Azure / caf-terraform-landingzones

This solution, offered by the Open-Source community, will no longer receive contributions from Microsoft. Customers are encouraged to transition to Microsoft Azure Verified Modules for continued support and updates from Microsoft. Please note, this repository is scheduled for decommissioning and will be removed on July 1, 2025.
https://github.com/aztfmod/caf-terraform-landingzones
MIT License
761 stars 666 forks source link

Get started failing : Incorrect attribute value type #421

Closed gevraud-cicd closed 2 years ago

gevraud-cicd commented 2 years ago

Hello,

I am trying to reproduce the "Get Started" tuto (https://aztfmod.github.io/documentation/docs/azure-landing-zones/landingzones/platform/single%20reuse/elsz-single-reuse) to test the CAF framework. I got the error below.

I use rover aztfmod/rover:1.2.5-2208.0208 running in docker-compose in WSL (no docker desktop)

Any idea on what's happening here ?

@calling process_actions
@calling verify_parameters
landingzone                   : '/tf/caf/landingzones/caf_launchpad'
@deploy for gitops_terraform_backend_type set to 'azurerm'
@calling deploy_azurerm
@calling get_storage_id
@calling_get_logged_user_object_id
 - AZURE_ENVIRONMENT: AzureCloud
 - ARM_ENVIRONMENT: public
Initalizing az cloud variables
 - logged in user objectId: xxxxxxx (yyyy@zzz.onmicrosoft.com)
Initializing state with user: yyyy@zzz.onmicrosoft.com
No launchpad found.
Deploying from scratch the launchpad
@calling initialize_state
Checking required permissions
@checking if current user (object_id: xxxxx) is Owner of the subscription - only for launchpad
User is Owner of the subscription
Installing launchpad from /tf/caf/landingzones/caf_launchpad
Terraform version 0.15 or greater
Upgrading modules...
Downloading registry.terraform.io/aztfmod/caf/azurerm 5.5.5 for dynamic_keyvault_secrets...
Downloading registry.terraform.io/aztfmod/caf/azurerm 5.5.5 for launchpad...
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/tls versions matching "~> 3.1.0"...
- Finding hashicorp/azurerm versions matching "~> 2.88.1"...
- Finding hashicorp/null versions matching "~> 3.1.0"...
- Finding hashicorp/random versions matching "~> 3.1.0"...
- Finding aztfmod/azurecaf versions matching "~> 1.2.0"...
- Finding latest version of hashicorp/local...
- Finding hashicorp/azuread versions matching "~> 1.4.0"...
- Finding latest version of hashicorp/time...
- Finding hashicorp/external versions matching "~> 2.2.0"...
- Using hashicorp/tls v3.1.0 from the shared cache directory
- Using hashicorp/azurerm v2.88.1 from the shared cache directory
- Using hashicorp/null v3.1.1 from the shared cache directory
- Using aztfmod/azurecaf v1.2.19 from the shared cache directory
- Using hashicorp/external v2.2.2 from the shared cache directory
- Using hashicorp/random v3.1.3 from the shared cache directory
- Using hashicorp/local v2.2.3 from the shared cache directory
- Using hashicorp/azuread v1.4.0 from the shared cache directory
- Using hashicorp/time v0.8.0 from the shared cache directory
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
Line 112 - Terraform init return code 0
calling plan
@calling plan
running terraform plan with -var-file /tf/caf/configuration/level0/launchpad/azuread_api_permissions.tfvars -var-file /tf/caf/configuration/level0/launchpad/azuread_applications.tfvars -var-file /tf/caf/configuration/level0/launchpad/azuread_group_members.tfvars -var-file /tf/caf/configuration/level0/launchpad/azuread_groups.tfvars -var-file /tf/caf/configuration/level0/launchpad/azuread_roles.tfvars -var-file /tf/caf/configuration/level0/launchpad/azuread_service_principals.tfvars -var-file /tf/caf/configuration/level0/launchpad/dynamic_keyvault_secrets.tfvars -var-file /tf/caf/configuration/level0/launchpad/global_settings.tfvars -var-file /tf/caf/configuration/level0/launchpad/keyvault_access_policies.tfvars -var-file /tf/caf/configuration/level0/launchpad/keyvaults.tfvars -var-file /tf/caf/configuration/level0/launchpad/landingzone.tfvars -var-file /tf/caf/configuration/level0/launchpad/resource_groups.tfvars -var-file /tf/caf/configuration/level0/launchpad/role_mapping.tfvars -var-file /tf/caf/configuration/level0/launchpad/storage_accounts.tfvars
 -TF_VAR_workspace: tfstate
