Is there an existing issue for this?

• I have searched the existing issues

Example Name

https://github.com/Azure/terraform/blob/master/samples/end-to-end-testing/src/test/end2end_test.go#L78

Terraform Version

1.3.8

Current Behavior

@jcorioland
There is an issue when the code generates the connection to the public ip.
In the following line, it tries to connect to the public ip address:

https://github.com/Azure/terraform/blob/master/samples/end-to-end-testing/src/test/end2end_test.go#L78

After several days of troubleshooting the code, I found that it fails because the variable not only contains the ip address, but it also includes double quotes around the ip address, this makes it fail.

Expected Behavior

Finally fixed it by using the following change:

//sshConnection, err := ssh.Dial("tcp", fmt.Sprintf("%s:22", vmLinux1PublicIPAddress), sshConfig)
sshConnection, err := ssh.Dial("tcp", fmt.Sprintf("%s:22", strings.Trim(vmLinux1PublicIPAddress, "\"")), sshConfig)

Once that adjustment was done, the code worked!

Steps To Reproduce

cd /c/git/terraform/samples/end-to-end-testing/src/test
az login --use-device-code
az account set --subscription Playground
cd ~/.ssh
ssh-keygen.exe #This is in test, not definitive yet: -m PEM
make sure id_rsa and id_rsa.pub were created
ls -l /.ssh/id_rsa*
export TEST_SSH_KEY_PATH="/.ssh/id_rsa"
cd /c/git/terraform/samples/end-to-end-testing/src/test
go mod download github.com/gruntwork-io/terratest
go mod download github.com/Azure/go-autorest/autorest
go mod tidy -e
go test -v ./ -timeout 10m

Anything else?

No response

Adding samples and best practices for terraform testing.
Including the full spectrum of tooling:

• terrastest
• terraform-complicance
• inspec-iggy

In the terraform module, webapp referenced from issue
#16 there seems to be an issue related to the upgrade of terraform 0.11.14 to 0.12.

The following error message is received from the following input in 0.12 and not in 0.11.14

Error

  on .terraform\modules\linuxwebapp\rahulkhengare-terraform-azurerm-webapp-1f4bc69\main.tf line 33, 
in resource "azurerm_app_service" "webapp":
  33:   site_config         = "${var.site_config}"

An argument named "site_config" is not expected here. Did you mean to define a
block of type "site_config"?

Input

module "linuxwebapp" {
    source              = "rahulkhengare/webapp/azurerm"
    name                = "testmelinuxwebapp"
    resource_group_name = "${var.az_rg_name}"
    plan_settings       = {
                             kind     = "Linux" # Linux or Windows
                             size     = "S2"
                             capacity = 1
                             tier     = "Standard"
                             
                          }
}

module "webapp" {
    source              = "rahulkhengare/webapp/azurerm"
    name                = "testmewebapp"
    resource_group_name = "${var.az_rg_name}"
    plan_settings       = {
                             kind     = "Windows" # Linux or Windows
                             size     = "S2"
                             capacity = 1
                             tier     = "Standard"
                          }
}

Found this and this, which seem related but I'm not quite sure.

Is there an existing issue for this?

• I have searched the existing issues

Where would you like this feature added?

Examples (Quickstart, Samples, etc.)

Is this feature ask due to a problem that you are encountering?

I am trying to create a new Web App with Easy Auth configured with Terraform. There is no updated samples on how to do this, so I had to build a new script from scratch.

I searched for Terraform samples on how to achieve this, the problem is that there are no good up-to-date samples.
Microsoft does not have samples for a Web App with Easy Auth configured (we only have  samples to create an App Service but without Authorization configured): 
https://github.com/Azure/terraform/tree/master/quickstart, 
https://learn.microsoft.com/en-us/azure/app-service/provision-resource-terraform,
https://learn.microsoft.com/en-us/azure/app-service/samples-terraform

Hashicorp (Terraform Owner) have some samples but they use old Authentication V1: https://github.com/hashicorp/terraform-provider-azurerm/tree/main/examples/app-service/linux-authentication

Describe potential solutions.

It will be very useful is a sample is provided on how to created a Web App with Easy Auth enabled and configured.

Anything else?

https://github.com/hashicorp/terraform-provider-azurerm/tree/main/examples/app-service/linux-authentication

Create an example module for azure application gateway that uses the path based routing configuration. Existing community examples only touch on basic routing features.

Publish a module to Terraform Registry that helps to deploy Azure Databricks Workspace.

Related Terraform resource:

• https://www.terraform.io/docs/providers/azurerm/r/databricks_workspace.html

The postgres module behaves differently in terraform 0.11.14 and 0.12. Error and input posted below. This issue is peeled off of #16

Error

Error: Missing resource instance key

  on .terraform\modules\demo_db\sjones-sot-terraform-azurerm-database-for-postgres-59b1e13\postgres.tf line 10, in resource "azurerm_postgresql_server" "postgresql_server":  10:   resource_group_name = "${var.resource_group_name == "" ? azurerm_resource_group.resource_group.name : var.resource_group_name}"
Because azurerm_resource_group.resource_group has "count" set, its attributes
must be accessed on specific instances.

