andyt530 / az2tf Goto Github PK

I'm getting

Error: azurerm_application_gateway.MyResourceGroup__myAppGw: sku.0.capacity: cannot parse '' as int: strconv.ParseInt: parsing "null": invalid syntax

Terraform v0.11.10 └── provider.azurerm >= 1.19.0

Thanks

Hello, I love the solution that you have developed here. It is a huge help in getting control of a pre-existing Azure environment. Thanks so much for creating and maintaining this tool.

I noticed that the tool imports all of the 86 BuiltInRole types by default. I am not an Azure expert, but I cant think of a reason why we'd want to have these role type under terraform control. In my circumstance, having them made organizing the imported tf files and state into a nice repo/workspace a little messy.

Yes, I could do something like:

for file in `ls rdf__*`; do
 resource=`$echo $file | sed s/'.tf'//`
 terraform state rm azurerm_role_definition.${resource}
 rm $file
done

But I'd have to be careful not to delete any custom roles..

So, I thought it might be easier to modify scripts/azurerm_role_definition.sh to exlcude BuiltInRole types from import.

 18         type=`echo $azr | jq ".[(${i})].roleType"`
 19         if [ $type == "\"BuiltInRole\"" ]; then
 20                 continue
 21         fi

Let me know if you can think of any negative consequences of doing this.
If there are some reasons to import them, perhaps we could add an option to --exclude BuiltInRole to az2tf.sh
If you would like a pull request, let me know.

Discovered this when I opened this PR.

Basically, as per @katbyte, the behavior your script depends on of a blank administrator_login_password causing terraform not attempt to update the password is a bug, and you'd have to use ignore_changes to achieve current behavior when they fix the bug.

I'll try to work on a patch to submit.

Hi,

First of all, thank you for this amazing script! It works perfectly fine for all my resources, except the ones that have tags on them. It seems to parse the key correctly, but not the value. This is the error that is thrown:

2 of 3  ../scripts/azurerm_resource_group.sh <redacted>

<redacted>
error: syntax error, unexpected QQSTRING_START, expecting $end
."purpose"
 ^
1 compile error
resource "azurerm_resource_group" "<redacted>-rg" {
         name = "<redacted>-rg"
         location = "westeurope"
         tags {
                purpose =
        }
}
Error loading the state: Error loading backend config: Error parsing /home/<redacted>/az2tf/tf.884cd7e4-5f29-4a3a-86fa-cb0ff408dc3c/azurerm_resource_group__<redacted>-rg.tf: object expected closing RBRACE got: EOF

I already tried putting the tag value in Azure in double quotes but that didn't work. If I remove the tag the import works fine.

Is this an issue that can be reproduced or is it on my end?

Thanks in advance!
-Tommy

Hi,

today I got an error during scanning of my subscription with az2tf.

I have a resource group with dots in its name like 'dns-zone-apps-q.hello.com'.

dns-zone-apps-q.hello.com
resource "azurerm_resource_group" "dns-zone-apps-q.hello.com" {
         name = "dns-zone-apps-q.hello.com"
         location = "westeurope"
}
Error removing items from the state: Error parsing address 'azurerm_resource_group.dns-zone-apps-q.hello.com': invalid resource address "azurerm_resource_group.dns-zone-apps-q.hello.com"

The state was not saved. No items were removed from the persisted
state. No backup was created since no modification occurred. Please
resolve the issue above and try again.
Error: invalid resource address "azurerm_resource_group.dns-zone-apps-q.hello.com"

For information on valid syntax, see:
https://www.terraform.io/docs/internals/resource-addressing.html

Error: invalid resource address "azurerm_resource_group.dns-zone-apps-q.hello.com"
Error in log file exiting ....

Maybe it's a good idea to translate all names from Azure to something which is ok for terraform before writing it out to tf files?

Best regards,

Josef

Ok so I'm almost 100% sure this is a user problem and not a problem with the code, but at this point I feel a bit lost and hope someone can point me in the right direction.

Given the following subscription (displayed after I login via "az login"):

[
  {
    "cloudName": "AzureCloud",
    "id": "a86bc126-XXXX-XXXX-XXXX-7e546be7a509",
    "isDefault": false,
    "name": "SW.IT.BI.XXXXXXXXXXX.PRD",
    "state": "Enabled",
    "tenantId": "b9cdd4bf-XXXX-XXXX-XXXX-2f0cfec740cf",
    "user": {
      "name": "[email protected]",
      "type": "user"
    }
  }
]

I've tried using both the name of the subscription (e.g. "SW.IT.BI.XXXXXXXXXXX.PRD") and the id (e.g. "a86bc126-XXXX-XXXX-XXXX-7e546be7a509") but I get the following errors:

➜  az2tf git:(master) ./az2tf.sh -s SW.IT.BI.XXXXXXXXXXX.PRD   
Checking Subscription SW.IT.BI.XXXXXXXXXXX.PRD exists ...
parse error: Invalid numeric literal at line 2, column 4
Could not find subscription with ID SW.IT.BI.XXXXXXXXXXX.PRD
➜  az2tf git:(master) ./az2tf.sh -s a86bc126-XXXX-XXXX-XXXX-7e546be7a509
Checking Subscription a86bc126-XXXX-XXXX-XXXX-7e546be7a509 exists ...
parse error: Invalid numeric literal at line 2, column 4
Could not find subscription with ID a86bc126-XXXX-XXXX-XXXX-7e546be7a509

I definitely have permissions to that subscription so I don't think it's a permissions issue, but I'm not really sure where else to look.

Unzipped the file to a new folder
Azure cli and terraform is installed

When I ran the az2tf.sh referencing my subscription ID, I am getting following error:

./az2tf.sh: line 50: jq: command not found
Exception ignored in: <_io.TextIOWrapper name='' mode='w' encoding='UTF-8'>
BrokenPipeError: [Errno 32] Broken pipe

Am I missing something?

When the script is run from Windows Git Bash, the .tfstate stores the resource id for each resource with the user's directory from which the bash is run added to the id attribute
Like this:

azurerm_network_interface.az-rg-tf__az-tfvm-br963

      ip_configuration.0.public_ip_address_id: "C:/Program Files/Git/subscriptions/subscriptionid/resourceGroups/az-rg-tf/providers/Microsoft.Network/publicIPAddresses/az-tfvm-br-ip"

     
 We have to remove it manually from all the tfstate because this causes differences with the resources when we run the terraform plan command.

I'm new to this tool, but when I cloned the repo, I made sure all dependencies were installed and up to date using an Ubuntu Linux subsystem on windows 10 and executing from vs code. The az2tf runs for the appropriate subscription and resource group, identifying that it has found both, but continually comes up with no resources. So the output I get contains an empty azurerm_resource_group__{resource group name}.tf that only has the resource group TF implementation.

When I check the TF State, it also shows only the resource group with no other resources. I thought this might be a permissions issue but I am an owner on the subscription and am able to run the commands from the various SH files and get back results.

One other point is that I am trying to execute this against Azure Government, and made sure that my Azure CLI context is logged in to Azure Government first. Like I said it still finds the appropriate subscription and resource group, but is failing to find any of the resources in that resource group.

FYI, I am just wrapping up a project where we imported LOTs of Azure resources using az2tf. Again, GREAT work and thanks! I had to make several adjustments to ensure that a terraform plan did not trigger a change. Also found that when importing one resource group at a time, it is helpful to have the resource group suffixed to output dir. Submitted 8 pull requests. Feel free to include or disregard them as you see fit.

0. az2tf.sh
   added resourcegroup suffix to output

1. scripts/azurerm_express_route_circuit_peering.sh
   add peering config fi peering_type is MicrosoftPeering or AzurePrivatePeering

2. scripts/azurerm_lb_probe.sh
   remove double quotes (") from requestPath string

3. scripts/azurerm_log_analytics_workspace.sh
   If rdays == 7 (which is an invalid value), dont add to rention_days .tf file. Valid valise must be between 30 and 120

4. scripts/azurerm_management_lock.sh
   If lock notes are null, dont add to tf file.

5. scripts/azurerm_storage_account.sh
   skip creating bypass rules with the Only bypass network is "AzureServices" and there are no "ipRules" or "virtualNetworkRules" defined

6. scripts/azurerm_virtual_network_gateway_connection.sh
   authorization_key should only be added to tf file when not null

7. README.md
   Added warning about Virtual Network Gateway always signaling change

I'm getting the following error when I run the script:

Error: resource 'azurerm_autoscale_setting.xxxxxxxxxxxx' config: unknown resource 'azurerm_virtual_machine_scale_set.xxxxxxxxxxxx' referenced in variable azurerm_virtual_machine_scale_set.xxxxxxxxxxxx.id

Am I doing something wrong, or is there a way to ignore the autoscale_settings section?

Hello!

I've just been pointed at this repo, it looks ace - good to see someone is going through handling all these cases.

I did a proof-of-concept myself a while back, but never spent much time handling all the resources we have in use: https://github.com/glenjamin/azure-terraform-generate

One thing that might help with the speed / completeness issues would be if there was a way to scope this down to do individual resources or groups at once, to provide a bit more fine-grained control.

In our case we have a few hundred VMs and associated resources, and we'd be looking to import into terraform gradually.

Hope that makes sense, cheers!

When parsing "security_rule" and a port range such as 65503-65534 is encountered, the import fails with the following error:

Error loading the state: Error loading backend config: Error parsing
/terraform/az2tf/tf.******/azurerm_network_security_group.__*******.tf: At 40:32:
literal not terminated

Please ensure that your Terraform state exists and that you've
configured it properly. You can use the "-state" flag to point
Terraform at another state file

Referencing the output shows the following:
security_rule { name = "some_name" description = "some_description" access = "Allow" priority = "103" protocol = "Tcp" direction = "Inbound" source_port_range = "*" source_address_prefix = "*" destination_port_range = "65503-65534 destination_port_range = " destination_address_prefix = "*"

Judging by this output and having verified the rule is correct in the web console it appears the "-" is breaking the parsing as the "destination_port_range" appears twice but in a broken method.

Does it's possible to export Function App ?

Hi, thank you for creating az2tf! It saves me a lot of work.

However it would be awesome if you could specify a license so that it can be safely used in commercial projects. Thanks!