Created
July 21, 2020 14:42
-
-
Save SQLDBAWithABeard/aaf81cf888144e1050ef9904ca3aa806 to your computer and use it in GitHub Desktop.
using azure SPN for local terraform state
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## DO NOT SAVE THE tfvars file with values in it | |
| ## I have added them to a local key vault following this blog post https://sqldbawithabeard.com/2020/07/18/good-bye-import-clixml-use-the-secrets-management-module-for-your-labs-and-demos/ | |
| # This file will enable you to run terraform plan or import resources into terraform state locally | |
| # You will need to create a directory called ignorevariables and copy the dev-backend-config.tfvars into it | |
| <# | |
| The dev-backend-config.tfvars file should look like this with the required values set for the environment you are using | |
| /* | |
| this is a secret file so we can add the values | |
| */ | |
| # tfstate vars | |
| resource_group_name = "" | |
| storage_account_name = "" | |
| # Azure Subscription Id | |
| azure-subscription-id = "" # NONE-PROD-Subscription-Id | |
| # Azure Client Id/appId | |
| azure-client-id = "" # AzureDevOps-UAT-client-id | |
| # Azure Client Secret/password | |
| azure-client-secret = "" # Get-Secret -Name AzureDevOps-UAT-client-secret | |
| # Azure Tenant Id | |
| azure-tenant-id = "" # NONE-PROD-Tenant-Id | |
| # Key Vault vars | |
| key_vault_resource_group_name = "" | |
| key_vault_name = "" | |
| ## You can add the required values in for the resource group, keyvault and terraform names and the ids and secrets | |
| ## BUT DO NOT SAVE THE FILE WITH THEM IN | |
| ## I have added them to a local key vault following this blog post https://sqldbawithabeard.com/2020/07/18/good-bye-import-clixml-use-the-secrets-management-module-for-your-labs-and-demos/ | |
| #> | |
| $ResourceGroupName = '' # Where the terraform state is | |
| $storageaccountname = '' # Where the terraform state is | |
| # Connect to Azure with the SPN | |
| $clientid = Get-Secret -Name AzureDevOps-UAT-client-id -AsPlainText | |
| $clientsecret = Get-Secret -Name AzureDevOps-UAT-client-secret | |
| $tenantid = Get-Secret -Name NONE-PROD-Tenant-Id -AsPlainText | |
| $pscredential = New-Object System.Management.Automation.PSCredential ($clientid,$clientsecret) | |
| Connect-AzAccount -ServicePrincipal -Credential $pscredential -Tenant $tenantid | |
| # Get the storage account key for the terraform state | |
| $key=(Get-AzStorageAccountKey -ResourceGroupName $ResourceGroupName -AccountName $storageaccountname).Value[0] | |
| $ENV:ARM_ACCESS_KEY = $key | |
| cd Build | |
| terraform init -backend-config="..\ignorevariables\dev-backend-config.tfvars" | |
| terraform workspace select preprod | |
| terraform import azurerm_private_endpoint.sql_server_private_endpoint /subscriptions/1ce00944-b7bb-4394-8303-8f43dba9e520/resourceGroups/eudl-ukgiaa-uat-rg/providers/Microsoft.Network/privateEndpoints/ukgiaa-uat-sda-pe | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment