Dynamic block doesn't detect any change when variable be updated

Terraform
,
1

We create a bastion machine by custom module and want to update authorized_keys. When someone want to access bastion, we simply update variable ssh_public_keys.

It is working when the first time we execute terraform apply. But when we want to add new ssh_public_keys by updating variable, it doesn’t detect any change except setting ssh_public_keys = [].

Terraform Version

0.12.18

Terraform Configuration Files

module "vm_bastion" {
  amount                        = 1
  rg_name                       = azurerm_resource_group.rg.name
  location                      = azurerm_resource_group.rg.location
  ssh_public_keys               = split(",", var.ssh_public_keys)
  is_create_public_ip           = "true"
  is_static_allocate_private_ip = "false"
  is_customize_virtual_network  = "true"
  vm_username_prefix            = "bastion"
  vm_size                       = "Standard_B1ms"
  vm_os_storage_type            = "Premium_LRS"
  vm_allow_ports                = [22]
  vm_static_private_ips         = []
  vm_subnet_id                  = module.network.vnet_subnets[1]
}

resource "azurerm_virtual_machine" "vm" {
  name                  = "${var.vm_username_prefix}-${count.index}-VM"
  depends_on            = [azurerm_storage_account.boot_storage, azurerm_virtual_network.vn, azurerm_network_interface.nic]
  count                 = var.amount
  location              = var.location
  vm_size               = var.vm_size
  resource_group_name   = var.rg_name
  network_interface_ids = [azurerm_network_interface.nic[count.index].id]

  storage_os_disk {
    name              = "${var.vm_username_prefix}-${count.index}-OsDisk"
    caching           = "ReadWrite"
    create_option     = "FromImage"
    disk_size_gb      = var.vm_os_disk_size
    managed_disk_type = var.vm_os_storage_type
  }

  storage_image_reference {
    publisher = "Canonical"
    offer     = "UbuntuServer"
    sku       = "16.04-LTS"
    version   = "latest"
  }

  os_profile {
    computer_name  = "${var.vm_username_prefix}-vm"
    admin_username = "${var.vm_username_prefix}-${count.index}"
    admin_password = length(var.ssh_public_keys) == 0 ? random_password.password[count.index].result : ""
  }

  os_profile_linux_config {
    disable_password_authentication = length(var.ssh_public_keys) != 0
    dynamic "ssh_keys" {
      for_each = var.ssh_public_keys
      content {
        path     = "/home/${var.vm_username_prefix}-${count.index}/.ssh/authorized_keys"
        key_data = ssh_keys.value
      }
    }
  }

  boot_diagnostics {
    enabled     = "true"
    storage_uri = azurerm_storage_account.boot_storage[count.index].primary_blob_endpoint
  }
}

Debug Output

Plan: 0 to add, 0 to change, 0 to destroy.

Expected Behavior

When we run terraform plan, it will detect change about ssh_keys field of azurerm_virtual_machine.

Actual Behavior

Terraform doesn’t detect any change when variable be updated.

2

Reported as an issue on Terraform here. I’ve responded on GitHub! :slight_smile:

1 Like