search

jason-johnson / azure-pipelines-tasks-terraform

Azure Pipelines extension for Terraform
MIT License
124 stars 52 forks source link

enable management group scoped service connections for azurerm backends #243

Closed charleszipp closed 2 years ago

charleszipp commented 2 years ago

Related #20

This will enable users to leverage management group scoped service connections for azurerm backends. A new input has been added to specify the subscription id when using management group scope. Management group scoped service connections do not define a subscription id. Terraform requires the subscription id be defined and, the ensureBackend operations require the subscription id. Therefore, it must be provided when using management group scope.

- task: charleszipp.azure-pipelines-tasks-terraform.azure-pipelines-tasks-terraform-cli.TerraformCLI@0
  displayName: 'terraform init'
  inputs:
    command: init
    workingDirectory: $(terraform_templates_dir)
    backendType: azurerm

    # Specify a management group scoped service connection
    backendServiceArm: 'env_test_mgmt'
    # Define the target subscription that houses the terraform backend
    backendAzureRmSubscriptionId: $(azure_subscription_id)

If ensureBackend is set, the subscription defined in backendAzureRmSubscriptionId will be used to determine in what subscription the resource group and storage account are created.

- task: charleszipp.azure-pipelines-tasks-terraform.azure-pipelines-tasks-terraform-cli.TerraformCLI@0
  displayName: 'terraform init'
  inputs:
    command: init
    workingDirectory: $(terraform_templates_dir)
    backendType: azurerm

    # Specify a management group scoped service connection
    backendServiceArm: 'env_test_mgmt'
    # Define the target subscription that houses the terraform backend
    backendAzureRmSubscriptionId: $(azure_subscription_id)

    ensureBackend: true
    backendAzureRmResourceGroupName: 'my-backend-resource-group'
    backendAzureRmResourceGroupLocation: eastus
    backendAzureRmStorageAccountName: 'my-backend-storage-account'
    backendAzureRmStorageAccountSku: Standard_RAGRS
    backendAzureRmContainerName: 'my-backend-blob-container'
    backendAzureRmKey: infrax.tfstate
captainhook commented 8 months ago

@charleszipp is this supposed to work for release pipelines or only build?