update

Author: craigthackerx

.azuredevops/templates/steps/terraform-init-plan.yaml

@@ -44,6 +44,12 @@ parameters:
     default: "false"
     displayName: 'Run Terraform Destroy'
 
+  - name: TerraformInitCreateBackendStateFileName
+    type: string
+    values: [ "true", "false" ]
+    default: "false"
+    displayName: 'Whether the script should attempt to make a state file based on stack name'
+
   - name: TerraformInitExtraArgsJson
     type: string
     default: '[ ]'
@@ -246,38 +252,39 @@ steps:
 
   - pwsh: |
       pwsh -File "$(Build.SourcesDirectory)\Run-AzTerraform.ps1" `
-          -TerraformCodeLocation                '${{ parameters.TerraformCodeLocation }}' `
-          -TerraformStackToRunJson              '${{ parameters.TerraformStackToRunJson }}' `
-          -TerraformWorkspace                   '${{ parameters.TerraformWorkspace }}' `
-          -RunTerraformInit                     '${{ parameters.RunTerraformInit }}' `
-          -RunTerraformPlan                     '${{ parameters.RunTerraformPlan }}' `
-          -RunTerraformPlanDestroy              '${{ parameters.RunTerraformPlanDestroy }}' `
-          -RunTerraformApply                    '${{ parameters.RunTerraformApply }}' `
-          -RunTerraformDestroy                  '${{ parameters.RunTerraformDestroy }}' `
-          -TerraformInitExtraArgsJson           '${{ parameters.TerraformInitExtraArgsJson }}' `
-          -TerraformPlanExtraArgsJson           '${{ parameters.TerraformPlanExtraArgsJson }}' `
-          -TerraformPlanDestroyExtraArgsJson    '${{ parameters.TerraformPlanDestroyExtraArgsJson }}' `
-          -TerraformApplyExtraArgsJson          '${{ parameters.TerraformApplyExtraArgsJson }}' `
-          -TerraformDestroyExtraArgsJson        '${{ parameters.TerraformDestroyExtraArgsJson }}' `
-          -DebugMode                            '${{ parameters.DebugMode }}' `
-          -DeletePlanFiles                      '${{ parameters.DeletePlanFiles }}' `
-          -TerraformVersion                     '${{ parameters.TerraformVersion }}' `
-          -RunCheckov                           '${{ parameters.RunCheckov }}' `
-          -CheckovSkipCheck                     '${{ parameters.CheckovSkipCheck }}' `
-          -CheckovSoftfail                      '${{ parameters.CheckovSoftfail }}' `
-          -CheckovExtraArgsJson                 '${{ parameters.CheckovExtraArgsJson }}' `
-          -TerraformPlanFileName                '${{ parameters.TerraformPlanFileName }}' `
-          -TerraformDestroyPlanFileName         '${{ parameters.TerraformDestroyPlanFileName }}' `
-          -CreateTerraformWorkspace             '${{ parameters.CreateTerraformWorkspace }}' `
-          -UseAzureClientSecretLogin            '${{ parameters.UseAzureClientSecretLogin }}' `
-          -UseAzureOidcLogin                    '${{ parameters.UseAzureOidcLogin }}' `
-          -UseAzureUserLogin                    '${{ parameters.UseAzureUserLogin }}' `
-          -UseAzureManagedIdentityLogin         '${{ parameters.UseAzureManagedIdentityLogin }}' `
-          -UseAzureServiceConnection            '${{ parameters.UseAzureServiceConnection }}' `
-          -InstallTenvTerraform                 '${{ parameters.InstallTenvTerraform }}' `
-          -InstallAzureCli                      '${{ parameters.InstallAzureCli }}' `
-          -AttemptAzureLogin                    '${{ parameters.AttemptAzureLogin }}' `
-          -InstallCheckov                       '${{ parameters.InstallCheckov }}'
+          -TerraformCodeLocation                    '${{ parameters.TerraformCodeLocation }}' `
+          -TerraformStackToRunJson                  '${{ parameters.TerraformStackToRunJson }}' `
+          -TerraformWorkspace                       '${{ parameters.TerraformWorkspace }}' `
+          -RunTerraformInit                         '${{ parameters.RunTerraformInit }}' `
+          -RunTerraformPlan                         '${{ parameters.RunTerraformPlan }}' `
+          -RunTerraformPlanDestroy                  '${{ parameters.RunTerraformPlanDestroy }}' `
+          -RunTerraformApply                        '${{ parameters.RunTerraformApply }}' `
+          -RunTerraformDestroy                      '${{ parameters.RunTerraformDestroy }}' `
+          -TerraformInitCreateBackendStateFileName  '${{ parameters.TerraformInitCreateBackendStateFileName }}' `
+          -TerraformInitExtraArgsJson               '${{ parameters.TerraformInitExtraArgsJson }}' `
+          -TerraformPlanExtraArgsJson               '${{ parameters.TerraformPlanExtraArgsJson }}' `
+          -TerraformPlanDestroyExtraArgsJson        '${{ parameters.TerraformPlanDestroyExtraArgsJson }}' `
+          -TerraformApplyExtraArgsJson              '${{ parameters.TerraformApplyExtraArgsJson }}' `
+          -TerraformDestroyExtraArgsJson            '${{ parameters.TerraformDestroyExtraArgsJson }}' `
+          -DebugMode                                '${{ parameters.DebugMode }}' `
+          -DeletePlanFiles                          '${{ parameters.DeletePlanFiles }}' `
+          -TerraformVersion                         '${{ parameters.TerraformVersion }}' `
+          -RunCheckov                               '${{ parameters.RunCheckov }}' `
+          -CheckovSkipCheck                         '${{ parameters.CheckovSkipCheck }}' `
+          -CheckovSoftfail                          '${{ parameters.CheckovSoftfail }}' `
+          -CheckovExtraArgsJson                     '${{ parameters.CheckovExtraArgsJson }}' `
+          -TerraformPlanFileName                    '${{ parameters.TerraformPlanFileName }}' `
+          -TerraformDestroyPlanFileName             '${{ parameters.TerraformDestroyPlanFileName }}' `
+          -CreateTerraformWorkspace                 '${{ parameters.CreateTerraformWorkspace }}' `
+          -UseAzureClientSecretLogin                '${{ parameters.UseAzureClientSecretLogin }}' `
+          -UseAzureOidcLogin                        '${{ parameters.UseAzureOidcLogin }}' `
+          -UseAzureUserLogin                        '${{ parameters.UseAzureUserLogin }}' `
+          -UseAzureManagedIdentityLogin             '${{ parameters.UseAzureManagedIdentityLogin }}' `
+          -UseAzureServiceConnection                '${{ parameters.UseAzureServiceConnection }}' `
+          -InstallTenvTerraform                     '${{ parameters.InstallTenvTerraform }}' `
+          -InstallAzureCli                          '${{ parameters.InstallAzureCli }}' `
+          -AttemptAzureLogin                        '${{ parameters.AttemptAzureLogin }}' `
+          -InstallCheckov                           '${{ parameters.InstallCheckov }}'
     name: RunAzTerraform
     displayName: 'Run Terraform init & Terraform plan'
     env:

