Creating dynamic scope using data source with filter for azure rm provider

Accepted answer

Sina Salam 12,491

Welcome to the Microsoft Q&A and thank you for posting your questions here.

Problem

Sequel to your questions, I understand that you would like to dynamically scope the Azure RM provider in Terraform based on existing resource groups and potentially filter virtual machines based on tags. You also want to achieve this based on existing resource groups alone or a combination of resource groups and tags. You provided a code snippet and asked for assistance in achieving this functionality based on the code.

Scenario

As a DevOps engineer at a tech company, you are responsible for managing infrastructure deployments on Azure using Terraform. Recently, you encountered a requirement where there is a need to dynamically scope the Azure RM provider based on existing resource groups and filter virtual machines based on specific criteria, such as tags. To accomplish this, you have plans to modify your Terraform configuration.

Solution

This prescribed solution was based on the scenario given and your questions, while focusing on the problem statement. There are three sections in your code based on my review as follows:

To dynamically fetching information about virtual machines across all existing resource groups, not just a single one.
To filtering virtual machines within those resource groups based on the "environment" tag with a value of "production".
To assigning a maintenance configuration to the filtered set of virtual machines.

In the below code snippet, I provide a revised version of your Terraform configuration with some modifications for improvements:

# Fetch information about existing resource groups
data "azurerm_resource_groups" "existing" {}
# Fetch information about virtual machines within the existing resource groups
data "azurerm_virtual_machine" "vms" {
  for_each = toset(data.azurerm_resource_groups.existing.names)
  resource_group_name = each.value
}
# Define a map to filter virtual machines based on specific criteria (e.g., tags)
locals {
  filtered_vms = {
    for rg_name, vms in data.azurerm_virtual_machine.vms : rg_name => [
      for vm in vms : vm if contains(keys(vm.tags), "environment") && vm.tags["environment"] == "production"
    ]
  }
}
# Assign maintenance configuration dynamically to filtered virtual machines
resource "azurerm_maintenance_configuration_assignment" "vm_maintenance_assignment" {
  for_each = local.filtered_vms
  name                = "vmmcassigment-${each.key}"
  configuration_name  = azurerm_maintenance_configuration.vm_maintenance.name
  resource_group_name = each.key
  # Iterate over the VMs in the filtered_vms map
  dynamic "target_resource_id" {
    for_each = each.value
    content {
      target_resource_id = target_resource_id.value.id
      target_resource_region = target_resource_id.value.location
    }
  }
}

Finally

The code I provided should work for the cases you mentioned. It is filtering based on existing resource groups alone, and filtering based on both resource groups and tags. If you need to adjust the filtering criteria further, you can modify the conditions within the locals block.

Please ensure that you have the necessary permissions and that the Azure RM provider is correctly configured in your Terraform setup. Also, verify that the azurerm_maintenance_configuration.vm_maintenance.name` corresponds to an existing maintenance configuration in your Azure environment.

References

Source: https://github.com/hashicorp/terraform-provider-azurerm/issues/23336. accessed. 5/1/2024.

Source 2: Terraform Registry. Accessed. 5/1/2024.

Source 3: Hashi Corp Tags Management accessed. 5/1/2024.

Terraform Registry

Accept Answer

I hope this is helpful! Do not hesitate to let me know if you have any other questions.

** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful ** so that others in the community facing similar issues can easily find the solution.

Best Regards,

Sina Salam

Varma 1,385

Hi Sina,

Thank you. I have tried executing code, but came up with following error. Please suggest.

User's image

Error:

╷

│ Error: Invalid resource type

│

│ on main.tf line 107, in resource "azurerm_maintenance_configuration_assignment" "vm_maintenance_assignment":

│ 107: resource "azurerm_maintenance_configuration_assignment" "vm_maintenance_assignment" {

│

│ The provider hashicorp/azurerm does not support resource type "azurerm_maintenance_configuration_assignment".

