I managed to solve this using curl. I had assumed before that the official terraform container was using debian, but it is actually using Alpine. So these containers don’t have curl on them, or even bash, but will let me install packages using apk. I’ve included my code below in case anyone else has this same issue in the future.
This assumes ARM_CLIENT_ID ARM_CLIENT_SECRET and ARM_TENANT_ID are appropriately defined environmental variables.
locals {
auth0_partner_name = "Auth0"
auth0_immutable_id = "804a11ca-ce9b-4158-8e94-3c8dc7a072ec"
}
/////// auth0 partner configuration ///////
resource "azapi_resource" "egpc_auth0" {
type = "Microsoft.EventGrid/partnerConfigurations@2021-10-15-preview"
name = "default"
location = "Global"
parent_id = azurerm_resource_group.this.id
tags = local.common_tags
body = jsonencode({
properties = {
partnerAuthorization = {
defaultMaximumExpirationTimeInDays = 1
authorizedPartnersList = [
{
partnerName = local.auth0_partner_name
partnerRegistrationImmutableId = local.auth0_immutable_id
}
]
}
}
})
}
//////////// auth0 log stream /////////////
resource "auth0_log_stream" "auth0" {
name = "ls-${local.prefix_long}"
type = "eventgrid"
status = "active"
depends_on = [azapi_resource.egpc_auth0]
sink {
azure_subscription_id = var.subscription_id
azure_resource_group = azurerm_resource_group.this.name
azure_region = azurerm_resource_group.this.location
}
provisioner "local-exec" {
interpreter = ["/bin/sh", "-c"]
command = <<EOF
# install curl and jq
apk add curl --quiet jq
# get bearer token
bearer=$(curl -sSX POST -d "grant_type=client_credentials&client_id=$${ARM_CLIENT_ID}&client_secret=$${ARM_CLIENT_SECRET}&resource=https%3A%2F%2Fmanagement.azure.com%2F" https://login.microsoftonline.com/$${ARM_TENANT_ID}/oauth2/token | jq ".access_token" -r)
# get unactivated topics containing "auth0-org-ENV-"
partnerTopicNames=$(curl -sSX GET -H "Authorization: Bearer $${bearer}" -H "Content-Type: application/json" https://management.azure.com/subscriptions/${var.subscription_id}/resourceGroups/${azurerm_resource_group.this.name}/providers/Microsoft.EventGrid/partnerTopics?api-version=2021-10-15-preview\&\$filter=contains\(name,\'auth0-org-${var.environment}-\'\) | jq -r '.value[] | select(.properties.activationState!="Activated")' | jq -r '.name')
# activate topics
for partnerTopicName in $${partnerTopicNames}; do
curl -sSX POST -H "Authorization: Bearer $${bearer}" -H "Content-Type: application/json" -H "Content-Length: 0" https://management.azure.com/subscriptions/${var.subscription_id}/resourceGroups/${azurerm_resource_group.this.name}/providers/Microsoft.EventGrid/partnerTopics/$${partnerTopicName}/activate?api-version=2021-10-15-preview
done
EOF
}
}