caf-terraform-landingzones
caf-terraform-landingzones copied to clipboard
Published
20 hours ago •
Azure
Azure
CAF Launchpad scenario 200 does not work with a bootstrap service principle.
Describe the bug Unable to run plan with a service principle. I get the following error:
Error: No service principal found for application ID: "04b07795-8ddb-461a-bbee-02f9e1bf7b46" │ │ with module.launchpad.data.azuread_service_principal.logged_in_app[0], │ on /home/vscode/.terraform.cache/ABC/modules/launchpad/main.tf line 51, in data "azuread_service_principal" "logged_in_app": │ 51: data "azuread_service_principal" "logged_in_app" {
I think this may be related to permissions as "04b07795-8ddb-461a-bbee-02f9e1bf7b46" is the id for the Azure CLI. Any reference to this error usually implies permissions and 4.7.2 moved to the microsoft graph:
azuread_api_permissions = {
#
# To be removed part on 5.7.0 migration (new Microsoft Graph API)
#
# caf_launchpad_level0 = {
# active_directory_graph = {
# resource_app_id = "00000002-0000-0000-c000-000000000000"
# resource_access = {
# Application_ReadWrite_OwnedBy = {
# id = "824c81eb-e3f8-4ee6-8f6d-de7f50d565b7"
# type = "Role"
# }
# Directory_ReadWrite_All = {
# id = "78c8a3c8-a07e-4b9e-af1b-b5ccab50a175"
# type = "Role"
# }
# }
# }
# }
To Reproduce Steps to reproduce the behavior:
- az login --service-principal -u "" -p "" -t "***"
- rover -lz /tf/caf/landingzones/caf_launchpad -launchpad -var-folder /tf/caf/platform/demo/level_0 -env FHL -level level0 -log-severity ERROR -p ${TF_DATA_DIR}/caf_launchpad.tfstate.tfplan -a plan
- execute the following command:
rover -lz /tf/caf/caf_launchpad
-launchpad
-var-folder /tf/caf/caf_launchpad/scenario/200
-level level0
-a plan
Expected behavior A clear and concise description of what you expected to happen.
Configuration (please complete the following information): OS and version: [e.g. Windows 10 19045] Version of the rover aztfmod/rover:1.5.4-2307.2804 Version of the landing zone 5.7.2
Additional context permissions: Application.ReadWrite.All Application.ReadWrite.OwnedBy AppRoleAssignment.ReadWrite.All DelegatedPermissionGrant.ReadWrite.All Directory.ReadWrite.All Group.ReadWrite.All RoleManagement.ReadWrite.Directory
@calling initialize_state Checking required permissions @checking if current user (object_id: ***) is Owner of the subscription - only for launchpad User is Owner of the subscription Installing launchpad from /tf/caf/landingzones/caf_launchpad
`Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
- create
Terraform planned the following actions, but then encountered a problem:
random_string.prefix[0] will be created
- resource "random_string" "prefix" {
- id = (known after apply)
- length = 4
- lower = true
- min_lower = 0
- min_numeric = 0
- min_special = 0
- min_upper = 0
- number = (known after apply)
- numeric = false
- result = (known after apply)
- special = false
- upper = false }
module.launchpad.random_string.prefix[0] will be created
- resource "random_string" "prefix" {
- id = (known after apply)
- length = 4
- lower = true
- min_lower = 0
- min_numeric = 0
- min_special = 0
- min_upper = 0
- number = (known after apply)
- numeric = false
- result = (known after apply)
- special = false
- upper = false }
module.launchpad.module.custom_roles["caf-launchpad"].azurecaf_name.custom_role will be created
- resource "azurecaf_name" "custom_role" {
- clean_input = true
- id = (known after apply)
- name = "caf-launchpad"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_resource_group"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.custom_roles["caf-launchpad-contributor"].azurecaf_name.custom_role will be created
- resource "azurecaf_name" "custom_role" {
- clean_input = true
- id = (known after apply)
- name = "caf-launchpad-contributor"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_resource_group"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.diagnostic_event_hub_namespaces["central_logs_region1"].azurecaf_name.evh will be created
- resource "azurecaf_name" "evh" {
- clean_input = true
- id = (known after apply)
- name = "logs"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_eventhub_namespace"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.diagnostic_log_analytics["central_logs_region1"].azurecaf_name.law will be created
