From 79cb02d719604c6124c6d308daf4a3fa606543ac Mon Sep 17 00:00:00 2001 From: Michal Pipal Date: Fri, 6 Oct 2023 15:19:58 +0200 Subject: [PATCH 01/99] Added outputs for Service Bus and Log Analytics --- modules/azure/log_analytics_workspace/outputs.tf | 5 +++++ modules/azure/service_bus_public/outputs.tf | 6 +++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/modules/azure/log_analytics_workspace/outputs.tf b/modules/azure/log_analytics_workspace/outputs.tf index ca9bfab6..054ec37a 100644 --- a/modules/azure/log_analytics_workspace/outputs.tf +++ b/modules/azure/log_analytics_workspace/outputs.tf @@ -10,3 +10,8 @@ output "workspace_id" { value = azurerm_log_analytics_workspace.workspace.workspace_id } +output "primary_key" { + value = azurerm_log_analytics_workspace.workspace.primary_shared_key + sensitive = true +} + diff --git a/modules/azure/service_bus_public/outputs.tf b/modules/azure/service_bus_public/outputs.tf index 860cc827..6e347c84 100644 --- a/modules/azure/service_bus_public/outputs.tf +++ b/modules/azure/service_bus_public/outputs.tf @@ -14,4 +14,8 @@ output "primary_access_key" { output "primary_access_connection_string" { value = azurerm_servicebus_namespace.service_bus.default_primary_connection_string sensitive = true -} \ No newline at end of file +} + +output "endpoint" { + value = azurerm_servicebus_namespace.service_bus.endpoint +} From fa2d5b36a39ad7f896375e56a28b2946efc3aa66 Mon Sep 17 00:00:00 2001 From: Tom Reinders Date: Fri, 6 Oct 2023 15:44:06 +0200 Subject: [PATCH 02/99] Clean up during validate --- validate/validate.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/validate/validate.sh b/validate/validate.sh index 40ed50fc..7a6dea93 100755 --- a/validate/validate.sh +++ b/validate/validate.sh @@ -11,6 +11,8 @@ find ./modules -name "*.tf" -exec dirname {} + | sort | uniq | while read -r lin cd "$line" || exit terraform init terraform validate + rm -r .terraform + rm .terraform.lock.hcl cd - || exit rm "$line/main_override.tf" done From 7c2d0010993f3821d8aa493a746bab4258a8bb70 Mon Sep 17 00:00:00 2001 From: Michal Pipal Date: Sun, 15 Oct 2023 22:45:15 +0200 Subject: [PATCH 03/99] Added Azure module for private link --- modules/azure/private_endpoint/main.tf | 35 ++++++++++++++++ modules/azure/private_endpoint/outputs.tf | 3 ++ modules/azure/private_endpoint/variables.tf | 45 +++++++++++++++++++++ 3 files changed, 83 insertions(+) create mode 100644 modules/azure/private_endpoint/main.tf create mode 100644 modules/azure/private_endpoint/outputs.tf create mode 100644 modules/azure/private_endpoint/variables.tf diff --git a/modules/azure/private_endpoint/main.tf b/modules/azure/private_endpoint/main.tf new file mode 100644 index 00000000..29aeac70 --- /dev/null +++ b/modules/azure/private_endpoint/main.tf @@ -0,0 +1,35 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.48" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features {} +} + +resource "azurerm_private_endpoint" "private_endpoint" { + name = var.name + location = var.location + resource_group_name = var.resource_group_name + subnet_id = var.subnet_id + + private_service_connection { + name = var.private_connection_name + private_connection_resource_id = var.private_connection_resource_id + subresource_names = [var.private_connection_resource_subresource_type] + is_manual_connection = false + } + + private_dns_zone_group { + name = var.private_dns_zone_group_name + private_dns_zone_ids = [var.private_dns_zone_id] + } +} diff --git a/modules/azure/private_endpoint/outputs.tf b/modules/azure/private_endpoint/outputs.tf new file mode 100644 index 00000000..1330f117 --- /dev/null +++ b/modules/azure/private_endpoint/outputs.tf @@ -0,0 +1,3 @@ +output "private_endpoint_id" { + value = azurerm_private_endpoint.private_endpoint.id +} diff --git a/modules/azure/private_endpoint/variables.tf b/modules/azure/private_endpoint/variables.tf new file mode 100644 index 00000000..49411ed1 --- /dev/null +++ b/modules/azure/private_endpoint/variables.tf @@ -0,0 +1,45 @@ +variable "name" { + type = string + description = "Name of the Private Endpoint" +} + +variable "location" { + type = string + description = "A datacenter location in Azure." +} + +variable "resource_group_name" { + type = string + description = "Name of the resource group." +} + +variable "private_connection_resource_id" { + type = string + description = "The ID of the resource where the connection should be made to." +} + +variable "private_connection_resource_subresource_type" { + type = string + description = "The subresource type of the resource where the connection should be made to." +} + +variable "subnet_id" { + type = string + description = "The Id of the subnet" +} + +variable "private_connection_name" { + type = string + description = "The name of the private connection name" +} + +variable "private_dns_zone_id" { + type = string + description = "The ID of the private DNS zone." +} + +variable "private_dns_zone_group_name" { + type = string + description = "The name of the private DNS zone group." + default = "deployedByPolicy" +} From 73c87dca94676923b1e5ae943faa0cb3d11b4ff9 Mon Sep 17 00:00:00 2001 From: PatrikKovacs Date: Mon, 16 Oct 2023 08:23:02 +0200 Subject: [PATCH 04/99] Adding changes to support changes for logic app sets --- .../connection.json | 49 +++++++++++++++++++ .../service_bus_managed_identity_set/main.tf | 37 ++++++++++++++ .../outputs.tf | 3 ++ .../variables.tf | 19 +++++++ modules/azure/iam_set/main.tf | 37 ++++++++++++++ modules/azure/iam_set/variables.tf | 13 +++++ modules/azure/logic_app_set/main.tf | 7 +++ modules/azure/logic_app_set/outputs.tf | 6 +++ modules/azure/logic_app_set/variables.tf | 6 +++ 9 files changed, 177 insertions(+) create mode 100644 modules/azure/api_connectors/service_bus_managed_identity_set/connection.json create mode 100644 modules/azure/api_connectors/service_bus_managed_identity_set/main.tf create mode 100644 modules/azure/api_connectors/service_bus_managed_identity_set/outputs.tf create mode 100644 modules/azure/api_connectors/service_bus_managed_identity_set/variables.tf create mode 100644 modules/azure/iam_set/main.tf create mode 100644 modules/azure/iam_set/variables.tf diff --git a/modules/azure/api_connectors/service_bus_managed_identity_set/connection.json b/modules/azure/api_connectors/service_bus_managed_identity_set/connection.json new file mode 100644 index 00000000..cf79e8c7 --- /dev/null +++ b/modules/azure/api_connectors/service_bus_managed_identity_set/connection.json @@ -0,0 +1,49 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "String", + "metadata": { + "description": "location" + } + }, + "service_bus_connection_name": { + "type": "String", + "metadata": { + "description": "Name to use for this connection" + } + }, + "service_bus_namespace_endpoint": { + "type": "String", + "metadata": { + "description": "Service Bus namespace" + } + } + }, + "resources": [ + { + "type": "Microsoft.Web/connections", + "apiVersion": "2018-07-01-preview", + "name": "[parameters('service_bus_connection_name')]", + "location": "[parameters('location')]", + "kind": "V1", + "properties": { + "displayName": "Service Bus", + "api": { + "name": "servicebus", + "id": "[format('{0}/providers/Microsoft.Web/locations/{1}/managedApis/servicebus', subscription().id, parameters('location'))]" + }, + "alternativeParameterValues": {}, + "parameterValueSet": { + "name": "managedIdentityAuth", + "values": { + "namespaceEndpoint": { + "value": "[parameters('service_bus_namespace_endpoint')]" + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/modules/azure/api_connectors/service_bus_managed_identity_set/main.tf b/modules/azure/api_connectors/service_bus_managed_identity_set/main.tf new file mode 100644 index 00000000..99558b30 --- /dev/null +++ b/modules/azure/api_connectors/service_bus_managed_identity_set/main.tf @@ -0,0 +1,37 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.48" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group_template_deployment" "service_bus_managed_identity" { + for_each = var.connection_names + + name = "${each.value}_deployment" + resource_group_name = var.resource_group_name + + template_content = file("./connection.json") + parameters_content = jsonencode({ + "service_bus_connection_name" = { + value = each.value + } + "service_bus_namespace_endpoint" = { + value = var.service_bus_namespace_endpoint + } + "location" = { + value = var.location + } + }) + deployment_mode = "Incremental" +} diff --git a/modules/azure/api_connectors/service_bus_managed_identity_set/outputs.tf b/modules/azure/api_connectors/service_bus_managed_identity_set/outputs.tf new file mode 100644 index 00000000..abe4bd9f --- /dev/null +++ b/modules/azure/api_connectors/service_bus_managed_identity_set/outputs.tf @@ -0,0 +1,3 @@ +output "names" { + value = var.connection_names +} \ No newline at end of file diff --git a/modules/azure/api_connectors/service_bus_managed_identity_set/variables.tf b/modules/azure/api_connectors/service_bus_managed_identity_set/variables.tf new file mode 100644 index 00000000..1e8e0a77 --- /dev/null +++ b/modules/azure/api_connectors/service_bus_managed_identity_set/variables.tf @@ -0,0 +1,19 @@ +variable "resource_group_name" { + type = string + description = "Resource group the connection should be placed in" +} + +variable "connection_names" { + type = set(string) + description = "The names for the connection" +} + +variable "service_bus_namespace_endpoint" { + type = string + description = "The namespace endpoint for the connected service bus" +} + +variable "location" { + type = string + description = "The location of the connector, set by Azure if not provided and used to avoid deployment differences." +} diff --git a/modules/azure/iam_set/main.tf b/modules/azure/iam_set/main.tf new file mode 100644 index 00000000..1fa2f0bd --- /dev/null +++ b/modules/azure/iam_set/main.tf @@ -0,0 +1,37 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.48" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features {} +} + +locals { + role_assignments = flatten([ + for principal_key, principal_id in var.principals : + [ + for role in var.roles : { + scope = role.scope + role_definition_name = role.role_name + principal_id = principal_id + } + ] + ]) +} + +resource "azurerm_role_assignment" "role_assignment" { + for_each = { for idx, ra in local.role_assignments : idx => ra } + + scope = each.value.scope + role_definition_name = each.value.role_definition_name + principal_id = each.value.principal_id +} diff --git a/modules/azure/iam_set/variables.tf b/modules/azure/iam_set/variables.tf new file mode 100644 index 00000000..374e74ac --- /dev/null +++ b/modules/azure/iam_set/variables.tf @@ -0,0 +1,13 @@ +variable "roles" { + type = list(object({ + name = optional(string), + role_name = string, + scope = string, + })) + description = "List of role objects to apply roles on users given a certain scope." +} + +variable "principals" { + description = "Map of principals to assign roles to" + type = map(string) +} \ No newline at end of file diff --git a/modules/azure/logic_app_set/main.tf b/modules/azure/logic_app_set/main.tf index ee2ed6fd..d6c69fc8 100644 --- a/modules/azure/logic_app_set/main.tf +++ b/modules/azure/logic_app_set/main.tf @@ -24,6 +24,13 @@ resource "azurerm_logic_app_workflow" "workflow" { name = each.value.logic_app_name location = var.location resource_group_name = var.resource_group_name + + dynamic "identity" { + for_each = var.use_managed_identity ? [1] : [] + content { + type = "SystemAssigned" + } + } } // Deploy workflow as ARM template conditional when arm_template_path is specified diff --git a/modules/azure/logic_app_set/outputs.tf b/modules/azure/logic_app_set/outputs.tf index e69de29b..60842ddf 100644 --- a/modules/azure/logic_app_set/outputs.tf +++ b/modules/azure/logic_app_set/outputs.tf @@ -0,0 +1,6 @@ +output "principal_id" { + value = { + for key, workflow_instance in azurerm_logic_app_workflow.workflow : + key => var.use_managed_identity ? workflow_instance.identity[0].principal_id : null + } +} diff --git a/modules/azure/logic_app_set/variables.tf b/modules/azure/logic_app_set/variables.tf index 70aef306..7cda5abf 100644 --- a/modules/azure/logic_app_set/variables.tf +++ b/modules/azure/logic_app_set/variables.tf @@ -32,4 +32,10 @@ variable "logic_app_instances" { arm_parameters = any })) description = "Individual logic app configuration" +} + +variable "use_managed_identity" { + type = bool + description = "Use Managed Identity for this logic app" + default = false } \ No newline at end of file From dfa3d7ae174c614f96bcab59935bd9f4e146cea9 Mon Sep 17 00:00:00 2001 From: PatrikKovacs Date: Mon, 16 Oct 2023 09:30:03 +0200 Subject: [PATCH 05/99] Fix TF files --- .../service_bus_managed_identity_set/main.tf | 2 +- modules/azure/iam_set/main.tf | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/azure/api_connectors/service_bus_managed_identity_set/main.tf b/modules/azure/api_connectors/service_bus_managed_identity_set/main.tf index 99558b30..c3e9df6d 100644 --- a/modules/azure/api_connectors/service_bus_managed_identity_set/main.tf +++ b/modules/azure/api_connectors/service_bus_managed_identity_set/main.tf @@ -17,7 +17,7 @@ provider "azurerm" { resource "azurerm_resource_group_template_deployment" "service_bus_managed_identity" { for_each = var.connection_names - + name = "${each.value}_deployment" resource_group_name = var.resource_group_name diff --git a/modules/azure/iam_set/main.tf b/modules/azure/iam_set/main.tf index 1fa2f0bd..b3fa4cb1 100644 --- a/modules/azure/iam_set/main.tf +++ b/modules/azure/iam_set/main.tf @@ -20,10 +20,10 @@ locals { for principal_key, principal_id in var.principals : [ for role in var.roles : { - scope = role.scope - role_definition_name = role.role_name - principal_id = principal_id - } + scope = role.scope + role_definition_name = role.role_name + principal_id = principal_id + } ] ]) } From d7e5bd74b36b507ca136c75e828a71f58763e939 Mon Sep 17 00:00:00 2001 From: Michal Pipal Date: Mon, 16 Oct 2023 10:55:01 +0200 Subject: [PATCH 06/99] Single variables changed to array variables --- modules/azure/private_endpoint/main.tf | 4 ++-- modules/azure/private_endpoint/variables.tf | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/azure/private_endpoint/main.tf b/modules/azure/private_endpoint/main.tf index 29aeac70..63d8b2e1 100644 --- a/modules/azure/private_endpoint/main.tf +++ b/modules/azure/private_endpoint/main.tf @@ -24,12 +24,12 @@ resource "azurerm_private_endpoint" "private_endpoint" { private_service_connection { name = var.private_connection_name private_connection_resource_id = var.private_connection_resource_id - subresource_names = [var.private_connection_resource_subresource_type] + subresource_names = var.private_connection_subresource_names is_manual_connection = false } private_dns_zone_group { name = var.private_dns_zone_group_name - private_dns_zone_ids = [var.private_dns_zone_id] + private_dns_zone_ids = var.private_dns_zone_ids } } diff --git a/modules/azure/private_endpoint/variables.tf b/modules/azure/private_endpoint/variables.tf index 49411ed1..c8829879 100644 --- a/modules/azure/private_endpoint/variables.tf +++ b/modules/azure/private_endpoint/variables.tf @@ -18,9 +18,9 @@ variable "private_connection_resource_id" { description = "The ID of the resource where the connection should be made to." } -variable "private_connection_resource_subresource_type" { - type = string - description = "The subresource type of the resource where the connection should be made to." +variable "private_connection_subresource_names" { + type = set(string) + description = "The subresource names of the resource where the connection should be made to." } variable "subnet_id" { @@ -33,9 +33,9 @@ variable "private_connection_name" { description = "The name of the private connection name" } -variable "private_dns_zone_id" { - type = string - description = "The ID of the private DNS zone." +variable "private_dns_zone_ids" { + type = set(string) + description = "The IDs of the private DNS zones." } variable "private_dns_zone_group_name" { From c9917fa92c38ac5619c119a55223f8c0e6d73278 Mon Sep 17 00:00:00 2001 From: PatrikKovacs Date: Mon, 16 Oct 2023 14:13:30 +0200 Subject: [PATCH 07/99] Fixed PR comments --- modules/azure/iam_set/main.tf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/azure/iam_set/main.tf b/modules/azure/iam_set/main.tf index b3fa4cb1..68bcbfd4 100644 --- a/modules/azure/iam_set/main.tf +++ b/modules/azure/iam_set/main.tf @@ -23,13 +23,15 @@ locals { scope = role.scope role_definition_name = role.role_name principal_id = principal_id + role_name = role.name } ] ]) } resource "azurerm_role_assignment" "role_assignment" { - for_each = { for idx, ra in local.role_assignments : idx => ra } + for_each = { for ra in local.role_assignments : + "${ra.principal_id}_${ra.role_definition_name}${ra.role_name != null ? "_${ra.role_name}" : ""}" => ra } scope = each.value.scope role_definition_name = each.value.role_definition_name From 980d2caa7b7b2fc5861622253f09bbb945498942 Mon Sep 17 00:00:00 2001 From: Michal Pipal Date: Mon, 16 Oct 2023 15:00:01 +0200 Subject: [PATCH 08/99] Make is_manual_connection parameter configurable --- modules/azure/private_endpoint/main.tf | 2 +- modules/azure/private_endpoint/variables.tf | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/azure/private_endpoint/main.tf b/modules/azure/private_endpoint/main.tf index 63d8b2e1..597da763 100644 --- a/modules/azure/private_endpoint/main.tf +++ b/modules/azure/private_endpoint/main.tf @@ -25,7 +25,7 @@ resource "azurerm_private_endpoint" "private_endpoint" { name = var.private_connection_name private_connection_resource_id = var.private_connection_resource_id subresource_names = var.private_connection_subresource_names - is_manual_connection = false + is_manual_connection = var.is_manual_connection } private_dns_zone_group { diff --git a/modules/azure/private_endpoint/variables.tf b/modules/azure/private_endpoint/variables.tf index c8829879..c27209ea 100644 --- a/modules/azure/private_endpoint/variables.tf +++ b/modules/azure/private_endpoint/variables.tf @@ -23,6 +23,11 @@ variable "private_connection_subresource_names" { description = "The subresource names of the resource where the connection should be made to." } +variable "is_manual_connection" { + type = bool + description = "Specifies whether the connection must be approved manually" +} + variable "subnet_id" { type = string description = "The Id of the subnet" From e67b85945c214bd35f9348988fc1066edb33dde4 Mon Sep 17 00:00:00 2001 From: Michal Pipal Date: Mon, 16 Oct 2023 16:02:54 +0200 Subject: [PATCH 09/99] Added request_message pro Private Endpoint Connection --- modules/azure/private_endpoint/main.tf | 1 + modules/azure/private_endpoint/variables.tf | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/modules/azure/private_endpoint/main.tf b/modules/azure/private_endpoint/main.tf index 597da763..2b3fcbdb 100644 --- a/modules/azure/private_endpoint/main.tf +++ b/modules/azure/private_endpoint/main.tf @@ -26,6 +26,7 @@ resource "azurerm_private_endpoint" "private_endpoint" { private_connection_resource_id = var.private_connection_resource_id subresource_names = var.private_connection_subresource_names is_manual_connection = var.is_manual_connection + request_message = var.private_connection_request_message } private_dns_zone_group { diff --git a/modules/azure/private_endpoint/variables.tf b/modules/azure/private_endpoint/variables.tf index c27209ea..034ebda8 100644 --- a/modules/azure/private_endpoint/variables.tf +++ b/modules/azure/private_endpoint/variables.tf @@ -28,6 +28,11 @@ variable "is_manual_connection" { description = "Specifies whether the connection must be approved manually" } +variable "private_connection_request_message" { + type = string + description = "The message sent with manual connection request. Relevant only for manual connections" +} + variable "subnet_id" { type = string description = "The Id of the subnet" From 1b6c9c966f10552ceab265bde52c488fcd87999c Mon Sep 17 00:00:00 2001 From: Michal Pipal <73311540+pipalmic@users.noreply.github.com> Date: Mon, 16 Oct 2023 16:15:43 +0200 Subject: [PATCH 10/99] Make request_message optional Co-authored-by: tom-reinders --- modules/azure/private_endpoint/variables.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/azure/private_endpoint/variables.tf b/modules/azure/private_endpoint/variables.tf index 034ebda8..3330184c 100644 --- a/modules/azure/private_endpoint/variables.tf +++ b/modules/azure/private_endpoint/variables.tf @@ -31,6 +31,7 @@ variable "is_manual_connection" { variable "private_connection_request_message" { type = string description = "The message sent with manual connection request. Relevant only for manual connections" + default = null } variable "subnet_id" { From 2f74043d4614374dc6dba86c58c91e0bf8a5e720 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Nov 2023 06:39:32 +0000 Subject: [PATCH 11/99] Bump hashicorp/setup-terraform from 2 to 3 Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 2 to 3. - [Release notes](https://github.com/hashicorp/setup-terraform/releases) - [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/setup-terraform/compare/v2...v3) --- updated-dependencies: - dependency-name: hashicorp/setup-terraform dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/lint.yaml | 2 +- .github/workflows/validate.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index e012f86a..d4173b3d 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -10,7 +10,7 @@ jobs: name: Lint Terraform steps: - uses: actions/checkout@v4 - - uses: hashicorp/setup-terraform@v2 + - uses: hashicorp/setup-terraform@v3 with: terraform_wrapper: false - run: terraform fmt -check -diff -recursive diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml index c12a4145..8dca394e 100644 --- a/.github/workflows/validate.yaml +++ b/.github/workflows/validate.yaml @@ -11,7 +11,7 @@ jobs: name: Validate Terraform steps: - uses: actions/checkout@v4 - - uses: hashicorp/setup-terraform@v2 + - uses: hashicorp/setup-terraform@v3 with: terraform_wrapper: false - run: bash ./validate/validate.sh From 3f73471917b2c22b75c43a4ded1d4f232c735d15 Mon Sep 17 00:00:00 2001 From: Michal Pipal Date: Wed, 1 Nov 2023 16:29:33 +0100 Subject: [PATCH 12/99] Fixed VNET integration definition for Func Apps --- modules/azure/function_app_linux/main.tf | 8 ++++++++ modules/azure/function_app_linux_managed_identity/main.tf | 8 ++++++++ modules/azure/function_app_windows/main.tf | 8 ++++++++ 3 files changed, 24 insertions(+) diff --git a/modules/azure/function_app_linux/main.tf b/modules/azure/function_app_linux/main.tf index 09497b3d..a4d7a5f4 100644 --- a/modules/azure/function_app_linux/main.tf +++ b/modules/azure/function_app_linux/main.tf @@ -70,6 +70,14 @@ resource "azurerm_linux_function_app" "function_app" { identity { type = "SystemAssigned" } + + /* + * VNet integration is set by a separate resource 'vnet_integration' below, so this must be ignored, see 'NOTE on regional virtual network integration:' here + * https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_function_app + */ + lifecycle { + ignore_changes = [virtual_network_subnet_id] + } } # VNet integration diff --git a/modules/azure/function_app_linux_managed_identity/main.tf b/modules/azure/function_app_linux_managed_identity/main.tf index d767d27e..ef8f7de1 100644 --- a/modules/azure/function_app_linux_managed_identity/main.tf +++ b/modules/azure/function_app_linux_managed_identity/main.tf @@ -94,6 +94,14 @@ resource "azurerm_linux_function_app" "function_app" { identity { type = "SystemAssigned" } + + /* + * VNet integration is set by a separate resource 'vnet_integration' below, so this must be ignored, see 'NOTE on regional virtual network integration:' here + * https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_function_app + */ + lifecycle { + ignore_changes = [virtual_network_subnet_id] + } } diff --git a/modules/azure/function_app_windows/main.tf b/modules/azure/function_app_windows/main.tf index a7f4c485..1dbccea0 100644 --- a/modules/azure/function_app_windows/main.tf +++ b/modules/azure/function_app_windows/main.tf @@ -70,6 +70,14 @@ resource "azurerm_windows_function_app" "function_app" { identity { type = "SystemAssigned" } + + /* + * VNet integration is set by a separate resource below, so this must be ignored, see 'NOTE on regional virtual network integration:' here + * https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_function_app + */ + lifecycle { + ignore_changes = [virtual_network_subnet_id] + } } # Host keys From 0cc8c1c81e73fb53d50486fb9aa5a9c1e795d9eb Mon Sep 17 00:00:00 2001 From: Marian Kostal Date: Tue, 28 Nov 2023 12:50:17 +0100 Subject: [PATCH 13/99] Added Event Hubs API connector --- .../connection.json | 49 +++++++++++++++++++ .../event_hub_managed_identity/main.tf | 35 +++++++++++++ .../event_hub_managed_identity/outputs.tf | 3 ++ .../event_hub_managed_identity/variables.tf | 19 +++++++ 4 files changed, 106 insertions(+) create mode 100644 modules/azure/api_connectors/event_hub_managed_identity/connection.json create mode 100644 modules/azure/api_connectors/event_hub_managed_identity/main.tf create mode 100644 modules/azure/api_connectors/event_hub_managed_identity/outputs.tf create mode 100644 modules/azure/api_connectors/event_hub_managed_identity/variables.tf diff --git a/modules/azure/api_connectors/event_hub_managed_identity/connection.json b/modules/azure/api_connectors/event_hub_managed_identity/connection.json new file mode 100644 index 00000000..1db27e5b --- /dev/null +++ b/modules/azure/api_connectors/event_hub_managed_identity/connection.json @@ -0,0 +1,49 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "String", + "metadata": { + "description": "location" + } + }, + "event_hub_connection_name": { + "type": "String", + "metadata": { + "description": "Name to use for this connection" + } + }, + "event_hub_namespace_endpoint": { + "type": "String", + "metadata": { + "description": "Event Hub namespace" + } + } + }, + "resources": [ + { + "type": "Microsoft.Web/connections", + "apiVersion": "2018-07-01-preview", + "name": "[parameters('event_hub_connection_name')]", + "location": "[parameters('location')]", + "kind": "V1", + "properties": { + "displayName": "Event Hub", + "api": { + "name": "eventhubs", + "id": "[format('{0}/providers/Microsoft.Web/locations/{1}/managedApis/eventhubs', subscription().id, parameters('location'))]" + }, + "alternativeParameterValues": {}, + "parameterValueSet": { + "name": "managedIdentityAuth", + "values": { + "namespaceEndpoint": { + "value": "[parameters('event_hub_namespace_endpoint')]" + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/modules/azure/api_connectors/event_hub_managed_identity/main.tf b/modules/azure/api_connectors/event_hub_managed_identity/main.tf new file mode 100644 index 00000000..2217fd24 --- /dev/null +++ b/modules/azure/api_connectors/event_hub_managed_identity/main.tf @@ -0,0 +1,35 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.48" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group_template_deployment" "event_hub_managed_identity" { + name = "${var.connection_name}_deployment" + resource_group_name = var.resource_group_name + + template_content = file("./connection.json") + parameters_content = jsonencode({ + "event_hub_connection_name" = { + value = var.connection_name + } + "event_hub_namespace_endpoint" = { + value = var.event_hub_namespace_endpoint + } + "location" = { + value = var.location + } + }) + deployment_mode = "Incremental" +} diff --git a/modules/azure/api_connectors/event_hub_managed_identity/outputs.tf b/modules/azure/api_connectors/event_hub_managed_identity/outputs.tf new file mode 100644 index 00000000..e1e4f872 --- /dev/null +++ b/modules/azure/api_connectors/event_hub_managed_identity/outputs.tf @@ -0,0 +1,3 @@ +output "name" { + value = var.connection_name +} \ No newline at end of file diff --git a/modules/azure/api_connectors/event_hub_managed_identity/variables.tf b/modules/azure/api_connectors/event_hub_managed_identity/variables.tf new file mode 100644 index 00000000..61cc537b --- /dev/null +++ b/modules/azure/api_connectors/event_hub_managed_identity/variables.tf @@ -0,0 +1,19 @@ +variable "resource_group_name" { + type = string + description = "Resource group the connection should be placed in" +} + +variable "connection_name" { + type = string + description = "Name for the connection" +} + +variable "event_hub_namespace_endpoint" { + type = string + description = "The namespace endpoint for the connected Event Hub" +} + +variable "location" { + type = string + description = "The location of the connector, set by Azure if not provided and used to avoid deployment differences." +} From 9fc52a84d94298ed37b4a796b9720605a9171430 Mon Sep 17 00:00:00 2001 From: Michal Pipal Date: Sun, 10 Dec 2023 23:02:34 +0100 Subject: [PATCH 14/99] Added ip_restrictions & docker_registry_url to the App Service module --- modules/azure/web_app_linux/main.tf | 34 ++++++++++++++++-------- modules/azure/web_app_linux/variables.tf | 23 ++++++++++++++++ 2 files changed, 46 insertions(+), 11 deletions(-) diff --git a/modules/azure/web_app_linux/main.tf b/modules/azure/web_app_linux/main.tf index a5a9f1fd..20caf95b 100644 --- a/modules/azure/web_app_linux/main.tf +++ b/modules/azure/web_app_linux/main.tf @@ -23,19 +23,31 @@ resource "azurerm_linux_web_app" "web_app" { https_only = true site_config { - always_on = var.always_on - websockets_enabled = var.websockets_enabled - health_check_path = var.health_check_path - use_32_bit_worker = var.use_32_bit_worker - ftps_state = var.ftps_state - http2_enabled = true - minimum_tls_version = 1.2 + always_on = var.always_on + websockets_enabled = var.websockets_enabled + health_check_path = var.health_check_path + use_32_bit_worker = var.use_32_bit_worker + ftps_state = var.ftps_state + http2_enabled = true + minimum_tls_version = 1.2 + vnet_route_all_enabled = var.vnet_route_all_enabled application_stack { - dotnet_version = var.dotnet_version - docker_image_name = var.docker_image_name - docker_image = var.docker_image - docker_image_tag = var.docker_image_tag + dotnet_version = var.dotnet_version + docker_image_name = var.docker_image_name + docker_registry_url = var.docker_registry_url + docker_image = var.docker_image + docker_image_tag = var.docker_image_tag + } + + dynamic "ip_restriction" { + for_each = var.ip_restrictions + content { + action = ip_restriction.value.action + ip_address = ip_restriction.value.ip_address + name = ip_restriction.value.name + priority = ip_restriction.value.priority + } } } diff --git a/modules/azure/web_app_linux/variables.tf b/modules/azure/web_app_linux/variables.tf index 846e1b95..1b17a619 100644 --- a/modules/azure/web_app_linux/variables.tf +++ b/modules/azure/web_app_linux/variables.tf @@ -36,6 +36,12 @@ variable "dotnet_version" { default = null } +variable "docker_registry_url" { + type = string + description = "URL where to look for a Docker image for the web app." + default = null +} + variable "docker_image_name" { type = string description = "Docker image name and tag for the web app." @@ -112,6 +118,12 @@ variable "use_32_bit_worker" { default = false } +variable "vnet_route_all_enabled" { + type = string + description = "Should all outbound traffic have NAT Gateways, Network Security Groups and User Defined Routes applied?" + default = false +} + variable "ftps_state" { type = string description = "State of FTP / FTPS service for this Web App." @@ -130,3 +142,14 @@ variable "storage_mount" { description = "Storage container or share to be mount within web app instance(s). Note that container mounts are read-only." default = null } + +variable "ip_restrictions" { + type = set(object({ + action = optional(string, "Allow") + ip_address = string + name = string + priority = number + })) + description = "Specify IP addresses which are allowed to access the app" + default = [] +} From d6bfabbec512355ce0b88c4d636e474d75a4a8c2 Mon Sep 17 00:00:00 2001 From: Michal Pipal Date: Mon, 18 Dec 2023 08:55:29 +0100 Subject: [PATCH 15/99] Created a module for rewritable storage table rows --- .../storage_table_entities_rewritable/main.tf | 28 +++++++++++++++++++ .../variables.tf | 18 ++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 modules/azure/storage_table_entities_rewritable/main.tf create mode 100644 modules/azure/storage_table_entities_rewritable/variables.tf diff --git a/modules/azure/storage_table_entities_rewritable/main.tf b/modules/azure/storage_table_entities_rewritable/main.tf new file mode 100644 index 00000000..445f3ff7 --- /dev/null +++ b/modules/azure/storage_table_entities_rewritable/main.tf @@ -0,0 +1,28 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.48" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features {} +} + +resource "azurerm_storage_table_entity" "storage_table_entity" { + for_each = { for entity in var.rows : entity.row_key => entity } + + table_name = var.storage_table_name + storage_account_name = var.storage_account_name + + partition_key = each.value.partition_key + row_key = each.value.row_key + + entity = each.value.entity +} diff --git a/modules/azure/storage_table_entities_rewritable/variables.tf b/modules/azure/storage_table_entities_rewritable/variables.tf new file mode 100644 index 00000000..b0db70b2 --- /dev/null +++ b/modules/azure/storage_table_entities_rewritable/variables.tf @@ -0,0 +1,18 @@ +variable "storage_account_name" { + type = string + description = "Name of the storage account" +} + +variable "storage_table_name" { + type = string + description = "Name of the storage table" +} + +variable "rows" { + type = set(object({ + partition_key = string + row_key = string + entity = any + })) + description = "Rows to insert into the table. Every entry should contain a partition key, a row key and a set of properties. Rows are updated by TF if definition changes, rewriting whatever value is in Storage Table" +} From 153bacf583fecc8f0ffee656bdd4fa4bdcf3bb86 Mon Sep 17 00:00:00 2001 From: Patrik Kovacs <74901276+patrik-pa4k@users.noreply.github.com> Date: Tue, 19 Dec 2023 07:54:04 +0100 Subject: [PATCH 16/99] Adding new connectors: - arm (managed identity) - excel online - sharepoint online --- .../arm_managed_identity/connection.json | 36 +++++++++++++++++++ .../arm_managed_identity/main.tf | 33 +++++++++++++++++ .../arm_managed_identity/outputs.tf | 3 ++ .../arm_managed_identity/variables.tf | 14 ++++++++ .../excel_online/connection.json | 33 +++++++++++++++++ .../azure/api_connectors/excel_online/main.tf | 29 +++++++++++++++ .../api_connectors/excel_online/outputs.tf | 3 ++ .../api_connectors/excel_online/variables.tf | 9 +++++ .../sharepoint_online/connection.json | 33 +++++++++++++++++ .../api_connectors/sharepoint_online/main.tf | 29 +++++++++++++++ .../sharepoint_online/outputs.tf | 3 ++ .../sharepoint_online/variables.tf | 9 +++++ 12 files changed, 234 insertions(+) create mode 100644 modules/azure/api_connectors/arm_managed_identity/connection.json create mode 100644 modules/azure/api_connectors/arm_managed_identity/main.tf create mode 100644 modules/azure/api_connectors/arm_managed_identity/outputs.tf create mode 100644 modules/azure/api_connectors/arm_managed_identity/variables.tf create mode 100644 modules/azure/api_connectors/excel_online/connection.json create mode 100644 modules/azure/api_connectors/excel_online/main.tf create mode 100644 modules/azure/api_connectors/excel_online/outputs.tf create mode 100644 modules/azure/api_connectors/excel_online/variables.tf create mode 100644 modules/azure/api_connectors/sharepoint_online/connection.json create mode 100644 modules/azure/api_connectors/sharepoint_online/main.tf create mode 100644 modules/azure/api_connectors/sharepoint_online/outputs.tf create mode 100644 modules/azure/api_connectors/sharepoint_online/variables.tf diff --git a/modules/azure/api_connectors/arm_managed_identity/connection.json b/modules/azure/api_connectors/arm_managed_identity/connection.json new file mode 100644 index 00000000..323b5be9 --- /dev/null +++ b/modules/azure/api_connectors/arm_managed_identity/connection.json @@ -0,0 +1,36 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "String", + "metadata": { + "description": "location" + } + }, + "arm_connection_name": { + "type": "String", + "metadata": { + "description": "Name to use for this connection" + } + } + }, + "resources": [ + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[parameters('arm_connection_name')]", + "location": "[parameters('location')]", + "kind": "V1", + "properties": { + "displayName": "Arm connection", + "api": { + "name": "arm", + "id": "[format('{0}/providers/Microsoft.Web/locations/{1}/managedApis/arm', subscription().id, parameters('location'))]" + }, + "alternativeParameterValues": {}, + "parameterValueType": "Alternative" + } + } + ] +} \ No newline at end of file diff --git a/modules/azure/api_connectors/arm_managed_identity/main.tf b/modules/azure/api_connectors/arm_managed_identity/main.tf new file mode 100644 index 00000000..24373813 --- /dev/null +++ b/modules/azure/api_connectors/arm_managed_identity/main.tf @@ -0,0 +1,33 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.48" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group_template_deployment" "arm_managed_identity" { + name = "${var.connection_name}_deployment" + resource_group_name = var.resource_group_name + + template_content = file("./connection.json") + parameters_content = jsonencode({ + "arm_connection_name" = { + value = var.connection_name + } + "location" = { + value = var.location + } + }) + deployment_mode = "Incremental" +} + diff --git a/modules/azure/api_connectors/arm_managed_identity/outputs.tf b/modules/azure/api_connectors/arm_managed_identity/outputs.tf new file mode 100644 index 00000000..e1e4f872 --- /dev/null +++ b/modules/azure/api_connectors/arm_managed_identity/outputs.tf @@ -0,0 +1,3 @@ +output "name" { + value = var.connection_name +} \ No newline at end of file diff --git a/modules/azure/api_connectors/arm_managed_identity/variables.tf b/modules/azure/api_connectors/arm_managed_identity/variables.tf new file mode 100644 index 00000000..9b04e5e6 --- /dev/null +++ b/modules/azure/api_connectors/arm_managed_identity/variables.tf @@ -0,0 +1,14 @@ +variable "resource_group_name" { + type = string + description = "Resource group the connection should be placed in" +} + +variable "connection_name" { + type = string + description = "Name for the connection" +} + +variable "location" { + type = string + description = "The location of the connector, set by Azure if not provided and used to avoid deployment differences." +} diff --git a/modules/azure/api_connectors/excel_online/connection.json b/modules/azure/api_connectors/excel_online/connection.json new file mode 100644 index 00000000..3427a5bc --- /dev/null +++ b/modules/azure/api_connectors/excel_online/connection.json @@ -0,0 +1,33 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "String", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "location" + } + }, + "connection_name": { + "type": "String", + "metadata": { + "description": "Connection resource name to connect to an Excel Online." + } + } + }, + "resources": [ + { + "name": "[parameters('connection_name')]", + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "location": "[resourceGroup().location]", + "properties": { + "displayName": "Shared Excel Online Account", + "api": { + "id": "[concat(subscription().id, '/providers/Microsoft.Web/locations/', resourceGroup().location ,'/managedApis/excelonlinebusiness')]" + } + } + } + ] +} \ No newline at end of file diff --git a/modules/azure/api_connectors/excel_online/main.tf b/modules/azure/api_connectors/excel_online/main.tf new file mode 100644 index 00000000..d0d771d2 --- /dev/null +++ b/modules/azure/api_connectors/excel_online/main.tf @@ -0,0 +1,29 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.48" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group_template_deployment" "log_analytics" { + name = "${var.connection_name}_deployment" + resource_group_name = var.resource_group_name + + template_content = file("./connection.json") + parameters_content = jsonencode({ + "connection_name" = { + value = var.connection_name + } + }) + deployment_mode = "Incremental" +} diff --git a/modules/azure/api_connectors/excel_online/outputs.tf b/modules/azure/api_connectors/excel_online/outputs.tf new file mode 100644 index 00000000..f28257db --- /dev/null +++ b/modules/azure/api_connectors/excel_online/outputs.tf @@ -0,0 +1,3 @@ +output "name" { + value = var.connection_name +} diff --git a/modules/azure/api_connectors/excel_online/variables.tf b/modules/azure/api_connectors/excel_online/variables.tf new file mode 100644 index 00000000..541a77f5 --- /dev/null +++ b/modules/azure/api_connectors/excel_online/variables.tf @@ -0,0 +1,9 @@ +variable "resource_group_name" { + type = string + description = "Resource group this connection should be placed in" +} + +variable "connection_name" { + type = string + description = "The name the connection should have" +} diff --git a/modules/azure/api_connectors/sharepoint_online/connection.json b/modules/azure/api_connectors/sharepoint_online/connection.json new file mode 100644 index 00000000..ccd50e32 --- /dev/null +++ b/modules/azure/api_connectors/sharepoint_online/connection.json @@ -0,0 +1,33 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "String", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "location" + } + }, + "connection_name": { + "type": "String", + "metadata": { + "description": "Connection resource name to connect to an SharePoint Online." + } + } + }, + "resources": [ + { + "name": "[parameters('connection_name')]", + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "location": "[resourceGroup().location]", + "properties": { + "displayName": "Shared SharePoint Online Account", + "api": { + "id": "[concat(subscription().id, '/providers/Microsoft.Web/locations/', resourceGroup().location ,'/managedApis/sharepointonline')]" + } + } + } + ] +} \ No newline at end of file diff --git a/modules/azure/api_connectors/sharepoint_online/main.tf b/modules/azure/api_connectors/sharepoint_online/main.tf new file mode 100644 index 00000000..d0d771d2 --- /dev/null +++ b/modules/azure/api_connectors/sharepoint_online/main.tf @@ -0,0 +1,29 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.48" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group_template_deployment" "log_analytics" { + name = "${var.connection_name}_deployment" + resource_group_name = var.resource_group_name + + template_content = file("./connection.json") + parameters_content = jsonencode({ + "connection_name" = { + value = var.connection_name + } + }) + deployment_mode = "Incremental" +} diff --git a/modules/azure/api_connectors/sharepoint_online/outputs.tf b/modules/azure/api_connectors/sharepoint_online/outputs.tf new file mode 100644 index 00000000..f28257db --- /dev/null +++ b/modules/azure/api_connectors/sharepoint_online/outputs.tf @@ -0,0 +1,3 @@ +output "name" { + value = var.connection_name +} diff --git a/modules/azure/api_connectors/sharepoint_online/variables.tf b/modules/azure/api_connectors/sharepoint_online/variables.tf new file mode 100644 index 00000000..541a77f5 --- /dev/null +++ b/modules/azure/api_connectors/sharepoint_online/variables.tf @@ -0,0 +1,9 @@ +variable "resource_group_name" { + type = string + description = "Resource group this connection should be placed in" +} + +variable "connection_name" { + type = string + description = "The name the connection should have" +} From 5646cdf37b9ddf332c1ad784fd222ec5a8b930e1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 06:14:24 +0000 Subject: [PATCH 17/99] Bump github/codeql-action from 2 to 3 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/dummy-code-scanning.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/dummy-code-scanning.yaml b/.github/workflows/dummy-code-scanning.yaml index 22725e10..3c54e20f 100644 --- a/.github/workflows/dummy-code-scanning.yaml +++ b/.github/workflows/dummy-code-scanning.yaml @@ -20,14 +20,14 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: javascript packs: codeql/javascript-queries # Autobuild the language if possible - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 From e05dca7314a1615c1683a59ace953e1666b88aac Mon Sep 17 00:00:00 2001 From: Michal Pipal Date: Mon, 8 Jan 2024 08:56:47 +0100 Subject: [PATCH 18/99] Expose key vault secrets values as sensitive AB#18306 --- modules/azure/key_vault_secrets_put_once/main.tf | 10 ++++++++++ modules/azure/key_vault_secrets_put_once/outputs.tf | 7 +++++++ 2 files changed, 17 insertions(+) create mode 100644 modules/azure/key_vault_secrets_put_once/outputs.tf diff --git a/modules/azure/key_vault_secrets_put_once/main.tf b/modules/azure/key_vault_secrets_put_once/main.tf index 3cb4f3ee..2aad5bae 100644 --- a/modules/azure/key_vault_secrets_put_once/main.tf +++ b/modules/azure/key_vault_secrets_put_once/main.tf @@ -29,3 +29,13 @@ resource "azurerm_key_vault_secret" "secret" { ignore_changes = [value] } } + +data "azurerm_key_vault_secret" "secrets" { + for_each = { + for index, secret in nonsensitive(var.secrets) : + secret.secret_name => secret + } + + name = each.value.secret_name + key_vault_id = var.key_vault_id +} diff --git a/modules/azure/key_vault_secrets_put_once/outputs.tf b/modules/azure/key_vault_secrets_put_once/outputs.tf new file mode 100644 index 00000000..f22ae46e --- /dev/null +++ b/modules/azure/key_vault_secrets_put_once/outputs.tf @@ -0,0 +1,7 @@ +output "secrets" { + value = { + for prop in values(data.azurerm_key_vault_secret.secrets)[*] : + prop.name => prop.value + } + sensitive = true +} From 538fd6c441ed5857bff1b235fec114fb82f097e2 Mon Sep 17 00:00:00 2001 From: Michal Pipal Date: Tue, 9 Jan 2024 11:51:44 +0100 Subject: [PATCH 19/99] Removed unnecessary data module --- modules/azure/key_vault_secrets_put_once/main.tf | 10 ---------- modules/azure/key_vault_secrets_put_once/outputs.tf | 2 +- 2 files changed, 1 insertion(+), 11 deletions(-) diff --git a/modules/azure/key_vault_secrets_put_once/main.tf b/modules/azure/key_vault_secrets_put_once/main.tf index 2aad5bae..3cb4f3ee 100644 --- a/modules/azure/key_vault_secrets_put_once/main.tf +++ b/modules/azure/key_vault_secrets_put_once/main.tf @@ -29,13 +29,3 @@ resource "azurerm_key_vault_secret" "secret" { ignore_changes = [value] } } - -data "azurerm_key_vault_secret" "secrets" { - for_each = { - for index, secret in nonsensitive(var.secrets) : - secret.secret_name => secret - } - - name = each.value.secret_name - key_vault_id = var.key_vault_id -} diff --git a/modules/azure/key_vault_secrets_put_once/outputs.tf b/modules/azure/key_vault_secrets_put_once/outputs.tf index f22ae46e..c615db1b 100644 --- a/modules/azure/key_vault_secrets_put_once/outputs.tf +++ b/modules/azure/key_vault_secrets_put_once/outputs.tf @@ -1,6 +1,6 @@ output "secrets" { value = { - for prop in values(data.azurerm_key_vault_secret.secrets)[*] : + for prop in values(resource.azurerm_key_vault_secret.secret)[*] : prop.name => prop.value } sensitive = true From 452eacdf611f762c8f597be37871593d3614367b Mon Sep 17 00:00:00 2001 From: zjanura Date: Wed, 10 Jan 2024 15:31:56 +0100 Subject: [PATCH 20/99] APIM API output audience --- modules/azure/api_management_api/outputs.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/azure/api_management_api/outputs.tf b/modules/azure/api_management_api/outputs.tf index bcfb01c9..963d53ad 100644 --- a/modules/azure/api_management_api/outputs.tf +++ b/modules/azure/api_management_api/outputs.tf @@ -13,3 +13,7 @@ output "application_id" { output "default_role" { value = azuread_application.application.app_role_ids["Default.Access"] } + +output "api_audience" { + value = azuread_application.application.identifier_uris +} From 42f8ca9e51814cf893debc8d6e0b213a94c15bdf Mon Sep 17 00:00:00 2001 From: zjanura Date: Wed, 10 Jan 2024 15:55:47 +0100 Subject: [PATCH 21/99] output variable for all and just first one --- modules/azure/api_management_api/outputs.tf | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/azure/api_management_api/outputs.tf b/modules/azure/api_management_api/outputs.tf index 963d53ad..22b6a224 100644 --- a/modules/azure/api_management_api/outputs.tf +++ b/modules/azure/api_management_api/outputs.tf @@ -14,6 +14,10 @@ output "default_role" { value = azuread_application.application.app_role_ids["Default.Access"] } -output "api_audience" { +output "api_audiences" { value = azuread_application.application.identifier_uris } + +output "api_audience" { + value = azuread_application.application.identifier_uris[0] +} From 4af1f20dfa9a9b61d764e6a9586fddff4abc5836 Mon Sep 17 00:00:00 2001 From: zjanura Date: Wed, 10 Jan 2024 16:06:40 +0100 Subject: [PATCH 22/99] fix of set error as suggested --- modules/azure/api_management_api/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/api_management_api/outputs.tf b/modules/azure/api_management_api/outputs.tf index 22b6a224..85263e2e 100644 --- a/modules/azure/api_management_api/outputs.tf +++ b/modules/azure/api_management_api/outputs.tf @@ -19,5 +19,5 @@ output "api_audiences" { } output "api_audience" { - value = azuread_application.application.identifier_uris[0] + value = "api://${local.app_api_endpoint}" } From 1a65f82cc3e9c557d9ac0be466c496cf1d5c1339 Mon Sep 17 00:00:00 2001 From: zjanura Date: Fri, 12 Jan 2024 17:10:17 +0100 Subject: [PATCH 23/99] linux function output audience --- modules/azure/function_app_linux_managed_identity/outputs.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/azure/function_app_linux_managed_identity/outputs.tf b/modules/azure/function_app_linux_managed_identity/outputs.tf index 60a44582..3ebc4879 100644 --- a/modules/azure/function_app_linux_managed_identity/outputs.tf +++ b/modules/azure/function_app_linux_managed_identity/outputs.tf @@ -13,3 +13,7 @@ output "id" { output "aad_application_name" { value = var.managed_identity_provider.existing == null ? "api://${var.managed_identity_provider.create.application_name}" : null } + +output "api_audience" { + value = tolist(tolist(tolist(data.azurerm_linux_function_app.function_app.auth_settings)[0].active_directory)[0].allowed_audiences)[0] +} From 95f1fbbc049782ca272334d5a4a3e69a9808b31b Mon Sep 17 00:00:00 2001 From: zjanura Date: Mon, 15 Jan 2024 12:33:53 +0100 Subject: [PATCH 24/99] update of allowed audiences --- modules/azure/function_app_linux_managed_identity/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/function_app_linux_managed_identity/outputs.tf b/modules/azure/function_app_linux_managed_identity/outputs.tf index 3ebc4879..a839cb66 100644 --- a/modules/azure/function_app_linux_managed_identity/outputs.tf +++ b/modules/azure/function_app_linux_managed_identity/outputs.tf @@ -15,5 +15,5 @@ output "aad_application_name" { } output "api_audience" { - value = tolist(tolist(tolist(data.azurerm_linux_function_app.function_app.auth_settings)[0].active_directory)[0].allowed_audiences)[0] + value = concat(local.identifiers, var.managed_identity_provider.allowed_audiences != null ? var.managed_identity_provider.allowed_audiences : []) } From 6f50333116d81b1fb94a99f96c5cb3e843e15f64 Mon Sep 17 00:00:00 2001 From: zjanura Date: Mon, 15 Jan 2024 12:57:13 +0100 Subject: [PATCH 25/99] simplified version of allowed audiences --- modules/azure/function_app_linux_managed_identity/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/function_app_linux_managed_identity/outputs.tf b/modules/azure/function_app_linux_managed_identity/outputs.tf index a839cb66..b1298fcc 100644 --- a/modules/azure/function_app_linux_managed_identity/outputs.tf +++ b/modules/azure/function_app_linux_managed_identity/outputs.tf @@ -15,5 +15,5 @@ output "aad_application_name" { } output "api_audience" { - value = concat(local.identifiers, var.managed_identity_provider.allowed_audiences != null ? var.managed_identity_provider.allowed_audiences : []) + value = local.allowed_audiences } From 7f8748404f92ead9d160eff04725f42f9377cbd4 Mon Sep 17 00:00:00 2001 From: zjanura Date: Tue, 16 Jan 2024 15:38:53 +0100 Subject: [PATCH 26/99] api_audience and api_audiences update --- .../azure/function_app_linux_managed_identity/outputs.tf | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/azure/function_app_linux_managed_identity/outputs.tf b/modules/azure/function_app_linux_managed_identity/outputs.tf index b1298fcc..a9f80654 100644 --- a/modules/azure/function_app_linux_managed_identity/outputs.tf +++ b/modules/azure/function_app_linux_managed_identity/outputs.tf @@ -14,6 +14,10 @@ output "aad_application_name" { value = var.managed_identity_provider.existing == null ? "api://${var.managed_identity_provider.create.application_name}" : null } -output "api_audience" { +output "api_audiences" { value = local.allowed_audiences } + +output "api_audience" { + value = "api://${var.managed_identity_provider.create.application_name}" +} From c78d2550576d48e412ce734dbc4d0dc646d171c9 Mon Sep 17 00:00:00 2001 From: zjanura Date: Tue, 16 Jan 2024 16:53:02 +0100 Subject: [PATCH 27/99] updated api audience - removed as its gonna be same as aad_application_name --- .../azure/function_app_linux_managed_identity/outputs.tf | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/modules/azure/function_app_linux_managed_identity/outputs.tf b/modules/azure/function_app_linux_managed_identity/outputs.tf index a9f80654..5d462966 100644 --- a/modules/azure/function_app_linux_managed_identity/outputs.tf +++ b/modules/azure/function_app_linux_managed_identity/outputs.tf @@ -16,8 +16,4 @@ output "aad_application_name" { output "api_audiences" { value = local.allowed_audiences -} - -output "api_audience" { - value = "api://${var.managed_identity_provider.create.application_name}" -} +} \ No newline at end of file From 49a6b4c53e5978fa1e8f5cfdea53c21d38732ad9 Mon Sep 17 00:00:00 2001 From: Michal Pipal Date: Mon, 22 Jan 2024 14:26:57 +0100 Subject: [PATCH 28/99] Fixed typo in the logic app output --- modules/azure/logic_app/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/logic_app/outputs.tf b/modules/azure/logic_app/outputs.tf index e0ba415e..817ef326 100644 --- a/modules/azure/logic_app/outputs.tf +++ b/modules/azure/logic_app/outputs.tf @@ -2,7 +2,7 @@ output "principal_id" { value = var.use_managed_identity ? azurerm_logic_app_workflow.workflow.identity[0].principal_id : null } -output "enpoint" { +output "endpoint" { value = azurerm_logic_app_workflow.workflow.access_endpoint } output "id" { From 0c00639455ba9c118aab3e8b1089ff0110142f6f Mon Sep 17 00:00:00 2001 From: Michal Pipal <73311540+pipalmic@users.noreply.github.com> Date: Mon, 22 Jan 2024 16:15:39 +0100 Subject: [PATCH 29/99] Update modules/azure/logic_app/outputs.tf Co-authored-by: tom-reinders --- modules/azure/logic_app/outputs.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/azure/logic_app/outputs.tf b/modules/azure/logic_app/outputs.tf index 817ef326..76e52fc8 100644 --- a/modules/azure/logic_app/outputs.tf +++ b/modules/azure/logic_app/outputs.tf @@ -2,6 +2,11 @@ output "principal_id" { value = var.use_managed_identity ? azurerm_logic_app_workflow.workflow.identity[0].principal_id : null } +# Deprecated output +output "enpoint" { + value = azurerm_logic_app_workflow.workflow.access_endpoint +} + output "endpoint" { value = azurerm_logic_app_workflow.workflow.access_endpoint } From 34611c6200a11c2bcd27614a28ba328f692eb59d Mon Sep 17 00:00:00 2001 From: zjanura Date: Wed, 31 Jan 2024 15:28:30 +0100 Subject: [PATCH 30/99] function app part of security groups --- .../main.tf | 20 ++++++++++++++++--- .../variables.tf | 1 + 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/modules/azure/function_app_linux_managed_identity/main.tf b/modules/azure/function_app_linux_managed_identity/main.tf index ef8f7de1..c9ef60c7 100644 --- a/modules/azure/function_app_linux_managed_identity/main.tf +++ b/modules/azure/function_app_linux_managed_identity/main.tf @@ -32,9 +32,10 @@ provider "null" { } locals { - should_create_app = var.managed_identity_provider.existing != null ? false : true - identifiers = concat(local.should_create_app ? ["api://${var.managed_identity_provider.create.application_name}"] : [], var.managed_identity_provider.identifier_uris != null ? var.managed_identity_provider.identifier_uris : []) - allowed_audiences = concat(local.identifiers, var.managed_identity_provider.allowed_audiences != null ? var.managed_identity_provider.allowed_audiences : []) + should_create_app = var.managed_identity_provider.existing != null ? false : true + should_assign_group = var.managed_identity_provider.create.group_id != null ? true : false + identifiers = concat(local.should_create_app ? ["api://${var.managed_identity_provider.create.application_name}"] : [], var.managed_identity_provider.identifier_uris != null ? var.managed_identity_provider.identifier_uris : []) + allowed_audiences = concat(local.identifiers, var.managed_identity_provider.allowed_audiences != null ? var.managed_identity_provider.allowed_audiences : []) } # Function App @@ -208,6 +209,19 @@ resource "azuread_application" "application" { } } +resource "azuread_service_principal" "application" { + count = local.should_assign_group ? 1 : 0 + application_id = azuread_application.application[0].application_id + app_role_assignment_required = false + owners = [data.azuread_client_config.current.object_id] +} + +resource "azuread_group_member" "registered_app_member" { + count = local.should_assign_group ? 1 : 0 + group_object_id = var.managed_identity_provider.create.group_id + member_object_id = azuread_service_principal.application[0].object_id +} + resource "azuread_application_password" "password" { count = local.should_create_app ? 1 : 0 application_object_id = azuread_application.application[0].object_id diff --git a/modules/azure/function_app_linux_managed_identity/variables.tf b/modules/azure/function_app_linux_managed_identity/variables.tf index bab5925d..6c66886d 100644 --- a/modules/azure/function_app_linux_managed_identity/variables.tf +++ b/modules/azure/function_app_linux_managed_identity/variables.tf @@ -33,6 +33,7 @@ variable "managed_identity_provider" { }) owners = optional(list(string)) # Deployment user will be added as owner by default redirect_uris = optional(list(string)) # Only for additional URIs, function uri will be added by default + group_id = optional(string) # Group ID where service principal of the existing application will belong to })) identifier_uris = optional(list(string)) # api:// will be added by default if application is create allowed_audiences = optional(list(string)) # api:// will be added by default From 6ae3322703a0ec068d79134b37a6d47ed335772b Mon Sep 17 00:00:00 2001 From: zjanura Date: Wed, 31 Jan 2024 15:31:41 +0100 Subject: [PATCH 31/99] fix of formating --- modules/azure/function_app_linux_managed_identity/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/azure/function_app_linux_managed_identity/main.tf b/modules/azure/function_app_linux_managed_identity/main.tf index c9ef60c7..3913ab0b 100644 --- a/modules/azure/function_app_linux_managed_identity/main.tf +++ b/modules/azure/function_app_linux_managed_identity/main.tf @@ -217,9 +217,9 @@ resource "azuread_service_principal" "application" { } resource "azuread_group_member" "registered_app_member" { - count = local.should_assign_group ? 1 : 0 - group_object_id = var.managed_identity_provider.create.group_id - member_object_id = azuread_service_principal.application[0].object_id + count = local.should_assign_group ? 1 : 0 + group_object_id = var.managed_identity_provider.create.group_id + member_object_id = azuread_service_principal.application[0].object_id } resource "azuread_application_password" "password" { From d68cc8f611be43704b594b2c314b1713586b8923 Mon Sep 17 00:00:00 2001 From: Szymon Rozek Date: Fri, 2 Feb 2024 13:42:17 +0100 Subject: [PATCH 32/99] add output modification --- modules/azure/key_vault_secrets_put_once/outputs.tf | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/azure/key_vault_secrets_put_once/outputs.tf b/modules/azure/key_vault_secrets_put_once/outputs.tf index c615db1b..ea625e3a 100644 --- a/modules/azure/key_vault_secrets_put_once/outputs.tf +++ b/modules/azure/key_vault_secrets_put_once/outputs.tf @@ -1,7 +1,10 @@ output "secrets" { value = { for prop in values(resource.azurerm_key_vault_secret.secret)[*] : - prop.name => prop.value + prop.name => { + value = prop.value + id = prop.id + } } sensitive = true -} +} \ No newline at end of file From fcb54a7c7a40c44318cb0fbe311d1808aa85cca1 Mon Sep 17 00:00:00 2001 From: Szymon Rozek Date: Fri, 2 Feb 2024 13:44:16 +0100 Subject: [PATCH 33/99] format --- modules/azure/key_vault_secrets_put_once/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/key_vault_secrets_put_once/outputs.tf b/modules/azure/key_vault_secrets_put_once/outputs.tf index ea625e3a..0ed36abd 100644 --- a/modules/azure/key_vault_secrets_put_once/outputs.tf +++ b/modules/azure/key_vault_secrets_put_once/outputs.tf @@ -3,7 +3,7 @@ output "secrets" { for prop in values(resource.azurerm_key_vault_secret.secret)[*] : prop.name => { value = prop.value - id = prop.id + id = prop.id } } sensitive = true From 41751f62b48cb4efaa8721a4a0ff8427bab9381e Mon Sep 17 00:00:00 2001 From: Szymon Rozek Date: Mon, 5 Feb 2024 12:22:22 +0100 Subject: [PATCH 34/99] add versionless id --- modules/azure/key_vault_secrets_put_once/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/key_vault_secrets_put_once/outputs.tf b/modules/azure/key_vault_secrets_put_once/outputs.tf index 0ed36abd..9fb09c3e 100644 --- a/modules/azure/key_vault_secrets_put_once/outputs.tf +++ b/modules/azure/key_vault_secrets_put_once/outputs.tf @@ -3,7 +3,7 @@ output "secrets" { for prop in values(resource.azurerm_key_vault_secret.secret)[*] : prop.name => { value = prop.value - id = prop.id + id = prop.versionless_id } } sensitive = true From a8163f764e0c67033864f87c3a9a55d30b294ec1 Mon Sep 17 00:00:00 2001 From: Szymon Rozek Date: Mon, 5 Feb 2024 12:22:46 +0100 Subject: [PATCH 35/99] versionlessid --- modules/azure/key_vault_secrets_put_once/outputs.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/azure/key_vault_secrets_put_once/outputs.tf b/modules/azure/key_vault_secrets_put_once/outputs.tf index 9fb09c3e..cb5095af 100644 --- a/modules/azure/key_vault_secrets_put_once/outputs.tf +++ b/modules/azure/key_vault_secrets_put_once/outputs.tf @@ -2,8 +2,8 @@ output "secrets" { value = { for prop in values(resource.azurerm_key_vault_secret.secret)[*] : prop.name => { - value = prop.value - id = prop.versionless_id + value = prop.value + versionlessid = prop.versionless_id } } sensitive = true From 53368995cde2c9977122774787569d2b3dfb076c Mon Sep 17 00:00:00 2001 From: Szymon Rozek Date: Mon, 5 Feb 2024 12:25:18 +0100 Subject: [PATCH 36/99] fmt --- modules/azure/key_vault_secrets_put_once/outputs.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/azure/key_vault_secrets_put_once/outputs.tf b/modules/azure/key_vault_secrets_put_once/outputs.tf index cb5095af..9a4ba47d 100644 --- a/modules/azure/key_vault_secrets_put_once/outputs.tf +++ b/modules/azure/key_vault_secrets_put_once/outputs.tf @@ -2,8 +2,8 @@ output "secrets" { value = { for prop in values(resource.azurerm_key_vault_secret.secret)[*] : prop.name => { - value = prop.value - versionlessid = prop.versionless_id + value = prop.value + versionlessid = prop.versionless_id } } sensitive = true From fe61dbf762d9500a1693262f14d82a7964068348 Mon Sep 17 00:00:00 2001 From: zjanura Date: Mon, 5 Feb 2024 16:29:50 +0100 Subject: [PATCH 37/99] apim part of security groups --- modules/azure/api_management_api/main.tf | 16 +++++++++++++++- modules/azure/api_management_api/variables.tf | 6 ++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/modules/azure/api_management_api/main.tf b/modules/azure/api_management_api/main.tf index cfcea96a..3f95805d 100644 --- a/modules/azure/api_management_api/main.tf +++ b/modules/azure/api_management_api/main.tf @@ -21,7 +21,8 @@ provider "azurerm" { locals { //Do this if statement here instead of twice for both api:// settings - app_api_endpoint = var.app_api_endpoint != null ? var.app_api_endpoint : "${lower(replace(var.application_name, " ", "-"))}" + app_api_endpoint = var.app_api_endpoint != null ? var.app_api_endpoint : "${lower(replace(var.application_name, " ", "-"))}" + should_assign_group = var.group_id != null ? true : false } ####################################################### @@ -312,6 +313,19 @@ resource "azurerm_api_management_authorization_server" "oauth2" { } +resource "azuread_service_principal" "application" { + count = local.should_assign_group ? 1 : 0 + application_id = azuread_application.application.application_id + app_role_assignment_required = false + owners = [data.azuread_client_config.current.object_id] +} + +resource "azuread_group_member" "registered_app_member" { + count = local.should_assign_group ? 1 : 0 + group_object_id = var.group_id + member_object_id = azuread_service_principal.application[0].object_id +} + resource "azuread_application_password" "password" { application_object_id = azuread_application.application.object_id } diff --git a/modules/azure/api_management_api/variables.tf b/modules/azure/api_management_api/variables.tf index ced165fe..7ba08013 100644 --- a/modules/azure/api_management_api/variables.tf +++ b/modules/azure/api_management_api/variables.tf @@ -43,6 +43,12 @@ variable "owners" { default = [] } +variable "group_id" { + type = string + description = "Group ID where service principal of the existing application will belong to" + default = null +} + variable "api_management_logger_id" { type = string description = "The Id of the API management Logger" From 879ebacaac5993882f48a4d13c8300399232c487 Mon Sep 17 00:00:00 2001 From: Szymon Rozek Date: Thu, 8 Feb 2024 14:47:33 +0100 Subject: [PATCH 38/99] add secret to the output for the apim --- modules/azure/api_management/outputs.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/azure/api_management/outputs.tf b/modules/azure/api_management/outputs.tf index 1b3bc7bd..53acf4a0 100644 --- a/modules/azure/api_management/outputs.tf +++ b/modules/azure/api_management/outputs.tf @@ -20,4 +20,9 @@ output "developer_portal_url" { output "public_ip_addresses" { value = azurerm_api_management.api_management.public_ip_addresses +} + +output "app_registration_secret" { + value = azuread_application_password.password.value + sensitive = true } \ No newline at end of file From f892d8ccbf3be14522d5f701d2c80c687b4c65ef Mon Sep 17 00:00:00 2001 From: Szymon Rozek Date: Thu, 8 Feb 2024 14:51:31 +0100 Subject: [PATCH 39/99] fmt --- modules/azure/api_management/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/api_management/outputs.tf b/modules/azure/api_management/outputs.tf index 53acf4a0..2313a76c 100644 --- a/modules/azure/api_management/outputs.tf +++ b/modules/azure/api_management/outputs.tf @@ -23,6 +23,6 @@ output "public_ip_addresses" { } output "app_registration_secret" { - value = azuread_application_password.password.value + value = azuread_application_password.password.value sensitive = true } \ No newline at end of file From 0edfcec75e953441f320895fdf6f744ee3085141 Mon Sep 17 00:00:00 2001 From: Bart Wesselink Date: Thu, 8 Feb 2024 15:23:16 +0100 Subject: [PATCH 40/99] Update CODEOWNERS --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 222e0551..85e99fff 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -3,4 +3,4 @@ # More details are here: https://help.github.com/articles/about-codeowners/ # Default owners for everything in the repository -* @recognizegroup/team-technology @tom-reinders +* @tom-reinders From 16ba63fd7b93012899961d5442d46b0a03455868 Mon Sep 17 00:00:00 2001 From: Szymon Rozek Date: Mon, 19 Feb 2024 15:15:11 +0100 Subject: [PATCH 41/99] add usage of dotnet version in linux app --- modules/azure/function_app_linux_managed_identity/main.tf | 7 +++++++ .../azure/function_app_linux_managed_identity/variables.tf | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/modules/azure/function_app_linux_managed_identity/main.tf b/modules/azure/function_app_linux_managed_identity/main.tf index 3913ab0b..d05644aa 100644 --- a/modules/azure/function_app_linux_managed_identity/main.tf +++ b/modules/azure/function_app_linux_managed_identity/main.tf @@ -53,6 +53,13 @@ resource "azurerm_linux_function_app" "function_app" { MICROSOFT_PROVIDER_AUTHENTICATION_SECRET = "${local.should_create_app ? azuread_application_password.password[0].value : var.managed_identity_provider.existing.client_secret}" }) + dynamic "application_stack" { + for_each = var.dotnet_version != "" ? [var.dotnet_version] : [] + content { + dotnet_version = application_stack.value + } + } + site_config { always_on = var.always_on vnet_route_all_enabled = var.route_all_outbound_traffic diff --git a/modules/azure/function_app_linux_managed_identity/variables.tf b/modules/azure/function_app_linux_managed_identity/variables.tf index 6c66886d..fd14386b 100644 --- a/modules/azure/function_app_linux_managed_identity/variables.tf +++ b/modules/azure/function_app_linux_managed_identity/variables.tf @@ -13,6 +13,12 @@ variable "name" { description = "Specifies the name of the function app." } +variable "dotnet_version" { + type = string + description = "Specifies the version of dotnet." + default = "" +} + variable "managed_identity_provider" { type = object({ existing = optional(object({ From 6947a8fce1c7a8ddacb3b8586dbb270de5264a8b Mon Sep 17 00:00:00 2001 From: Szymon Rozek Date: Mon, 19 Feb 2024 15:26:04 +0100 Subject: [PATCH 42/99] add in proper place --- .../function_app_linux_managed_identity/main.tf | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/modules/azure/function_app_linux_managed_identity/main.tf b/modules/azure/function_app_linux_managed_identity/main.tf index d05644aa..17782070 100644 --- a/modules/azure/function_app_linux_managed_identity/main.tf +++ b/modules/azure/function_app_linux_managed_identity/main.tf @@ -52,19 +52,18 @@ resource "azurerm_linux_function_app" "function_app" { app_settings = merge(var.app_settings, { MICROSOFT_PROVIDER_AUTHENTICATION_SECRET = "${local.should_create_app ? azuread_application_password.password[0].value : var.managed_identity_provider.existing.client_secret}" }) - - dynamic "application_stack" { - for_each = var.dotnet_version != "" ? [var.dotnet_version] : [] - content { - dotnet_version = application_stack.value - } - } - site_config { always_on = var.always_on vnet_route_all_enabled = var.route_all_outbound_traffic use_32_bit_worker = var.use_32_bit_worker + dynamic "application_stack" { + for_each = var.dotnet_version != "" ? [var.dotnet_version] : [] + content { + dotnet_version = application_stack.value + } + } + dynamic "ip_restriction" { for_each = var.ip_restrictions From 7fe756e5fe655436033b2dd9386acc8958ee5d50 Mon Sep 17 00:00:00 2001 From: Szymon Rozek Date: Mon, 19 Feb 2024 15:37:32 +0100 Subject: [PATCH 43/99] add isolated option --- modules/azure/function_app_linux_managed_identity/main.tf | 3 ++- .../azure/function_app_linux_managed_identity/variables.tf | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/azure/function_app_linux_managed_identity/main.tf b/modules/azure/function_app_linux_managed_identity/main.tf index 17782070..347a9305 100644 --- a/modules/azure/function_app_linux_managed_identity/main.tf +++ b/modules/azure/function_app_linux_managed_identity/main.tf @@ -60,7 +60,8 @@ resource "azurerm_linux_function_app" "function_app" { dynamic "application_stack" { for_each = var.dotnet_version != "" ? [var.dotnet_version] : [] content { - dotnet_version = application_stack.value + dotnet_version = application_stack.value + dotnet_isolated = var.dotnet_isolated } } diff --git a/modules/azure/function_app_linux_managed_identity/variables.tf b/modules/azure/function_app_linux_managed_identity/variables.tf index fd14386b..7e94dac5 100644 --- a/modules/azure/function_app_linux_managed_identity/variables.tf +++ b/modules/azure/function_app_linux_managed_identity/variables.tf @@ -19,6 +19,12 @@ variable "dotnet_version" { default = "" } +variable "dotnet_isolated" { + type = string + description = "Specifies the version of dotnet." + default = false +} + variable "managed_identity_provider" { type = object({ existing = optional(object({ From 8e1fffe5af356c9313cabc8dd800298bebcc81d8 Mon Sep 17 00:00:00 2001 From: Szymon Rozek Date: Mon, 19 Feb 2024 15:38:48 +0100 Subject: [PATCH 44/99] add isolated --- modules/azure/function_app_linux_managed_identity/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/function_app_linux_managed_identity/variables.tf b/modules/azure/function_app_linux_managed_identity/variables.tf index 7e94dac5..66bb44e24 100644 --- a/modules/azure/function_app_linux_managed_identity/variables.tf +++ b/modules/azure/function_app_linux_managed_identity/variables.tf @@ -21,7 +21,7 @@ variable "dotnet_version" { variable "dotnet_isolated" { type = string - description = "Specifies the version of dotnet." + description = "Specifies if it is isolated function app." default = false } From 8a0f60db8d08961ab6b9cb43bc04ebf2fe4bb1c9 Mon Sep 17 00:00:00 2001 From: Szymon Rozek Date: Mon, 19 Feb 2024 15:44:20 +0100 Subject: [PATCH 45/99] add proper property name --- modules/azure/function_app_linux_managed_identity/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/azure/function_app_linux_managed_identity/main.tf b/modules/azure/function_app_linux_managed_identity/main.tf index 347a9305..965f4208 100644 --- a/modules/azure/function_app_linux_managed_identity/main.tf +++ b/modules/azure/function_app_linux_managed_identity/main.tf @@ -60,8 +60,8 @@ resource "azurerm_linux_function_app" "function_app" { dynamic "application_stack" { for_each = var.dotnet_version != "" ? [var.dotnet_version] : [] content { - dotnet_version = application_stack.value - dotnet_isolated = var.dotnet_isolated + dotnet_version = application_stack.value + use_dotnet_isolated_runtime = var.dotnet_isolated } } From b6c2f23e8a22d502e3f1ef797882109640fc0af2 Mon Sep 17 00:00:00 2001 From: Szymon Rozek Date: Mon, 19 Feb 2024 15:55:22 +0100 Subject: [PATCH 46/99] format --- modules/azure/function_app_linux_managed_identity/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/azure/function_app_linux_managed_identity/main.tf b/modules/azure/function_app_linux_managed_identity/main.tf index 965f4208..725dabef 100644 --- a/modules/azure/function_app_linux_managed_identity/main.tf +++ b/modules/azure/function_app_linux_managed_identity/main.tf @@ -60,8 +60,8 @@ resource "azurerm_linux_function_app" "function_app" { dynamic "application_stack" { for_each = var.dotnet_version != "" ? [var.dotnet_version] : [] content { - dotnet_version = application_stack.value - use_dotnet_isolated_runtime = var.dotnet_isolated + dotnet_version = application_stack.value + use_dotnet_isolated_runtime = var.dotnet_isolated } } From c8a8d3911a6d7e8bec4f40e8a497b84421194558 Mon Sep 17 00:00:00 2001 From: zjanura <114403818+zjanura@users.noreply.github.com> Date: Wed, 28 Feb 2024 19:22:01 +0100 Subject: [PATCH 47/99] add bicep build command via terragrunt for logic app AB#19115 (#394) * add bicep build command via terragrunt for logic app * formatting improved * simplification of bicep build * new logic app bicep module * small update * update of condition --------- Co-authored-by: zjanura --- modules/azure/logic_app_bicep/main.tf | 134 +++++++++++++++++++++ modules/azure/logic_app_bicep/outputs.tf | 15 +++ modules/azure/logic_app_bicep/variables.tf | 80 ++++++++++++ 3 files changed, 229 insertions(+) create mode 100644 modules/azure/logic_app_bicep/main.tf create mode 100644 modules/azure/logic_app_bicep/outputs.tf create mode 100644 modules/azure/logic_app_bicep/variables.tf diff --git a/modules/azure/logic_app_bicep/main.tf b/modules/azure/logic_app_bicep/main.tf new file mode 100644 index 00000000..ee28f0a4 --- /dev/null +++ b/modules/azure/logic_app_bicep/main.tf @@ -0,0 +1,134 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.48" + } + + local = { + source = "hashicorp/local" + version = "2.4.1" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features {} +} + +locals { + // Remove need for specifying the "value" field for every parameter + parameters_content = { + for key, value in var.arm_parameters : + key => { "value" = value } + } + + do_bicep_build = var.templates_files.bicep_path != null ? true : false +} + +resource "azurerm_logic_app_workflow" "workflow" { + name = var.logic_app_name + location = var.location + resource_group_name = var.resource_group_name + enabled = var.enabled + + dynamic "identity" { + for_each = var.use_managed_identity ? [1] : [] + content { + type = "SystemAssigned" + } + } + + dynamic "access_control" { + for_each = length(var.trigger_oauth_policy_claims) > 0 ? [1] : [] + content { + trigger { + allowed_caller_ip_address_range = var.trigger_ip_address_range + open_authentication_policy { + name = "Default" + dynamic "claim" { + for_each = var.trigger_oauth_policy_claims + content { + name = claim.key + value = claim.value + } + } + } + } + } + } +} + +// Deploy workflow as ARM template conditional when arm_template_path is specified +// To export the ARM template from the Azure portal go to Logic App > Automation > Export Template +resource "azurerm_resource_group_template_deployment" "workflow_deployment" { + count = (var.templates_files.arm_template_path == null && var.templates_files.bicep_path == null) ? 0 : 1 + name = "${var.logic_app_name}-deployment" + resource_group_name = var.resource_group_name + deployment_mode = "Incremental" + template_content = var.templates_files.arm_template_path != null ? file(var.templates_files.arm_template_path) : data.local_file.workflow_json.content + parameters_content = jsonencode(local.parameters_content) + + depends_on = [azurerm_logic_app_workflow.workflow] +} + +data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" { + count = var.log_analytics_workspace_id == null ? 0 : 1 + resource_id = azurerm_logic_app_workflow.workflow.id +} + +// Write logs and metrics to log analytics if specified +resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" { + count = var.log_analytics_workspace_id == null ? 0 : 1 + name = "diag-${var.logic_app_name}" + target_resource_id = azurerm_logic_app_workflow.workflow.id + log_analytics_workspace_id = var.log_analytics_workspace_id + + // TODO: not yet implemented by Azure + // log_analytics_destination_type = "Dedicated" + + dynamic "enabled_log" { + for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].log_category_types + + content { + category = enabled_log.value + + retention_policy { + enabled = false + } + } + } + + dynamic "metric" { + for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].metrics + + content { + category = metric.value + enabled = true + + retention_policy { + enabled = false + } + } + } +} + +resource "null_resource" "bicep_build" { + count = local.do_bicep_build ? 1 : 0 + triggers = { + timestamp = "${timestamp()}" # by setting the timestamp we will make it running every time + } + provisioner "local-exec" { + command = "az bicep build --file ${var.templates_files.bicep_path}" + working_dir = var.module_dir + } +} + +data "local_file" "workflow_json" { + depends_on = [null_resource.bicep_build] + filename = "${var.module_dir}/workflow.json" +} diff --git a/modules/azure/logic_app_bicep/outputs.tf b/modules/azure/logic_app_bicep/outputs.tf new file mode 100644 index 00000000..76e52fc8 --- /dev/null +++ b/modules/azure/logic_app_bicep/outputs.tf @@ -0,0 +1,15 @@ +output "principal_id" { + value = var.use_managed_identity ? azurerm_logic_app_workflow.workflow.identity[0].principal_id : null +} + +# Deprecated output +output "enpoint" { + value = azurerm_logic_app_workflow.workflow.access_endpoint +} + +output "endpoint" { + value = azurerm_logic_app_workflow.workflow.access_endpoint +} +output "id" { + value = azurerm_logic_app_workflow.workflow.id +} diff --git a/modules/azure/logic_app_bicep/variables.tf b/modules/azure/logic_app_bicep/variables.tf new file mode 100644 index 00000000..03357c2a --- /dev/null +++ b/modules/azure/logic_app_bicep/variables.tf @@ -0,0 +1,80 @@ +variable "location" { + type = string + description = "A datacenter location in Azure." +} + +variable "resource_group_name" { + type = string + description = "Name of the resource group." +} + +variable "logic_app_name" { + type = string + description = "Specifies the name of the Log Analytics Workspace." +} + +variable "arm_parameters" { + type = any + description = "Parameter values for the ARM template." + default = {} +} + +variable "templates_files" { + type = object({ + bicep_path = optional(string), + arm_template_path = optional(string) + }) + + default = { + bicep_path = null + arm_template_path = null + } + + validation { + condition = ((var.templates_files.bicep_path == null && var.templates_files.arm_template_path != null) || (var.templates_files.bicep_path != null && var.templates_files.arm_template_path == null)) + error_message = "One of these (bicep_path, arm_template_path) needs to be set " + } +} + +# it is neccessary for the creation of workflow.json localy using bicep +variable "module_dir" { + type = string + description = "Module direcory" + default = "." +} + +variable "log_analytics_workspace_id" { + type = string + description = "Specifies the ID of a Log Analytics Workspace where diagnostics data should be sent." + default = null +} + +variable "log_retention_days" { + type = number + description = "Number of days for which logs and metrics will be saved." + default = 30 +} + +variable "enabled" { + type = bool + description = "If this workflow should be enabled by default or not, defaults to true" + default = true +} + +variable "use_managed_identity" { + type = bool + description = "Use Managed Identity for this logic app" + default = false +} + +variable "trigger_oauth_policy_claims" { + type = map(string) + description = "Claims validated by OAuth policy in HTTP trigger" + default = {} +} + +variable "trigger_ip_address_range" { + type = set(string) + description = "IP address range allowed to call HTTP trigger" + default = ["0.0.0.0/0"] +} From 0e991af96f4bf6710edff76494d48ee45fdb5b04 Mon Sep 17 00:00:00 2001 From: Patrik Kovacs <74901276+patrik-pa4k@users.noreply.github.com> Date: Thu, 29 Feb 2024 14:32:24 +0100 Subject: [PATCH 48/99] Adding new logic app custom connector (#395) --- .../connection.json | 46 +++++++++++++++++++ .../logic_app_custom_connector/main.tf | 35 ++++++++++++++ .../logic_app_custom_connector/outputs.tf | 3 ++ .../logic_app_custom_connector/variables.tf | 19 ++++++++ 4 files changed, 103 insertions(+) create mode 100644 modules/azure/api_connectors/logic_app_custom_connector/connection.json create mode 100644 modules/azure/api_connectors/logic_app_custom_connector/main.tf create mode 100644 modules/azure/api_connectors/logic_app_custom_connector/outputs.tf create mode 100644 modules/azure/api_connectors/logic_app_custom_connector/variables.tf diff --git a/modules/azure/api_connectors/logic_app_custom_connector/connection.json b/modules/azure/api_connectors/logic_app_custom_connector/connection.json new file mode 100644 index 00000000..b6a5f445 --- /dev/null +++ b/modules/azure/api_connectors/logic_app_custom_connector/connection.json @@ -0,0 +1,46 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "String", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "location" + } + }, + "connector_name": { + "type": "String", + "metadata": { + "description": "Connector resource name" + } + }, + "function_url": { + "type": "String", + "metadata": { + "description": "Url of the function" + } + }, + "swagger": { + "type": "object", + "metadata": { + "description": "Swagger definition" + } + } + }, + "resources": [ + { + "type": "Microsoft.Web/customApis", + "apiVersion": "2016-06-01", + "name": "[parameters('connector_name')]", + "location": "[resourceGroup().location]", + "properties": { + "displayName": "[parameters('connector_name')]", + "backendService": { + "serviceurl": "[parameters('function_url')]" + }, + "swagger": "[parameters('swagger')]" + } + } + ] +} \ No newline at end of file diff --git a/modules/azure/api_connectors/logic_app_custom_connector/main.tf b/modules/azure/api_connectors/logic_app_custom_connector/main.tf new file mode 100644 index 00000000..5f0745bc --- /dev/null +++ b/modules/azure/api_connectors/logic_app_custom_connector/main.tf @@ -0,0 +1,35 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.48" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group_template_deployment" "log_analytics" { + name = "${var.connector_name}_deployment" + resource_group_name = var.resource_group_name + + template_content = file("./connection.json") + parameters_content = jsonencode({ + "connector_name" = { + value = var.connector_name + }, + "function_url" = { + value = var.function_url + }, + "swagger" = { + value = jsondecode(file(var.swagger)) + } + }) + deployment_mode = "Incremental" +} diff --git a/modules/azure/api_connectors/logic_app_custom_connector/outputs.tf b/modules/azure/api_connectors/logic_app_custom_connector/outputs.tf new file mode 100644 index 00000000..a96be114 --- /dev/null +++ b/modules/azure/api_connectors/logic_app_custom_connector/outputs.tf @@ -0,0 +1,3 @@ +output "name" { + value = var.connector_name +} diff --git a/modules/azure/api_connectors/logic_app_custom_connector/variables.tf b/modules/azure/api_connectors/logic_app_custom_connector/variables.tf new file mode 100644 index 00000000..9b0c36ee --- /dev/null +++ b/modules/azure/api_connectors/logic_app_custom_connector/variables.tf @@ -0,0 +1,19 @@ +variable "resource_group_name" { + type = string + description = "Resource group this connection should be placed in" +} + +variable "connector_name" { + type = string + description = "The name the connection should have" +} + +variable "function_url" { + type = string + description = "The url of function" +} + +variable "swagger" { + type = string + description = "Swagger definition" +} From 399912c1e1b3c8971f6c6a09c37c5437eae9d988 Mon Sep 17 00:00:00 2001 From: Patrik Kovacs <74901276+patrik-pa4k@users.noreply.github.com> Date: Mon, 4 Mar 2024 21:11:58 +0100 Subject: [PATCH 49/99] Function setting with .net8 isolated AB#18982 (#396) * Adding changes to support function app run with .net8 isolated * resolve PR onflict * fix PR conflicts * Fix pr conflicts * fix * fix --- modules/azure/function_app_linux/main.tf | 8 ++++++++ modules/azure/function_app_linux/variables.tf | 12 ++++++++++++ 2 files changed, 20 insertions(+) diff --git a/modules/azure/function_app_linux/main.tf b/modules/azure/function_app_linux/main.tf index a4d7a5f4..b60ca802 100644 --- a/modules/azure/function_app_linux/main.tf +++ b/modules/azure/function_app_linux/main.tf @@ -33,6 +33,14 @@ resource "azurerm_linux_function_app" "function_app" { vnet_route_all_enabled = var.route_all_outbound_traffic use_32_bit_worker = var.use_32_bit_worker + dynamic "application_stack" { + for_each = var.dotnet_version != "" ? [var.dotnet_version] : [] + content { + dotnet_version = application_stack.value + use_dotnet_isolated_runtime = var.dotnet_isolated + } + } + dynamic "ip_restriction" { for_each = var.ip_restrictions diff --git a/modules/azure/function_app_linux/variables.tf b/modules/azure/function_app_linux/variables.tf index 732ec3e9..1c51a2dd 100644 --- a/modules/azure/function_app_linux/variables.tf +++ b/modules/azure/function_app_linux/variables.tf @@ -13,6 +13,18 @@ variable "name" { description = "Specifies the name of the function app." } +variable "dotnet_version" { + type = string + description = "Specifies the version of dotnet." + default = "" +} + +variable "dotnet_isolated" { + type = string + description = "Specifies if it is isolated function app." + default = false +} + variable "service_plan_id" { type = string description = "The ID of the Service Plan within which to create this Function App." From 8bff32ca587e5c238e87ef86a004d3948dff5984 Mon Sep 17 00:00:00 2001 From: zjanura <114403818+zjanura@users.noreply.github.com> Date: Tue, 5 Mar 2024 15:32:57 +0100 Subject: [PATCH 50/99] Feature/19275 terraform module for endpoint and its policy AB#19275 (#397) * new operation module * extension of api simple output to get Id * output varibles adjusted * fix of error --------- Co-authored-by: zjanura --- .../api_management_api_operation/main.tf | 40 +++++++++++++++ .../api_management_api_operation/outputs.tf | 7 +++ .../api_management_api_operation/variables.tf | 51 +++++++++++++++++++ .../api_management_api_simple/outputs.tf | 4 ++ 4 files changed, 102 insertions(+) create mode 100644 modules/azure/api_management_api_operation/main.tf create mode 100644 modules/azure/api_management_api_operation/outputs.tf create mode 100644 modules/azure/api_management_api_operation/variables.tf diff --git a/modules/azure/api_management_api_operation/main.tf b/modules/azure/api_management_api_operation/main.tf new file mode 100644 index 00000000..d2b61064 --- /dev/null +++ b/modules/azure/api_management_api_operation/main.tf @@ -0,0 +1,40 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.48" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features {} +} + +resource "azurerm_api_management_api_operation" "operation" { + operation_id = var.operation_id + api_name = var.api_name + api_management_name = var.api_management_name + resource_group_name = var.resource_group_name + display_name = var.display_name + method = var.operation_method + url_template = var.url_template + description = var.description + + response { + status_code = 200 + } +} + +resource "azurerm_api_management_api_operation_policy" "policy" { + api_name = var.api_name + api_management_name = var.api_management_name + resource_group_name = var.resource_group_name + + operation_id = var.operation_id + xml_content = var.policy.file_location != null ? file(var.policy.file_location) : var.policy.xml_string +} diff --git a/modules/azure/api_management_api_operation/outputs.tf b/modules/azure/api_management_api_operation/outputs.tf new file mode 100644 index 00000000..81adfa9f --- /dev/null +++ b/modules/azure/api_management_api_operation/outputs.tf @@ -0,0 +1,7 @@ +output "policy_id" { + value = azurerm_api_management_api_operation_policy.policy.id +} + +output "operation_id" { + value = azurerm_api_management_api_operation.operation.id +} diff --git a/modules/azure/api_management_api_operation/variables.tf b/modules/azure/api_management_api_operation/variables.tf new file mode 100644 index 00000000..04337ee0 --- /dev/null +++ b/modules/azure/api_management_api_operation/variables.tf @@ -0,0 +1,51 @@ +variable "resource_group_name" { + type = string + description = "Name of the resource group." +} + +variable "operation_id" { + type = string + description = "id of the operation" +} + +variable "api_management_name" { + type = string + description = "The name of the API management service." +} + +variable "api_name" { + type = string + description = "API name" +} + +variable "display_name" { + type = string + description = "Operation display name" +} + +variable "operation_method" { + type = string + description = "Operation method" +} + +variable "url_template" { + type = string + description = "Url of operation" +} + +variable "description" { + type = string + description = "Description of operation" +} + +variable "policy" { + type = object({ + file_location = optional(string), + xml_string = optional(string) + }) + validation { + condition = (var.policy.file_location != null || var.policy.xml_string != null) + error_message = "Either file_location or xml_string must be provided." + } + description = "XML policy described by a file (location) or raw string." +} diff --git a/modules/azure/api_management_api_simple/outputs.tf b/modules/azure/api_management_api_simple/outputs.tf index 7c838078..a2088ca3 100644 --- a/modules/azure/api_management_api_simple/outputs.tf +++ b/modules/azure/api_management_api_simple/outputs.tf @@ -2,6 +2,10 @@ output "api_name" { value = azurerm_api_management_api.api.name } +output "id" { + value = azurerm_api_management_api.api.id +} + output "api_management_api_diagnostic" { value = (var.api_diagnostic_settings != null && var.api_management_logger_id != null) ? azurerm_api_management_api_diagnostic.api_diagnostic[0].id : null } From e67c6f3edf11492104efdecc5eb2b9b06281ce14 Mon Sep 17 00:00:00 2001 From: zjanura <114403818+zjanura@users.noreply.github.com> Date: Wed, 6 Mar 2024 12:42:02 +0100 Subject: [PATCH 51/99] Feature/19276 extension of simple api about schemas AB#19276 (#399) * schema added into apim simple * formatting updated --------- Co-authored-by: zjanura --- .../azure/api_management_api_simple/main.tf | 10 +++++++++ .../api_management_api_simple/variables.tf | 21 +++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/modules/azure/api_management_api_simple/main.tf b/modules/azure/api_management_api_simple/main.tf index 010d0736..18e5720f 100644 --- a/modules/azure/api_management_api_simple/main.tf +++ b/modules/azure/api_management_api_simple/main.tf @@ -16,6 +16,7 @@ provider "azurerm" { } locals { + do_schema = var.schema.file_location != null && var.schema.type != null && var.schema.schema_id != null ? true : false } ####################################################### @@ -239,3 +240,12 @@ resource "azurerm_api_management_product_api" "product_api" { api_management_name = var.api_management_name resource_group_name = var.resource_group_name } + +resource "azurerm_api_management_global_schema" "json" { + count = local.do_schema ? 1 : 0 + schema_id = var.schema.schema_id + api_management_name = var.api_management_name + resource_group_name = var.resource_group_name + type = var.schema.type + value = file(var.schema.file_location) +} diff --git a/modules/azure/api_management_api_simple/variables.tf b/modules/azure/api_management_api_simple/variables.tf index f5909a6a..806435d0 100644 --- a/modules/azure/api_management_api_simple/variables.tf +++ b/modules/azure/api_management_api_simple/variables.tf @@ -163,3 +163,24 @@ variable "custom_outbound_policy" { description = "Additional outbound xml policies" default = null } + +variable "schema" { + type = object({ + file_location = optional(string), + type = optional(string), + schema_id = optional(string) + }) + + default = { + file_location = null + type = null + schema_id = null + } + + validation { + condition = ((var.schema.file_location != null && var.schema.type != null && var.schema.schema_id != null) || (var.schema.file_location == null && var.schema.type == null && var.schema.schema_id == null)) + error_message = "schema_id, file_location and type must be provided." + } + + description = "Schema for validation of request" +} From 7b719807459d60d68b47c7e7c9707261c09e33e0 Mon Sep 17 00:00:00 2001 From: ArtiomMatiom <89966532+ArtiomMatiom@users.noreply.github.com> Date: Wed, 6 Mar 2024 12:59:07 +0100 Subject: [PATCH 52/99] Feature/19197 api connection to connector AB#19197 (#398) * Create the Connection * Update module to output connector ID * remove redundant parameters in ARM template * add end line * new lines * auto format * Apply feedback --- .../custom_connector/connection.json | 44 +++++++++++++++++++ .../api_connectors/custom_connector/main.tf | 38 ++++++++++++++++ .../custom_connector/outputs.tf | 7 +++ .../custom_connector/variables.tf | 24 ++++++++++ 4 files changed, 113 insertions(+) create mode 100644 modules/azure/api_connectors/custom_connector/connection.json create mode 100644 modules/azure/api_connectors/custom_connector/main.tf create mode 100644 modules/azure/api_connectors/custom_connector/outputs.tf create mode 100644 modules/azure/api_connectors/custom_connector/variables.tf diff --git a/modules/azure/api_connectors/custom_connector/connection.json b/modules/azure/api_connectors/custom_connector/connection.json new file mode 100644 index 00000000..df73ad4b --- /dev/null +++ b/modules/azure/api_connectors/custom_connector/connection.json @@ -0,0 +1,44 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "metadata": { + "description": "location" + } + }, + "arm_connection_name": { + "type": "string" + }, + "api_connector_id": { + "type": "string" + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[parameters('arm_connection_name')]", + "location": "[parameters('location')]", + "kind": "V1", + "properties": { + "displayName": "[parameters('arm_connection_name')]", + "statuses": [ + { + "status": "Connected" + } + ], + "customParameterValues": {}, + "nonSecretParameterValues": {}, + "api": { + "name": "[parameters('arm_connection_name')]", + "displayName": "[parameters('arm_connection_name')]", + "id": "[parameters('api_connector_id')]", + "type": "Microsoft.Web/customApis" + } + } + } + ] +} \ No newline at end of file diff --git a/modules/azure/api_connectors/custom_connector/main.tf b/modules/azure/api_connectors/custom_connector/main.tf new file mode 100644 index 00000000..dfdd7ce5 --- /dev/null +++ b/modules/azure/api_connectors/custom_connector/main.tf @@ -0,0 +1,38 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.48" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features {} +} + +data "azurerm_subscription" "current" { +} + +resource "azurerm_resource_group_template_deployment" "arm_managed_identity" { + name = "${var.connection_name}_deployment" + resource_group_name = var.resource_group_name + + template_content = file("./connection.json") + parameters_content = jsonencode({ + "arm_connection_name" = { + value = var.connection_name + } + "location" = { + value = var.location + }, + "api_connector_id" = { + value = "${data.azurerm_subscription.current.id}/resourceGroups/${var.connector_resource_group_name}/providers/Microsoft.Web/customApis/${var.connector_name}" + } + }) + deployment_mode = "Incremental" +} diff --git a/modules/azure/api_connectors/custom_connector/outputs.tf b/modules/azure/api_connectors/custom_connector/outputs.tf new file mode 100644 index 00000000..4eebae8c --- /dev/null +++ b/modules/azure/api_connectors/custom_connector/outputs.tf @@ -0,0 +1,7 @@ +output "name" { + value = var.connection_name +} + +output "connector_id" { + value = "${data.azurerm_subscription.current.id}/resourceGroups/${var.connector_resource_group_name}/providers/Microsoft.Web/customApis/${var.connector_name}" +} diff --git a/modules/azure/api_connectors/custom_connector/variables.tf b/modules/azure/api_connectors/custom_connector/variables.tf new file mode 100644 index 00000000..b5ba835c --- /dev/null +++ b/modules/azure/api_connectors/custom_connector/variables.tf @@ -0,0 +1,24 @@ +variable "resource_group_name" { + type = string + description = "Resource group the connection should be placed in" +} + +variable "connection_name" { + type = string + description = "Name for the connection" +} + +variable "connector_resource_group_name" { + type = string + description = "Resource group name where the custom logic app connector is located" +} + +variable "connector_name" { + type = string + description = "The name of the custom logic app connector that connection will connect to" +} + +variable "location" { + type = string + description = "The location of the connector, set by Azure if not provided and used to avoid deployment differences." +} From 8bc8b0f6f2bd654f69f3a81c6b6d0b148478144f Mon Sep 17 00:00:00 2001 From: zjanura <114403818+zjanura@users.noreply.github.com> Date: Wed, 6 Mar 2024 15:52:37 +0100 Subject: [PATCH 53/99] optional request content type and fix of needed dependency AB#19292 (#400) * optional request content type and fix of needed dependency * fix of formatting --------- Co-authored-by: zjanura --- modules/azure/api_management_api_operation/main.tf | 13 +++++++++++++ .../azure/api_management_api_operation/variables.tf | 5 +++++ 2 files changed, 18 insertions(+) diff --git a/modules/azure/api_management_api_operation/main.tf b/modules/azure/api_management_api_operation/main.tf index d2b61064..c3bfe12c 100644 --- a/modules/azure/api_management_api_operation/main.tf +++ b/modules/azure/api_management_api_operation/main.tf @@ -28,9 +28,22 @@ resource "azurerm_api_management_api_operation" "operation" { response { status_code = 200 } + + dynamic "request" { + for_each = var.request_content_type != null ? tolist([var.request_content_type]) : [] + + content { + representation { + content_type = request.value + } + } + } } resource "azurerm_api_management_api_operation_policy" "policy" { + depends_on = [ + azurerm_api_management_api_operation.operation + ] api_name = var.api_name api_management_name = var.api_management_name resource_group_name = var.resource_group_name diff --git a/modules/azure/api_management_api_operation/variables.tf b/modules/azure/api_management_api_operation/variables.tf index 04337ee0..784cdf29 100644 --- a/modules/azure/api_management_api_operation/variables.tf +++ b/modules/azure/api_management_api_operation/variables.tf @@ -38,6 +38,11 @@ variable "description" { description = "Description of operation" } +variable "request_content_type" { + type = string + description = "Request representation content type" +} + variable "policy" { type = object({ file_location = optional(string), From 8ef778da9b4425f361917fdc0641571621f37b36 Mon Sep 17 00:00:00 2001 From: zjanura <114403818+zjanura@users.noreply.github.com> Date: Wed, 6 Mar 2024 17:02:01 +0100 Subject: [PATCH 54/99] default value AB#19292 (#401) * default value * fix of main for each --------- Co-authored-by: zjanura --- modules/azure/api_management_api_operation/main.tf | 2 +- modules/azure/api_management_api_operation/variables.tf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/azure/api_management_api_operation/main.tf b/modules/azure/api_management_api_operation/main.tf index c3bfe12c..12f122fb 100644 --- a/modules/azure/api_management_api_operation/main.tf +++ b/modules/azure/api_management_api_operation/main.tf @@ -30,7 +30,7 @@ resource "azurerm_api_management_api_operation" "operation" { } dynamic "request" { - for_each = var.request_content_type != null ? tolist([var.request_content_type]) : [] + for_each = var.request_content_type != "" ? tolist([var.request_content_type]) : [] content { representation { diff --git a/modules/azure/api_management_api_operation/variables.tf b/modules/azure/api_management_api_operation/variables.tf index 784cdf29..9bf5349f 100644 --- a/modules/azure/api_management_api_operation/variables.tf +++ b/modules/azure/api_management_api_operation/variables.tf @@ -41,6 +41,7 @@ variable "description" { variable "request_content_type" { type = string description = "Request representation content type" + default = "" } variable "policy" { From 750d0c3d1316cb41c02ecea434f3cd988be92337 Mon Sep 17 00:00:00 2001 From: zjanura <114403818+zjanura@users.noreply.github.com> Date: Thu, 7 Mar 2024 13:30:11 +0100 Subject: [PATCH 55/99] api schema modul AB#19294 (#402) * api schema modul * set schema fields as required * output schema ID * Update modules/azure/api_management_api_schema/variables.tf Co-authored-by: tom-reinders * object splitted into variables --------- Co-authored-by: zjanura Co-authored-by: tom-reinders --- .../azure/api_management_api_schema/main.tf | 29 +++++++++++++++++++ .../api_management_api_schema/outputs.tf | 3 ++ .../api_management_api_schema/variables.tf | 24 +++++++++++++++ 3 files changed, 56 insertions(+) create mode 100644 modules/azure/api_management_api_schema/main.tf create mode 100644 modules/azure/api_management_api_schema/outputs.tf create mode 100644 modules/azure/api_management_api_schema/variables.tf diff --git a/modules/azure/api_management_api_schema/main.tf b/modules/azure/api_management_api_schema/main.tf new file mode 100644 index 00000000..6f504086 --- /dev/null +++ b/modules/azure/api_management_api_schema/main.tf @@ -0,0 +1,29 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.48" + } + } + + backend "azurerm" {} +} + +provider "azurerm" { + features {} +} + + +###################################################### +############# API schema ############# +###################################################### + +resource "azurerm_api_management_global_schema" "schema" { + schema_id = var.schema_id + api_management_name = var.api_management_name + resource_group_name = var.resource_group_name + type = var.type + value = file(var.file_location) +} diff --git a/modules/azure/api_management_api_schema/outputs.tf b/modules/azure/api_management_api_schema/outputs.tf new file mode 100644 index 00000000..c28b6dfe --- /dev/null +++ b/modules/azure/api_management_api_schema/outputs.tf @@ -0,0 +1,3 @@ +output "id" { + value = azurerm_api_management_global_schema.schema.id +} diff --git a/modules/azure/api_management_api_schema/variables.tf b/modules/azure/api_management_api_schema/variables.tf new file mode 100644 index 00000000..89051099 --- /dev/null +++ b/modules/azure/api_management_api_schema/variables.tf @@ -0,0 +1,24 @@ +variable "resource_group_name" { + type = string + description = "Name of the resource group." +} + +variable "api_management_name" { + type = string + description = "The name of the API management service." +} + +variable "file_location" { + type = string + description = "Path to schema file." +} + +variable "type" { + type = string + description = "The content type of the Schema. Possible values are xml and json." +} + +variable "schema_id" { + type = string + description = "A unique identifier for this Schema." +} From d7c2177c9f384d6e6236a22e257aef354de27262 Mon Sep 17 00:00:00 2001 From: zjanura <114403818+zjanura@users.noreply.github.com> Date: Thu, 7 Mar 2024 15:58:05 +0100 Subject: [PATCH 56/99] output schema_id (#403) Co-authored-by: zjanura --- modules/azure/api_management_api_schema/outputs.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/azure/api_management_api_schema/outputs.tf b/modules/azure/api_management_api_schema/outputs.tf index c28b6dfe..ccab37f8 100644 --- a/modules/azure/api_management_api_schema/outputs.tf +++ b/modules/azure/api_management_api_schema/outputs.tf @@ -1,3 +1,7 @@ output "id" { value = azurerm_api_management_global_schema.schema.id } + +output "schema_id" { + value = var.schema_id +} From b9403f530e2f7cde376baf76df87aefb24c8a3c0 Mon Sep 17 00:00:00 2001 From: Patrik Kovacs <74901276+patrik-pa4k@users.noreply.github.com> Date: Mon, 11 Mar 2024 17:17:56 +0100 Subject: [PATCH 57/99] Custom connector use json instead of file AB#18982 (#404) * use json instead of file * extended with swagger path --- .../azure/api_connectors/logic_app_custom_connector/main.tf | 2 +- .../api_connectors/logic_app_custom_connector/variables.tf | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/azure/api_connectors/logic_app_custom_connector/main.tf b/modules/azure/api_connectors/logic_app_custom_connector/main.tf index 5f0745bc..b6ee93f0 100644 --- a/modules/azure/api_connectors/logic_app_custom_connector/main.tf +++ b/modules/azure/api_connectors/logic_app_custom_connector/main.tf @@ -28,7 +28,7 @@ resource "azurerm_resource_group_template_deployment" "log_analytics" { value = var.function_url }, "swagger" = { - value = jsondecode(file(var.swagger)) + value = var.swagger_path != "" ? jsondecode(file(var.swagger_path)) : jsondecode(var.swagger) } }) deployment_mode = "Incremental" diff --git a/modules/azure/api_connectors/logic_app_custom_connector/variables.tf b/modules/azure/api_connectors/logic_app_custom_connector/variables.tf index 9b0c36ee..6e129655 100644 --- a/modules/azure/api_connectors/logic_app_custom_connector/variables.tf +++ b/modules/azure/api_connectors/logic_app_custom_connector/variables.tf @@ -17,3 +17,9 @@ variable "swagger" { type = string description = "Swagger definition" } + +variable "swagger_path" { + description = "Path to the Swagger JSON file" + type = string + default = "" +} From 8dd1456570c7e43af396331df64878abc3f6e57d Mon Sep 17 00:00:00 2001 From: Michal Pipal Date: Fri, 29 Mar 2024 14:28:46 +0100 Subject: [PATCH 58/99] Added default ConsumeAll filter when no filter specified for SBS --- modules/azure/service_bus_subscription/main.tf | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/modules/azure/service_bus_subscription/main.tf b/modules/azure/service_bus_subscription/main.tf index 75022a76..8c2f40f0 100644 --- a/modules/azure/service_bus_subscription/main.tf +++ b/modules/azure/service_bus_subscription/main.tf @@ -55,3 +55,13 @@ resource "azurerm_servicebus_subscription_rule" "correlation_filter" { properties = var.correlation_filter.properties } } + +# When no filter is specified, we create a default to capture all (otherwise, the subs is unreachable) +# This filter is automatically create by Azure during initial create, but is not created during update (if someone deletes a filter) +resource "azurerm_servicebus_subscription_rule" "default_route_all_sql_filter" { + count = var.sql_filter_query == null && var.correlation_filter == null ? 1 : 0 + name = "Default-ConsumeAll" + subscription_id = azurerm_servicebus_subscription.service_bus_subscription.id + filter_type = "SqlFilter" + sql_filter = "1=1" +} From c04eb36a0362e4d61ffc5815121161a0a039e022 Mon Sep 17 00:00:00 2001 From: Tom Reinders Date: Thu, 11 Apr 2024 13:58:16 +0200 Subject: [PATCH 59/99] Add `cluster_policy` var to `databricks_cluster` module Add `databricks_permissions_user_based` module --- modules/azure/databricks_cluster/main.tf | 18 +++++++ modules/azure/databricks_cluster/variables.tf | 6 +++ .../databricks_permissions_user_based/main.tf | 52 +++++++++++++++++++ .../variables.tf | 16 ++++++ 4 files changed, 92 insertions(+) create mode 100644 modules/azure/databricks_permissions_user_based/main.tf create mode 100644 modules/azure/databricks_permissions_user_based/variables.tf diff --git a/modules/azure/databricks_cluster/main.tf b/modules/azure/databricks_cluster/main.tf index ea60e31f..497ff513 100644 --- a/modules/azure/databricks_cluster/main.tf +++ b/modules/azure/databricks_cluster/main.tf @@ -54,3 +54,21 @@ resource "databricks_global_init_script" "init_script" { name = "init script" enabled = true } + +resource "databricks_cluster_policy" "fair_use_policy" { + count = var.cluster_policy == "" ? 0 : 1 + + name = "Fair use cluster policy" + definition = var.cluster_policy +} + +resource "databricks_permissions" "fair_use_policy_usage" { + count = var.cluster_policy == "" ? 0 : 1 + + cluster_policy_id = databricks_cluster_policy.fair_use_policy.id + + access_control { + group_name = "users" + permission_level = "CAN_USE" + } +} diff --git a/modules/azure/databricks_cluster/variables.tf b/modules/azure/databricks_cluster/variables.tf index 7cb9bf96..b07c2a3e 100644 --- a/modules/azure/databricks_cluster/variables.tf +++ b/modules/azure/databricks_cluster/variables.tf @@ -81,3 +81,9 @@ variable "init_script" { description = "Script to run when initalizing a databricks job or cluster." default = "" } + +variable "cluster_policy" { + type = string + description = "Default cluster policy." + default = "" +} diff --git a/modules/azure/databricks_permissions_user_based/main.tf b/modules/azure/databricks_permissions_user_based/main.tf new file mode 100644 index 00000000..dbec6211 --- /dev/null +++ b/modules/azure/databricks_permissions_user_based/main.tf @@ -0,0 +1,52 @@ +terraform { + required_version = "~> 1.3" + + required_providers { + databricks = { + source = "databricks/databricks" + version = "~> 1.0" + } + } + + backend "azurerm" {} +} + +provider "databricks" { + host = var.workspace_url +} + +resource "databricks_user" "user" { + for_each = toset(var.users) + user_name = each.key + display_name = each.key + force = true +} + +data "databricks_group" "admins" { + display_name = "admins" +} + +resource "databricks_group_member" "admins" { + for_each = toset(var.admins) + group_id = data.databricks_group.admins.id + member_id = databricks_user.user[each.value].id +} + +// HACK: Initial tokens needs to be present for token usage permissions to be set +resource "databricks_token" "token" { + comment = "Initial token" + lifetime_seconds = 8640000 +} + +resource "databricks_permissions" "token_usage" { + authorization = "tokens" + + access_control { + group_name = "users" + permission_level = "CAN_USE" + } + + depends_on = [ + databricks_token.token + ] +} diff --git a/modules/azure/databricks_permissions_user_based/variables.tf b/modules/azure/databricks_permissions_user_based/variables.tf new file mode 100644 index 00000000..07c2dea1 --- /dev/null +++ b/modules/azure/databricks_permissions_user_based/variables.tf @@ -0,0 +1,16 @@ +variable "workspace_url" { + type = string + description = "The url of the databricks workspace." +} + +variable "users" { + type = list(string) + description = "A list of users in the databricks workspace." + default = [] +} + +variable "admins" { + type = list(string) + description = "A list of admins in the databricks workspace." + default = [] +} From 52f2662f8c09fe94fa85dd2e4b3bc417ca4ca813 Mon Sep 17 00:00:00 2001 From: Tom Reinders Date: Thu, 11 Apr 2024 14:16:53 +0200 Subject: [PATCH 60/99] Fix count ref bug --- modules/azure/databricks_cluster/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/databricks_cluster/main.tf b/modules/azure/databricks_cluster/main.tf index 497ff513..730debb8 100644 --- a/modules/azure/databricks_cluster/main.tf +++ b/modules/azure/databricks_cluster/main.tf @@ -65,7 +65,7 @@ resource "databricks_cluster_policy" "fair_use_policy" { resource "databricks_permissions" "fair_use_policy_usage" { count = var.cluster_policy == "" ? 