Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Part 4 GitHub Actions deploy azure resources with Terraform backend

In this section, I'm leveraging the azurerm backend to keep the Terraform state (tfstate) file in an Azure Storage Account. This will make sure that the Terraform state is centralized and consistent across different environments and team members. Every time I push changes to my Terraform configuration files to GitHub, Terraform will compare the updated code with the current state of the infrastructure stored in the Azure backend. Based on this comparison, it will determine the necessary changes to apply, making sure that the infrastructure is updated or deployed as required, while maintaining state integrity.

In the GitHub Actions workflow below, I’m using the secret variables I've already created for Azure authentication, which include AZURE_SUBSCRIPTION_ID, AZURE_TENANT_ID, AZURE_CLIENT_ID, and AZURE_CLIENT_SECRET. You can refer to my earlier article for the procedure on setting up these secrets.

Check this Series of Articles:
Part 1: Create GitHub repository and branches using Terraform
Part 2 Terraform modules using a github.com repository as a source
Part 3 Automating and Planning Azure Resources with Terraform and GitHub Actions
Part 4 GitHub Actions deploy azure resources with Terraform backend
Part 4.1 GitHub Actions deploy azure resources with PowerShell
Part 4.2 GitHub Actions manage Microsoft Azure Cloud with az CLI
Azure OIDC OpenID Connect password less with GitHub Actions

These secret values are utilized inside the YAML file under environment variables to authenticate and initialize the Terraform backend. By using these service principal credentials, Terraform will initialize the backend, run the plan, and automatically approve and apply the necessary infrastructure changes for the deployment.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# Name of the action that will trigger
name: Terraform

# On push event occur
on: push

# Environment variable to get more detailed log output
# Environment variable to controls Terraform's input prompts: true enables prompting, false disables prompting and relies on defaults or automation.
env:
  TF_LOG: INFO
  TF_INPUT: false

# Jobs section  
jobs:
  terraform:
    name: Terraform
    runs-on: ubuntu-latest # OS where job will trigger

    #Use the bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest or windows-latest
    #Setting default bash shell
    defaults:
      run:
        shell: bash

    steps:
    # Checkout the repository to the GitHub Actions runner
    - name: Checkout
      uses: actions/checkout@v3

    # Install the preferred version of terraform CLI
    - name: Setup Terraform
      uses: hashicorp/setup-terraform@v2
      with:
          terraform_version: 1.9.2 # specify your Terraform version here

    # - name: Login to Azure
    #   uses: azure/login@v2
    #   with:
    #     creds: ${{ secrets.AZURE_CREDENTIALS }}

    # Initialize a new or existing terraform working directory 
    - name: Terraform Init
      id: init
      run: terraform init
      env:
        ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
        ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
        ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
        ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}

    # Run terraform fmt for push 
    - name: Terraform Format
      id: fmt
      run: terraform fmt #-check      

    # Run a terraform validate
    # Run even if validation fails
    - name: Terraform Validate
      id: validate
      if: (success() || failure())
      run: terraform validate

    # Run terraform plan for push 
    - name: Terraform Plan
      id: plan
      run: terraform plan
      env:
        TF_VAR_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
        ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
        ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
        ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
        ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}

    # Run terraform Apply after plan
    - name: Terraform Apply
      # if: github.ref == 'refs/heads/main'
      id: apply
      run: terraform apply --auto-approve
      env:
        TF_VAR_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
        ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
        ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
        ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
        ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}

Here is a basic Terraform configuration script for Azure, which stores the Terraform state file in the azurerm backend and deploys a new subnet within an existing virtual network (vnet).

