Support for filtering azure resources

jpreese commented 4 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Many resources in the aws provider support a filter block which enables Terraform configurations to use tags as a way to get back results from the data provider. An example is the aws_security_groups data provider.

This allows configurations to care less about how resources are named, and more about their attributes (owners, automation, locations, etc).

The Azure CLI does support the --filter (and --tag) argument, so if this makes sense, it should be doable from a technical perspective.

New or Affected Resource(s)

Any/All Azure resources that support the --filter//--tag argument

Potential Terraform Configuration

data "azurerm_network_security_group" "example" {
  filter {
    name = "tag:mysubscription"
    value = ["global", "env:dev"]
}

tombuildsstuff commented 4 years ago

hey @jpreese

Thanks for opening this issue :)

As with #6160 this sounds good to me, however I believe this wants to be done only for the Plural data sources (e.g. a hypothetical azurerm_key_vaults rather than the Singular azurerm_key_vault) - since these are targeting two different use-cases (finding a single key vault vs finding multiple) - as such I've tagged this as a "new data source") in addition to "enhancement" since it's likely this'll require several new data sources to achieve it

Thanks!

jpreese commented 4 years ago

Makes sense to me!

schwarzzz commented 4 years ago

I'd really like to see this for singular resources as well.

When used within a singular resource (e.g. azurerm_key_vault) my expectation would be, that there is exactly one resource matching the specified criteria. If not, the provider should throw an error ("There is more than one Key Vault matching the specified filter").

benlongo commented 2 years ago

Having plural resources would be very useful, currently resorting to azurerm_resources.

PbALpi7xEX commented 1 year ago

I have been using azurerm_resources as well.. then passing the resource name to a resource specific data source. It does add a bit to the code however... but avoids having to hard-code resource names into data sources which is useful when using dynamic random resource names.

Example:

data "azurerm_resources" "keyvault" {
  type = "Microsoft.KeyVault/vaults"
  resource_group_name = data.azurerm_resource_group.primary.name
required_tags = {
    role = "primary"
  }
}

data "azurerm_key_vault" "primary" {
  name                = data.azurerm_resources.keyvault.resources[0].name
  resource_group_name = data.azurerm_resource_group.primary.name
}

hashicorp / terraform-provider-azurerm