0 : 1 - cluster_policy_id = databricks_cluster_policy.fair_use_policy.id + cluster_policy_id = databricks_cluster_policy.fair_use_policy[0].id access_control { group_name = "users" From 561cce7630af9dcc0897263766d39c94b4f1bf51 Mon Sep 17 00:00:00 2001 From: Patrik Kovacs <74901276+patrik-pa4k@users.noreply.github.com> Date: Fri, 12 Apr 2024 10:01:39 +0200 Subject: [PATCH 61/99] Use open api yaml file to create operations AB#19303 (#408) * Adding changes to use openapi yaml file to create operations * fix output * fix formating --- .../api_management_api_operation/main.tf | 53 ++++++++++++------- .../api_management_api_operation/outputs.tf | 10 ++-- .../api_management_api_operation/variables.tf | 39 +------------- 3 files changed, 40 insertions(+), 62 deletions(-) diff --git a/modules/azure/api_management_api_operation/main.tf b/modules/azure/api_management_api_operation/main.tf index 12f122fb..d1bacc43 100644 --- a/modules/azure/api_management_api_operation/main.tf +++ b/modules/azure/api_management_api_operation/main.tf @@ -15,22 +15,49 @@ provider "azurerm" { features {} } +locals { + openapi_data = yamldecode(file(var.openapi_file_path)) + + all_operations = flatten([ + for path, methods in local.openapi_data["paths"] : [ + for method, details in methods : { + path = path + method = method + summary = details.summary + operationId = details.operationId + description = details.description + content_type = try(keys(details.requestBody.content), [""])[0] + responses = { for code, response in details.responses : code => response.description } + } + ] + ]) + + operations_map = { for op in local.all_operations : "${op.path}:${op.method}" => op } +} + resource "azurerm_api_management_api_operation" "operation" { - operation_id = var.operation_id + for_each = local.operations_map + + operation_id = each.value.operationId api_name = var.api_name api_management_name = var.api_management_name resource_group_name = var.resource_group_name - display_name = var.display_name - method = var.operation_method - url_template = var.url_template - description = var.description + display_name = each.value.summary + method = each.value.method + url_template = each.value.path + description = each.value.description + + dynamic "response" { + for_each = each.value.responses - response { - status_code = 200 + content { + status_code = response.key + description = response.value + } } dynamic "request" { - for_each = var.request_content_type != "" ? tolist([var.request_content_type]) : [] + for_each = each.value.content_type != "" ? tolist([each.value.content_type]) : [] content { representation { @@ -40,14 +67,4 @@ resource "azurerm_api_management_api_operation" "operation" { } } -resource "azurerm_api_management_api_operation_policy" "policy" { - depends_on = [ - azurerm_api_management_api_operation.operation - ] - api_name = var.api_name - api_management_name = var.api_management_name - resource_group_name = var.resource_group_name - operation_id = var.operation_id - xml_content = var.policy.file_location != null ? file(var.policy.file_location) : var.policy.xml_string -} diff --git a/modules/azure/api_management_api_operation/outputs.tf b/modules/azure/api_management_api_operation/outputs.tf index 81adfa9f..137ce4a8 100644 --- a/modules/azure/api_management_api_operation/outputs.tf +++ b/modules/azure/api_management_api_operation/outputs.tf @@ -1,7 +1,3 @@ -output "policy_id" { - value = azurerm_api_management_api_operation_policy.policy.id -} - -output "operation_id" { - value = azurerm_api_management_api_operation.operation.id -} +output "operation_ids" { + value = { for k, op in azurerm_api_management_api_operation.operation : k => op.id } +} \ No newline at end of file diff --git a/modules/azure/api_management_api_operation/variables.tf b/modules/azure/api_management_api_operation/variables.tf index 9bf5349f..b2a3eadc 100644 --- a/modules/azure/api_management_api_operation/variables.tf +++ b/modules/azure/api_management_api_operation/variables.tf @@ -3,11 +3,6 @@ variable "resource_group_name" { description = "Name of the resource group." } -variable "operation_id" { - type = string - description = "id of the operation" -} - variable "api_management_name" { type = string description = "The name of the API management service." @@ -18,40 +13,10 @@ variable "api_name" { description = "API name" } -variable "display_name" { - type = string - description = "Operation display name" -} - -variable "operation_method" { - type = string - description = "Operation method" -} - -variable "url_template" { +variable "openapi_file_path" { type = string - description = "Url of operation" + description = "Operation file path" } -variable "description" { - type = string - description = "Description of operation" -} -variable "request_content_type" { - type = string - description = "Request representation content type" - default = "" -} -variable "policy" { - type = object({ - file_location = optional(string), - xml_string = optional(string) - }) - validation { - condition = (var.policy.file_location != null || var.policy.xml_string != null) - error_message = "Either file_location or xml_string must be provided." - } - description = "XML policy described by a file (location) or raw string." -} From a06ee698ce72c36864d2e5124eabc12e20256881 Mon Sep 17 00:00:00 2001 From: Koen Hillen Date: Tue, 30 Apr 2024 10:30:05 +0200 Subject: [PATCH 62/99] PVWT-2 Zone 1 is temporary not available, so this makes it possible to choose a different zone. --- modules/azure/postgresql/main.tf | 2 +- modules/azure/postgresql/variables.tf | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/azure/postgresql/main.tf b/modules/azure/postgresql/main.tf index 49f9741b..2adb54fd 100644 --- a/modules/azure/postgresql/main.tf +++ b/modules/azure/postgresql/main.tf @@ -39,7 +39,7 @@ resource "azurerm_postgresql_flexible_server" "postgresql_server" { administrator_login = var.admin_username administrator_password = random_password.postgresql_admin.result version = var.postgresql_version - zone = "1" + zone = var.postgresql_zone delegated_subnet_id = var.delegated_subnet_id private_dns_zone_id = var.private_dns_zone_id diff --git a/modules/azure/postgresql/variables.tf b/modules/azure/postgresql/variables.tf index b354f836..b595c570 100644 --- a/modules/azure/postgresql/variables.tf +++ b/modules/azure/postgresql/variables.tf @@ -28,6 +28,12 @@ variable "postgresql_version" { description = "Version of the PostgreSQL database." } +variable "postgresql_zone" { + type = string + description = "Zone of the PostgreSQL database." + default = "1" +} + variable "postgresql_database_name" { type = string description = "Name of the PostgreSQL resource." From 60a1caa7dec33ba00ae0806d858763b171b2887d Mon Sep 17 00:00:00 2001 From: Patrik Kovacs <74901276+patrik-pa4k@users.noreply.github.com> Date: Mon, 27 May 2024 10:04:11 +0200 Subject: [PATCH 63/99] Storage account soft delete setting AB#20123 (#411) * Adding soft delete setting for storage account * fix cors rules * fix formating --- modules/azure/storage_account_public/main.tf | 30 +++++++++++-------- .../azure/storage_account_public/variables.tf | 6 ++++ 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/modules/azure/storage_account_public/main.tf b/modules/azure/storage_account_public/main.tf index a7e23ccb..a4ecee48 100644 --- a/modules/azure/storage_account_public/main.tf +++ b/modules/azure/storage_account_public/main.tf @@ -28,20 +28,24 @@ resource "azurerm_storage_account" "storage_account" { nfsv3_enabled = var.nfsv3_enabled is_hns_enabled = var.is_hns_enabled - dynamic "blob_properties" { - for_each = var.cors_rules != null ? [1] : [] + blob_properties { + dynamic "cors_rule" { + for_each = var.cors_rules != null ? [1] : [] + + content { + allowed_headers = var.cors_rules.value.allowed_headers + allowed_methods = var.cors_rules.value.allowed_methods + allowed_origins = var.cors_rules.value.allowed_origins + exposed_headers = var.cors_rules.value.exposed_headers + max_age_in_seconds = var.cors_rules.value.max_age_in_seconds + } + } - content { - dynamic "cors_rule" { - for_each = var.cors_rules - - content { - allowed_headers = cors_rule.value.allowed_headers - allowed_methods = cors_rule.value.allowed_methods - allowed_origins = cors_rule.value.allowed_origins - exposed_headers = cors_rule.value.exposed_headers - max_age_in_seconds = cors_rule.value.max_age_in_seconds - } + dynamic "delete_retention_policy" { + for_each = var.delete_retention_policy_days != null ? [1] : [] + + content { + days = var.delete_retention_policy_days } } } diff --git a/modules/azure/storage_account_public/variables.tf b/modules/azure/storage_account_public/variables.tf index 92bcaf88..bee786ac 100644 --- a/modules/azure/storage_account_public/variables.tf +++ b/modules/azure/storage_account_public/variables.tf @@ -108,4 +108,10 @@ variable "custom_domain" { }) description = "Describes the custom domain configuration for the storage account" default = null +} + +variable "delete_retention_policy_days" { + type = number + description = "Number of days to retain deleted blobs." + default = null } \ No newline at end of file From 1b61abfa45943d71a42941dbe4f70b9cb7083045 Mon Sep 17 00:00:00 2001 From: Koen Hillen Date: Mon, 27 May 2024 14:11:32 +0200 Subject: [PATCH 64/99] PVWT-4 need to be able to set public_network_access_enabled. --- modules/azure/postgresql/main.tf | 5 +++-- modules/azure/postgresql/variables.tf | 6 ++++++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/modules/azure/postgresql/main.tf b/modules/azure/postgresql/main.tf index 2adb54fd..4e743b21 100644 --- a/modules/azure/postgresql/main.tf +++ b/modules/azure/postgresql/main.tf @@ -33,8 +33,9 @@ resource "azurerm_postgresql_flexible_server" "postgresql_server" { sku_name = var.postgresql_sku_name - storage_mb = var.postgresql_db_size - backup_retention_days = 30 + storage_mb = var.postgresql_db_size + backup_retention_days = 30 + public_network_access_enabled = var.public_network_access_enabled administrator_login = var.admin_username administrator_password = random_password.postgresql_admin.result diff --git a/modules/azure/postgresql/variables.tf b/modules/azure/postgresql/variables.tf index b595c570..d2be8190 100644 --- a/modules/azure/postgresql/variables.tf +++ b/modules/azure/postgresql/variables.tf @@ -23,6 +23,12 @@ variable "postgresql_db_size" { description = "Specifies the max storage allowed for this PostgreSQL Server" } +variable "public_network_access_enabled" { + type = bool + description = "Specifies whether or not public network access is allowed for this PostgreSQL Server" + default = false +} + variable "postgresql_version" { type = string description = "Version of the PostgreSQL database." From ccca0c9cb5d31fa727ab0d8f31a410e6239b496c Mon Sep 17 00:00:00 2001 From: Michal Pipal <73311540+pipalmic@users.noreply.github.com> Date: Wed, 19 Jun 2024 17:09:16 +0200 Subject: [PATCH 65/99] Added diagnostic settings for ServiceBus module AB#20426 (#413) --- modules/azure/service_bus_public/main.tf | 29 +++++++++++++++++++ modules/azure/service_bus_public/variables.tf | 6 ++++ 2 files changed, 35 insertions(+) diff --git a/modules/azure/service_bus_public/main.tf b/modules/azure/service_bus_public/main.tf index 26f59473..38f674b2 100644 --- a/modules/azure/service_bus_public/main.tf +++ b/modules/azure/service_bus_public/main.tf @@ -31,3 +31,32 @@ resource "azurerm_servicebus_namespace_authorization_rule" "authorization_rule" send = var.authorization_rule.send manage = var.authorization_rule.manage } + +data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" { + count = var.log_analytics_workspace_id == null ? 0 : 1 + resource_id = azurerm_servicebus_namespace.service_bus.id +} + +resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" { + count = var.log_analytics_workspace_id == null ? 0 : 1 + name = "diag-${var.name}" + target_resource_id = azurerm_servicebus_namespace.service_bus.id + log_analytics_workspace_id = var.log_analytics_workspace_id + + dynamic "enabled_log" { + for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].log_category_types + + content { + category = enabled_log.value + } + } + + dynamic "metric" { + for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].metrics + + content { + category = metric.value + enabled = true + } + } +} diff --git a/modules/azure/service_bus_public/variables.tf b/modules/azure/service_bus_public/variables.tf index f72c085a..8b022c10 100644 --- a/modules/azure/service_bus_public/variables.tf +++ b/modules/azure/service_bus_public/variables.tf @@ -28,3 +28,9 @@ variable "authorization_rule" { description = "Manages a ServiceBus Namespace authorization Rule within the ServiceBus." default = null } + +variable "log_analytics_workspace_id" { + type = string + description = "Specifies the ID of a Log Analytics Workspace where diagnostics data should be sent." + default = null +} From 6eaefd7eec6a2d828f07d820dfb65da5252c8cca Mon Sep 17 00:00:00 2001 From: ArtiomMatiom Date: Thu, 20 Jun 2024 15:53:33 +0200 Subject: [PATCH 66/99] Add managed identity support --- modules/azure/function_app_linux_managed_identity/main.tf | 5 ++++- .../function_app_linux_managed_identity/variables.tf | 8 ++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/modules/azure/function_app_linux_managed_identity/main.tf b/modules/azure/function_app_linux_managed_identity/main.tf index 725dabef..2c39eba1 100644 --- a/modules/azure/function_app_linux_managed_identity/main.tf +++ b/modules/azure/function_app_linux_managed_identity/main.tf @@ -46,7 +46,10 @@ resource "azurerm_linux_function_app" "function_app" { resource_group_name = var.resource_group_name service_plan_id = var.service_plan_id storage_account_name = var.storage_account_name - storage_account_access_key = var.storage_account_access_key + + storage_account_access_key = var.use_managed_identity ? null : var.storage_account_access_key + storage_uses_managed_identity = var.use_managed_identity ? var.use_managed_identity: null + functions_extension_version = var.runtime_version app_settings = merge(var.app_settings, { diff --git a/modules/azure/function_app_linux_managed_identity/variables.tf b/modules/azure/function_app_linux_managed_identity/variables.tf index 66bb44e24..cfe2fda7 100644 --- a/modules/azure/function_app_linux_managed_identity/variables.tf +++ b/modules/azure/function_app_linux_managed_identity/variables.tf @@ -76,8 +76,16 @@ variable "storage_account_name" { variable "storage_account_access_key" { type = string description = " The access key which will be used to access the backend storage account for the Function App." + default = null } +variable "use_managed_identity" { + type = bool + description = "Adds managed identity to the function app, that allows to avoid explicit access token usage" + default = true +} + + variable "app_settings" { type = map(any) description = "The app settings of this app service." From 99107c36b3c2888d86d621d4530549a5efdd5bbf Mon Sep 17 00:00:00 2001 From: ArtiomMatiom Date: Thu, 20 Jun 2024 15:54:46 +0200 Subject: [PATCH 67/99] format file --- .../function_app_linux_managed_identity/main.tf | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/azure/function_app_linux_managed_identity/main.tf b/modules/azure/function_app_linux_managed_identity/main.tf index 2c39eba1..7675adea 100644 --- a/modules/azure/function_app_linux_managed_identity/main.tf +++ b/modules/azure/function_app_linux_managed_identity/main.tf @@ -41,14 +41,14 @@ locals { # Function App resource "azurerm_linux_function_app" "function_app" { - name = var.name - location = var.location - resource_group_name = var.resource_group_name - service_plan_id = var.service_plan_id - storage_account_name = var.storage_account_name - - storage_account_access_key = var.use_managed_identity ? null : var.storage_account_access_key - storage_uses_managed_identity = var.use_managed_identity ? var.use_managed_identity: null + name = var.name + location = var.location + resource_group_name = var.resource_group_name + service_plan_id = var.service_plan_id + storage_account_name = var.storage_account_name + + storage_account_access_key = var.use_managed_identity ? null : var.storage_account_access_key + storage_uses_managed_identity = var.use_managed_identity ? var.use_managed_identity : null functions_extension_version = var.runtime_version From 6e850cb365652b8c7744bbde851ad2912ecd34e3 Mon Sep 17 00:00:00 2001 From: ArtiomMatiom Date: Thu, 20 Jun 2024 15:56:01 +0200 Subject: [PATCH 68/99] tf format --- .../azure/function_app_linux_managed_identity/outputs.tf | 2 +- .../azure/function_app_linux_managed_identity/variables.tf | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/modules/azure/function_app_linux_managed_identity/outputs.tf b/modules/azure/function_app_linux_managed_identity/outputs.tf index 5d462966..1a8ad7f4 100644 --- a/modules/azure/function_app_linux_managed_identity/outputs.tf +++ b/modules/azure/function_app_linux_managed_identity/outputs.tf @@ -16,4 +16,4 @@ output "aad_application_name" { output "api_audiences" { value = local.allowed_audiences -} \ No newline at end of file +} diff --git a/modules/azure/function_app_linux_managed_identity/variables.tf b/modules/azure/function_app_linux_managed_identity/variables.tf index cfe2fda7..bc89ef71 100644 --- a/modules/azure/function_app_linux_managed_identity/variables.tf +++ b/modules/azure/function_app_linux_managed_identity/variables.tf @@ -76,16 +76,15 @@ variable "storage_account_name" { variable "storage_account_access_key" { type = string description = " The access key which will be used to access the backend storage account for the Function App." - default = null + default = null } variable "use_managed_identity" { - type = bool + type = bool description = "Adds managed identity to the function app, that allows to avoid explicit access token usage" - default = true + default = true } - variable "app_settings" { type = map(any) description = "The app settings of this app service." From 319797eb0180b70ecb696b0b720dbe42241e3d27 Mon Sep 17 00:00:00 2001 From: ArtiomMatiom Date: Fri, 21 Jun 2024 10:53:17 +0200 Subject: [PATCH 69/99] Update module --- modules/azure/function_app_linux_managed_identity/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/azure/function_app_linux_managed_identity/main.tf b/modules/azure/function_app_linux_managed_identity/main.tf index 7675adea..cfd52ef7 100644 --- a/modules/azure/function_app_linux_managed_identity/main.tf +++ b/modules/azure/function_app_linux_managed_identity/main.tf @@ -47,8 +47,8 @@ resource "azurerm_linux_function_app" "function_app" { service_plan_id = var.service_plan_id storage_account_name = var.storage_account_name - storage_account_access_key = var.use_managed_identity ? null : var.storage_account_access_key - storage_uses_managed_identity = var.use_managed_identity ? var.use_managed_identity : null + storage_account_access_key = (var.use_managed_identity == null || var.use_managed_identity == false) ? var.storage_account_access_key : null + storage_uses_managed_identity = var.use_managed_identity == true ? var.use_managed_identity : null //null due to conflict with storage_account_access_key functions_extension_version = var.runtime_version From caa7b03cb6fc7ca1f539ae30f516b27714930e13 Mon Sep 17 00:00:00 2001 From: ArtiomMatiom Date: Fri, 21 Jun 2024 11:13:16 +0200 Subject: [PATCH 70/99] formater the file --- modules/azure/function_app_linux_managed_identity/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/function_app_linux_managed_identity/main.tf b/modules/azure/function_app_linux_managed_identity/main.tf index cfd52ef7..0bf622d3 100644 --- a/modules/azure/function_app_linux_managed_identity/main.tf +++ b/modules/azure/function_app_linux_managed_identity/main.tf @@ -47,7 +47,7 @@ resource "azurerm_linux_function_app" "function_app" { service_plan_id = var.service_plan_id storage_account_name = var.storage_account_name - storage_account_access_key = (var.use_managed_identity == null || var.use_managed_identity == false) ? var.storage_account_access_key : null + storage_account_access_key = (var.use_managed_identity == null || var.use_managed_identity == false) ? var.storage_account_access_key : null storage_uses_managed_identity = var.use_managed_identity == true ? var.use_managed_identity : null //null due to conflict with storage_account_access_key functions_extension_version = var.runtime_version From b1292249f7d084ab92b088d6dbda5d24c4bf0c72 Mon Sep 17 00:00:00 2001 From: ArtiomMatiom Date: Fri, 21 Jun 2024 12:07:45 +0200 Subject: [PATCH 71/99] set use_managed_identity to default --- .../azure/function_app_linux_managed_identity/variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/azure/function_app_linux_managed_identity/variables.tf b/modules/azure/function_app_linux_managed_identity/variables.tf index bc89ef71..05234f53 100644 --- a/modules/azure/function_app_linux_managed_identity/variables.tf +++ b/modules/azure/function_app_linux_managed_identity/variables.tf @@ -75,14 +75,14 @@ variable "storage_account_name" { variable "storage_account_access_key" { type = string - description = " The access key which will be used to access the backend storage account for the Function App." + description = "DEPRECATED in favor of use_manged_identity instead. The access key which will be used to access the backend storage account for the Function App." default = null } variable "use_managed_identity" { type = bool description = "Adds managed identity to the function app, that allows to avoid explicit access token usage" - default = true + default = null } variable "app_settings" { From 68b8cd6a469b588469f3ff0bbdaacf2e7d9805d3 Mon Sep 17 00:00:00 2001 From: ArtiomMatiom <89966532+ArtiomMatiom@users.noreply.github.com> Date: Fri, 21 Jun 2024 16:06:36 +0200 Subject: [PATCH 72/99] Update modules/azure/function_app_linux_managed_identity/variables.tf Co-authored-by: tom-reinders --- modules/azure/function_app_linux_managed_identity/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/function_app_linux_managed_identity/variables.tf b/modules/azure/function_app_linux_managed_identity/variables.tf index 05234f53..1ff6c220 100644 --- a/modules/azure/function_app_linux_managed_identity/variables.tf +++ b/modules/azure/function_app_linux_managed_identity/variables.tf @@ -75,7 +75,7 @@ variable "storage_account_name" { variable "storage_account_access_key" { type = string - description = "DEPRECATED in favor of use_manged_identity instead. The access key which will be used to access the backend storage account for the Function App." + description = "DEPRECATED in favor of use_managed_identity instead. The access key which will be used to access the backend storage account for the Function App." default = null } From 88f111179a7eed78ea7aadbdfba8c00ac9570735 Mon Sep 17 00:00:00 2001 From: ArtiomMatiom Date: Thu, 27 Jun 2024 16:02:41 +0200 Subject: [PATCH 73/99] Extend module to support multiple Action groups or none --- modules/azure/monitoring_log_analytics_alert/main.tf | 2 +- modules/azure/monitoring_log_analytics_alert/variables.tf | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/azure/monitoring_log_analytics_alert/main.tf b/modules/azure/monitoring_log_analytics_alert/main.tf index 280bf29e..0361e93f 100644 --- a/modules/azure/monitoring_log_analytics_alert/main.tf +++ b/modules/azure/monitoring_log_analytics_alert/main.tf @@ -28,7 +28,7 @@ resource "azurerm_monitor_scheduled_query_rules_alert" "query_alert" { data_source_id = each.value.data_source_id action { - action_group = [var.action_group_id] + action_group = var.action_groups != null? var.action_groups : [var.action_group_id] email_subject = "Monitoring Alert" } diff --git a/modules/azure/monitoring_log_analytics_alert/variables.tf b/modules/azure/monitoring_log_analytics_alert/variables.tf index 8b462c40..758883a6 100644 --- a/modules/azure/monitoring_log_analytics_alert/variables.tf +++ b/modules/azure/monitoring_log_analytics_alert/variables.tf @@ -11,6 +11,13 @@ variable "resource_group_name" { variable "action_group_id" { type = string description = "ID of the action group to associate the alert with." + default = null +} + +variable "action_groups" { + type = list(string) + description = "Action groups that must be triggered" + default = null } variable "monitoring_rules" { From 33119792a9ba6bfb0793c2225145eb027022ee87 Mon Sep 17 00:00:00 2001 From: ArtiomMatiom Date: Thu, 27 Jun 2024 16:04:52 +0200 Subject: [PATCH 74/99] format documents --- modules/azure/monitoring_log_analytics_alert/main.tf | 2 +- modules/azure/monitoring_log_analytics_alert/variables.tf | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/azure/monitoring_log_analytics_alert/main.tf b/modules/azure/monitoring_log_analytics_alert/main.tf index 0361e93f..9322d6e2 100644 --- a/modules/azure/monitoring_log_analytics_alert/main.tf +++ b/modules/azure/monitoring_log_analytics_alert/main.tf @@ -28,7 +28,7 @@ resource "azurerm_monitor_scheduled_query_rules_alert" "query_alert" { data_source_id = each.value.data_source_id action { - action_group = var.action_groups != null? var.action_groups : [var.action_group_id] + action_group = var.action_groups != null ? var.action_groups : [var.action_group_id] email_subject = "Monitoring Alert" } diff --git a/modules/azure/monitoring_log_analytics_alert/variables.tf b/modules/azure/monitoring_log_analytics_alert/variables.tf index 758883a6..4cec8fd2 100644 --- a/modules/azure/monitoring_log_analytics_alert/variables.tf +++ b/modules/azure/monitoring_log_analytics_alert/variables.tf @@ -11,13 +11,13 @@ variable "resource_group_name" { variable "action_group_id" { type = string description = "ID of the action group to associate the alert with." - default = null + default = null } variable "action_groups" { - type = list(string) + type = list(string) description = "Action groups that must be triggered" - default = null + default = null } variable "monitoring_rules" { From 35ad49ac458b948ef8b04ffa79a7b74c16852361 Mon Sep 17 00:00:00 2001 From: Michal Pipal Date: Mon, 1 Jul 2024 15:05:33 +0200 Subject: [PATCH 75/99] Enabled extenstion of logging for APIM AB#20739 --- modules/azure/api_management/main.tf | 8 ++--- modules/azure/api_management/variables.tf | 36 ++++++++++++++--------- 2 files changed, 26 insertions(+), 18 deletions(-) diff --git a/modules/azure/api_management/main.tf b/modules/azure/api_management/main.tf index d100b24a..a0e13245 100644 --- a/modules/azure/api_management/main.tf +++ b/modules/azure/api_management/main.tf @@ -100,22 +100,22 @@ resource "azurerm_api_management_diagnostic" "apim_diagnostic" { http_correlation_protocol = var.diagnostic_settings.http_correlation_protocol frontend_request { - body_bytes = 32 + body_bytes = var.diagnostic_settings.frontend_request_body_bytes headers_to_log = var.diagnostic_settings.headers_to_log_request } frontend_response { - body_bytes = 32 + body_bytes = var.diagnostic_settings.frontend_response_body_bytes headers_to_log = var.diagnostic_settings.headers_to_log_response } backend_request { - body_bytes = 32 + body_bytes = var.diagnostic_settings.backend_request_body_bytes headers_to_log = var.diagnostic_settings.headers_to_log_request } backend_response { - body_bytes = 32 + body_bytes = var.diagnostic_settings.backend_response_body_bytes headers_to_log = var.diagnostic_settings.headers_to_log_response } } diff --git a/modules/azure/api_management/variables.tf b/modules/azure/api_management/variables.tf index 107408c7..b10e2243 100644 --- a/modules/azure/api_management/variables.tf +++ b/modules/azure/api_management/variables.tf @@ -70,23 +70,31 @@ variable "api_management_logger_settings" { variable "diagnostic_settings" { type = object({ - sampling_percentage = number, - always_log_errors = bool, - log_client_ip = bool, - verbosity = string, # possible values: verbose, information, error - http_correlation_protocol = string, # possible values: None, Legacy, W3C - headers_to_log_request = list(string), - headers_to_log_response = list(string) + sampling_percentage = number, + always_log_errors = bool, + log_client_ip = bool, + verbosity = string, # possible values: verbose, information, error + http_correlation_protocol = string, # possible values: None, Legacy, W3C + headers_to_log_request = list(string), + headers_to_log_response = list(string), + frontend_request_body_bytes = number, + frontend_response_body_bytes = number, + backend_request_body_bytes = number, + backend_response_body_bytes = number }) description = "Settings for api management diagnostic, api-management-diagnostic will be created only if api_management_logger_settings have been provided. " default = { - sampling_percentage = 5.0, - always_log_errors = true, - log_client_ip = true, - verbosity = "verbose", # possible values: verbose, information, error - http_correlation_protocol = "W3C", - headers_to_log_request = ["content-type", "accept", "origin"], - headers_to_log_response = ["content-type", "content-length", "origin"] + sampling_percentage = 5.0, + always_log_errors = true, + log_client_ip = true, + verbosity = "verbose", # possible values: verbose, information, error + http_correlation_protocol = "W3C", + headers_to_log_request = ["content-type", "accept", "origin"], + headers_to_log_response = ["content-type", "content-length", "origin"], + frontend_request_body_bytes = 32, + frontend_response_body_bytes = 32, + backend_request_body_bytes = 32, + backend_response_body_bytes = 32 } } From 54674768e1432f75be9bc22e3661f4d54c83b9e0 Mon Sep 17 00:00:00 2001 From: ArtiomMatiom Date: Thu, 4 Jul 2024 10:21:33 +0200 Subject: [PATCH 76/99] Add diagnostic settings to Log analytics --- modules/azure/stream_analytics/main.tf | 31 +++++++++++++++++++++ modules/azure/stream_analytics/variables.tf | 10 +++++++ 2 files changed, 41 insertions(+) diff --git a/modules/azure/stream_analytics/main.tf b/modules/azure/stream_analytics/main.tf index 35dd0fb5..5bb8c5e7 100644 --- a/modules/azure/stream_analytics/main.tf +++ b/modules/azure/stream_analytics/main.tf @@ -100,3 +100,34 @@ resource "azurerm_stream_analytics_output_blob" "stream_output" { format = each.value.serialization.format } } + + +data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" { + count = var.loganalytics_diagnostic_setting == null ? 0 : 1 + resource_id = azurerm_stream_analytics_job.job.id +} + +resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" { + count = var.loganalytics_diagnostic_setting == null ? 