Why I can't create azurerm_app_service connection? - azure

Azurerm provider version
3.35.0
Target resource
azurerm_app_service_connection
Terraform file
write brief
module "app_service" {
source = "../../modules/app_service"
name = var.name
}
resource "azurerm_app_service_connection" "serviceconnector" {
name = "serviceconnector"
app_service_id = module.app_service.id
target_resource_id = data.azurerm_postgresql_flexible_server.db.id
client_type = "django"
authentication {
type = "secret"
name = var.db_uname
secret = data.azurerm_key_vault_secret.secret.value
}
}
data "azurerm_postgresql_flexible_server" "db" {
name = "postgre"
resource_group_name = "rg"
}
Output Error message
Error: creating Scoped Linker (Resource Uri: "/subscriptions/<id>/resourceGroups/app/providers/Microsoft.Web/sites/app_service"
│ Linker Name: "serviceconnector"): performing LinkerCreateOrUpdate: servicelinker.ServiceLinkerClient#LinkerCreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="TargetTypeNotSupported" Message="Target resource type MICROSOFT.DBFORPOSTGRESQL/FLEXIBLESERVERS is not supported."
│
│ with azurerm_app_service_connection.serviceconnector,
│ on app_service.tf line 10, in resource "azurerm_app_service_connection" "serviceconnector":
│ 10: resource "azurerm_app_service_connection" "serviceconnector" {
│
│ creating Scoped Linker (Resource Uri:
│ "/subscriptions/<id>/resourceGroups/app/providers/Microsoft.Web/sites/app_service"
│ Linker Name: "serviceconnector"): performing LinkerCreateOrUpdate:
│ servicelinker.ServiceLinkerClient#LinkerCreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error:
│ Code="TargetTypeNotSupported" Message="Target resource type MICROSOFT.DBFORPOSTGRESQL/FLEXIBLESERVERS is not
│ supported."
I want to ask
I updated azurerm provider to 3.35.0 by see this info.azurerm_app_service_connection: Expected type object but found type string
Why return "TargetTypeNotSupported" this message.
It seems to supported as long as I saw.
azurerm_app_service_connection
It's my fault? or bug?

I have tested this in my local and landed up with error targettypenotsupported.
If we want to create a service connection to postgressql flexible server db with app service then db should be declared using resource block only since as per this terraform documentation we dont have any definition to use datablock to create a connection with existing postgres sql flexible server db as shown in this image

I tried the same github terraform which you added in my environment, with the authentication type as "Secret" and received the same error as shown:
As mentioned here, there appears to be a problem with the "secret authentication type" from the Terraform provider API. As a result, I updated it as follows and it worked for me successfully:
authentication {
type = "systemAssignedIdentity"
}
main.tf:
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.35.0"
}
}
}
provider "azurerm" {
features {
resource_group {
prevent_deletion_if_contains_resources = false
}
}
}
resource "azurerm_resource_group" "main" {
name = "xxxxRG"
location = "xxxxx"
}
resource "azurerm_postgresql_server" "main" {
name = "xxxxxserver"
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location
administrator_login = "xxxxxuser"
administrator_login_password = "<Password of server>"
backup_retention_days = 7 // As per your requirements
sku_name = "GP_Gen5_2"
version = "11"
storage_mb = 5120
public_network_access_enabled = false
ssl_enforcement_enabled = true
ssl_minimal_tls_version_enforced = "TLS1_2"
}
resource "azurerm_postgresql_database" "main" {
name = "xxxxdb"
server_name = azurerm_postgresql_server.main.name
resource_group_name = azurerm_postgresql_server.main.resource_group_name
charset = "utf8"
collation = "und-x-icu"
}
resource "azurerm_service_plan" "main" {
name = "xxxxxserviceplan"
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location
sku_name = "P1v2"
os_type = "Linux"
}
resource "azurerm_linux_web_app" "main" {
name = "xxxxxwebapp"
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location
service_plan_id = azurerm_service_plan.main.id
site_config {}
}
resource "azurerm_app_service_connection" "main" {
name = "xxxxxserviceconnector"
app_service_id = azurerm_linux_web_app.main.id
target_resource_id = azurerm_postgresql_database.main.id
client_type = "springBoot"
authentication {
type = "systemAssignedIdentity"
}
}
Output:-
Executed terraform init
Executed terraform plan:
Executed terraform apply:
Alternatively, If the requirement is only with the secret authentication type in your environment then you can create an app service connection by calling API (JSON request).