- resource "azurecaf_name" "law" {
- clean_input = true
- id = (known after apply)
- name = "logs"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_log_analytics_workspace"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.diagnostic_storage_accounts["bootdiag_region1"].azurecaf_name.stg will be created
- resource "azurecaf_name" "stg" {
- clean_input = true
- id = (known after apply)
- name = "bootrg1"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_storage_account"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.diagnostic_storage_accounts["bootdiag_region2"].azurecaf_name.stg will be created
- resource "azurecaf_name" "stg" {
- clean_input = true
- id = (known after apply)
- name = "bootrg2"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_storage_account"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.diagnostic_storage_accounts["diaglogs_region1"].azurecaf_name.stg will be created
- resource "azurecaf_name" "stg" {
- clean_input = true
- id = (known after apply)
- name = "diaglogsrg1"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_storage_account"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.diagnostic_storage_accounts["diaglogs_region2"].azurecaf_name.stg will be created
- resource "azurecaf_name" "stg" {
- clean_input = true
- id = (known after apply)
- name = "diaglogrg2"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_storage_account"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.diagnostic_storage_accounts["diagsiem_region1"].azurecaf_name.stg will be created
- resource "azurecaf_name" "stg" {
- clean_input = true
- id = (known after apply)
- name = "siemsg1"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_storage_account"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.diagnostic_storage_accounts["diagsiem_region2"].azurecaf_name.stg will be created
- resource "azurecaf_name" "stg" {
- clean_input = true
- id = (known after apply)
- name = "siemrg2"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_storage_account"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.keyvaults["level0"].azurecaf_name.keyvault will be created
- resource "azurecaf_name" "keyvault" {
- clean_input = true
- id = (known after apply)
- name = "level0"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_key_vault"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.keyvaults["level1"].azurecaf_name.keyvault will be created
- resource "azurecaf_name" "keyvault" {
- clean_input = true
- id = (known after apply)
- name = "level1"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_key_vault"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.keyvaults["level2"].azurecaf_name.keyvault will be created
- resource "azurecaf_name" "keyvault" {
- clean_input = true
- id = (known after apply)
- name = "level2"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_key_vault"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.keyvaults["level3"].azurecaf_name.keyvault will be created
- resource "azurecaf_name" "keyvault" {
- clean_input = true
- id = (known after apply)
- name = "level3"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_key_vault"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.keyvaults["level4"].azurecaf_name.keyvault will be created
- resource "azurecaf_name" "keyvault" {
- clean_input = true
- id = (known after apply)
- name = "level4"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_key_vault"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.managed_identities["level0"].azurecaf_name.msi will be created
- resource "azurecaf_name" "msi" {
- clean_input = true
- id = (known after apply)
- name = "landingzone-level0-msi"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_user_assigned_identity"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.managed_identities["level1"].azurecaf_name.msi will be created
- resource "azurecaf_name" "msi" {
- clean_input = true
- id = (known after apply)
- name = "landingzone-level1-msi"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_user_assigned_identity"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.managed_identities["level2"].azurecaf_name.msi will be created
- resource "azurecaf_name" "msi" {
- clean_input = true
- id = (known after apply)