This is the code I am using


provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "rg" {
  name     = "rg2"
  location = "South India"  # Update this with a valid Azure region
}

resource "azurerm_maintenance_configuration" "example" {
  name                = "example-mc"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  scope               = "InGuestPatch"  # Update this with a valid scope value
  // ... other required arguments ...
   properties = {
    InGuestPatchMode = "User"  # or "AutomaticByOS"
  }

  window {
    start_date_time     = "2024-04-30 17:30"
    expiration_date_time = "2024-05-30 17:30"
    duration            = "03:55" # Corrected duration format
    time_zone           = "UTC"
    recur_every         = "Week"
 
  }
   install_patches {
    linux {
      classifications_to_include = ["Critical", "Security", "Other"]
    }
    windows {
      classifications_to_include = ["Critical", "Security", "UpdateRollup", "FeaturePack", "ServicePack", "Definition", "Tools", "Updates"]
    }
    reboot = "IfRequired" // Possible values: Always, IfRequired, Never
  }
}

locals {
  vmlist = ["VM1"]
}

locals {
  vmlist2 = ["lab1" , "lab2"]
}

# resource "azurerm_maintenance_configuration" "vm_maintenance" {
#   name                = "mc1"
#   resource_group_name = azurerm_resource_group.rg.name
#   location            = azurerm_resource_group.rg.location
#   scope               = "InGuestPatch"

#   window {
#     start_date_time     = "2024-04-25T17:30:00Z"
#     expiration_date_time = "2024-05-25T17:30:00Z"
#     duration            = "01:00" # Corrected duration format
#     time_zone           = "UTC"
#     recur_every         = "Weekly" 
#   }
# }

resource "azurerm_maintenance_assignment_virtual_machine" "vm_maintenance_assignment" {
  for_each               = toset(local.vmlist)
  location               = azurerm_resource_group.rg.location
  maintenance_configuration_id = azurerm_maintenance_configuration.example.id
  virtual_machine_id     = "/subscriptions/93048f2d-2d0f-44cc-b12c-4df25a3c5ff5/resourceGroups/DS/providers/Microsoft.Compute/virtualMachines/${each.value}"
}

# data "azurerm_virtual_machine" "vms" {
#   resource_group_name = azurerm_resource_group.ds.name
# }
# # Filter virtual machines based on specific criteria (e.g., tags)
# locals {
#   filtered_vms = [for vm in data.azurerm_virtual_machines.vms : vm if contains(keys(vm.tags), "environment") && vm.tags.environment == "production"]
# }
# # Assign maintenance configuration dynamically to filtered virtual machines
# resource "azurerm_maintenance_configuration_assignment" "vm_maintenance_assignment2" {
#   for_each               = { for vm in local.filtered_vms : vm.id => vm }
#   name                   = "vmmcassigment-${each.value.name}"
#   configuration_name     = azurerm_maintenance_configuration.example.name
#   resource_group_name    = azurerm_resource_group.rg.name
#   target_resource_id     = each.value.id
#   target_resource_region = each.value.location
# }



# Fetch information about existing resource groups
data "azurerm_resource_group" "existing" {
  name = "rg2"
}
# Fetch information about virtual machines within the existing resource groups
data "azurerm_virtual_machine" "vms" {
  for_each = toset(data.azurerm_resource_group.existing.name)
  resource_group_name = each.value
  name = "lab1"
}
# Define a map to filter virtual machines based on specific criteria (e.g., tags)
locals {
  filtered_vms = {
    for rg_name, vms in data.azurerm_virtual_machine.vms : rg_name => [
      for vm in vms : vm if contains(keys(vm.tags), "environment") && vm.tags["environment"] == "production"
    ]
  }
}
# Assign maintenance configuration dynamically to filtered virtual machines
resource "azurerm_maintenance_configuration_assignment" "vm_maintenance_assignment" {
  for_each = local.filtered_vms
  name                = "vmmcassigment-${each.key}"
  configuration_name  = azurerm_maintenance_configuration.example.name
  resource_group_name = each.key
  # Iterate over the VMs in the filtered_vms map
  dynamic "target_resource_id" {
    for_each = each.value
    content {
      target_resource_id = target_resource_id.value.id
      target_resource_region = target_resource_id.value.location
    }
  }
}

Varma 1,385 Reputation points

2024-05-02T08:28:27.5666667+00:00

test123
Sina Salam 12,491 Reputation points

2024-05-02T10:35:14.0566667+00:00
Hi,

Which of the code is giving you problem, the previous or the new. You commented out the new one, I can't be sure of what give you the problem. The code work, based on your request on my side. If you would like to merge it with main.tf then edit your code from duplications of resources and ensure you check your typos and configurations error.

