JSON parse error on beta version of inline extension block for azure_linux_virtual_machine_scale_set resource.

[bxeno]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v0.12.25

• provider.azurerm v2.26.0

Affected Resource(s)

• azurerm_linux_virtual_machine_scale_set

Terraform Configuration Files

resource "azurerm_linux_virtual_machine_scale_set" "manager" {
  name                = "manager"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
  sku                 = "Standard_DS2_v2"
  instances           = 3

  lifecycle {
    ignore_changes = [ instances ]
  }

  upgrade_mode = "Manual"

  scale_in_policy = "OldestVM"

  terminate_notification {
    enabled                          = true
    timeout                          = "PT5M"
  }
  overprovision                      = false

  source_image_id                    = var.image_id

  os_disk {
    caching                         = "ReadWrite"
    storage_account_type            = "Standard_LRS"
  }

  data_disk {
      caching                   = "ReadWrite"
      create_option             = "FromImage"
      disk_size_gb              = 128
      lun                       = 0
      storage_account_type      = "Standard_LRS"
  }

  data_disk {
      caching                   = "ReadWrite"
      create_option             = "FromImage"
      disk_size_gb              = 256
      lun                       = 1
      storage_account_type      = "Standard_LRS"
  }
  computer_name_prefix            = "manager"

  admin_username                  = "localadmin"
  disable_password_authentication = true
  
  admin_ssh_key {
    username                        = "localadmin"
    public_key                      = var.admin_public_key
  }

  network_interface {
    name    = "primary"
    primary = true

    ip_configuration {
      name                                    = "manager-ipconfig"
      primary                                 = true
      subnet_id                               = azurerm_subnet.docker.id
    }
  }

  extension {
    name                              = "data_disk_encryption"
    publisher                         = "Microsoft.Azure.Security"
    type                              = "AzureDiskEncryptionForLinux"
    type_handler_version              = "1.1"
    auto_upgrade_minor_version        = false
    settings                          = jsonencode({
          "EncryptionOperation"       = "EnableEncryption"
          "KeyVaultResourceId"        = azurerm_key_vault.vault.id
          "KeyVaultURL"               = azurerm_key_vault.vault.vault_uri
          "VolumeType"                = "DATA"
    })
  }
}

Debug Output

https://gist.github.com/brentonoloughlin/189c312e321baaa22d2c1e64c727e1fc

Expected Behavior

The Virtual Machine Scale Set resource should have been provisioned with the Azure Disk Encryption extension enabled.

the excerpt from terraform plan shows:

      + extension {
          + auto_upgrade_minor_version = false
          + name                       = "data_disk_encryption"
          + publisher                  = "Microsoft.Azure.Security"
          + settings                   = jsonencode(
                {
                  + EncryptionOperation = "EnableEncryption"
                  + KeyVaultResourceId  = "/subscriptions/37d41301-c255-4f06-95b4-902a713aeb5e/resourceGroups/vnet/providers/Microsoft.KeyVault/vaults/roughscale-vault"
                  + KeyVaultURL         = "https://roughscale-vault.vault.azure.net/"
                  + VolumeType          = "DATA"
                }
            )
          + type                       = "AzureDiskEncryptionForLinux"
          + type_handler_version       = "1.1"
        }

The same inline extension block code works successfully for the azurerm_virtual_machine_scale_set resource (with the same terraform version and azurerm provider version). For the 'azurerm_virtual_machine_scale_set' resource, the settings parameter from the terraform plan is slightly different (not sure if this is relevant):

      + extension {
          + auto_upgrade_minor_version = false
          + name                       = "data_disk_encryption"
          + provision_after_extensions = []
          + publisher                  = "Microsoft.Azure.Security"
          + settings                   = (known after apply)
          + type                       = "AzureDiskEncryptionForLinux"
          + type_handler_version       = "1.1"
        }

Actual Behavior

ARM_PROVIDER_VMSS_EXTENSIONS_BETA=true terraform apply results in:

Error: failed to parse JSON from `settings`: unexpected end of JSON input

  on 60-vmss2.tf line 1, in resource "azurerm_linux_virtual_machine_scale_set" "manager":
   1: resource "azurerm_linux_virtual_machine_scale_set" "manager" {

Steps to Reproduce

1. Build custom image with attached data disks (image built by packer based on RHEL7 Marketplace image)
2. ARM_PROVIDER_VMSS_EXTENSIONS_BETA=true terraform apply

[pakhom]

@brentonoloughlin did you try to add "protected_settings" field to extension block? Cuz I've had the same issue and resolved it just by add empty "protected_settings" field in my extension block.

[bxeno]

Thanks @pakhom for the workaround. adding an empty protected_settings field worked.

Since this field is optional in the azurerm_virtual_machine_scale_set_extension resource, it should be similarly optional in the inline extension resource.

[xyzzykdj]

Ran into the same issue. Thanks for the work around!

[bbreckenridge]

Any other updates on this? Adding:

protected_settings = ""

To my extension block didn't resolve this error for me.

[bxeno]

Any other updates on this? Adding:

protected_settings = ""

To my extension block didn't resolve this error for me.

protected_settings = jsonencode({})

worked for me.

[bbreckenridge]

Any other updates on this? Adding:
protected_settings = ""
To my extension block didn't resolve this error for me.

protected_settings = jsonencode({})

worked for me.

Thanks for responding.

I was able to use the separate resource for creating an extension and set the VMSS to upgrade automatically and it resolved my issue.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!