diff --git a/.github/workflows/standalone-scenarios.json b/.github/workflows/standalone-scenarios.json index 27c2875125..0dd13fd6c0 100644 --- a/.github/workflows/standalone-scenarios.json +++ b/.github/workflows/standalone-scenarios.json @@ -51,8 +51,8 @@ "compute/virtual_machine_scale_set/101-linux-win-vmss-agw", "compute/virtual_machine_scale_set/102-linux-win-vmss-custom-script-extension", "compute/virtual_machine_scale_set/104-linux-win-vmss-as-lb", - "compute/virtual_machine_scale_set/106-linux-win-vmss-lb", "compute/virtual_machine_scale_set/106-vmss_monitoring", + "compute/virtual_machine_scale_set/106-linux-win-vmss-lb", "compute/virtual_machine_scale_set/107-linux-win-vmss-application-health-extension", "compute/virtual_machine_scale_set/108-linux-win-vmss-keyvault-extension", "compute/virtual_machine/101-single-windows-vm", @@ -100,12 +100,12 @@ "databricks/101-standard-databricks-vnet", "databricks/102-premium-aml", "datalake/101-datalake-storage", - "diagnostics_profiles/100-multiple-destinations", - "diagnostics_profiles/200-diagnostics-eventhub-namespaces", - "diagnostics_profiles/201-multi-eventhub-diagnostics", "digital_twins/100-basic", "digital_twins/101-adt-servicebus", "digital_twins/102-digital_twins_instance_eventhub", + "diagnostics_profiles/100-multiple-destinations", + "diagnostics_profiles/200-diagnostics-eventhub-namespaces", + "diagnostics_profiles/201-multi-eventhub-diagnostics", "eventhub/100-simple-eventhub-namespace", "eventhub/101-evh-namespace-with-private-endpoint", "eventhub/102-namespace-and-evh-with-auth-rules", diff --git a/UPGRADE.md b/UPGRADE.md index 178937ac1c..bd2737f75a 100644 --- a/UPGRADE.md +++ b/UPGRADE.md @@ -2,15 +2,24 @@ When upgrading to a newer version of the CAF module, some configuration structures must be updated before applying the modifications. +## 5.7.0 + +Minimum rover version of 1.1.x. Lower versions not supported anymore. + +Version 5.6.0 includes support for azurerm 3.7.0 which requires your attention if you are deploying the following components: + +- vpn_gateway_connections: + - The deprecated field ```propagated_route_tables``` will be removed in favour of the ```propagated_route_table``` property. If you've been using ```propagated_route_tables```, rename with the new name ```propagated_route_table```. + ## 5.6.0 -Version 5.6.0 includes support for azurerm 2.99 which requires your attention if you are deploying the following components: +Version 5.6.0 includes support for azurerm 2.98 which requires your attention if you are deploying the following components: - signal_r: - The ```features``` block is deprecated, favor of use ```connectivity_logs_enabled```, ```messaging_logs_enabled```, ```live_trace_enabled``` and ```service_mode``` instead. Module has been updated to reflect that. You must update the settings in your configuration file accordingly. - data factory: - - The `data_factory_name` reference method is deprecated in favour of `data_factory_id` and will be removed in version 3.0 of the AzureRM provider. + - The `data_factory_name` reference method is deprecated in favour of `data_factory_id` and has been removed. - If you are referencing literals for data factory name inside ```data_factory.datasets``` (azure_blob, cosmosdb_sqlapi, delimited_text, http, json, mysql, postgresql, sql_server_table) or ```data_factory.linked_services``` (azure_blob_storage, cosmosdb, web, mysql, postgresql, key_vault) you will need to update to use the ```id``` attribute instead of ```name```. - **If you are referencing objects with ```key``` and ```lz_key``` inside your model, you dont need to update anything.** @@ -21,8 +30,46 @@ Version 5.6.0 includes support for azurerm 2.99 which requires your attention if - **If you are referencing objects with ```key``` and ```lz_key``` inside your model, you dont need to update anything.** - apim: - - The ```proxy``` block is deprecated in favour of `gateway` and will be removed in version 3.0 of the AzureRM provider. - - Azurerm 2.98 does not have ```gateway``` implemented yet, even with ```ARM_THREEPOINTZERO_BETA_RESOURCES=true``` + - The ```proxy``` block is deprecated in favour of `gateways` to support multiple gateways. See example apim/109 + +from +```hcl +api_management_custom_domain = { + apimcd1 = { + api_management = { + key = "apim1" + } + proxy = { + host_name = "api.example.com" + key_vault_certificate = { + certificate_request_key = "example" + } + } + } +} +``` + +to + +```hcl +api_management_custom_domain = { + apimcd1 = { + api_management = { + key = "apim1" + } + gateways = { + gw1 = { + { + host_name = "api.example.com" + key_vault_certificate = { + certificate_request_key = "example" + } + } + } + } + } +} +``` - azure virtual desktop: - azurerm 2.97 addedd support for new token method - azurerm_virtual_desktop_host_pool_registration_info - updated and should be transparent. diff --git a/data_factory.tf b/data_factory.tf index 30d6f1bbea..cc8098b57f 100644 --- a/data_factory.tf +++ b/data_factory.tf @@ -34,9 +34,7 @@ module "data_factory_pipeline" { global_settings = local.global_settings client_config = local.client_config settings = each.value - - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(local.client_config.landingzone_key, each.value.resource_group.lz_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name - data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id + data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id } output "data_factory_pipeline" { @@ -52,9 +50,8 @@ module "data_factory_trigger_schedule" { client_config = local.client_config settings = each.value - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(local.client_config.landingzone_key, each.value.resource_group.lz_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name - data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id - pipeline_name = can(each.value.data_factory_pipeline.name) ? each.value.data_factory_pipeline.name : local.combined_objects_data_factory_pipeline[try(each.value.data_factory_pipeline.lz_key, local.client_config.landingzone_key)][each.value.data_factory_pipeline.key].name + data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id + pipeline_name = can(each.value.data_factory_pipeline.name) ? each.value.data_factory_pipeline.name : local.combined_objects_data_factory_pipeline[try(each.value.data_factory_pipeline.lz_key, local.client_config.landingzone_key)][each.value.data_factory_pipeline.key].name } @@ -66,11 +63,10 @@ module "data_factory_integration_runtime_self_hosted" { source = "./modules/data_factory/data_factory_integration_runtime_self_hosted" for_each = local.data_factory.data_factory_integration_runtime_self_hosted - global_settings = local.global_settings - client_config = local.client_config - settings = each.value - data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(local.client_config.landingzone_key, each.value.resource_group.lz_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name + global_settings = local.global_settings + client_config = local.client_config + settings = each.value + data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id remote_objects = { data_factory = local.combined_objects_data_factory @@ -89,9 +85,8 @@ module "data_factory_integration_runtime_azure_ssis" { client_config = local.client_config settings = each.value - data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(local.client_config.landingzone_key, each.value.resource_group.lz_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name - location = can(local.global_settings.regions[each.value.region]) ? local.global_settings.regions[each.value.region] : local.combined_objects_resource_groups[try(local.client_config.landingzone_key, each.value.resource_group.lz_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location + data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id + location = can(local.global_settings.regions[each.value.region]) ? local.global_settings.regions[each.value.region] : local.combined_objects_resource_groups[try(local.client_config.landingzone_key, each.value.resource_group.lz_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location remote_objects = { diff --git a/data_factory_datasets.tf b/data_factory_datasets.tf index 614f1d32dc..f99f14bcde 100644 --- a/data_factory_datasets.tf +++ b/data_factory_datasets.tf @@ -6,7 +6,6 @@ module "data_factory_dataset_azure_blob" { global_settings = local.global_settings client_config = local.client_config settings = each.value - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(local.client_config.landingzone_key, each.value.resource_group.lz_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(each.value.data_factory.lz_key, local.client_config.landingzone_key)][each.value.data_factory.key].id linked_service_name = can(each.value.linked_service.name) ? each.value.linked_service.name : local.combined_objects_data_factory_linked_service_azure_blob_storage[try(each.value.linked_service.lz_key, local.client_config.landingzone_key)][each.value.linked_service.key].name } @@ -24,7 +23,6 @@ module "data_factory_dataset_cosmosdb_sqlapi" { global_settings = local.global_settings client_config = local.client_config settings = each.value - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(local.client_config.landingzone_key, each.value.resource_group.lz_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(each.value.data_factory.lz_key, local.client_config.landingzone_key)][each.value.data_factory.key].id linked_service_name = can(each.value.linked_service.name) ? each.value.linked_service.name : local.combined_objects_data_factory_linked_service_cosmosdb[try(each.value.linked_service.lz_key, local.client_config.landingzone_key)][each.value.linked_service.key].name } @@ -42,7 +40,6 @@ module "data_factory_dataset_delimited_text" { global_settings = local.global_settings client_config = local.client_config settings = each.value - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(local.client_config.landingzone_key, each.value.resource_group.lz_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(each.value.data_factory.lz_key, local.client_config.landingzone_key)][each.value.data_factory.key].id linked_service_name = can(each.value.linked_service.name) ? each.value.linked_service.name : local.combined_objects_data_factory_linked_service_web[try(each.value.linked_service.lz_key, local.client_config.landingzone_key)][each.value.linked_service.key].name @@ -60,7 +57,6 @@ module "data_factory_dataset_http" { global_settings = local.global_settings client_config = local.client_config settings = each.value - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(local.client_config.landingzone_key, each.value.resource_group.lz_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(each.value.data_factory.lz_key, local.client_config.landingzone_key)][each.value.data_factory.key].id linked_service_name = can(each.value.linked_service.name) ? each.value.linked_service.name : local.combined_objects_data_factory_linked_service_web[try(each.value.linked_service.lz_key, local.client_config.landingzone_key)][each.value.linked_service.key].name @@ -78,7 +74,6 @@ module "data_factory_dataset_json" { global_settings = local.global_settings client_config = local.client_config settings = each.value - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(local.client_config.landingzone_key, each.value.resource_group.lz_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(each.value.data_factory.lz_key, local.client_config.landingzone_key)][each.value.data_factory.key].id linked_service_name = can(each.value.linked_service.name) ? each.value.linked_service.name : local.combined_objects_data_factory_linked_service_web[try(each.value.linked_service.lz_key, local.client_config.landingzone_key)][each.value.linked_service.key].name @@ -96,7 +91,6 @@ module "data_factory_dataset_mysql" { global_settings = local.global_settings client_config = local.client_config settings = each.value - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(local.client_config.landingzone_key, each.value.resource_group.lz_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(each.value.data_factory.lz_key, local.client_config.landingzone_key)][each.value.data_factory.key].id linked_service_name = can(each.value.linked_service.name) ? each.value.linked_service.name : local.combined_objects_data_factory_linked_service_mysql[try(each.value.linked_service.lz_key, local.client_config.landingzone_key)][each.value.linked_service.key].name @@ -114,7 +108,6 @@ module "data_factory_dataset_postgresql" { global_settings = local.global_settings client_config = local.client_config settings = each.value - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(local.client_config.landingzone_key, each.value.resource_group.lz_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(each.value.data_factory.lz_key, local.client_config.landingzone_key)][each.value.data_factory.key].id linked_service_name = can(each.value.linked_service.name) ? each.value.linked_service.name : local.combined_objects_data_factory_linked_service_postgresql[try(each.value.linked_service.lz_key, local.client_config.landingzone_key)][each.value.linked_service.key].name @@ -133,7 +126,6 @@ module "data_factory_dataset_sql_server_table" { global_settings = local.global_settings client_config = local.client_config settings = each.value - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(local.client_config.landingzone_key, each.value.resource_group.lz_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(each.value.data_factory.lz_key, local.client_config.landingzone_key)][each.value.data_factory.key].id linked_service_name = can(each.value.linked_service.name) ? each.value.linked_service.name : local.combined_objects_data_factory_linked_service_sql_server[try(each.value.linked_service.lz_key, local.client_config.landingzone_key)][each.value.linked_service.key].name diff --git a/data_factory_linked_services.tf b/data_factory_linked_services.tf index 1fffab57ea..7121422ea6 100644 --- a/data_factory_linked_services.tf +++ b/data_factory_linked_services.tf @@ -4,12 +4,11 @@ module "data_factory_linked_service_azure_blob_storage" { for_each = local.data_factory.linked_services.azure_blob_storage - global_settings = local.global_settings - client_config = local.client_config - settings = each.value - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(local.client_config.landingzone_key, each.value.resource_group.lz_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name - data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id - storage_account = can(each.value.storage_account.key) ? local.combined_objects_storage_accounts[try(each.value.storage_account.lz_key, local.client_config.landingzone_key)][each.value.storage_account.key] : null + global_settings = local.global_settings + client_config = local.client_config + settings = each.value + data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id + storage_account = can(each.value.storage_account.key) ? local.combined_objects_storage_accounts[try(each.value.storage_account.lz_key, local.client_config.landingzone_key)][each.value.storage_account.key] : null integration_runtime_name = try( coalesce( @@ -33,13 +32,12 @@ module "data_factory_linked_service_cosmosdb" { for_each = local.data_factory.linked_services.cosmosdb - global_settings = local.global_settings - client_config = local.client_config - settings = each.value - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(local.client_config.landingzone_key, each.value.resource_group.lz_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name - data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id - account_endpoint = can(each.value.cosmosdb_account.endpoint) ? each.value.cosmosdb_account.endpoint : local.combined_objects_cosmos_dbs[try(each.value.cosmosdb_account.lz_key, local.client_config.landingzone_key)][each.value.cosmosdb_account.key].endpoint - account_key = can(each.value.cosmosdb_account.account_key) ? each.value.cosmosdb_account.account_key : local.combined_objects_cosmos_dbs[try(each.value.cosmosdb_account.lz_key, local.client_config.landingzone_key)][each.value.cosmosdb_account.key].primary_key + global_settings = local.global_settings + client_config = local.client_config + settings = each.value + data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id + account_endpoint = can(each.value.cosmosdb_account.endpoint) ? each.value.cosmosdb_account.endpoint : local.combined_objects_cosmos_dbs[try(each.value.cosmosdb_account.lz_key, local.client_config.landingzone_key)][each.value.cosmosdb_account.key].endpoint + account_key = can(each.value.cosmosdb_account.account_key) ? each.value.cosmosdb_account.account_key : local.combined_objects_cosmos_dbs[try(each.value.cosmosdb_account.lz_key, local.client_config.landingzone_key)][each.value.cosmosdb_account.key].primary_key } output "data_factory_linked_service_cosmosdb" { @@ -52,11 +50,10 @@ module "data_factory_linked_service_web" { for_each = local.data_factory.linked_services.web - global_settings = local.global_settings - client_config = local.client_config - settings = each.value - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(local.client_config.landingzone_key, each.value.resource_group.lz_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name - data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id + global_settings = local.global_settings + client_config = local.client_config + settings = each.value + data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id #connection_string = try(each.value.lz_key, null) == null ? local.combined_objects_cosmos_dbs[local.client_config.landingzone_key][each.value.cosmos_db_key].name : local.combined_objects_cosmos_dbs[each.value.lz_key][each.value.cosmos_db_key].connection_string } @@ -69,11 +66,10 @@ module "data_factory_linked_service_mysql" { source = "./modules/data_factory/linked_services/mysql" for_each = local.data_factory.linked_services.mysql - global_settings = local.global_settings - client_config = local.client_config - settings = each.value - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(local.client_config.landingzone_key, each.value.resource_group.lz_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name - data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id + global_settings = local.global_settings + client_config = local.client_config + settings = each.value + data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id #connection_string = try(each.value.lz_key, null) == null ? local.combined_objects_cosmos_dbs[local.client_config.landingzone_key][each.value.cosmos_db_key].name : local.combined_objects_cosmos_dbs[each.value.lz_key][each.value.cosmos_db_key].connection_string } @@ -82,11 +78,10 @@ module "data_factory_linked_service_postgresql" { source = "./modules/data_factory/linked_services/postgresql" for_each = local.data_factory.linked_services.postgresql - global_settings = local.global_settings - client_config = local.client_config - settings = each.value - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(local.client_config.landingzone_key, each.value.resource_group.lz_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name - data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id + global_settings = local.global_settings + client_config = local.client_config + settings = each.value + data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id #connection_string = try(each.value.lz_key, null) == null ? local.combined_objects_cosmos_dbs[local.client_config.landingzone_key][each.value.cosmos_db_key].name : local.combined_objects_cosmos_dbs[each.value.lz_key][each.value.cosmos_db_key].connection_string } @@ -98,11 +93,10 @@ module "data_factory_linked_service_sql_server" { source = "./modules/data_factory/linked_services/sql_server" for_each = local.data_factory.linked_services.sql_server - global_settings = local.global_settings - client_config = local.client_config - settings = each.value - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(local.client_config.landingzone_key, each.value.resource_group.lz_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name - data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id + global_settings = local.global_settings + client_config = local.client_config + settings = each.value + data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id #connection_string = try(each.value.lz_key, null) == null ? local.combined_objects_cosmos_dbs[local.client_config.landingzone_key][each.value.cosmos_db_key].name : local.combined_objects_cosmos_dbs[each.value.lz_key][each.value.cosmos_db_key].connection_string } @@ -118,8 +112,6 @@ module "data_factory_linked_service_azure_databricks" { client_config = local.client_config settings = each.value - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name - integration_runtime_name = try(coalesce( try(local.combined_objects_data_factory_integration_runtime_self_hosted[each.value.integration_runtime.data_factory_integration_runtime_self_hosted.lz_key][each.value.integration_runtime.data_factory_integration_runtime_self_hosted.key].name, null), try(local.combined_objects_data_factory_integration_runtime_self_hosted[local.client_config.landingzone_key][each.value.integration_runtime.data_factory_integration_runtime_self_hosted.key].name, null), @@ -152,10 +144,8 @@ module "data_factory_linked_service_key_vault" { parameters = try(each.value.parameters, null) name = each.value.name additional_properties = try(each.value.additional_properties, null) - - key_vault_id = can(each.value.keyvault.id) ? each.value.keyvault.id : local.combined_objects_keyvaults[try(local.client_config.landingzone_key, each.value.keyvault.lz_key)][each.value.keyvault.key].id - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(local.client_config.landingzone_key, each.value.resource_group.lz_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name - data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id + key_vault_id = can(each.value.keyvault.id) ? each.value.keyvault.id : local.combined_objects_keyvaults[try(local.client_config.landingzone_key, each.value.keyvault.lz_key)][each.value.keyvault.key].id + data_factory_id = can(each.value.data_factory.id) ? each.value.data_factory.id : local.combined_objects_data_factory[try(local.client_config.landingzone_key, each.value.data_factory.lz_key)][try(each.value.data_factory.key, each.value.data_factory_key)].id integration_runtime_name = try(coalesce( try(local.combined_objects_data_factory_integration_runtime_self_hosted[each.value.integration_runtime.data_factory_integration_runtime_self_hosted.lz_key][each.value.integration_runtime.data_factory_integration_runtime_self_hosted.key].name, null), diff --git a/examples/apim/109-api_management_custom_domain/configuration.tfvars b/examples/apim/109-api_management_custom_domain/configuration.tfvars index e1d716740a..70a474e9a9 100644 --- a/examples/apim/109-api_management_custom_domain/configuration.tfvars +++ b/examples/apim/109-api_management_custom_domain/configuration.tfvars @@ -68,10 +68,12 @@ api_management_custom_domain = { api_management = { key = "apim1" } - proxy = { - host_name = "api.example.com" - key_vault_certificate = { - certificate_request_key = "example" + gateways = { + gw1 = { + host_name = "api.example.com" + key_vault_certificate = { + certificate_request_key = "example" + } } } diff --git a/examples/apim/117-api_management_product/configuration.tfvars b/examples/apim/117-api_management_product/configuration.tfvars index b822671ddf..034aab1682 100644 --- a/examples/apim/117-api_management_product/configuration.tfvars +++ b/examples/apim/117-api_management_product/configuration.tfvars @@ -30,7 +30,7 @@ api_management_product = { resource_group = { key = "rg1" } - product_id = "example-product1" + product_id = "example-product1" display_name = "Example Product 1" } example_product2 = { @@ -40,14 +40,14 @@ api_management_product = { resource_group = { key = "rg1" } - product_id = "example-product2" - display_name = "Example Product 2" - description = "This is a example api product" - approval_required = true + product_id = "example-product2" + display_name = "Example Product 2" + description = "This is a example api product" + approval_required = true subscription_required = true - published = true - subscriptions_limit = 50 - terms = "Some legal terms ..." + published = true + subscriptions_limit = 50 + terms = "Some legal terms ..." } } diff --git a/examples/app_gateway/100-simple-app-gateway/configuration.tfvars b/examples/app_gateway/100-simple-app-gateway/configuration.tfvars index 47df99950e..a1c95a28ae 100644 --- a/examples/app_gateway/100-simple-app-gateway/configuration.tfvars +++ b/examples/app_gateway/100-simple-app-gateway/configuration.tfvars @@ -127,7 +127,7 @@ public_ip_addresses = { sku = "Standard" allocation_method = "Static" ip_version = "IPv4" - availability_zone = "1" + zones = ["1"] idle_timeout_in_minutes = "4" } diff --git a/examples/app_gateway/103-public-only/configuration.tfvars b/examples/app_gateway/103-public-only/configuration.tfvars index 20ae433e5b..020ce8a628 100644 --- a/examples/app_gateway/103-public-only/configuration.tfvars +++ b/examples/app_gateway/103-public-only/configuration.tfvars @@ -13,7 +13,7 @@ resource_groups = { } } -application_gateways = { +application_gateway = { agw1 = { resource_group_key = "agw_region1" name = "app_gateway_example" diff --git a/examples/app_gateway/301-agw-v1/networking.tfvars b/examples/app_gateway/301-agw-v1/networking.tfvars index 20e2bb64c8..79b6b9f143 100644 --- a/examples/app_gateway/301-agw-v1/networking.tfvars +++ b/examples/app_gateway/301-agw-v1/networking.tfvars @@ -26,7 +26,7 @@ public_ip_addresses = { sku = "Standard" allocation_method = "Static" ip_version = "IPv4" - availability_zone = "1" + zones = ["1"] idle_timeout_in_minutes = "4" } diff --git a/examples/app_gateway/302-listener-ssl-policy/agw_platform.tfvars b/examples/app_gateway/302-listener-ssl-policy/agw_platform.tfvars index ff376931b1..2c4614b7d5 100644 --- a/examples/app_gateway/302-listener-ssl-policy/agw_platform.tfvars +++ b/examples/app_gateway/302-listener-ssl-policy/agw_platform.tfvars @@ -48,26 +48,26 @@ application_gateway_platforms = { protocol = "Https" } } - + #default: wont be able to change after creation as this is required for agw tf resource default = { - frontend_port_key = "80" - frontend_ip_configuration_key = "public" - backend_address_pool_name = "default-beap" - http_setting_name = "default-be-htst" + frontend_port_key = "80" + frontend_ip_configuration_key = "public" + backend_address_pool_name = "default-beap" + http_setting_name = "default-be-htst" listener_name = "default-httplstn" request_routing_rule_name = "default-rqrt" cookie_based_affinity = "Disabled" request_timeout = "60" - rule_type = "Basic" + rule_type = "Basic" } listener_ssl_policy = { default = { policy_type = "Predefined" policy_name = "AppGwSslPolicy20170401S" - min_protocol_version = "TLSv1_2" + min_protocol_version = "TLSv1_2" } - } + } } } \ No newline at end of file diff --git a/examples/automation/100-simple-automation-account/configuration.tfvars b/examples/automation/100-simple-automation-account/configuration.tfvars index 356ab1f4ca..0f2dca5cab 100644 --- a/examples/automation/100-simple-automation-account/configuration.tfvars +++ b/examples/automation/100-simple-automation-account/configuration.tfvars @@ -16,7 +16,7 @@ resource_groups = { automations = { auto1 = { name = "automation" - sku = "basic" + sku = "Basic" resource_group_key = "automation" } } \ No newline at end of file diff --git a/examples/automation/101-automation-account-linked/configuration.tfvars b/examples/automation/101-automation-account-linked/configuration.tfvars index 0fae4f04ec..7148798b4f 100644 --- a/examples/automation/101-automation-account-linked/configuration.tfvars +++ b/examples/automation/101-automation-account-linked/configuration.tfvars @@ -15,7 +15,7 @@ resource_groups = { automations = { auto1 = { name = "automation" - sku = "basic" + sku = "Basic" resource_group_key = "automation" } } diff --git a/examples/automation/102-automation-msi/configuration.tfvars b/examples/automation/102-automation-msi/configuration.tfvars index 6dbba48cb5..edb7287638 100644 --- a/examples/automation/102-automation-msi/configuration.tfvars +++ b/examples/automation/102-automation-msi/configuration.tfvars @@ -15,7 +15,7 @@ resource_groups = { automations = { auto1 = { name = "automation" - sku = "basic" + sku = "Basic" resource_group_key = "automation" identity = { diff --git a/examples/automation/103-automation-private-endpoints/configuration.tfvars b/examples/automation/103-automation-private-endpoints/configuration.tfvars index f4e8f0467f..87b1c00df1 100644 --- a/examples/automation/103-automation-private-endpoints/configuration.tfvars +++ b/examples/automation/103-automation-private-endpoints/configuration.tfvars @@ -15,7 +15,7 @@ resource_groups = { automations = { auto1 = { name = "automation" - sku = "basic" + sku = "Basic" resource_group_key = "automation" private_endpoints = { diff --git a/examples/automation/104-automation-schedule-runbook/configuration.tfvars