0 : 1 + name = "diag-${var.name}" + target_resource_id = azurerm_stream_analytics_job.job.id + log_analytics_workspace_id = var.loganalytics_diagnostic_setting.workspace_id + + + dynamic "enabled_log" { + for_each = var.loganalytics_diagnostic_setting.categories == null ? data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].log_category_types : var.loganalytics_diagnostic_setting.categories + + content { + category = enabled_log.value + } + } + + dynamic "metric" { + for_each = var.loganalytics_diagnostic_setting.metrics == null ? data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].metrics : var.loganalytics_diagnostic_setting.metrics + + content { + category = metric.value + enabled = true + } + } +} diff --git a/modules/azure/stream_analytics/variables.tf b/modules/azure/stream_analytics/variables.tf index 2d708dce..2d2a02db 100644 --- a/modules/azure/stream_analytics/variables.tf +++ b/modules/azure/stream_analytics/variables.tf @@ -94,3 +94,13 @@ variable "stream_query" { description = "SAQL query that will be run in the streaming job." default = null } + +variable "loganalytics_diagnostic_setting" { + type = object({ + workspace_id = string, // log analytics workspace ID + categories = optional(list(string)), // null list,means send all categories + metrics = optional(list(string)), // null list means send all metrics + }) + description = "Specifies the log categories that have to be sent to Log analytics." + default = null +} From d188b8e30db1209d0175b65b86207e6d1ee7e27f Mon Sep 17 00:00:00 2001 From: ArtiomMatiom Date: Thu, 4 Jul 2024 14:59:44 +0200 Subject: [PATCH 77/99] Event hub add diagnostic settings --- modules/azure/event_hub/main.tf | 31 ++++++++++++++++++++++++++++ modules/azure/event_hub/variables.tf | 12 +++++++++++ 2 files changed, 43 insertions(+) diff --git a/modules/azure/event_hub/main.tf b/modules/azure/event_hub/main.tf index 0e82fc0c..7e058b12 100644 --- a/modules/azure/event_hub/main.tf +++ b/modules/azure/event_hub/main.tf @@ -37,3 +37,34 @@ resource "azurerm_eventhub_consumer_group" "consumer" { eventhub_name = azurerm_eventhub.eventhub.name resource_group_name = var.resource_group_name } + + +data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" { + count = var.loganalytics_diagnostic_setting == null ? 0 : 1 + resource_id = azurerm_eventhub_namespace.namespace.id +} + +resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" { + count = var.loganalytics_diagnostic_setting == null ? 0 : 1 + name = "diag-${var.namespace_name}" + target_resource_id = azurerm_eventhub_namespace.namespace.id + log_analytics_workspace_id = var.loganalytics_diagnostic_setting.workspace_id + log_analytics_destination_type = var.loganalytics_diagnostic_setting.destination_type == null ? null : var.loganalytics_diagnostic_setting.destination_type + + dynamic "enabled_log" { + for_each = var.loganalytics_diagnostic_setting.categories == null ? data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].log_category_types : var.loganalytics_diagnostic_setting.categories + + content { + category = enabled_log.value + } + } + + dynamic "metric" { + for_each = var.loganalytics_diagnostic_setting.metrics == null ? data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].metrics : var.loganalytics_diagnostic_setting.metrics + + content { + category = metric.value + enabled = true + } + } +} diff --git a/modules/azure/event_hub/variables.tf b/modules/azure/event_hub/variables.tf index 8d04d839..7f5591cb 100644 --- a/modules/azure/event_hub/variables.tf +++ b/modules/azure/event_hub/variables.tf @@ -46,3 +46,15 @@ variable "consumer_group_name" { type = string description = "Eventhub consumer group name." } + + +variable "loganalytics_diagnostic_setting" { + type = object({ + workspace_id = string, // log analytics workspace ID + categories = optional(list(string)), // null list,means send all categories + metrics = optional(list(string)), // null list means send all metrics + destination_type = optional(string), // AzureDiagnostics or Dedicated + }) + description = "Specifies the log categories that have to be sent to Log analytics." + default = null +} From c7e74fe82620707639ff4e2e9f6a08e1fc43f69c Mon Sep 17 00:00:00 2001 From: ArtiomMatiom Date: Fri, 5 Jul 2024 16:40:23 +0200 Subject: [PATCH 78/99] Add diagnostic settings to storage account --- modules/azure/storage_account_public/main.tf | 116 ++++++++++++++++++ .../azure/storage_account_public/variables.tf | 31 ++++- 2 files changed, 146 insertions(+), 1 deletion(-) diff --git a/modules/azure/storage_account_public/main.tf b/modules/azure/storage_account_public/main.tf index a4ecee48..704b44bf 100644 --- a/modules/azure/storage_account_public/main.tf +++ b/modules/azure/storage_account_public/main.tf @@ -116,3 +116,119 @@ resource "azurerm_storage_management_policy" "storage_management_policy" { } } } + +data "azurerm_monitor_diagnostic_categories" "blob" { + count = var.loganalytics_diagnostic_setting.workspace_id == null || var.loganalytics_diagnostic_setting.blob == null ? 0 : 1 + resource_id = "${azurerm_storage_account.storage_account.id}/blobServices/default/" +} + +data "azurerm_monitor_diagnostic_categories" "queue" { + count = var.loganalytics_diagnostic_setting.workspace_id == null || var.loganalytics_diagnostic_setting.queue == null ? 0 : 1 + resource_id = "${azurerm_storage_account.storage_account.id}/queueServices/default/" +} + +data "azurerm_monitor_diagnostic_categories" "table" { + count = var.loganalytics_diagnostic_setting.workspace_id == null || var.loganalytics_diagnostic_setting.table == null ? 0 : 1 + resource_id = "${azurerm_storage_account.storage_account.id}/tableServices/default/" +} + +data "azurerm_monitor_diagnostic_categories" "file" { + count = var.loganalytics_diagnostic_setting.workspace_id == null || var.loganalytics_diagnostic_setting.file == null ? 0 : 1 + resource_id = "${azurerm_storage_account.storage_account.id}/tableServices/default/" +} + +resource "azurerm_monitor_diagnostic_setting" "blob" { + count = var.loganalytics_diagnostic_setting.workspace_id == null || var.loganalytics_diagnostic_setting.blob == null ? 0 : 1 + name = "diag-blob-${var.name}" + target_resource_id = "${azurerm_storage_account.storage_account.id}/blobServices/default/" + log_analytics_workspace_id = var.loganalytics_diagnostic_setting.workspace_id + + dynamic "enabled_log" { + for_each = var.loganalytics_diagnostic_setting.blob.categories == null ? data.azurerm_monitor_diagnostic_categories.blob[0].log_category_types : var.loganalytics_diagnostic_setting.blob.categories + + content { + category = enabled_log.value + } + } + + dynamic "metric" { + for_each = var.loganalytics_diagnostic_setting.blob.metrics == null ? data.azurerm_monitor_diagnostic_categories.blob[0].metrics : var.loganalytics_diagnostic_setting.blob.metrics + + content { + category = metric.value + enabled = true + } + } +} + +resource "azurerm_monitor_diagnostic_setting" "queue" { + count = var.loganalytics_diagnostic_setting.workspace_id == null || var.loganalytics_diagnostic_setting.queue == null ? 0 : 1 + name = "diag-blob-${var.name}" + target_resource_id = "${azurerm_storage_account.storage_account.id}/queueServices/default/" + log_analytics_workspace_id = var.loganalytics_diagnostic_setting.workspace_id + + dynamic "enabled_log" { + for_each = var.loganalytics_diagnostic_setting.queue.categories == null ? data.azurerm_monitor_diagnostic_categories.queue[0].log_category_types : var.loganalytics_diagnostic_setting.queue.categories + + content { + category = enabled_log.value + } + } + + dynamic "metric" { + for_each = var.loganalytics_diagnostic_setting.queue.metrics == null ? data.azurerm_monitor_diagnostic_categories.queue[0].metrics : var.loganalytics_diagnostic_setting.queue.metrics + + content { + category = metric.value + enabled = true + } + } +} + +resource "azurerm_monitor_diagnostic_setting" "table" { + count = var.loganalytics_diagnostic_setting.workspace_id == null || var.loganalytics_diagnostic_setting.table == null ? 0 : 1 + name = "diag-blob-${var.name}" + target_resource_id = "${azurerm_storage_account.storage_account.id}/tableServices/default/" + log_analytics_workspace_id = var.loganalytics_diagnostic_setting.workspace_id + + dynamic "enabled_log" { + for_each = var.loganalytics_diagnostic_setting.table.categories == null ? data.azurerm_monitor_diagnostic_categories.table[0].log_category_types : var.loganalytics_diagnostic_setting.table.categories + + content { + category = enabled_log.value + } + } + + dynamic "metric" { + for_each = var.loganalytics_diagnostic_setting.table.metrics == null ? data.azurerm_monitor_diagnostic_categories.table[0].metrics : var.loganalytics_diagnostic_setting.table.metrics + + content { + category = metric.value + enabled = true + } + } +} + +resource "azurerm_monitor_diagnostic_setting" "file" { + count = var.loganalytics_diagnostic_setting.workspace_id == null || var.loganalytics_diagnostic_setting.table == null ? 0 : 1 + name = "diag-blob-${var.name}" + target_resource_id = "${azurerm_storage_account.storage_account.id}/fileServices/default/" + log_analytics_workspace_id = var.loganalytics_diagnostic_setting.workspace_id + + dynamic "enabled_log" { + for_each = var.loganalytics_diagnostic_setting.file.categories == null ? data.azurerm_monitor_diagnostic_categories.file[0].log_category_types : var.loganalytics_diagnostic_setting.file.categories + + content { + category = enabled_log.value + } + } + + dynamic "metric" { + for_each = var.loganalytics_diagnostic_setting.file.metrics == null ? data.azurerm_monitor_diagnostic_categories.file[0].metrics : var.loganalytics_diagnostic_setting.file.metrics + + content { + category = metric.value + enabled = true + } + } +} diff --git a/modules/azure/storage_account_public/variables.tf b/modules/azure/storage_account_public/variables.tf index bee786ac..14c62fd6 100644 --- a/modules/azure/storage_account_public/variables.tf +++ b/modules/azure/storage_account_public/variables.tf @@ -114,4 +114,33 @@ variable "delete_retention_policy_days" { type = number description = "Number of days to retain deleted blobs." default = null -} \ No newline at end of file +} + +variable "loganalytics_diagnostic_setting" { + type = object({ + workspace_id = string, // log analytics workspace ID + blob = optional(object({ + categories = optional(list(string)), // null list,means send all categories + metrics = optional(list(string)), // null list means send all metrics + destination_type = optional(string), // AzureDiagnostics or Dedicated + })), + queue = optional(object({ + categories = optional(list(string)), // null list,means send all categories + metrics = optional(list(string)), // null list means send all metrics + destination_type = optional(string), // AzureDiagnostics or Dedicated + })), + table = optional(object({ + categories = optional(list(string)), // null list,means send all categories + metrics = optional(list(string)), // null list means send all metrics + destination_type = optional(string), // AzureDiagnostics or Dedicated + })) + file = optional(object({ + categories = optional(list(string)), // null list,means send all categories + metrics = optional(list(string)), // null list means send all metrics + destination_type = optional(string), // AzureDiagnostics or Dedicated + })) + }) + description = "Specifies the log categories that have to be sent to Log analytics." + default = null +} + From ab857f29776571009c31c62e6ee3a0b5b38f655a Mon Sep 17 00:00:00 2001 From: ArtiomMatiom Date: Mon, 8 Jul 2024 09:48:45 +0200 Subject: [PATCH 79/99] log analytics diagnostic settings --- modules/azure/log_analytics_workspace/main.tf | 33 +++++++++++++++++++ .../log_analytics_workspace/variables.tf | 10 ++++++ 2 files changed, 43 insertions(+) diff --git a/modules/azure/log_analytics_workspace/main.tf b/modules/azure/log_analytics_workspace/main.tf index f5d95518..17859488 100644 --- a/modules/azure/log_analytics_workspace/main.tf +++ b/modules/azure/log_analytics_workspace/main.tf @@ -23,3 +23,36 @@ resource "azurerm_log_analytics_workspace" "workspace" { retention_in_days = var.retention_in_days daily_quota_gb = var.daily_quota_gb } + + + +data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" { + count = var.loganalytics_diagnostic_setting == null ? 0 : 1 + resource_id = azurerm_log_analytics_workspace.workspace.id +} + +resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" { + count = var.loganalytics_diagnostic_setting == null ? 0 : 1 + name = "diag-${var.name}" + target_resource_id = azurerm_log_analytics_workspace.workspace.id + log_analytics_workspace_id = azurerm_log_analytics_workspace.workspace.id + log_analytics_destination_type = var.loganalytics_diagnostic_setting.destination_type == null ? null : var.loganalytics_diagnostic_setting.destination_type + + dynamic "enabled_log" { + for_each = var.loganalytics_diagnostic_setting.categories == null ? data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].log_category_types : var.loganalytics_diagnostic_setting.categories + + content { + category = enabled_log.value + } + } + + dynamic "metric" { + for_each = var.loganalytics_diagnostic_setting.metrics == null ? data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].metrics : var.loganalytics_diagnostic_setting.metrics + + content { + category = metric.value + enabled = true + } + } +} + diff --git a/modules/azure/log_analytics_workspace/variables.tf b/modules/azure/log_analytics_workspace/variables.tf index 1f8b36a0..b68097be 100644 --- a/modules/azure/log_analytics_workspace/variables.tf +++ b/modules/azure/log_analytics_workspace/variables.tf @@ -30,3 +30,13 @@ variable "daily_quota_gb" { description = "The workspace daily quota for ingestion in GB." default = 5 } + +variable "loganalytics_diagnostic_setting" { + type = object({ + categories = optional(list(string)), // null list,means send all categories + metrics = optional(list(string)), // null list means send all metrics + destination_type = optional(string), // AzureDiagnostics or Dedicated + }) + description = "Specifies the log categories that have to be sent to Log analytics." + default = null +} From 3d8bc6a69b7ea3b77d2220b7ef636eb50d6f82ce Mon Sep 17 00:00:00 2001 From: ArtiomMatiom Date: Mon, 8 Jul 2024 09:57:20 +0200 Subject: [PATCH 80/99] service plan diagnostic settings --- modules/azure/service_plan/main.tf | 32 +++++++++++++++++++++++++ modules/azure/service_plan/variables.tf | 11 +++++++++ 2 files changed, 43 insertions(+) diff --git a/modules/azure/service_plan/main.tf b/modules/azure/service_plan/main.tf index 4b8e58a8..654f3750 100644 --- a/modules/azure/service_plan/main.tf +++ b/modules/azure/service_plan/main.tf @@ -84,3 +84,35 @@ resource "azurerm_monitor_autoscale_setting" "autoscale_setting" { } } } + + +data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" { + count = var.loganalytics_diagnostic_setting == null ? 0 : 1 + resource_id = azurerm_service_plan.sp.id +} + +resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" { + count = var.loganalytics_diagnostic_setting == null ? 0 : 1 + name = "diag-${var.name}" + target_resource_id = azurerm_service_plan.sp.id + log_analytics_workspace_id = var.loganalytics_diagnostic_setting.workspace_id + + + dynamic "enabled_log" { + for_each = var.loganalytics_diagnostic_setting.categories == null ? data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].log_category_types : var.loganalytics_diagnostic_setting.categories + + content { + category = enabled_log.value + } + } + + dynamic "metric" { + for_each = var.loganalytics_diagnostic_setting.metrics == null ? data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].metrics : var.loganalytics_diagnostic_setting.metrics + + content { + category = metric.value + enabled = true + } + } +} + diff --git a/modules/azure/service_plan/variables.tf b/modules/azure/service_plan/variables.tf index 1c5f1ccd..e214f19c 100644 --- a/modules/azure/service_plan/variables.tf +++ b/modules/azure/service_plan/variables.tf @@ -65,3 +65,14 @@ variable "scaling_rules" { } ] } + + +variable "loganalytics_diagnostic_setting" { + type = object({ + workspace_id = string, // log analytics workspace ID + categories = optional(list(string)), // null list,means send all categories + metrics = optional(list(string)), // null list means send all metrics + }) + description = "Specifies the log categories that have to be sent to Log analytics." + default = null +} From 502724e527e78bc1d15e0f3abef0701fc709be25 Mon Sep 17 00:00:00 2001 From: ArtiomMatiom Date: Mon, 8 Jul 2024 10:04:28 +0200 Subject: [PATCH 81/99] public IP diagnostic settings --- modules/azure/public_ip/main.tf | 31 ++++++++++++++++++++++++++++ modules/azure/public_ip/variables.tf | 10 +++++++++ 2 files changed, 41 insertions(+) diff --git a/modules/azure/public_ip/main.tf b/modules/azure/public_ip/main.tf index 238424cb..bf85d686 100644 --- a/modules/azure/public_ip/main.tf +++ b/modules/azure/public_ip/main.tf @@ -23,3 +23,34 @@ resource "azurerm_public_ip" "public_ip" { domain_name_label = var.domain_name_label sku = var.sku } + +data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" { + count = var.loganalytics_diagnostic_setting == null ? 0 : 1 + resource_id = azurerm_public_ip.public_ip.id +} + +resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" { + count = var.loganalytics_diagnostic_setting == null ? 0 : 1 + name = "diag-${var.name}" + target_resource_id = azurerm_public_ip.public_ip.id + log_analytics_workspace_id = var.loganalytics_diagnostic_setting.workspace_id + + + dynamic "enabled_log" { + for_each = var.loganalytics_diagnostic_setting.categories == null ? data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].log_category_types : var.loganalytics_diagnostic_setting.categories + + content { + category = enabled_log.value + } + } + + dynamic "metric" { + for_each = var.loganalytics_diagnostic_setting.metrics == null ? data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].metrics : var.loganalytics_diagnostic_setting.metrics + + content { + category = metric.value + enabled = true + } + } +} + diff --git a/modules/azure/public_ip/variables.tf b/modules/azure/public_ip/variables.tf index b712c9e8..bde53fe2 100644 --- a/modules/azure/public_ip/variables.tf +++ b/modules/azure/public_ip/variables.tf @@ -30,3 +30,13 @@ variable "domain_name_label" { description = "Label for the Domain Name. Will be used to make up the FQDN" default = null } + +variable "loganalytics_diagnostic_setting" { + type = object({ + workspace_id = string, // log analytics workspace ID + categories = optional(list(string)), // null list,means send all categories + metrics = optional(list(string)), // null list means send all metrics + }) + description = "Specifies the log categories that have to be sent to Log analytics." + default = null +} From ae0555daec45cdbfab04c045b5124a13008fa48a Mon Sep 17 00:00:00 2001 From: ArtiomMatiom Date: Mon, 8 Jul 2024 10:19:27 +0200 Subject: [PATCH 82/99] event grid topic diagnostic settings --- modules/azure/event_grid_topic/main.tf | 32 ++++++++++++++++++++- modules/azure/event_grid_topic/variables.tf | 10 +++++++ 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/modules/azure/event_grid_topic/main.tf b/modules/azure/event_grid_topic/main.tf index b2541364..7b05f8cd 100644 --- a/modules/azure/event_grid_topic/main.tf +++ b/modules/azure/event_grid_topic/main.tf @@ -21,4 +21,34 @@ resource "azurerm_eventgrid_system_topic" "topic" { resource_group_name = var.resource_group_name source_arm_resource_id = var.source_arm_resource_id topic_type = var.topic_type -} \ No newline at end of file +} + +data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" { + count = var.loganalytics_diagnostic_setting == null ? 0 : 1 + resource_id = azurerm_eventgrid_system_topic.topic.id +} + +resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" { + count = var.loganalytics_diagnostic_setting == null ? 0 : 1 + name = "diag-${var.topic_name}" + target_resource_id = azurerm_eventgrid_system_topic.topic.id + log_analytics_workspace_id = var.loganalytics_diagnostic_setting.workspace_id + + + dynamic "enabled_log" { + for_each = var.loganalytics_diagnostic_setting.categories == null ? data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].log_category_types : var.loganalytics_diagnostic_setting.categories + + content { + category = enabled_log.value + } + } + + dynamic "metric" { + for_each = var.loganalytics_diagnostic_setting.metrics == null ? data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].metrics : var.loganalytics_diagnostic_setting.metrics + + content { + category = metric.value + enabled = true + } + } +} diff --git a/modules/azure/event_grid_topic/variables.tf b/modules/azure/event_grid_topic/variables.tf index b328c74e..1b327f70 100644 --- a/modules/azure/event_grid_topic/variables.tf +++ b/modules/azure/event_grid_topic/variables.tf @@ -22,3 +22,13 @@ variable "source_arm_resource_id" { type = string description = "The ID of the Event Grid System Topic ARM Source." } + +variable "loganalytics_diagnostic_setting" { + type = object({ + workspace_id = string, // log analytics workspace ID + categories = optional(list(string)), // null list,means send all categories + metrics = optional(list(string)), // null list means send all metrics + }) + description = "Specifies the log categories that have to be sent to Log analytics." + default = null +} From e65e2a00d6e6341c2c69434c5205a59d031ed170 Mon Sep 17 00:00:00 2001 From: ArtiomMatiom Date: Mon, 8 Jul 2024 10:28:10 +0200 Subject: [PATCH 83/99] network security_group diagnostic settings --- modules/azure/event_grid_topic/variables.tf | 2 ++ modules/azure/network_security_group/main.tf | 33 +++++++++++++++++++ .../azure/network_security_group/variables.tf | 11 +++++++ 3 files changed, 46 insertions(+) diff --git a/modules/azure/event_grid_topic/variables.tf b/modules/azure/event_grid_topic/variables.tf index 1b327f70..de75a2a3 100644 --- a/modules/azure/event_grid_topic/variables.tf +++ b/modules/azure/event_grid_topic/variables.tf @@ -32,3 +32,5 @@ variable "loganalytics_diagnostic_setting" { description = "Specifies the log categories that have to be sent to Log analytics." default = null } + + diff --git a/modules/azure/network_security_group/main.tf b/modules/azure/network_security_group/main.tf index 5cf21fa4..120a2ba7 100644 --- a/modules/azure/network_security_group/main.tf +++ b/modules/azure/network_security_group/main.tf @@ -46,3 +46,36 @@ resource "azurerm_subnet_network_security_group_association" "nsg_subnet_associa subnet_id = each.key network_security_group_id = azurerm_network_security_group.network_security_group.id } + + +data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" { + count = var.loganalytics_diagnostic_setting == null ? 0 : 1 + resource_id = azurerm_network_security_group.network_security_group.id +} + +resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" { + count = var.loganalytics_diagnostic_setting == null ? 0 : 1 + name = "diag-${var.network_security_group_name}" + target_resource_id = azurerm_network_security_group.network_security_group.id + log_analytics_workspace_id = var.loganalytics_diagnostic_setting.workspace_id + + + dynamic "enabled_log" { + for_each = var.loganalytics_diagnostic_setting.categories == null ? data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].log_category_types : var.loganalytics_diagnostic_setting.categories + + content { + category = enabled_log.value + } + } + + dynamic "metric" { + for_each = var.loganalytics_diagnostic_setting.metrics == null ? data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].metrics : var.loganalytics_diagnostic_setting.metrics + + content { + category = metric.value + enabled = true + } + } +} + + diff --git a/modules/azure/network_security_group/variables.tf b/modules/azure/network_security_group/variables.tf index 8f62626b..2ad3023c 100644 --- a/modules/azure/network_security_group/variables.tf +++ b/modules/azure/network_security_group/variables.tf @@ -37,3 +37,14 @@ variable "subnet_ids" { description = "List of subnet ids to associate with network security group." default = [] } + + +variable "loganalytics_diagnostic_setting" { + type = object({ + workspace_id = string, // log analytics workspace ID + categories = optional(list(string)), // null list,means send all categories + metrics = optional(list(string)), // null list means send all metrics + }) + description = "Specifies the log categories that have to be sent to Log analytics." + default = null +} From 07fab1a83a38082b90859d143a9b12dcacff412f Mon Sep 17 00:00:00 2001 From: ArtiomMatiom Date: Mon, 8 Jul 2024 10:48:32 +0200 Subject: [PATCH 84/99] Vnet diagnostic settings --- modules/azure/virtual_network/main.tf | 31 ++++++++++++++++++++++ modules/azure/virtual_network/variables.tf | 10 +++++++ 2 files changed, 41 insertions(+) diff --git a/modules/azure/virtual_network/main.tf b/modules/azure/virtual_network/main.tf index 21cec685..a3f4484e 100644 --- a/modules/azure/virtual_network/main.tf +++ b/modules/azure/virtual_network/main.tf @@ -26,3 +26,34 @@ resource "azurerm_virtual_network" "virtual_network" { ignore_changes = [subnet] } } + + +data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" { + count = var.loganalytics_diagnostic_setting == null ? 0 : 1 + resource_id = azurerm_virtual_network.virtual_network.id +} + +resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" { + count = var.loganalytics_diagnostic_setting == null ? 0 : 1 + name = "diag-${var.name}" + target_resource_id = azurerm_virtual_network.virtual_network.id + log_analytics_workspace_id = var.loganalytics_diagnostic_setting.workspace_id + + + dynamic "enabled_log" { + for_each = var.loganalytics_diagnostic_setting.categories == null ? data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].log_category_types : var.loganalytics_diagnostic_setting.categories + + content { + category = enabled_log.value + } + } + + dynamic "metric" { + for_each = var.loganalytics_diagnostic_setting.metrics == null ? data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].metrics : var.loganalytics_diagnostic_setting.metrics + + content { + category = metric.value + enabled = true + } + } +} diff --git a/modules/azure/virtual_network/variables.tf b/modules/azure/virtual_network/variables.tf index 97b77b0f..d7aa4384 100644 --- a/modules/azure/virtual_network/variables.tf +++ b/modules/azure/virtual_network/variables.tf @@ -17,3 +17,13 @@ variable "address_space" { type = list(string) description = "Address space of the virtual network." } + +variable "loganalytics_diagnostic_setting" { + type = object({ + workspace_id = string, // log analytics workspace ID + categories = optional(list(string)), // null list,means send all categories + metrics = optional(list(string)), // null list means send all metrics + }) + description = "Specifies the log categories that have to be sent to Log analytics." + default = null +} From 2ec048eb272f7e553b1c29f106de89f161d38cfd Mon Sep 17 00:00:00 2001 From: ArtiomMatiom Date: Mon, 8 Jul 2024 11:08:38 +0200 Subject: [PATCH 85/99] format terraform --- modules/azure/event_grid_topic/variables.tf | 12 ++++------ modules/azure/event_hub/main.tf | 10 ++++---- modules/azure/event_hub/variables.tf | 10 ++++---- modules/azure/log_analytics_workspace/main.tf | 10 ++++---- .../log_analytics_workspace/variables.tf | 8 +++---- .../azure/network_security_group/variables.tf | 8 +++---- modules/azure/public_ip/variables.tf | 8 +++---- modules/azure/service_plan/variables.tf | 8 +++---- modules/azure/storage_account_public/main.tf | 24 +++++++++---------- 9 files changed, 48 insertions(+), 50 deletions(-) diff --git a/modules/azure/event_grid_topic/variables.tf b/modules/azure/event_grid_topic/variables.tf index de75a2a3..33728556 100644 --- a/modules/azure/event_grid_topic/variables.tf +++ b/modules/azure/event_grid_topic/variables.tf @@ -24,13 +24,11 @@ variable "source_arm_resource_id" { } variable "loganalytics_diagnostic_setting" { - type = object({ - workspace_id = string, // log analytics workspace ID - categories = optional(list(string)), // null list,means send all categories - metrics = optional(list(string)), // null list means send all metrics + type = object({ + workspace_id = string, // log analytics workspace ID + categories = optional(list(string)), // null list,means send all categories + metrics = optional(list(string)), // null list means send all metrics }) description = "Specifies the log categories that have to be sent to Log analytics." default = null -} - - +} \ No newline at end of file diff --git a/modules/azure/event_hub/main.tf b/modules/azure/event_hub/main.tf index 7e058b12..f4561735 100644 --- a/modules/azure/event_hub/main.tf +++ b/modules/azure/event_hub/main.tf @@ -45,11 +45,11 @@ data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" { } resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" { - count = var.loganalytics_diagnostic_setting == null ? 