Merge pull request #322 from recognizegroup/develop

v3.3.0 release

.github/dependabot.yml

@@ -332,6 +332,11 @@ updates:
     schedule:
       interval: "daily"
 
+  - package-ecosystem: "terraform"
+    directory: "/modules/azure/mysql_flexible_server_public"
+    schedule:
+      interval: "daily"
+
   - package-ecosystem: "terraform"
     directory: "/modules/azure/network_security_group"
     schedule:
@@ -342,6 +347,11 @@ updates:
     schedule:
       interval: "daily"
 
+  - package-ecosystem: "terraform"
+    directory: "/modules/azure/postgresql_public"
+    schedule:
+      interval: "daily"
+
   - package-ecosystem: "terraform"
     directory: "/modules/azure/private_dns_zone"
     schedule:
@@ -501,3 +511,28 @@ updates:
     directory: "/modules/other/password_generator"
     schedule:
       interval: "daily"
+
+  - package-ecosystem: "terraform"
+    directory: "/modules/kubernetes/configmap"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "terraform"
+    directory: "/modules/kubernetes/deployment_with_service"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "terraform"
+    directory: "/modules/kubernetes/ingress"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "terraform"
+    directory: "/modules/kubernetes/secret"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "terraform"
+    directory: "/modules/kubernetes/pvc"
+    schedule:
+      interval: "daily"

.github/workflows/dummy-code-scanning.yaml

@@ -0,0 +1,32 @@
+name: "Dummy Code Scanning"
+
+on:
+  push:
+    branches: [ develop ]
+
+jobs:
+  code-scanning-dummy:
+    name: Perform code scanning (Dummy) - Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: javascript
+          packs: codeql/javascript-queries
+
+      # Autobuild the language if possible
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

.github/workflows/validate.yaml

@@ -1,8 +1,9 @@
 name: Validate
 on:
-  push:
+  pull_request:
     branches:
-      - '**'
+      - main
+      - develop
 
 jobs:
   validate-terraform:

CHANGELOG.md

@@ -5,6 +5,36 @@ All notable changes to this project will be documented in this file.
 The format is based on [Common Changelog](https://common-changelog.org),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.3.0] - 2023-05-15
+
+### Changed
+
+- `azure/mysql_flexible_server`: Change default of variable `backup_retention_days` from `7` to `30` ([#313](https://github.com/recognizegroup/terraform/pull/313)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489))
+
+### Added
+
+- `azure/service_plan`: Add variable `scaling_rules` ([#309](https://github.com/recognizegroup/terraform/pull/309), [#312](https://github.com/recognizegroup/terraform/pull/312)) ([`fd0039e3`](https://github.com/recognizegroup/terraform/commit/fd0039e3), [`4fdb7698`](https://github.com/recognizegroup/terraform/commit/4fdb7698))
+- `azure/storage_account_public`: Add variable `auto_delete_rules` ([#310](https://github.com/recognizegroup/terraform/pull/310)) ([`d0eb9139`](https://github.com/recognizegroup/terraform/commit/d0eb9139))
+- `azure/api_management_api`: Add variable `custom_backend_policy` ([#311](https://github.com/recognizegroup/terraform/pull/311), [#314](https://github.com/recognizegroup/terraform/pull/314)) ([`37b46fd7`](https://github.com/recognizegroup/terraform/commit/37b46fd7), [`385a1af1`](https://github.com/recognizegroup/terraform/commit/385a1af1))
+- Add module `azure/mysql_flexible_server_public` ([#313](https://github.com/recognizegroup/terraform/pull/313), [#320](https://github.com/recognizegroup/terraform/pull/320)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489), [`cd6ca71d`](https://github.com/recognizegroup/terraform/commit/cd6ca71d))
+- Add module `azure/postgresql_public` ([#313](https://github.com/recognizegroup/terraform/pull/313), [#320](https://github.com/recognizegroup/terraform/pull/320)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489), [`cd6ca71d`](https://github.com/recognizegroup/terraform/commit/cd6ca71d))
+- Add module `kubernetes/configmap` ([#313](https://github.com/recognizegroup/terraform/pull/313)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489))
+- Add module `kubernetes/deployment_with_service` ([#313](https://github.com/recognizegroup/terraform/pull/313), [#321](https://github.com/recognizegroup/terraform/pull/321)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489), [`383bdda5`](https://github.com/recognizegroup/terraform/commit/383bdda5))
+- Add module `kubernetes/ingress` ([#313](https://github.com/recognizegroup/terraform/pull/313)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489))
+- Add module `kubernetes/pvc` ([#313](https://github.com/recognizegroup/terraform/pull/313)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489))
+- Add module `kubernetes/secret` ([#313](https://github.com/recognizegroup/terraform/pull/313)) ([`06870489`](https://github.com/recognizegroup/terraform/commit/06870489))
+- `azure/logic_app_standard`: Add variable `identity_ids` ([#317](https://github.com/recognizegroup/terraform/pull/317)) ([`ab4272ad`](https://github.com/recognizegroup/terraform/commit/ab4272ad), [`b6d06c84`](https://github.com/recognizegroup/terraform/commit/b6d06c84))
+- `other/password_generator`: Add variables `min_lower`, `min_upper`, `min_numeric`, `min_special` ([#320](https://github.com/recognizegroup/terraform/pull/320)) ([`cd6ca71d`](https://github.com/recognizegroup/terraform/commit/cd6ca71d), [`bd78f656`](https://github.com/recognizegroup/terraform/commit/bd78f656))
+
+### Fixed
+
+- `azure/logic_app_standard`: Fix deployment bug caused by [hashicorp/terraform-provider-archive#40](https://github.com/hashicorp/terraform-provider-archive/issues/40) ([#316](https://github.com/recognizegroup/terraform/pull/316)) ([`cdae9fcb`](https://github.com/recognizegroup/terraform/commit/cdae9fcb))
+- `azure/mssql`: Fix bug where random_password could generate a password with only one type of character be it lowercase, uppercase, numeric or special ([#320](https://github.com/recognizegroup/terraform/pull/320)) ([`cd6ca71d`](https://github.com/recognizegroup/terraform/commit/cd6ca71d))
+- `azure/mysql`: Fix bug where random_password could generate a password with only one type of character be it lowercase, uppercase, numeric or special ([#320](https://github.com/recognizegroup/terraform/pull/320)) ([`cd6ca71d`](https://github.com/recognizegroup/terraform/commit/cd6ca71d))
+- `azure/mysql_flexible_server`: Fix bug where random_password could generate a password with only one type of character be it lowercase, uppercase, numeric or special ([#320](https://github.com/recognizegroup/terraform/pull/320)) ([`cd6ca71d`](https://github.com/recognizegroup/terraform/commit/cd6ca71d))
+- `azure/postgresql`: Fix bug where random_password could generate a password with only one type of character be it lowercase, uppercase, numeric or special ([#320](https://github.com/recognizegroup/terraform/pull/320)) ([`cd6ca71d`](https://github.com/recognizegroup/terraform/commit/cd6ca71d))
+- `azure/synapse_workspace`: Fix bug where random_password could generate a password with only one type of character be it lowercase, uppercase, numeric or special ([#320](https://github.com/recognizegroup/terraform/pull/320)) ([`cd6ca71d`](https://github.com/recognizegroup/terraform/commit/cd6ca71d))
+
 ## [3.2.0] - 2023-04-11
 
 ### Changed
@@ -89,6 +119,7 @@ _If you are upgrading: please see [UPGRADE_3.0.md](UPGRADE_3.0.md)._
 - **Breaking:** Remove module `azure/monitoring`, replace with `azure/azure/monitoring_action_group` and `azure/monitoring_log_analytics_alert` ([#268](https://github.com/recognizegroup/terraform/pull/268)) ([`5bd013c1`](https://github.com/recognizegroup/terraform/commit/5bd013c1))
 - **Breaking:** Remove module `azure/api_connectors/storage_account`, replace with `azure/api_connectors/storage_blob` and `azure/api_connectors/storage_table` ([#276](https://github.com/recognizegroup/terraform/pull/276)) ([`7a483886`](https://github.com/recognizegroup/terraform/commit/7a483886))
 
+[3.3.0]: https://github.com/recognizegroup/terraform/releases/tag/v3.3.0
 [3.2.0]: https://github.com/recognizegroup/terraform/releases/tag/v3.2.0
 [3.1.0]: https://github.com/recognizegroup/terraform/releases/tag/v3.1.0
 [3.0.0]: https://github.com/recognizegroup/terraform/releases/tag/v3.0.0

modules/azure/api_management_api/main.tf

@@ -185,11 +185,19 @@ resource "azurerm_api_management_api_policy" "api_policy" {
     %{endif}
   </inbound>
 
+  <backend>    
+    %{if var.custom_backend_policy != null}
+    ${var.custom_backend_policy}
+    %{else}
+    <base />
+    %{endif}
+  </backend>
+
   <outbound> 
     <base />
-      %{if var.custom_outbound_policy != null}
-      ${var.custom_outbound_policy}
-      %{endif}
+    %{if var.custom_outbound_policy != null}
+    ${var.custom_outbound_policy}
+    %{endif}
   </outbound>
 </policies>
 XML

modules/azure/api_management_api/variables.tf

@@ -210,3 +210,9 @@ variable "custom_outbound_policy" {
   description = "Additional outbound xml policies"
   default     = null
 }
+
+variable "custom_backend_policy" {
+  type        = string
+  description = "Additional backend xml policies"
+  default     = null
+}

modules/azure/logic_app_standard/main.tf

@@ -22,6 +22,11 @@ provider "azurerm" {
 provider "archive" {
 }
 
+locals {
+  identity_type = var.use_managed_identity && length(var.identity_ids) > 0 ? "SystemAssigned, UserAssigned" : var.use_managed_identity ? "SystemAssigned" : length(var.identity_ids) > 0 ? "UserAssigned" : null
+  is_linux      = length(regexall("/home/", lower(abspath(path.root)))) > 0
+}
+
 resource "azurerm_logic_app_standard" "app" {
   name                = var.logic_app_name
   location            = var.location
@@ -31,9 +36,10 @@ resource "azurerm_logic_app_standard" "app" {
   version             = var.logic_app_version
 
   dynamic "identity" {
-    for_each = var.use_managed_identity ? [1] : []
+    for_each = local.identity_type != null ? [1] : []
     content {
-      type = "SystemAssigned"
+      type         = local.identity_type
+      identity_ids = var.identity_ids
     }
   }
 
@@ -54,11 +60,26 @@ resource "azurerm_logic_app_standard" "app" {
   virtual_network_subnet_id  = var.integration_subnet_id
 }
 
-# First, create a zip file containing the workflow
-data "archive_file" "workflow" {
+# First, create a check.zip with archive_file to check diffs (this step is required)
+# replacing this step by checking of deploy.zip created by local-exec doesn't work
+# because local-exec is not executed during 'plan' so it would take old deploy.zip
+data "archive_file" "check_zip" {
   type        = "zip"
   source_dir  = var.workflows_source_path
-  output_path = "${path.module}/files/deploy.zip"
+  output_path = "${path.module}/files/check.zip"
+}
+
+resource "null_resource" "zip_logic_app" {
+  depends_on = [data.archive_file.check_zip]
+
+  triggers = {
+    deploy = data.archive_file.check_zip.output_sha
+  }
+  # if check.zip file changes, create deploy.zip file
+  provisioner "local-exec" {
+    interpreter = local.is_linux ? ["bash", "-c"] : ["PowerShell", "-Command"]
+    command     = local.is_linux ? "cd ${path.module} && mkdir -p files && cd ${var.workflows_source_path} && zip -rq $OLDPWD/files/deploy.zip ." : "New-Item -Path \"${path.module}\" -Name \"files\" -ItemType \"directory\" -Force; Compress-Archive -Path \"${var.workflows_source_path}\\*\" -DestinationPath \"${path.module}\\files\\deploy.zip\""
+  }
 }
 
 # After the logic app is created, start a deployment using the Azure CLI
@@ -70,11 +91,14 @@ data "archive_file" "workflow" {
 # deployment to make sure the app settings are available before the deployment is started.
 
