You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
Versions
terraform: 1.9.2
azure provider: 3.111.0
module: 6.0.0
Description
Describe the bug
after upgrading to 6.0.0 terraform plan continually wants to update landing zones policy assignment config for Enforce-GR-KeyVault
Terraform will perform the following actions:
# module.azure_landing_zone.module.core.module.alz.azurerm_management_group_policy_assignment.enterprise_scale["/providers/Microsoft.Management/managementGroups/ct-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault"] will be updated in-place
~ resource "azurerm_management_group_policy_assignment" "enterprise_scale" {
id = "/providers/Microsoft.Management/managementGroups/ct-landing-zones/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault"
name = "Enforce-GR-KeyVault"
- parameters = jsonencode({})
# (8 unchanged attributes hidden)
# (1 unchanged block hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Apply succeeds just fine, but next plan produces same results
Steps to Reproduce
my deployment is the level 300 - (seperate submodules for each of core, connectivity and management components)
core module code:
module "alz" {
# To enable correct testing of our examples, we must source this
# module locally. Please remove the local `source = "../../../../"`
# and uncomment the remote `source` and `version` below.
# source = "../../../../"
source = "Azure/caf-enterprise-scale/azurerm"
version = "6.0.0" # change this to your desired version, https://www.terraform.io/language/expressions/version-constraints
providers = {
azurerm = azurerm
azurerm.connectivity = azurerm
azurerm.management = azurerm
}
# Base module configuration settings
root_parent_id = data.azurerm_client_config.current.tenant_id
root_id = var.root_id
root_name = var.root_name
library_path = "${path.module}/lib"
default_location = "southafricanorth"
# Enable creation of the core management group hierarchy
# and additional custom_landing_zones
deploy_core_landing_zones = true
custom_landing_zones = local.custom_landing_zones
archetype_config_overrides = local.archetype_config_overrides
# Configuration settings for identity resources is
# bundled with core as no resources are actually created
# for the identity subscription
deploy_identity_resources = true
configure_identity_resources = local.configure_identity_resources
subscription_id_identity = var.subscription_id_identity
# The following inputs ensure that managed parameters are
# configured correctly for policies relating to connectivity
# resources created by the connectivity module instance and
# to map the subscription to the correct management group,
# but no resources are created by this module instance
deploy_connectivity_resources = false
configure_connectivity_resources = var.configure_connectivity_resources
subscription_id_connectivity = var.subscription_id_connectivity
# The following inputs ensure that managed parameters are
# configured correctly for policies relating to management
# resources created by the management module instance and
# to map the subscription to the correct management group,
# but no resources are created by this module instance
deploy_management_resources = false
configure_management_resources = var.configure_management_resources
subscription_id_management = var.subscription_id_management
strict_subscription_association = var.strict_subscription_association
}
Screenshots
Additional context
the change appears to not be doing anything so nothing appears to be broken
it wants to delete a block that is basically empty anyway
parameters = jsonencode({})
The text was updated successfully, but these errors were encountered:
Community Note
Versions
terraform: 1.9.2
azure provider: 3.111.0
module: 6.0.0
Description
Describe the bug
after upgrading to 6.0.0 terraform plan continually wants to update landing zones policy assignment config for Enforce-GR-KeyVault
Apply succeeds just fine, but next plan produces same results
Steps to Reproduce
my deployment is the level 300 - (seperate submodules for each of core, connectivity and management components)
core module code:
Screenshots
Additional context
the change appears to not be doing anything so nothing appears to be broken
it wants to delete a block that is basically empty anyway
The text was updated successfully, but these errors were encountered: