search

cloudeteer / terraform-azurerm-vm

☁️ Cloudeteer's Terraform AzureRM virtual machine module
https://www.cloudeteer.de
MIT License
6 stars 0 forks source link

[BUG]: hotpatching and BypassPlatformSafetyChecksOnUserSchedule are not compatible #31

Closed jkroepke closed 2 months ago

jkroepke commented 2 months ago

Feature Description

Using 

module "vm-relc-a-p-1" {
  source = "cloudeteer/vm/azurerm"

  version = "0.0.10"

  name = "vm-1"
  size = "Standard_D2s_v5"
  os_disk = {
    storage_account_type = "StandardSSD_LRS"
  }

  location            = module.resource_group.location
  resource_group_name = module.resource_group.name

  enable_backup_protected_vm = false
  computer_name              = "vm-1"
  image                      = "MicrosoftWindowsServer:WindowsServer:2022-datacenter-azure-edition-hotpatch:latest"
  hotpatching_enabled        = true
  identity                   = { type = "SystemAssigned" }
  license_type               = "Windows_Server"
  store_secret_in_key_vault  = false
  subnet_id                  = module.resource_group.subnet_ids["default"]
  tags                       = merge(module.resource_group.tags)
}

Results into the following error

╷
│ Error: creating Windows Virtual Machine (Subscription: ""
│ Resource Group Name: "RG-SP_PROD"
│ Virtual Machine Name: "vm-1"): performing CreateOrUpdate: unexpected status 400 (400 Bad Request) with error: InvalidParameter: Hotpatch updates require platform safety checks. The 'BypassPlatformSafetyChecksOnUserSchedule' flag must be set to false to enable hotpatching.
│ 
│   with module.vm-1.azurerm_windows_virtual_machine.this[0],
│   on .terraform/modules/vm-1/r-vm.tf line 109, in resource "azurerm_windows_virtual_machine" "this":
│  109: resource "azurerm_windows_virtual_machine" "this" {
│ 
╵
Releasing state lock. This may take a few moments...

this error feels strange:

The remote tests are green in https://github.com/cloudeteer/terraform-azurerm-vm/pull/29, however this can't be the truth. If bypass_platform_safety_checks_on_user_schedule_enabled = true and hotpatching_enabled = true and error has occurred and the terraform test should not pass.

https://github.com/cloudeteer/terraform-azurerm-vm/blob/ac6a4db22de74cdc9f3d2a7787b144be32093ce5/variables.tf#L145-L154

Use Case

N/A

Additional Information

No response

Privacy Statement

Code of Conduct

rswrz commented 2 months ago

The remote tests are green in https://github.com/cloudeteer/terraform-azurerm-vm/pull/29, however this can't be the truth.

The remote (e2e) test was successful because it is not setting hotpatching_enabled = true.

The local (unit) test was successful because the error you get is not thrown by the provider, but the Azure API during the deployment.

A solution can be a validation {} block on input variable hotpatching_enabled.