search

Azure / caf-terraform-landingzones-platform-starter

CAF Terraform landing zone - platform configuration starter kit
MIT License
83 stars 92 forks source link

Deploy launchpad (level0) Error #19

Open hifaz1012 opened 1 year ago

hifaz1012 commented 1 year ago

After rover ignite is successfully setup, following error occurs during deployment of launchpad (level0).

rover \
  -lz /tf/caf/landingzones/caf_launchpad \
  -var-folder /tf/caf/configuration/level0/launchpad \
  -tfstate_subscription_id 9ee205fa-95e9-475e-b899-44dcd10875eb \
  -target_subscription 9ee205fa-95e9-475e-b899-44dcd10875eb \
  -tfstate caf_launchpad.tfstate \
  -launchpad \
  -env contoso \
  -level level0 \
  -p ${TF_DATA_DIR}/caf_launchpad.tfstate.tfplan \
  -a plan
@calling process_actions
@calling verify_parameters
landingzone                   : '/tf/caf/landingzones/caf_launchpad'
@deploy for gitops_terraform_backend_type set to 'azurerm'
@calling deploy_azurerm
@calling get_storage_id
@calling_get_logged_user_object_id
 - AZURE_ENVIRONMENT: AzureCloud
 - ARM_ENVIRONMENT: public
Initalizing az cloud variables
 - logged in user objectId: 9627d1ab-c778-4272-b460-bc229135eadc (admin@MngEnvMCAP042206.onmicrosoft.com)
Initializing state with user: admin@MngEnvMCAP042206.onmicrosoft.com
No launchpad found.
Deploying from scratch the launchpad
@calling initialize_state
Checking required permissions
@checking if current user (object_id: 9627d1ab-c778-4272-b460-bc229135eadc) is Owner of the subscription - only for launchpad
User is Owner of the subscription
Installing launchpad from /tf/caf/landingzones/caf_launchpad
Terraform version 0.15 or greater
Upgrading modules...
Downloading registry.terraform.io/aztfmod/caf/azurerm 5.5.5 for dynamic_keyvault_secrets...
Downloading registry.terraform.io/aztfmod/caf/azurerm 5.5.5 for launchpad...
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/random versions matching "~> 3.1.0"...
- Finding hashicorp/external versions matching "~> 2.2.0"...
- Finding hashicorp/tls versions matching "~> 3.1.0"...
- Finding aztfmod/azurecaf versions matching "~> 1.2.0"...
- Finding hashicorp/azuread versions matching "~> 1.4.0"...
- Finding hashicorp/null versions matching "~> 3.1.0"...
- Finding hashicorp/azurerm versions matching "~> 2.88.1"...
- Finding latest version of hashicorp/time...
- Finding latest version of hashicorp/local...
- Using previously-installed hashicorp/azuread v1.4.0
- Using previously-installed hashicorp/null v3.1.1
- Using previously-installed hashicorp/time v0.9.1
- Using previously-installed hashicorp/external v2.2.3
- Using previously-installed hashicorp/tls v3.1.0
- Using previously-installed hashicorp/azurerm v2.88.1
- Using previously-installed hashicorp/local v2.2.3
- Using previously-installed hashicorp/random v3.1.3
- Using previously-installed aztfmod/azurecaf v1.2.23
Terraform has been successfully initialized!
Line 112 - Terraform init return code 0
calling plan
@calling plan
running terraform plan with -var-file /tf/caf/configuration/level0/launchpad/azuread_api_permissions.tfvars -var-file /tf/caf/configuration/level0/launchpad/azuread_applications.tfvars -var-file /tf/caf/configuration/level0/launchpad/azuread_group_members.tfvars -var-file /tf/caf/configuration/level0/launchpad/azuread_groups.tfvars -var-file /tf/caf/configuration/level0/launchpad/azuread_roles.tfvars -var-file /tf/caf/configuration/level0/launchpad/azuread_service_principals.tfvars -var-file /tf/caf/configuration/level0/launchpad/dynamic_keyvault_secrets.tfvars -var-file /tf/caf/configuration/level0/launchpad/global_settings.tfvars -var-file /tf/caf/configuration/level0/launchpad/keyvault_access_policies.tfvars -var-file /tf/caf/configuration/level0/launchpad/keyvaults.tfvars -var-file /tf/caf/configuration/level0/launchpad/landingzone.tfvars -var-file /tf/caf/configuration/level0/launchpad/resource_groups.tfvars -var-file /tf/caf/configuration/level0/launchpad/role_mapping.tfvars -var-file /tf/caf/configuration/level0/launchpad/storage_accounts.tfvars
 -TF_VAR_workspace: tfstate
 -state: /home/vscode/.terraform.cache/contoso/tfstates/level0/tfstate/caf_launchpad.tfstate
 -plan:  /home/vscode/.terraform.cache/contoso/tfstates/level0/tfstate/caf_launchpad.tfplan
/tf/caf/landingzones/caf_launchpad
Running Terraforn plan...
@calling terraform_plan -- azurerm
module.launchpad.module.azuread_groups_membership["caf_platform_maintainers"].data.azuread_user.upn["admin@MngEnvMCAP042206.onmicrosoft.com"]: Reading...
module.launchpad.module.azuread_groups_membership["caf_platform_maintainers"].data.azuread_user.upn["admin@MngEnvMCAP042206.onmicrosoft.com"]: Read complete after 2s [id=9627d1ab-c778-4272-b460-bc229135eadc]
module.launchpad.data.azurerm_subscription.primary: Reading...
module.launchpad.data.azurerm_client_config.current: Reading...
module.launchpad.data.azurerm_client_config.current: Read complete after 0s [id=2022-12-30 01:22:53.742875086 +0000 UTC]
module.launchpad.data.azurerm_management_group.level["root"]: Reading...
module.launchpad.data.azurerm_subscription.primary: Read complete after 0s [id=/subscriptions/9ee205fa-95e9-475e-b899-44dcd10875eb]
module.launchpad.data.azurerm_management_group.level["root"]: Read complete after 0s [id=/providers/Microsoft.Management/managementGroups/c64e5e15-c107-4a0f-b701-bd561f53d9e0]
data.azurerm_client_config.current: Reading...
data.azurerm_client_config.current: Read complete after 0s [id=2022-12-30 01:22:54.574323058 +0000 UTC]
╷
│ Error: Incorrect attribute value type
│ 
**│   on /home/vscode/.terraform.cache/contoso/modules/launchpad/modules/azuread/groups/group.tf line 6, in resource "azuread_group" "group":
│    6:   owners = coalescelist(
│    7:     try(tolist(var.azuread_groups.owners), []),
│    8:     [
│    9:       var.client_config.object_id
│   10:     ]
│   11:   )
│     ├────────────────
│     │ var.azuread_groups.owners is tuple with 1 element
│     │ var.client_config.object_id is "9627d1ab-c778-4272-b460-bc229135eadc"
│ 
│ Inappropriate value for attribute "owners": incorrect set element type: string required.**
╵
╷
│ Error: Incorrect attribute value type
│ 
│   on /home/vscode/.terraform.cache/contoso/modules/launchpad/modules/azuread/groups/group.tf line 6, in resource "azuread_group" "group":
│    6:   owners = coalescelist(
│    7:     try(tolist(var.azuread_groups.owners), []),
│    8:     [
│    9:       var.client_config.object_id
│   10:     ]
│   11:   )
│     ├────────────────
│     │ var.azuread_groups.owners is tuple with 1 element
│     │ var.client_config.object_id is "9627d1ab-c778-4272-b460-bc229135eadc"
│ 
│ Inappropriate value for attribute "owners": incorrect set element type: string required.
╵
╷
│ Error: Incorrect attribute value type
│ 
│   on /home/vscode/.terraform.cache/contoso/modules/launchpad/modules/azuread/groups/group.tf line 6, in resource "azuread_group" "group":
│    6:   owners = coalescelist(
│    7:     try(tolist(var.azuread_groups.owners), []),
│    8:     [
│    9:       var.client_config.object_id
│   10:     ]
│   11:   )
│     ├────────────────
│     │ var.azuread_groups.owners is tuple with 1 element
│     │ var.client_config.object_id is "9627d1ab-c778-4272-b460-bc229135eadc"
│ 
│ Inappropriate value for attribute "owners": incorrect set element type: string required.
╵
╷
│ Error: Incorrect attribute value type
│ 
│   on /home/vscode/.terraform.cache/contoso/modules/launchpad/modules/azuread/groups/group.tf line 6, in resource "azuread_group" "group":
│    6:   owners = coalescelist(
│    7:     try(tolist(var.azuread_groups.owners), []),
│    8:     [
│    9:       var.client_config.object_id
│   10:     ]
│   11:   )
│     ├────────────────
│     │ var.azuread_groups.owners is tuple with 1 element
│     │ var.client_config.object_id is "9627d1ab-c778-4272-b460-bc229135eadc"
│ 
│ Inappropriate value for attribute "owners": incorrect set element type: string required.
╵
╷
│ Error: Incorrect attribute value type
│ 
│   on /home/vscode/.terraform.cache/contoso/modules/launchpad/modules/azuread/groups/group.tf line 6, in resource "azuread_group" "group":
│    6:   owners = coalescelist(
│    7:     try(tolist(var.azuread_groups.owners), []),
│    8:     [
│    9:       var.client_config.object_id
│   10:     ]
│   11:   )
│     ├────────────────
│     │ var.azuread_groups.owners is tuple with 1 element
│     │ var.client_config.object_id is "9627d1ab-c778-4272-b460-bc229135eadc"
│ 
│ Inappropriate value for attribute "owners": incorrect set element type: string required.
╵
╷
│ Error: Incorrect attribute value type
│ 
│   on /home/vscode/.terraform.cache/contoso/modules/launchpad/modules/azuread/groups/group.tf line 6, in resource "azuread_group" "group":
