Greetings to my fellow Technology Advocates and Specialists.
In this Session, I will demonstrate how to Break Terraform State Lease Using Azure DevOps.
USE CASE:-
In Order to Protect State File from Accidental Deletion or Tampering, Direct User Access to Terraform State File is Prohibited.
While Build IaC [Infrastructure-As-Code] Using Terraform, DevOps Engineer tend to Run the Code locally by manually executing Terraform Init, Plan and Apply Commands respectively.
During this whole Process, there might be Situation, where the Terraform State file is in Locked State and Unless the Lock is released, the code cannot be executed anymore (Manually or using Az DevOps Pipeline).
This is where, the below Az DevOps Pipeline helps.
The Az DevOps Pipeline runs in the Build Agent using Az DevOps Service Connection which is Az Service Principal Credentials behind the Scene with Appropriate RBAC [Role Based Access Control] on Subscription or Resource Group Level.
AUTOMATION OBJECTIVE:-
Validate If Resource Group Exists.
Validate If Storage Account Exists.
Validate If Storage Account Container Exists.
Validate If Terraform State File Exists in the Specified Storage Account Container.
If any One of the above validation DOES NOT PASS, Pipeline will Fail immediately.
If All of the above validation is SUCCESSFUL, Pipeline will then check the Terraform Blob State.
If Terraform Blob State is == LEASED, Pipeline will Break the Lease.
If Terraform Blob State is != LEASED, Pipeline Still executes Successfully without altering the present state.
IMPORTANT TO NOTE:-
There is No way to find the Blob Lease State before executing the az storage blob lease break command.
Greetings to my fellow Technology Advocates and Specialists.
In this Session, I will demonstrate how to Break Terraform State Lease Using Azure DevOps.
USE CASE:-
In Order to Protect State File from Accidental Deletion or Tampering, Direct User Access to Terraform State File is Prohibited.
While Build IaC [Infrastructure-As-Code] Using Terraform, DevOps Engineer tend to Run the Code locally by manually executing Terraform Init, Plan and Apply Commands respectively.
During this whole Process, there might be Situation, where the Terraform State file is in Locked State and Unless the Lock is released, the code cannot be executed anymore (Manually or using Az DevOps Pipeline).
This is where, the below Az DevOps Pipeline helps.
The Az DevOps Pipeline runs in the Build Agent using Az DevOps Service Connection which is Az Service Principal Credentials behind the Scene with Appropriate RBAC [Role Based Access Control]
variable "rg-name" {
type = string
description = "Name of the Resource Group"
}
variable "rg-location" {
type = string
description = "Resource Group Location"
}
variable "usr-mid-name" {
type = string
description = "Name of the User Assigned Managed Identity"
}
Top comments (0)