edhy
March 16, 2023, 6:28pm
1
I’m trying to configure a log stream using Azure Event Grid using Terraform. I’m able to create an eventgrid partner configuration and then set up a log stream on auth0 that uses this configuration to create a partner topic.
How can, using terraform, I activate this topic once Auth0 creates it? Or am I going about this in the wrong way?
I’ve include my current code below.
locals {
auth0_immutable_id = "804a11ca-ce9b-4158-8e94-3c8dc7a072ec"
auth0_partner_name = "Auth0"
}
/////// auth0 partner configuration ///////
resource "azapi_resource" "egpc_auth0" {
type = "Microsoft.EventGrid/partnerConfigurations@2021-10-15-preview"
name = "default"
location = "Global"
parent_id = azurerm_resource_group.this.id
tags = local.common_tags
body = jsonencode({
properties = {
partnerAuthorization = {
authorizedPartnersList = [
{
partnerName = local.auth0_partner_name
partnerRegistrationImmutableId = local.auth0_immutable_id
}
]
}
}
})
}
//////////// auth0 log stream /////////////
resource "auth0_log_stream" "auth0" {
name = "ls-${local.prefix_long}"
type = "eventgrid"
status = "active"
sink {
azure_subscription_id = var.subscription_id
azure_resource_group = azurerm_resource_group.this.name
azure_region = azurerm_resource_group.this.location
}
}
edhy
March 17, 2023, 3:35pm
2
I managed to get this to work using the below code, but this won’t work through gitlab because the hashicorp/terraform container doesn’t have access to the az cli and I cannot install it because it won’t let me elevate privileges. I’m still looking for a solution, but am posting this here in case someone else has the same problem and this can work for them. My next step is to try to work this out using curl against the api, but won’t be able to work on this until next week.
If anyone has anything that might help, I would greatly appreciate it.
locals {
auth0_partner_name = "Auth0"
auth0_immutable_id = "804a11ca-ce9b-4158-8e94-3c8dc7a072ec"
}
/////// auth0 partner configuration ///////
resource "azapi_resource" "egpc_auth0" {
type = "Microsoft.EventGrid/partnerConfigurations@2021-10-15-preview"
name = "default"
location = "Global"
parent_id = azurerm_resource_group.this.id
tags = local.common_tags
body = jsonencode({
properties = {
partnerAuthorization = {
defaultMaximumExpirationTimeInDays = 1
authorizedPartnersList = [
{
partnerName = local.auth0_partner_name
partnerRegistrationImmutableId = local.auth0_immutable_id
}
]
}
}
})
}
//////////// auth0 log stream /////////////
resource "auth0_log_stream" "auth0" {
name = "ls-${local.prefix_long}"
type = "eventgrid"
status = "active"
depends_on = [azapi_resource.egpc_auth0]
sink {
azure_subscription_id = var.subscription_id
azure_resource_group = azurerm_resource_group.this.name
azure_region = azurerm_resource_group.this.location
}
provisioner "local-exec" {
interpreter = ["/bin/bash", "-c"]
command = <<EOF
partner_topics=$(az eventgrid partner topic list --odata-query "Contains(name, 'auth0-domain-${var.environment}-')" --query [].name --output tsv)
for partner_topic in $${partner_topics}; do
echo "Activating EventGrid Partner Topic $${partner_topic}"
az eventgrid partner topic activate --name $${partner_topic} --resource-group ${azurerm_resource_group.this.name}
done
EOF
}
}
edhy
March 22, 2023, 6:06pm
3
I managed to solve this using curl. I had assumed before that the official terraform container was using debian, but it is actually using Alpine. So these containers don’t have curl on them, or even bash, but will let me install packages using apk. I’ve included my code below in case anyone else has this same issue in the future.
This assumes ARM_CLIENT_ID ARM_CLIENT_SECRET and ARM_TENANT_ID are appropriately defined environmental variables.
locals {
auth0_partner_name = "Auth0"
auth0_immutable_id = "804a11ca-ce9b-4158-8e94-3c8dc7a072ec"
}
/////// auth0 partner configuration ///////
resource "azapi_resource" "egpc_auth0" {
type = "Microsoft.EventGrid/partnerConfigurations@2021-10-15-preview"
name = "default"
location = "Global"
parent_id = azurerm_resource_group.this.id
tags = local.common_tags
body = jsonencode({
properties = {
partnerAuthorization = {
defaultMaximumExpirationTimeInDays = 1
authorizedPartnersList = [
{
partnerName = local.auth0_partner_name
partnerRegistrationImmutableId = local.auth0_immutable_id
}
]
}
}
})
}
//////////// auth0 log stream /////////////
resource "auth0_log_stream" "auth0" {
name = "ls-${local.prefix_long}"
type = "eventgrid"
status = "active"
depends_on = [azapi_resource.egpc_auth0]
sink {
azure_subscription_id = var.subscription_id
azure_resource_group = azurerm_resource_group.this.name
azure_region = azurerm_resource_group.this.location
}
provisioner "local-exec" {
interpreter = ["/bin/sh", "-c"]
command = <<EOF
# install curl and jq
apk add curl --quiet jq
# get bearer token
bearer=$(curl -sSX POST -d "grant_type=client_credentials&client_id=$${ARM_CLIENT_ID}&client_secret=$${ARM_CLIENT_SECRET}&resource=https%3A%2F%2Fmanagement.azure.com%2F" https://login.microsoftonline.com/$${ARM_TENANT_ID}/oauth2/token | jq ".access_token" -r)
# get unactivated topics containing "auth0-org-ENV-"
partnerTopicNames=$(curl -sSX GET -H "Authorization: Bearer $${bearer}" -H "Content-Type: application/json" https://management.azure.com/subscriptions/${var.subscription_id}/resourceGroups/${azurerm_resource_group.this.name}/providers/Microsoft.EventGrid/partnerTopics?api-version=2021-10-15-preview\&\$filter=contains\(name,\'auth0-org-${var.environment}-\'\) | jq -r '.value[] | select(.properties.activationState!="Activated")' | jq -r '.name')
# activate topics
for partnerTopicName in $${partnerTopicNames}; do
curl -sSX POST -H "Authorization: Bearer $${bearer}" -H "Content-Type: application/json" -H "Content-Length: 0" https://management.azure.com/subscriptions/${var.subscription_id}/resourceGroups/${azurerm_resource_group.this.name}/providers/Microsoft.EventGrid/partnerTopics/$${partnerTopicName}/activate?api-version=2021-10-15-preview
done
EOF
}
}
1 Like
Hey there everyone!
I thought I’m gonna chime in with something that might be of your interest! We’re hosting an Ask Me Anything Session in our Forum regarding Auth0 Terraform Provider.
It’s gonna be on Thursday, September 28, 2023. Check out more info about it here!
Auth0 by Okta Community Ask Me Anything with Auth0 Terraform Provider
The Auth0 Community is excited to invite you to our next interactive online Ask Me Anything (AMA) session on Thursday, September 28, 2023, featuring the Auth0 Terraform Provider Product Team.
Did you know that the Auth0 Terraform Provider offers a streamlined way to manage Auth0 configurations using Infrastructure as code, allowing for easy version control, automation, and integration into existing DevOps pipelines? No matter…
system
Closed
September 22, 2023, 7:16am
5
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.