Terraform Import blocks aren't working correctly between windows / linux

[Poltergeisen]

Hi, I have some code like this:

locals {
  level_2 = zipmap(
    flatten([for key, value in var.management_groups : formatlist("${key}/%s", keys(value.children)) if value.children != null]),
    flatten([for value in var.management_groups : values(value.children) if value.children != null])
  )
}

import {
  for_each = local.level_2

  id = "/providers/Microsoft.Management/managementGroups/${basename(each.key)}"
  to = module.base.azurerm_management_group.level_2[each.key]
}

On windows, when I run this it does this:

On my linux build agent, I get the following:

It looks like it's adding some "\"'s in the import statements for some reason. I can't reproduce locally, or on WSL. Only on my build agent using this task...

This is my build script so far, as bare bones as I could make it:

trigger:
  branches:
    include:
      - main
  batch: true

pool: usw-landing-zone-prod-vmss
stages:
  - stage:
    jobs:
    - job: "INIT_PLAN"
      steps:
      - checkout: self
      - task: TerraformInstaller@1
        inputs:
          terraformVersion: '1.9.8'
      - task: TerraformTaskV4@4
        inputs:
          provider: 'azurerm'
          command: 'init'
          workingDirectory: '$(System.DefaultWorkingDirectory)/environments/lhg'
          backendAzureRmUseEnvironmentVariablesForAuthentication: false
          backendServiceArm: 'usw2-shared-services'
          backendAzureRmResourceGroupName: 'rg'
          backendAzureRmStorageAccountName: 'acct'
          backendAzureRmContainerName: 'tstate'
          backendAzureRmKey: 'cf/coreresources/environments/lhg/main.tfstate'
      - task: TerraformTaskV4@4
        inputs:
          provider: 'azurerm'
          command: 'plan'
          workingDirectory: '$(System.DefaultWorkingDirectory)/environments/lhg'
          environmentServiceNameAzureRM: 'usw2-shared-services'

[Poltergeisen]

When I log into the build agent directly and run the terraform plan command, I get the proper output.

There seems to be something missing in regards to the backend configuration maybe? Is there special setup I need to do for that to work correctly for plan steps? Shouldn't the init be enough?

[Poltergeisen]

I think this may be due to permissions errors. Is there a better way to maybe surface those? When I enable trace logging I get this:

2024-11-11T08:49:37.301Z [DEBUG] provider.terraform-provider-azurerm_v4.7.0_x5: {"error":{"code":"AuthorizationFailed","message":"The client '' with object id '' does not have authorization to perform action 'Microsoft.Management/managementGroups/read' over scope '/providers/Microsoft.Management/managementGroups/lhg-sandboxes' or the scope is invalid. If access was recently granted, please refresh your credentials."}}

[Poltergeisen]

I'd like to request that this error be surfaced better. If there is a permissions error I feel like that should be displayed instead of a "not found" generic message. The only way to know you're hitting permissions errors is to enable trace logging.

[mericstam]

Hi, sorry for late reply, I will see if we can surface permission errors better.

br
Manuel

[Poltergeisen]

That would be great! Thank you

…

On Sun, Dec 15, 2024, 2:41 PM mericstam ***@***.***> wrote: Hi, sorry for late reply, I will see if we can surface permission errors better. br Manuel — Reply to this email directly, view it on GitHub <#258 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AKVIV2N4LD55VCXFXK3WA7D2FXSOFAVCNFSM6AAAAABRRIYRNOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNBUGA2TENZWGE> . You are receiving this because you modified the open/close state.Message ID: ***@***.***>