Terraform escape quotes in the string don't work - terraform0.12+

This is a simplified Terraform code as below:
resource "datadog_monitor" "monitor_error" {
name = "error log"
type = "metric alert"
message = "There is error in the log."
query = "logs(\\\"Error\\\").index(\\\"*\\\").rollup(\\\"count\\\").last(\\\"5m\\\")>0"
}
It passed when running "terraform validate".
But it failed when running "terraform apply" with the following errors.
│ Error: error validating monitor from https://api.datadoghq.com/api/v1/monitor/validate: 400 Bad Request: {"errors":["The value provided for parameter 'query' is invalid"]}
│
│ with datadog_monitor.monitor_error,
│ on main.tf line 6, in resource "datadog_monitor" "monitor_error":
│ 6: resource "datadog_monitor" "monitor_error" {
│
╵
The debug output of terraform apply is as belows:
{"message":"There is error in the log.","name":"error log","options":{"include_tags":true,"new_host_delay":300,"no_data_timeframe":10,"notify_no_data":false,"require_full_window":true,"thresholds":{}},"priority":0,"query":"logs(\\\"Error\\\").index(\\\"*\\\").rollup(\\\"count\\\").last(\\\"5m\\\")\u003e0","tags":[],"type":"metric alert"}:
I also tried to use single slash, it failed the same thing.
What I expect is running "terraform apply", there is no error, monitor can be created.

Related

Creating Issue Labels with Terraform using the Github Provider

I'm trying to automate my repository setup with terraform. First thing is creating issue labels for a bunch of repos using the Terraform Guthub provider.
It works when I explicitly state the repo and the labels:
terraform {
required_providers {
github = {
source = "integrations/github"
version = "~> 5.0"
}
}
}
# Use env-var
provider "github" {}
data "github_repository" "trashbox" {
full_name = "sebastian-sommerfeld-io/trashbox"
}
resource "github_issue_label" "bug" {
repository = data.github_repository.trashbox.id
name = "bug"
description = "Something is not working"
color = "B60205"
}
resource "github_issue_label" "security" {
repository = data.github_repository.trashbox.id
name = "security"
description = "CVEs, code scan violations, etc."
color = "cd3ad7"
}
But this would mean that I would have to duplicate everything for another repo. Or at least that I need to update my terraform config manually when I add another repo. I'd prever to have all relevant repos auto-detected.
Auto-detecting works with this snippet ... this returns all repos I want to configure.
data "github_repositories" "repos" {
query = "user:sebastian-sommerfeld-io archived:false"
include_repo_id = true
}
But now I cannot create the labels. When I run terraform apply I always get this error:
Error: POST https://api.github.com/repos/sebastian-sommerfeld-io/sebastian-sommerfeld-io/website-sommerfeld-io/labels: 404 Not Found []
with github_issue_label.bug["sebastian-sommerfeld-io/website-sommerfeld-io"],
on issues.tf line 1, in resource "github_issue_label" "bug":
1: resource "github_issue_label" "bug" {
The odd thing is, that terraform plan does not hint at any error:
# github_issue_label.bug["sebastian-sommerfeld-io/website-sommerfeld-io"] will be created
+ resource "github_issue_label" "bug" {
+ color = "B60205"
+ description = "Something is not working"
+ etag = (known after apply)
+ id = (known after apply)
+ name = "bug"
+ repository = "sebastian-sommerfeld-io/website-sommerfeld-io"
+ url = (known after apply)
}
My complete Terraform config which generates the outputs from terraform plan and terraform apply is this:
terraform {
required_providers {
github = {
source = "integrations/github"
version = "~> 5.0"
}
}
}
# Use env-var
provider "github" {}
data "github_repositories" "repos" {
query = "user:sebastian-sommerfeld-io archived:false"
include_repo_id = true
}
resource "github_issue_label" "bug" {
for_each = toset(data.github_repositories.repos.full_names)
repository = each.value
name = "bug"
description = "Something is not working"
color = "B60205"
}
The repositories are queried correctly. I confirmed this via:
output "affected_repos" {
value = data.github_repositories.repos.full_names
description = "Github Repos"
}
This lists all repos correctly:
affected_repos = tolist([
"sebastian-sommerfeld-io/website-sommerfeld-io",
"sebastian-sommerfeld-io/jarvis",
"sebastian-sommerfeld-io/github-action-generate-docs",
"sebastian-sommerfeld-io/configs",
"sebastian-sommerfeld-io/website-tafelboy-de",
"sebastian-sommerfeld-io/website-numero-uno-de",
"sebastian-sommerfeld-io/website-masterblender-de",
"sebastian-sommerfeld-io/monitoring",
"sebastian-sommerfeld-io/github-action-update-antora-yml",
"sebastian-sommerfeld-io/github-action-generate-readme",
"sebastian-sommerfeld-io/docker-image-tf-graph-beautifier",
"sebastian-sommerfeld-io/docker-image-jq",
"sebastian-sommerfeld-io/docker-image-git",
"sebastian-sommerfeld-io/docker-image-ftp-client",
"sebastian-sommerfeld-io/docker-image-folderslint",
"sebastian-sommerfeld-io/docker-image-adoc-antora",
"sebastian-sommerfeld-io/trashbox",
"sebastian-sommerfeld-io/provinzial",
])
I guess I don't get the for_each stuff right. Can anyone help me? I want to query all my repos taht fit my criteria and add labels to them.
UPDATE: I just detected that with my static approach I pass id, not full_name. I updated my code to this (snippet from above):
resource "github_issue_label" "bug" {
for_each = data.github_repositories.repos.repo_ids
repository = each.value
name = "bug"
description = "Something is not working"
color = "B60205"
}
Now at least the error message is different:
│ Error: Invalid for_each argument
│
│ on issues.tf line 2, in resource "github_issue_label" "bug":
│ 2: for_each = data.github_repositories.repos.repo_ids
│ ├────────────────
│ │ data.github_repositories.repos.repo_ids is list of number with 18 elements
│
│ The given "for_each" argument value is unsuitable: the "for_each" argument
│ must be a map, or set of strings, and you have provided a value of type
│ list of number.

