Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(subscription): optional use of AzAPI for Subscription creation #234

Closed
wants to merge 19 commits into from
Closed

feat(subscription): optional use of AzAPI for Subscription creation #234

wants to merge 19 commits into from

Conversation

danwatco
Copy link

@danwatco danwatco commented Aug 2, 2023

Overview/summary

This PR adds functionality to create a subscription using the azapi_resource resource type rather than using azurerm_subscription. This is useful in situations where the principal running Terraform doesn't have access to the default management group where subscriptions are created. By using the API, we can provide the managementGroupId parameter and the subscription is then created in the provided management group, avoiding the need to have creation permissions underneath the default management group.

Written unit and deployment tests (feedback welcome, my first time writing Go tests). Unable to run deployment tests so needs some testing there.

Testing evidence

image image

There is some concerns that the management group association may cause an import error but yet to be tested.

As part of this pull request I have

  • Checked for duplicate Pull Requests
  • Associated it with relevant issues, for tracking and closure.
  • Run and make fmt & make docs to format your code and update documentation.
  • Created unit and deployment tests and provided evidence.
  • Updated relevant and associated documentation.

@danwatco danwatco requested a review from a team as a code owner August 2, 2023 10:31
@danwatco danwatco changed the title feat(subscripton): Optional use of AzAPI for Subscription creation feat(subscription): Optional use of AzAPI for Subscription creation Aug 2, 2023
@danwatco danwatco changed the title feat(subscription): Optional use of AzAPI for Subscription creation feat(subscription): optional use of AzAPI for Subscription creation Aug 2, 2023
@matt-FFFFFF
Copy link
Member

Thanks @danwatco this looks great. Appreciate you taking the time to create some tests too.

I think one scenario that needs to be tested with deployment tests is one of using AzAPI to create the subscription alias and then AzureRM to manage the management group association.

If you are happy to copy one of the other deployment tests in the subscription submodule then feel free to modify that, if not I can do it.

@danwatco
Copy link
Author

danwatco commented Aug 3, 2023

Thanks @danwatco this looks great. Appreciate you taking the time to create some tests too.

I think one scenario that needs to be tested with deployment tests is one of using AzAPI to create the subscription alias and then AzureRM to manage the management group association.

If you are happy to copy one of the other deployment tests in the subscription submodule then feel free to modify that, if not I can do it.

Have had a shot here - feel free to change/update

jaredfholgate
jaredfholgate requested changes Sep 25, 2023
View reviewed changes
modules/subscription/main.tf
}
})
}

# This resource ensures that we can manage the management group for the subscription
# throughout its lifecycle.
resource "azurerm_management_group_subscription_association" "this" {
count = var.subscription_management_group_association_enabled ? 1 : 0
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@luke-taylor You don't need this block if using AzAPI, so you can count = 0 it.

@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Author Feedback ✏️ Needs the author to provide feedback label Sep 25, 2023
@matt-FFFFFF
Copy link
Member

Thanks for this @danwatco - @luke-taylor has implemented this in #253

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jaredfholgate jaredfholgate jaredfholgate requested changes

Assignees
No one assigned
Labels
Needs: Author Feedback ✏️ Needs the author to provide feedback
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@danwatco @matt-FFFFFF @jaredfholgate