│    6:   owners = coalescelist(
│    7:     try(tolist(var.azuread_groups.owners), []),
│    8:     [
│    9:       var.client_config.object_id
│   10:     ]
│   11:   )
│     ├────────────────
│     │ var.azuread_groups.owners is tuple with 1 element
│     │ var.client_config.object_id is "9627d1ab-c778-4272-b460-bc229135eadc"
│ 
│ Inappropriate value for attribute "owners": incorrect set element type: string required.
╵
╷
│ Error: Incorrect attribute value type
│ 
│   on /home/vscode/.terraform.cache/contoso/modules/launchpad/modules/azuread/groups/group.tf line 6, in resource "azuread_group" "group":
│    6:   owners = coalescelist(
│    7:     try(tolist(var.azuread_groups.owners), []),
│    8:     [
│    9:       var.client_config.object_id
│   10:     ]
│   11:   )
│     ├────────────────
│     │ var.azuread_groups.owners is tuple with 1 element
│     │ var.client_config.object_id is "9627d1ab-c778-4272-b460-bc229135eadc"
│ 
│ Inappropriate value for attribute "owners": incorrect set element type: string required.
╵
╷
│ Error: Incorrect attribute value type
│ 
│   on /home/vscode/.terraform.cache/contoso/modules/launchpad/modules/azuread/groups/group.tf line 6, in resource "azuread_group" "group":
│    6:   owners = coalescelist(
│    7:     try(tolist(var.azuread_groups.owners), []),
│    8:     [
│    9:       var.client_config.object_id
│   10:     ]
│   11:   )
│     ├────────────────
│     │ var.azuread_groups.owners is tuple with 1 element
│     │ var.client_config.object_id is "9627d1ab-c778-4272-b460-bc229135eadc"
│ 
│ Inappropriate value for attribute "owners": incorrect set element type: string required.
╵
╷
│ Error: Incorrect attribute value type
│ 
│   on /home/vscode/.terraform.cache/contoso/modules/launchpad/modules/azuread/groups/group.tf line 6, in resource "azuread_group" "group":
│    6:   owners = coalescelist(
│    7:     try(tolist(var.azuread_groups.owners), []),
│    8:     [
│    9:       var.client_config.object_id
│   10:     ]
│   11:   )
│     ├────────────────
│     │ var.azuread_groups.owners is tuple with 1 element
│     │ var.client_config.object_id is "9627d1ab-c778-4272-b460-bc229135eadc"
│ 
│ Inappropriate value for attribute "owners": incorrect set element type: string required.
╵
╷
│ Error: expected "object_id" to be a valid UUID, got 
│ 
│   with module.launchpad.module.keyvaults["level2"].module.initial_policy[0].module.object_id["bootstrap_user"].azurerm_key_vault_access_policy.policy,
│   on /home/vscode/.terraform.cache/contoso/modules/launchpad/modules/security/keyvault_access_policies/access_policy/access_policy.tf line 5, in resource "azurerm_key_vault_access_policy" "policy":
│    5:   object_id               = var.object_id
│ 
╵
╷
│ Error: expected "object_id" to be a valid UUID, got 
│ 
│   with module.launchpad.module.keyvaults["level0"].module.initial_policy[0].module.object_id["bootstrap_user"].azurerm_key_vault_access_policy.policy,
│   on /home/vscode/.terraform.cache/contoso/modules/launchpad/modules/security/keyvault_access_policies/access_policy/access_policy.tf line 5, in resource "azurerm_key_vault_access_policy" "policy":
│    5:   object_id               = var.object_id
│ 
╵
╷
│ Error: expected "object_id" to be a valid UUID, got 
│ 
│   with module.launchpad.module.keyvaults["level1"].module.initial_policy[0].module.object_id["bootstrap_user"].azurerm_key_vault_access_policy.policy,
│   on /home/vscode/.terraform.cache/contoso/modules/launchpad/modules/security/keyvault_access_policies/access_policy/access_policy.tf line 5, in resource "azurerm_key_vault_access_policy" "policy":
│    5:   object_id               = var.object_id
│ 
╵
Terraform plan return code: 1
Error on or near line 386: Error running terraform plan; exiting with status 1

@calling clean_up_variables
cleanup variables
clean_up backend_files
hifaz1012 commented 1 year ago

Tried the below fixes but the same error occurs.

  1. @LaurentLesle provided this fix : export TF_VAR_logged_user_objectId=$(az account show --query id -o tsv)
  2. Upgraded caf_launchpad/landingzones.tf aztfmod/caf/azurerm version from 5.5.5 to 5.6.4

cc: @arnaudlh

daemenseth commented 1 year ago

@hifaz1012 see below link for the sollution. Fixed it for me https://github.com/Azure/caf-terraform-landingzones-platform-starter/issues/11#issuecomment-1216058349