AKS unable to create Worker Node

Trying to Create AKS which is behind Proxy, AKS failed to launch Worker Node in node pool, failing with connection timeout error, https://mcr.microsoft.com/ 443
Tried using below argument but getting error
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#http_proxy_config
resource "azurerm_kubernetes_cluster" "aks_cluster" {
name =
location =
resource_group_name =
dns_prefix =
kubernetes_version =
kubernetes_version =
node_resource_group =
private_cluster_enabled =
http_proxy =
https_proxy =
no_proxy =
╷
│ Error: Unsupported argument
│
│ on aks_cluster.tf line 60, in resource "azurerm_kubernetes_cluster" "aks_cluster":
│ 60: http_proxy = "export http_proxy=http:"
│
│ An argument named "http_proxy" is not expected here.
╵
╷
│ Error: Unsupported argument
│
│ on aks_cluster.tf line 61, in resource "azurerm_kubernetes_cluster" "aks_cluster":
│ 61: https_proxy = "export https_proxy=http://"
│
│ An argument named "https_proxy" is not expected here.
╵
╷
│ Error: Unsupported argument
│
│ on aks_cluster.tf line 62, in resource "azurerm_kubernetes_cluster" "aks_cluster":
│ 62: no_proxy = "localhost,"
│
│ An argument named "no_proxy" is not expected here.
╵
##[error]Terraform command 'validate' failed with exit code
Another one
│ on aks_cluster.tf line 70, in resource "azurerm_kubernetes_cluster" "aks_cluster":
│ 70: http_proxy_config = "export https_proxy=http:///"
│
│ An argument named "http_proxy_config" is not expected here
I did : https://learn.microsoft.com/en-us/azure/aks/http-proxy
checked : https://github.com/hashicorp/terraform-provider-azurerm/pull/14177
You will have to declare the http_proxy , https_proxy and no_proxy inside the http_proxy_config block in azurerm_kubernetes_cluster resource block.
The code will be like below :
resource "azurerm_kubernetes_cluster" "example" {
name = "ansuman-aks1"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
dns_prefix = "ansumanaks1"
default_node_pool {
name = "default"
node_count = 1
vm_size = "Standard_D2_v2"
}
identity {
type = "SystemAssigned"
}
http_proxy_config {
http_proxy = "http://myproxy.server.com:8080/"
https_proxy = "https://myproxy.server.com:8080/"
no_proxy = ["localhost","127.0.0.1"]
}
}
Output:
Note: Please make sure that you have registered HTTPProxyConfigPreview feature in your subscription and after its registered you have registered the provider Microsoft.ContainerService for the feature to take effect as mentioned in this Microsoft Documentation.Also please ensure that you have provided correct proxy API's.

