Switch to Microsoft supported terraform extension in Azure Pipelines

scripts/ado-terraform-nagger.py

@@ -87,7 +87,6 @@ def run_command(command, working_directory, is_tf_switch=False):
         command = ["tfswitch", "--latest"]
         run_command = subprocess.run(command, capture_output=True, timeout=15)
         return run_command.stdout.decode("utf-8")
-
     except TypeError:
         run_command = subprocess.run(
             command, stdout=subprocess.PIPE, stderr=subprocess.PIPE
@@ -671,10 +670,12 @@ def main():
         try:
             print(f'component: {component}')
             full_path = f'{working_directory}{component}'
-
-            # fail out loop if terraform version <= 0.13.0
+            
+             # fail out loop if terraform version <= 0.13.0
             command = ["tfswitch", "-b", terraform_binary_path]
             run_command(command, full_path, True)
+
+            # Get terraform version
             command = ["terraform", "version", "--json"]
             result = json.loads(run_command(command, full_path))
 

steps/install-use-tfswitch.yaml

@@ -16,6 +16,7 @@ steps:
     inputs:
       targetType: 'inline'
       script: |
+        set -euo pipefail
         curl -L https://raw.githubusercontent.com/warrensbox/terraform-switcher/release/install.sh | bash -s -- -b  ${{ parameters.tfswitchPath }} ${{ parameters.tfswitchVersion }}
         set -x
         # Make sure ~/.local/bin is set for both root and non-root based agents (self-hosted etc)

steps/terraform.yaml

@@ -43,6 +43,21 @@ parameters:
   - name: serviceConnection
     default: ''
 
+  - name: backendServiceConnection
+    default: ''
+
+  - name: backendResourceGroupName
+    default: ''
+
+  - name: backendStorageAccountName
+    default: ''
+
+  - name: backendContainerName
+    default: ''
+
+  - name: backendKey
+    default: ''
+
   - name: terraformInitSubscription
     default: ''
 
@@ -91,6 +106,13 @@ steps:
       serviceConnection: ${{ parameters.serviceConnection }}
       environment: ${{ parameters.environment }}
 
+  - template: ./install-use-tfswitch.yaml
+    parameters:
+      ${{ if eq( parameters['baseDirectory'], '') }}:
+        workingDirectory: '$(System.DefaultWorkingDirectory)/$(buildRepoSuffix)/components/${{ parameters.component }}'
+      ${{ else }}:
+        workingDirectory: '$(System.DefaultWorkingDirectory)/$(buildRepoSuffix)/${{ parameters.baseDirectory }}/${{ parameters.component }}'
+
   - task: Bash@3
     displayName: Install tfcmt
     condition: ne(variables['System.PullRequest.PullRequestNumber'], '')
@@ -107,14 +129,6 @@ steps:
       keyVaultName: 'infra-vault-nonprod'
       secretsFilter: 'github-api-token'
 
-  - template: ./install-use-tfswitch.yaml
-    parameters:
-      tfswitchArgs: -b ~/.local/bin/terraform
-      ${{ if eq( parameters['baseDirectory'], '') }}:
-        workingDirectory: '$(System.DefaultWorkingDirectory)/$(buildRepoSuffix)/components/${{ parameters.component }}'
-      ${{ else }}:
-        workingDirectory: '$(System.DefaultWorkingDirectory)/$(buildRepoSuffix)/${{ parameters.baseDirectory }}/${{ parameters.component }}'
-
   - task: Bash@3
     displayName: Build resource values
     env:
@@ -127,49 +141,49 @@ steps:
       filePath: $(System.DefaultWorkingDirectory)/cnp-azuredevops-libraries/scripts/build-resource-values.sh
       workingDirectory: $(System.DefaultWorkingDirectory)/$(buildRepoSuffix)
 
-  - task: TerraformCLI@2
+  - task: ms-devlabs.custom-terraform-tasks.custom-terraform-release-task.TerraformTaskV4@4
     displayName: Terraform init ${{ parameters.component }}
     inputs:
-      command: init
+      provider: 'azurerm'
+      command: 'init'
       ${{ if eq( parameters['baseDirectory'], '') }}:
         workingDirectory: '$(System.DefaultWorkingDirectory)/$(buildRepoSuffix)/components/${{ parameters.component }}'
       ${{ else }}:
         workingDirectory: '$(System.DefaultWorkingDirectory)/$(buildRepoSuffix)/${{ parameters.baseDirectory }}/${{ parameters.component }}'
-      backendType: azurerm
-      ensureBackend: false
-      backendServiceArm: ${{ parameters.serviceConnection }}
-      backendAzureRmResourceGroupName: 'azure-control-${{ parameters.environment }}-rg'
-      backendAzureRmResourceGroupLocation: ${{ parameters.location }}
-      backendAzureRmStorageAccountName: $(controlStorageAccount)
-      backendAzureRmStorageAccountSku: Standard_LRS
-      backendAzureRmContainerName: subscription-tfstate
-      backendAzureRmKey: '${{ parameters.location }}/${{ parameters.product }}/$(buildRepoSuffix)/${{ parameters.environment }}/${{ parameters.component }}/terraform.tfstate'
-      commandOptions: '-backend-config=subscription_id=${{ parameters.terraformInitSubscription }} ${{ parameters.initCommandOptions }}'
-
-  - task: TerraformCLI@2
+      backendServiceArm: ${{ coalesce(parameters.backendServiceConnection, 'HMCTS-CONTROL') }}
+      backendAzureRmResourceGroupName: ${{ coalesce(parameters.backendResourceGroupName, format('azure-control-{0}-rg', parameters.environment)) }}
+      backendAzureRmStorageAccountName: ${{ coalesce(parameters.backendStorageAccountName, '$(controlStorageAccount)') }}
+      backendAzureRmContainerName: ${{ coalesce(parameters.backendContainerName, 'subscription-tfstate') }}
+      ${{ if parameters.backendKey }}:
+        backendAzureRmKey: ${{ parameters.backendKey }}
+      ${{ else }}:
+        backendAzureRmKey: ${{ parameters.location }}/${{ parameters.product }}/$(buildRepoSuffix)/${{ parameters.environment }}/${{ parameters.component }}/terraform.tfstate
+      commandOptions: '${{ parameters.initCommandOptions }}'
+
+  - task: ms-devlabs.custom-terraform-tasks.custom-terraform-release-task.TerraformTaskV4@4
     displayName: Terraform validate
     inputs:
-      command: validate
+      provider: 'azurerm'
+      command: 'validate'
       ${{ if eq( parameters['baseDirectory'], '') }}:
         workingDirectory: '$(System.DefaultWorkingDirectory)/$(buildRepoSuffix)/components/${{ parameters.component }}'
       ${{ else }}:
         workingDirectory: '$(System.DefaultWorkingDirectory)/$(buildRepoSuffix)/${{ parameters.baseDirectory }}/${{ parameters.component }}'
 
-  - task: TerraformCLI@2
+  - task: ms-devlabs.custom-terraform-tasks.custom-terraform-release-task.TerraformTaskV4@4
     # retryCountOnFailure: 2
     displayName: Terraform plan ${{ parameters.component }}
     condition: and(succeeded(), in('${{ parameters.overrideAction }}', 'plan', 'apply'))
     ${{ if parameters.terraformEnvironmentVariables }}:
       env: ${{ parameters.terraformEnvironmentVariables  }}
     inputs:
-      command: plan
+      provider: 'azurerm'
+      command: 'plan'
       ${{ if eq( parameters['baseDirectory'], '') }}:
         workingDirectory: '$(System.DefaultWorkingDirectory)/$(buildRepoSuffix)/components/${{ parameters.component }}'
       ${{ else }}:
         workingDirectory: '$(System.DefaultWorkingDirectory)/$(buildRepoSuffix)/${{ parameters.baseDirectory }}/${{ parameters.component }}'
-      environmentServiceName: ${{ parameters.serviceConnection }}
-      runAzLogin: true
-      publishPlanResults: "$(tfPlanName)"
+      environmentServiceNameAzureRM: ${{ parameters.serviceConnection }}
       ${{ if eq(parameters['tfVarsFile'], '') }}:
         commandOptions: >
           -out tfplan-$(tfPlanName)
@@ -193,7 +207,7 @@ steps:
           -var product=${{ parameters.product }} ${{ parameters.planCommandOptions }}
           -var-file "${{ parameters.tfVarsFile }}"
           -lock=false
-    retryCountOnTaskFailure: 3 # This is at the correct level, aligned with 'displayName' and 'inputs'
+        retryCountOnTaskFailure: 3 # This is at the correct level, aligned with 'displayName' and 'inputs'
 