For example, to correlate with indices of a referring resource, use:
    azurerm_resource_group.resource_group[count.index]

Input

module "demo_db" {
  source            = "sjones-sot/database-for-postgres/azurerm"
  resource_group_name = "${var.az_rg_name}"
  location          = "${var.az_region_default}"
  service_name      = "testdb"
  db_admin_password = "${var.az_fake_password}"
  sku_compute_units = 1
}

Publish a Terraform module that helps to deploy a highly available multi-region web application reference architecture.
Documentation about this reference architecture is here.

Publish a module to Terraform Registry that helps to deploy Azure Database for MariaDb.

Related Terraform resources:

• https://www.terraform.io/docs/providers/azurerm/r/mariadb_database.html
• https://www.terraform.io/docs/providers/azurerm/r/mariadb_server.html

I am trying to setup inbound rules to the scaleset so that only from allowed network user can RDP to the scaleset VM.

I set the inbound rules for this and restricted all the pubic access, but I am not able to RDP to the instance from the allowed ip range in the inbound rule.

Can you please advise on this.

Publish a module to Terraform Registry that helps to deploy Azure IoT Hub.

Related Terraform resources:

• https://www.terraform.io/docs/providers/azurerm/r/iothub.html
• https://www.terraform.io/docs/providers/azurerm/r/iothub_consumer_group.html
• https://www.terraform.io/docs/providers/azurerm/r/iothub_shared_access_policy.html

There are important files that Microsoft projects should all have that are not present in this repository. A pull request has been opened to add the missing file(s). When the pr is merged this issue will be closed automatically.

Microsoft teams can learn more about this effort and share feedback within the open source guidance available internally.

Merge this pull request

There are about 100 modules for Azure registered on the Terraform Registry.

Some of them are a bit outdated, may need some updates or may have stop working. One good first issue for beginners could be to check on those modules and report the one that are not up to date.
By doing that, you will definitely get more familiar with Terraform and modules.

Please find below a suggested list of modules that could be investigated and checked. Feel free to drop a comment to notify others that you are taking one in particular.

• https://registry.terraform.io/modules/isaacbroyles/cassandra/azurerm/0.0.3
• https://registry.terraform.io/modules/westpac-terraform-registry/subscription-base/azurerm/0.2.0
• https://registry.terraform.io/modules/Azure/search-service/azurerm/0.9.0
• https://registry.terraform.io/modules/sjones-sot/remote-state-storage/azurerm/0.2.0
• https://registry.terraform.io/modules/sjones-sot/virtual-network/azurerm/0.1.1
• https://registry.terraform.io/modules/sjones-sot/subnet/azurerm/0.1.0
• https://registry.terraform.io/modules/sjones-sot/database-for-postgres/azurerm/0.2.0
• https://registry.terraform.io/modules/anoff/functionapp/azurerm/0.4.0
• https://registry.terraform.io/modules/10thmagnitude/consul/azurerm/0.0.7
• https://registry.terraform.io/modules/10thmagnitude/vault/azurerm/0.0.3
• https://registry.terraform.io/modules/rahulkhengare/redis/azurerm/0.0.1
• https://registry.terraform.io/modules/rahulkhengare/webapp/azurerm/0.1.0
• https://registry.terraform.io/modules/foreverXZC/mysql/azurerm/0.2.1

You can also browse the Terraform Registry here.

Context (Environment)

I'm trying to manually create a compute instance with no public IP address (since it's not possible to do it with Terraform). After setting up a private Azure ML workspace following this template 201-machine-learning-moderately-secure

Terraform (and AzureRM Provider) Version

terraform v0.14.0
azurerm v2.96.0

Current Behavior

Provisioning fails with this error:

Provisioning error
The specified subnet /subscriptions/[REDACTED]/resourceGroups/[REDACTED]/providers/Microsoft.Network/virtualNetworks/[REDACTED]/subnets/snet-training-dev-westeurope has PrivateLinkServiceNetworkPolicies or PrivateEndpointNetworkPolicies enabled. Please disable them to provision cluster/instance with no public IP. Please read this document for more details: https://aka.ms/AMLPLNetPolicies

Provisioning Compute Instance with public IP address completes successfully.

Possible Solution

I have tried every combination of PrivateLinkServiceNetworkPolicies or PrivateEndpointNetworkPolicies on the training subnet. No luck!

Here's my training Subnet block

resource "azurerm_subnet" "snet_training" {
  name                                            = "snet-training-${var.deploy_target}-${var.machine_learning_location}"
  resource_group_name                             = data.azurerm_virtual_network.existing_mlw_vnet.resource_group_name
  virtual_network_name                            = data.azurerm_virtual_network.existing_mlw_vnet.name
  address_prefixes                                = var.snet_training_addr_prefixes
  enforce_private_link_endpoint_network_policies  = true 
  enforce_private_link_service_network_policies   = false 
}

Steps to Reproduce

1. 201-machine-learning-moderately-secure

There a lot of Azure official modules that aren't being maintained and some that don't have any code merged into them at all.

