Having trouble with Level1 azure_devops deployment

[kgibson-insight]

Describe the bug
var.global_settings.regions is null on deploy of level1

To Reproduce
Update regions to custom
Successfully deploy level0/launchpad
Deploy level1 with command

rover -lz /tf/caf/walkthrough/landingzones/caf_solution \
-var-folder /tf/caf/walkthrough/configuration/sandpit/level1/gitops/azure_devops_agents_vm \
-tfstate azure_devops_agents_vm.tfstate \
-level level1 \
-env sandpit \
-a apply

Produces:

│ Warning: Value for undeclared variable
│ 
│ The root module does not declare a variable named "azure_devops" but a
│ value was found in file
│ "/tf/caf/walkthrough/configuration/sandpit/level1/gitops/azure_devops_agents_vm/landingzone.tfvars".
│ If you meant to use this value, add a "variable" block to the
│ configuration.
│ 
│ To silence these warnings, use TF_VAR_... environment variables to provide
│ certain "global" settings to all configurations in your organization. To
│ reduce the verbosity of these warnings, use the -compact-warnings option.
╵
Terraform plan return code: 1
Terraform returned errors:
╷
│ Error: Attempt to index null value
│ 
│   on /home/vscode/.terraform.cache/modules/solution/modules/resource_group/module.tf line 15, in resource "azurerm_resource_group" "rg":
│   15:   location = var.global_settings.regions[lookup(var.settings, "region", var.global_settings.default_region)]
│     ├────────────────
│     │ var.global_settings.default_region is "region1"
│     │ var.global_settings.regions is null
│     │ var.settings is object with 1 attribute "name"
│ 
│ This value is null, so it does not have any indices.
╵
╷
│ Error: Attempt to index null value
│ 
│   on /home/vscode/.terraform.cache/modules/solution/modules/resource_group/module.tf line 15, in resource "azurerm_resource_group" "rg":
│   15:   location = var.global_settings.regions[lookup(var.settings, "region", var.global_settings.default_region)]
│     ├────────────────
│     │ var.global_settings.default_region is "region1"
│     │ var.global_settings.regions is null
│     │ var.settings is object with 1 attribute "name"
│ 
│ This value is null, so it does not have any indices.
╵
╷
│ Error: Attempt to index null value
│ 
│   on /home/vscode/.terraform.cache/modules/solution/modules/resource_group/module.tf line 15, in resource "azurerm_resource_group" "rg":
│   15:   location = var.global_settings.regions[lookup(var.settings, "region", var.global_settings.default_region)]
│     ├────────────────
│     │ var.global_settings.default_region is "region1"
│     │ var.global_settings.regions is null
│     │ var.settings is object with 1 attribute "name"
│ 
│ This value is null, so it does not have any indices.
╵
╷
│ Error: Attempt to index null value
│ 
│   on /home/vscode/.terraform.cache/modules/solution/modules/resource_group/module.tf line 15, in resource "azurerm_resource_group" "rg":
│   15:   location = var.global_settings.regions[lookup(var.settings, "region", var.global_settings.default_region)]
│     ├────────────────
│     │ var.global_settings.default_region is "region1"
│     │ var.global_settings.regions is null
│     │ var.settings is object with 1 attribute "name"
│ 
│ This value is null, so it does not have any indices.
╵
╷
│ Error: Attempt to index null value
│ 
│   on /home/vscode/.terraform.cache/modules/solution/modules/resource_group/module.tf line 15, in resource "azurerm_resource_group" "rg":
│   15:   location = var.global_settings.regions[lookup(var.settings, "region", var.global_settings.default_region)]
│     ├────────────────
│     │ var.global_settings.default_region is "region1"
│     │ var.global_settings.regions is null
│     │ var.settings is object with 1 attribute "name"
│ 
│ This value is null, so it does not have any indices.
╵
╷
│ Error: Invalid index
│ 
│   on /home/vscode/.terraform.cache/modules/solution/modules/security/keyvault_access_policies/policies.tf line 48, in module "azuread_group":
│   48:   object_id     = try(each.value.lz_key, null) == null ? var.azuread_groups[var.client_config.landingzone_key][each.value.azuread_group_key].id : var.azuread_groups[each.value.lz_key][each.value.azuread_group_key].id
│     ├────────────────
│     │ each.value.azuread_group_key is "keyvault_level1_rw"
│     │ each.value.lz_key is "launchpad"
│     │ var.azuread_groups is object with 4 attributes
│ 
│ The given key does not identify an element in this collection value.
╵
╷
│ Error: Invalid index
│ 
│   on /home/vscode/.terraform.cache/modules/solution/modules/security/keyvault_access_policies/policies.tf line 48, in module "azuread_group":
│   48:   object_id     = try(each.value.lz_key, null) == null ? var.azuread_groups[var.client_config.landingzone_key][each.value.azuread_group_key].id : var.azuread_groups[each.value.lz_key][each.value.azuread_group_key].id
│     ├────────────────
│     │ each.value.azuread_group_key is "keyvault_level1_rw"
│     │ each.value.lz_key is "launchpad"
│     │ var.azuread_groups is object with 4 attributes
│ 
│ The given key does not identify an element in this collection value.
╵
╷
│ Error: Invalid index
│ 
│   on /home/vscode/.terraform.cache/modules/solution/modules/security/keyvault_access_policies/policies.tf line 48, in module "azuread_group":
│   48:   object_id     = try(each.value.lz_key, null) == null ? var.azuread_groups[var.client_config.landingzone_key][each.value.azuread_group_key].id : var.azuread_groups[each.value.lz_key][each.value.azuread_group_key].id
│     ├────────────────
│     │ each.value.azuread_group_key is "keyvault_level1_rw"
│     │ each.value.lz_key is "launchpad"
│     │ var.azuread_groups is object with 4 attributes
│ 
│ The given key does not identify an element in this collection value.
╵
╷
│ Error: Invalid index
│ 
│   on /home/vscode/.terraform.cache/modules/solution/modules/security/keyvault_access_policies/policies.tf line 48, in module "azuread_group":
│   48:   object_id     = try(each.value.lz_key, null) == null ? var.azuread_groups[var.client_config.landingzone_key][each.value.azuread_group_key].id : var.azuread_groups[each.value.lz_key][each.value.azuread_group_key].id
│     ├────────────────
│     │ each.value.azuread_group_key is "keyvault_level1_rw"
│     │ each.value.lz_key is "launchpad"
│     │ var.azuread_groups is object with 4 attributes
│ 
│ The given key does not identify an element in this collection value.
╵
╷
│ Error: Invalid index
│ 
│   on /home/vscode/.terraform.cache/modules/solution/modules/security/keyvault_access_policies/policies.tf line 48, in module "azuread_group":
│   48:   object_id     = try(each.value.lz_key, null) == null ? var.azuread_groups[var.client_config.landingzone_key][each.value.azuread_group_key].id : var.azuread_groups[each.value.lz_key][each.value.azuread_group_key].id
│     ├────────────────
│     │ each.value.azuread_group_key is "keyvault_level1_rw"
│     │ each.value.lz_key is "launchpad"
│     │ var.azuread_groups is object with 4 attributes
│ 
│ The given key does not identify an element in this collection value.

