Skip to content

azurerm_kubernetes_cluster - fix drift detection for default_node_pool optional fields (max_pods, os_disk_type, host_encryption_enabled, upgrade_settings) #30608

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

azurerm_kubernetes_cluster - fix drift detection for default_node_pool optional fields (max_pods, os_disk_type, host_encryption_enabled, upgrade_settings) #30608

wants to merge 1 commit into from
+75 −21

Conversation

3mbe
Copy link
Contributor

@3mbe 3mbe commented Sep 11, 2025
edited
Loading

Community Note

  • Please vote on this PR by adding a 👍 reaction to the original PR to help the community and maintainers prioritize for review
  • Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for PR followers and do not help prioritize for review

Description

This PR fixes an issue where the azurerm_kubernetes_cluster resource could show “No changes” despite configuration drift in the default_node_pool block.

The bug was caused by incomplete state flattening of optional fields. When these fields were set server-side but omitted from state, Terraform would not detect drift.

This change updates the flattening logic to correctly handle the following optional fields:

  • max_pods
  • os_disk_type
  • host_encryption_enabled
  • upgrade_settings

Not Included
The original bug report mentioned only_critical_addons_enabled, but this PR does not address it. That field does not appear in ARM API responses for either agentpools or managedclusters (2025-05-01), and we have not observed server-side drift. To avoid false positives, it is deferred for a future PR if API behavior changes.

PR Checklist

  • I have followed the guidelines in our Contributing Documentation.
  • I have checked to ensure there aren't other open Pull Requests for the same update/change.
  • I have checked if my changes close any open issues. If so please include appropriate closing keywords below.
  • I have updated/added Documentation as required written in a helpful and kind way to assist users that may be unfamiliar with the resource / data source.
  • I have used a meaningful PR title to help maintainers and other users understand this change and help prevent duplicate work.

Changes to existing Resource / Data Source

  • I have added an explanation of what my changes do and why I'd like you to include them (This may be covered by linking to an issue above, but may benefit from additional explanation).
  • I have written new tests for my resource or datasource changes & updated any relevant documentation.
  • I have successfully run tests with my changes locally. If not, please provide details on testing challenges that prevented you running the tests.

Testing

  • My submission includes Test coverage as described in the Contribution Guide and the tests pass. (if this is not possible for any reason, please include details of why you did or could not add test coverage)

This PR adds acceptance test coverage to ensure that optional fields in the default_node_pool block are correctly flattened into state to prevent configuration drift.

  • Successfully ran TestAccKubernetesCluster_defaultNodePool_StateFlattening_Present, verifying that max_pods and upgrade_settings are persisted in state. → Test Log
  • Due to free trial subscription limits, I was unable to run tests requiring features not available in free trials (e.g., host_encryption_enabled).
  • os_disk_type was not included in acceptance tests, since exercising it requires selecting a specific OS SKU, which could introduce flakiness in CI. This can be validated in a full subscription environment.

Change Log

Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.

This is a (please select all that apply):

  • Bug Fix

Related Issue(s)

Fixes #30390

Rollback Plan

If a change needs to be reverted, we will publish an updated version of the provider.

Changes to Security Controls

Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

Note

If this PR changes meaningfully during the course of review please update the title and description as required.

@3mbe 3mbe requested review from WodansSon, magodo and a team as code owners September 11, 2025 23:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@WodansSon WodansSon Awaiting requested review from WodansSon WodansSon is a code owner

@magodo magodo Awaiting requested review from magodo magodo is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
bug size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AKS default_node_pool: Terraform shows "No changes" despite systematic configuration drift across multiple critical settings
1 participant
@3mbe