Related

Terraform plan getting Error: Failed to decode resource from state

Terraform initialize is working fine but when I do terraform plan getting below error.
Error: Failed to decode resource from state
│
│ Error decoding "azurerm_mssql_database.db" from previous state: unsupported attribute "extended_auditing_policy"
If I comment this particular resource then we start getting error for other resource.
Can some one please help me ?
Error: Failed to decode resource from state
│
│ Error decoding "azurerm_mssql_database.db" from previous state: unsupported attribute "extended_auditing_policy"
I tried in my environment and got below results:
Initially I tried with extended audit policy with new terraform provider version and got the same error:
extended_auditing_policy {
storage_endpoint = module.storageaccount.storage_account.self.primary_blob_endpoint
storage_account_access_key = module.storageaccount.storage_account.self.primary_access_key
storage_account_access_key_is_secondary = false
retention_in_days = 30
}
This problem occurs when attempting to import data using a provider version that is older than the one that was used to create the current state. The earlier provider version won't be able to decode an unknown attribute while loading the state file during the import if the attribute was added in the newer version of the provider.
I tried with new azurerm_mssql_server_extended_auditing_policy resource to solve this problem.
Terraform.tf
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "vs" {
name = "<rg name>"
location = "West Europe"
}
resource "azurerm_mssql_server" "ex" {
name = "demosqlserver3261"
resource_group_name = azurerm_resource_group.vs.name
location = azurerm_resource_group.vs.location
version = "12.0"
administrator_login = "missadministrator"
administrator_login_password = "AdminPassword123!"
}
resource "azurerm_mssql_database" "ext" {
name = "demodb3261"
server_id = azurerm_mssql_server.ex.id
}
resource "azurerm_storage_account" "vst" {
name = "venkat678"
resource_group_name = azurerm_resource_group.vs.name
location = azurerm_resource_group.vs.location
account_tier = "Standard"
account_replication_type = "GRS"
}
resource "azurerm_mssql_database_extended_auditing_policy" "example" {
database_id = azurerm_mssql_database.ext.id
storage_endpoint = azurerm_storage_account.vst.primary_blob_endpoint
storage_account_access_key = azurerm_storage_account.vst.primary_access_key
storage_account_access_key_is_secondary = false
retention_in_days = 6
}
Console:
Portal:
Reference:
Import fails with "Error: Invalid resource instance data in state" – HashiCorp Help Center

Terraform Data source is not picking subnet or resource group properly

I started writing terraform to automate the iac for provisioning VMs in Azure. However I wrote the entire code but am unable to use the existing subnet/vnet/resource group properly.
main.tf
# Configure the Microsoft Azure Provider
provider "azurerm" {
# The "feature" block is required for AzureRM provider 2.x.
# If you're using version 1.x, the "features" block is not allowed.
#version = "~>2.20.0"
features {}
subscription_id = var.subscription_id
tenant_id = var.tenant_id
client_id = var.client_id
client_secret = var.client_secret
}
#terraform {
# backend "azurerm" {
# snapshot = true
#}
#}
# Refer to resource group
data "azurerm_resource_group" "nwrk_group" {
name = var.nwrk_resource_group
}
data "azurerm_resource_group" "resource_group" {
name = var.resource_group
}
# Refer to a subnet
data "azurerm_subnet" "subnet" {
name = var.nwrk_subnet_name
virtual_network_name = var.nwrk_name
resource_group_name = data.azurerm_resource_group.nwrk_group.name
}
# Refer to Network Security Group and rule
data "azurerm_network_security_group" "nwrk_security_group" {
name = var.nwrk_security_grp
resource_group_name = data.azurerm_resource_group.nwrk_group.name
}
module "vm" {
source = "../modules/windows_vm"
node = var.node
node_username = var.node_username
node_password = var.node_password
tags = var.tags
deployment_environment = var.deployment_environment
nwrk_group_location = data.azurerm_resource_group.resource_group.location
nwrk_group_name = data.azurerm_resource_group.resource_group.name
subnet_id = data.azurerm_subnet.subnet.id
nwrk_security_group_id = data.azurerm_network_security_group.nwrk_security_group.id
resource_group_location = data.azurerm_resource_group.resource_group.location
resource_group_name = data.azurerm_resource_group.resource_group.name
}
terraform.tfvars
tags = {
project = "SEPS_Terraform"
environment = "test_tfm"
}
deployment_environment = "DEV"
node_username = "saz76test"
node_password = "SA82nd2"
nwrk_subnet_name = "SUBNET_45_0"
node = {
general_info = {
name = "gateway.test.com"
private_ip = "153.78.51.92"
vm_template = "Standard_B2s"
disk_type = "StandardSSD_LRS"
nwrk_resource_group = "SWS_LAB_36_192"
nwrk_name = "SUB_VNET_36_192"
nwrk_security_group = "N-Untrusted"
nwrk_subnet_name = "SUB_51_0"
}
os_image = {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-DataCenter"
version = "latest"
}
storage_disk = {
type = "StandardSSD_LRS"
size = 256
}
}
variables.tf
variable "subscription_id" {
type = string
description = "Azure subscription id to provision infra."
}
variable "tenant_id" {
type = string
description = "Azure subscription tenant id"
}
variable "client_id" {
type = string
description = "App id to authenticate to azure."
}
variable "client_secret" {
type = string
description = "App password to authenticate to azure"
}
variable "resource_group" {
type = string
description = "Resource group in which resources will be added other than network resources"
}
variable "nwrk_resource_group" {
type = string
description = "Resource group for network resources"
}
variable "nwrk_name" {
type = string
description = "VPC network name where the network resources belong to"
}
variable "nwrk_subnet_name" {
type = string
description = "Subnet of the VPC network"
}
variable "nwrk_security_grp" {
type = string
description = "Security group to which the network belong to"
}
variable "tags" {
type = map(string)
description = "Tags to attach to resources"
}
variable "deployment_environment" {
type = string
description = "Environment these VMs belong to"
}
variable "node" {
type = map(map(string))
description = "web node with specifications."
}
variable "node_username" {
type = string
description = "Login username for node"
}
variable "node_password" {
type = string
description = "Login password for node"
}
module_code:
# Create network interface
resource "azurerm_network_interface" "nic" {
name = "${var.node["general_info"]["name"]}_nic"
location = var.nwrk_group_location
resource_group_name = var.nwrk_group_name
ip_configuration {
name = "${var.node["general_info"]["name"]}_nicConfiguration"
subnet_id = var.subnet_id
private_ip_address_allocation = "Static"
private_ip_address = var.node["general_info"]["private_ip"]
}
tags = var.tags
}
# Connect the security group to the network interface
resource "azurerm_network_interface_security_group_association" "example" {
network_interface_id = azurerm_network_interface.nic.id
network_security_group_id = var.nwrk_security_group_id
}
resource "azurerm_windows_virtual_machine" "vm" {
name = var.node["general_info"]["name"]
location = var.resource_group_location
resource_group_name = var.resource_group_name
network_interface_ids = [azurerm_network_interface.nic.id]
size = var.node["general_info"]["vm_template"]
computer_name = var.node["general_info"]["name"]
admin_username = var.node_username
admin_password = var.node_password
os_disk {
name = "${var.node["general_info"]["name"]}-osDisk"
caching = "ReadWrite"
storage_account_type = var.node["general_info"]["disk_type"]
}
source_image_reference {
publisher = var.node["os_image"]["publisher"]
offer = var.node["os_image"]["offer"]
sku = var.node["os_image"]["sku"]
version = var.node["os_image"]["version"]
}
tags = var.tags
}
output "vm_id" {
value = azurerm_windows_virtual_machine.vm.id
}
output "vm_name" {
value = azurerm_windows_virtual_machine.vm.name
}
output "vm_ip_address" {
value = azurerm_network_interface.nic.private_ip_address
}
My code is above one which am trying to execute init working but plan is failing to do. Can someone please help me on this what I am missing. ?? The error is getting like it.
Error :
Warning: Value for undeclared variable
│
│ The root module does not declare a variable named "nwrk_security_group" but a value was found in file "subscription.tfvars". If you meant to use
│ this value, add a "variable" block to the configuration.
│
│ To silence these warnings, use TF_VAR_... environment variables to provide certain "global" settings to all configurations in your organization.
│ To reduce the verbosity of these warnings, use the -compact-warnings option.
╵
╷
│ Warning: Resource targeting is in effect
│
│ You are creating a plan with the -target option, which means that the result of this plan may not represent all of the changes requested by the
│ current configuration.
│
│ The -target option is not for routine use, and is provided only for exceptional situations such as recovering from errors or mistakes, or when
│ Terraform specifically suggests to use it as part of an error message.
╵
╷
│ Error: Error: Subnet "SUBNET_45_0" (Virtual Network "SUB_VNET_36_192" / Resource Group "SWS_LAB_36_192") was not found
│
│ with data.azurerm_subnet.subnet,
│ on main.tf line 31, in data "azurerm_subnet" "subnet":
│ 31: data "azurerm_subnet" "subnet" {
│
╵
╷
│ Error: Error: Network Security Group "NSG" (Resource Group "SWS_LAB_36_192") was not found
│
│ with data.azurerm_network_security_group.nwrk_security_group,
│ on main.tf line 38, in data "azurerm_network_security_group" "nwrk_security_group":
│ 38: data "azurerm_network_security_group" "nwrk_security_group" {
Subscription.tfvars
subscription_id = "fdssssssssssssss"
client_id = "sdsdsdsdsdsdsdsdsdsdsdsd"
client_secret = ".dssssssssssssssssss
tenant_id = "asdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdf"
resource_group = "SWS_LAB_36_192"
nwrk_resource_group = "SWS_LAB_36_192"
nwrk_name = "SUB_VNET_36_192"
nwrk_security_group = "N-Untrusted"
There could potentially be many different problems because I am not sure what the outlook of the root module and child modules are, but as per the error you are getting, it seems that the value defined for the variable in the subscription.tfvars is not being declared anywhere and the one that is supposed to be declared is missing, the data source does not return anything, hence there is the error from the child module as well. Currently it is defined as:
variable "nwrk_security_grp" {
type = string
description = "Security group to which the network belong to"
}
If you take a look at the values in subscription.tfvars, there is no nwrk_security_grp, but there is a nwrk_security_group. One option to fix this would probably be to change the name of the variable in the variables.tf:
variable "nwrk_security_group" {
type = string
description = "Security group to which the network belong to"
}
In that case, you would have to adapt the data source to use the new variable name:
data "azurerm_network_security_group" "nwrk_security_group" {
name = var.nwrk_security_group
resource_group_name = data.azurerm_resource_group.nwrk_group.name
}
Alternatively (and probably easier), you can change the name of the variable you are assigning the value to in subscription.tfvars:
nwrk_security_grp = "N-Untrusted" # it was nwrk_security_group
What I would strongly suggest going forward is to keep the naming convention for the variables the same because this way you will get into a lot of issues.

AzureRM Automation DSC Configuration

I'm trying to configure Azure DSC Configuration, but I am running into two issues.
I continue to get this error message
Error = 'invalid character 'c' looking for beginning of value' JSON = 'configuration cdavdtest {}'*
*2. No matter what I do to the resource azurerm_automation_dsc_configuration , it throws this command which is a reference to my last terraform plan / apply that failed. Changing the configuration does nothing, and the old error continues. I appreciate any help. See the cdavdtest in bold compared to the resource also in bold below. Also the name doesn't update it still says dsc_config even though I updated it to dsc_configa.
Error: making Read request on AzureRM Automation Dsc Configuration content "cdavdtest": automation.DscConfigurationClient#GetContent: Failure responding to request: StatusCode=200 -- Original Error: Error occurred unmarshalling
JSON - Error = 'invalid character 'c' looking for beginning of value' JSON = 'configuration cdavdtest {}'
│
│ with azurerm_automation_dsc_configuration.dsc_config,
│ on automationaccount.tf line 17, in resource "azurerm_automation_dsc_configuration" "dsc_config":
│ 17: resource azurerm_automation_dsc_configuration dsc_config {
resource azurerm_automation_account automation_account {
name = "${var.avd.name}-automationaccount"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
sku_name = "Basic"
}
output "end_point" {
value = azurerm_automation_account.automation_account.dsc_server_endpoint
}
output registration_key {
value = azurerm_automation_account.automation_account.dsc_primary_access_key
}
resource azurerm_automation_dsc_configuration dsc_configa {
name = "**test**"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
automation_account_name = azurerm_automation_account.automation_account.name
description = "Configuration node for Azure Virtual Desktop"
content_embedded = "Configuration **test** {}"
log_verbose = true
}
I have tried commenting out the code and I still get the error. I've tried updating the name. I've tried using the <<BODY and writing out the configuration but this still persists.
Tested in my Environment was getting the same error. The error is due to azurerm_automation_dsc_configuration is broken since provider version 2.96.0
I was using the lasted terraform provider version ie 3.0.1
Solution : Would Suggest you to please use the provider version between version = ">=2.10,<=2.30"
Terraform Code
main.tf file
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">=2.10,<=2.30"
}
}
}
provider "azurerm" {
features{}
}
data "azurerm_resource_group" "example" {
name = "XXXXXXxXXX"
}
resource "azurerm_automation_account" "example" {
name = "account1"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
sku_name = "Basic"
}
output "end_point" {
value = azurerm_automation_account.example.dsc_server_endpoint
}
output "registration_key" {
value = azurerm_automation_account.example.dsc_primary_access_key
}
resource "azurerm_automation_dsc_configuration" "example" {
name = "test"
resource_group_name = data.azurerm_resource_group.example.name
automation_account_name = azurerm_automation_account.example.name
location = data.azurerm_resource_group.example.location
content_embedded = "configuration test {}"
log_verbose = true
}
OutPut--

