terraform-azurerm-caf-enterprise-scale icon indicating copy to clipboard operation
terraform-azurerm-caf-enterprise-scale copied to clipboard

Published 20 hours ago verified publisher icon Azure

Subscription ID value being ignored for RG creation

Open gawainXX opened this issue 2 years ago • 3 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Versions

terraform: Latest azure provider:

module: Latest

Description

Resources aren't being created in the proper subscription causing provisioning of some resources and linking to fail.

Describe the bug

The subscription ID's I'm defining in main.tf aren't being properly applied to created Resource Groups. The subscriptions are getting properly set at the Management Group Level but the Resource Groups and resources are defaulting which is causing provisioning of resources and links to fail.

For example, I've set all of the following values in main.tf subscription_id_management subscription_id_identity subscription_id_connectivity

The subscriptions are specified at the management group level but the resources and groups are all getting created with the same, default subscription.

Steps to Reproduce

Setup environment using the layout from https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BExamples%5D-Deploy-Management-Resources-With-Custom-Settings

change the value of subscription_id_management to a specific subscription's GUID run terraform plan then apply.

Screenshots

Additional context

gawainXX avatar Aug 08 '22 02:08 gawainXX

I've expanded upon the issue some on the Hashicorp forum; https://discuss.hashicorp.com/t/azure-caf-enterprise-scale-subscription-association-not-working-correctly/42900

gawainXX avatar Aug 08 '22 06:08 gawainXX

Hi @gawainXX... thank you for your question.

I have replied on the HashiCorp forum mentioned above, but for the benefit of anyone coming to this issue, I have responded with the following:

Hi @gawainXX

In addition to setting the subscription_id_xxxxx values, you also need to configure the provider settings to target the required Subscription for resource creation.

This is documented here in the Wiki: [User Guide] Provider Configuration · Azure/terraform-azurerm-caf-enterprise-scale Wiki (github.com)

This abstraction was intentional to allow the module to behave correctly in environments where different pipelines (possibly with different credentials/permissions) are used to deploy different subsets of resources (e.g. core, vs connectivity, vs management).

This is also a limitation of how the Terraform provider for Azure is currently designed to only target a single Azure subscription per provider declaration. We are working with the provider team to see whether we can get an optional "parent_id" attribute added to all resources so it's possible to target multiple Subscriptions without having to declare multiple providers.

Hope this helps?

If you require any further assistance, please feel free to add to this issue.

krowlandson avatar Aug 08 '22 06:08 krowlandson

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 7 days. It will be closed if no further activity occurs within 7 days of this comment.

ghost avatar Aug 15 '22 08:08 ghost

Hi @gawainXX... thank you for your question.

I have replied on the HashiCorp forum mentioned above, but for the benefit of anyone coming to this issue, I have responded with the following:

Hi @gawainXX In addition to setting the subscription_id_xxxxx values, you also need to configure the provider settings to target the required Subscription for resource creation. This is documented here in the Wiki: [User Guide] Provider Configuration · Azure/terraform-azurerm-caf-enterprise-scale Wiki (github.com) This abstraction was intentional to allow the module to behave correctly in environments where different pipelines (possibly with different credentials/permissions) are used to deploy different subsets of resources (e.g. core, vs connectivity, vs management). This is also a limitation of how the Terraform provider for Azure is currently designed to only target a single Azure subscription per provider declaration. We are working with the provider team to see whether we can get an optional "parent_id" attribute added to all resources so it's possible to target multiple Subscriptions without having to declare multiple providers. Hope this helps?

If you require any further assistance, please feel free to add to this issue.

Specifying the subscription at the provider level did the trick, thank you.

gawainXX avatar Aug 22 '22 16:08 gawainXX