I'm building Terraform automation that deploys a windows VM and then has the VM download an executable to install an agent locally on it from a URL. I'm hitting the TLS / SSL secure channel issue when I use PowerShell within the Terraform Azure VM extension for Windows. I've identified the PowerShell commands I need to call to stop the error. My issue is that I can't fit all of these lines into the "commandToExecute" successfully and then run Invoke-Webrequest with the URL and my additional command to silently install the agent. I've tried building them as locals using heredoc and then concatenating the variables but received "contains an invalid JSON invalid character ' r' in string literal" . I've tried using the FileURI option in the extension as well and putting a PowerShell script on Github for the VM to download and run, but getting the same SSL / TLS channel errors via this method. Below is an example of the code:
`locals {
powershell_1 = <<EOT
"add-type @'
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem)
{
return true;
}
}
'@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy}"
EOT
powershell_2 = "Invoke-WebRequest -uri 'https://${var.guardi-aggr-ip}/windows_installer.exe?profile=azure' -outfile C:\\Windows\\Temp\\installer.exe"
powershell_3 = "Invoke-Expression -Command 'C:\\Windows\\Temp\\Installer.exe /a ${var.guardi-aggr-ip} /p ${var.agent_install_password} /installation-profile azure'"
powershell_config = "${local.powershell_1}; ${local.powershell_2}; ${local.powershell_3}"
}
settings = <<SETTINGS
{
"commandToExecute": "powershell.exe -command "${local.powershell_config}
}
SETTINGS`
Is it possible to run a multi-line powershell command via the Terraform Azure extensions? Or would there be a better way to automate this with Terraform? I'm aware this can be done with local-exec and using WinRM but trying to avoid that scenario and not have to open additional firewall ports on the windows VMs deployed.
