Terraform azure-remove subcription details from output

terraform azure tutorial
terraform azure variables
terraform run azure cli command
terraform azure devops provider
terraform azure resource group
terraform azurerm multiple subscriptions
terraform azure b2c
terraform arm

I declared security group in following way:

resource "azurerm_network_security_group" "wan" {
  count               = "${var.enable_wan_subnet ? 1 : 0}"
  provider            = "azurerm.base"
  name                = "${format("%s-%s", var.environment_name, "WAN-Subnet-Security-Group")}"
  location            = "${azurerm_resource_group.this.location}"
  resource_group_name = "${azurerm_resource_group.this.name}"

tags = "${
    merge(map("Name", format("%s-%s-%s",var.environment_name,"WAN-Subnets", "Security-Group")), 
    var.tags_global, 
    var.tags_module)
    }"
}

and created output for that security group:

output "security_groups_id_wan" {
  value = "${azurerm_network_security_group.wan.*.id}"

  depends_on = [
    "azurerm_subnet.wan",
  ]
}

In output i'm getting

Actual output

security_groups_id_wan = [
    /subscriptions/111-222-333-4445/resourceGroups/default_resource_group/providers/Microsoft.Network/networkSecurityGroups/DF-DTAP-WAN-Subnet-Security-Group
]

How, from output, to remove all except resource name (DF-DTAP-WAN-Subnet-Security-Group)

Desired output:

security_groups_id_wan = [
   DF-DTAP-WAN-Subnet-Security-Group
]

You can just use the Terraform functions and change the output value like this:

output "security_groups_id_wan" {
  value = "${slice(split("/",azurerm_network_security_group.wan.*.id), length(split("/",azurerm_network_security_group.wan.*.id))-1, length(split("/",azurerm_network_security_group.wan.*.id)))}"

  depends_on = [
    "azurerm_subnet.wan",
  ]
}

With the functions, you can output every resource as you need. For more details, see Terraform Supported built-in functions.

Update

The test with an existing NSG through the Terraform data and the template here:

data "azurerm_network_security_group" "test" {
        name = "azureUbuntu18-nsg"
        resource_group_name = "charles"
}

output "substring" {
        value = "${slice(split("/",data.azurerm_network_security_group.test.id), length(split("/",data.azurerm_network_security_group.test.id))-1, length(split("/",data.azurerm_network_security_group.test.id)))}"
}

The screenshot of the result here:

Azure Resource Manager: azurerm_subscriptions, The output (similar to below) will display one or more Subscriptions - with the id field being the subscription_id field referenced above. [ { "cloudName": "  update - (Defaults to 30 minutes) Used when updating the ServiceBus Subscription. read - (Defaults to 5 minutes) Used when retrieving the ServiceBus Subscription. delete - (Defaults to 30 minutes) Used when deleting the ServiceBus Subscription. » Import Service Bus Subscriptions can be imported using the resource id, e.g.

You built that name yourself with "${format("%s-%s", var.environment_name, "WAN-Subnet-Security-Group")}" so why not just output that?

To save repeating yourself you could put that in a local and refer to it in both the resource and the output:

locals {
  security_group_name = "${format("%s-%s", var.environment_name, "WAN-Subnet-Security-Group")}"
}

resource "azurerm_network_security_group" "wan" {
  count               = "${var.enable_wan_subnet ? 1 : 0}"
  provider            = "azurerm.base"
  name                = "${local.security_group_name}"
  # ...
}

output "security_groups_id_wan" {
  value = "${local.security_group_name}"
}

Note that you also didn't need the depends_on because a) it's an output, it happens at the end of things anyway and b) you already have an implicit dependency on that resource because you used an interpolation that included the resource.

You can read more about Terraform dependencies via the Hashicorp Learn platform.

Provider: Azure, The terraform state rm command is used to remove items from the Terraform state​. This command will output a backup copy of the state prior to saving any  subscriptions - One or more subscription blocks as defined below. The subscription block contains: subscription_id - The subscription GUID. display_name - The subscription display name. tenant_id - The subscription tenant ID. state - The subscription state. Possible values are Enabled, Warned, PastDue, Disabled, and Deleted.

Addition to @Charles Xu's answer:Had to convert list to string first

output "subnets_id_wan" {

  value = "${slice(split("/",join(",",azurerm_subnet.wan.*.id)), length(split("/",join(",",azurerm_subnet.wan.*.id)))-1, length(split("/",join(",",azurerm_subnet.wan.*.id))))}"



  depends_on = [
    "azurerm_subnet.wan",
  ]
}

Authenticating using the Azure CLI, Azure Provider: Authenticating using a Service Principal with a Client Secret can be independently recovered from your Azure account details). The output (​similar to below) will display one or more Subscriptions - with the id field being the  The terraform plan command enables you to verify whether the execution plan matches your expectations before making any changes to actual resources. The optional -out parameter allows you to specify an output file for the plan. For more information on using the -out parameter, see the section Persisting execution plans for later deployment.

Azure Provider: Authenticating via the Azure CLI, Here are the details about the API being released from Azure Feature Request: Azure Subscription Creation with Terraform #1975. Closed what's the issue with only being able to create 200? can't you cancel them? Stack Overflow for Teams is a private, secure spot for you and your coworkers to find and share information. Learn more Terraform : How to pass output value of one module to another module in azure

Command: state rm, Start using Service Principals to manage multiple subscriptions and Azure tenants. details can sit directly in the relevant terraform directory so that it is Output: Microsoft.Authorization/classicAdministrators/delete Microsoft. Terraform then shows you the plan and asks you to confirm that you would like to use the plan to make changes to your infrastructure. Terraform’s default safety mechanism is you, the DevOps person who just invoked the command. Terraform cannot review the plan, think it over, and make the right decision about whether the changes are safe.

Azure Provider: Authenticating via a Service Principal , Output values are like the return values of a Terraform module, and have several uses: A child module can use outputs to expose a subset of its resource attributes to a parent module. A root module can use outputs to print certain values in the CLI output after running terraform apply .

Comments
  • thanks but getting this: ` * output.subnets_id_wan: At column 9, line 1: split: argument 2 should be type string, got type list in: ${slice(split("/",azurerm_network_security_group.wan.*.id), length(split("/",azurerm_network_security_group.wan.*.id))-1, length(split("/",azurerm_network_security_group.wan.*.id)))}`
  • The second parameter of the function split() should be a string. And if you create serial NSGs, the id would be an array. You use an exact id.
  • thanks @Charles Xu, i had to convert list to string first
  • if using slice in output then getting azurerm_network_security_group doesn't have attribute id
  • The slice just selects some elements from a list for you.
  • i tried it and it works, but i have multiple resources (not only security group), and i need for every resource to declare different variable (locals), is there any more elegant way ?
  • You should consider asking a separate question that adds that extra constraint and show why this answer doesn't work for your second question with your extra constraint, linking to this one for clarity.