.azuredevops/workflows/steps/terraform-init-plan.yaml

@@ -26,7 +26,6 @@ parameters:
       - '["all"]'
     displayName: 'Terraform Stacks to Run'
 
-
   - name: CreateTerraformWorkspace
     type: string
     values: [ "true", "false" ]
@@ -73,6 +72,12 @@ parameters:
     default: "false"
     displayName: "Debug mode enabled"
 
+  - name: TerraformInitCreateBackendStateFileName
+    type: string
+    values: [ "true", "false" ]
+    default: "true"
+    displayName: 'Whether the script should attempt to make a state file based on stack name'
+
   - name: TerraformInitExtraArgsJson
     type: string
     default: >
@@ -84,7 +89,6 @@ parameters:
       ]
     displayName: 'Extra Args for terraform init'
 
-
   - name: TerraformPlanExtraArgsJson
     type: string
     default: '[ ]'
@@ -107,6 +111,7 @@ steps:
   - template: .azuredevops/templates/steps/terraform-init-plan.yaml@githubTemplates  # path in the external repo
     parameters:
       TerraformCodeLocation: ${{ parameters.TerraformCodeLocation }}
+      TerraformInitCreateBackendStateFileName: ${{ parameters.TerraformInitCreateBackendStateFileName }}
       TerraformInitExtraArgsJson: ${{ parameters.TerraformInitExtraArgsJson }}
       TerraformPlanExtraArgsJson: ${{ parameters.TerraformPlanExtraArgsJson }}
       TerraformStackToRunJson: ${{ parameters.TerraformStackToRunJson }}

PowerShellModules/Terraform.psm1

@@ -137,7 +137,10 @@ function Invoke-TerraformInit
         [Parameter(Mandatory)][string]$CodePath,
 
