Giter VIP home page Giter VIP logo

Comments (5)

mariussm avatar mariussm commented on June 3, 2024

You need to do this instead:

resource_group_name  = azurerm_resource_group.test-vdi-rg[each.key].name

You forgot to refer to the name property of the resource group :)

from terraform-az-rbac-pim-assignment.

MohnJadden avatar MohnJadden commented on June 3, 2024

You need to do this instead:

resource_group_name  = azurerm_resource_group.test-vdi-rg[each.key].name

You forgot to refer to the name property of the resource group :)

I replaced line 50 in the PIM Assignment main.tf with this content, and am now receiving the following error:

│ Error: Reference to undeclared resource
│
│   on PIM Assignment - Resource Group\main.tf line 50, in resource "random_uuid" "eligible_schedule_request_id":
│   50:     resource_group_name = azurerm_resource_group.test-vdi-rg[each.key].name
│
│ A managed resource "azurerm_resource_group" "test-vdi-rg" has not been declared in module.pim_assignment_2.

Since I'm declaring the resource groups in the original TF file which then calls the module, do I need to do something to pass the mapped name value to the main.tf for PIM assignment? I did also try replacing all references of var.resource_group_name in main.tf with azurerm_resource_group.test-vdi-rg[each.key].name, no luck.

from terraform-az-rbac-pim-assignment.

MohnJadden avatar MohnJadden commented on June 3, 2024

Issue resolved - I changed resource_group_name in main.tf to var.resource_group_name. I also corrected the name of the module to "pim_assignment" instead of "pim_assignment_2" as displayed in the walkthrough. I also changed the resource_group_name variable to a string instead of a map in the PIM Assignment - Resource Group module.

After doing these I was able to use the mapped SecurityGroup variable successfully with the module.

If it helps, here's the text of the assignment in my source TF module:

module "pim_assignment" {

  source               = "./PIM Assignment - Resource Group"
  for_each             = var.team_name
  resource_group_name  = azurerm_resource_group.test-vdi-rg.name
  principal_id         = lookup(var.SecurityGroup, each.key)
  role_definition_name = "Virtual Machine Administrator Login"
}

PIM Assignment - Resource Group/main.tf is now as follows:

variable "principal_id" {
  type = string
}

variable "role_definition_name" {
  type = string
}

variable "request_type" {
  type    = string
  default = "AdminUpdate"
}

variable "deployment_name" {
  type    = string
  default = null
}

variable "assignment_days" {
  type    = number
  default = 365
}

variable "resource_group_name" {
  type = string
}

provider "azurerm" {
  features {}
}

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 2"
    }
  }
}

// Get role from data resource, instead of hard coding
data "azurerm_role_definition" "role" {
  name = var.role_definition_name
}

// Generate a new guid for the eligible schedule request whever principalId, roleDefinitionId or requestType changes
resource "random_uuid" "eligible_schedule_request_id" {
  keepers = {
    principalId         = var.principal_id
    roleDefinitionId    = data.azurerm_role_definition.role.id
    requestType         = var.request_type
    startDateTime       = "${formatdate("YYYY-MM-DD", time_rotating.eligible_schedule_request_start_date.id)}T${formatdate("HH:mm:ss.0000000+02:00", time_rotating.eligible_schedule_request_start_date.id)}"
    duration            = "P${tostring(var.assignment_days)}D"
    resource_group_name = var.resource_group_name
  }
}

// Used to a) support short life time assignments automatically re-assigned and b) support a single start date that does not change
resource "time_rotating" "eligible_schedule_request_start_date" {
  rotation_days = floor(var.assignment_days / 2)
}

// Deploy the eligible schedule request using ARM template
resource "azurerm_resource_group_template_deployment" "eligible_schedule_request" {
  name                = var.deployment_name == null ? random_uuid.eligible_schedule_request_id.id : var.deployment_name
  resource_group_name = var.resource_group_name
  deployment_mode     = "Incremental"
  template_content    = file("${path.module}/pim_assignment.json")

  // Send parameters to ARM template
  parameters_content = jsonencode({
    "principalId" = {
      value = var.principal_id
    },
    "roleDefinitionId" = {
      value = data.azurerm_role_definition.role.id
    },
    "requestType" = {
      value = var.request_type
    },
    "id" = {
      value = random_uuid.eligible_schedule_request_id.id
    }
    "startDateTime" = {
      value = "${formatdate("YYYY-MM-DD", time_rotating.eligible_schedule_request_start_date.id)}T${formatdate("HH:mm:ss.0000000+02:00", time_rotating.eligible_schedule_request_start_date.id)}"
    }
    "duration" = {
      value = "P${tostring(var.assignment_days)}D"
    }
  })
}

from terraform-az-rbac-pim-assignment.

MohnJadden avatar MohnJadden commented on June 3, 2024

Gotta reopen. Unfortunately this didn't carry over from my test environment into prod. When I run plan or apply with the changes I put in, I get the following error:

The given value is not suitable for child module variable "resource_group_name" defined at PIM Assignment - Resource Group\main.tf:24,1-31: string required.

It seems like the module is back to the original behavior of being unable to work with environments using mapped resource groups.

from terraform-az-rbac-pim-assignment.

MohnJadden avatar MohnJadden commented on June 3, 2024

@mariussm Any chance of this getting looked at anytime soon?

from terraform-az-rbac-pim-assignment.

Related Issues (3)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.