Azure app registration creation error through terraform Azure Devops yml pipeline [duplicate]

This question already has answers here:
json.Marshal(): json: error calling MarshalJSON for type msgraph.Application
(2 answers)
Closed 1 year ago.
I have very simple terraform code.
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=2.46.0"
}
azuread = {
source = "hashicorp/azuread"
version = "~> 2.0.0"
}
}
}
provider "azurerm" {
features {}
}
provider "azuread" {
tenant_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
terraform {
backend "azurerm" {
resource_group_name = "xxxx"
storage_account_name = "xxxxxxxxx"
container_name = "xxxxxxxxxxxxx"
key = "xxxxxxxxxxxxxxxxx"
}
}
data "azuread_client_config" "current" {}
resource "azurerm_resource_group" "test" {
name = "test-rg-005"
location = "East US"
}
resource "azuread_application" "example" {
display_name = "Example-app"
}
However when i run this through yml pipeline on azure devops, i am getting this error during apply stage.
Plan: 1 to add, 0 to change, 0 to destroy.
azuread_application.example: Creating...
│ Error: Could not create application
│
│ with azuread_application.example,
│ on terraform.tf line 42, in resource "azuread_application" "example":
│ 42: resource "azuread_application" "example" {
│
│ json.Marshal(): json: error calling MarshalJSON for type
│ msgraph.Application: json: error calling MarshalJSON for type
│ *msgraph.Owners: marshaling Owners: encountered DirectoryObject with nil
│ ODataId
##[error]Error: The process '/opt/hostedtoolcache/terraform/1.0.5/x64/terraform' failed with
exit code 1
Any clue will be helpful, not really clear what this error is about?
Thanks.
There is a bug in azure Active directory provider after an MSFT update. This is impacting any azure ad provider usage creating new resources, however it seems to be working on already deployed resources, i.e. changing and upgrading the configurations of already deployed resource within azure ad. Following is the link for the bug updates.
https://github.com/hashicorp/terraform-provider-azuread/issues/588

Probable causes for idempotent error by terraform for infra generation

We are using terraform to launch ECS containers in AWS infra using custom task definition.
As we didn't require full infra to be launched every-time, a part only for launching ECS container was segregated.
The launch was happening correctly, till ECS launch code was segregated, then the ECS service launch started giving an error indicating Idempotent issue.
│ Error: error creating target service: error waiting for ECS service (sandbox) creation: InvalidParameterException: Creation of service was not idempotent.
│
│ with aws_ecs_service.ecs_service_target,
│ on aws_infra_ecs.tf line 100, in resource "aws_ecs_target" "ecs_service_target":
│ 100: resource "aws_ecs_target" "ecs_service_target" {
│
ECS service is defined somewhat like below:
resource "aws_ecs_service" "ecs_service_target" {
desired_count = 1
name = "target"
launch_type = "FARGATE"
cluster = data.aws_ecs_cluster.cluster_target.id
enable_ecs_managed_tasks = true
task_definition = aws_ecs_task_definition.target_taskdef.arn
platform_version = "1.4.0"
...
load_balancer {
...
target_group_arn = data.aws_lb_target_group.aws_target.arn
}
...
network_configuration {
...
security_groups = [ data.aws_security_group.target_sg.id ]
subnets = [ "subet-5767c3c2" ] # A dynamic subnet reference id is used here
}
depends_upon = [
var.second_service_name,
aws_ecs_task_definition.target_taskdef,
data.aws_efs_access_point.target_ap
]
...
}
I was expecting the problems to be one of following kind:
Subnet selected may be different due to variable based selection
Use of indirect data references (rather than direct resource reference) may cause issue
task definition JSON encoding issue
What might be other causes for such a problem.

Features block terraform

terraform init successfully initializes but gets stuck on terraform plan.
The error is related to the feature block. I'm unsure where to add the feature block:
Insufficient features blocks (source code not available) At least 1 "features" blocks are required.
My configuration looks like
terraform {
required_version = ">= 0.11"
backend "azurerm" {
features {}
}
}
I tried removing and adding features block as github page
When you run updated version of terraform you need to define another block defined below
provider "azurerm" {
features {}
}
An other reason for the message could be, that a named provider is in use:
provider "azurerm" {
alias = "some_name" # <- here
features {}
}
But not specified on the resource:
resource "azurerm_resource_group" "example" {
# might this block is missing
# -> provider = azurerm.some_name
name = var.rg_name
location = var.region
}
Error message:
terraform plan
╷
│ Error: Insufficient features blocks
│
│ on <empty> line 0:
│ (source code not available)
│
│ At least 1 "features" blocks are required.
In Terraform >= 0.13, here's what a sample versions.tf looks like (note the provider config being in a separate block):
# versions.tf
terraform {
required_providers {
azurerm = {
# ...
}
}
required_version = ">= 0.13"
}
# This block goes outside of the required_providers block!
provider "azurerm" {
features {}
}
Please check if highlighted lines are added to your template