azurerm_linux_virtual_machine_scale_set, `azurerm_orchestrated_virt…

…ual_machine_scale_set`, `azurerm_windows_virtual_machine_scale_set` - Fix potential nil panic caused by ommited `extensions_to_provision_after_vm_creation` block (hashicorp#28549)
hqhqhqhqhqhqhqhqhqhqhq · Feb 26, 2025 · 34cd258 · 34cd258
1 parent b92b503
commit 34cd258
Show file tree

Hide file tree

Showing 7 changed files with 165 additions and 22 deletions.
diff --git a/internal/services/compute/linux_virtual_machine_scale_set_resource_extensions_test.go b/internal/services/compute/linux_virtual_machine_scale_set_resource_extensions_test.go
@@ -1017,7 +1017,12 @@ resource "azurerm_service_fabric_cluster" "test" {
   reliability_level   = "Bronze"
   upgrade_mode        = "Automatic"
   vm_image            = "Linux"
-  management_endpoint = "http://example:80"
+  management_endpoint = "https://example:80"
+
+  certificate {
+    thumbprint      = "3341DB6CF2AF72C611DF3BE3721A653AF1D43ECD50F584F828793DBE9103C3EE"
+    x509_store_name = "My"
+  }
 
   node_type {
     name                 = "backend"

diff --git a/internal/services/compute/linux_virtual_machine_scale_set_resource_network_test.go b/internal/services/compute/linux_virtual_machine_scale_set_resource_network_test.go
@@ -525,8 +525,7 @@ resource "azurerm_public_ip" "test" {
   name                = "acctest-pubip-%d"
   location            = "${azurerm_resource_group.test.location}"
   resource_group_name = "${azurerm_resource_group.test.name}"
-  allocation_method   = "Dynamic"
-  sku                 = "Basic"
+  allocation_method   = "Static"
 }
 
 # since these variables are re-used - a locals block makes this more maintainable
@@ -545,8 +544,8 @@ resource "azurerm_application_gateway" "test" {
   location            = "${azurerm_resource_group.test.location}"
 
   sku {
-    name     = "Standard_Small"
-    tier     = "Standard"
+    name     = "Standard_v2"
+    tier     = "Standard_v2"
     capacity = 2
   }
 
@@ -586,6 +585,7 @@ resource "azurerm_application_gateway" "test" {
 
   request_routing_rule {
     name                       = "${local.request_routing_rule_name}"
+    priority                   = 9
     rule_type                  = "Basic"
     http_listener_name         = "${local.listener_name}"
     backend_address_pool_name  = "${local.backend_address_pool_name}"

diff --git a/internal/services/compute/linux_virtual_machine_scale_set_resource_other_test.go b/internal/services/compute/linux_virtual_machine_scale_set_resource_other_test.go
@@ -748,7 +748,7 @@ func TestAccLinuxVirtualMachineScaleSet_otherCancelRollingUpgrades(t *testing.T)
 						return err
 					}
 
-					ctx2, cancel := context.WithTimeout(ctx, 5*time.Minute)
+					ctx2, cancel := context.WithTimeout(ctx, 60*time.Minute)
 					defer cancel()
 					options := virtualmachinescalesets.DefaultGetOperationOptions()
 					options.Expand = pointer.To(virtualmachinescalesets.ExpandTypesForGetVMScaleSetsUserData)
@@ -2427,6 +2427,7 @@ resource "azurerm_public_ip" "test" {
   location                = azurerm_resource_group.test.location
   resource_group_name     = azurerm_resource_group.test.name
   allocation_method       = "Dynamic"
+  sku                     = "Basic"
   idle_timeout_in_minutes = 4
 }
 resource "azurerm_lb" "test" {

diff --git a/internal/services/compute/orchestrated_virtual_machine_scale_set.go b/internal/services/compute/orchestrated_virtual_machine_scale_set.go
@@ -1426,11 +1426,10 @@ func expandOrchestratedVirtualMachineScaleSetExtensions(input []interface{}) (ex
 		autoUpgradeMinorVersion, _ := extensionRaw["auto_upgrade_minor_version_enabled"].(bool)
 
 		extensionProps := virtualmachinescalesets.VirtualMachineScaleSetExtensionProperties{
-			Publisher:                pointer.To(extensionRaw["publisher"].(string)),
-			Type:                     &extensionType,
-			TypeHandlerVersion:       pointer.To(extensionRaw["type_handler_version"].(string)),
-			AutoUpgradeMinorVersion:  pointer.To(autoUpgradeMinorVersion),
-			ProvisionAfterExtensions: utils.ExpandStringSlice(extensionRaw["extensions_to_provision_after_vm_creation"].([]interface{})),
+			Publisher:               pointer.To(extensionRaw["publisher"].(string)),
+			Type:                    &extensionType,
+			TypeHandlerVersion:      pointer.To(extensionRaw["type_handler_version"].(string)),
+			AutoUpgradeMinorVersion: pointer.To(autoUpgradeMinorVersion),
 		}
 
 		if extensionType == "ApplicationHealthLinux" || extensionType == "ApplicationHealthWindows" {
@@ -1454,6 +1453,10 @@ func expandOrchestratedVirtualMachineScaleSetExtensions(input []interface{}) (ex
 			extensionProps.Settings = pointer.To(result)
 		}
 
+		if val, ok := extensionRaw["extensions_to_provision_after_vm_creation"]; ok && val != nil {
+			extensionProps.ProvisionAfterExtensions = utils.ExpandStringSlice(val.([]interface{}))
+		}
+
 		protectedSettingsFromKeyVault := expandProtectedSettingsFromKeyVaultVMSS(extensionRaw["protected_settings_from_key_vault"].([]interface{}))
 		extensionProps.ProtectedSettingsFromKeyVault = (protectedSettingsFromKeyVault)
 

diff --git a/internal/services/compute/windows_virtual_machine_scale_set_resource_extensions_test.go b/internal/services/compute/windows_virtual_machine_scale_set_resource_extensions_test.go
@@ -982,14 +982,133 @@ func (r WindowsVirtualMachineScaleSetResource) extensionsAutomaticUpgradeWithSer
 	return fmt.Sprintf(`
 %s
 
+data "azurerm_client_config" "current" {}
+
+resource "azurerm_key_vault" "test" {
+  name                   = "acc%d"
+  location               = azurerm_resource_group.test.location
+  resource_group_name    = azurerm_resource_group.test.name
+  tenant_id              = data.azurerm_client_config.current.tenant_id
+  sku_name               = "premium"
+  enabled_for_deployment = true
+
+  access_policy {
+    tenant_id = data.azurerm_client_config.current.tenant_id
+    object_id = data.azurerm_client_config.current.object_id
+
+    certificate_permissions = [
+      "Create",
+      "Delete",
+      "DeleteIssuers",
+      "Get",
+      "GetIssuers",
+      "Import",
+      "List",
+      "ListIssuers",
+      "ManageContacts",
+      "ManageIssuers",
+      "SetIssuers",
+      "Update",
+      "Purge",
+    ]
+
+    key_permissions = [
+      "Backup",
+      "Create",
+      "Decrypt",
+      "Delete",
+      "Encrypt",
+      "Get",
+      "Import",
+      "List",
+      "Purge",
+      "Recover",
+      "Restore",
+      "Sign",
+      "UnwrapKey",
+      "Update",
+      "Verify",
+      "WrapKey",
+    ]
+
+    secret_permissions = [
+      "Backup",
+      "Delete",
+      "Get",
+      "List",
+      "Purge",
+      "Recover",
+      "Restore",
+      "Set",
+    ]
+  }
+}
+
+resource "azurerm_key_vault_certificate" "test" {
+  name         = "generated-cert"
+  key_vault_id = azurerm_key_vault.test.id
+
+  certificate_policy {
+    issuer_parameters {
+      name = "Self"
+    }
+
+    key_properties {
+      exportable = true
+      key_size   = 2048
+      key_type   = "RSA"
+      reuse_key  = true
+    }
+
+    lifetime_action {
+      action {
+        action_type = "AutoRenew"
+      }
+
+      trigger {
+        days_before_expiry = 30
+      }
+    }
+
+    secret_properties {
+      content_type = "application/x-pkcs12"
+    }
+
+    x509_certificate_properties {
+      extended_key_usage = ["1.3.6.1.5.5.7.3.1"]
+
+      key_usage = [
+        "cRLSign",
+        "dataEncipherment",
+        "digitalSignature",
+        "keyAgreement",
+        "keyCertSign",
+        "keyEncipherment",
+      ]
+
+      subject_alternative_names {
+        dns_names = ["example.com"]
+      }
+
+      subject            = "CN=example.com"
+      validity_in_months = 12
+    }
+  }
+}
+
 resource "azurerm_service_fabric_cluster" "test" {
   name                = local.vm_name
   resource_group_name = azurerm_resource_group.test.name
   location            = azurerm_resource_group.test.location
   reliability_level   = "Bronze"
   upgrade_mode        = "Automatic"
   vm_image            = "Windows"
-  management_endpoint = "http://example:80"
+  management_endpoint = "https://example:80"
+
+  certificate {
+    thumbprint      = azurerm_key_vault_certificate.test.thumbprint
+    x509_store_name = "My"
+  }
 
