Terraform apply not idempotent for managed disks on Azure

[lubars]

Terraform Version

Terraform v0.11.8
+ provider.azurerm v1.13.0

Terraform Configuration Files

terraform.tfvars (with bogus credentials):

SubscriptionId = "6364n0q5-8673-6794-1718-141s4pp87spr"
ClientId = "opo3581q-1501-ssr4-722n-r0n63orrs19p"
ClientSecret = "z688QR9tZq5ekvSVrqVcWErV6N2Dtzirk5CBXrqzw4n="
TenantId = "4nonn747-8292-2794-25po-743687o0os55"
PublisherName = "RedHat"
Offer = "RHEL"
Sku = "7-RAW"
Version = "7.5.2018050901"
SSHUser = "azureuser"
SSHPassword = "AzureUser_123"
Location = "Central US"
TimeZone = "America/New_York"
Size = "Standard_DS2_v2"
AccountTier = "Standard"
AccountReplicationType = "LRS"
DataVolumeSize = "10"
OSVolumeSize = "32"

infrastructure.tf:

variable "Count" {default = "1"}
variable "AccountReplicationType" {}
variable "AccountTier" {}
variable "Location" {}
variable "Size" {}
variable "PublisherName" {}
variable "Offer" {}
variable "Sku" {}
variable "Version" {}
variable "ClientId" {}
variable "ClientSecret" {}
variable "SubscriptionId" {}
variable "TenantId" {}
variable "net_subnet_cidr" {default = "10.0.0.0/24"}
variable "net_vpc_cidr" {default = "10.0.0.0/16"}
variable "public_ip_config_name" {default = "PublicIPAddress"}
variable "SSHPassword" {}
variable "SSHUser" {}
variable "OSVolumeSize" {}
variable "DataVolumeSize" {}

provider "azurerm" {
  subscription_id = "${var.SubscriptionId}"
  client_id       = "${var.ClientId}"
  client_secret   = "${var.ClientSecret}"
  tenant_id       = "${var.TenantId}"
}

resource "azurerm_resource_group" "default" {
  name = "test"
  location = "${var.Location}"
}

resource "azurerm_storage_account" "default" {
  name = "test"
  resource_group_name = "${azurerm_resource_group.default.name}"
  location = "${var.Location}"
  account_tier = "${var.AccountTier}"
  account_replication_type = "${var.AccountReplicationType}"
}

resource "azurerm_storage_container" "default" {
  name = "test"
  resource_group_name = "${azurerm_resource_group.default.name}"
  storage_account_name  = "${azurerm_storage_account.default.name}"
  container_access_type = "private"
}

resource "azurerm_virtual_network" "default" {
  name = "test"
  address_space       = ["${var.net_vpc_cidr}"]
  location = "${var.Location}"
  resource_group_name = "${azurerm_resource_group.default.name}"
}

resource "azurerm_subnet" "default" {
  name = "test"
  resource_group_name = "${azurerm_resource_group.default.name}"
  virtual_network_name = "${azurerm_virtual_network.default.name}"
  address_prefix       = "${var.net_subnet_cidr}"
  network_security_group_id = "${azurerm_network_security_group.default.id}"
}

resource "azurerm_network_interface" "default" {
  count = "${var.Count}"
  name = "test{count.index}"
  location = "${var.Location}"
  resource_group_name = "${azurerm_resource_group.default.name}"
  network_security_group_id = "${azurerm_network_security_group.default.id}"
  ip_configuration {
    name = "test"
    subnet_id = "${azurerm_subnet.default.id}"
    private_ip_address_allocation = "dynamic"
    public_ip_address_id = "${azurerm_public_ip.default.*.id[count.index]}"
  }
}

resource "azurerm_public_ip" "default" {
  count = "${var.Count}"
  name = "test{count.index}"
  location = "${var.Location}"
  resource_group_name = "${azurerm_resource_group.default.name}"
  public_ip_address_allocation = "Static"
  sku = "standard"
  domain_name_label = "test{count.index}"
}