Is Azure still interested in maintaining them? If not can community members who use these modules get maintainer privileges to keep them up to date?

In the terraform module, redis referenced from issue
#16 there seems to be an issue related to the upgrade of terraform 0.11.14 to 0.12.

The following error message is received from the following input in 0.12 and not in 0.11.14

Error

  on .terraform\modules\redis\rahulkhengare-terraform-azurerm-redis-ff49cbd\main.tf line 24, in resource "azurerm_redis_cache" "redis":
  24:   redis_configuration = {}

An argument named "redis_configuration" is not expected here. Did you mean to
define a block of type "redis_configuration"?

Input

module "redis" {
    source              = "rahulkhengare/redis/azurerm"
    name                = "jeremygraytestredis"
    resource_group_name = "${var.az_rg_name}"
    location = "${var.az_region_default}"
}

Found this and this, which seem related but I'm not quite sure.

The older docker image version was written in the following link. Could you update the checkov.sh script?
https://github.com/Azure/terraform/blob/master/samples/integration-testing/src/checkov.sh

Create a Terraform module that deploys a serverless reference architecture in Azure that allows event processing using Azure Function.

Documentation about this reference architecture is here.

Publish a module to Terraform Registry that helps to deploy Azure CosmosDb account.

Related Terraform resources:

• https://www.terraform.io/docs/providers/azurerm/r/eventgrid_domain.html
• https://www.terraform.io/docs/providers/azurerm/r/eventgrid_event_subscription.html
• https://www.terraform.io/docs/providers/azurerm/r/eventgrid_topic.html

I have a problem with license_type for azurerm_mssql_database.
This is my definition:

resource "azurerm_mssql_database" "name" {
name                        = var.db_name
server_id                   = azurerm_sql_server.name.id
collation                   = "SQL_Latin1_General_CP1_CI_AS"
license_type                = "LicenseIncluded"
max_size_gb                 = 1
sku_name                    = "GP_S_Gen5_1"
zone_redundant              = false
auto_pause_delay_in_minutes = 60
min_capacity                = 0.5
read_replica_count          = 0
read_scale                  = false
}

I specified there license_type = "LicenseIncluded". But it seems that is never applied. And every time when I run terraform plan terraform detects that is missing.

And then with terraform apply it says that it's performing modification on it

module.sqlserver.azurerm_mssql_database.name: Still modifying... [id=/subscriptions/.../databases/IntegrationTests, 20s elapsed]
module.sqlserver.azurerm_mssql_database.name: Modifications complete after 25s [id=/subscriptions/***/resourceGroups/.../providers/Microsoft.Sql/servers/.../databases/IntegrationTests]

I run it multiple times, without any manual modification of mssql_database, and without any changes in my terraform scripts. And it always does the same, always trying to modify it. This is a bit annoying. terraform apply always shows mssql_database as modified, when I don't do any modification with it. To get rid of it, I decided to completely delete license_type.

Could you tell me if I do something wrong? Or it's a bug?

Steps to recreate:

1. Create azurerm_mssql_database with license_type = "LicenseIncluded"
2. Run terraform apply
3. Wait until all resources are created
4. Run terraform plan, you will notice that azurerm_mssql_database is marked to be updated.
5. Run terraform apply, you will notice that azurerm_mssql_database will be updated

My setup:

Current runner version: '2.276.1'
Operating System
  Ubuntu
  18.04.5
  LTS
Virtual Environment
  Environment: ubuntu-18.04
  Version: 20210123.1
  Included Software: https://github.com/actions/virtual-environments/blob/ubuntu18/20210123.1/images/linux/Ubuntu1804-README.md
Prepare workflow directory
Prepare all required actions
Getting action download info
Download action repository 'actions/checkout@v2'
Download action repository 'hashicorp/setup-terraform@v1'

Run hashicorp/setup-terraform@v1
  with:
    cli_config_credentials_hostname: app.terraform.io
    terraform_version: latest
    terraform_wrapper: true

My terraform init

Initializing modules...
- appservice in ../modules/appservice
- container-registry in ../modules/container-registry
- eventhub in ../modules/eventhub
- iothub in ../modules/iothub
- monitoring in ../modules/monitoring
- redis in ../modules/redis
- sqlserver in ../modules/sqlserver
- storage in ../modules/storage

Initializing the backend...

Successfully configured the backend "azurerm"! Terraform will automatically
use this backend unless the backend configuration changes.

Initializing provider plugins...
- Finding latest version of hashicorp/random...
- Finding hashicorp/azurerm versions matching "2.39.0"...
- Installing hashicorp/random v3.0.1...
- Installed hashicorp/random v3.0.1 (signed by HashiCorp)
- Installing hashicorp/azurerm v2.39.0...
- Installed hashicorp/azurerm v2.39.0 (signed by HashiCorp)

In the terraform module, functionapp referenced from issue
#16 there seems to be an issue related to the upgrade of terraform 0.11.14 to 0.12.

