In this section, I'm leveraging the azurerm backend to keep the Terraform state (tfstate) file in an Azure Storage Account. This will make sure that the Terraform state is centralized and consistent across different environments and team members. Every time I push changes to my Terraform configuration files to GitHub, Terraform will compare the updated code with the current state of the infrastructure stored in the Azure backend. Based on this comparison, it will determine the necessary changes to apply, making sure that the infrastructure is updated or deployed as required, while maintaining state integrity.
In the GitHub Actions workflow below, I’m using the secret variables I've already created for Azure authentication, which include AZURE_SUBSCRIPTION_ID, AZURE_TENANT_ID, AZURE_CLIENT_ID, and AZURE_CLIENT_SECRET. You can refer to my earlier article for the procedure on setting up these secrets.
Check this Series of Articles:
Part 1: Create GitHub repository and branches using Terraform
Part 2 Terraform modules using a github.com repository as a source
Part 3 Automating and Planning Azure Resources with Terraform and GitHub Actions
Part 4 GitHub Actions deploy azure resources with Terraform backend
Part 4.1 GitHub Actions deploy azure resources with PowerShell
Part 4.2 GitHub Actions manage Microsoft Azure Cloud with az CLI
Azure OIDC OpenID Connect password less with GitHub Actions
These secret values are utilized inside the YAML file under environment variables to authenticate and initialize the Terraform backend. By using these service principal credentials, Terraform will initialize the backend, run the plan, and automatically approve and apply the necessary infrastructure changes for the deployment.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 |
# Name of the action that will trigger name: Terraform # On push event occur on: push # Environment variable to get more detailed log output # Environment variable to controls Terraform's input prompts: true enables prompting, false disables prompting and relies on defaults or automation. env: TF_LOG: INFO TF_INPUT: false # Jobs section jobs: terraform: name: Terraform runs-on: ubuntu-latest # OS where job will trigger #Use the bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest or windows-latest #Setting default bash shell defaults: run: shell: bash steps: # Checkout the repository to the GitHub Actions runner - name: Checkout uses: actions/checkout@v3 # Install the preferred version of terraform CLI - name: Setup Terraform uses: hashicorp/setup-terraform@v2 with: terraform_version: 1.9.2 # specify your Terraform version here # - name: Login to Azure # uses: azure/login@v2 # with: # creds: ${{ secrets.AZURE_CREDENTIALS }} # Initialize a new or existing terraform working directory - name: Terraform Init id: init run: terraform init env: ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} # Run terraform fmt for push - name: Terraform Format id: fmt run: terraform fmt #-check # Run a terraform validate # Run even if validation fails - name: Terraform Validate id: validate if: (success() || failure()) run: terraform validate # Run terraform plan for push - name: Terraform Plan id: plan run: terraform plan env: TF_VAR_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} # Run terraform Apply after plan - name: Terraform Apply # if: github.ref == 'refs/heads/main' id: apply run: terraform apply --auto-approve env: TF_VAR_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} |
Here is a basic Terraform configuration script for Azure, which stores the Terraform state file in the azurerm backend and deploys a new subnet within an existing virtual network (vnet).
Download this complete code Terraform_Azure_Github_Actions_with_backend.zip here or it also available on github.com.