resource "azurerm_network_security_group" "default" {
  name = "test"
  location = "${var.Location}"
  resource_group_name = "${azurerm_resource_group.default.name}"
}

resource "azurerm_managed_disk" "data" {
  count = "${var.Count}"
  name = "data${count.index}"
  location = "${var.Location}"
  resource_group_name = "${azurerm_resource_group.default.name}"
  storage_account_type = "${var.AccountTier}_${var.AccountReplicationType}"
  create_option = "empty"
  disk_size_gb  = "${var.DataVolumeSize}"
}

resource "azurerm_virtual_machine" "default" {
  name = "test${count.index}"
  location = "${var.Location}"
  count = "${var.Count}"
  resource_group_name = "${azurerm_resource_group.default.name}"
  network_interface_ids = ["${azurerm_network_interface.default.*.id[count.index]}"]
  vm_size               = "${var.Size}"
  delete_os_disk_on_termination = true
  //delete_data_disks_on_termination = false

  storage_image_reference {
    publisher = "${var.PublisherName}"
    offer = "${var.Offer}"
    sku = "${var.Sku}"
    version = "${var.Version}"
  }
  storage_os_disk {
    name = "os${count.index}"
    managed_disk_type = "${var.AccountTier}_${var.AccountReplicationType}"
    disk_size_gb = "${var.OSVolumeSize}"
    create_option = "FromImage"
    os_type = "linux"
  }
  storage_data_disk {
    name = "data${count.index}"
    managed_disk_id = "${azurerm_managed_disk.data.*.id[count.index]}"
    disk_size_gb  = "${azurerm_managed_disk.data.*.disk_size_gb[count.index]}"
    create_option = "Attach"
    lun = 0
  }
  os_profile {
    computer_name  = "test${count.index}"
    admin_username = "${var.SSHUser}"
    admin_password = "${var.SSHPassword}"
  }
  os_profile_linux_config {
    disable_password_authentication = false
  }
}

Debug Output

Debug output (with bogus credentials) is here.

Expected Behavior

Should have been able to terraform apply twice in a row.

Actual Behavior

Got the following error on the second invocation of terraform apply:

Error: Error applying plan:

1 error(s) occurred:

* azurerm_managed_disk.data (destroy): 1 error(s) occurred:

* azurerm_managed_disk.data: compute.DisksClient#Delete: Failure sending request: StatusCode=0 -- Original Error: autorest/azure: Service returned an error. Status=<nil> Code="OperationNotAllowed" Message="Disk data0 is attached to VM /subscriptions/6364n0q5-8673-6794-1718-141s4pp87spr/resourceGroups/test/providers/Microsoft.Compute/virtualMachines/test0."

Steps to Reproduce

1. terraform init
2. terraform apply
3. terraform apply

Additional Context

We actually operate with counts other than "1"; I discovered this issue when trying to increase the count from 4 to 5. I then realized I was seeing the error even when the count was not changed.

References

I looked at the following issues (before I realized the problem occurred even when the count remained the same):

Azure Official Example fails when augmenting it with a count logic to support VM scaling
Azure Official Example fails when augmenting it with a count logic to support VM scaling
Azure Example fails when augmenting it with count to support VM scaling
Increasing Count of Elements causes Plan with destruction of all previous
Please allow data disks to be added to existing machines in inventory in-line without destroy/recreate

Two of the things I tried (to no avail) were:

1. Based on this comment, changed from element syntax:
   managed_disk_id = "${element(azurerm_managed_disk.data.*.id,count.index)}"
   to array syntax:
   managed_disk_id = "${azurerm_managed_disk.data.*.id[count.index]}"

2. Based on this comment, added the following to the azurerm_managed_disk resource:

lifecycle {
    ignore_changes = [ "azurerm_virtual_machine", "storage_os_disk", "storage_data_disk", "os_profile" ]
}

[ghost]

This issue has been automatically migrated to hashicorp/terraform-provider-azurerm#2275 because it looks like an issue with that provider. If you believe this is not an issue with the provider, please reply to hashicorp/terraform-provider-azurerm#2275.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.