Terraform eventgrid partner topic activation

I’m trying to configure a log stream using Azure Event Grid using Terraform. I’m able to create an eventgrid partner configuration and then set up a log stream on auth0 that uses this configuration to create a partner topic.

How can, using terraform, I activate this topic once Auth0 creates it? Or am I going about this in the wrong way?

I’ve include my current code below.

locals {
  auth0_immutable_id = "804a11ca-ce9b-4158-8e94-3c8dc7a072ec"
  auth0_partner_name = "Auth0"
}

/////// auth0 partner configuration ///////
resource "azapi_resource" "egpc_auth0" {
  type      = "Microsoft.EventGrid/partnerConfigurations@2021-10-15-preview"
  name      = "default"
  location  = "Global"
  parent_id = azurerm_resource_group.this.id
  tags      = local.common_tags
  body = jsonencode({
    properties = {
      partnerAuthorization = {
        authorizedPartnersList = [
          {
            partnerName                    = local.auth0_partner_name
            partnerRegistrationImmutableId = local.auth0_immutable_id
          }
        ]
      }
    }
  })
}

//////////// auth0 log stream /////////////
resource "auth0_log_stream" "auth0" {
  name   = "ls-${local.prefix_long}"
  type   = "eventgrid"
  status = "active"
  sink {
    azure_subscription_id = var.subscription_id
    azure_resource_group  = azurerm_resource_group.this.name
    azure_region          = azurerm_resource_group.this.location
  }
}

I managed to get this to work using the below code, but this won’t work through gitlab because the hashicorp/terraform container doesn’t have access to the az cli and I cannot install it because it won’t let me elevate privileges. I’m still looking for a solution, but am posting this here in case someone else has the same problem and this can work for them. My next step is to try to work this out using curl against the api, but won’t be able to work on this until next week.

If anyone has anything that might help, I would greatly appreciate it.

locals {
  auth0_partner_name = "Auth0"
  auth0_immutable_id = "804a11ca-ce9b-4158-8e94-3c8dc7a072ec"
}

/////// auth0 partner configuration ///////
resource "azapi_resource" "egpc_auth0" {
  type      = "Microsoft.EventGrid/partnerConfigurations@2021-10-15-preview"
  name      = "default"
  location  = "Global"
  parent_id = azurerm_resource_group.this.id
  tags      = local.common_tags

  body = jsonencode({
    properties = {
      partnerAuthorization = {
        defaultMaximumExpirationTimeInDays = 1
        authorizedPartnersList = [
          {
            partnerName                    = local.auth0_partner_name
            partnerRegistrationImmutableId = local.auth0_immutable_id
          }
        ]
      }
    }
  })
}

//////////// auth0 log stream /////////////
resource "auth0_log_stream" "auth0" {
  name       = "ls-${local.prefix_long}"
  type       = "eventgrid"
  status     = "active"
  depends_on = [azapi_resource.egpc_auth0]

  sink {
    azure_subscription_id = var.subscription_id
    azure_resource_group  = azurerm_resource_group.this.name
    azure_region          = azurerm_resource_group.this.location
  }

  provisioner "local-exec" {
    interpreter = ["/bin/bash", "-c"]
    command     = <<EOF
      partner_topics=$(az eventgrid partner topic list --odata-query "Contains(name, 'auth0-domain-${var.environment}-')" --query [].name --output tsv)
      for partner_topic in $${partner_topics}; do
        echo "Activating EventGrid Partner Topic $${partner_topic}"
        az eventgrid partner topic activate --name $${partner_topic} --resource-group ${azurerm_resource_group.this.name}
      done
    EOF
  }
}

I managed to solve this using curl. I had assumed before that the official terraform container was using debian, but it is actually using Alpine. So these containers don’t have curl on them, or even bash, but will let me install packages using apk. I’ve included my code below in case anyone else has this same issue in the future.

This assumes ARM_CLIENT_ID ARM_CLIENT_SECRET and ARM_TENANT_ID are appropriately defined environmental variables.

locals {
  auth0_partner_name = "Auth0"
  auth0_immutable_id = "804a11ca-ce9b-4158-8e94-3c8dc7a072ec"
}

/////// auth0 partner configuration ///////
resource "azapi_resource" "egpc_auth0" {
  type      = "Microsoft.EventGrid/partnerConfigurations@2021-10-15-preview"
  name      = "default"
  location  = "Global"
  parent_id = azurerm_resource_group.this.id
  tags      = local.common_tags

  body = jsonencode({
    properties = {
      partnerAuthorization = {
        defaultMaximumExpirationTimeInDays = 1
        authorizedPartnersList = [
          {
            partnerName                    = local.auth0_partner_name
            partnerRegistrationImmutableId = local.auth0_immutable_id
          }
        ]
      }
    }
  })
}

//////////// auth0 log stream /////////////
resource "auth0_log_stream" "auth0" {
  name       = "ls-${local.prefix_long}"
  type       = "eventgrid"
  status     = "active"
  depends_on = [azapi_resource.egpc_auth0]

  sink {
    azure_subscription_id = var.subscription_id
    azure_resource_group  = azurerm_resource_group.this.name
    azure_region          = azurerm_resource_group.this.location
  }

  provisioner "local-exec" {
    interpreter = ["/bin/sh", "-c"]
    command     = <<EOF
    # install curl and jq
    apk add curl --quiet jq
    # get bearer token
    bearer=$(curl -sSX POST -d "grant_type=client_credentials&client_id=$${ARM_CLIENT_ID}&client_secret=$${ARM_CLIENT_SECRET}&resource=https%3A%2F%2Fmanagement.azure.com%2F" https://login.microsoftonline.com/$${ARM_TENANT_ID}/oauth2/token | jq ".access_token" -r)
    # get unactivated topics containing "auth0-org-ENV-"
    partnerTopicNames=$(curl -sSX GET -H "Authorization: Bearer $${bearer}" -H "Content-Type: application/json" https://management.azure.com/subscriptions/${var.subscription_id}/resourceGroups/${azurerm_resource_group.this.name}/providers/Microsoft.EventGrid/partnerTopics?api-version=2021-10-15-preview\&\$filter=contains\(name,\'auth0-org-${var.environment}-\'\) | jq -r '.value[] | select(.properties.activationState!="Activated")' | jq -r '.name')
    # activate topics
    for partnerTopicName in $${partnerTopicNames}; do
        curl -sSX POST -H "Authorization: Bearer $${bearer}" -H "Content-Type: application/json" -H "Content-Length: 0" https://management.azure.com/subscriptions/${var.subscription_id}/resourceGroups/${azurerm_resource_group.this.name}/providers/Microsoft.EventGrid/partnerTopics/$${partnerTopicName}/activate?api-version=2021-10-15-preview
    done
    EOF
  }
}
1 Like

Hey there everyone! :wave:t3:

I thought I’m gonna chime in with something that might be of your interest! We’re hosting an Ask Me Anything Session in our Forum regarding Auth0 Terraform Provider.

It’s gonna be on Thursday, September 28, 2023. Check out more info about it here!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.