Add the property 'hybrid_registration_url' property to 'azurerm_automation_account' resource and data

[harcamSpark]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Now that the resources for azurerm_automation_hybrid_runbook_worker and azurerm_automation_hybrid_runbook_worker_group have been added to azurerm provider, it would be handy to have the hybrid registration url as a property from the azurerm_automation_account to use to install the VM extension.

Currently I have a workaround of mangling the DSC endpoint URL with some replace()s, like so :

locals {
  hybrid_url = replace("${azurerm_automation_account.example.dsc_server_endpoint}", ".agentsvc.", ".jrds.")
  hybrid_url2 = replace("${local.hybrid_url}", "/\\/accounts\\//", "/automationAccounts/")
}

New or Affected Resource(s)/Data Source(s)

azurerm_automation_account

Potential Terraform Configuration

resource "azurerm_automation_account" "example-aa" {
  name                = "aa-example"
  location            = "australiaeast"
  resource_group_name = azurerm_resource_group.example.name
  sku_name            = "Basic"
}

resource "azurerm_automation_hybrid_runbook_worker_group" "example-hrwg" {...}
resource "azurerm_automation_hybrid_runbook_worker" "example-hrw" {...}

resource "azurerm_virtual_machine_extension" "hwge-registration" {
  name                 = "${azurerm_automation_account.example-aa.name}-hybridworkerextension"
  virtual_machine_id   = "${azurerm_windows_virtual_machine.example-vm.id}"
  publisher            = "Microsoft.Azure.Automation.HybridWorker"
  type                 = "HybridWorkerForWindows"
  type_handler_version = "0.1"

  settings = <<-EOF
    {
      "AutomationAccountURL" : "${azurerm_automation_account.example-aa.hybrid_registration_url}"
    }
  EOF
}

References

No response

[wuxu92]

Hi, @harcamSpark thanks for your feedback. do you have any documents about this hybrid_registration_url property? so we can add this property then. I mean is there a document about this compute logic:

  hybrid_url = replace("${azurerm_automation_account.example.dsc_server_endpoint}", ".agentsvc.", ".jrds.")
  hybrid_url2 = replace("${local.hybrid_url}", "/\\/accounts\\//", "/automationAccounts/")

[harcamSpark]

That compute logic of the hybrid_url and hybrid_url2, there is no documentation for, that was my own custom workaround to get a hyrid registration url, cause it seems to always use the same uuid as the DSC endpoint, just with different bits in the URI around it.

As for documentation of the hybrid_registration_url itself, it seems to already be in the go-azure-sdk at this point in the code I think?

[harcamSpark]

Or did you mean the REST API docs, in which case it's this one here - the "properties.automationHybridServiceURL" property

[wuxu92]

it looks like not an officially supported property in the automation account. so it's a bit confusing for azurerm to support it by hardcoding this logic.

[harcamSpark]

sorry, I think you might be misunderstanding... the "hybrid_url" logic I mentioned as a workaround, you are indeed correct, not official. I use the "dsc_endpoint" property and do a couple of replace functions on it using locals in terraform code, as a stand-in until the hybrid_registration_url property is added to azurerm. I'm not saying we should add that code to azurerm. That is just there for anyone else who looks up this issue, needing to do the same thing.

The hybrid_registration_url property on the automation account looks to me like it's an official property though (and doesn't use that logic) - it's in the response when I do a manual 'az rest' command and query the Azure Management API:

az rest -m GET -u 'https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Automation/automationAccounts/{automationAccountName}?api-version=2021-06-22'

[0m 2.890s] > az rest -m GET -u 'https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/rough-runbooks-rg/providers/Microsoft.Automation/automationAccounts/aa-runbooks?api-version=2021-06-22'
{
  "etag": null,
  "id": "/subscriptions/{subid}/resourceGroups/rough-runbooks-rg/providers/Microsoft.Automation/automationAccounts/aa-runbooks",
  "location": "australiaeast",
  "name": "aa-runbooks",
  "properties": {
    "RegistrationUrl": "https://00000000-0000-0000-000000000000.agentsvc.ae.azure-automation.net/accounts/00000000-0000-0000-000000000000",
    "RuntimeConfiguration": {
      "powershell": {
        "builtinModules": {
          "Az": "8.0.0"
        }
      },
      "powershell7": {
        "builtinModules": {
          "Az": "8.0.0"
        }
      }
    },
--> "automationHybridServiceUrl": "https://00000000-0000-0000-000000000000.jrds.ae.azure-automation.net/automationAccounts/00000000-0000-0000-000000000000",
    "creationTime": "2022-09-06T23:00:29.6533333+00:00",
    "disableLocalAuth": false,
    "encryption": {
...

[wuxu92]

thanks for your explanation. now I got your point. this property comes in the version 2021-06-22 and I'll raise a pull request to add this property.

[harcamSpark]

dang that was fast dude, nice work :-)

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.