search

aztfmod / rover

The rover is a docker container in charge of the deployment of the Terraform platform engineering for Azure
MIT License
171 stars 142 forks source link

function get_tfstate_keyvault_name seems to be failing: #241

Closed nusrath432 closed 2 years ago

nusrath432 commented 2 years ago

function get_tfstate_keyvault_name seems to be failing: https://github.com/aztfmod/rover/commit/4493e6d6ab2a6111ae4e1db92c58a51ace40dacb#r67170447

This seems to be failing due to the "AND" logic: 2201.2106

` @calling login_as_launchpad

Getting launchpad coordinates from subscription: xxxe5052-0714-4xxx-90b5-2xxxff260fxxx

keyvault_name: ERROR: argument --vault-name: expected one argument Examples from AI knowledge base: az keyvault secret show --name mysecret --vault-name myvault Get a specified secret from a given key vault. (autogenerated)

az keyvault secret show --id "/subscriptions/00000000-0000-0000-0000-00000000000000000/resourceGroups/myrg/providers/Microsoft.KeyVault/vaults/mykv/privateEndpointConnections/mykv.00000000-0000-0000-0000-00000000000000000" --vault-name myvault Get a specified secret from a given key vault. (autogenerated)

https://docs.microsoft.com/en-US/cli/azure/keyvault/secret#az_keyvault_secret_show Read more about the command in reference docs

tenant_id : Error on or near line 357: Not authorized to manage landingzones. User must be member of the security group to access the launchpad and deploy a landing zone; exiting with status 102 @calling clean_up_variables cleanup variables clean_up backend_files `

However, az graph query -q "Resources | where type == 'microsoft.keyvault/vaults' | project name" --query "data[0].name" -o tsv --subscriptions xxxe5052-0714-4xxx-90b5-2xxxff260fxxx fn01-kv-level0

LaurentLesle commented 2 years ago

Hi @nusrath432 can you share with me the tags you have in your level0 storage account and keyvault? The modification was done to filter based on the tags to retrieve the keyvault.

nusrath432 commented 2 years ago

@LaurentLesle No the code is working fine. It was just that the tag combination tfstate/environment or caf_tfsate/caf_environment that needed sorting out. Ideally, I would prefer them being set at global_settings so that cloning environments would be easier with one change instead of object level (KV/SA) changes. Have to update environment tag at various places.

All good - no action required.

Thanks