AKS Cluster | Failed to query available provider packages | Right version of hashicorp

I'm currently building my terraform plan and it seems that I'm running into issues as soon as I run the following command:
terraform init
The current main.tf contains this:
terraform {
backend "azurerm"{
resource_group_name = "test"
storage_account_name = "testaccount"
container_name = "testc"
key = "testc.state"
}
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "2.46.0"
}
}
}
# Configure the Microsoft Azure Provider
provider "azurerm" {
features {}
}
data "azurerm_key_vault" "keyVaultClientID" {
name = "AKSClientID"
key = var.keyvaultID
}
data "azure_key_vault_secret" "keyVaultClientSecret" {
name = "AKSClientSecret"
key_vault_id = var.keyvaultID
}
resource "azurerm_kubernetes_cluster" "test_cluster" {
name = var.name
location = var.location
resource_group_name = var.resourceGroup
dns_prefix = ""
default_node_pool {
name = "default"
node_count = 1
vm_size = "Standard_D2_v2"
}
service_principal {
client_id = data.azurerm_key_vault_secret.keyVaultClientID.value
client_secret = data.azurerm_key_vault_secret.keyVaultClientSecret.value
}
tags = {
"Environment" = "Development"
}
}
The error message that I get is the following:
│ Error: Failed to query available provider packages
│
│ Could not retrieve the list of available versions for provider hashicorp/azure: provider
│ registry registry.terraform.io does not have a provider named
│ registry.terraform.io/hashicorp/azure
I'm looking at the documentation, and I'm changing the version, but I'm not getting any luck. Does anyone knows what else I can do or what should I change on my main.tf?
The solve this issue, you will have to add the following inside of the main terraform plan:
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=2.75.0"
}
If you add it, the issue will never appear again. Also, you might have to run the upgrade command to make sure terraform will be able to handle the new version.

Terraform try to pull not defined provider

Every time I perfomr terraform init tf try to pull from registry quite strange provider which do not exit.
Error:
│ Error: Failed to query available provider packages
│
│ Could not retrieve the list of available versions for provider hashicorp/databricks: provider registry registry.terraform.io does not have a provider named
│ registry.terraform.io/hashicorp/databricks
│
│ Did you intend to use databrickslabs/databricks? If so, you must specify that source address in each module which requires that provider. To see which modules are currently depending on
│ hashicorp/databricks, run the following command:
│ terraform providers
╵
This providere is quite strange combination of 2 providers.
My tf file:
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 2.65"
}
databrick = {
source = "databrickslabs/databricks"
version = "0.3.7"
}
}
required_version = ">= 0.14.9"
}
provider "azurerm" {
features {}
}
provider "databrick" {
features {}
}
resource "azurerm_resource_group" "rg" {
name = "TerraformResourceGroup"
location = "westeurope"
}
resource "azurerm_databricks_workspace" "databrick" {
name = "terraform-databrick"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
sku = "trial"
tags = {
"env" = "rnd"
"provisoning" = "tf"
}
}
data "databricks_node_type" "smallest" {
local_disk = true
}
data "databricks_spark_version" "latest_lts" {
long_term_support = true
}
resource "databricks_cluster" "cluster" {
cluster_name = "terraform-cluster"
spark_version = data.databricks_spark_version.latest_lts.id
node_type_id = data.databricks_node_type.smallest.id
autotermination_minutes = 20
spark_conf = {
"spark.databricks.cluster.profile" : "singleNode"
"spark.master" : "local[*]"
}
custom_tags = {
"type" = "SingleNode"
"env" = "rnd"
"provisoning" = "tf"
}
}
I was looking for some kind of 'verbose' flag, so I could find why it is trying to pull this kind of provider and from where it is coming.
Sadly I was able only to be able to find up that this issue is comming from 'data' and below part of my file.
All my knowlage is based on this docs Data brick cluster and this learning material Terraform Azure
Thank you in advace all of your help.

Resources