The following error message is received from the following input in 0.12 and not in 0.11.14

Error

 on .terraform\modules\myfunction\anoff-terraform-azurerm-functionapp-bc17e58\main.tf line 49, in resource "azurerm_function_app" "funcapp":
  49:   site_config               = "${local.site_config}"

An argument named "site_config" is not expected here. Did you mean to define a
block of type "site_config"?

Input

module "myfunction" {
    source              = "anoff/functionapp/azurerm"
    name                = "myfunction"
    location            = "${var.az_region_default}"
    plan_type           = "consumption"
}

Found this and this, which seem related but I'm not quite sure.

Publish a module to Terraform registry that helps to deploy and configure Azure Firewall.

Related Terraform resources:

• https://www.terraform.io/docs/providers/azurerm/r/firewall.html
• https://www.terraform.io/docs/providers/azurerm/r/firewall_application_rule_collection.html
• https://www.terraform.io/docs/providers/azurerm/r/firewall_network_rule_collection.html

Publish a module into Terraform registry that deploys a Virtual Machine Scaleset distributed across Availability Zone with Load Balancer.

Equivalent of this ARM template.

Hi
I'm trying to deploy databricks with VNET injection.
My code looks like this:

##############################################################################################################################3

DATABRICKS WORKSPACE

##############################################################################################################################3

resource "azurerm_databricks_workspace" "dp-dbricks-dev" {
name = var.databricks_workspace_suffix
resource_group_name = var.databricks_depends_on # select databricks resource group
location = var.dbricks_location
sku = var.db_ws_sku

managed_resource_group_name = var.databricks_depends_on

custom_parameters {
no_public_ip = true
public_subnet_name = var.snet_pub_addr_name
private_subnet_name = var.snet_prv_addr_name
virtual_network_id = var.vnet_id
}
depends_on = [var.databricks_depends_on]
}
##############################################################################################################################3

DATABRICKS NSG AND ASSOCIATION RESOURCES

##############################################################################################################################3

resource "azurerm_network_security_group" "service-dap-nsg" {
name = var.service-dap-nsg-name
location = var.dbricks_location
resource_group_name = var.databricks_depends_on
security_rule {
name = "allowedSubnets"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = ""
destination_port_range = ""
source_address_prefixes = ["${var.snet_prv_addr_prefix}","${var.snet_link_addr_prefix}","${var.snet_apps_addr_prefix}"]
destination_address_prefix = "*"
}
}
##############################################################################################################################3
#DATABRICKS NSG ASSOCIATION FOR BOTH PRIVATE AND PUBLIC SUBNET
##############################################################################################################################3
resource "azurerm_subnet_network_security_group_association" "dbricks-nsg-prv" { #for private subnet
subnet_id = var.db_subnet_id
network_security_group_id = azurerm_network_security_group.service-dap-nsg.id
depends_on = [azurerm_network_security_group.service-dap-nsg]
}
resource "azurerm_subnet_network_security_group_association" "dbricks-nsg-pub" { #for public subnet
subnet_id = var.db_pub_subnet_id
network_security_group_id = azurerm_network_security_group.service-dap-nsg.id
depends_on = [azurerm_network_security_group.service-dap-nsg]
}

Both subnets have the databricks associated and delegation added, but it keeps failing with error:
Error: Error updating Route Table Association for Subnet "snet-prv-dap-dev-cc-001" (Virtual Network "vnet-dap-dev-cc-001" / Resource Group "rg-dap-core-dev"): network.SubnetsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="ConflictWithNetworkIntentPolicy" Message="Found conflicts with NetworkIntentPolicy. Details: Subnet or Virtual Network cannot have resources or properties which conflict with network intent policy.\r\nNetwork Security Group: /subscriptions//resourceGroups/rg-dap-service-dev-001/providers/Microsoft.Network/networkSecurityGroups/nsg-dbks-dap-dev-cc-001 conflicts with Network Intent Policy: adb-canadacentral-npip-57ca56ef13781757ae293ff6\r\n Network Security Group doesn't have supporting Security Rule for Network Intent Policy Security Rule: Name: databricks-worker-to-databricks-webapp, Id: /subscriptions//resourceGroups/rg-dap-core-dev/providers/Microsoft.Network/networkIntentPolicies/adb-canadacentral-npip-57ca56ef13781757ae293ff6/securityRules/databricks-worker-to-databricks-webapp, Access: Allow, Direction: Outbound, Protocol: tcp, SourceAddressPrefix: VirtualNetwork, SourcePortRange: , DestinationAddressPrefix: AzureDatabricks, DestinationPortRange: 443\r\n ----\r\n Network Security Group doesn't have supporting Security Rule for Network Intent Policy Security Rule: Name: databricks-worker-to-sql, Id: /subscriptions//resourceGroups/rg-dap-core-dev/providers/Microsoft.Network/networkIntentPolicies/adb-canadacentral-npip-57ca56ef13781757ae293ff6/securityRules/databricks-worker-to-sql, Access: Allow, Direction: Outbound, Protocol: tcp, SourceAddressPrefix: VirtualNetwork, SourcePortRange: , DestinationAddressPrefix: Sql, DestinationPortRange: 3306\r\n ----\r\n Network Security Group doesn't have supporting Security Rule for Network Intent Policy Security Rule: Name: databricks-worker-to-storage, Id: /subscriptions//resourceGroups/rg-dap-core-dev/providers/Microsoft.Network/networkIntentPolicies/adb-canadacentral-npip-57ca56ef13781757ae293ff6/securityRules/databricks-worker-to-storage, Access: Allow, Direction: Outbound, Protocol: tcp, SourceAddressPrefix: VirtualNetwork, SourcePortRange: , DestinationAddressPrefix: Storage, DestinationPortRange: 443\r\n ----\r\n Network Security Group doesn't have supporting Security Rule for Network Intent Policy Security Rule: Name: databricks-worker-to-eventhub, Id: /subscriptions/**/resourceGroups/rg-dap-core-dev/providers/Microsoft.Network/networkIntentPolicies/adb-canadacentral-npip-57ca56ef13781757ae293ff6/securityRules/databricks-worker-to-eventhub, Access: Allow, Direction: Outbound, Protocol: tcp, SourceAddressPrefix: VirtualNetwork, SourcePortRange: *, DestinationAddressPrefix: EventHub, DestinationPortRange: 9093\r\n ----\r\n---- ----" Details=[]