Download this complete code Terraform_Azure_Github_Actions_with_backend.zip here or it also available on github.com.

terraform {
  backend "azurerm" {
    resource_group_name  = "dev"                       # Can be passed via `-backend-config=`"resource_group_name=<resource group name>"` in the `init` command.
    storage_account_name = "vcloudlabtfstate"          # Can be passed via `-backend-config=`"storage_account_name=<storage account name>"` in the `init` command.
    container_name       = "tfstate"                   # Can be passed via `-backend-config=`"container_name=<container name>"` in the `init` command.
    key                  = "example.terraform.tfstate" # Can be passed via `-backend-config=`"key=<blob key name>"` in the `init` command.
    #use_azuread_auth     = true                        # Can also be set via `ARM_USE_AZUREAD` environment variable.
  }
}
##################
variable "subscription_id" { type = string }
provider "azurerm" {
  features {}
  subscription_id = var.subscription_id
}
##################
variable "subnet" {
  type = object({
    name                 = string
    resource_group_name  = string
    virtual_network_name = string
    address_prefixes     = list(string)
  })
  default = {
    name                 = "subnet1"
    resource_group_name  = "dev"
    virtual_network_name = "dev-vnet"
    address_prefixes     = ["10.0.1.0/24"]
  }
}
##################
resource "azurerm_subnet" "subnet" {
  name                 = var.subnet.name
  resource_group_name  = var.subnet.resource_group_name
  virtual_network_name = var.subnet.virtual_network_name
  address_prefixes     = var.subnet.address_prefixes
}
##################
output "subnet_id" {
  value = resource.azurerm_subnet.subnet.id
}

Upon initial deployment, the GitHub Actions workflow triggers Terraform to create resources in Azure infrastructure. Subsequent pushes to the repository trigger the workflow again, but Terraform doesn't apply any changes since the resources are already provisioned. To update or modify resources, changes must be made to the Terraform configuration files (e.g., main.tf) and pushed to GitHub, triggering the workflow to apply the updates.

GitHub Actions Terraform testing credentials backend configuration Azure storage Account devops auto trigger configuration terraform azure resource service deployment management configuration setup automation.png

If I check the result of terraform init it shows, Terraform backend initialized successfully on Azure Storage Account.

Terraform github action terraform init credentials subscription id tenant client id client secret devops remote tfstate file state file lock backend ci cd certificate azurerm devops.png

Following I see terraform apply job is successful and it deployed one subnet resource in existing vNet.

Hasicorp terraform github actions automation devops continous delivery integration azure automation cloud configuration deployment resources services setup automation terraform backend plan azurerm apply auto approve.png

On the second push to GitHub, on the Terraform Apply task as resource is already added/deployed, it first cross verifies the configuration with tfstate file from backend and shows the message no changes or addition to make on Azure infrastructure.

Github actions azurerm provider terraform no changes your infrastructure matches the configuration automation devops ci cd setup management automation.png

Here is complete output from GitHub Actions trigger workflow jobs output.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
Set up job

Current runner version: '2.319.1'
Operating System
  Ubuntu
  22.04.4
  LTS
Runner Image
  Image: ubuntu-22.04
  Version: 20240901.1.0
  Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20240901.1/images/ubuntu/Ubuntu2204-Readme.md
  Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240901.1
Runner Image Provisioner
  2.0.384.1
GITHUB_TOKEN Permissions
  Contents: read
  Metadata: read
  Packages: read
Secret source: Actions
Prepare workflow directory
Prepare all required actions
Getting action download info
Download action repository 'actions/checkout@v3' (SHA:f43a0e5ff2bd294095638e18286ca9a3d1956744)
Download action repository 'hashicorp/setup-terraform@v2' (SHA:633666f66e0061ca3b725c73b2ec20cd13a8fdd1)
Download action repository 'azure/login@v2' (SHA:6c251865b4e6290e7b78be643ea2d005bc51f69a)
Complete job name: Terraform


Pre Login to Azure
Run azure/login@v2
  with:
    creds: ***
    enable-AzPSSession: false
    environment: azurecloud
    allow-no-subscriptions: false
    audience: api://AzureADTokenExchange
    auth-type: SERVICE_PRINCIPAL
  env:
    TF_LOG: INFO
    TF_INPUT: false
Clearing azure cli accounts from the local cache.
/usr/bin/az account clear

Checkout
Run actions/checkout@v3
  with:
    repository: janviudapi/vcloud-lab.com
    token: ***
    ssh-strict: true
    persist-credentials: true
    clean: true
    sparse-checkout-cone-mode: true
    fetch-depth: 1
    fetch-tags: false
    lfs: false
    submodules: false
    set-safe-directory: true
  env:
    TF_LOG: INFO
    TF_INPUT: false
Syncing repository: janviudapi/vcloud-lab.com
Getting Git version info
  Working directory is '/home/runner/work/vcloud-lab.com/vcloud-lab.com'
  /usr/bin/git version
  git version 2.46.0
Temporarily overriding HOME='/home/runner/work/_temp/f2ca0943-0870-438d-a1ea-883b36b88ba2' before making global git config changes
Adding repository directory to the temporary git global config as a safe directory
/usr/bin/git config --global --add safe.directory /home/runner/work/vcloud-lab.com/vcloud-lab.com
Deleting the contents of '/home/runner/work/vcloud-lab.com/vcloud-lab.com'
Initializing the repository
  /usr/bin/git init /home/runner/work/vcloud-lab.com/vcloud-lab.com
  hint: Using 'master' as the name for the initial branch. This default branch name
  hint: is subject to change. To configure the initial branch name to use in all
  hint: of your new repositories, which will suppress this warning, call:
  hint:
  hint: 	git config --global init.defaultBranch <name>
  hint:
  hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
  hint: 'development'. The just-created branch can be renamed via this command:
  hint:
  hint: 	git branch -m <name>
  Initialized empty Git repository in /home/runner/work/vcloud-lab.com/vcloud-lab.com/.git/
  /usr/bin/git remote add origin https://github.com/janviudapi/vcloud-lab.com
Disabling automatic garbage collection
  /usr/bin/git config --local gc.auto 0
Setting up auth
  /usr/bin/git config --local --name-only --get-regexp core\.sshCommand
  /usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
  /usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
  /usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
  /usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic ***
Fetching the repository
  /usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin +63ae858865d362a847403c964c9c269a3e673c3d:refs/remotes/origin/main
  remote: Enumerating objects: 8, done.        
  remote: Counting objects:  12% (1/8)        
  remote: Counting objects:  25% (2/8)        
  remote: Counting objects:  37% (3/8)        
  remote: Counting objects:  50% (4/8)        
  remote: Counting objects:  62% (5/8)        
  remote: Counting objects:  75% (6/8)        
  remote: Counting objects:  87% (7/8)        
  remote: Counting objects: 100% (8/8)        
  remote: Counting objects: 100% (8/8), done.        
  remote: Compressing objects:  16% (1/6)        
  remote: Compressing objects:  33% (2/6)        
  remote: Compressing objects:  50% (3/6)        
  remote: Compressing objects:  66% (4/6)        
  remote: Compressing objects:  83% (5/6)        
  remote: Compressing objects: 100% (6/6)        
  remote: Compressing objects: 100% (6/6), done.        
  remote: Total 8 (delta 0), reused 6 (delta 0), pack-reused 0 (from 0)        
  From https://github.com/janviudapi/vcloud-lab.com
   * [new ref]         63ae858865d362a847403c964c9c269a3e673c3d -> origin/main
Determining the checkout info
Checking out the ref
  /usr/bin/git checkout --progress --force -B main refs/remotes/origin/main
  Switched to a new branch 'main'
  branch 'main' set up to track 'origin/main'.
/usr/bin/git log -1 --format='%H'
'63ae858865d362a847403c964c9c269a3e673c3d'

Setup Terraform
Run hashicorp/setup-terraform@v2
  with:
    terraform_version: 1.9.2
    cli_config_credentials_hostname: app.terraform.io
    terraform_wrapper: true
  env:
    TF_LOG: INFO
    TF_INPUT: false
/usr/bin/unzip -o -q /home/runner/work/_temp/e7380124-d9b1-4453-bede-dfa2f0833160

Login to Azure
Run azure/login@v2
  with:
    creds: ***
    enable-AzPSSession: false
    environment: azurecloud
    allow-no-subscriptions: false
    audience: api://AzureADTokenExchange
    auth-type: SERVICE_PRINCIPAL
  env:
    TF_LOG: INFO
    TF_INPUT: false
    TERRAFORM_CLI_PATH: /home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65
Running Azure CLI Login.
/usr/bin/az cloud set -n azurecloud
Done setting cloud: "azurecloud"
Note: Azure/login action also supports OIDC login mechanism. Refer https://github.com/azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication for more details.
Attempting Azure CLI login by using service principal with secret...
Subscription is set successfully.
Azure CLI login succeeds by using service principal with secret.

