How Do I Combine Terraform With Azure CLI and REST API?

1
votes

I have a most of my Azure infrastructure managed with Terraform. However, I am quickly finding that a lot of the small details are missing.

e.g. client secrets aren't fully supported https://github.com/terraform-providers/terraform-provider-azuread/issues/95

It doesn't seem possible to add an Active Directory Provider to APIM How Do I Add Active Directory To APIM Using Terraform?

Creating the APIM leaves demo products on it that can't be removed How Can I Remove Demo Products From APIM Created With Terraform?

etc, etc.

Solutions to these seems to be utilising the cli

e.g. https://docs.microsoft.com/en-us/cli/azure/ad/app/permission?view=azure-cli-latest#az-ad-app-permission-add

Or falling back to the REST API: e.g. https://docs.microsoft.com/en-us/rest/api/apimanagement/2019-01-01/apis/delete

How can I mix terraform with the CLI and REST API?

Can they be embedded in terraform?

Or do I just run some commands to run them after terraform has finished?

Is there a way to do these commands in a cross platform way?

Will running the CLI and REST API after terraform cause the state to be wrong and likely cause problems the next time terraform is run?

1
azureterraform

1 Answers

2
votes

How can I mix terraform with the CLI and REST API?

You can use the Terraform provisioner local-exec or remote-exec. In these ways, you can run the script with CLI commands or the REST API. For more details, see local-exec and remote-exec. But you need to take care of them. These two ways just run the scripts and display the output, but they do not have the outputs.

If you want to use the result of the script in the same Terraform file for other resources, you need to use the Terraform external data source, see the details here.

Update:

Here is an example.

Bash script file vmTags.sh:

#!/bin/bash
az vm show -d -g myGroup -n myVM --query tags

Terraform external data source:

data "external" "test" {
  program = ["/bin/bash", "./vmTags.sh"]
}

output "value" {
  value = "${data.external.test.result}"
}