I have a module defined in our enterprise for creating App Service Plan along with Azure Web Apps. But now i would like to use the "azurerm_app_service" resource block as mentioned in the link : https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service
In our module the connection strings are defined under the argument :
app_settings = {
AzureAd__ClientSecret = <Connection String of the App SP stored in Azure KV>
DbConnection__ConnectionString = <Azure SQL DB Connection String stored in Azure KV>
CosmosDb__Account = <Connection String of the Cosmos DB Account stored in Azure KV>
CosmosDb__Key = <Connection String of the Cosmos DB Account Key stored in Azure KV>
}
Now in the resource block for "azurerm_app_service" as per the URL above there is an argument called connection_string as shown in the URL :
connection_string {
name = "Database"
type = "SQLServer"
value = "Server=some-server.mydomain.com;Integrated Security=SSPI"
}
So i would like to know as to how i can define my 4 connection strings in the resource block against the "connection_string" argument and what are the types i should choose for each of my connection strings?
Will it be ok if i continue to define my connection strings as they are in the module now under "app_settings", or that will be a problem if i do that in the new resource block structure?
Looking for some help on this
For your requirement, you can use the dynamic block to define the multiple connection_string in the azurerm_app_service resource block. The example code here for you:
resource "azurerm_app_service" "webapp" {
...
dynamic "connection_string" {
for_each = var.connection_strings
content {
name = each.value.name
type = each.value.type
value = each.value.value
}
}
...
}
So you see, you'd better use a variable to configure all the necessary things of the connection_strings, and then use it in the dynamic block.
Related
I am able to store full primary_connection_string to keyvault for service bus queue in Azure using terraform. But not able to store the same value without ;EntityPath=*********
Original Connection String : Endpoint=sb://****.servicebus.windows.net/;SharedAccessKeyName=;SharedAccessKey=;EntityPath=*****
Required connection string to store in keyvault: Endpoint=sb://****.servicebus.windows.net/;SharedAccessKeyName=;SharedAccessKey=
I tried below code using replace but it did not worked. Its directly storing the string "azurerm_servicebus_queue_authorization_rule.que-referee-sr-lr.primary_connection_string". I need value as defined above:
resource "azurerm_key_vault_secret" "que-referee-sr-lr-connectionstring" {
name = lower(format("%s-%s", azurerm_servicebus_queue_authorization_rule.que-referee-sr-lr.name, "primary-connection-string"))
value = replace("azurerm_servicebus_queue_authorization_rule.que-referee-sr-lr.primary_connection_string", "/;EntityPath.*", "")
key_vault_id = data.azurerm_key_vault.PlatformKV.id
}
I'm new to terraform, and trying to setup mongoatlas privatelink for an existing cluster. The issue here is that, terraform is able to setup the privatelink, but when I try to fetch the privatelink string, then it gives the following error
data.mongodbatlas_cluster.cluster-atlas.connection_strings[0].aws_private_link is empty map of string
I'm using data resource of terraform to fetch the details of the cluster. Though I have read on some forums that data resource are read before creating resources so for that I'm using depends_on on the data resource but still facing the issue here.
My cluster code:
data "mongodbatlas_cluster" "cluster-atlas" {
project_id = var.atlasprojectid
name = "mongoatlas-cluster-xxxxxxx"
depends_on = [time_sleep.wait_300_seconds]
}
output "atlasclusterstring" {
value = data.mongodbatlas_cluster.cluster-atlas.connection_strings
}
output "plstring" {
value = lookup(data.mongodbatlas_cluster.cluster-
atlas.connection_strings[0].aws_private_link, aws_vpc_endpoint.ptfe_service.id)
}
In interface I can go to COS Bucket Access Policies and easily assign policy that then looks more or less like:
Cloud Object Storage service
serviceInstance string equals foo-bar, resource string equals foo-bar-pcaps, resourceType string equals bucket
I'm struggling to find a way to do the same via terraform because whenever I try with the proper TF code like:
resource "ibm_iam_service_policy" "policy_pcaps" {
iam_service_id = ibm_iam_service_id.serviceID_pcaps.id
roles = ["Writer"]
resources {
service = "cloud-object-storage"
resource = ibm_cos_bucket.pcaps.id
}
}
I'm ending up with
Cloud Object Storage service
resource string equals crn:v1:bluemix:public:cloud-object-storage:global:a/27beaaea79a<redacted>34dd871b:8b124bc6-147c-47ba-bd47-<redacted>:bucket:foo-bar-pcaps:meta:rl:us-east
The problem is that the Writer policy that is required here does not work properly with that policy details.
