Question 277414 in Ubuntu Question posted in
The official Ubuntu documentation can be found here.

Ubuntu – Azure Devops Terraform yaml confirm the apply command manually

Below is my terraform yaml file for to deploy the resource in terraform via Azure Devops Pipeline.
The problem in below yaml file is "terraform apply" command is running automatically. I am afraid to do that the reason is if the terraform destroy any resources it will delete the resources and it will be a big issue.

How to add the "terraform apply" command manually or by running any approve "terraform apply" command?

trigger:
- main

pool:
  vmImage: ubuntu-latest

jobs:
- job: Validate
  displayName: Terraform Validate
  pool:
    vmImage: ubuntu-latest
  steps:
  - checkout: self
  - task: TerraformInstaller@0
    displayName: Install Terraform latest
  - task: TerraformTaskV2@2
    displayName: 'Terraform : Init'
    inputs:
      backendServiceArm: 'serviceaccount-test'
      backendAzureRmResourceGroupName: dowd-resourcegroup-test
      backendAzureRmStorageAccountName: dowdtftestest
      backendAzureRmContainerName: tfstatedowd
      backendAzureRmKey: terraform.tfstate
  - task: TerraformTaskV2@2
    displayName: 'Terraform : Validate'
    inputs:
      command: validate
- job: Deploy
  displayName: Terraform Deploy
  pool:
    vmImage: ubuntu-latest
  steps:
  - checkout: self
  - task: TerraformInstaller@0
    displayName: Install Terraform latest
  - task: TerraformTaskV2@2
    displayName: 'Terraform : Init'
    inputs:
      backendServiceArm: 'serviceaccount-test'
      backendAzureRmResourceGroupName: dowd-resourcegroup-test
      backendAzureRmStorageAccountName: dowdtftestest
      backendAzureRmContainerName: tfstatedowd
      backendAzureRmKey: terraform.tfstate
  - task: TerraformTaskV2@2
    displayName: 'Terraform : Plan'
    inputs:
      command: plan
      environmentServiceNameAzureRM: 'serviceaccount-test'
  - task: TerraformTaskV2@2
    displayName: 'Terraform : Validate and Apply'
    inputs:
      command: apply
      environmentServiceNameAzureRM: 'serviceaccount-test'
Tags:

2

Answers


  1. 0

    You can add a manual intervention step in pipeline before terraform apply so it will pause the pipeline until you approve.

    Its solved here –
    How to add a manual intervention step in Azure Pipelines yaml

    Login or Signup to reply.
  2. 0

    You can use the environment and approval.

    Sample yaml:

    trigger:
- main

pool:
  vmImage: ubuntu-latest

stages:
- stage: Validate
  displayName: Validate stage
  jobs:
  - job: Validate
    pool:
      vmImage: ubuntu-latest
    steps:
    - checkout: self
    - script: echo my Terraform Validate

- stage: Deploy
  displayName: Deploy stage
  dependsOn: Validate
  jobs:
  - deployment: Deploy
    displayName: Deploy job
    pool:
      vmImage: ubuntu-latest
    environment: 'Deploy Terraform environment' #creates an environment if it doesn't exist
    strategy:
      runOnce:
        deploy:
          steps:
          - checkout: self
          - script: echo my Terraform Deploy

    Steps:

    1. Create an environment manaully or just define the environment in the yaml and it will create an environment if it doesn’t exist.
    2. Create Approvals and Checks on the environment. You can add multiple approvers to an environment.
      enter image description here
    3. Then the deploy stage will wait until the required approvers approve it.
      enter image description here

    Another option is to a manual intervention step mentioned by Virendra Kumar.
    For this option, please note that manual intervention step just notifies users, but it will not restrict who can approve the validation step. Users with ‘Queue builds’ permission on the pipeline can resume or reject the run of a Manual Intervention.

    Sample yaml:

    trigger:
- main

pool:
  vmImage: ubuntu-latest

jobs:
- job: Validate
  displayName: Terraform Validate
  steps:
  - script: echo Hello Terraform Validate!

- job: waitForValidation
  dependsOn: Validate
  displayName: Wait for external validation  
  pool: server    
  timeoutInMinutes: 4320 # job times out in 3 days
  steps:   
    - task: ManualValidation@0
      timeoutInMinutes: 1440 # task times out in 1 day
      inputs:
        notifyUsers: |
          [email protected]
          [email protected]
        instructions: 'Please validate the configuration and resume'
        onTimeout: 'resume'

- job: Deploy
  dependsOn: waitForValidation
  displayName: Terraform Deploy
  steps:
  - script: echo Hello Terraform Deploy!

    Result:
    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search