Posted on Leave a comment

Pass terraform provider variables as secrets

Many times you need to provide values in provider information when using terraform. Lets take as an example the below code block. The azuredevops provider needs some variables in order to deploy successfully and we need to pass those values as secrets because they contain sensitive information.

terraform {
required_providers {
azuredevops = {
source = "microsoft/azuredevops"
version = ">=1.0.0"
}
}
}

provider "azuredevops" {
org_service_url = URL
personal_access_token = TOKEN
}

We should never hardcode such information in the application as this information may get leaked. In order to pass those as secrets we will need to create a variable group or standalone variables and place the secrets there.

Then we will need to create some terraform variables and pass the values for those through the pipeline.

variable "org_service_url" {
description = "The URL of your Azure DevOps organization."
}

variable "personal_access_token" {
description = "The personal access token for authentication."
}

The provider block should be updated accordingly.

provider "azuredevops" {
org_service_url = var.org_service_url
personal_access_token = var.personal_access_token
}

Finally we pass those values through the pipeline step by providing those with -var argument on terraform.

    - task: TerraformTaskV4@4
displayName: terraform apply
inputs:
provider: 'azurerm'
command: 'apply'
workingDirectory: '$(System.DefaultWorkingDirectory)/src/iac_devops'
commandOptions: '-var="org_service_url=$(URL)" -var="personal_access_token=$(PAT)"'
environmentServiceNameAzureRM: 'SUBSCRIPTION'

Finally the pipeline will succeed.

Posted on Leave a comment

The subscription is not registered to use namespace ‘Microsoft.ContainerService’.

When you deploy on Azure using terraform you may encounter the below error.

The subscription is not registered to use namespace ‘Microsoft.ContainerService’. See https://aka.ms/rps-not-found for how to register subscriptions.

In order to resolve issue you should go inside azure portal and under your subscription you should navigate into Resource Providers. Then you should search for the specific provider that is not registered (in my example in was ContainerService) and click register.

When you press register you will see that the provider is going to be in Registering state.

Finally the deployment will succeed after the above change.

Posted on Leave a comment

Azure DevOps Terraform Provider

If you work everywhere as a code you will probably need to check Azure DevOps terraform provider. It is created and maintained from Microsoft and you can use it in order to have your DevOps tool as a code.

https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs

In order to getting started you will need to create a PAT token and give it the access based on the actions that you need to do.

When the token is ready you will need to set two environmental variables on the machine that you work. The first one is AZDO_PERSONAL_ACCESS_TOKEN which should be your token. The second one will be your org URL AZDO_ORG_SERVICE_URL

export AZDO_PERSONAL_ACCESS_TOKEN= TOKEN
export AZDO_ORG_SERVICE_URL= https://dev.azure.com/geralexgr

Finally you are ready to deploy your IAC Azure DevOps configurations.

Lets see the below example.

# Make sure to set the following environment variables:
#   AZDO_PERSONAL_ACCESS_TOKEN
#   AZDO_ORG_SERVICE_URL
terraform {
  required_providers {
    azuredevops = {
      source = "microsoft/azuredevops"
      version = ">=0.1.0"
    }
  }
}

resource "azuredevops_project" "project" {
  name = "My Awesome Project"
  description  = "All of my awesomee things"
}

resource "azuredevops_git_repository" "repository" {
  project_id = azuredevops_project.project.id
  name       = "My Awesome Repo"
  initialization {
    init_type = "Clean"
  }
}

resource "azuredevops_build_definition" "build_definition" {
  project_id = azuredevops_project.project.id
  name       = "My Awesome Build Pipeline"
  path       = "\\"

  repository {
    repo_type   = "TfsGit"
    repo_id     = azuredevops_git_repository.repository.id
    branch_name = azuredevops_git_repository.repository.default_branch
    yml_path    = "azure-pipelines.yml"
  }
}

When above code runs it will create a new project with the name My Awesome Project. Inside the project a new git repo will be initialized and a new pipeline will be created inside this repository.

You can find the usage example below.

https://github.com/microsoft/terraform-provider-azuredevops

Youtube video:

Posted on Leave a comment

Deploy azurerm function app with zip_deploy_file terraform

When you need to deploy code in a function app using terraform you can use the zip_deploy_file parameter. Using this you can specify a zip file that will be created from your committed code and by doing so you can dynamically deploy code using terraform.

The first thing that you will need to do is to create a folder with the code that you want to commit in the function_app. In my example I have the terraform files inside the aws and azure folders and in the same directory I have a folder called resources where the code is located. This code need to be deployed in the serverless function app.

Create a data archive_file with terraform and specify where your code is located. You should correctly point where the files are stored.

data "archive_file" "python_function_package" {  
  type = "zip"  
  source_file = "../resources/function.py" 
  output_path = "function.zip"
}

Then you should use the above data archive and use it along with zip_deploy_file.

resource "azurerm_linux_function_app" "functionapp" {
  name                = var.serviceplan_name
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location

  storage_account_name       = azurerm_storage_account.sg.name
  storage_account_access_key = azurerm_storage_account.sg.primary_access_key
  service_plan_id            = azurerm_service_plan.serviceplan.id
  
  zip_deploy_file = data.archive_file.python_function_package.output_path
  app_settings              = "${var.app_settings}"

  site_config {
    application_stack {
        python_version = "3.10"
    }
  }

}

When you deploy your terraform code the function app will correctly upload the code in your infra component and you can check that by navigating inside the code on azure portal.

azurerm_linux_function_app | Resources | hashicorp/azurerm | Terraform | Terraform Registry