aztfmod / level0

Launchpads that can be used by the rover to deploy the Azure CAF Terraform landing zones
https://aka.ms/caf
MIT License
14 stars 21 forks source link

plan output results in several undeclared output values #29

Closed TyMac closed 4 years ago

TyMac commented 4 years ago

New to CAF so I may be missing something, but running:

launchpad /tf/launchpads/launchpad_opensource plan

is currently resulting in several errors - output below:

`Error: Reference to undeclared resource

on identity.tf line 81, in locals: 81: "principalId": "${azuread_service_principal.server.id}",

A managed resource "azuread_service_principal" "server" has not been declared in the root module.

Error: Reference to undeclared output value

on blueprints/blueprint_virtual_machine/output.tf line 12, in output "ssh_private_key_pem_secret_id": 12: value = module.vm.ssh_private_key_pem_secret_id

An output value with the name "ssh_private_key_pem_secret_id" has not been declared in module.blueprint_devops_self_hosted_agent.module.vm.

Error: Reference to undeclared output value

on blueprints/blueprint_virtual_machine/save_ssh_key.tf line 2, in data "azurerm_key_vault_secret" "private_key_pem": 2: name = module.vm.ssh_private_key_pem_secret_id.name

An output value with the name "ssh_private_key_pem_secret_id" has not been declared in module.blueprint_devops_self_hosted_agent.module.vm.

Error: Reference to undeclared output value

on blueprints/blueprint_virtual_machine/save_ssh_key.tf line 3, in data "azurerm_key_vault_secret" "private_key_pem": 3: key_vault_id = module.vm.ssh_private_key_pem_secret_id.key_vault_id

An output value with the name "ssh_private_key_pem_secret_id" has not been declared in module.blueprint_devops_self_hosted_agent.module.vm.

cleanup variables`

Masahigo commented 4 years ago

I'm also running into this error when trying the same using current Rover version configured in Dev Container (https://github.com/Azure/caf-terraform-landingzones/blob/master/.devcontainer/docker-compose.yml#L9) - 2004.0211.

But launchpad_opensource also seems to fail in newer versions when run using "User" account:

[vscode@e3e8dc264554 caf]$ launchpad /tf/launchpads/launchpad_opensource plan
Launchpad management tool started with:
  tf_action   is : 'plan'
  tf_command  is : ''
  landingzone is : '/tf/launchpads/launchpad_opensource'
  workspace   is : 'level0'

Checking existing Azure session
No launchpad found.
Deploying from scratch the launchpad

...

calling plan
running terraform plan with 
 -TF_VAR_workspace: level0
/tf/launchpads/launchpad_opensource
var.azure_devops_pat_token
  Azure DevOps Personal Access Token to register the self hosted agent

  Enter a value: *****

var.azure_devops_url_organization
  The value should be the URI of your Azure DevOps organization, for example: https://dev.azure.com/MyOrganization/ or your Azure DevOps Server organization

  Enter a value: https://dev.azure.com/****/

var.location
  Azure region to deploy the launchpad in the form or 'southeastasia' or 'westeurope'

  Enter a value: westeurope

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

data.azuread_service_principal.rover_user: Refreshing state...
data.azurerm_client_config.current: Refreshing state...
module.blueprint_devops_self_hosted_agent.data.azurerm_subscription.current: Refreshing state...
module.blueprint_container_registry.data.azurerm_subscription.current: Refreshing state...
data.azurerm_subscription.primary: Refreshing state...
module.blueprint_networking.data.azurerm_subscription.current: Refreshing state...
Terraform apply return code: 0
Terraform returned errors:

Error: Service Principal with Object ID "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" was not found!

  on keyvault.tf line 45, in data "azuread_service_principal" "rover_user":
  45: data "azuread_service_principal" "rover_user" {

cleanup variables

This is possibly related to this TF issue: https://github.com/terraform-providers/terraform-provider-azurerm/issues/1844

At least in my case there's well over 100 SPs in the AAD tenant

[vscode@e3e8dc264554 caf]$ az ad sp list --query "length(@)" --all
431

This is the breaking change: https://github.com/aztfmod/level0/commit/43d4c41b4c484ebd06d65b8282cb7ebe12aa3ff2

Masahigo commented 4 years ago

I did some further debugging

[vscode@e3e8dc264554 caf]$ TF_LOG=DEBUG launchpad /tf/launchpads/launchpad_opensource plan

...

2020-04-28T11:30:51.778Z [DEBUG] plugin.terraform-provider-azuread_v0.7.0_x4: 2020/04/28 11:30:51 [DEBUG] AzureAD Response for https://graph.windows.net/33cab307-3f5a-4b91-a0d5-d681df820d94/servicePrincipals/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx?api-version=1.6: 
2020-04-28T11:30:51.778Z [DEBUG] plugin.terraform-provider-azuread_v0.7.0_x4: HTTP/1.1 404 Not Found

...

2020-04-28T11:30:51.779Z [DEBUG] plugin.terraform-provider-azuread_v0.7.0_x4: {"odata.error":{"code":"Request_ResourceNotFound","message":{"lang":"en","value":"Resource 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' does not exist or one of its queried reference-property objects are not present."},"requestId":"ef66f760-f4f4-4b47-a4c2-ce437562c3ac","date":"2020-04-28T11:30:52"}}

...

data "azuread_service_principal" "rover_user" is expecting a Service Principal (https://www.terraform.io/docs/providers/azuread/r/service_principal.html) but it's passed a User's Object id - when run from Dev Container.

LaurentLesle commented 4 years ago

fix coming in 2005 release