous modules into the Account by default.    If as part of the deployment you then try to update the existing modules to a newer version, the deployment fails with an error saying that the resource already exists and it needs to be added to Terraform state.   As I’m typing this, one thought that comes to mind is that we could try to run a PowerShell script dependent on the completion of the creation of the Automation Account that deletes the existing modules and then the deployment re-deploys the modules as needed.  Any thoughts on this?   Ideally the modules would be added into Terraform state as part of the Automation Account creation resource.

Steps to Reproduce

1. terraform apply
2. Review the created automation account in the Azure Portal
3. Click on "modules" to view the list of default modules added to the Automation Account at creation.
4. See attached image with list of default modules available in a newly created Automation Account.

Important Factoids

Nothing to add. situation is the same in Azure Public Cloud and Azure Government.

References

N/A

• #0000

[njuCZ]

@robcamer because automation account and automation module are different resources, terraform should not create one resource and import the state of other resource automatically. For any existing resources, users should use "terraform import" first

[rguthriemsft]

These are not existing resources. They are getting created when the azure automation account is created. Having to do an import breaks CD tooling like github actions or azure devops if your trying to automate deployments.

[tombuildsstuff]

Agreed - this is a bug, presumably we should be removing these modules by default then allowing users to re-add them using the resources at the specific version they're expecting; but this is a major change so that'd need to wait for 3.0

[ruandersMSFT]

#8286 Discussed that these are default global modules and not removable. Terraform needs to correctly contain default state and should not require any manual interventions (i.e. "terraform import") to be able to work with an object from it's default state. These global modules are not removable, but are upgradable. Terraform needs to have the correct state of being after an object is deployed, including any of the objects "default" subcomponents.

[robcamer]

Yes, found this in the docs as well: https://docs.microsoft.com/en-us/azure/automation/shared-resources/modules

"The following table lists modules that Azure Automation imports by default when you create your Automation account. Automation can import newer versions of these modules. However, you can't remove the original version from your Automation account, even if you delete a newer version. Note that these default modules include several AzureRM modules."\

agree with @ruandersMSFT feedback above.

[ruandersMSFT]

@robcamer Correct. Take a look at the comments I had provided in issue #8286 (duplicate issue to this one), in which I outlined the Default Modules. In that issue, you'll also notice use of an ARM Template resource block which I have been able to successfully use as a temporary work around until such time that this can be fixed properly as part of future major update to Terraform to successfully import this default object state into Terraform State.

[github-actions[bot]]

This functionality has been released in v3.4.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[mikemadeja]

@tombuildsstuff and @katbyte, would this be in the 3.19 milestone if it was already released in the 3.4.0 azurerm provider?

This functionality has been released in v3.4.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[tombuildsstuff]

@mikemadeja apologies, yeah this was released in v3.4.0 (per the comment you've linked above) - closing this out.

[github-actions[bot]]

This functionality has been released in v3.27.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.