Terraform Initialized
Run terraform init
  terraform init
  shell: /usr/bin/bash --noprofile --norc -e -o pipefail ***0***
  env:
    TF_LOG: INFO
    TF_INPUT: false
    TERRAFORM_CLI_PATH: /home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65
    ARM_CLIENT_ID: ***
    ARM_CLIENT_SECRET: ***
    ARM_SUBSCRIPTION_ID: ***
    ARM_TENANT_ID: ***
/home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65/terraform-bin init
2024-09-06T12:49:56.818Z [INFO]  Terraform version: 1.9.2
2024-09-06T12:49:56.818Z [INFO]  Go runtime version: go1.22.4
2024-09-06T12:49:56.818Z [INFO]  CLI args: []string***"/home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65/terraform-bin", "init"***
2024-09-06T12:49:56.818Z [INFO]  CLI command args: []string***"init"***
Initializing the backend...
2024-09-06T12:49:56.820Z [INFO]  Testing if Service Principal / Client Certificate is applicable for Authentication..
2024-09-06T12:49:56.820Z [INFO]  Testing if Multi Tenant Service Principal / Client Secret is applicable for Authentication..
2024-09-06T12:49:56.820Z [INFO]  Testing if Service Principal / Client Secret is applicable for Authentication..
2024-09-06T12:49:56.820Z [INFO]  Using Service Principal / Client Secret for Authentication
2024-09-06T12:49:56.820Z [INFO]  Getting OAuth config for endpoint https://login.microsoftonline.com/ with  tenant ***

Successfully configured the backend "azurerm"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
- Finding latest version of hashicorp/azurerm...
- Installing hashicorp/azurerm v4.1.0...
- Installed hashicorp/azurerm v4.1.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Terrform Format
Run terraform fmt
  terraform fmt
  shell: /usr/bin/bash --noprofile --norc -e -o pipefail ***0***
  env:
    TF_LOG: INFO
    TF_INPUT: false
    TERRAFORM_CLI_PATH: /home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65
/home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65/terraform-bin fmt
2024-09-06T12:49:59.322Z [INFO]  Terraform version: 1.9.2
2024-09-06T12:49:59.322Z [INFO]  Go runtime version: go1.22.4
2024-09-06T12:49:59.322Z [INFO]  CLI args: []string***"/home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65/terraform-bin", "fmt"***
2024-09-06T12:49:59.322Z [INFO]  CLI command args: []string***"fmt"***
main.tf

Terraform Validate
Run terraform validate
  terraform validate
  shell: /usr/bin/bash --noprofile --norc -e -o pipefail ***0***
  env:
    TF_LOG: INFO
    TF_INPUT: false
    TERRAFORM_CLI_PATH: /home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65
/home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65/terraform-bin validate
2024-09-06T12:49:59.422Z [INFO]  Terraform version: 1.9.2
2024-09-06T12:49:59.422Z [INFO]  Go runtime version: go1.22.4
2024-09-06T12:49:59.422Z [INFO]  CLI args: []string***"/home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65/terraform-bin", "validate"***
2024-09-06T12:49:59.422Z [INFO]  CLI command args: []string***"validate"***
2024-09-06T12:49:59.591Z [INFO]  provider: configuring client automatic mTLS
2024-09-06T12:49:59.657Z [INFO]  provider.terraform-provider-azurerm_v4.1.0_x5: configuring server automatic mTLS: timestamp=2024-09-06T12:49:59.657Z
2024-09-06T12:49:59.853Z [INFO]  provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.1.0/linux_amd64/terraform-provider-azurerm_v4.1.0_x5 id=1884
2024-09-06T12:49:59.854Z [INFO]  provider: configuring client automatic mTLS
2024-09-06T12:49:59.916Z [INFO]  provider.terraform-provider-azurerm_v4.1.0_x5: configuring server automatic mTLS: timestamp=2024-09-06T12:49:59.916Z
2024-09-06T12:49:59.971Z [INFO]  provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.1.0/linux_amd64/terraform-provider-azurerm_v4.1.0_x5 id=1895
Success! The configuration is valid.