terraform { backend "azurerm" { resource_group_name = "dev" # Can be passed via `-backend-config=`"resource_group_name=<resource group name>"` in the `init` command. storage_account_name = "vcloudlabtfstate" # Can be passed via `-backend-config=`"storage_account_name=<storage account name>"` in the `init` command. container_name = "tfstate" # Can be passed via `-backend-config=`"container_name=<container name>"` in the `init` command. key = "example.terraform.tfstate" # Can be passed via `-backend-config=`"key=<blob key name>"` in the `init` command. #use_azuread_auth = true # Can also be set via `ARM_USE_AZUREAD` environment variable. } } ################## variable "subscription_id" { type = string } provider "azurerm" { features {} subscription_id = var.subscription_id } ################## variable "subnet" { type = object({ name = string resource_group_name = string virtual_network_name = string address_prefixes = list(string) }) default = { name = "subnet1" resource_group_name = "dev" virtual_network_name = "dev-vnet" address_prefixes = ["10.0.1.0/24"] } } ################## resource "azurerm_subnet" "subnet" { name = var.subnet.name resource_group_name = var.subnet.resource_group_name virtual_network_name = var.subnet.virtual_network_name address_prefixes = var.subnet.address_prefixes } ################## output "subnet_id" { value = resource.azurerm_subnet.subnet.id }
Upon initial deployment, the GitHub Actions workflow triggers Terraform to create resources in Azure infrastructure. Subsequent pushes to the repository trigger the workflow again, but Terraform doesn't apply any changes since the resources are already provisioned. To update or modify resources, changes must be made to the Terraform configuration files (e.g., main.tf) and pushed to GitHub, triggering the workflow to apply the updates.
If I check the result of terraform init it shows, Terraform backend initialized successfully on Azure Storage Account.
Following I see terraform apply job is successful and it deployed one subnet resource in existing vNet.
On the second push to GitHub, on the Terraform Apply task as resource is already added/deployed, it first cross verifies the configuration with tfstate file from backend and shows the message no changes or addition to make on Azure infrastructure.
Here is complete output from GitHub Actions trigger workflow jobs output.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 |
Set up job Current runner version: '2.319.1' Operating System Ubuntu 22.04.4 LTS Runner Image Image: ubuntu-22.04 Version: 20240901.1.0 Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20240901.1/images/ubuntu/Ubuntu2204-Readme.md Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240901.1 Runner Image Provisioner 2.0.384.1 GITHUB_TOKEN Permissions Contents: read Metadata: read Packages: read Secret source: Actions Prepare workflow directory Prepare all required actions Getting action download info Download action repository 'actions/checkout@v3' (SHA:f43a0e5ff2bd294095638e18286ca9a3d1956744) Download action repository 'hashicorp/setup-terraform@v2' (SHA:633666f66e0061ca3b725c73b2ec20cd13a8fdd1) Download action repository 'azure/login@v2' (SHA:6c251865b4e6290e7b78be643ea2d005bc51f69a) Complete job name: Terraform Pre Login to Azure Run azure/login@v2 with: creds: *** enable-AzPSSession: false environment: azurecloud allow-no-subscriptions: false audience: api://AzureADTokenExchange auth-type: SERVICE_PRINCIPAL env: TF_LOG: INFO TF_INPUT: false Clearing azure cli accounts from the local cache. /usr/bin/az account clear Checkout Run actions/checkout@v3 with: repository: janviudapi/vcloud-lab.com token: *** ssh-strict: true persist-credentials: true clean: true sparse-checkout-cone-mode: true fetch-depth: 1 fetch-tags: false lfs: false submodules: false set-safe-directory: true env: TF_LOG: INFO TF_INPUT: false Syncing repository: janviudapi/vcloud-lab.com