 -state: /home/vscode/.terraform.cache/test/tfstates/level0/tfstate/caf_launchpad.tfstate
 -plan:  /home/vscode/.terraform.cache/test/tfstates/level0/tfstate/caf_launchpad.tfplan
/tf/caf/landingzones/caf_launchpad
Running Terraforn plan...
@calling terraform_plan -- azurerm
module.launchpad.module.azuread_groups_membership["caf_platform_maintainers"].data.azuread_user.upn["yyyy@zzz.onmicrosoft.com"]: Reading...
module.launchpad.module.azuread_groups_membership["caf_platform_maintainers"].data.azuread_user.upn["yyyy@zzz.onmicrosoft.com"]: Read complete after 1s [id=xxxx]
data.azurerm_client_config.current: Reading...
data.azurerm_client_config.current: Read complete after 0s [id=2022-09-19 12:29:19.1214725 +0000 UTC]
module.launchpad.data.azurerm_client_config.current: Reading...
module.launchpad.data.azurerm_subscription.primary: Reading...
module.launchpad.data.azurerm_client_config.current: Read complete after 0s [id=2022-09-19 12:29:19.1284991 +0000 UTC]
module.launchpad.data.azurerm_management_group.level["root"]: Reading...
module.launchpad.data.azurerm_management_group.level["root"]: Read complete after 1s [id=/providers/Microsoft.Management/managementGroups/aaaaa]
module.launchpad.data.azurerm_subscription.primary: Read complete after 1s [id=/subscriptions/bbbb]
╷
│ Error: Incorrect attribute value type
│
│   on /home/vscode/.terraform.cache/test/modules/launchpad/modules/azuread/groups/group.tf line 6, in resource "azuread_group" "group":
│    6:   owners = coalescelist(
│    7:     try(tolist(var.azuread_groups.owners), []),
│    8:     [
│    9:       var.client_config.object_id
│   10:     ]
│   11:   )
│     ├────────────────
│     │ var.azuread_groups.owners is tuple with 1 element
│     │ var.client_config.object_id is "xxxx"
│
│ Inappropriate value for attribute "owners": incorrect set element type: string required.
╵
╷
│ Error: Incorrect attribute value type
│
│   on /home/vscode/.terraform.cache/test/modules/launchpad/modules/azuread/groups/group.tf line 6, in resource "azuread_group" "group":
│    6:   owners = coalescelist(
│    7:     try(tolist(var.azuread_groups.owners), []),
│    8:     [
│    9:       var.client_config.object_id
│   10:     ]
│   11:   )
│     ├────────────────
│     │ var.azuread_groups.owners is tuple with 1 element
│     │ var.client_config.object_id is "xxxx"
│
│ Inappropriate value for attribute "owners": incorrect set element type: string required.
╵
╷
│ Error: Incorrect attribute value type
│
│   on /home/vscode/.terraform.cache/test/modules/launchpad/modules/azuread/groups/group.tf line 6, in resource "azuread_group" "group":
│    6:   owners = coalescelist(
│    7:     try(tolist(var.azuread_groups.owners), []),
│    8:     [
│    9:       var.client_config.object_id
│   10:     ]
│   11:   )
│     ├────────────────
│     │ var.azuread_groups.owners is tuple with 1 element
│     │ var.client_config.object_id is "xxxx"
│
│ Inappropriate value for attribute "owners": incorrect set element type: string required.
╵
╷
│ Error: Incorrect attribute value type
│
│   on /home/vscode/.terraform.cache/test/modules/launchpad/modules/azuread/groups/group.tf line 6, in resource "azuread_group" "group":
│    6:   owners = coalescelist(
│    7:     try(tolist(var.azuread_groups.owners), []),
│    8:     [
│    9:       var.client_config.object_id
│   10:     ]
│   11:   )
│     ├────────────────
│     │ var.azuread_groups.owners is tuple with 1 element
│     │ var.client_config.object_id is "xxx"
│
│ Inappropriate value for attribute "owners": incorrect set element type: string required.
╵
╷
│ Error: Incorrect attribute value type
│
│   on /home/vscode/.terraform.cache/test/modules/launchpad/modules/azuread/groups/group.tf line 6, in resource "azuread_group" "group":
│    6:   owners = coalescelist(
│    7:     try(tolist(var.azuread_groups.owners), []),
│    8:     [
│    9:       var.client_config.object_id
│   10:     ]
│   11:   )
│     ├────────────────
│     │ var.azuread_groups.owners is tuple with 1 element
│     │ var.client_config.object_id is "xxxx"
│
│ Inappropriate value for attribute "owners": incorrect set element type: string required.
╵
╷
│ Error: Incorrect attribute value type
│
│   on /home/vscode/.terraform.cache/test/modules/launchpad/modules/azuread/groups/group.tf line 6, in resource "azuread_group" "group":