Terraform Plan
Run terraform plan
  terraform plan
  shell: /usr/bin/bash --noprofile --norc -e -o pipefail ***0***
  env:
    TF_LOG: INFO
    TF_INPUT: false
    TERRAFORM_CLI_PATH: /home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65
    TF_VAR_subscription_id: ***
    ARM_CLIENT_ID: ***
    ARM_CLIENT_SECRET: ***
    ARM_SUBSCRIPTION_ID: ***
    ARM_TENANT_ID: ***
/home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65/terraform-bin plan
2024-09-06T12:50:00.068Z [INFO]  Terraform version: 1.9.2
2024-09-06T12:50:00.068Z [INFO]  Go runtime version: go1.22.4
2024-09-06T12:50:00.068Z [INFO]  CLI args: []string***"/home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65/terraform-bin", "plan"***
2024-09-06T12:50:00.068Z [INFO]  CLI command args: []string***"plan"***
2024-09-06T12:50:00.070Z [INFO]  Testing if Service Principal / Client Certificate is applicable for Authentication..
2024-09-06T12:50:00.070Z [INFO]  Testing if Multi Tenant Service Principal / Client Secret is applicable for Authentication..
2024-09-06T12:50:00.070Z [INFO]  Testing if Service Principal / Client Secret is applicable for Authentication..
2024-09-06T12:50:00.070Z [INFO]  Using Service Principal / Client Secret for Authentication
2024-09-06T12:50:00.070Z [INFO]  Getting OAuth config for endpoint https://login.microsoftonline.com/ with  tenant ***
2024-09-06T12:50:00.240Z [INFO]  backend/local: starting Plan operation
2024-09-06T12:50:00.758Z [INFO]  provider: configuring client automatic mTLS
2024-09-06T12:50:00.819Z [INFO]  provider.terraform-provider-azurerm_v4.1.0_x5: configuring server automatic mTLS: timestamp=2024-09-06T12:50:00.819Z
2024-09-06T12:50:01.000Z [INFO]  provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.1.0/linux_amd64/terraform-provider-azurerm_v4.1.0_x5 id=1925
2024-09-06T12:50:01.001Z [INFO]  provider: configuring client automatic mTLS
2024-09-06T12:50:01.065Z [INFO]  provider.terraform-provider-azurerm_v4.1.0_x5: configuring server automatic mTLS: timestamp=2024-09-06T12:50:01.065Z
2024-09-06T12:50:01.120Z [INFO]  provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.1.0/linux_amd64/terraform-provider-azurerm_v4.1.0_x5 id=1935
2024-09-06T12:50:01.120Z [INFO]  backend/local: plan calling Plan
2024-09-06T12:50:01.121Z [INFO]  provider: configuring client automatic mTLS
2024-09-06T12:50:01.178Z [INFO]  provider.terraform-provider-azurerm_v4.1.0_x5: configuring server automatic mTLS: timestamp=2024-09-06T12:50:01.178Z
2024-09-06T12:50:02.830Z [WARN]  Provider "registry.terraform.io/hashicorp/azurerm" produced an invalid plan for azurerm_subnet.subnet, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .private_endpoint_network_policies: planned value cty.StringVal("Disabled") for a non-computed attribute
      - .default_outbound_access_enabled: planned value cty.True for a non-computed attribute
      - .private_link_service_network_policies_enabled: planned value cty.True for a non-computed attribute
2024-09-06T12:50:02.836Z [INFO]  provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.1.0/linux_amd64/terraform-provider-azurerm_v4.1.0_x5 id=1943
2024-09-06T12:50:02.837Z [INFO]  backend/local: plan operation completed

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # azurerm_subnet.subnet will be created
  + resource "azurerm_subnet" "subnet" ***
      + address_prefixes                              = [
          + "10.0.1.0/24",
        ]
      + default_outbound_access_enabled               = true
      + id                                            = (known after apply)
      + name                                          = "subnet1"
      + private_endpoint_network_policies             = "Disabled"
      + private_link_service_network_policies_enabled = true
      + resource_group_name                           = "dev"
      + virtual_network_name                          = "dev-vnet"
    ***

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + subnet_id = (known after apply)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.


