diff --git a/README.md b/README.md
index 1cbe1f4f..656e0c02 100644
--- a/README.md
+++ b/README.md
@@ -141,6 +141,8 @@ The following requirements are needed by this module:
- [azurerm](#requirement\_azurerm) (>= 3.7.0)
+- [time](#requirement\_time) (>= 0.9.1)
+
## Modules
The following Modules are called:
@@ -912,6 +914,21 @@ map(object({
Default: `{}`
+### [wait\_for\_subscription\_before\_subscription\_operations](#input\_wait\_for\_subscription\_before\_subscription\_operations)
+
+Description: The duration to wait after vending a subscription before performing subscription operations.
+
+Type:
+
+```hcl
+object({
+ create = optional(string, "30s")
+ destroy = optional(string, "0s")
+ })
+```
+
+Default: `{}`
+
## Resources
The following resources are used by this module:
diff --git a/main.subscription.tf b/main.subscription.tf
index e62fdf38..0d1d0e2b 100644
--- a/main.subscription.tf
+++ b/main.subscription.tf
@@ -5,15 +5,16 @@ module "subscription" {
source = "./modules/subscription"
count = (var.subscription_id != "" && var.subscription_update_existing) || var.subscription_alias_enabled || var.subscription_management_group_association_enabled ? 1 : 0
- subscription_alias_enabled = var.subscription_alias_enabled
- subscription_alias_name = var.subscription_alias_name
- subscription_billing_scope = var.subscription_billing_scope
- subscription_display_name = var.subscription_display_name
- subscription_id = var.subscription_id
- subscription_management_group_association_enabled = var.subscription_management_group_association_enabled
- subscription_management_group_id = var.subscription_management_group_id
- subscription_tags = var.subscription_tags
- subscription_use_azapi = var.subscription_use_azapi
- subscription_update_existing = var.subscription_update_existing
- subscription_workload = var.subscription_workload
+ subscription_alias_enabled = var.subscription_alias_enabled
+ subscription_alias_name = var.subscription_alias_name
+ subscription_billing_scope = var.subscription_billing_scope
+ subscription_display_name = var.subscription_display_name
+ subscription_id = var.subscription_id
+ subscription_management_group_association_enabled = var.subscription_management_group_association_enabled
+ subscription_management_group_id = var.subscription_management_group_id
+ subscription_tags = var.subscription_tags
+ subscription_use_azapi = var.subscription_use_azapi
+ subscription_update_existing = var.subscription_update_existing
+ subscription_workload = var.subscription_workload
+ wait_for_subscription_before_subscription_operations = var.wait_for_subscription_before_subscription_operations
}
diff --git a/modules/subscription/README.md b/modules/subscription/README.md
index aec27c02..9417ea6d 100644
--- a/modules/subscription/README.md
+++ b/modules/subscription/README.md
@@ -37,6 +37,8 @@ The following requirements are needed by this module:
- [azurerm](#requirement\_azurerm) (>= 3.7.0)
+- [time](#requirement\_time) (>= 0.9.1)
+
## Modules
No modules.
@@ -202,15 +204,32 @@ Type: `string`
Default: `""`
+### [wait\_for\_subscription\_before\_subscription\_operations](#input\_wait\_for\_subscription\_before\_subscription\_operations)
+
+Description: The duration to wait after vending a subscription before performing subscription operations.
+
+Type:
+
+```hcl
+object({
+ create = optional(string, "30s")
+ destroy = optional(string, "0s")
+ })
+```
+
+Default: `{}`
+
## Resources
The following resources are used by this module:
- [azapi_resource.subscription](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/resource) (resource)
+- [azapi_resource_action.subscription_association](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/resource_action) (resource)
- [azapi_resource_action.subscription_rename](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/resource_action) (resource)
- [azapi_update_resource.subscription_tags](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/update_resource) (resource)
- [azurerm_management_group_subscription_association.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_group_subscription_association) (resource)
- [azurerm_subscription.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subscription) (resource)
+- [time_sleep.wait_for_subscription_before_subscription_operations](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) (resource)