 resource "time_sleep" "wait_for_app_settings" {
-  depends_on      = [azurerm_logic_app_standard.app]
+  depends_on = [
+    azurerm_logic_app_standard.app,
+    null_resource.zip_logic_app
+  ]
   create_duration = "${var.deployment_wait_timeout}s"
 
   triggers = {
-    time = timestamp()
+    deploy = data.archive_file.check_zip.output_sha
   }
 }
 
@@ -83,7 +107,7 @@ resource "null_resource" "install-extension" {
   depends_on = [time_sleep.wait_for_app_settings]
 
   triggers = {
-    deploy = data.archive_file.workflow.output_sha
+    deploy = data.archive_file.check_zip.output_sha
   }
 
   provisioner "local-exec" {
@@ -99,10 +123,10 @@ resource "null_resource" "deploy" {
   depends_on = [null_resource.install-extension]
 
   triggers = {
-    deploy = data.archive_file.workflow.output_sha
+    deploy = data.archive_file.check_zip.output_sha
   }
 
   provisioner "local-exec" {
-    command = "az logicapp deployment source config-zip --name ${var.logic_app_name} --resource-group ${var.resource_group_name} --subscription ${data.azurerm_subscription.current.display_name} --src ${data.archive_file.workflow.output_path}"
+    command = "az logicapp deployment source config-zip --name ${var.logic_app_name} --resource-group ${var.resource_group_name} --subscription ${data.azurerm_subscription.current.display_name} --src ${path.module}/files/deploy.zip"
   }
 }

modules/azure/logic_app_standard/outputs.tf

@@ -1,5 +1,5 @@
 output "principal_id" {
-  value = var.use_managed_identity ? azurerm_logic_app_standard.app.identity[0].principal_id : null
+  value = length(azurerm_logic_app_standard.app.identity) > 0 ? azurerm_logic_app_standard.app.identity[0].principal_id : null
 }
 
 output "name" {

modules/azure/logic_app_standard/variables.tf

@@ -36,10 +36,16 @@ variable "enabled" {
 
 variable "use_managed_identity" {
   type        = bool
-  description = "Use Managed Identity for this logic app"
+  description = "Use System Assigned Managed Identity for this logic app"
   default     = false
 }
 
+variable "identity_ids" {
+  type        = list(string)
+  description = "User Assigned Managed Identity ids for this logic app"
+  default     = []
+}
+
 variable "app_settings" {
   type        = map(string)
   description = "A map of key/value pairs to be used as application settings for the logic app."

modules/azure/mssql/main.tf

@@ -22,6 +22,10 @@ resource "random_password" "mssql_admin_password" {
   special          = true
   override_special = "_%@"
   keepers          = var.password_keeper
+  min_lower        = 1
+  min_upper        = 1
+  min_numeric      = 1
+  min_special      = 1
 }
 
 resource "azurerm_mssql_server" "mssql_server" {

modules/azure/mysql/main.tf

@@ -20,6 +20,10 @@ resource "random_password" "mysql_admin_password" {
   special          = true
   override_special = "_%@"
   keepers          = var.password_keeper
+  min_lower        = 1
+  min_upper        = 1
+  min_numeric      = 1
+  min_special      = 1
 }
 
 resource "azurerm_mysql_server" "mysql_server" {

modules/azure/mysql_flexible_server/main.tf

@@ -20,6 +20,10 @@ resource "random_password" "mysql_admin_password" {
   special          = true
   override_special = "_%@"
   keepers          = var.password_keeper
+  min_lower        = 1
+  min_upper        = 1
+  min_numeric      = 1
+  min_special      = 1
 }
 
 resource "azurerm_mysql_flexible_server" "mysql_flexible_server" {

modules/azure/mysql_flexible_server/variables.tf

@@ -45,7 +45,7 @@ variable "storage_auto_grow_enabled" {
 variable "backup_retention_days" {
   type        = number
   description = "Backup retention days for the mysql server."
-  default     = 7
+  default     = 30
 }
 
 variable "geo_redundant_backup_enabled" {
@@ -101,4 +101,4 @@ variable "slow_query_log" {
 variable "private_dns_zone_id" {
   type        = string
   description = "ID of the private dns zone"
-}
+}