0 : 1 - name = "diag-${var.namespace_name}" - target_resource_id = azurerm_eventhub_namespace.namespace.id - log_analytics_workspace_id = var.loganalytics_diagnostic_setting.workspace_id - log_analytics_destination_type = var.loganalytics_diagnostic_setting.destination_type == null ? null : var.loganalytics_diagnostic_setting.destination_type + count = var.loganalytics_diagnostic_setting == null ? 0 : 1 + name = "diag-${var.namespace_name}" + target_resource_id = azurerm_eventhub_namespace.namespace.id + log_analytics_workspace_id = var.loganalytics_diagnostic_setting.workspace_id + log_analytics_destination_type = var.loganalytics_diagnostic_setting.destination_type == null ? null : var.loganalytics_diagnostic_setting.destination_type dynamic "enabled_log" { for_each = var.loganalytics_diagnostic_setting.categories == null ? data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].log_category_types : var.loganalytics_diagnostic_setting.categories diff --git a/modules/azure/event_hub/variables.tf b/modules/azure/event_hub/variables.tf index 7f5591cb..6519b5a8 100644 --- a/modules/azure/event_hub/variables.tf +++ b/modules/azure/event_hub/variables.tf @@ -49,11 +49,11 @@ variable "consumer_group_name" { variable "loganalytics_diagnostic_setting" { - type = object({ - workspace_id = string, // log analytics workspace ID - categories = optional(list(string)), // null list,means send all categories - metrics = optional(list(string)), // null list means send all metrics - destination_type = optional(string), // AzureDiagnostics or Dedicated + type = object({ + workspace_id = string, // log analytics workspace ID + categories = optional(list(string)), // null list,means send all categories + metrics = optional(list(string)), // null list means send all metrics + destination_type = optional(string), // AzureDiagnostics or Dedicated }) description = "Specifies the log categories that have to be sent to Log analytics." default = null diff --git a/modules/azure/log_analytics_workspace/main.tf b/modules/azure/log_analytics_workspace/main.tf index 17859488..9d9a360a 100644 --- a/modules/azure/log_analytics_workspace/main.tf +++ b/modules/azure/log_analytics_workspace/main.tf @@ -32,11 +32,11 @@ data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" { } resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" { - count = var.loganalytics_diagnostic_setting == null ? 0 : 1 - name = "diag-${var.name}" - target_resource_id = azurerm_log_analytics_workspace.workspace.id - log_analytics_workspace_id = azurerm_log_analytics_workspace.workspace.id - log_analytics_destination_type = var.loganalytics_diagnostic_setting.destination_type == null ? null : var.loganalytics_diagnostic_setting.destination_type + count = var.loganalytics_diagnostic_setting == null ? 0 : 1 + name = "diag-${var.name}" + target_resource_id = azurerm_log_analytics_workspace.workspace.id + log_analytics_workspace_id = azurerm_log_analytics_workspace.workspace.id + log_analytics_destination_type = var.loganalytics_diagnostic_setting.destination_type == null ? null : var.loganalytics_diagnostic_setting.destination_type dynamic "enabled_log" { for_each = var.loganalytics_diagnostic_setting.categories == null ? data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].log_category_types : var.loganalytics_diagnostic_setting.categories diff --git a/modules/azure/log_analytics_workspace/variables.tf b/modules/azure/log_analytics_workspace/variables.tf index b68097be..73680064 100644 --- a/modules/azure/log_analytics_workspace/variables.tf +++ b/modules/azure/log_analytics_workspace/variables.tf @@ -32,10 +32,10 @@ variable "daily_quota_gb" { } variable "loganalytics_diagnostic_setting" { - type = object({ - categories = optional(list(string)), // null list,means send all categories - metrics = optional(list(string)), // null list means send all metrics - destination_type = optional(string), // AzureDiagnostics or Dedicated + type = object({ + categories = optional(list(string)), // null list,means send all categories + metrics = optional(list(string)), // null list means send all metrics + destination_type = optional(string), // AzureDiagnostics or Dedicated }) description = "Specifies the log categories that have to be sent to Log analytics." default = null diff --git a/modules/azure/network_security_group/variables.tf b/modules/azure/network_security_group/variables.tf index 2ad3023c..1c7f1cd9 100644 --- a/modules/azure/network_security_group/variables.tf +++ b/modules/azure/network_security_group/variables.tf @@ -40,10 +40,10 @@ variable "subnet_ids" { variable "loganalytics_diagnostic_setting" { - type = object({ - workspace_id = string, // log analytics workspace ID - categories = optional(list(string)), // null list,means send all categories - metrics = optional(list(string)), // null list means send all metrics + type = object({ + workspace_id = string, // log analytics workspace ID + categories = optional(list(string)), // null list,means send all categories + metrics = optional(list(string)), // null list means send all metrics }) description = "Specifies the log categories that have to be sent to Log analytics." default = null diff --git a/modules/azure/public_ip/variables.tf b/modules/azure/public_ip/variables.tf index bde53fe2..0f12f620 100644 --- a/modules/azure/public_ip/variables.tf +++ b/modules/azure/public_ip/variables.tf @@ -32,10 +32,10 @@ variable "domain_name_label" { } variable "loganalytics_diagnostic_setting" { - type = object({ - workspace_id = string, // log analytics workspace ID - categories = optional(list(string)), // null list,means send all categories - metrics = optional(list(string)), // null list means send all metrics + type = object({ + workspace_id = string, // log analytics workspace ID + categories = optional(list(string)), // null list,means send all categories + metrics = optional(list(string)), // null list means send all metrics }) description = "Specifies the log categories that have to be sent to Log analytics." default = null diff --git a/modules/azure/service_plan/variables.tf b/modules/azure/service_plan/variables.tf index e214f19c..98dfa568 100644 --- a/modules/azure/service_plan/variables.tf +++ b/modules/azure/service_plan/variables.tf @@ -68,10 +68,10 @@ variable "scaling_rules" { variable "loganalytics_diagnostic_setting" { - type = object({ - workspace_id = string, // log analytics workspace ID - categories = optional(list(string)), // null list,means send all categories - metrics = optional(list(string)), // null list means send all metrics + type = object({ + workspace_id = string, // log analytics workspace ID + categories = optional(list(string)), // null list,means send all categories + metrics = optional(list(string)), // null list means send all metrics }) description = "Specifies the log categories that have to be sent to Log analytics." default = null diff --git a/modules/azure/storage_account_public/main.tf b/modules/azure/storage_account_public/main.tf index 704b44bf..a801ca74 100644 --- a/modules/azure/storage_account_public/main.tf +++ b/modules/azure/storage_account_public/main.tf @@ -138,9 +138,9 @@ data "azurerm_monitor_diagnostic_categories" "file" { } resource "azurerm_monitor_diagnostic_setting" "blob" { - count = var.loganalytics_diagnostic_setting.workspace_id == null || var.loganalytics_diagnostic_setting.blob == null ? 0 : 1 - name = "diag-blob-${var.name}" - target_resource_id = "${azurerm_storage_account.storage_account.id}/blobServices/default/" + count = var.loganalytics_diagnostic_setting.workspace_id == null || var.loganalytics_diagnostic_setting.blob == null ? 0 : 1 + name = "diag-blob-${var.name}" + target_resource_id = "${azurerm_storage_account.storage_account.id}/blobServices/default/" log_analytics_workspace_id = var.loganalytics_diagnostic_setting.workspace_id dynamic "enabled_log" { @@ -162,9 +162,9 @@ resource "azurerm_monitor_diagnostic_setting" "blob" { } resource "azurerm_monitor_diagnostic_setting" "queue" { - count = var.loganalytics_diagnostic_setting.workspace_id == null || var.loganalytics_diagnostic_setting.queue == null ? 0 : 1 - name = "diag-blob-${var.name}" - target_resource_id = "${azurerm_storage_account.storage_account.id}/queueServices/default/" + count = var.loganalytics_diagnostic_setting.workspace_id == null || var.loganalytics_diagnostic_setting.queue == null ? 0 : 1 + name = "diag-blob-${var.name}" + target_resource_id = "${azurerm_storage_account.storage_account.id}/queueServices/default/" log_analytics_workspace_id = var.loganalytics_diagnostic_setting.workspace_id dynamic "enabled_log" { @@ -186,9 +186,9 @@ resource "azurerm_monitor_diagnostic_setting" "queue" { } resource "azurerm_monitor_diagnostic_setting" "table" { - count = var.loganalytics_diagnostic_setting.workspace_id == null || var.loganalytics_diagnostic_setting.table == null ? 0 : 1 - name = "diag-blob-${var.name}" - target_resource_id = "${azurerm_storage_account.storage_account.id}/tableServices/default/" + count = var.loganalytics_diagnostic_setting.workspace_id == null || var.loganalytics_diagnostic_setting.table == null ? 0 : 1 + name = "diag-blob-${var.name}" + target_resource_id = "${azurerm_storage_account.storage_account.id}/tableServices/default/" log_analytics_workspace_id = var.loganalytics_diagnostic_setting.workspace_id dynamic "enabled_log" { @@ -210,9 +210,9 @@ resource "azurerm_monitor_diagnostic_setting" "table" { } resource "azurerm_monitor_diagnostic_setting" "file" { - count = var.loganalytics_diagnostic_setting.workspace_id == null || var.loganalytics_diagnostic_setting.table == null ? 0 : 1 - name = "diag-blob-${var.name}" - target_resource_id = "${azurerm_storage_account.storage_account.id}/fileServices/default/" + count = var.loganalytics_diagnostic_setting.workspace_id == null || var.loganalytics_diagnostic_setting.table == null ? 0 : 1 + name = "diag-blob-${var.name}" + target_resource_id = "${azurerm_storage_account.storage_account.id}/fileServices/default/" log_analytics_workspace_id = var.loganalytics_diagnostic_setting.workspace_id dynamic "enabled_log" { From ee954b781c3c8a25b7c474463a47f990c2d11987 Mon Sep 17 00:00:00 2001 From: ArtiomMatiom Date: Mon, 8 Jul 2024 11:10:20 +0200 Subject: [PATCH 86/99] format terraform --- modules/azure/stream_analytics/variables.tf | 8 ++++---- modules/azure/virtual_network/variables.tf | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/azure/stream_analytics/variables.tf b/modules/azure/stream_analytics/variables.tf index 2d2a02db..58d444c3 100644 --- a/modules/azure/stream_analytics/variables.tf +++ b/modules/azure/stream_analytics/variables.tf @@ -96,10 +96,10 @@ variable "stream_query" { } variable "loganalytics_diagnostic_setting" { - type = object({ - workspace_id = string, // log analytics workspace ID - categories = optional(list(string)), // null list,means send all categories - metrics = optional(list(string)), // null list means send all metrics + type = object({ + workspace_id = string, // log analytics workspace ID + categories = optional(list(string)), // null list,means send all categories + metrics = optional(list(string)), // null list means send all metrics }) description = "Specifies the log categories that have to be sent to Log analytics." default = null diff --git a/modules/azure/virtual_network/variables.tf b/modules/azure/virtual_network/variables.tf index d7aa4384..f2790cfb 100644 --- a/modules/azure/virtual_network/variables.tf +++ b/modules/azure/virtual_network/variables.tf @@ -19,10 +19,10 @@ variable "address_space" { } variable "loganalytics_diagnostic_setting" { - type = object({ - workspace_id = string, // log analytics workspace ID - categories = optional(list(string)), // null list,means send all categories - metrics = optional(list(string)), // null list means send all metrics + type = object({ + workspace_id = string, // log analytics workspace ID + categories = optional(list(string)), // null list,means send all categories + metrics = optional(list(string)), // null list means send all metrics }) description = "Specifies the log categories that have to be sent to Log analytics." default = null From a9f266118d20656ef958b51e5fce7d8ad093185c Mon Sep 17 00:00:00 2001 From: ArtiomMatiom <89966532+ArtiomMatiom@users.noreply.github.com> Date: Tue, 9 Jul 2024 09:21:02 +0200 Subject: [PATCH 87/99] Update modules/azure/storage_account_public/main.tf Co-authored-by: tom-reinders --- modules/azure/storage_account_public/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/storage_account_public/main.tf b/modules/azure/storage_account_public/main.tf index a801ca74..f25cf115 100644 --- a/modules/azure/storage_account_public/main.tf +++ b/modules/azure/storage_account_public/main.tf @@ -163,7 +163,7 @@ resource "azurerm_monitor_diagnostic_setting" "blob" { resource "azurerm_monitor_diagnostic_setting" "queue" { count = var.loganalytics_diagnostic_setting.workspace_id == null || var.loganalytics_diagnostic_setting.queue == null ? 0 : 1 - name = "diag-blob-${var.name}" + name = "diag-queue-${var.name}" target_resource_id = "${azurerm_storage_account.storage_account.id}/queueServices/default/" log_analytics_workspace_id = var.loganalytics_diagnostic_setting.workspace_id From 1dfb590f63d4fb3733c3541425c36a15f8dd7089 Mon Sep 17 00:00:00 2001 From: ArtiomMatiom <89966532+ArtiomMatiom@users.noreply.github.com> Date: Tue, 9 Jul 2024 09:21:09 +0200 Subject: [PATCH 88/99] Update modules/azure/storage_account_public/main.tf Co-authored-by: tom-reinders --- modules/azure/storage_account_public/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/storage_account_public/main.tf b/modules/azure/storage_account_public/main.tf index f25cf115..afe4d8c1 100644 --- a/modules/azure/storage_account_public/main.tf +++ b/modules/azure/storage_account_public/main.tf @@ -187,7 +187,7 @@ resource "azurerm_monitor_diagnostic_setting" "queue" { resource "azurerm_monitor_diagnostic_setting" "table" { count = var.loganalytics_diagnostic_setting.workspace_id == null || var.loganalytics_diagnostic_setting.table == null ? 0 : 1 - name = "diag-blob-${var.name}" + name = "diag-table-${var.name}" target_resource_id = "${azurerm_storage_account.storage_account.id}/tableServices/default/" log_analytics_workspace_id = var.loganalytics_diagnostic_setting.workspace_id From 9266ecbc07bea60bed7875045dc5f85d0698e555 Mon Sep 17 00:00:00 2001 From: ArtiomMatiom <89966532+ArtiomMatiom@users.noreply.github.com> Date: Tue, 9 Jul 2024 09:21:14 +0200 Subject: [PATCH 89/99] Update modules/azure/storage_account_public/main.tf Co-authored-by: tom-reinders --- modules/azure/storage_account_public/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/storage_account_public/main.tf b/modules/azure/storage_account_public/main.tf index afe4d8c1..7c1e98be 100644 --- a/modules/azure/storage_account_public/main.tf +++ b/modules/azure/storage_account_public/main.tf @@ -211,7 +211,7 @@ resource "azurerm_monitor_diagnostic_setting" "table" { resource "azurerm_monitor_diagnostic_setting" "file" { count = var.loganalytics_diagnostic_setting.workspace_id == null || var.loganalytics_diagnostic_setting.table == null ? 0 : 1 - name = "diag-blob-${var.name}" + name = "diag-file-${var.name}" target_resource_id = "${azurerm_storage_account.storage_account.id}/fileServices/default/" log_analytics_workspace_id = var.loganalytics_diagnostic_setting.workspace_id From e12aa5a5180bd386fd24d62d824e9ecd7f2ad8fb Mon Sep 17 00:00:00 2001 From: ArtiomMatiom <89966532+ArtiomMatiom@users.noreply.github.com> Date: Tue, 9 Jul 2024 16:21:25 +0200 Subject: [PATCH 90/99] Update modules/azure/storage_account_public/main.tf Co-authored-by: tom-reinders --- modules/azure/storage_account_public/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/storage_account_public/main.tf b/modules/azure/storage_account_public/main.tf index 7c1e98be..8e0d3eaa 100644 --- a/modules/azure/storage_account_public/main.tf +++ b/modules/azure/storage_account_public/main.tf @@ -134,7 +134,7 @@ data "azurerm_monitor_diagnostic_categories" "table" { data "azurerm_monitor_diagnostic_categories" "file" { count = var.loganalytics_diagnostic_setting.workspace_id == null || var.loganalytics_diagnostic_setting.file == null ? 0 : 1 - resource_id = "${azurerm_storage_account.storage_account.id}/tableServices/default/" + resource_id = "${azurerm_storage_account.storage_account.id}/fileServices/default/" } resource "azurerm_monitor_diagnostic_setting" "blob" { From 0907c822986cdbb6f9e3207c4cacf83d1c0146e3 Mon Sep 17 00:00:00 2001 From: Jeroen Vleeming Date: Wed, 10 Jul 2024 16:47:59 +0200 Subject: [PATCH 91/99] WE V-1766 updated web_app_windows version to be able to support .NET8 --- modules/azure/web_app_windows/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/web_app_windows/main.tf b/modules/azure/web_app_windows/main.tf index 17e1f9c7..3c09aaca 100644 --- a/modules/azure/web_app_windows/main.tf +++ b/modules/azure/web_app_windows/main.tf @@ -4,7 +4,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 3.70" + version = "~> 3.111" } } From b7c13ae0c8a198b593e407fc27cc3bb302a790e8 Mon Sep 17 00:00:00 2001 From: Tom Reinders Date: Thu, 11 Jul 2024 11:44:10 +0200 Subject: [PATCH 92/99] Combine all paths to 1 combined dependabot trigger --- .github/dependabot.yml | 645 +++++++---------------------------------- 1 file changed, 109 insertions(+), 536 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5b3f08c9..044e52ae 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -13,541 +13,114 @@ updates: # Workaround till https://github.com/dependabot/dependabot-core/issues/2178 is fixed - package-ecosystem: "terraform" - directory: "/modules/azure/analysis_services" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/api_connectors/key_vault_managed_identity" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/api_connectors/log_analytics" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/api_connectors/office365" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/api_connectors/office365_set" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/api_connectors/service_bus_managed_identity" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/api_connectors/storage_blob" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/api_connectors/storage_blob_managed_identity" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/api_connectors/storage_table" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/api_management" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/api_management_api" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/api_management_api_operation_policy" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/api_management_api_simple" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/api_management_certificate" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/api_management_custom_domains" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/api_management_custom_domains_simple" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/api_management_groups" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/api_management_logging" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/api_management_named_values" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/api_management_permissions" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/application_insights" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/application_insights_smart_detection_rule" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/application_insights_workbook" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/application_performance_workbook" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/application_role_assignment" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/container_registery" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/data_factory" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/data_factory_blob_to_blob" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/data_factory_http_to_blob" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/data_lake_filesystem" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/data_lake_storage" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/databricks_cluster" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/databricks_permissions" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/databricks_secrets" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/databricks_workspace" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/event_grid_topic" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/event_grid_topic_subscription" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/event_hub" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/frontdoor_classic" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/frontdoor_firewall_policy" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/function_app_linux" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/function_app_linux_managed_identity" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/function_app_windows" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/iam" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/key_vault" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/key_vault_certificate" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/key_vault_secret" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/key_vault_secrets_put" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/key_vault_secrets_put_once" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/log_analytics_diagnostic_setting" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/log_analytics_queries" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/log_analytics_workspace" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/logic_app" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/logic_app_set" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/logic_app_standard" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/logic_app_standard_connection" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/logic_app_standard_connection_access_policy" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/logic_app_trigger_http_request_data" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/maps_account" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/monitoring_action_group" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/monitoring_log_analytics_alert" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/monitoring_metric_alert" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/mssql" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/mysql" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/mysql_flexible_server" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/mysql_flexible_server_public" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/network_security_group" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/postgresql" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/postgresql_public" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/private_dns_zone" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/public_ip" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/recovery_services_vault" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/resource_group" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/route_table" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/service_bus_public" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/service_bus_subscription" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/service_bus_topic" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/service_plan" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/storage_account_private" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/storage_account_public" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/storage_blob" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/storage_container" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/storage_event_grid" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/storage_queue" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/storage_share" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/storage_table" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/storage_table_entities" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/storage_table_entity" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/stream_analytics" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/subnet" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/synapse_workspace" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/virtual_machine" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/virtual_machine_extension" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/virtual_network" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/virtual_network_peering" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/web_app_linux" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/azure/web_app_windows" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/cloudflare/dns_records" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/elastic/cluster" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/other/local_exec" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/other/password_generator" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/kubernetes/configmap" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/kubernetes/cron_job" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/kubernetes/deployment_with_service" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/kubernetes/ingress" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/kubernetes/secret" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/kubernetes/pvc" - schedule: - interval: "daily" - - - package-ecosystem: "terraform" - directory: "/modules/other/vm_with_power_automate_desktop" + directories: + - "/modules/azure/analysis_services" + - "/modules/azure/api_connectors/key_vault_managed_identity" + - "/modules/azure/api_connectors/log_analytics" + - "/modules/azure/api_connectors/office365" + - "/modules/azure/api_connectors/office365_set" + - "/modules/azure/api_connectors/service_bus_managed_identity" + - "/modules/azure/api_connectors/storage_blob" + - "/modules/azure/api_connectors/storage_blob_managed_identity" + - "/modules/azure/api_connectors/storage_table" + - "/modules/azure/api_management" + - "/modules/azure/api_management_api" + - "/modules/azure/api_management_api_operation_policy" + - "/modules/azure/api_management_api_simple" + - "/modules/azure/api_management_certificate" + - "/modules/azure/api_management_custom_domains" + - "/modules/azure/api_management_custom_domains_simple" + - "/modules/azure/api_management_groups" + - "/modules/azure/api_management_logging" + - "/modules/azure/api_management_named_values" + - "/modules/azure/api_management_permissions" + - "/modules/azure/application_insights" + - "/modules/azure/application_insights_smart_detection_rule" + - "/modules/azure/application_insights_workbook" + - "/modules/azure/application_performance_workbook" + - "/modules/azure/application_role_assignment" + - "/modules/azure/container_registery" + - "/modules/azure/data_factory" + - "/modules/azure/data_factory_blob_to_blob" + - "/modules/azure/data_factory_http_to_blob" + - "/modules/azure/data_lake_filesystem" + - "/modules/azure/data_lake_storage" + - "/modules/azure/databricks_cluster" + - "/modules/azure/databricks_permissions" + - "/modules/azure/databricks_secrets" + - "/modules/azure/databricks_workspace" + - "/modules/azure/event_grid_topic" + - "/modules/azure/event_grid_topic_subscription" + - "/modules/azure/event_hub" + - "/modules/azure/frontdoor_classic" + - "/modules/azure/frontdoor_firewall_policy" + - "/modules/azure/function_app_linux" + - "/modules/azure/function_app_linux_managed_identity" + - "/modules/azure/function_app_windows" + - "/modules/azure/iam" + - "/modules/azure/key_vault" + - "/modules/azure/key_vault_certificate" + - "/modules/azure/key_vault_secret" + - "/modules/azure/key_vault_secrets_put" + - "/modules/azure/key_vault_secrets_put_once" + - "/modules/azure/log_analytics_diagnostic_setting" + - "/modules/azure/log_analytics_queries" + - "/modules/azure/log_analytics_workspace" + - "/modules/azure/logic_app" + - "/modules/azure/logic_app_set" + - "/modules/azure/logic_app_standard" + - "/modules/azure/logic_app_standard_connection" + - "/modules/azure/logic_app_standard_connection_access_policy" + - "/modules/azure/logic_app_trigger_http_request_data" + - "/modules/azure/maps_account" + - "/modules/azure/monitoring_action_group" + - "/modules/azure/monitoring_log_analytics_alert" + - "/modules/azure/monitoring_metric_alert" + - "/modules/azure/mssql" + - "/modules/azure/mysql" + - "/modules/azure/mysql_flexible_server" + - "/modules/azure/mysql_flexible_server_public" + - "/modules/azure/network_security_group" + - "/modules/azure/postgresql" + - "/modules/azure/postgresql_public" + - "/modules/azure/private_dns_zone" + - "/modules/azure/public_ip" + - "/modules/azure/recovery_services_vault" + - "/modules/azure/resource_group" + - "/modules/azure/route_table" + - "/modules/azure/service_bus_public" + - "/modules/azure/service_bus_subscription" + - "/modules/azure/service_bus_topic" + - "/modules/azure/service_plan" + - "/modules/azure/storage_account_private" + - "/modules/azure/storage_account_public" + - "/modules/azure/storage_blob" + - "/modules/azure/storage_container" + - "/modules/azure/storage_event_grid" + - "/modules/azure/storage_queue" + - "/modules/azure/storage_share" + - "/modules/azure/storage_table" + - "/modules/azure/storage_table_entities" + - "/modules/azure/storage_table_entity" + - "/modules/azure/stream_analytics" + - "/modules/azure/subnet" + - "/modules/azure/synapse_workspace" + - "/modules/azure/virtual_machine" + - "/modules/azure/virtual_machine_extension" + - "/modules/azure/virtual_network" + - "/modules/azure/virtual_network_peering" + - "/modules/azure/web_app_linux" + - "/modules/azure/web_app_windows" + - "/modules/cloudflare/dns_records" + - "/modules/elastic/cluster" + - "/modules/other/local_exec" + - "/modules/other/password_generator" + - "/modules/kubernetes/configmap" + - "/modules/kubernetes/cron_job" + - "/modules/kubernetes/deployment_with_service" + - "/modules/kubernetes/ingress" + - "/modules/kubernetes/secret" + - "/modules/kubernetes/pvc" + - "/modules/other/vm_with_power_automate_desktop" schedule: interval: "daily" From 73398e57294b7a3c08cf6b58849b796b4d6ede1c Mon Sep 17 00:00:00 2001 From: Tom Reinders Date: Thu, 11 Jul 2024 11:53:59 +0200 Subject: [PATCH 93/99] Update dependabot to with new paths added in v3.12.0 --- .github/dependabot.yml | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 044e52ae..837d694f 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -11,21 +11,29 @@ updates: schedule: interval: "daily" - # Workaround till https://github.com/dependabot/dependabot-core/issues/2178 is fixed - package-ecosystem: "terraform" directories: - "/modules/azure/analysis_services" + - "/modules/azure/api_connectors/arm_managed_identity" + - "/modules/azure/api_connectors/custom_connector" + - "/modules/azure/api_connectors/event_hub_managed_identity" + - "/modules/azure/api_connectors/excel_online" - "/modules/azure/api_connectors/key_vault_managed_identity" - "/modules/azure/api_connectors/log_analytics" + - "/modules/azure/api_connectors/logic_app_custom_connector" - "/modules/azure/api_connectors/office365" - "/modules/azure/api_connectors/office365_set" - "/modules/azure/api_connectors/service_bus_managed_identity" + - "/modules/azure/api_connectors/service_bus_managed_identity_set" + - "/modules/azure/api_connectors/sharepoint_online" - "/modules/azure/api_connectors/storage_blob" - "/modules/azure/api_connectors/storage_blob_managed_identity" - "/modules/azure/api_connectors/storage_table" - "/modules/azure/api_management" - "/modules/azure/api_management_api" + - "/modules/azure/api_management_api_operation" - "/modules/azure/api_management_api_operation_policy" + - "/modules/azure/api_management_api_schema" - "/modules/azure/api_management_api_simple" - "/modules/azure/api_management_certificate" - "/modules/azure/api_management_custom_domains" @@ -40,15 +48,16 @@ updates: - "/modules/azure/application_performance_workbook" - "/modules/azure/application_role_assignment" - "/modules/azure/container_registery" + - "/modules/azure/databricks_cluster" + - "/modules/azure/databricks_permissions" + - "/modules/azure/databricks_permissions_user_based" + - "/modules/azure/databricks_secrets" + - "/modules/azure/databricks_workspace" - "/modules/azure/data_factory" - "/modules/azure/data_factory_blob_to_blob" - "/modules/azure/data_factory_http_to_blob" - "/modules/azure/data_lake_filesystem" - "/modules/azure/data_lake_storage" - - "/modules/azure/databricks_cluster" - - "/modules/azure/databricks_permissions" - - "/modules/azure/databricks_secrets" - - "/modules/azure/databricks_workspace" - "/modules/azure/event_grid_topic" - "/modules/azure/event_grid_topic_subscription" - "/modules/azure/event_hub" @@ -58,6 +67,7 @@ updates: - "/modules/azure/function_app_linux_managed_identity" - "/modules/azure/function_app_windows" - "/modules/azure/iam" + - "/modules/azure/iam_set" - "/modules/azure/key_vault" - "/modules/azure/key_vault_certificate" - "/modules/azure/key_vault_secret" @@ -67,6 +77,7 @@ updates: - "/modules/azure/log_analytics_queries" - "/modules/azure/log_analytics_workspace" - "/modules/azure/logic_app" + - "/modules/azure/logic_app_bicep" - "/modules/azure/logic_app_set" - "/modules/azure/logic_app_standard" - "/modules/azure/logic_app_standard_connection" @@ -84,6 +95,7 @@ updates: - "/modules/azure/postgresql" - "/modules/azure/postgresql_public" - "/modules/azure/private_dns_zone" + - "/modules/azure/private_endpoint" - "/modules/azure/public_ip" - "/modules/azure/recovery_services_vault" - "/modules/azure/resource_group" @@ -101,6 +113,7 @@ updates: - "/modules/azure/storage_share" - "/modules/azure/storage_table" - "/modules/azure/storage_table_entities" + - "/modules/azure/storage_table_entities_rewritable" - "/modules/azure/storage_table_entity" - "/modules/azure/stream_analytics" - "/modules/azure/subnet" @@ -113,14 +126,14 @@ updates: - "/modules/azure/web_app_windows" - "/modules/cloudflare/dns_records" - "/modules/elastic/cluster" - - "/modules/other/local_exec" - - "/modules/other/password_generator" - "/modules/kubernetes/configmap" - "/modules/kubernetes/cron_job" - "/modules/kubernetes/deployment_with_service" - "/modules/kubernetes/ingress" - - "/modules/kubernetes/secret" - "/modules/kubernetes/pvc" + - "/modules/kubernetes/secret" + - "/modules/other/local_exec" + - "/modules/other/password_generator" - "/modules/other/vm_with_power_automate_desktop" schedule: interval: "daily" From 4cc96c39e7d7bc9bf26f2eb139b07e33bfca78ca Mon Sep 17 00:00:00 2001 From: Tom Reinders Date: Thu, 11 Jul 2024 17:03:40 +0200 Subject: [PATCH 94/99] Fix wrong type --- modules/azure/web_app_linux/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/web_app_linux/variables.tf b/modules/azure/web_app_linux/variables.tf index 1b17a619..ab4c488c 100644 --- a/modules/azure/web_app_linux/variables.tf +++ b/modules/azure/web_app_linux/variables.tf @@ -119,7 +119,7 @@ variable "use_32_bit_worker" { } variable "vnet_route_all_enabled" { - type = string + type = bool description = "Should all outbound traffic have NAT Gateways, Network Security Groups and User Defined Routes applied?" default = false } From ac8f24f9aef3d45fe3166d5c572181b1420ede6c Mon Sep 17 00:00:00 2001 From: Tom Reinders Date: Fri, 12 Jul 2024 13:25:51 +0200 Subject: [PATCH 95/99] Fix bug introduced in #411 that breaks the cors rules from running --- modules/azure/storage_account_public/main.tf | 12 ++++++------ modules/azure/storage_account_public/variables.tf | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/azure/storage_account_public/main.tf b/modules/azure/storage_account_public/main.tf index 8e0d3eaa..34cbc1a4 100644 --- a/modules/azure/storage_account_public/main.tf +++ b/modules/azure/storage_account_public/main.tf @@ -30,14 +30,14 @@ resource "azurerm_storage_account" "storage_account" { blob_properties { dynamic "cors_rule" { - for_each = var.cors_rules != null ? [1] : [] + for_each = var.cors_rules content { - allowed_headers = var.cors_rules.value.allowed_headers - allowed_methods = var.cors_rules.value.allowed_methods - allowed_origins = var.cors_rules.value.allowed_origins - exposed_headers = var.cors_rules.value.exposed_headers - max_age_in_seconds = var.cors_rules.value.max_age_in_seconds + allowed_headers = cors_rule.value.allowed_headers + allowed_methods = cors_rule.value.allowed_methods + allowed_origins = cors_rule.value.allowed_origins + exposed_headers = cors_rule.value.exposed_headers + max_age_in_seconds = cors_rule.value.max_age_in_seconds } } diff --git a/modules/azure/storage_account_public/variables.tf b/modules/azure/storage_account_public/variables.tf index 14c62fd6..11cd624b 100644 --- a/modules/azure/storage_account_public/variables.tf +++ b/modules/azure/storage_account_public/variables.tf @@ -89,7 +89,7 @@ variable "cors_rules" { max_age_in_seconds = number })) description = "Describes the CORS rules for the storage account" - default = null + default = [] } variable "static_website" { From 4a5bae10680908652d5e00e6b154598636751ee9 Mon Sep 17 00:00:00 2001 From: Tom Reinders Date: Fri, 12 Jul 2024 15:10:25 +0200 Subject: [PATCH 96/99] Fix bug introduced in #416 that would result in a breaking change if an existing use has set diagnostic_settings with any of frontend_request_body_bytes, frontend_response_body_bytes, backend_request_body_bytes and/or backend_response_body_bytes not set --- modules/azure/api_management/variables.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/azure/api_management/variables.tf b/modules/azure/api_management/variables.tf index b10e2243..717a3290 100644 --- a/modules/azure/api_management/variables.tf +++ b/modules/azure/api_management/variables.tf @@ -77,10 +77,10 @@ variable "diagnostic_settings" { http_correlation_protocol = string, # possible values: None, Legacy, W3C headers_to_log_request = list(string), headers_to_log_response = list(string), - frontend_request_body_bytes = number, - frontend_response_body_bytes = number, - backend_request_body_bytes = number, - backend_response_body_bytes = number + frontend_request_body_bytes = optional(number, 32), + frontend_response_body_bytes = optional(number, 32), + backend_request_body_bytes = optional(number, 32), + backend_response_body_bytes = optional(number, 32) }) description = "Settings for api management diagnostic, api-management-diagnostic will be created only if api_management_logger_settings have been provided. " default = { From 6ad49d57d4dc1bb621dc724ee943fa97f1429d00 Mon Sep 17 00:00:00 2001 From: Tom Reinders Date: Fri, 12 Jul 2024 17:17:41 +0200 Subject: [PATCH 97/99] Adding changes to support function app run with .net8 isolated and fix wrong variable type --- modules/azure/function_app_linux/main.tf | 5 +++-- modules/azure/function_app_linux/variables.tf | 2 +- .../function_app_linux_managed_identity/variables.tf | 2 +- modules/azure/function_app_windows/main.tf | 9 +++++++++ modules/azure/function_app_windows/variables.tf | 12 ++++++++++++ 5 files changed, 26 insertions(+), 4 deletions(-) diff --git a/modules/azure/function_app_linux/main.tf b/modules/azure/function_app_linux/main.tf index b60ca802..3b4578c0 100644 --- a/modules/azure/function_app_linux/main.tf +++ b/modules/azure/function_app_linux/main.tf @@ -34,9 +34,10 @@ resource "azurerm_linux_function_app" "function_app" { use_32_bit_worker = var.use_32_bit_worker dynamic "application_stack" { - for_each = var.dotnet_version != "" ? [var.dotnet_version] : [] + for_each = var.dotnet_version != "" ? [1] : [] + content { - dotnet_version = application_stack.value + dotnet_version = var.dotnet_version use_dotnet_isolated_runtime = var.dotnet_isolated } } diff --git a/modules/azure/function_app_linux/variables.tf b/modules/azure/function_app_linux/variables.tf index 1c51a2dd..3d14f9b4 100644 --- a/modules/azure/function_app_linux/variables.tf +++ b/modules/azure/function_app_linux/variables.tf @@ -20,7 +20,7 @@ variable "dotnet_version" { } variable "dotnet_isolated" { - type = string + type = bool description = "Specifies if it is isolated function app." default = false } diff --git a/modules/azure/function_app_linux_managed_identity/variables.tf b/modules/azure/function_app_linux_managed_identity/variables.tf index 1ff6c220..16547954 100644 --- a/modules/azure/function_app_linux_managed_identity/variables.tf +++ b/modules/azure/function_app_linux_managed_identity/variables.tf @@ -20,7 +20,7 @@ variable "dotnet_version" { } variable "dotnet_isolated" { - type = string + type = bool description = "Specifies if it is isolated function app." default = false } diff --git a/modules/azure/function_app_windows/main.tf b/modules/azure/function_app_windows/main.tf index 1dbccea0..8036b7ab 100644 --- a/modules/azure/function_app_windows/main.tf +++ b/modules/azure/function_app_windows/main.tf @@ -33,6 +33,15 @@ resource "azurerm_windows_function_app" "function_app" { vnet_route_all_enabled = var.route_all_outbound_traffic use_32_bit_worker = var.use_32_bit_worker + dynamic "application_stack" { + for_each = var.dotnet_version != "" ? [1] : [] + + content { + dotnet_version = var.dotnet_version + use_dotnet_isolated_runtime = var.dotnet_isolated + } + } + dynamic "ip_restriction" { for_each = var.ip_restrictions diff --git a/modules/azure/function_app_windows/variables.tf b/modules/azure/function_app_windows/variables.tf index e555002e..749b9b7e 100644 --- a/modules/azure/function_app_windows/variables.tf +++ b/modules/azure/function_app_windows/variables.tf @@ -13,6 +13,18 @@ variable "name" { description = "Specifies the name of the function app." } +variable "dotnet_version" { + type = string + description = "Specifies the version of dotnet." + default = "" +} + +variable "dotnet_isolated" { + type = bool + description = "Specifies if it is isolated function app." + default = false +} + variable "service_plan_id" { type = string description = "The ID of the Service Plan within which to create this Function App." From a57152046d50f581198dbeadecdb766e0b15f516 Mon Sep 17 00:00:00 2001 From: Tom Reinders Date: Mon, 15 Jul 2024 10:51:20 +0200 Subject: [PATCH 98/99] Revert "WEV-1766 updated web_app_windows version" This reverts commit 0907c822986cdbb6f9e3207c4cacf83d1c0146e3. --- modules/azure/web_app_windows/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/web_app_windows/main.tf b/modules/azure/web_app_windows/main.tf index 3c09aaca..17e1f9c7 100644 --- a/modules/azure/web_app_windows/main.tf +++ b/modules/azure/web_app_windows/main.tf @@ -4,7 +4,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 3.111" + version = "~> 3.70" } } From fd3d8785850d2edcb8735a13ccdc425adeb15f29 Mon Sep 17 00:00:00 2001 From: Tom Reinders Date: Mon, 15 Jul 2024 11:33:32 +0200 Subject: [PATCH 99/99] Update changelog for v3.12.0 --- CHANGELOG.md | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b678fef2..ba309790 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,83 @@ All notable changes to this project will be documented in this file. The format is based on [Common Changelog](https://common-changelog.org), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [3.12.0] - 2024-07-15 + +### Changed + +- Update version of multiple GitHub Actions ([#372](https://github.com/recognizegroup/terraform/pull/372), [#379](https://github.com/recognizegroup/terraform/pull/379)) ([@tom-reinders](https://github.com/tom-reinders)) +- `azure/logic_app`: Deprecate output `enpoint`, replace with `endpoint` ([#384](https://github.com/recognizegroup/terraform/pull/384)) ([@pipalmic](https://github.com/pipalmic), [@tom-reinders](https://github.com/tom-reinders)) +- `azure/function_app_linux_managed_identity`: Add `group_id` to `managed_identity_provider` variable in `var.managed_identity_provider.create` path ([#386](https://github.com/recognizegroup/terraform/pull/386)) ([@zjanura](https://github.com/zjanura)) +- `azure/function_app_linux_managed_identity`: Deprecate variable `storage_account_access_key`, use `use_managed_identity` instead ([#414](https://github.com/recognizegroup/terraform/pull/414)) ([@ArtiomMatiom](https://github.com/ArtiomMatiom)) +- `azure/function_app_linux_managed_identity`: Add default with value of `null` to variable `storage_account_access_key` ([#414](https://github.com/recognizegroup/terraform/pull/414)) ([@ArtiomMatiom](https://github.com/ArtiomMatiom)) +- `azure/monitoring_log_analytics_alert`: Add default with value of `null` to variable `action_group_id` ([#415](https://github.com/recognizegroup/terraform/pull/415)) ([@ArtiomMatiom](https://github.com/ArtiomMatiom)) +- `azure/api_management`: Add `frontend_request_body_bytes` to `diagnostic_settings` variable ([#416](https://github.com/recognizegroup/terraform/pull/416), [#419](https://github.com/recognizegroup/terraform/pull/419)) ([@pipalmic](https://github.com/pipalmic), [@tom-reinders](https://github.com/tom-reinders)) +- `azure/api_management`: Add `frontend_response_body_bytes` to `diagnostic_settings` variable ([#416](https://github.com/recognizegroup/terraform/pull/416), [#419](https://github.com/recognizegroup/terraform/pull/419)) ([@pipalmic](https://github.com/pipalmic), [@tom-reinders](https://github.com/tom-reinders)) +- `azure/api_management`: Add `backend_request_body_bytes` to `diagnostic_settings` variable ([#416](https://github.com/recognizegroup/terraform/pull/416), [#419](https://github.com/recognizegroup/terraform/pull/419)) ([@pipalmic](https://github.com/pipalmic), [@tom-reinders](https://github.com/tom-reinders)) +- `azure/api_management`: Add `backend_response_body_bytes` to `diagnostic_settings` variable ([#416](https://github.com/recognizegroup/terraform/pull/416), [#419](https://github.com/recognizegroup/terraform/pull/419)) ([@pipalmic](https://github.com/pipalmic), [@tom-reinders](https://github.com/tom-reinders)) +- `azure/storage_account_public`: Change default of variable `cors_rules` from `null` to `[]` ([#419](https://github.com/recognizegroup/terraform/pull/419)) ([@tom-reinders](https://github.com/tom-reinders)) + +### Added + +- `azure/log_analytics_workspace`: Add output `primary_key` ([#366](https://github.com/recognizegroup/terraform/pull/366)) ([@pipalmic](https://github.com/pipalmic)) +- `azure/service_bus_public`: Add output `endpoint` ([#366](https://github.com/recognizegroup/terraform/pull/366)) ([@pipalmic](https://github.com/pipalmic)) +- Add module `azure/private_endpoint` ([#369](https://github.com/recognizegroup/terraform/pull/369), [#370](https://github.com/recognizegroup/terraform/pull/370), [#371](https://github.com/recognizegroup/terraform/pull/371)) ([@pipalmic](https://github.com/pipalmic)) +- `azure/logic_app_set`: Add variable `use_managed_identity` ([#368](https://github.com/recognizegroup/terraform/pull/368)) ([@patrik-pa4k](https://github.com/patrik-pa4k)) +- `azure/logic_app_set`: Add output `principal_id` ([#368](https://github.com/recognizegroup/terraform/pull/368)) ([@patrik-pa4k](https://github.com/patrik-pa4k)) +- Add module `azure/iam_set` ([#368](https://github.com/recognizegroup/terraform/pull/368)) ([@patrik-pa4k](https://github.com/patrik-pa4k)) +- Add module `azure/api_connectors/service_bus_managed_identity_set` ([#368](https://github.com/recognizegroup/terraform/pull/368)) ([@patrik-pa4k](https://github.com/patrik-pa4k)) +- Add module `azure/api_connectors/event_hub_managed_identity` ([#374](https://github.com/recognizegroup/terraform/pull/374)) ([@mkostalrecognize](https://github.com/mkostalrecognize)) +- `azure/web_app_linux`: Add variable `docker_registry_url` ([#376](https://github.com/recognizegroup/terraform/pull/376)) ([@pipalmic](https://github.com/pipalmic)) +- `azure/web_app_linux`: Add variable `vnet_route_all_enabled` ([#376](https://github.com/recognizegroup/terraform/pull/376), [#419](https://github.com/recognizegroup/terraform/pull/419)) ([@pipalmic](https://github.com/pipalmic), [@tom-reinders](https://github.com/tom-reinders)) +- `azure/web_app_linux`: Add variable `ip_restrictions` ([#376](https://github.com/recognizegroup/terraform/pull/376)) ([@pipalmic](https://github.com/pipalmic)) +- Add module `azure/storage_table_entities_rewritable` ([#377](https://github.com/recognizegroup/terraform/pull/377)) ([@pipalmic](https://github.com/pipalmic)) +- Add module `azure/api_connectors/arm_managed_identity` ([#378](https://github.com/recognizegroup/terraform/pull/378)) ([@patrik-pa4k](https://github.com/patrik-pa4k)) +- Add module `azure/api_connectors/excel_online` ([#378](https://github.com/recognizegroup/terraform/pull/378)) ([@patrik-pa4k](https://github.com/patrik-pa4k)) +- Add module `azure/api_connectors/sharepoint_online` ([#378](https://github.com/recognizegroup/terraform/pull/378)) ([@patrik-pa4k](https://github.com/patrik-pa4k)) +- `azure/key_vault_secrets_put_once`: Add output `secrets` ([#380](https://github.com/recognizegroup/terraform/pull/380), [#387](https://github.com/recognizegroup/terraform/pull/387), [#388](https://github.com/recognizegroup/terraform/pull/388)) ([@pipalmic](https://github.com/pipalmic), [@szymonrozek](https://github.com/szymonrozek)) +- `azure/api_management_api`: Add output `api_audiences` ([#381](https://github.com/recognizegroup/terraform/pull/381)) ([@zjanura](https://github.com/zjanura)) +- `azure/api_management_api`: Add output `api_audience` ([#381](https://github.com/recognizegroup/terraform/pull/381)) ([@zjanura](https://github.com/zjanura)) +- `azure/function_app_linux_managed_identity`: Add output `api_audiences` ([#382](https://github.com/recognizegroup/terraform/pull/382), [#383](https://github.com/recognizegroup/terraform/pull/383)) ([@zjanura](https://github.com/zjanura)) +- `azure/logic_app`: Add output `endpoint` ([#384](https://github.com/recognizegroup/terraform/pull/384)) ([@pipalmic](https://github.com/pipalmic)) +- `azure/api_management_api`: Add variable `group_id` ([#389](https://github.com/recognizegroup/terraform/pull/389)) ([@zjanura](https://github.com/zjanura)) +- `azure/api_management_api`: Add output `app_registration_secret` ([#390](https://github.com/recognizegroup/terraform/pull/390)) ([@szymonrozek](https://github.com/szymonrozek)) +- `azure/function_app_linux_managed_identity`: Add variable `dotnet_version` ([#393](https://github.com/recognizegroup/terraform/pull/393)) ([@szymonrozek](https://github.com/szymonrozek)) +- `azure/function_app_linux_managed_identity`: Add variable `dotnet_isolated` ([#393](https://github.com/recognizegroup/terraform/pull/393), [#419](https://github.com/recognizegroup/terraform/pull/419)) ([@szymonrozek](https://github.com/szymonrozek), [@tom-reinders](https://github.com/tom-reinders)) +- Add module `azure/logic_app_bicep` ([#394](https://github.com/recognizegroup/terraform/pull/394)) ([@zjanura](https://github.com/zjanura)) +- Add module `azure/api_connectors/logic_app_custom_connector` ([#395](https://github.com/recognizegroup/terraform/pull/395), [#404](https://github.com/recognizegroup/terraform/pull/404)) ([@patrik-pa4k](https://github.com/patrik-pa4k)) +- `azure/function_app_linux`: Add variable `dotnet_version` ([#396](https://github.com/recognizegroup/terraform/pull/396)) ([@patrik-pa4k](https://github.com/patrik-pa4k)) +- `azure/function_app_linux`: Add variable `dotnet_isolated` ([#396](https://github.com/recognizegroup/terraform/pull/396), [#419](https://github.com/recognizegroup/terraform/pull/419)) ([@patrik-pa4k](https://github.com/patrik-pa4k), [@tom-reinders](https://github.com/tom-reinders)) +- Add module `azure/api_management_api_operation` ([#397](https://github.com/recognizegroup/terraform/pull/397), [#400](https://github.com/recognizegroup/terraform/pull/400), [#401](https://github.com/recognizegroup/terraform/pull/401), [#408](https://github.com/recognizegroup/terraform/pull/408)) ([@zjanura](https://github.com/zjanura)) +- `azure/api_management_api_simple`: Add output `id` ([#397](https://github.com/recognizegroup/terraform/pull/397)) ([@zjanura](https://github.com/zjanura)) +- `azure/api_management_api_simple`: Add variable `schema` ([#399](https://github.com/recognizegroup/terraform/pull/399)) ([@zjanura](https://github.com/zjanura)) +- Add module `azure/api_connectors/custom_connector` ([#398](https://github.com/recognizegroup/terraform/pull/398)) ([@ArtiomMatiom](https://github.com/ArtiomMatiom)) +- Add module `azure/api_management_api_schema` ([#402](https://github.com/recognizegroup/terraform/pull/402)) ([@zjanura](https://github.com/zjanura)) +- `azure/postgresql`: Add variable `postgresql_zone` ([#410](https://github.com/recognizegroup/terraform/pull/410)) ([@khillen](https://github.com/khillen)) +- `azure/databricks_cluster`: Add variable `cluster_policy` ([#409](https://github.com/recognizegroup/terraform/pull/409)) ([@tom-reinders](https://github.com/tom-reinders)) +- Add module `azure/databricks_permissions_user_based` ([#409](https://github.com/recognizegroup/terraform/pull/409)) ([@tom-reinders](https://github.com/tom-reinders)) +- `azure/storage_account_public`: Add variable `delete_retention_policy_days` ([#411](https://github.com/recognizegroup/terraform/pull/411)) ([@patrik-pa4k](https://github.com/patrik-pa4k)) +- `azure/postgresql`: Add variable `public_network_access_enabled` ([#412](https://github.com/recognizegroup/terraform/pull/412)) ([@khillen](https://github.com/khillen)) +- `azure/service_bus_public`: Add variable `log_analytics_workspace_id` ([#413](https://github.com/recognizegroup/terraform/pull/413)) ([@pipalmic](https://github.com/pipalmic)) +- `azure/function_app_linux_managed_identity`: Add variable `use_managed_identity` ([#414](https://github.com/recognizegroup/terraform/pull/414)) ([@ArtiomMatiom](https://github.com/ArtiomMatiom)) +- `azure/monitoring_log_analytics_alert`: Add variable `action_groups` ([#415](https://github.com/recognizegroup/terraform/pull/415)) ([@ArtiomMatiom](https://github.com/ArtiomMatiom)) +- `azure/event_grid_topic`: Add variable `loganalytics_diagnostic_setting` ([#417](https://github.com/recognizegroup/terraform/pull/417)) ([@ArtiomMatiom](https://github.com/ArtiomMatiom)) +- `azure/event_hub`: Add variable `loganalytics_diagnostic_setting` ([#417](https://github.com/recognizegroup/terraform/pull/417)) ([@ArtiomMatiom](https://github.com/ArtiomMatiom)) +- `azure/log_analytics_workspace`: Add variable `loganalytics_diagnostic_setting` ([#417](https://github.com/recognizegroup/terraform/pull/417)) ([@ArtiomMatiom](https://github.com/ArtiomMatiom)) +- `azure/network_security_group`: Add variable `loganalytics_diagnostic_setting` ([#417](https://github.com/recognizegroup/terraform/pull/417)) ([@ArtiomMatiom](https://github.com/ArtiomMatiom)) +- `azure/public_ip`: Add variable `loganalytics_diagnostic_setting` ([#417](https://github.com/recognizegroup/terraform/pull/417)) ([@ArtiomMatiom](https://github.com/ArtiomMatiom)) +- `azure/service_plan`: Add variable `loganalytics_diagnostic_setting` ([#417](https://github.com/recognizegroup/terraform/pull/417)) ([@ArtiomMatiom](https://github.com/ArtiomMatiom)) +- `azure/storage_account_public`: Add variable `loganalytics_diagnostic_setting` ([#417](https://github.com/recognizegroup/terraform/pull/417)) ([@ArtiomMatiom](https://github.com/ArtiomMatiom)) +- `azure/stream_analytics`: Add variable `loganalytics_diagnostic_setting` ([#417](https://github.com/recognizegroup/terraform/pull/417)) ([@ArtiomMatiom](https://github.com/ArtiomMatiom)) +- `azure/virtual_network`: Add variable `loganalytics_diagnostic_setting` ([#417](https://github.com/recognizegroup/terraform/pull/417)) ([@ArtiomMatiom](https://github.com/ArtiomMatiom)) +- `azure/function_app_windows`: Add variable `dotnet_version` ([#419](https://github.com/recognizegroup/terraform/pull/419)) ([@tom-reinders](https://github.com/tom-reinders)) +- `azure/function_app_windows`: Add variable `dotnet_isolated` ([#419](https://github.com/recognizegroup/terraform/pull/419)) ([@tom-reinders](https://github.com/tom-reinders)) + +### Fixed + +- `azure/function_app_linux`: Fix VNET integration definition ([#373](https://github.com/recognizegroup/terraform/pull/373)) ([@pipalmic](https://github.com/pipalmic)) +- `azure/function_app_linux_managed_identity`: Fix VNET integration definition ([#373](https://github.com/recognizegroup/terraform/pull/373)) ([@pipalmic](https://github.com/pipalmic)) +- `azure/function_app_windows`: Fix VNET integration definition ([#373](https://github.com/recognizegroup/terraform/pull/373)) ([@pipalmic](https://github.com/pipalmic)) + ## [3.11.0] - 2023-10-02 ### Added @@ -189,6 +266,7 @@ _If you are upgrading: please see [UPGRADE_3.0.md](UPGRADE_3.0.md)._ - **Breaking:** Remove module `azure/monitoring`, replace with `azure/azure/monitoring_action_group` and `azure/monitoring_log_analytics_alert` ([#268](https://github.com/recognizegroup/terraform/pull/268)) ([`5bd013c1`](https://github.com/recognizegroup/terraform/commit/5bd013c1)) ([@pipalmic](https://github.com/pipalmic)) - **Breaking:** Remove module `azure/api_connectors/storage_account`, replace with `azure/api_connectors/storage_blob` and `azure/api_connectors/storage_table` ([#276](https://github.com/recognizegroup/terraform/pull/276)) ([`7a483886`](https://github.com/recognizegroup/terraform/commit/7a483886)) ([@pipalmic](https://github.com/pipalmic)) +[3.12.0]: https://github.com/recognizegroup/terraform/releases/tag/v3.12.0 [3.11.0]: https://github.com/recognizegroup/terraform/releases/tag/v3.11.0 [3.10.0]: https://github.com/recognizegroup/terraform/releases/tag/v3.10.0 [3.9.0]: https://github.com/recognizegroup/terraform/releases/tag/v3.9.0