Azure / terraform-azurerm-caf-enterprise-scale

Azure landing zones Terraform module
https://aka.ms/alz/tf
MIT License
875 stars 575 forks source link

Problems importing subscriptions #891

Open JyrkiHei opened 10 months ago

JyrkiHei commented 10 months ago

Community Note

Versions

terraform: 1.7.0

azure provider: AzureRM 3.88.0, AzApi v1.12

module: Azure/caf-enterprise-scale/azurerm v4.2.0 or 5.0.3

Description

Describe the bug

We had an existing deployment with strict_subscription_association = true. This was done with 4.2.0 version of the module. We tried to disable strict association, because we used LZ-VENDING also but was unable to import the three subscriptions (identity, connectivity and management). Version 5.0.3 gave the same error.

image

I tried to import the associations but was unable to do anything.

Steps to Reproduce

  1. Have existing environment (first deployed with 4.2.0 with the default value of strict sub association = true).
  2. Started using LZ-VENDING (made multiple subs under online) and tried to run this again
  3. Terraform wanted to affect MG association with the management, connectivity and identity subs
  4. Tried to execute 'terraform import' to the subs but was unable to do it. See error from description!
  5. Tried command like the one below, but I got error at the end
  6. Tried updating module to 5.0.3 but got the same error

terraform import module.enterprise_scale[0].azurerm_management_group_subscription_association.enterprise_scale["/providers/Microsoft.Management/managementGroups/cloud-connectivity/subscriptions/b12c2937-3458-4cf1-b749-331efd25c201"] /providers/Microsoft.Management/managementGroups/cloud-connectivity/subscriptions/b12c2937-3458-4cf1-b749-331efd25c201

Screenshots

Additional context

JyrkiHei commented 10 months ago

Fortunately I had colleagues with better eyesight than me! Upgrade document for v5 had this example of 'terraform import' command which seems to have incorrectly formatted second parameter.

Example was: terraform import 'module..azurerm_management_group_subscription_association.enterprise_scale["/providers/Microsoft.Management/managementGroups//subscriptions/"]' '/providers/Microsoft.Management/managementGroups//subscriptions/'

And based on Terraform documentation, it should be: terraform import 'module..azurerm_management_group_subscription_association.enterprise_scale["/providers/Microsoft.Management/managementGroups//subscriptions/"]' '/managementGroup//subscription/'

Terraform Docs: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_group_subscription_association

matt-FFFFFF commented 10 months ago

Ahh thank you for picking this up. We will fix