Getting Git version info Working directory is '/home/runner/work/vcloud-lab.com/vcloud-lab.com' /usr/bin/git version git version 2.46.0 Temporarily overriding HOME='/home/runner/work/_temp/f2ca0943-0870-438d-a1ea-883b36b88ba2' before making global git config changes Adding repository directory to the temporary git global config as a safe directory /usr/bin/git config --global --add safe.directory /home/runner/work/vcloud-lab.com/vcloud-lab.com Deleting the contents of '/home/runner/work/vcloud-lab.com/vcloud-lab.com' Initializing the repository /usr/bin/git init /home/runner/work/vcloud-lab.com/vcloud-lab.com hint: Using 'master' as the name for the initial branch. This default branch name hint: is subject to change. To configure the initial branch name to use in all hint: of your new repositories, which will suppress this warning, call: hint: hint: git config --global init.defaultBranch <name> hint: hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and hint: 'development'. The just-created branch can be renamed via this command: hint: hint: git branch -m <name> Initialized empty Git repository in /home/runner/work/vcloud-lab.com/vcloud-lab.com/.git/ /usr/bin/git remote add origin https://github.com/janviudapi/vcloud-lab.com Disabling automatic garbage collection /usr/bin/git config --local gc.auto 0 Setting up auth /usr/bin/git config --local --name-only --get-regexp core\.sshCommand /usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :" /usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader /usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :" /usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic *** Fetching the repository /usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin +63ae858865d362a847403c964c9c269a3e673c3d:refs/remotes/origin/main remote: Enumerating objects: 8, done. remote: Counting objects: 12% (1/8) remote: Counting objects: 25% (2/8) remote: Counting objects: 37% (3/8) remote: Counting objects: 50% (4/8) remote: Counting objects: 62% (5/8) remote: Counting objects: 75% (6/8) remote: Counting objects: 87% (7/8) remote: Counting objects: 100% (8/8) remote: Counting objects: 100% (8/8), done. remote: Compressing objects: 16% (1/6) remote: Compressing objects: 33% (2/6) remote: Compressing objects: 50% (3/6) remote: Compressing objects: 66% (4/6) remote: Compressing objects: 83% (5/6) remote: Compressing objects: 100% (6/6) remote: Compressing objects: 100% (6/6), done. remote: Total 8 (delta 0), reused 6 (delta 0), pack-reused 0 (from 0) From https://github.com/janviudapi/vcloud-lab.com * [new ref] 63ae858865d362a847403c964c9c269a3e673c3d -> origin/main Determining the checkout info Checking out the ref /usr/bin/git checkout --progress --force -B main refs/remotes/origin/main Switched to a new branch 'main' branch 'main' set up to track 'origin/main'. /usr/bin/git log -1 --format='%H' '63ae858865d362a847403c964c9c269a3e673c3d' Setup Terraform Run hashicorp/setup-terraform@v2 with: terraform_version: 1.9.2 cli_config_credentials_hostname: app.terraform.io terraform_wrapper: true env: TF_LOG: INFO TF_INPUT: false /usr/bin/unzip -o -q /home/runner/work/_temp/e7380124-d9b1-4453-bede-dfa2f0833160 Login to Azure Run azure/login@v2 with: creds: *** enable-AzPSSession: false environment: azurecloud allow-no-subscriptions: false audience: api://AzureADTokenExchange auth-type: SERVICE_PRINCIPAL env: TF_LOG: INFO TF_INPUT: false TERRAFORM_CLI_PATH: /home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65 Running Azure CLI Login. /usr/bin/az cloud set -n azurecloud Done setting cloud: "azurecloud" Note: Azure/login action also supports OIDC login mechanism. Refer https://github.com/azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication for more details. Attempting Azure CLI login by using service principal with secret... Subscription is set successfully. Azure CLI login succeeds by using