Could you please help me with that.

Publish a module to Terraform Registry that helps to deploy the enterprise BI reference architecture, using SQL Data Factory.

Documentation about this reference architecture is here.

Terraform resources for SQL Data Factory:

• https://www.terraform.io/docs/providers/azurerm/r/data_factory.html
• https://www.terraform.io/docs/providers/azurerm/r/data_factory_pipeline.html

Publish a module to Terraform Registry that helps to deploy Azure Event Hub.

Related Terraform resources:

• https://www.terraform.io/docs/providers/azurerm/r/eventhub.html
• https://www.terraform.io/docs/providers/azurerm/r/eventhub_authorization_rule.html
• https://www.terraform.io/docs/providers/azurerm/r/eventhub_consumer_group.html
• https://www.terraform.io/docs/providers/azurerm/r/eventhub_namespace.html
• https://www.terraform.io/docs/providers/azurerm/r/eventhub_namespace_authorization_rule.html

When I run Azure DevOps pipeline. I get the below error

Import-Module -Name C:\Modules\az_9.3.0\Az.Accounts\2.11.1\Az.Accounts.psd1 -Global
##[warning]Both Az and AzureRM modules were detected on this machine. Az and AzureRM modules cannot be imported in the same session or used in the same script or runbook. If you are running PowerShell in an environment you control you can use the 'Uninstall-AzureRm' cmdlet to remove all AzureRm modules from your machine. If you are running in Azure Automation, take care that none of your runbooks import both Az and AzureRM modules. More information can be found here: https://aka.ms/azps-migration-guide
Clear-AzContext -Scope CurrentUser -Force -ErrorAction SilentlyContinue
Clear-AzContext -Scope Process
Connect-AzAccount -ServicePrincipal -Tenant xxxxxxxxxxxxxxxx-Credential System.Management.Automation.PSCredential -Environment AzureCloud @processScope
Az module initialization Complete
Beginning Script Execution
& 'D:\a_temp\xxxxxxxxxxxxxxxxxxxxx.ps1'

Name Account SubscriptionName Environment TenantId
App name xxxxxxx.. xxxxxx. AzureCloud xxxxxxx.
Disconnect-AzAccount -Scope Process -ErrorAction Stop
Clear-AzContext -Scope Process -ErrorAction Stop
##[error]Invalid JSON primitive: .
Finishing: Configure Virtual Machine - client

Below is my code
[CmdletBinding()]
param (
[Parameter(Mandatory)]
[string]
$DomainJoin,

[Parameter()]
[string]
$Groups,

[Parameter()]
[string]
$Users

)
$ErrorActionPreference = 'SilentlyContinue'

$report = ""

Add to Domain

$Domain = Get-WmiObject win32_computersystem

if (($Domain).partofdomain -eq $true) {
$report += "Already added to Domain: $(($Domain).Domain); "
}
else {
$password = $DomainJoin | ConvertTo-SecureString -asPlainText -Force
$username = "[email protected]"
$credential = New-Object System.Management.Automation.PSCredential($username, $password)

Add-Computer -DomainName "wren.co.uk" -OUPath "OU=Azure,OU=Servers,OU=Brit,DC=wren,DC=co,DC=uk" -Credential $credential
$report += "Added to Domain: $(($Domain).Domain); "

Add-LocalGroupMember -Group "Administrators" -Member "[email protected]"
$report += "Added CloudOps to Local Admin; "

}

Disable Local Firewall

'Domain', 'Private', 'Public' | ForEach-Object { Set-NetFirewallProfile -Profile $_ Enabled False }

