Can't import portal-created AKS clusters

[holmesb]

AKS clusters created using the portal cannot be imported. Since GA, there is no longer a Portal option to choose an SSH key. Yet specifying an SSH key is a requirement in the kubernetes_cluster resource. After importing, any ssh_key value forces the cluster to be recreated. Even an empty ssh_key such as:

linux_profile {
    admin_username = ""
    ssh_key = {
      key_data = ""
    }
  }

when planned, results in :

linux_profile.0.ssh_key.#:              "0" => "1" (forces new resource)

Hence it's impossible to import portal-created AKS clusters. No matter what value is used for linux_profile.ssh_key, it forces cluster recreation.

Steps to Reproduce

1. Create AKS cluster on portal using any options
2. Write a matching terraform kubernetes_cluster resource block
3. terraform import the cluster
4. terraform plan

[metacpp]

@holmesb Thanks for opening this issue, I can reproduce the issue reported by you.

The linuxProfile is required field by AKS REST SPEC:
https://github.com/Azure/azure-rest-api-specs/blob/master/specification/containerservices/resource-manager/Microsoft.ContainerService/stable/2018-03-31/managedClusters.json#L979

If we don't pass it while calling API, it will reject the request. We're currently working with AKS team to get more information, please stay tuned for further updates.

[zqingqing1]

can you get rid of the whole linux profile to create cluster? since Linux profile is optional, but if you specifying linux_profile, the admin_usernakme and ssh_key are required.

linux_profile {
   admin_username = ""
   ssh_key = {
     key_data = ""
   }
 }

[metacpp]

@zqingqing1 that will not be helpful. Even we made the linux_profile be optional from schema definition on terraform client side, the SDK constraint validation still reject it:

Error: Error applying plan:

1 error(s) occurred:

* azurerm_kubernetes_cluster.test: 1 error(s) occurred:

* azurerm_kubernetes_cluster.test: containerservice.ManagedClustersClient#CreateOrUpdate: Invalid input: autorest/validation: validation failed: parameter=parameters.ManagedClusterProperties.LinuxProfile.AdminUsername constraint=Null value=(*string)(nil) details: value can not be null; required parameter

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

[zqingqing1]

it is saying the admin_username you provide is nil, and that field is required, because you give the admin_username = "". Let me try to remove it from terraform, then you don't need to specify linuxProfile. Meanwhile, I will apply the new change to see if that will pass.

[metacpp]

@zqingqing1 Please see linked PR, we updated the code to pass nil to API when linux_profile is not set.

[tombuildsstuff]

This has been fixed via #1821 which will be released as a part of v1.14.0 - as such I'm going to close this issue :)

[tombuildsstuff]

hey @holmesb

Just to let you know that this has been released in v1.14.0 of the AzureRM Provider which is now available: https://github.com/terraform-providers/terraform-provider-azurerm/blob/v1.14.0/CHANGELOG.md

Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!