Below is an azure pipeline for terraform build store the variables as library variables in ADO
trigger:
-main
variables:
- group: group1
pool:
vmImage: 'ubuntu-latest'
steps:
- task: AzureCLI@2
inputs:
azureSubscription: 'Test'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
az --version
export ARM_CLIENT_ID=$(ARM_CLIENT_ID)
export ARM_CLIENT_SECRET=$(ARM_CLIENT_SECRET)
export ARM_TENANT_ID=$(ARM_TENANT_ID)
terraform init -var-file 'terraform.tfvars'
terraform plan
Below is the terraform main file main.tf
Add your service principal to the role Key Vault Secrets User Goto Key Vault access configuration and use RBAC instead of access policy
terraform {
required_version = ">= 1.3.7"
backend "azurerm" {
use_azuread_auth = true
resource_group_name = "testrg"
storage_account_name = "storage-test"
container_name = "terraform"
key = "terraform.tfstate"
}
}
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-rg1"
location = "eastus"
}
data "azurerm_key_vault" "devops-kv-dev" {
name = "devops-kv-dev"
resource_group_name = "testrguseast"
}
data "azurerm_key_vault_secret" "sql-admin-password" {
name = "sql-admin-password"
key_vault_id = data.azurerm_key_vault.devops-kv-dev.id
}
Below is the sqlserver.tf file
resource "azurerm_mssql_server" "test-sqlserver" {
name = "test-sqlserver"
resource_group_name = "testrguseast"
location = "eastus"
administrator_login = "admin"
administrator_login_password = data.azurerm_key_vault_secret.sql-admin-password.value
version = "12.0"
}