   - task: Bash@3
     displayName: Publish Plan to GitHub - ${{ parameters.component }}
@@ -248,7 +262,7 @@ steps:
         az storage azcopy blob upload -c plan-json --account-name tfplanviewersa -s $(System.DefaultWorkingDirectory)/$(buildRepoSuffix)/components/${{ parameters.component }}/tfplan-$(tfPlanName).json -d "$(Build.Repository.Name)/$(System.PullRequest.PullRequestNumber)/tfplan-$(tfPlanName).json" --subscription ${{ parameters.savePlanResultsServiceConnection }} --account-key $(storage-account-primary-key)
       azureSubscription: ${{ parameters.serviceConnection }}
 
-  - task: TerraformCLI@2
+  - task: ms-devlabs.custom-terraform-tasks.custom-terraform-release-task.TerraformTaskV4@4
     displayName: Terraform apply ${{ parameters.component }}
     ${{ if parameters.terraformEnvironmentVariables }}:
       env: ${{ parameters.terraformEnvironmentVariables  }}
@@ -258,29 +272,30 @@ steps:
       and(succeeded(), eq(variables['isMain'], true), eq(variables['isAutoTriggered'], true))
       )
     inputs:
-      runAzLogin: true
-      command: apply
+      provider: 'azurerm'
+      command: 'apply'
       ${{ if eq( parameters['baseDirectory'], '') }}:
         workingDirectory: '$(System.DefaultWorkingDirectory)/$(buildRepoSuffix)/components/${{ parameters.component }}'
       ${{ else }}:
         workingDirectory: '$(System.DefaultWorkingDirectory)/$(buildRepoSuffix)/${{ parameters.baseDirectory }}/${{ parameters.component }}'
-      environmentServiceName: ${{ parameters.serviceConnection }}
+      environmentServiceNameAzureRM: ${{ parameters.serviceConnection }}
       commandOptions: "${{ parameters.applyCommandOptions }} -auto-approve tfplan-$(tfPlanName)"
       retryCountOnTaskFailure: 3 # This is at the correct level, aligned with 'displayName' and 'inputs'
 
   - ${{ if eq(parameters.overrideAction, 'destroy') }}:
-      - task: TerraformCLI@2
+      - task: ms-devlabs.custom-terraform-tasks.custom-terraform-release-task.TerraformTaskV4@4
         displayName: Terraform destroy ${{ parameters.component }}
         ${{ if parameters.terraformEnvironmentVariables }}:
           env: ${{ parameters.terraformEnvironmentVariables  }}
         condition: and(succeeded(), eq(variables['isMain'], true), eq('${{ parameters.overrideAction }}', 'destroy'))
         inputs:
-          command: destroy
+          provider: 'azurerm'
+          command: 'destroy'
           ${{ if eq( parameters['baseDirectory'], '') }}:
             workingDirectory: '$(System.DefaultWorkingDirectory)/$(buildRepoSuffix)/components/${{ parameters.component }}'
           ${{ else }}:
             workingDirectory: '$(System.DefaultWorkingDirectory)/$(buildRepoSuffix)/${{ parameters.baseDirectory }}/${{ parameters.component }}'
-          environmentServiceName: ${{ parameters.serviceConnection }}
+          environmentServiceNameAzureRM: ${{ parameters.serviceConnection }}
           ${{ if eq(parameters['tfVarsFile'], '') }}:
             commandOptions: >
               -var env=${{ parameters.environment }}
@@ -298,7 +313,6 @@ steps:
               -var builtFrom=$(Build.Repository.Name)
               -var product=${{ parameters.product }} ${{ parameters.destroyCommandOptions }}
               -var-file "${{ parameters.tfVarsFile }}"
-
   - task: AzureCLI@2
     displayName: 'Unlock TF state if required'
     condition: |