Search code examples
terraformterraform-provider-azure

Terraform explicitly pass multiple provider

I use terraform for all the infra needs.

All my configuration is stored in Azure KV in say Subscription "DEVOPS". All my infra for testing is created in Subscription "Staging"

Following is my TF code

variable name {}
variable location {}
variable tags {}
 
provider "azurerm" {
    subscription_id = "Staging"
    features()
}

provider "azurerm" {
    subscription_id = "DEVOPS"
    features()
    alias = "devopskv"
}

module "resource_group" {
  source = "../modules/azure-resource-group"

    name     = var.name
    location = var.location
    tags     = var.tags
    
    providers = {
        azurerm = azurerm
        azurerm.devopskv = azurerm.devopskv
    }   
}

## Module



data "azurerm_key_vault" "kv" {
  name                = "my-kv"
  resource_group_name = "my-kv-rg"
  provider            = azurerm.devopskv
}

data "azurerm_key_vault_secret" "name" {
  name         = var.name
  key_vault_id = data.azurerm_key_vault.kv.id
  provider     = azurerm.devopskv
}

resource "azurerm_resource_group" "resource_group" {
  name     = data.azurerm_key_vault_secret.name.value
  location = var.location
  tags     = var.tags
}

Output expected: RG created in Staging subscription Staging with name fetched from KV residing in DEVOPS Subscription.

Actual Output: error: Resource group "my-kv-rg" is not found.

Trace Details: TF is trying to fetch the KV "my-kv" from subscription "Staging" and not "DEVOPS".

what is wrong on above ?

Solution

  • To use multiple providers in the module, I recommend you set all the providers also inside the module. Take a look at the link. It should be like this:

    ## Module

provider "azurerm" {}

provider "azurerm" {
  alias = "devopskv"
}

data "azurerm_key_vault" "kv" {
  name                = "my-kv"
  resource_group_name = "my-kv-rg"
  provider            = azurerm.devopskv
}

data "azurerm_key_vault_secret" "name" {
  name         = var.name
  key_vault_id = data.azurerm_key_vault.kv.id
  provider     = azurerm.devopskv
}

resource "azurerm_resource_group" "resource_group" {
  name     = data.azurerm_key_vault_secret.name.value
  location = var.location
  tags     = var.tags
}

    In addition, you also need to set the variables inside the module to accept the input of the root level. If you already have done it, just ignore this advice.