How to achieve something similar to the first policy with Terraform?
Thanks
You can achieve this similar to this example Service Policy by using attributes.
I created a policy through the UI for Cloud Object Storage and specified the policy to contain a bucket name. Then I used:
ibmcloud iam access-group-policy GROUP_NAME POLICY_ID --output JSON
to get a better understanding of the policy.
With that I created this sample terraform snippet and tested it. It is creating the IAM access group + policy:
resource "ibm_iam_access_group" "accgrp_cos" {
name = "test_cos"
}
resource "ibm_iam_access_group_policy" "policy" {
access_group_id = ibm_iam_access_group.accgrp_cos.id
roles = ["Writer"]
resources {
service = "cloud-object-storage"
attributes = {
resourceType = "bucket"
resource = "tf-test-cos"
}
}
}
I have a Virtual server in IBM cloud created using Terraform
resource "ibm_is_instance" "vsi1" {
name = "${local.BASENAME}-vsi1"
vpc = ibm_is_vpc.vpc.id
zone = local.ZONE
keys = [data.ibm_is_ssh_key.ssh_key_id.id]
image = data.ibm_is_image.ubuntu.id
profile = "cc1-2x4"
primary_network_interface {
subnet = ibm_is_subnet.subnet1.id
security_groups = [ibm_is_security_group.sg1.id]
}
}
How to create Virtual Servers with Terraform For loops
vsi1 , vsi2, vsi3, vsi4, vsi5
for full code Please refer IBM Cloud Terraform getting started tutorial
You may not require a for or for-each loop for achieving what you need. A simple count will do the required. Once you add count(number of instances), all you need to do is pass count.index in the VSI name.
resource "ibm_is_instance" "vsi" {
count = 4
name = "${local.BASENAME}-vsi-${count.index}"
vpc = ibm_is_vpc.vpc.id
zone = local.ZONE
keys = [data.ibm_is_ssh_key.ssh_key_id.id]
image = data.ibm_is_image.ubuntu.id
profile = "cc1-2x4"
primary_network_interface {
subnet = ibm_is_subnet.subnet1.id
security_groups = [ibm_is_security_group.sg1.id]
}
}
This will create instances with names vsi-0,vsi-1...
I'm running Terraform v11.13 with the AWS provider. Is it possible to attach multiple data template files to a single resource?
An example of this is where you have a single aws_iam_policy resouce, but for it to create multiple IAM polices from different data template files.
It works when it is just a single data template file with a count index. It also works when the file is static, as in not a template file.
Here is the code example
variable "policy_list"{
type = "list"
default = ["s3,"emr","lambda"]
}
resource "aws_iam_policy" "many_policies" {
count = "${length(var.policy_list)}"
name = "Policy_${var.policy_list[count.index]}_${var.environment}"
policy = "${file("${path.module}/files/policies/${var.environment}/${var.policy_list[count.index]}.json")}"
}
resource "aws_iam_role_policy_attachment" "many_policies_attachment" {
count = "${length(var.policy_list)}"
role = "${aws_iam_role.iam_roles.*.name[index(var.role_list, "MyRole"))]}"
policy_arn = "${aws_iam_policy.many_policies.*.arn[count.index]}"
}
But what fails is
resource "aws_iam_policy" "many_policies" {
count = "${length(var.policy_list)}"
name = "Policy_${var.policy_list[count.index]}_${var.environment}"
policy = "${data.template_file.${var.policy_list[count.index]}_policy_file.*.rendered[count.index]}"
}
With an error message similar to
parse error expected "}" but found invalid sequence "$"
Any ideas on how this can be achieved?
Based on the errors messages and the suggestion by Matt Schuchard, it's fair to conclude that the data.template_file option does not support interpolation in v11.13