│    6:   owners = coalescelist(
│    7:     try(tolist(var.azuread_groups.owners), []),
│    8:     [
│    9:       var.client_config.object_id
│   10:     ]
│   11:   )
│     ├────────────────
│     │ var.azuread_groups.owners is tuple with 1 element
│     │ var.client_config.object_id is "xxxx"
│
│ Inappropriate value for attribute "owners": incorrect set element type: string required.
╵
╷
│ Error: Incorrect attribute value type
│
│   on /home/vscode/.terraform.cache/test/modules/launchpad/modules/azuread/groups/group.tf line 6, in resource "azuread_group" "group":
│    6:   owners = coalescelist(
│    7:     try(tolist(var.azuread_groups.owners), []),
│    8:     [
│    9:       var.client_config.object_id
│   10:     ]
│   11:   )
│     ├────────────────
│     │ var.azuread_groups.owners is tuple with 1 element
│     │ var.client_config.object_id is "xxxx"
│
│ Inappropriate value for attribute "owners": incorrect set element type: string required.
╵
╷
│ Error: Incorrect attribute value type
│
│   on /home/vscode/.terraform.cache/test/modules/launchpad/modules/azuread/groups/group.tf line 6, in resource "azuread_group" "group":
│    6:   owners = coalescelist(
│    7:     try(tolist(var.azuread_groups.owners), []),
│    8:     [
│    9:       var.client_config.object_id
│   10:     ]
│   11:   )
│     ├────────────────
│     │ var.azuread_groups.owners is tuple with 1 element
│     │ var.client_config.object_id is "xxxx"
│
│ Inappropriate value for attribute "owners": incorrect set element type: string required.
╵
╷
│ Error: Incorrect attribute value type
│
│   on /home/vscode/.terraform.cache/test/modules/launchpad/modules/azuread/groups/group.tf line 6, in resource "azuread_group" "group":
│    6:   owners = coalescelist(
│    7:     try(tolist(var.azuread_groups.owners), []),
│    8:     [
│    9:       var.client_config.object_id
│   10:     ]
│   11:   )
│     ├────────────────
│     │ var.azuread_groups.owners is tuple with 1 element
│     │ var.client_config.object_id is "xxxx"
│
│ Inappropriate value for attribute "owners": incorrect set element type: string required.
╵
╷
│ Error: expected "object_id" to be a valid UUID, got
│
│   with module.launchpad.module.keyvaults["level2"].module.initial_policy[0].module.object_id["bootstrap_user"].azurerm_key_vault_access_policy.policy,
│   on /home/vscode/.terraform.cache/test/modules/launchpad/modules/security/keyvault_access_policies/access_policy/access_policy.tf line 5, in resource "azurerm_key_vault_access_policy" "policy":
│    5:   object_id               = var.object_id
│
╵
╷
│ Error: expected "object_id" to be a valid UUID, got
│
│   with module.launchpad.module.keyvaults["level1"].module.initial_policy[0].module.object_id["bootstrap_user"].azurerm_key_vault_access_policy.policy,
│   on /home/vscode/.terraform.cache/test/modules/launchpad/modules/security/keyvault_access_policies/access_policy/access_policy.tf line 5, in resource "azurerm_key_vault_access_policy" "policy":
│    5:   object_id               = var.object_id
│
╵
╷
│ Error: expected "object_id" to be a valid UUID, got
│
│   with module.launchpad.module.keyvaults["level0"].module.initial_policy[0].module.object_id["bootstrap_user"].azurerm_key_vault_access_policy.policy,
│   on /home/vscode/.terraform.cache/test/modules/launchpad/modules/security/keyvault_access_policies/access_policy/access_policy.tf line 5, in resource "azurerm_key_vault_access_policy" "policy":
│    5:   object_id               = var.object_id
│
╵
Terraform plan return code: 1
Error on or near line 386: Error running terraform plan; exiting with status 1

Regards

gevraud-cicd commented 2 years ago

This issue helped me to fix the issue https://github.com/Azure/caf-terraform-landingzones-platform-starter/issues/11 and it deployed the level0 launchpad.

However the next step (levl0 credentials) is failing because it can't access the storage account, making the terraform init failing.

│ Error: Failed to get existing workspaces: containers.Client#ListBlobs: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationPermissionMismatch" Message="This request is not authorized to perform this operation using this permission.\nRequestId:xxxxx-601e-002c-03c7-cc08cd000000\nTime:2022-09-20T08:03:09.5227518Z"