Expected behavior
Level 1 deploy success

Screenshots
If applicable, add screenshots to help explain your problem.

Environment (please complete the following information):

• OS: macOS
• Rover Version: aztfmod/rover:1.0.1-2106.3012

Additional context
Add any other context about the problem here.

[kgibson-insight]

resolved

│ Error: Attempt to index null value
│ 
│   on /home/vscode/.terraform.cache/modules/solution/modules/resource_group/module.tf line 15, in resource "azurerm_resource_group" "rg":
│   15:   location = var.global_settings.regions[lookup(var.settings, "region", var.global_settings.default_region)]
│     ├────────────────
│     │ var.global_settings.default_region is "region1"
│     │ var.global_settings.regions is null
│     │ var.settings is object with 1 attribute "name"
│ 
│ This value is null, so it does not have any indices.

by adding

global_settings = {
  regions = {
    region1 = "my_region_1"
    region2 = "my_region_2"
  }
}

to ../level1/gitops/azure_devops_agents_vm/landingzone.tfvars

[kgibson-insight]

still getting error

│ Error: Invalid index
│ 
│   on /home/vscode/.terraform.cache/modules/solution/modules/security/keyvault_access_policies/policies.tf line 48, in module "azuread_group":
│   48:   object_id     = try(each.value.lz_key, null) == null ? var.azuread_groups[var.client_config.landingzone_key][each.value.azuread_group_key].id : var.azuread_groups[each.value.lz_key][each.value.azuread_group_key].id
│     ├────────────────
│     │ each.value.azuread_group_key is "keyvault_level1_rw"
│     │ each.value.lz_key is "launchpad"
│     │ var.azuread_groups is object with 4 attributes
│ 
│ The given key does not identify an element in this collection value.

I don't fully understand this error message nor how var.client_config.landingzone_key gets populated.

[pmatthews05]

It should be reading in the regions from what was set from the level0 state file. You shouldn't need to re-add global settings to level1.

Is your level0 state file name matching the landingzone state file name in landingzones.tfvars file?
https://github.com/Azure/caf-terraform-landingzones-starter/blob/starter/configuration/sandpit/level1/gitops/azure_devops_agents_vm/landingzone.tfvars#L9

Currently I have a pull request, where I re-wrote instructions to deploy sandpit with pipelines, level 0 - 3. Couldn't get level4 deployed so haven't included it yet.

This pull request also contains changes to some other files to get the pipelines to work.