service principal with secret. Terraform Initialized Run terraform init terraform init shell: /usr/bin/bash --noprofile --norc -e -o pipefail ***0*** env: TF_LOG: INFO TF_INPUT: false TERRAFORM_CLI_PATH: /home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65 ARM_CLIENT_ID: *** ARM_CLIENT_SECRET: *** ARM_SUBSCRIPTION_ID: *** ARM_TENANT_ID: *** /home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65/terraform-bin init 2024-09-06T12:49:56.818Z [INFO] Terraform version: 1.9.2 2024-09-06T12:49:56.818Z [INFO] Go runtime version: go1.22.4 2024-09-06T12:49:56.818Z [INFO] CLI args: []string***"/home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65/terraform-bin", "init"*** 2024-09-06T12:49:56.818Z [INFO] CLI command args: []string***"init"*** Initializing the backend... 2024-09-06T12:49:56.820Z [INFO] Testing if Service Principal / Client Certificate is applicable for Authentication.. 2024-09-06T12:49:56.820Z [INFO] Testing if Multi Tenant Service Principal / Client Secret is applicable for Authentication.. 2024-09-06T12:49:56.820Z [INFO] Testing if Service Principal / Client Secret is applicable for Authentication.. 2024-09-06T12:49:56.820Z [INFO] Using Service Principal / Client Secret for Authentication 2024-09-06T12:49:56.820Z [INFO] Getting OAuth config for endpoint https://login.microsoftonline.com/ with tenant *** Successfully configured the backend "azurerm"! Terraform will automatically use this backend unless the backend configuration changes. Initializing provider plugins... - Finding latest version of hashicorp/azurerm... - Installing hashicorp/azurerm v4.1.0... - Installed hashicorp/azurerm v4.1.0 (signed by HashiCorp) Terraform has created a lock file .terraform.lock.hcl to record the provider selections it made above. Include this file in your version control repository so that Terraform can guarantee to make the same selections by default when you run "terraform init" in the future. Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. Terrform Format Run terraform fmt terraform fmt shell: /usr/bin/bash --noprofile --norc -e -o pipefail ***0*** env: TF_LOG: INFO TF_INPUT: false TERRAFORM_CLI_PATH: /home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65 /home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65/terraform-bin fmt 2024-09-06T12:49:59.322Z [INFO] Terraform version: 1.9.2 2024-09-06T12:49:59.322Z [INFO] Go runtime version: go1.22.4 2024-09-06T12:49:59.322Z [INFO] CLI args: []string***"/home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65/terraform-bin", "fmt"*** 2024-09-06T12:49:59.322Z [INFO] CLI command args: []string***"fmt"*** main.tf Terraform Validate Run terraform validate terraform validate shell: /usr/bin/bash --noprofile --norc -e -o pipefail ***0*** env: TF_LOG: INFO TF_INPUT: false TERRAFORM_CLI_PATH: /home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65 /home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65/terraform-bin validate 2024-09-06T12:49:59.422Z [INFO] Terraform version: 1.9.2 2024-09-06T12:49:59.422Z [INFO] Go runtime version: go1.22.4 2024-09-06T12:49:59.422Z [INFO] CLI args: []string***"/home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65/terraform-bin", "validate"*** 2024-09-06T12:49:59.422Z [INFO] CLI command args: []string***"validate"*** 2024-09-06T12:49:59.591Z [INFO] provider: configuring client automatic mTLS 2024-09-06T12:49:59.657Z [INFO] provider.terraform-provider-azurerm_v4.1.0_x5: configuring server automatic mTLS: timestamp=2024-09-06T12:49:59.657Z 2024-09-06T12:49:59.853Z [INFO] provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.1.0/linux_amd64/terraform-provider-azurerm_v4.1.0_x5 id=1884 2024-09-06T12:49:59.854Z [INFO] provider: configuring client automatic mTLS 2024-09-06T12:49:59.916Z [INFO] provider.terraform-provider-azurerm_v4.1.0_x5: configuring server automatic mTLS: timestamp=2024-09-06T12:49:59.916Z 2024-09-06T12:49:59.971Z [INFO] provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.1.0/linux_amd64/terraform-provider-azurerm_v4.1.0_x5 id=1895 Success! The configuration is valid. Terraform Plan Run terraform plan terraform plan shell: /usr/bin/bash --noprofile --norc -e -o pipefail ***0*** env: TF_LOG: INFO TF_INPUT: false TERRAFORM_CLI_PATH: /home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65 TF_VAR_subscription_id: *** ARM_CLIENT_ID: *** ARM_CLIENT_SECRET: *** ARM_SUBSCRIPTION_ID: *** ARM_TENANT_ID: *** /home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65/terraform-bin plan 2024-09-06T12:50:00.068Z [INFO] Terraform version: 1.9.2 2024-09-06T12:50:00.068Z [INFO] Go runtime version: go1.22.4 2024-09-06T12:50:00.068Z [INFO] CLI args: []string***"/home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65/terraform-bin", "plan"*** 2024-09-06T12:50:00.068Z [INFO] CLI command args: []string***"plan"*** 2024-09-06T12:50:00.070Z [INFO] Testing if Service Principal / Client Certificate is applicable for Authentication.. 2024-09-06T12:50:00.070Z [INFO] Testing if Multi Tenant Service Principal / Client Secret is applicable for Authentication.. 2024-09-06T12:50:00.070Z [INFO] Testing if Service Principal / Client Secret is applicable for Authentication.. 2024-09-06T12:50:00.070Z [INFO] Using Service Principal / Client Secret for Authentication 2024-09-06T12:50:00.070Z [INFO] Getting OAuth config for endpoint https://login.microsoftonline.com/ with tenant *** 2024-09-06T12:50:00.240Z [INFO] backend/local: starting Plan operation 2024-09-06T12:50:00.758Z [INFO] provider: configuring client automatic mTLS 2024-09-06T12:50:00.819Z [INFO] provider.terraform-provider-azurerm_v4.1.0_x5: configuring server automatic mTLS: timestamp=2024-09-06T12:50:00.819Z 2024-09-06T12:50:01.000Z [INFO] provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.1.0/linux_amd64/terraform-provider-azurerm_v4.1.0_x5 id=1925 2024-09-06T12:50:01.001Z [INFO] provider: configuring client automatic mTLS 2024-09-06T12:50:01.065Z [INFO] provider.terraform-provider-azurerm_v4.1.0_x5: configuring server automatic mTLS: timestamp=2024-09-06T12:50:01.065Z 2024-09-06T12:50:01.120Z [INFO] provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.1.0/linux_amd64/terraform-provider-azurerm_v4.1.0_x5 id=1935 2024-09-06T12:50:01.120Z [INFO] backend/local: plan calling Plan 2024-09-06T12:50:01.121Z [INFO] provider: configuring client automatic mTLS 2024-09-06T12:50:01.178Z [INFO] provider.terraform-provider-azurerm_v4.1.0_x5: configuring server automatic mTLS: timestamp=2024-09-06T12:50:01.178Z 2024-09-06T12:50:02.830Z [WARN] Provider "registry.terraform.io/hashicorp/azurerm" produced an invalid plan for azurerm_subnet.subnet, but we are tolerating it because it is using the legacy plugin SDK. The following problems may be the cause of any confusing errors from downstream operations: - .private_endpoint_network_policies: planned value cty.StringVal("Disabled") for a non-computed attribute - .default_outbound_access_enabled: planned value cty.True for a non-computed attribute - .private_link_service_network_policies_enabled: planned value cty.True for a non-computed attribute 2024-09-06T12:50:02.836Z [INFO] provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.1.0/linux_amd64/terraform-provider-azurerm_v4.1.0_x5 id=1943 2024-09-06T12:50:02.837Z [INFO] backend/local: plan operation completed Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # azurerm_subnet.subnet will be created + resource "azurerm_subnet" "subnet" *** + address_prefixes = [ + "10.0.1.0/24", ] + default_outbound_access_enabled = true + id = (known after apply) + name = "subnet1" + private_endpoint_network_policies = "Disabled" + private_link_service_network_policies_enabled = true + resource_group_name = "dev" + virtual_network_name = "dev-vnet" *** Plan: 1 to add, 0 to change, 0 to destroy. Changes to Outputs: + subnet_id = (known after apply) ───────────────────────────────────────────────────────────────────────────── Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now. Terraform Apply Run terraform apply --auto-approve terraform apply --auto-approve shell: /usr/bin/bash --noprofile --norc -e -o pipefail ***0*** env: TF_LOG: INFO TF_INPUT: false TERRAFORM_CLI_PATH: /home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65 TF_VAR_subscription_id: *** ARM_CLIENT_ID: *** ARM_CLIENT_SECRET: *** ARM_SUBSCRIPTION_ID: *** ARM_TENANT_ID: *** /home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65/terraform-bin apply --auto-approve 2024-09-06T12:50:02.973Z [INFO] Terraform version: 1.9.2 2024-09-06T12:50:02.973Z [INFO] Go runtime version: go1.22.4 2024-09-06T12:50:02.973Z [INFO] CLI args: []string***"/home/runner/work/_temp/e874228f-1f79-4e93-801a-155f085a6a65/terraform-bin", "apply", "--auto-approve"*** 2024-09-06T12:50:02.974Z [INFO] CLI command args: []string***"apply", "--auto-approve"*** 2024-09-06T12:50:02.975Z [INFO] Testing if Service Principal / Client Certificate is applicable for Authentication.. 2024-09-06T12:50:02.975Z [INFO] Testing if Multi Tenant Service Principal / Client Secret is applicable for Authentication.. 2024-09-06T12:50:02.975Z [INFO] Testing if Service Principal / Client Secret is applicable for Authentication.. 2024-09-06T12:50:02.975Z [INFO] Using Service Principal / Client Secret for Authentication 2024-09-06T12:50:02.975Z [INFO] Getting OAuth config for endpoint https://login.microsoftonline.com/ with tenant *** 2024-09-06T12:50:03.144Z [INFO] backend/local: starting Apply operation 2024-09-06T12:50:03.601Z [INFO] provider: configuring client automatic mTLS 2024-09-06T12:50:03.663Z [INFO] provider.terraform-provider-azurerm_v4.1.0_x5: configuring server automatic mTLS: timestamp=2024-09-06T12:50:03.663Z 2024-09-06T12:50:03.846Z [INFO] provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.1.0/linux_amd64/terraform-provider-azurerm_v4.1.0_x5 id=1977 2024-09-06T12:50:03.847Z [INFO] provider: configuring client automatic mTLS 2024-09-06T12:50:03.907Z [INFO] provider.terraform-provider-azurerm_v4.1.0_x5: configuring server automatic mTLS: timestamp=2024-09-06T12:50:03.907Z 2024-09-06T12:50:03.963Z [INFO] provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.1.0/linux_amd64/terraform-provider-azurerm_v4.1.0_x5 id=1987 2024-09-06T12:50:03.963Z [INFO] backend/local: apply calling Plan 2024-09-06T12:50:03.964Z [INFO] provider: configuring client automatic mTLS 2024-09-06T12:50:04.029Z [INFO] provider.terraform-provider-azurerm_v4.1.0_x5: configuring server automatic mTLS: timestamp=2024-09-06T12:50:04.028Z 2024-09-06T12:50:07.446Z [WARN] Provider "registry.terraform.io/hashicorp/azurerm" produced an invalid plan for azurerm_subnet.subnet, but we are tolerating it because it is using the legacy plugin SDK. The following problems may be the cause of any confusing errors from downstream operations: - .private_endpoint_network_policies: planned value cty.StringVal("Disabled") for a non-computed attribute - .private_link_service_network_policies_enabled: planned value cty.True for a non-computed attribute - .default_outbound_access_enabled: planned value cty.True for a non-computed attribute 2024-09-06T12:50:07.452Z [INFO] provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.1.0/linux_amd64/terraform-provider-azurerm_v4.1.0_x5 id=1996 Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # azurerm_subnet.subnet will be created + resource "azurerm_subnet" "subnet" *** + address_prefixes = [ + "10.0.1.0/24", ] + default_outbound_access_enabled = true + id = (known after apply) + name = "subnet1" + private_endpoint_network_policies = "Disabled" + private_link_service_network_policies_enabled = true + resource_group_name = "dev" + virtual_network_name = "dev-vnet" *** Plan: 1 to add, 0 to change, 0 to destroy. Changes