Local Admins Users and Groups

Groups

if ($Groups.Length -gt 0) {
$adminGroups = $Groups.Split(",")
foreach ($group in $adminGroups) {
Add-LocalGroupMember -Group "Administrators" -Member $group -ErrorAction SilentlyContinue
}
}

Users

if ($Users.Length -gt 0) {
$adminUsers = $Users.Split(",")
foreach ($user in $adminUsers) {
Add-LocalGroupMember -Group "Administrators" -Member $user -ErrorAction SilentlyContinue
}
}

Write-Output $report

#Exit
exit 0

the subnet, vnet, and remote-state-storage modules uses a version constraint that excludes version 0.12.0, referenced below. I had assumed that the version constraint listed was good for versions >= 0.11.1 and < 1.0.0, per this article. This may not be the case. On another note, this module doesn't really seem to add any value to the subnet provider and has no documentation on usage. This issue peeled off of #16.

terraform {
  required_version = "~> 0.11.1"
}

Is there an existing issue for this?

• I have searched the existing issues

Terraform Version

1.1.9

Provider Version

0.1.1

Current Behavior

When attempting to provision a Log Analytics Workspace via the azapi_resource, if I'm not authenticated via the az cli I get the following error:

│ Error: checking for presence of existing Resource: (ResourceId "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resource-group/providers/Microsoft.OperationalInsights/workspaces/Log-Analytics-Workspace/dataSources/Logs-Ingest" / Api Version "2020-08-01"): DefaultAzureCredential: failed to acquire a token.
│ Attempted credentials:
│       EnvironmentCredential: incomplete environment variable configuration. Only AZURE_TENANT_ID and AZURE_CLIENT_ID are set
│       ManagedIdentityCredential: IMDS token request timed out
│       AzureCLICredential: ERROR: Please run 'az login' to setup account.
│ 
│ 
│   with azapi_resource.Logs-Ingest,
│   on ../../main.tf line 100, in resource "azapi_resource" "Logs-Ingest":
│ 100: resource "azapi_resource" "Logs-Ingest" {

If I az login, however, I can provision the resources just fine with a terraform apply.

Expected Behavior

I expect to be able to manage a dataSource azapi_resource without having to az login if I'm authenticating via the service principal via the provider config block.

Terraform configuration

A valid `azapi` provider block:


provider "azapi" {
  client_id            = var.client_id
  environment          = var.environment
  subscription_id      = var.subscription_id
  tenant_id            = var.tenant_id
}

A valid azapi_resource data source declaration:

resource "azapi_resource" "Logs-Ingest" {
  provider  = azapi
  type      = "Microsoft.OperationalInsights/workspaces/dataSources@2020-08-01"
  name      = "Logs-Ingest"
  parent_id = azurerm_log_analytics_workspace.Log-Analytics-Workspace.id

  body = jsonencode({
    properties = {
      customLogName = "IngestLogs_CL"
      description = "Data Source to ingest /var/log/messages"
      inputs = [{
        location = {
          fileSystemLocations = {
            linuxFileTypeLogPaths = ["/var/log/messages"],
          }
        },
        recordDelimiter = {
          regexDelimiter = {
            pattern = "\\n",
            matchIndex = 0,
            numberdGroup = null
          }
        }
        }
      ],
      extractions = [
        {
          extractionName = "TimeGenerated",
          extractionType = "DateTime",
          extractionProperties = {
            dateTimeExtraction = {
              regex = null,
              joinStringRegex = null
            }
          }
        }
      ]
    }
    kind = "CustomLog"
  })
}

I will try to create an sscce tonight and post the repo here.

Steps To Reproduce

terraform plan while not authenticated via cli should do it

Anything else?

With TF_LOG=json, we get some more output. Various pastings of log messages below:

{"@level":"debug","@message":"Apr 26 20:59:27.925131 Retry: error Get \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01\u0026resource=https%3A%2F%2Fmanagement.core.windows.net%2F\": dial tcp 169.254.169.254:80: connect: host is down","@module":"provider.terraform-provider-azapi_v0.1.1","@timestamp":"2022-04-26T20:59:27.925495-04:00","timestamp":"2022-04-26T20:59:27.925-0400"}

I'm not sure why the Managed Data Service is being called to authenticate.

EDIT: Here's an sscce

Complex Azure services such as AKS require many different decisions to be made on the creation of a cluster, and Terraform users have to create different templates for different combinations of deployment schemes(i.e. azureCNI with Virtual Node and Network Policy, kubenet with AAD RBAC,pod security and defined subnets, etc). This hack proposes to create a structured reference Terraform template that can use decision logic that can deploy different combinations of AKS setups depending on variables set.

Create a Terraform module that allows to deploy SAP reference architecture on Azure.
Documentation about this reference architecture is here.

Publish a module to Terraform Registry that helps to deploy Azure CosmosDb account.

Related Terraform resource:

• https://www.terraform.io/docs/providers/azurerm/r/cosmosdb_account.html

Create a Terraform module that deploys an IoT reference architecture in Azure, with Azure IoT Hub, Stream Analytics, Storage etc.

