-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add new RP blueprint and resource azurerm_blueprint_assignment
#6034
Conversation
Hi @ArcturusZhang Additionally, I have concerns around the way this resource contains a privilege escalation that the user of the resource is unlikely to be aware of when a System MSI is used (Something that would be better exposed by requiring a Blueprint Definition be created/imported in terraform). The portal grants this temporarily via the Blueprint definition / assignment I believe, where this PR sets it explicitly without removal (which could, of course, be changed to match the portal behaviour.) Since Blueprints are a large service which doesn’t fit 1:1 into Terraform, we need to work out the best approach forwards here rather than simply duplicating the API behaviour - as such we should not include this resource without support for the base resources it requires. I've done some investigative work on that previously, and I've revisited it to help review this PR. Sadly there are definitely issues and incompatibilities with supporting the blueprints service in general. For example, a parameter can be one of seven different types, which means that holding the I don't do this lightly, as I can tell a lot of effort has gone into this, but I'm going to close this PR as I believe the service is not suitable for Terraform in its current form. I will speak with the team on this about possibilities on how it could be potentially supported in the future (either via API changes or if we can work with the service team to make this possible). |
Wouldn't it have been better to develop a suitable PR for Terraform instead of closing it? |
Hi @r0b2g1t |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
reopend in a limited fashion as #6930 |
This PR added new resource
azurerm_blueprint_assignment
.REST API: https://docs.microsoft.com/en-us/rest/api/blueprints/
Documentation: https://docs.microsoft.com/en-us/azure/governance/blueprints/create-blueprint-rest-api
And per internal discussion with the blueprint service team and the most urgent customer requirement, we will only add the blueprint assignment first in this PR. Therefore I did a lot work around when composing the acceptance test for this resource.