Terraform pipeline times out and stops when deploying Azure Management Group, but management group d-CodePudding

So I'm using a .yaml pipeline in Azure DevOps that utilises a service principal to create the management section of my dev environment. Previously, it worked fine. I changed the code so that the management groups use a UUID so that I never get any duplicate names in my tenant. However, now it won't deploy the management groups properly. Instead it times out during the apply stage and the pipeline fails. However, when I check in the Azure portal, I can see the management group has been deployed and its name is the exact same UUID that I saw during the creation attempt that allegedly timed out.

I then reverted my code back to the previous iteration, and now I am getting the same error on the old code that was previously working! I checked to see if there's a limit on the number of management groups, but our tenant definitely isn't hitting the 10,000 management group limit. I'm wondering if there's been a change to permissions (I can't see any from my side), or whether this is a bug in Terraform (or maybe the Azure API). I was trying to create a UUID and assign that as the name for the management groups, rather than have the management groups create a UUID themselves by simply not providing the resource with a name/id.

Here's the problem sections of the code:

terraform {
  required_version = ">= 0.13, <= 1.10.0"
  backend "azurerm" {}
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "=2.57.0"
    }
  }
}

provider "azurerm" {
  features {}
}

resource "random_uuid" "UUID_org" {

}

output "UUID_org" {
  value       = random_uuid.UUID_org.result
  description = "The UUID serving as the management_group_name of the org management group"
}

resource "azurerm_management_group" "management_group_org" {
  
  display_name               = format("%s-%s", local.prefix_management_group, local.company_name)
  name                       = random_uuid.UUID_org.result
  parent_management_group_id = "/providers/Microsoft.Management/managementGroups/${local.root_management_group}"
  subscription_ids           = null
}

resource "random_uuid" "UUID_platform" {

}

output "UUID_platform" {
  value       = random_uuid.UUID_platform.result
  description = "The UUID serving as the management_group_name of the platform management group"
}

resource "azurerm_management_group" "management_group_platform" {
  
  display_name               = "platform"
  name                       = random_uuid.UUID_platform.result
  parent_management_group_id = azurerm_management_group.management_group_org.id #random_uuid.UUID_org.result
  subscription_ids           = []
}

Locals have been omitted for confidentiality.

Here is the error message that the pipeline kicks out on failure:

module.management_groups_org.azurerm_management_group.management_group_assignments["default-name-org"]: Still creating... [3m40s elapsed]
╷
│ Error: failed when waiting for creation of Management Group "default-name-org": Future#WaitForCompletion: the number of retries has been exceeded: StatusCode=404 -- Original Error: Code="InProgress" Message="The async operation failed." AdditionalInfo=[{"id":"/providers/Microsoft.Management/managementGroups/default-name-org","name":"default-name-org","status":"NotStarted","type":"/providers/Microsoft.Management/managementGroups"}]
│ 
│   with module.management_groups_org.azurerm_management_group.management_group_assignments["default-name-org"],
│   on ../../../../modules/azurerm-managementgroups/main.tf line 10, in resource "azurerm_management_group" "management_group_assignments":
│   10: resource "azurerm_management_group" "management_group_assignments" {
│ 
╵
##[debug]Exit code 1 received from tool '/azp/_work/_tool/terraform/0.15.1/x64/terraform'
##[debug]STDIO streams have closed for tool '/azp/_work/_tool/terraform/0.15.1/x64/terraform'
##[debug]allowTelemetryCollection=true
##[error]Terraform command 'apply' failed with exit code '1'.

Can anyone shed some light on what may be happening here?

CodePudding user response：

This has suddenly started working now, so I suspect it was an incident with the Azure API.

CodePudding user response：

I tested your code and its working fine . But if the issue persists then please upgrade the azurerm provider to the latest version i.e. v2.90.0 so that it uses the latest Azure API's.

terraform {
  required_version = ">= 0.13, <= 1.10.0"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "=2.90.0"
    }
  }
}

provider "azurerm" {
  features {}
}

resource "random_uuid" "UUID_org" {}

output "UUID_org" {
  value       = random_uuid.UUID_org.result
  description = "The UUID serving as the management_group_name of the org management group"
}

resource "azurerm_management_group" "management_group_org" {
  
  display_name               = format("%s-%s", local.prefix_management_group, local.company_name)
  name                       = random_uuid.UUID_org.result
  parent_management_group_id = "/providers/Microsoft.Management/managementGroups/${local.root_management_group}"
  subscription_ids           = null
}

resource "random_uuid" "UUID_platform" {}

output "UUID_platform" {
  value       = random_uuid.UUID_platform.result
  description = "The UUID serving as the management_group_name of the platform management group"
}

resource "azurerm_management_group" "management_group_platform" {
  
  display_name               = "platform"
  name                       = random_uuid.UUID_platform.result
  parent_management_group_id = azurerm_management_group.management_group_org.id #random_uuid.UUID_org.result
  subscription_ids           = []
}

Output: