I am looking for insights on a problem that I am dealing with.
We are building Azure Linux infrastructure with terraform on DevOps pipelines.
We developed our own module and omitted the “identity” block in the first iteration completely as it was not a requirement. So azurerm_linux_virtual_machine resources were created with no identity block. Which was expected and fine with us.
But since a few days ago we can see newly created VMs with no identity block in terraform have a system assigned identity attached.
The next terraform plan/apply then sees a diff between the resource and the code and is then trying to nul the identity setting. Luckily this mostly fails “gracefully” without changing the instance or breaking the terraform operation.
But it is kinda strange as older VMs did not have system assigned identities attached “automatically”. Are you aware if maybe a default has changed on azure side somewhere? Maybe there are differences between instance types or do we need to configure the identity block differently? I was trying to implement you dynamic block according to the main.tf in this repo https://github.com/Azure/terraform-azurerm-compute/blob/master/main.tf as we now see the requirement to support identities.
But this inconsistency is kinda annoying and I can’t really see where it is coming from.
Any hints or insights would be highly appreciated!