     # Optional additional arguments, e.g. "-backend-config=xyz.tfbackend"
-        [string[]]$InitArgs = @()
+        [string[]]$InitArgs = @(),
+        [bool]$CreateBackendKey = $false,
+        [string]$StackFolderName = $null
+
     )
 
     $inv = $MyInvocation.MyCommand.Name
@@ -154,6 +157,14 @@ function Invoke-TerraformInit
         _LogMessage -Level 'INFO'  -Message "Running *terraform init ${InitArgs} * in: $CodePath" -InvocationName $inv
         Set-Location $CodePath
 
+        if ($CreateBackendKey -and $StackFolderName)
+        {
+            $normalized = $StackFolderName -replace '_', '-'
+            $backendArg = "-backend-config=key=${normalized}.terraform.tfstate"
+            _LogMessage -Level 'DEBUG' -Message "Appending backend key arg: $backendArg" -InvocationName $inv
+            $InitArgs += $backendArg
+        }
+
         & terraform init @InitArgs
         $code = $LASTEXITCODE
         _LogMessage -Level 'DEBUG' -Message "terraform init exit-code: $code" -InvocationName $inv
@@ -450,13 +461,13 @@ function Convert-TerraformPlanToJson
 ###############################################################################
 Export-ModuleMember -Function `
     Invoke-TerraformValidate, `
-       Invoke-TerraformFmtCheck, `
-       Get-TerraformStackFolders, `
-       Invoke-TerraformInit, `
-       Invoke-TerraformWorkspaceSelect, `
-       Invoke-TerraformPlan, `
-       Invoke-TerraformPlanDestroy, `
-       Invoke-TerraformApply, `
-       Invoke-TerraformDestroy, `
-       Convert-TerraformPlanToJson
+         Invoke-TerraformFmtCheck, `
+         Get-TerraformStackFolders, `
+         Invoke-TerraformInit, `
+         Invoke-TerraformWorkspaceSelect, `
+         Invoke-TerraformPlan, `
+         Invoke-TerraformPlanDestroy, `
+         Invoke-TerraformApply, `
+         Invoke-TerraformDestroy, `
+         Convert-TerraformPlanToJson
 

Run-AzTerraform.ps1

@@ -5,6 +5,7 @@ param (
     [string]$RunTerraformApply = "false",
     [string]$RunTerraformDestroy = "false",
     [string]$TerraformInitExtraArgsJson = '[]',
+    [string]$TerraformInitCreateBackendStateFileName = "false",
     [string]$TerraformPlanExtraArgsJson = '[]',
     [string]$TerraformPlanDestroyExtraArgsJson = '[]',
     [string]$TerraformApplyExtraArgsJson = '[]',
@@ -125,6 +126,9 @@ try
     $convertedRunTerraformInit = ConvertTo-Boolean $RunTerraformInit
     _LogMessage -Level 'DEBUG' -Message "RunTerraformInit: `"$RunTerraformInit`" → $convertedRunTerraformInit" -InvocationName "$( $MyInvocation.MyCommand.Name )"
 
+    $convertedTerraformInitCreateBackendStateFileName = ConvertTo-Boolean $TerraformInitCreateBackendStateFileName
+    _LogMessage -Level 'DEBUG' -Message "TerraformInitCreateBackendStateFileName: `"$TerraformInitCreateBackendStateFileName`" → $convertedTerraformInitCreateBackendStateFileName" -InvocationName "$( $MyInvocation.MyCommand.Name )"
+
     $convertedRunTerraformPlan = ConvertTo-Boolean $RunTerraformPlan
     _LogMessage -Level 'DEBUG' -Message "RunTerraformPlan: `"$RunTerraformPlan`" → $convertedRunTerraformPlan" -InvocationName "$( $MyInvocation.MyCommand.Name )"
 
@@ -259,7 +263,11 @@ try
             Invoke-TerraformFmtCheck  -CodePath $folder
 
             # ── INIT ──────────────────────────────────────────────────────────────
-            if ($convertedRunTerraformInit)
+            if ($convertedRunTerraformInit -and $convertedTerraformInitCreateBackendStateFileName)
+            {
+                Invoke-TerraformInit -CodePath $folder -InitArgs $TerraformInitExtraArgs -CreateBackendKey $convertedTerraformInitCreateBackendStateFileName -StackFolderName $folder
+            }
+            else
             {
                 Invoke-TerraformInit -CodePath $folder -InitArgs $TerraformInitExtraArgs
             }