search

microsoft / azure-pipelines-terraform

Azure Pipelines tasks for installing Terraform and running Terraform commands in a build or release pipeline.
MIT License
107 stars 66 forks source link

Terraform Import blocks aren't working correctly between windows / linux #258

Open Poltergeisen opened 5 days ago

Poltergeisen commented 5 days ago

Hi, I have some code like this:

locals {
  level_2 = zipmap(
    flatten([for key, value in var.management_groups : formatlist("${key}/%s", keys(value.children)) if value.children != null]),
    flatten([for value in var.management_groups : values(value.children) if value.children != null])
  )
}

import {
  for_each = local.level_2

  id = "/providers/Microsoft.Management/managementGroups/${basename(each.key)}"
  to = module.base.azurerm_management_group.level_2[each.key]
}

On windows, when I run this it does this:

Image

On my linux build agent, I get the following:

Image

It looks like it's adding some "\"'s in the import statements for some reason. I can't reproduce locally, or on WSL. Only on my build agent using this task...

This is my build script so far, as bare bones as I could make it:


trigger:
  branches:
    include:
      - main
  batch: true

pool: usw-landing-zone-prod-vmss
stages:
  - stage:
    jobs:
    - job: "INIT_PLAN"
      steps:
      - checkout: self
      - task: TerraformInstaller@1
        inputs:
          terraformVersion: '1.9.8'
      - task: TerraformTaskV4@4
        inputs:
          provider: 'azurerm'
          command: 'init'
          workingDirectory: '$(System.DefaultWorkingDirectory)/environments/lhg'
          backendAzureRmUseEnvironmentVariablesForAuthentication: false
          backendServiceArm: 'usw2-shared-services'
          backendAzureRmResourceGroupName: 'rg'
          backendAzureRmStorageAccountName: 'acct'
          backendAzureRmContainerName: 'tstate'
          backendAzureRmKey: 'cf/coreresources/environments/lhg/main.tfstate'
      - task: TerraformTaskV4@4
        inputs:
          provider: 'azurerm'
          command: 'plan'
          workingDirectory: '$(System.DefaultWorkingDirectory)/environments/lhg'
          environmentServiceNameAzureRM: 'usw2-shared-services'
Poltergeisen commented 5 days ago

When I log into the build agent directly and run the terraform plan command, I get the proper output.

There seems to be something missing in regards to the backend configuration maybe? Is there special setup I need to do for that to work correctly for plan steps? Shouldn't the init be enough?

Poltergeisen commented 5 days ago

I think this may be due to permissions errors. Is there a better way to maybe surface those? When I enable trace logging I get this:

2024-11-11T08:49:37.301Z [DEBUG] provider.terraform-provider-azurerm_v4.7.0_x5: {"error":{"code":"AuthorizationFailed","message":"The client '' with object id '' does not have authorization to perform action 'Microsoft.Management/managementGroups/read' over scope '/providers/Microsoft.Management/managementGroups/lhg-sandboxes' or the scope is invalid. If access was recently granted, please refresh your credentials."}}

Poltergeisen commented 5 days ago

I'd like to request that this error be surfaced better. If there is a permissions error I feel like that should be displayed instead of a "not found" generic message. The only way to know you're hitting permissions errors is to enable trace logging.