to Outputs: + subnet_id = (known after apply) 2024-09-06T12:50:07.466Z [INFO] backend/local: apply calling Apply 2024-09-06T12:50:07.467Z [INFO] provider: configuring client automatic mTLS 2024-09-06T12:50:07.524Z [INFO] provider.terraform-provider-azurerm_v4.1.0_x5: configuring server automatic mTLS: timestamp=2024-09-06T12:50:07.524Z 2024-09-06T12:50:10.327Z [WARN] Provider "registry.terraform.io/hashicorp/azurerm" produced an invalid plan for azurerm_subnet.subnet, but we are tolerating it because it is using the legacy plugin SDK. The following problems may be the cause of any confusing errors from downstream operations: - .private_endpoint_network_policies: planned value cty.StringVal("Disabled") for a non-computed attribute - .private_link_service_network_policies_enabled: planned value cty.True for a non-computed attribute - .default_outbound_access_enabled: planned value cty.True for a non-computed attribute 2024-09-06T12:50:10.327Z [INFO] Starting apply for azurerm_subnet.subnet azurerm_subnet.subnet: Creating... 2024-09-06T12:50:10.328Z [INFO] provider.terraform-provider-azurerm_v4.1.0_x5: [INFO] preparing arguments for Azure ARM Subnet creation. azurerm_subnet.subnet: Creation complete after 4s [id=/subscriptions/***/resourceGroups/dev/providers/Microsoft.Network/virtualNetworks/dev-vnet/subnets/subnet1] 2024-09-06T12:50:14.322Z [INFO] provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/hashicorp/azurerm/4.1.0/linux_amd64/terraform-provider-azurerm_v4.1.0_x5 id=2005 Apply complete! Resources: 1 added, 0 changed, 0 destroyed. Outputs: subnet_id = "/subscriptions/***/resourceGroups/dev/providers/Microsoft.Network/virtualNetworks/dev-vnet/subnets/subnet1" Post Checkout Post job cleanup. /usr/bin/git version git version 2.46.0 Temporarily overriding HOME='/home/runner/work/_temp/eb2208b7-0111-4dbe-87c5-4cde9705606d' before making global git config changes Adding repository directory to the temporary git global config as a safe directory /usr/bin/git config --global --add safe.directory /home/runner/work/vcloud-lab.com/vcloud-lab.com /usr/bin/git config --local --name-only --get-regexp core\.sshCommand /usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :" /usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader http.https://github.com/.extraheader /usr/bin/git config --local --unset-all http.https://github.com/.extraheader /usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :" Post Login to Azure Post job cleanup. Clearing azure cli accounts from the local cache. /usr/bin/az account clear Complete job Cleaning up orphan processes Terminate orphan process: pid (2104) (python3) |
Useful Articles
Terraform using for loop in attribute value without for_each
Terraform variable multiple validation advanced blocks example
Terraform variable type list with for_each for loop examples
Terraform convert single string to list or set
Terraform workspaces with example
Terraform map of object for loop with if condition example
Terraform for_each for loop list of object without count example
Hashicorp Terraform map and object inside module and variable example
Terraform one module deploy null or multiple resources based on input
Terraform A reference to a resource type must be followed by at least one attribute access, specifying the resource name
Terraform fore_each for loop filter with if condition example
Terraform remote-exec provisioner with ssh connection in null_resource
Terraform count vs for_each for examples with map of objects
Terraform one module deploy null or multiple resources based on input (nested for loop) Example of Terraform functions flatten() and coalesce()
Terraform Azure Create Private Endpoint to existing Storage Account with Custom Private DNS zone record link
Creating a Private Endpoint for Azure Storage Account with required sub services using Terraform Example Terraform functions of lookup() and lower()