   node_type {
     name                 = "backend"
@@ -1047,6 +1166,14 @@ resource "azurerm_windows_virtual_machine_scale_set" "test" {
     }
   }
 
+  secret {
+    key_vault_id = azurerm_key_vault.test.id
+    certificate {
+      store = "My"
+      url   = azurerm_key_vault_certificate.test.secret_id
+    }
+  }
+
   extension {
     name                       = "ServiceFabric"
     publisher                  = "Microsoft.Azure.ServiceFabric"
@@ -1060,10 +1187,16 @@ resource "azurerm_windows_virtual_machine_scale_set" "test" {
       dataPath           = "C:\\SvcFab"
       durabilityLevel    = "Bronze"
       enableParallelJobs = true
+      certificate = {
+        commonNames = [
+          "example.com",
+        ]
+        x509StoreName = "My"
+      }
     })
   }
 }
-`, r.template(data))
+`, r.template(data), data.RandomInteger)
 }
 
 func (r WindowsVirtualMachineScaleSetResource) extensionAutomaticUpgradeEnabled(data acceptance.TestData) string {

diff --git a/internal/services/compute/windows_virtual_machine_scale_set_resource_network_test.go b/internal/services/compute/windows_virtual_machine_scale_set_resource_network_test.go
@@ -523,8 +523,7 @@ resource "azurerm_public_ip" "test" {
   name                = "acctest-pubip-%d"
   location            = "${azurerm_resource_group.test.location}"
   resource_group_name = "${azurerm_resource_group.test.name}"
-  allocation_method   = "Dynamic"
-  sku                 = "Basic"
+  allocation_method   = "Static"
 }
 
 # since these variables are re-used - a locals block makes this more maintainable
@@ -543,8 +542,8 @@ resource "azurerm_application_gateway" "test" {
   location            = "${azurerm_resource_group.test.location}"
 
   sku {
-    name     = "Standard_Small"
-    tier     = "Standard"
+    name     = "Standard_v2"
+    tier     = "Standard_v2"
     capacity = 2
   }
 
@@ -584,6 +583,7 @@ resource "azurerm_application_gateway" "test" {
 
   request_routing_rule {
     name                       = "${local.request_routing_rule_name}"
+    priority                   = 9
     rule_type                  = "Basic"
     http_listener_name         = "${local.listener_name}"
     backend_address_pool_name  = "${local.backend_address_pool_name}"

diff --git a/internal/services/compute/windows_virtual_machine_scale_set_resource_other_test.go b/internal/services/compute/windows_virtual_machine_scale_set_resource_other_test.go
@@ -891,7 +891,7 @@ func TestAccWindowsVirtualMachineScaleSet_otherCancelRollingUpgrades(t *testing.
 						return err
 					}
 
-					ctx2, cancel := context.WithTimeout(ctx, 5*time.Minute)
+					ctx2, cancel := context.WithTimeout(ctx, 60*time.Minute)
 					defer cancel()
 					options := virtualmachinescalesets.DefaultGetOperationOptions()
 					options.Expand = pointer.To(virtualmachinescalesets.ExpandTypesForGetVMScaleSetsUserData)
@@ -1342,10 +1342,11 @@ resource "azurerm_virtual_network" "test" {
 }
 
 resource "azurerm_subnet" "test" {
-  name                 = "internal"
-  resource_group_name  = azurerm_resource_group.test.name
-  virtual_network_name = azurerm_virtual_network.test.name
-  address_prefixes     = ["10.0.2.0/24"]
+  name                            = "internal"
+  resource_group_name             = azurerm_resource_group.test.name
+  virtual_network_name            = azurerm_virtual_network.test.name
+  address_prefixes                = ["10.0.2.0/24"]
+  default_outbound_access_enabled = false
 }
 
 resource "azurerm_windows_virtual_machine_scale_set" "test" {