[Feature Request] azurerm_[linux|windows]_virtual_machine: Add os_disk[0].id to attribute reference

jpbuecken commented 3 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

After creating a VM it would be nice to access the os_disk id in terraform code.

In my use case I want to give the VM the READER role to read information about its os_disk. (for example, this is needed for the new Azure Enhanced Monitoring for SAP extension [1], [2])

Possible idea: Call the managed disk datasource code internally after instance has been created to fill values for os_disk?

New or Affected Resource(s)

azurerm_linux_virtual_machine
azurerm_windows_virtual_machine

Potential Terraform Configuration

You need to rollout the VM first before you can add the code for role assignment, otherwise principal id is not available. Maybe this can be fixed with this Issue as well?

resource "azurerm_linux_virtual_machine" "instance" {
[...]
  os_disk {
    name                 = "instance_osdisk"
    caching              = "ReadWrite"
    storage_account_type = "Premium_LRS"
  }
  identity {
      type = "SystemAssigned"
    }
  }

[...]
}

resource "azurerm_role_assignment" "vm_read_osdisk" {
  scope                = azurerm_linux_virtual_machine.instance.os_disk[0].id
  role_definition_name = "Reader"
  principal_id         = azurerm_linux_virtual_machine.instance.identity[0].principal_id
}

References

[1] https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/deployment-guide#d98edcd3-f2a1-49f7-b26a-07448ceb60ca [2] https://github.com/Azure/azure-cli-extensions/issues/3019#issuecomment-785022356

brettvatech commented 1 year ago

Yes please, additional vote here!

the-gabe commented 3 weeks ago

Workaround:

data "azapi_resource" "example-reference-name" {
  name                   = "name-of-your-vm"
  parent_id              = azurerm_resource_group.reference-name-of-your-resource-group.id
  type                   = "Microsoft.Compute/virtualMachines@2024-07-01"
  response_export_values = ["properties.storageProfile.osDisk.managedDisk.id"]
}

# Use the below to pass the ID to other resources. e.g,

resource "example" "examplename" {
...
disk_id = jsondecode(data.azapi_resource.example-reference-name.output).properties.storageProfile.osDisk.managedDisk.id
...
}

hashicorp / terraform-provider-azurerm