Terraform-provider-azurerm: Add support for Azure Lighthouse / Azure Delegated Resource Management
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
Add support for Azure Lighthouse, announced at Inspire 2019.
Many multi cloud partners are standardising on Terraform for customer deployments, and Lighthouse will be the default way to set up authorisations for service providers to gain the correct access, visibility and recognition in customer tenancies.
New or Affected Resource(s)
The new AzureRM provider, Microsoft.ManagedServices, provides two new types,
These are the Azure Delegated Resource Management calls.
Suggested Terraform resources to directly match:
- azurerm_registration_assignments
- azurerm_registration_definitions
Alternatively (or if synonyms are supported) then
- azurerm_lighthouse_assignments
- azurerm_lighthouse_definitions
Also data sources to match.
Potential Terraform Configuration
# To be defined, but similar to the role assignments bar argument / attribute differences.
References
Blog Posts
- https://azure.microsoft.com/blog/introducing-azure-lighthouse/
- https://azure.microsoft.com/blog/how-azure-lighthouse-enables-management-at-scale-for-service-providers/
Video
- Introducing Azure Lighthouse
- https://azure.microsoft.com/resources/videos/azure-lighthouse-demo-recording/
Documentation
ARM Templates
richeney
All 6 comments
I think it sounds like a good idea. I've only just learned of the existence of Lighthouse, but I've been reading about about it for a few hours and I can foresee a use case that's not about ongoing managed services, but about consulting - cloud architecture and security assessments in which Terraform compatibility would facilitate deployment of a proof of concept in the consulting client's cloud estate. We typically recommend clients adopt Terraform, and this might make it easier for us to do that.
RickB-2840
on 28 Dec 2019
I am working on this feature now. I should be submitting the PR by next week.
Humoiz
on 14 Apr 2020
This is a really useful feature for us as an MSP who manages our customer environments with Terraform.
Based on PR comments, it appears that it's been deferred pending an internal discussion surrounding CI/testability. Would be interested to see how that unfolds, but I'm also curious as to the actual likelihood of the CI issues being resolved in time for the tagged milestones.
Totally understand it may not be a high priority; I'm just trying to gauge the level of effort we should put into looking for interim solutions, or if we should just wait it out and import state after the fact.
lukiffer
on 23 Jun 2020
Closing as addressed by merge of #6560, due to be released in v2.28.0 of the provider.
jackofallops
on 16 Sep 2020
This has been released in version 2.28.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:
provider "azurerm" {
version = "~> 2.28.0"
}
# ... other configuration ...
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 17 Sep 2020
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!
hashibot[bot]
on 17 Oct 2020
Related issues
voyera
·
3Comments
rudolphjacksonm
·
3Comments
rolandjohann
·
3Comments
tomasaschan
·
3Comments
bentterp
·
3Comments
Most helpful comment
I am working on this feature now. I should be submitting the PR by next week.