## Outputs
diff --git a/modules/subscription/main.tf b/modules/subscription/main.tf
index f56ef70e..7df2de0e 100644
--- a/modules/subscription/main.tf
+++ b/modules/subscription/main.tf
@@ -11,7 +11,7 @@ resource "azurerm_subscription" "this" {
# This resource ensures that we can manage the management group for the subscription
# throughout its lifecycle.
resource "azurerm_management_group_subscription_association" "this" {
- count = var.subscription_management_group_association_enabled ? 1 : 0
+ count = var.subscription_management_group_association_enabled && !var.subscription_use_azapi ? 1 : 0
management_group_id = "/providers/Microsoft.Management/managementGroups/${var.subscription_management_group_id}"
subscription_id = "/subscriptions/${local.subscription_id}"
}
@@ -37,11 +37,35 @@ resource "azapi_resource" "subscription" {
response_export_values = ["properties.subscriptionId"]
lifecycle {
ignore_changes = [
- body
+ body,
+ name
]
}
}
+resource "time_sleep" "wait_for_subscription_before_subscription_operations" {
+ count = var.subscription_alias_enabled && var.subscription_use_azapi ? 1 : 0
+
+ create_duration = var.wait_for_subscription_before_subscription_operations.create
+ destroy_duration = var.wait_for_subscription_before_subscription_operations.destroy
+
+ depends_on = [
+ azapi_resource.subscription
+ ]
+}
+
+resource "azapi_resource_action" "subscription_association" {
+ count = var.subscription_management_group_association_enabled && var.subscription_use_azapi ? 1 : 0
+
+ type = "Microsoft.Management/managementGroups/subscriptions@2021-04-01"
+ resource_id = "/providers/Microsoft.Management/managementGroups/${var.subscription_management_group_id}/subscriptions/${jsondecode(azapi_resource.subscription[0].output).properties.subscriptionId}"
+ method = "PUT"
+
+ depends_on = [
+ time_sleep.wait_for_subscription_before_subscription_operations
+ ]
+}
+
resource "azapi_update_resource" "subscription_tags" {
count = (var.subscription_alias_enabled && var.subscription_use_azapi) || (var.subscription_id != "" && var.subscription_update_existing) ? 1 : 0
@@ -52,6 +76,10 @@ resource "azapi_update_resource" "subscription_tags" {
tags = var.subscription_tags
}
})
+
+ depends_on = [
+ time_sleep.wait_for_subscription_before_subscription_operations
+ ]
}
resource "azapi_resource_action" "subscription_rename" {
@@ -64,4 +92,9 @@ resource "azapi_resource_action" "subscription_rename" {
body = jsonencode({
subscriptionName = var.subscription_display_name
})
+
+ depends_on = [
+ time_sleep.wait_for_subscription_before_subscription_operations
+ ]
}
+
diff --git a/modules/subscription/terraform.tf b/modules/subscription/terraform.tf
index 616a928b..faf3d203 100644
--- a/modules/subscription/terraform.tf
+++ b/modules/subscription/terraform.tf
@@ -9,5 +9,9 @@ terraform {
source = "Azure/azapi"
version = ">= 1.3.0"
}
+ time = {
+ source = "hashicorp/time"
+ version = ">= 0.9.1"
+ }
}
}
diff --git a/modules/subscription/variables.tf b/modules/subscription/variables.tf
index 551f9387..94e3138b 100644
--- a/modules/subscription/variables.tf
+++ b/modules/subscription/variables.tf
@@ -173,3 +173,14 @@ If enabled, the following must also be supplied:
- `subscription_id`
DESCRIPTION
}
+
+variable "wait_for_subscription_before_subscription_operations" {
+ type = object({
+ create = optional(string, "30s")
+ destroy = optional(string, "0s")
+ })
+ default = {}
+ description = <