Azure IoT Reference architecture documentation is available here.

Is there an existing issue for this?

• I have searched the existing issues

Example Name

201-web-app-docker-acr

Terraform Version

1.4.6

Current Behavior

The App service is given a permission to the App Service Plan (not the ACR)

Expected Behavior

The App service is given a permission to the ACR

Steps To Reproduce

Anything else?

No response

I am following the following commands as per the tutorial, but still getting error. I am having Windows10 Laptop.

Also sharing the rsa file
id_rsa.txt

Is there an existing issue for this?

• I have searched the existing issues

Where would you like this feature added?

Other/Unknown

Is this feature ask due to a problem that you are encountering?

While working to deploy Kafka cluster on Azure VMs using Terraform and Ansible, I am facing issues while creating a topic, I have checked and found that all three Zookeeper servers are running in cluster but one of the Kafka servers is not getting started in cluster.

VMs used: Dpsv5 series

OS: Ubuntu 20.04

Architecture: amd64 and arm64

The error which I am getting is:

[2023-05-30 08:35:45,623] INFO [Controller id=1, targetBrokerId=1] Node 1 disconnected. (org.apache.kafka.clients.NetworkClient) 

[2023-05-30 08:35:45,623] WARN [Controller id=1, targetBrokerId=1] Connection to node 1 (myvm.internal.cloudapp.net/10.1.0.9:9093) could not be established. Broker may not be available. (org.apache.kafka.clients.NetworkClient) 

[2023-05-30 08:35:45,623] INFO [Controller id=1, targetBrokerId=1] Client requested connection close from node 1 (org.apache.kafka.clients.NetworkClient) 

The code written to create the resources through terraform in main.tf file:

main.txt
providers.txt
variables.txt
zookeeper_cluster.txt
kafka_cluster.txt

Steps followed to deploy the kafka cluster.

Run the following commands to create resources through terraform:

terraform init 

  

terraform apply 

To know the ip of kafka servers:

cat /tmp/inventery 

To install the Zookeeper and the required dependencies and start zookeeper server:

ansible-playbook zookeeper_cluster.yaml -i /tmp/inventory 

To install the Kafka and the required dependencies:

ansible-playbook kafka_cluster.yaml -i /tmp/inventory 

To start kafka on all three server first do ssh on all three machines on which kafka is installed and run below command:

bin/kafka-server-start.sh config/server.properties 

However, When I have created virtual machines manually(not through Terraform) and installed zookeeper and kafka in them with the same configuration and tried running Kafka cluster and it is running fine.

It will be really helpful if you share pointers on the above mentioned issue.

Describe potential solutions.

When I have created virtual machines manually(not through Terraform) and installed zookeeper and kafka in them with the same configuration and tried running Kafka cluster and it is running fine.

Anything else?

No response

Publish a module to Terraform registry that helps to deploy Azure Batch account and Azure Batch pool.

Related Terraform resources:

• https://www.terraform.io/docs/providers/azurerm/r/batch_account.html
• https://www.terraform.io/docs/providers/azurerm/r/batch_pool.html
• https://www.terraform.io/docs/providers/azurerm/r/batch_certificate.html

Publish a module to Terraform Registry that helps to deploy Azure IoT Hub.

Related Terraform resources:

• https://www.terraform.io/docs/providers/azurerm/r/stream_analytics_job.html
• https://www.terraform.io/docs/providers/azurerm/r/stream_analytics_function_javascript_udf.html
• https://www.terraform.io/docs/providers/azurerm/r/stream_analytics_output_blob.html

Publish a module to Terraform Registry that helps to deploy Azure Database for MySQL.

Related Terraform resources:

• https://www.terraform.io/docs/providers/azurerm/r/mysql_configuration.html
• https://www.terraform.io/docs/providers/azurerm/r/mysql_database.html
• https://www.terraform.io/docs/providers/azurerm/r/mysql_firewall_rule.html
• https://www.terraform.io/docs/providers/azurerm/r/mysql_server.html
• https://www.terraform.io/docs/providers/azurerm/r/mysql_virtual_network_rule.html

Is there an existing issue for this?

• I have searched the existing issues

Example Name

201-aks-rbac-dashboard-admin

Terraform Version

1.3

Current Behavior

As @zioproto pointed out, the example seems has some issue on role binding.

Expected Behavior

Please refer to #148 for further details.

Steps To Reproduce

No response

Anything else?

No response

Publish a module to the Terraform registry that helps to deal with Azure Policy.
Documentation about Azure Policy is here

Related Terraform resources:

• https://www.terraform.io/docs/providers/azurerm/r/policy_assignment.html
• https://www.terraform.io/docs/providers/azurerm/r/policy_definition.html
• https://www.terraform.io/docs/providers/azurerm/r/policy_set_definition.html

Is there an existing issue for this?

• I have searched the existing issues

Example Name

201-machine-learning-moderately-secure

Terraform Version

Terraform v1.2.3 on windows_amd64

Current Behavior

I am simply following the example and running terraform init command. But it gives below error.