Terraform Apply
Run terraform apply --auto-approve
  terraform apply --auto-approve
  shell: /usr/bin/bash --noprofile --norc -e -o pipefail ***0***
  env:
    TF_LOG: INFO
    TF_INPUT: false
    TERRAFORM_CLI_PATH: /home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65
    TF_VAR_subscription_id: ***
    ARM_CLIENT_ID: ***
    ARM_CLIENT_SECRET: ***
    ARM_SUBSCRIPTION_ID: ***
    ARM_TENANT_ID: ***
/home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65/terraform-bin apply --auto-approve
2024-09-06T12:50:02.973Z [INFO]  Terraform version: 1.9.2
2024-09-06T12:50:02.973Z [INFO]  Go runtime version: go1.22.4
2024-09-06T12:50:02.973Z [INFO]  CLI args: []string***"/home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65/terraform-bin", "apply", "--auto-approve"***
2024-09-06T12:50:02.974Z [INFO]  CLI command args: []string***"apply", "--auto-approve"***
2024-09-06T12:50:02.975Z [INFO]  Testing if Service Principal / Client Certificate is applicable for Authentication..
2024-09-06T12:50:02.975Z [INFO]  Testing if Multi Tenant Service Principal / Client Secret is applicable for Authentication..
2024-09-06T12:50:02.975Z [INFO]  Testing if Service Principal / Client Secret is applicable for Authentication..
2024-09-06T12:50:02.975Z [INFO]  Using Service Principal / Client Secret for Authentication
2024-09-06T12:50:02.975Z [INFO]  Getting OAuth config for endpoint https://login.microsoftonline.com/ with  tenant ***
2024-09-06T12:50:03.144Z [INFO]  backend/local: starting Apply operation
2024-09-06T12:50:03.601Z [INFO]  provider: configuring client automatic mTLS
2024-09-06T12:50:03.663Z [INFO]  provider.terraform-provider-azurerm_v4.1.0_x5: configuring server automatic mTLS: timestamp=2024-09-06T12:50:03.663Z
2024-09-06T12:50:03.846Z [INFO]  provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.1.0/linux_amd64/terraform-provider-azurerm_v4.1.0_x5 id=1977
2024-09-06T12:50:03.847Z [INFO]  provider: configuring client automatic mTLS
2024-09-06T12:50:03.907Z [INFO]  provider.terraform-provider-azurerm_v4.1.0_x5: configuring server automatic mTLS: timestamp=2024-09-06T12:50:03.907Z
2024-09-06T12:50:03.963Z [INFO]  provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.1.0/linux_amd64/terraform-provider-azurerm_v4.1.0_x5 id=1987
2024-09-06T12:50:03.963Z [INFO]  backend/local: apply calling Plan
2024-09-06T12:50:03.964Z [INFO]  provider: configuring client automatic mTLS
2024-09-06T12:50:04.029Z [INFO]  provider.terraform-provider-azurerm_v4.1.0_x5: configuring server automatic mTLS: timestamp=2024-09-06T12:50:04.028Z
2024-09-06T12:50:07.446Z [WARN]  Provider "registry.terraform.io/hashicorp/azurerm" produced an invalid plan for azurerm_subnet.subnet, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .private_endpoint_network_policies: planned value cty.StringVal("Disabled") for a non-computed attribute
      - .private_link_service_network_policies_enabled: planned value cty.True for a non-computed attribute
      - .default_outbound_access_enabled: planned value cty.True for a non-computed attribute
2024-09-06T12:50:07.452Z [INFO]  provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.1.0/linux_amd64/terraform-provider-azurerm_v4.1.0_x5 id=1996

