Dynamic Cypher in terraform

Hi Team,

I have created the terraform blueprint which is going to support the multiple resource provisioning. Here we are having multiple cloud environment on same Azure. So I have created the terraform profile on each of the clouds to support the solution for all. In this case we need to use the cypher dynamically. As I tried the below one its working as expected if we pass the cypher is static.

subscription_id = “<%=cypher.read(‘tfvars/profile/cloud/azure/variables’).tokenize(‘|’)[0] %>”
client_id = “<%=cypher.read(‘tfvars/profile/cloud/azure/variables’).tokenize(‘|’)[1] %>”
client_secret = “<%=cypher.read(‘tfvars/profile/cloud/azure/variables’).tokenize(‘|’)[2] %>”
tenant_id = “<%=cypher.read(‘tfvars/profile/cloud/azure/variables’).tokenize(‘|’)[3] %>”

However, it is having the limitation due to static. Instead of this I want to make it support for all cloud for that I have tried multiple way of appending the cloud name, but we are getting the Error. I am just adding the subscription id only for refernce

variable “environment” {
description = “Environment name, e.g., azure-dev or test-azure”
type = string
default = “azure” # Or set this dynamically during apply
}

locals {
cypher_path = “tfvars/profile/cloud/${var.environment}/variables”

Assuming you have a data source or other method to retrieve these values

subscription_id = “<%=cypher.read(${local.cypher_path}).tokenize(‘|’)[0]%>”
}

Error: building account: could not acquire access token to parse claims: clientCredentialsToken: failed to build request: parse “https://login.microsoftonline.com/<%=cypher.read(tfvars/profile/cloud/azure/variables).tokenize(‘|’)[3]%>/oauth2/v2.0/token”: invalid URL escape “%=c”

with provider[“Terraform Registry”],
on Azure-Service-Plan.tf line 67, in provider “azurerm”:
67: provider “azurerm” {

I wants to know how we can use the dynamic cloudname in the script to support multiple azure clouds.

Can you help me understand the reasoning for doing it this way? The cloud profile itself is stored in cypher as a tfvars file. So you are trying to read cypher from within cypher.
With it being attached to the cloud, Morpheus will use the profile and any other sources of tfvars to deploy a blueprint or instance type. The caveat to this would be the cloud code must be unique to have separate cypher entries.
If I am understanding what you are trying to do, you just need to set different cloud codes and put the actual values for the vars in the profile to achieve the outcome you are looking for. That will create a unique cypher entry for each cloud and the cloud specific variables can be put in that profile. Any globally used variables could be put directly into a TFvars cypher and attached to the blueprint.

EXAMPLE:

Cloud1:

  • Name: Azure US East
  • Code: useast
  • Profile Location: tfvars/profile/cloud/useast/variables
  • Profile:
cloud_unique_var_1 = "foo"
cloud_unique_var_2 = "bar"

Cloud2:

  • Name: Azure US West
  • Code: uswest
  • Profile Location: tfvars/profile/cloud/uswest/variables
cloud_unique_var_1 = "meep"
cloud_unique_var_2 = "mop"

A profile for each of these clouds would be unique and could hold the unique variables required for each cloud.

Then the TFvars cypher could hold the shared information and be attached directly to the Blueprint (They could also be in every cloud profile if you want to go that route):

subscription_id = “1234567890”
client_id = “0987654321”
client_secret = “1357924680”
tenant_id = “2468013579”

Thanks @sjabro … We are planning to achieve two things one if we are using the below vars its visible it on the state tab that’s not required for the normal users view even if we set the value type is sensitive.
subscription_id = “1234567890”
client_id = “0987654321”
client_secret = “1357924680”
tenant_id = “2468013579”

For the other automation we are using the apply state api to achieve some of the activities for that it we need to pass those subcription_id again. Achieving both of the activities we need to use dynamic cypher key.

Cloud1:

  • Name: azure-dev
  • Code: azure-dev
  • Profile Location: tfvars/profile/cloud/azure-dev/variables
    vars"
    1234567890|0987654321|1357924680|2468013579
cloud_unique_var_1 = "foo"
cloud_unique_var_2 = "bar"

Cloud2:

  • Name: azure-prod
  • Code: azure-prod
  • Profile Location: tfvars/profile/cloud/azure-prod/variables
    cloud1:

subscription_id = “<%=cypher.read(‘tfvars/profile/cloud/azure-dev/variables’).tokenize(‘|’)[0] %>”
client_id = “<%=cypher.read(‘tfvars/profile/cloud/azure-dev/variables’).tokenize(‘|’)[1] %>”

cloud2:

subscription_id = “<%=cypher.read(‘tfvars/profile/cloud/azure-prod/variables’).tokenize(‘|’)[0] %>”
client_id = “<%=cypher.read(‘tfvars/profile/cloud/azure-prod/variables’).tokenize(‘|’)[1] %>”

So, in the above example if you notice we are using the same cloud name as cloud code so if we pass the cloud name it will accept the respective cypher according to our cloud selection. So as I mentioned I just want to know how we can pass the dynamic variable name in the path…
Example:
variable “cloud_name”{
default = “azure-dev”
}
subscription_id = “<%=cypher.read(‘tfvars/profile/cloud/${var.cloud_name}/variables’).tokenize(‘|’)[0] %>”

Here we are going to create only one catalog for different azure cloud. Ex: azure-dev,azure-prod in this case terraform need to get the dynamic cypher key to proceed with the specific subscription and credentials for selected cloud during the catalog order.

Thanks in advance.