The error you provided: The resource type azurerm_maintenance_configuration_assignment is not recognized by the AzureRM provider. The correct resource type for assigning a maintenance configuration to a virtual machine in Azure is azurerm_maintenance_assignment_virtual_machine

Your work is focus on VM not general azurerm maintenance.

# Assign maintenance configuration dynamically to filtered virtual machines resource "azurerm_maintenance_assignment_virtual_machine" "vm_maintenance_assignment" { # ... other configuration ... }

All these will work when you provide correct attributes:

location =

maintenance_configuration_id =

et al

Varma 1,385

Hi Sina,

I have removed duplicates.

I have existing maintenance configuration and RG which has VM (Created successfully by same code)

. so now it is only to work on locals block onwards.......................in the below code

here is the code:


provider "azurerm" {
  features {}
}
resource "azurerm_resource_group" "rg" {
  name     = "rg2"
  location = "South India"  # Update this with a valid Azure region
}
resource "azurerm_maintenance_configuration" "example" {
  name                = "example-mc"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  scope               = "InGuestPatch"  # Update this with a valid scope value
  // ... other required arguments ...
   properties = {
    InGuestPatchMode = "User"  # or "AutomaticByOS"
  }
  window {
    start_date_time     = "2024-04-30 17:30"
    expiration_date_time = "2024-05-30 17:30"
    duration            = "03:55" # Corrected duration format
    time_zone           = "UTC"
    recur_every         = "Week"
 
  }
   install_patches {
    linux {
      classifications_to_include = ["Critical", "Security", "Other"]
    }
    windows {
      classifications_to_include = ["Critical", "Security", "UpdateRollup", "FeaturePack", "ServicePack", "Definition", "Tools", "Updates"]
    }
    reboot = "IfRequired" // Possible values: Always, IfRequired, Never
  }
}
locals {
  vmlist = ["VM1"]
}

locals {
  vmlist2 = ["lab1"]
}


# Fetch information about existing resource groups
data "azurerm_resource_group" "existing" {
  name = "rg2"
}

data "azurerm_virtual_machine" "vms" {
  for_each = toset(data.azurerm_resource_group.existing.name)
  resource_group_name = each.value
  name = "lab1"
}
# Define a map to filter virtual machines based on specific criteria (e.g., tags)
locals {
  filtered_vms = {
    for rg_name, vms in data.azurerm_virtual_machine.vms : rg_name => [
      for vm in vms : vm if contains(keys(vm.tags), "environment") && vm.tags["environment"] == "production"
    ]
  }
}
# Assign maintenance configuration dynamically to filtered virtual machines
resource "azurerm_maintenance_configuration_assignment" "vm_maintenance_assignment" {
  for_each = local.filtered_vms
  name                = "vmmcassigment-${each.key}"
  configuration_name  = azurerm_maintenance_configuration.example.name
  resource_group_name = each.key
  # Iterate over the VMs in the filtered_vms map
  dynamic "target_resource_id" {
    for_each = each.value
    content {
      target_resource_id = target_resource_id.value.id
      target_resource_region = target_resource_id.value.location
    }
  }
}

question1:

Abou the error:

Error: Invalid resource type

│

│ on main.tf line 64, in resource "azurerm_maintenance_configuration_assignment" "vm_maintenance_assignment":

│ 64: resource "azurerm_maintenance_configuration_assignment" "vm_maintenance_assignment" {

│

│ The provider hashicorp/azurerm does not support resource type "azurerm_maintenance_configuration_assignment".

Question2:

Below it is expecting to ask VM name during execution, it should not ask right? suppose many VMs then?

User's image

Sina Salam 12,491

For the error, use:

#Assign maintenance configuration dynamically to filtered virtual machines 
resource "azurerm_maintenance_assignment_virtual_machine" "vm_maintenance_assignment" { 
# ... other configuration ... 
}

Then provide the correct attributes:

location =

maintenance_configuration_id =

It will ask you and if not good.

Also,

If you want to fetch multiple virtual machines without specifying each name, you can use the azurerm_virtual_machines data source (note the plural ‘machines’), which allows you to retrieve information about all virtual machines within a specified resource group.

Otherwise since they are not many, put the name of the resource group where the vms are.

Look at this review this code:

# Fetch information about an existing resource group
data "azurerm_resource_group" "existing" {
  name = "your_resource_group_name" # Replace with your actual resource group name
}

# Fetch information about virtual machines within the existing resource group
data "azurerm_virtual_machine" "vms" {
  for_each = toset(["vm_name_1", "vm_name_2"]) # Replace with your actual VM names
  name                = each.value
  resource_group_name = data.azurerm_resource_group.existing.name
}

# Define a map to filter virtual machines based on specific criteria (e.g., tags)
locals {
  filtered_vms = {
    for vm in data.azurerm_virtual_machine.vms : vm.name => vm
    if contains(keys(vm.tags), "environment") && vm.tags["environment"] == "production"
  }
}

variable "vm_names" {
  type    = list(string)
  default = ["vm1", "vm2", "vm3"] # Replace with your actual VM names
}

data "azurerm_virtual_machine" "vms" {
  for_each = toset(var.vm_names)
  name                = each.value
  resource_group_name = "your_resource_group_name" # Replace with your actual resource group name
}

# Assign maintenance configuration dynamically to filtered virtual machines
resource "azurerm_maintenance_assignment_virtual_machine" "vm_maintenance_assignment" {
  for_each = local.filtered_vms
  location = azurerm_resource_group.rg.location

  # The 'maintenance_configuration_id' is the ID of the maintenance configuration to assign.
  maintenance_configuration_id = azurerm_maintenance_configuration.example.id

  # The 'virtual_machine_id' is the ID of the virtual machine to which the maintenance configuration will be assigned.
  virtual_machine_id = each.value.id
}

Put the above codes below your previous yesterday code. Provide correct attributes and everything will be fine.

That's how it works perfect for your case.

Varma 1,385 Reputation points

2024-05-02T12:14:11.25+00:00

HI Sina,

What is wrong with the tag. I have put it correctly only

│ Error: Unsupported attribute

│

│ on main.tf line 53, in locals:

│ 53: if contains(keys(vm.tags), "environment") && vm.tags["envirounment"] == "production"

│

│ This object does not have an attribute named "tags".

╵
Sina Salam 12,491 Reputation points

2024-05-02T14:44:59.3333333+00:00

Hi,

That's from terraform registry issue. Why can't you use other attributes instead of tags.

Filter Based on Other Attributes: If tags are not available or not suitable for your use case, consider filtering virtual machines based on other attributes such as name, size, location, etc. For example, you could filter based on the name of the virtual machine.

Rg.
Varma 1,385 Reputation points

2024-05-03T08:48:11.8133333+00:00

Hi Sina,

I want assign VMs based only resource groups , that is filter based on resource group name given, and place those machines in the dynamic scope section azure update manager. is it possible, if yes how? please suggest.

Sina Salam 12,491

Based on your update question:

I want to assign VMs based only resource groups, that is filter based on resource group name given, and place those machines in the dynamic scope section azure update manager. Is it possible, if yes how?

This is how: We remove the tags and replace with resource group.

# Fetch information about an existing resource group
data "azurerm_resource_group" "existing" {
  name = "your_resource_group_name" # Replace with your actual resource group name
}
# Fetch information about virtual machines within the existing resource group
data "azurerm_virtual_machine" "vms" {
  for_each = toset(["vm_name_1", "vm_name_2"]) # Replace with your actual VM names
  name                = each.value
  resource_group_name = data.azurerm_resource_group.existing.name
}
# Define a map to filter virtual machines based on specific criteria (e.g., tags)
locals {
  filtered_vms = {
    for vm in data.azurerm_virtual_machine.vms : vm.name => vm
    if contains(keys(vm.tags), "environment") && vm.tags["environment"] == "production"
  }
}
variable "vm_names" {
  type    = list(string)
  default = ["vm1", "vm2", "vm3"] # Replace with your actual VM names
}
data "azurerm_virtual_machine" "vms" {
  for_each = toset(var.vm_names)
  name                = each.value
  resource_group_name = "your_resource_group_name" # Replace with your actual resource group name
}
# Assign maintenance configuration dynamically to filtered virtual machines
resource "azurerm_maintenance_assignment_virtual_machine" "vm_maintenance_assignment" {
  for_each = local.filtered_vms
  location = azurerm_resource_group.rg.location
  # The 'maintenance_configuration_id' is the ID of the maintenance configuration to assign.
  maintenance_configuration_id = azurerm_maintenance_configuration.example.id
  # The 'virtual_machine_id' is the ID of the virtual machine to which the maintenance configuration will be assigned.
  virtual_machine_id = each.value.id
}