- name = "landingzone-level2-msi"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_user_assigned_identity"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.managed_identities["level3"].azurecaf_name.msi will be created
- resource "azurecaf_name" "msi" {
- clean_input = true
- id = (known after apply)
- name = "landingzone-level3-msi"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_user_assigned_identity"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.managed_identities["level4"].azurecaf_name.msi will be created
- resource "azurecaf_name" "msi" {
- clean_input = true
- id = (known after apply)
- name = "landingzone-level4-msi"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_user_assigned_identity"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.resource_groups["level0"].azurecaf_name.rg will be created
- resource "azurecaf_name" "rg" {
- clean_input = true
- id = (known after apply)
- name = "launchpad-level0"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_resource_group"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.resource_groups["level0"].azurerm_resource_group.rg will be created
- resource "azurerm_resource_group" "rg" {
- id = (known after apply)
- location = "australiaeast"
- name = (known after apply)
- tags = {
- "BusinessUnit" = "SHARED"
- "DR" = "NON-DR-ENABLED"
- "caf_environment" = "sandpit"
- "costCenter" = "0"
- "deploymentType" = "Terraform"
- "landingzone" = "launchpad"
- "level" = "level0"
- "owner" = "CAF"
- "rover_version" = "aztfmod/rover:1.5.4-2307.2804" } }
module.launchpad.module.resource_groups["level1"].azurecaf_name.rg will be created
- resource "azurecaf_name" "rg" {
- clean_input = true
- id = (known after apply)
- name = "launchpad-level1"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_resource_group"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.resource_groups["level1"].azurerm_resource_group.rg will be created
- resource "azurerm_resource_group" "rg" {
- id = (known after apply)
- location = "australiaeast"
- name = (known after apply)
- tags = {
- "BusinessUnit" = "SHARED"
- "DR" = "NON-DR-ENABLED"
- "caf_environment" = "sandpit"
- "costCenter" = "0"
- "deploymentType" = "Terraform"
- "landingzone" = "launchpad"
- "level" = "level1"
- "owner" = "CAF"
- "rover_version" = "aztfmod/rover:1.5.4-2307.2804" } }
module.launchpad.module.resource_groups["level2"].azurecaf_name.rg will be created
- resource "azurecaf_name" "rg" {
- clean_input = true
- id = (known after apply)
- name = "launchpad-level2"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_resource_group"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.resource_groups["level2"].azurerm_resource_group.rg will be created
- resource "azurerm_resource_group" "rg" {
- id = (known after apply)
- location = "australiaeast"
- name = (known after apply)
- tags = {
- "BusinessUnit" = "SHARED"
- "DR" = "NON-DR-ENABLED"
- "caf_environment" = "sandpit"
- "costCenter" = "0"
- "deploymentType" = "Terraform"
- "landingzone" = "launchpad"
- "level" = "level2"
- "owner" = "CAF"
- "rover_version" = "aztfmod/rover:1.5.4-2307.2804" } }
module.launchpad.module.resource_groups["level3"].azurecaf_name.rg will be created
- resource "azurecaf_name" "rg" {
- clean_input = true
- id = (known after apply)
- name = "launchpad-level3"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_resource_group"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.resource_groups["level3"].azurerm_resource_group.rg will be created
- resource "azurerm_resource_group" "rg" {
- id = (known after apply)
- location = "australiaeast"
- name = (known after apply)
- tags = {
- "BusinessUnit" = "SHARED"
- "DR" = "NON-DR-ENABLED"
- "caf_environment" = "sandpit"
- "costCenter" = "0"
- "deploymentType" = "Terraform"
- "landingzone" = "launchpad"
- "level" = "level3"
- "owner" = "CAF"
- "rover_version" = "aztfmod/rover:1.5.4-2307.2804" } }
module.launchpad.module.resource_groups["level4"].azurecaf_name.rg will be created
- resource "azurecaf_name" "rg" {
- clean_input = true
- id = (known after apply)
- name = "launchpad-level4"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_resource_group"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.resource_groups["level4"].azurerm_resource_group.rg will be created
- resource "azurerm_resource_group" "rg" {
- id = (known after apply)
- location = "australiaeast"
- name = (known after apply)
- tags = {
- "BusinessUnit" = "SHARED"
- "DR" = "NON-DR-ENABLED"
- "caf_environment" = "sandpit"
- "costCenter" = "0"
- "deploymentType" = "Terraform"
- "landingzone" = "launchpad"
- "level" = "level4"
- "owner" = "CAF"
- "rover_version" = "aztfmod/rover:1.5.4-2307.2804" } }
module.launchpad.module.resource_groups["ops"].azurecaf_name.rg will be created
- resource "azurecaf_name" "rg" {
- clean_input = true
- id = (known after apply)
- name = "operations"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_resource_group"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.resource_groups["ops"].azurerm_resource_group.rg will be created
- resource "azurerm_resource_group" "rg" {
- id = (known after apply)
- location = "australiaeast"
- name = (known after apply)
- tags = {
- "BusinessUnit" = "SHARED"
- "DR" = "NON-DR-ENABLED"
- "caf_environment" = "sandpit"
- "costCenter" = "0"
- "deploymentType" = "Terraform"
- "landingzone" = "launchpad"
- "owner" = "CAF"
- "rover_version" = "aztfmod/rover:1.5.4-2307.2804" } }
module.launchpad.module.resource_groups["security"].azurecaf_name.rg will be created
- resource "azurecaf_name" "rg" {
- clean_input = true
- id = (known after apply)
- name = "launchpad-security"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_resource_group"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.resource_groups["security"].azurerm_resource_group.rg will be created
- resource "azurerm_resource_group" "rg" {
- id = (known after apply)
- location = "australiaeast"
- name = (known after apply)
- tags = {
- "BusinessUnit" = "SHARED"
- "DR" = "NON-DR-ENABLED"
- "caf_environment" = "sandpit"
- "costCenter" = "0"
- "deploymentType" = "Terraform"
- "landingzone" = "launchpad"
- "owner" = "CAF"
- "rover_version" = "aztfmod/rover:1.5.4-2307.2804" } }
module.launchpad.module.resource_groups["siem"].azurecaf_name.rg will be created
- resource "azurecaf_name" "rg" {
- clean_input = true
- id = (known after apply)
- name = "siem-logs"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_resource_group"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.resource_groups["siem"].azurerm_resource_group.rg will be created
- resource "azurerm_resource_group" "rg" {
- id = (known after apply)
- location = "australiaeast"
- name = (known after apply)
- tags = {
- "BusinessUnit" = "SHARED"
- "DR" = "NON-DR-ENABLED"
- "caf_environment" = "sandpit"
- "costCenter" = "0"
- "deploymentType" = "Terraform"
- "landingzone" = "launchpad"
- "owner" = "CAF"
- "rover_version" = "aztfmod/rover:1.5.4-2307.2804" } }
module.launchpad.module.storage_accounts["level0"].azurecaf_name.stg will be created
- resource "azurecaf_name" "stg" {
- clean_input = true
- id = (known after apply)
- name = "level0"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_storage_account"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.storage_accounts["level1"].azurecaf_name.stg will be created
- resource "azurecaf_name" "stg" {
- clean_input = true
- id = (known after apply)
- name = "level1"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_storage_account"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.storage_accounts["level2"].azurecaf_name.stg will be created
- resource "azurecaf_name" "stg" {
- clean_input = true
- id = (known after apply)
- name = "level2"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_storage_account"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.storage_accounts["level3"].azurecaf_name.stg will be created
- resource "azurecaf_name" "stg" {
- clean_input = true
- id = (known after apply)
- name = "level3"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_storage_account"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
module.launchpad.module.storage_accounts["level4"].azurecaf_name.stg will be created
- resource "azurecaf_name" "stg" {
- clean_input = true
- id = (known after apply)
- name = "level4"
- passthrough = false
- prefixes = (known after apply)
- random_length = 0
- resource_type = "azurerm_storage_account"
- result = (known after apply)
- results = (known after apply)
- separator = "-"
- use_slug = true }
Plan: 43 to add, 0 to change, 0 to destroy.
Changes to Outputs:
- global_settings = (sensitive value)`