Expected Behavior

It should download all the provider dependencies.

Steps To Reproduce

Run: terraform init
Error Produced

Anything else?

No response

Would it be possible to add support to configure the IotHub's Built-in endpoint's, Cloud to device messaging parameters?

1. Default TTL,
2. Feedback retention time &
3. Maximum delivery count

thanks

Create a Terraform module that deploys a Stream processing reference architecture using Azure Stream Analytics and Cosmos Db.

Documentation about this architecture is available here.

Is there an existing issue for this?

• I have searched the existing issues

Example Name

201-machine-learning-moderately-secure

Terraform Version

1.2.9

Current Behavior

Example is failing on provider, since it has been renamed, however, the provider is also not needed at all, should be removed.

terraform/quickstart/201-machine-learning-moderately-secure/main#L10

Expected Behavior

Example expected to work out of the box, failing on provider

Steps To Reproduce

follow this tutorial:
https://learn.microsoft.com/en-us/azure/machine-learning/tutorial-create-secure-workspace-template?tabs=terraform%2Ccli

Anything else?

old but related microsoft docs issue:
MicrosoftDocs/azure-docs#100227

          Please open this issue in Terraform repo

Originally posted by @yonzhan in Azure/azure-cli#25271 (comment)

Hello Team, Basically I have run the code given below through the Azure DevOps pipeline already. Got few existing resources so want to import the state file locally . However when I am running the terraform refresh, I get the below error ;

" Error: Route Table: (Name "platform-rt-uks-legacy-prd-zscl" / Resource Group "platform-rg-uks-legacy-prd") was not found

│ with module.landing_zone.data.azurerm_route_table.zscl["uks"],
│ on ..\module-tf-landing_zone\networking.tf line 43, in data "azurerm_route_table" "zscl":
│ 43: data "azurerm_route_table" "zscl" {
"
Although the above route exists in the portal.

Here is my code below:

resource "azurerm_route_table" "rt" {
for_each = var.Location

name = replace(replace(replace(local.roleCount, "type", "rt"), "role", "lz"), "count", "0${1 + index(keys(var.Location), each.key)}")
location = azurerm_resource_group.rg[each.key].location
resource_group_name = azurerm_resource_group.rg[each.key].name
disable_bgp_route_propagation = false
tags = local.tags
lifecycle {
ignore_changes = [
tags["FirstCreated"]
]
}
}
resource "azurerm_route" "routes" {
for_each = local.rt_routes

name = each.value.rt_key
resource_group_name = azurerm_resource_group.rg[each.value.loc_key].name
route_table_name = azurerm_route_table.rt[each.value.loc_key].name
address_prefix = each.value.prefix
next_hop_type = each.value.hop_type
next_hop_in_ip_address = each.value.region == "UK South" ? local.firewalls.uksouth : local.firewalls.ukwest
}

data "azurerm_route_table" "zscl" {
provider = azurerm.prd-hub

for_each = local.zscl-rt-table

name = each.value.name
resource_group_name = each.value.rg
}
resource "azurerm_route" "zscl-routes" {
provider = azurerm.prd-hub

for_each = local.zscl-routes

name = each.value.loc_key == "Primary" ? replace(local.baseName, "type", "RouteTo") : replace(local.baseNameSecondary, "type", "RouteTo")
resource_group_name = data.azurerm_route_table.zscl[each.value.zscl_key].resource_group_name
route_table_name = data.azurerm_route_table.zscl[each.value.zscl_key].name
address_prefix = each.value.address_space[0]
next_hop_type = "VirtualAppliance"
next_hop_in_ip_address = each.value.zscl_key == "ukw" ? local.firewalls.ukwest : local.firewalls.uksouth
}

Using this article as an instruction base - along with the code in this repo : https://learn.microsoft.com/en-us/azure/machine-learning/tutorial-create-secure-workspace-template?view=azureml-api-2&tabs=terraform%2Ccli

Other reference docs around ACR accessibility with private endpoints: https://learn.microsoft.com/en-us/azure/machine-learning/how-to-secure-online-endpoint?view=azureml-api-2&tabs=azure-studio%2Cmodel#outbound-resource-access

After running the Terraform and connecting into the DSVM jump box via Bastion - I've accessed the Azure ML Studio from there and created a custom environment and built it successfully - as it states in the 2nd article above - endpoints/deployments can't pull images from public sources - only the connected Azure Container Registry to the Azure ML Workspace itself

When going into the Endpoints section in the Studio, I have noticed that it can't access the Models to select from this wizard, it gets stuck.

If you go into the Models section you can select a model and click on the pull-down Deploy that way - but when the wizard gets to the Environment selection you cannot see the custom created Environments to choose from - and it needs to do this because otherwise I can't deploy anything

I've tried different filters, all to no avail - I can't see my custom environment mycustomsklearn1

I haven't tried the Bicep version of this yet - I'll be doing it this week - but as this Terraform example stands, I can't deploy anything using Endpoints

Below is the output of the terraform validate -

Need to fix these templates with the correct values.