feat: add azapi locks to agent pool resources to prevent concurrent modifications

[matt-FFFFFF]

Summary

• Adds locks to all azapi_resource and azapi_update_resource blocks for agent pools, locking on the parent AKS cluster resource ID (parent_id or azapi_resource.this.id)
• This prevents concurrent modifications to agent pools under the same AKS cluster, avoiding race conditions and API conflicts during parallel Terraform operations

Motivation

When multiple agent pools are managed under a single AKS cluster, Terraform may attempt to create, update, or delete them concurrently. The AKS API does not support concurrent modifications to agent pools on the same cluster, which can lead to:

• 409 Conflict errors from the Azure API
• Failed or partially applied Terraform plans
• Inconsistent cluster state requiring manual intervention

The locks argument in azapi ensures that operations on agent pools targeting the same parent cluster are serialized, eliminating these race conditions.

Changes

File	Change
main.default_agent_pool.tf	Added locks = [azapi_resource.this.id] to azapi_update_resource.default_agent_pool
modules/agentpool/main.tf	Added locks = [var.parent_id] to both azapi_resource.this and azapi_resource.this_create_before_destroy

Testing

• ./avm pre-commit passed
• ./avm pr-check passed (linting, docs, tflint, grept, mapotf, avmfix, well-architected)

[microsoft-github-policy-service]

Important

The "Needs: Triage 🔍" label must be removed once the triage process is complete!

Tip

For additional guidance on how to triage this issue/PR, see the Terraform Issue Triage documentation.

[Copilot]

Pull request overview

This PR adds resource locking to prevent concurrent modifications to AKS agent pools, addressing race conditions that occur when multiple agent pools are managed under a single cluster. The AKS API does not support concurrent operations on agent pools within the same cluster, leading to 409 Conflict errors during parallel Terraform operations.

Changes:

• Added locks = [var.parent_id] to agent pool resources in the agentpool module to serialize operations on the parent cluster
• Added locks = [azapi_resource.this.id] to the default agent pool update resource to maintain consistency
• Applied formatting changes from terraform fmt to align property definitions

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
modules/agentpool/main.tf	Added locks parameter to both azapi_resource.this and azapi_resource.this_create_before_destroy resources, locking on var.parent_id to prevent concurrent agent pool modifications on the same cluster
main.default_agent_pool.tf	Added locks parameter to azapi_update_resource.default_agent_pool, locking on azapi_resource.this.id to ensure consistent locking behavior for the default agent pool