NOTE:

Terraform’s Azure provider does not directly support fetching all VMs in a resource group at once. The above code is appropriate irrespective of Terraform registry.

Regards,

Sina

Varma 1,385 Reputation points

2024-05-04T08:44:22.09+00:00

Hi Sina,

I am still seeing same error.

│ Error: Invalid resource type

│

│ on main.tf line 20, in resource "azurerm_maintenance_configuration" "example":

│ 20: resource "azurerm_maintenance_configuration" "example" {

│

│ The provider hashicorp/azurerm does not support resource type "azurerm_maintenance_configuration".

╵

╷

│ Error: Invalid resource type

│

│ on main.tf line 64, in resource "azurerm_maintenance_assignment_virtual_machine" "vm_maintenance_assignment":

│ 64: resource "azurerm_maintenance_assignment_virtual_machine" "vm_maintenance_assignment" {

│

│ The provider hashicorp/azurerm does not support resource type "azurerm_maintenance_assignment_virtual_machine".

Varma 1,385

Hi SIna,

I have tried step by step, it worked, thank you. Below is the code created resource in dynamic scope:

provider "azurerm" {
  features {}
}
terraform {
  required_providers {
    
  }
}
resource "azurerm_resource_group" "example" {
  name     = "new"
  location = "South India"  # Replace with your desired location
  tags = {
    environment = "production"
    # Add more tags if needed
  }
}

resource "azurerm_maintenance_configuration" "example" {
  name                = "example-mc-new"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  scope               = "InGuestPatch"  # Update this with a valid scope value
  // ... other required arguments ...
   properties = {
    InGuestPatchMode = "User"  # or "AutomaticByOS"
  }
  window {
    start_date_time     = "2024-04-30 17:30"
    expiration_date_time = "2024-05-30 17:30"
    duration            = "03:55" # Corrected duration format
    time_zone           = "Eastern Standard Time"
    recur_every         = "Week"
 
  }
   install_patches {
    linux {
      classifications_to_include = ["Critical", "Security", "Other"]
    }
    windows {
      classifications_to_include = ["Critical", "Security", "UpdateRollup", "FeaturePack", "ServicePack", "Definition", "Tools", "Updates"]
    }
    reboot = "IfRequired" // Possible values: Always, IfRequired, Never
  }
}


data "azurerm_resource_group" "existing" {
  name = "DS" # Replace with your actual resource group name
}

data "azurerm_virtual_machine" "vms" {
  for_each = toset(["VM2"]) # Replace with your actual VM names
  name                = each.value
  resource_group_name = data.azurerm_resource_group.existing.name
}


locals {
  filtered_vms = {
    for vm in data.azurerm_virtual_machine.vms : vm.name => vm
  }
}
resource "azurerm_maintenance_assignment_virtual_machine" "vm_maintenance_assignment" {
  for_each = local.filtered_vms
  location = azurerm_resource_group.example.location
  # The 'maintenance_configuration_id' is the ID of the maintenance configuration to assign.
  maintenance_configuration_id = azurerm_maintenance_configuration.example.id
  # The 'virtual_machine_id' is the ID of the virtual machine to which the maintenance configuration will be assigned.
  virtual_machine_id = each.value.id
}

Thank you.

Share via

Creating dynamic scope using data source with filter for azure rm provider

Problem

Scenario

Solution

Finally

References

Accept Answer

1 additional answer

Your answer