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # azurerm_subnet.subnet will be created
  + resource "azurerm_subnet" "subnet" ***
      + address_prefixes                              = [
          + "10.0.1.0/24",
        ]
      + default_outbound_access_enabled               = true
      + id                                            = (known after apply)
      + name                                          = "subnet1"
      + private_endpoint_network_policies             = "Disabled"
      + private_link_service_network_policies_enabled = true
      + resource_group_name                           = "dev"
      + virtual_network_name                          = "dev-vnet"
    ***

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + subnet_id = (known after apply)
2024-09-06T12:50:07.466Z [INFO]  backend/local: apply calling Apply
2024-09-06T12:50:07.467Z [INFO]  provider: configuring client automatic mTLS
2024-09-06T12:50:07.524Z [INFO]  provider.terraform-provider-azurerm_v4.1.0_x5: configuring server automatic mTLS: timestamp=2024-09-06T12:50:07.524Z
2024-09-06T12:50:10.327Z [WARN]  Provider "registry.terraform.io/hashicorp/azurerm" produced an invalid plan for azurerm_subnet.subnet, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .private_endpoint_network_policies: planned value cty.StringVal("Disabled") for a non-computed attribute
      - .private_link_service_network_policies_enabled: planned value cty.True for a non-computed attribute
      - .default_outbound_access_enabled: planned value cty.True for a non-computed attribute
2024-09-06T12:50:10.327Z [INFO]  Starting apply for azurerm_subnet.subnet
azurerm_subnet.subnet: Creating...
2024-09-06T12:50:10.328Z [INFO]  provider.terraform-provider-azurerm_v4.1.0_x5: [INFO] preparing arguments for Azure ARM Subnet creation.
azurerm_subnet.subnet: Creation complete after 4s [id=/subscriptions/***/resourceGroups/dev/providers/Microsoft.Network/virtualNetworks/dev-vnet/subnets/subnet1]
2024-09-06T12:50:14.322Z [INFO]  provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.1.0/linux_amd64/terraform-provider-azurerm_v4.1.0_x5 id=2005

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Outputs:

subnet_id = "/subscriptions/***/resourceGroups/dev/providers/Microsoft.Network/virtualNetworks/dev-vnet/subnets/subnet1"

Post Checkout
Post job cleanup.
/usr/bin/git version
git version 2.46.0
Temporarily overriding HOME='/home/runner/work/_temp/eb2208b7-0111-4dbe-87c5-4cde9705606d' before making global git config changes
Adding repository directory to the temporary git global config as a safe directory
/usr/bin/git config --global --add safe.directory /home/runner/work/vcloud-lab.com/vcloud-lab.com
/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
http.https://github.com/.extraheader
/usr/bin/git config --local --unset-all http.https://github.com/.extraheader
/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"

Post Login to Azure
Post job cleanup.
Clearing azure cli accounts from the local cache.
/usr/bin/az account clear

Complete job
Cleaning up orphan processes
Terminate orphan process: pid (2104) (python3)

Useful Articles
Terraform using for loop in attribute value without for_each
Terraform variable multiple validation advanced blocks example
Terraform variable type list with for_each for loop examples
Terraform convert single string to list or set
Terraform workspaces with example
Terraform map of object for loop with if condition example
Terraform for_each for loop list of object without count example
Hashicorp Terraform map and object inside module and variable example
Terraform one module deploy null or multiple resources based on input
Terraform A reference to a resource type must be followed by at least one attribute access, specifying the resource name
Terraform fore_each for loop filter with if condition example
Terraform remote-exec provisioner with ssh connection in null_resource
Terraform count vs for_each for examples with map of objects
Terraform one module deploy null or multiple resources based on input (nested for loop) Example of Terraform functions flatten() and coalesce()
Terraform Azure Create Private Endpoint to existing Storage Account with Custom Private DNS zone record link
Creating a Private Endpoint for Azure Storage Account with required sub services using Terraform Example Terraform functions of lookup() and lower()

Go Back

Comment

Blog Search

Page Views

12086182

Follow me on Blogarama