b/examples/automation/104-automation-schedule-runbook/configuration.tfvars index 087973c0f6..87178d65e2 100644 --- a/examples/automation/104-automation-schedule-runbook/configuration.tfvars +++ b/examples/automation/104-automation-schedule-runbook/configuration.tfvars @@ -15,7 +15,7 @@ resource_groups = { automations = { auto1 = { name = "automation" - sku = "basic" + sku = "Basic" resource_group_key = "automation" } } diff --git a/examples/compute/kubernetes_services/101-single-cluster/aks.tfvars b/examples/compute/kubernetes_services/101-single-cluster/aks.tfvars index 63c69870cd..dbbf22f00e 100644 --- a/examples/compute/kubernetes_services/101-single-cluster/aks.tfvars +++ b/examples/compute/kubernetes_services/101-single-cluster/aks.tfvars @@ -26,7 +26,7 @@ aks_clusters = { network_profile = { network_plugin = "azure" - load_balancer_sku = "Standard" + load_balancer_sku = "standard" } # enable_rbac = true @@ -37,12 +37,10 @@ aks_clusters = { } } - addon_profile = { - oms_agent = { - enabled = true - log_analytics_key = "central_logs_region1" - } + oms_agent = { + log_analytics_key = "central_logs_region1" } + # admin_groups = { # # ids = [] # # azuread_groups = { diff --git a/examples/compute/kubernetes_services/101-single-cluster/networking.tfvars b/examples/compute/kubernetes_services/101-single-cluster/networking.tfvars index 04a9ceba6a..b8ed1dda00 100644 --- a/examples/compute/kubernetes_services/101-single-cluster/networking.tfvars +++ b/examples/compute/kubernetes_services/101-single-cluster/networking.tfvars @@ -53,7 +53,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "*" @@ -64,7 +64,7 @@ network_security_group_definition = { priority = "110" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -75,7 +75,7 @@ network_security_group_definition = { priority = "100" direction = "Outbound" access = "Allow" - protocol = "udp" + protocol = "Udp" source_port_range = "*" destination_port_range = "1194" source_address_prefix = "*" @@ -86,7 +86,7 @@ network_security_group_definition = { priority = "110" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "9000" source_address_prefix = "*" @@ -97,7 +97,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "udp" + protocol = "Udp" source_port_range = "*" destination_port_range = "123" source_address_prefix = "*" @@ -108,7 +108,7 @@ network_security_group_definition = { priority = "130" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -124,7 +124,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -135,7 +135,7 @@ network_security_group_definition = { priority = "120" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "135" source_address_prefix = "GatewayManager" @@ -146,7 +146,7 @@ network_security_group_definition = { priority = "121" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "4443" source_address_prefix = "GatewayManager" @@ -157,7 +157,7 @@ network_security_group_definition = { priority = "103" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" @@ -168,7 +168,7 @@ network_security_group_definition = { priority = "101" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "*" @@ -179,7 +179,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" diff --git a/examples/compute/kubernetes_services/102-multi-nodepools/aks.tfvars b/examples/compute/kubernetes_services/102-multi-nodepools/aks.tfvars index a450a8d8ec..0cab730dd2 100644 --- a/examples/compute/kubernetes_services/102-multi-nodepools/aks.tfvars +++ b/examples/compute/kubernetes_services/102-multi-nodepools/aks.tfvars @@ -12,7 +12,7 @@ aks_clusters = { network_policy = { network_plugin = "azure" - load_balancer_sku = "Standard" + load_balancer_sku = "standard" } enable_rbac = true diff --git a/examples/compute/kubernetes_services/102-multi-nodepools/networking.tfvars b/examples/compute/kubernetes_services/102-multi-nodepools/networking.tfvars index 04a9ceba6a..b8ed1dda00 100644 --- a/examples/compute/kubernetes_services/102-multi-nodepools/networking.tfvars +++ b/examples/compute/kubernetes_services/102-multi-nodepools/networking.tfvars @@ -53,7 +53,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "*" @@ -64,7 +64,7 @@ network_security_group_definition = { priority = "110" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -75,7 +75,7 @@ network_security_group_definition = { priority = "100" direction = "Outbound" access = "Allow" - protocol = "udp" + protocol = "Udp" source_port_range = "*" destination_port_range = "1194" source_address_prefix = "*" @@ -86,7 +86,7 @@ network_security_group_definition = { priority = "110" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "9000" source_address_prefix = "*" @@ -97,7 +97,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "udp" + protocol = "Udp" source_port_range = "*" destination_port_range = "123" source_address_prefix = "*" @@ -108,7 +108,7 @@ network_security_group_definition = { priority = "130" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -124,7 +124,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -135,7 +135,7 @@ network_security_group_definition = { priority = "120" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "135" source_address_prefix = "GatewayManager" @@ -146,7 +146,7 @@ network_security_group_definition = { priority = "121" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "4443" source_address_prefix = "GatewayManager" @@ -157,7 +157,7 @@ network_security_group_definition = { priority = "103" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" @@ -168,7 +168,7 @@ network_security_group_definition = { priority = "101" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "*" @@ -179,7 +179,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" diff --git a/examples/compute/kubernetes_services/103-multi-clusters/aks.tfvars b/examples/compute/kubernetes_services/103-multi-clusters/aks.tfvars index db79f5b947..2151c71534 100644 --- a/examples/compute/kubernetes_services/103-multi-clusters/aks.tfvars +++ b/examples/compute/kubernetes_services/103-multi-clusters/aks.tfvars @@ -15,7 +15,7 @@ aks_clusters = { network_policy = { network_plugin = "azure" - load_balancer_sku = "Standard" + load_balancer_sku = "standard" } enable_rbac = true diff --git a/examples/compute/kubernetes_services/103-multi-clusters/networking.tfvars b/examples/compute/kubernetes_services/103-multi-clusters/networking.tfvars index 427a87de8a..f06ecf97f1 100644 --- a/examples/compute/kubernetes_services/103-multi-clusters/networking.tfvars +++ b/examples/compute/kubernetes_services/103-multi-clusters/networking.tfvars @@ -96,7 +96,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "*" @@ -107,7 +107,7 @@ network_security_group_definition = { priority = "110" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -118,7 +118,7 @@ network_security_group_definition = { priority = "100" direction = "Outbound" access = "Allow" - protocol = "udp" + protocol = "Udp" source_port_range = "*" destination_port_range = "1194" source_address_prefix = "*" @@ -129,7 +129,7 @@ network_security_group_definition = { priority = "110" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "9000" source_address_prefix = "*" @@ -140,7 +140,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "udp" + protocol = "Udp" source_port_range = "*" destination_port_range = "123" source_address_prefix = "*" @@ -151,7 +151,7 @@ network_security_group_definition = { priority = "130" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -167,7 +167,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -178,7 +178,7 @@ network_security_group_definition = { priority = "120" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "135" source_address_prefix = "GatewayManager" @@ -189,7 +189,7 @@ network_security_group_definition = { priority = "121" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "4443" source_address_prefix = "GatewayManager" @@ -200,7 +200,7 @@ network_security_group_definition = { priority = "103" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" @@ -211,7 +211,7 @@ network_security_group_definition = { priority = "101" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "*" @@ -222,7 +222,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" diff --git a/examples/compute/kubernetes_services/104-private-cluster/aks.tfvars b/examples/compute/kubernetes_services/104-private-cluster/aks.tfvars index efc045cc3c..59f81df2a6 100644 --- a/examples/compute/kubernetes_services/104-private-cluster/aks.tfvars +++ b/examples/compute/kubernetes_services/104-private-cluster/aks.tfvars @@ -20,7 +20,7 @@ aks_clusters = { network_policy = { network_plugin = "azure" - load_balancer_sku = "Standard" + load_balancer_sku = "standard" } private_cluster_enabled = true diff --git a/examples/compute/kubernetes_services/104-private-cluster/networking.tfvars b/examples/compute/kubernetes_services/104-private-cluster/networking.tfvars index 3e017fcbac..4a324b9153 100644 --- a/examples/compute/kubernetes_services/104-private-cluster/networking.tfvars +++ b/examples/compute/kubernetes_services/104-private-cluster/networking.tfvars @@ -56,7 +56,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "*" @@ -67,7 +67,7 @@ network_security_group_definition = { priority = "110" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -78,7 +78,7 @@ network_security_group_definition = { priority = "100" direction = "Outbound" access = "Allow" - protocol = "udp" + protocol = "Udp" source_port_range = "*" destination_port_range = "1194" source_address_prefix = "*" @@ -89,7 +89,7 @@ network_security_group_definition = { priority = "110" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "9000" source_address_prefix = "*" @@ -100,7 +100,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "udp" + protocol = "Udp" source_port_range = "*" destination_port_range = "123" source_address_prefix = "*" @@ -111,7 +111,7 @@ network_security_group_definition = { priority = "130" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -127,7 +127,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -138,7 +138,7 @@ network_security_group_definition = { priority = "120" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "135" source_address_prefix = "GatewayManager" @@ -149,7 +149,7 @@ network_security_group_definition = { priority = "121" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "4443" source_address_prefix = "GatewayManager" @@ -160,7 +160,7 @@ network_security_group_definition = { priority = "103" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" @@ -171,7 +171,7 @@ network_security_group_definition = { priority = "101" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "*" @@ -182,7 +182,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" diff --git a/examples/compute/kubernetes_services/105-cluster-usermsi/aks.tfvars b/examples/compute/kubernetes_services/105-cluster-usermsi/aks.tfvars index e341524128..16b702bd43 100644 --- a/examples/compute/kubernetes_services/105-cluster-usermsi/aks.tfvars +++ b/examples/compute/kubernetes_services/105-cluster-usermsi/aks.tfvars @@ -34,23 +34,34 @@ aks_clusters = { network_profile = { network_plugin = "azure" - load_balancer_sku = "Standard" + load_balancer_sku = "standard" } - # enable_rbac = true - role_based_access_control = { - enabled = true - azure_active_directory = { - managed = true - } + azure_active_directory_role_based_access_control = { + managed = true + azure_rbac_enabled = true + # tenant_id = "" + # admin_group_object_ids = "" + + # when managed to set to false + # client_app_id = "" + # server_app_id = "" + # server_app_secret = "" } - addon_profile = { - oms_agent = { - enabled = true - log_analytics_key = "central_logs_region1" - } + # Replace with azure_active_directory_role_based_access_control + # Still supported for backward compatibility + # role_based_access_control = { + # enabled = true + # azure_active_directory = { + # managed = true + # } + # } + + oms_agent = { + log_analytics_key = "central_logs_region1" } + # admin_groups = { # # ids = [] # # azuread_groups = { @@ -72,6 +83,7 @@ aks_clusters = { max_pods = 30 node_count = 1 os_disk_size_gb = 512 + zones = [1] tags = { "project" = "system services" } diff --git a/examples/compute/kubernetes_services/105-cluster-usermsi/networking.tfvars b/examples/compute/kubernetes_services/105-cluster-usermsi/networking.tfvars index 04a9ceba6a..b8ed1dda00 100644 --- a/examples/compute/kubernetes_services/105-cluster-usermsi/networking.tfvars +++ b/examples/compute/kubernetes_services/105-cluster-usermsi/networking.tfvars @@ -53,7 +53,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "*" @@ -64,7 +64,7 @@ network_security_group_definition = { priority = "110" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -75,7 +75,7 @@ network_security_group_definition = { priority = "100" direction = "Outbound" access = "Allow" - protocol = "udp" + protocol = "Udp" source_port_range = "*" destination_port_range = "1194" source_address_prefix = "*" @@ -86,7 +86,7 @@ network_security_group_definition = { priority = "110" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "9000" source_address_prefix = "*" @@ -97,7 +97,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "udp" + protocol = "Udp" source_port_range = "*" destination_port_range = "123" source_address_prefix = "*" @@ -108,7 +108,7 @@ network_security_group_definition = { priority = "130" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -124,7 +124,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -135,7 +135,7 @@ network_security_group_definition = { priority = "120" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "135" source_address_prefix = "GatewayManager" @@ -146,7 +146,7 @@ network_security_group_definition = { priority = "121" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "4443" source_address_prefix = "GatewayManager" @@ -157,7 +157,7 @@ network_security_group_definition = { priority = "103" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" @@ -168,7 +168,7 @@ network_security_group_definition = { priority = "101" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "*" @@ -179,7 +179,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" diff --git a/examples/compute/kubernetes_services/106-agic-greenfield/aks.tfvars b/examples/compute/kubernetes_services/106-agic-greenfield/aks.tfvars index f621f6b0cc..81015e43c4 100644 --- a/examples/compute/kubernetes_services/106-agic-greenfield/aks.tfvars +++ b/examples/compute/kubernetes_services/106-agic-greenfield/aks.tfvars @@ -35,7 +35,7 @@ aks_clusters = { network_profile = { network_plugin = "azure" - load_balancer_sku = "Standard" + load_balancer_sku = "standard" } role_based_access_control = { diff --git a/examples/compute/kubernetes_services/106-agic-greenfield/networking.tfvars b/examples/compute/kubernetes_services/106-agic-greenfield/networking.tfvars index d7c8c11a73..b4b4dfabf5 100644 --- a/examples/compute/kubernetes_services/106-agic-greenfield/networking.tfvars +++ b/examples/compute/kubernetes_services/106-agic-greenfield/networking.tfvars @@ -31,7 +31,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "*" @@ -42,7 +42,7 @@ network_security_group_definition = { priority = "110" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -53,7 +53,7 @@ network_security_group_definition = { priority = "100" direction = "Outbound" access = "Allow" - protocol = "udp" + protocol = "Udp" source_port_range = "*" destination_port_range = "1194" source_address_prefix = "*" @@ -64,7 +64,7 @@ network_security_group_definition = { priority = "110" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "9000" source_address_prefix = "*" @@ -75,7 +75,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "udp" + protocol = "Udp" source_port_range = "*" destination_port_range = "123" source_address_prefix = "*" @@ -86,7 +86,7 @@ network_security_group_definition = { priority = "130" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" diff --git a/examples/compute/kubernetes_services/107-agic-brownfield/aks.tfvars b/examples/compute/kubernetes_services/107-agic-brownfield/aks.tfvars index 5705e9f60b..8327f0ee6f 100644 --- a/examples/compute/kubernetes_services/107-agic-brownfield/aks.tfvars +++ b/examples/compute/kubernetes_services/107-agic-brownfield/aks.tfvars @@ -34,7 +34,7 @@ aks_clusters = { network_profile = { network_plugin = "azure" - load_balancer_sku = "Standard" + load_balancer_sku = "standard" } # enable_rbac = true diff --git a/examples/compute/kubernetes_services/107-agic-brownfield/network_security_group_definition.tfvars b/examples/compute/kubernetes_services/107-agic-brownfield/network_security_group_definition.tfvars index 3250330b89..f79f5cd652 100644 --- a/examples/compute/kubernetes_services/107-agic-brownfield/network_security_group_definition.tfvars +++ b/examples/compute/kubernetes_services/107-agic-brownfield/network_security_group_definition.tfvars @@ -9,7 +9,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "*" @@ -20,7 +20,7 @@ network_security_group_definition = { priority = "110" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -31,7 +31,7 @@ network_security_group_definition = { priority = "100" direction = "Outbound" access = "Allow" - protocol = "udp" + protocol = "Udp" source_port_range = "*" destination_port_range = "1194" source_address_prefix = "*" @@ -42,7 +42,7 @@ network_security_group_definition = { priority = "110" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "9000" source_address_prefix = "*" @@ -53,7 +53,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "udp" + protocol = "Udp" source_port_range = "*" destination_port_range = "123" source_address_prefix = "*" @@ -64,7 +64,7 @@ network_security_group_definition = { priority = "130" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -80,7 +80,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -91,7 +91,7 @@ network_security_group_definition = { priority = "120" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "135" source_address_prefix = "GatewayManager" @@ -102,7 +102,7 @@ network_security_group_definition = { priority = "121" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "4443" source_address_prefix = "GatewayManager" @@ -113,7 +113,7 @@ network_security_group_definition = { priority = "103" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" @@ -124,7 +124,7 @@ network_security_group_definition = { priority = "101" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "*" @@ -135,7 +135,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" diff --git a/examples/compute/virtual_machine/100-single-linux-vm/configuration.tfvars b/examples/compute/virtual_machine/100-single-linux-vm/configuration.tfvars index 47c1355a7e..1473e5717c 100644 --- a/examples/compute/virtual_machine/100-single-linux-vm/configuration.tfvars +++ b/examples/compute/virtual_machine/100-single-linux-vm/configuration.tfvars @@ -172,7 +172,7 @@ keyvault_keys = { name = "disk-key" key_type = "RSA" key_size = "2048" - key_opts = ["encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey"] + key_opts = ["Encrypt", "Decrypt", "Sign", "Verify", "WrapKey", "UnwrapKey"] } } diff --git a/examples/compute/virtual_machine/105-single-windows-vm-kv-admin-secrets/configuration.tfvars b/examples/compute/virtual_machine/105-single-windows-vm-kv-admin-secrets/configuration.tfvars index ba35bf355e..42fec5cf87 100644 --- a/examples/compute/virtual_machine/105-single-windows-vm-kv-admin-secrets/configuration.tfvars +++ b/examples/compute/virtual_machine/105-single-windows-vm-kv-admin-secrets/configuration.tfvars @@ -203,7 +203,7 @@ keyvault_keys = { name = "disk-key" key_type = "RSA" key_size = "2048" - key_opts = ["encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey"] + key_opts = ["Encrypt", "Decrypt", "Sign", "Verify", "WrapKey", "UnwrapKey"] } } diff --git a/examples/compute/virtual_machine/108-single-linux-storage-connect-custom-data/configuration.tfvars b/examples/compute/virtual_machine/108-single-linux-storage-connect-custom-data/configuration.tfvars index 3bedae6817..1b4ca13e97 100644 --- a/examples/compute/virtual_machine/108-single-linux-storage-connect-custom-data/configuration.tfvars +++ b/examples/compute/virtual_machine/108-single-linux-storage-connect-custom-data/configuration.tfvars @@ -215,7 +215,7 @@ keyvault_keys = { name = "disk-key" key_type = "RSA" key_size = "2048" - key_opts = ["encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey"] + key_opts = ["Encrypt", "Decrypt", "Sign", "Verify", "WrapKey", "UnwrapKey"] } } diff --git a/examples/compute/virtual_machine/111-single-linux-ansible-playbook/nsg.tfvars b/examples/compute/virtual_machine/111-single-linux-ansible-playbook/nsg.tfvars index b2879b90ef..95092af639 100644 --- a/examples/compute/virtual_machine/111-single-linux-ansible-playbook/nsg.tfvars +++ b/examples/compute/virtual_machine/111-single-linux-ansible-playbook/nsg.tfvars @@ -8,7 +8,7 @@ network_security_group_definition = { priority = "211" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "Internet" diff --git a/examples/compute/virtual_machine/210-vm-bastion-winrm/nsg_definitions.tfvars b/examples/compute/virtual_machine/210-vm-bastion-winrm/nsg_definitions.tfvars index 5c75dc6450..b13d9f2f89 100644 --- a/examples/compute/virtual_machine/210-vm-bastion-winrm/nsg_definitions.tfvars +++ b/examples/compute/virtual_machine/210-vm-bastion-winrm/nsg_definitions.tfvars @@ -27,7 +27,7 @@ network_security_group_definition = { priority = "103" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "5233" source_address_prefix = "10.0.1.0/24" @@ -38,7 +38,7 @@ network_security_group_definition = { priority = "104" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "10.1.1.0/24" @@ -55,7 +55,7 @@ network_security_group_definition = { priority = "200" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "5985" source_application_security_groups = { @@ -70,7 +70,7 @@ network_security_group_definition = { priority = "201" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "5986" source_application_security_groups = { @@ -85,7 +85,7 @@ network_security_group_definition = { priority = "210" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_application_security_groups = { @@ -106,7 +106,7 @@ network_security_group_definition = { priority = "103" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_application_security_groups = { diff --git a/examples/compute/virtual_machine/211-vm-bastion-winrm-agents/nsg_definitions.tfvars b/examples/compute/virtual_machine/211-vm-bastion-winrm-agents/nsg_definitions.tfvars index 064cbb80cf..d614f3cd8e 100644 --- a/examples/compute/virtual_machine/211-vm-bastion-winrm-agents/nsg_definitions.tfvars +++ b/examples/compute/virtual_machine/211-vm-bastion-winrm-agents/nsg_definitions.tfvars @@ -8,7 +8,7 @@ network_security_group_definition = { priority = "200" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "5985" source_address_prefix = "VirtualNetwork" @@ -19,7 +19,7 @@ network_security_group_definition = { priority = "201" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "5986" source_address_prefix = "VirtualNetwork" @@ -30,7 +30,7 @@ network_security_group_definition = { priority = "210" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "VirtualNetwork" @@ -47,7 +47,7 @@ network_security_group_definition = { priority = "103" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" diff --git a/examples/compute/virtual_machine/212-vm-disk-encryption-set/configurations.tfvars b/examples/compute/virtual_machine/212-vm-disk-encryption-set/configurations.tfvars index 3c65375930..56bdeaed0f 100644 --- a/examples/compute/virtual_machine/212-vm-disk-encryption-set/configurations.tfvars +++ b/examples/compute/virtual_machine/212-vm-disk-encryption-set/configurations.tfvars @@ -62,12 +62,12 @@ keyvault_access_policies = { kv1 = { logged_in_user = { secret_permissions = ["Set", "Get", "List", "Delete", "Purge", "Recover"] - key_permissions = ["decrypt", "encrypt", "sign", "unwrapKey", "verify", "wrapKey", "List", "Get", "Create", "Purge"] + key_permissions = ["Decrypt", "Encrypt", "Sign", "UnwrapKey", "Verify", "WrapKey", "List", "Get", "Create", "Purge"] } disk_encryption_sets = { disk_encryption_set_key = "set1" # lz_key = "example" # for remote disk_encryption_set - key_permissions = ["decrypt", "encrypt", "sign", "unwrapKey", "verify", "wrapKey", "List", "Get", "Create", "Purge"] + key_permissions = ["Decrypt", "Encrypt", "Sign", "UnwrapKey", "Verify", "WrapKey", "List", "Get", "Create", "Purge"] } } } @@ -79,7 +79,7 @@ keyvault_keys = { name = "disk-key" key_type = "RSA" key_size = 2048 - key_opts = ["decrypt", "encrypt", "sign", "unwrapKey", "verify", "wrapKey"] + key_opts = ["Decrypt", "Encrypt", "Sign", "UnwrapKey", "Verify", "WrapKey"] # curve = "" # not_before_date = "" @@ -95,7 +95,7 @@ disk_encryption_sets = { # keyvault_key = { # If in case of remote Kevault Key # lz_key = "" # } - key_vault_key_key = "key1" + key_vault_key_key = "key1" keyvault = { # lz_key = "" # if in case of remote Keyvault key = "kv1" diff --git a/examples/compute/virtual_machine/215-vm-keyvault-for-windows-extension/keyvaults.tfvars b/examples/compute/virtual_machine/215-vm-keyvault-for-windows-extension/keyvaults.tfvars index 1867dbcc01..c33a540061 100644 --- a/examples/compute/virtual_machine/215-vm-keyvault-for-windows-extension/keyvaults.tfvars +++ b/examples/compute/virtual_machine/215-vm-keyvault-for-windows-extension/keyvaults.tfvars @@ -10,7 +10,7 @@ keyvaults = { # policy to access secrets (required retrieve the admin credentials to RDP into VMs) secret_permissions = ["Set", "Get", "List", "Delete", "Purge", "Recover"] # need policy so current user can mange certificates in this key vault - certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Purge", "Recover", "Getissuers", "Setissuers", "Listissuers", "Deleteissuers", "Manageissuers", "Restore", "Managecontacts"] + certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Purge", "Recover", "GetIssuers", "SetIssuers", "ListIssuers", "DeleteIssuers", "ManageIssuers", "Restore", "ManageContacts"] } } } diff --git a/examples/compute/virtual_machine/215-vm-keyvault-for-windows-extension/networking.tfvars b/examples/compute/virtual_machine/215-vm-keyvault-for-windows-extension/networking.tfvars index dc757e118d..f5ffdc524a 100644 --- a/examples/compute/virtual_machine/215-vm-keyvault-for-windows-extension/networking.tfvars +++ b/examples/compute/virtual_machine/215-vm-keyvault-for-windows-extension/networking.tfvars @@ -9,7 +9,7 @@ network_security_group_definition = { priority = "101" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" source_address_prefix = "*" destination_address_prefix = "*" @@ -18,7 +18,7 @@ network_security_group_definition = { ] } } -# basic vnet that VMs connect to +# Basic vnet that VMs connect to vnets = { vnet1 = { resource_group_key = "rg1" diff --git a/examples/compute/virtual_machine_scale_set/100-linux-win-vmss-lb/configuration.tfvars b/examples/compute/virtual_machine_scale_set/100-linux-win-vmss-lb/configuration.tfvars index 01f09f7806..8a6cffab64 100644 --- a/examples/compute/virtual_machine_scale_set/100-linux-win-vmss-lb/configuration.tfvars +++ b/examples/compute/virtual_machine_scale_set/100-linux-win-vmss-lb/configuration.tfvars @@ -108,7 +108,7 @@ public_ip_addresses = { load_balancers = { lb1 = { name = "lb-vmss" - sku = "basic" + sku = "Basic" resource_group_key = "rg1" backend_address_pool_name = "vmss1" frontend_ip_configurations = { @@ -120,7 +120,7 @@ load_balancers = { } lb2 = { name = "lb-vmss2" - sku = "basic" + sku = "Basic" resource_group_key = "rg1" backend_address_pool_name = "vmss1" frontend_ip_configurations = { diff --git a/examples/compute/virtual_machine_scale_set/102-linux-win-vmss-custom-script-extension/configuration.tfvars b/examples/compute/virtual_machine_scale_set/102-linux-win-vmss-custom-script-extension/configuration.tfvars index 06d3cfdd9c..5f424672d9 100644 --- a/examples/compute/virtual_machine_scale_set/102-linux-win-vmss-custom-script-extension/configuration.tfvars +++ b/examples/compute/virtual_machine_scale_set/102-linux-win-vmss-custom-script-extension/configuration.tfvars @@ -181,7 +181,7 @@ public_ip_addresses = { load_balancers = { lb1 = { name = "lb-vmss1" - sku = "basic" + sku = "Basic" resource_group_key = "example_vmss_rg1" backend_address_pool_name = "vmss1" frontend_ip_configurations = { @@ -205,7 +205,7 @@ load_balancers = { resource_group_key = "example_vmss_rg1" load_balancer_key = "lb1" lb_rule_name = "rule1" - protocol = "tcp" + protocol = "Tcp" probe_id_key = "probe1" frontend_port = "22" backend_port = "22" @@ -220,7 +220,7 @@ load_balancers = { } lb2 = { name = "lb-vmss2" - sku = "basic" + sku = "Basic" resource_group_key = "example_vmss_rg1" backend_address_pool_name = "vmss2" frontend_ip_configurations = { @@ -244,7 +244,7 @@ load_balancers = { resource_group_key = "example_vmss_rg1" load_balancer_key = "lb2" lb_rule_name = "rule1" - protocol = "tcp" + protocol = "Tcp" probe_id_key = "probe1" frontend_port = "3389" backend_port = "3389" diff --git a/examples/compute/virtual_machine_scale_set/103-linux-win-vmss-domain-join-extension/configuration.tfvars b/examples/compute/virtual_machine_scale_set/103-linux-win-vmss-domain-join-extension/configuration.tfvars index 332b13b24c..5353172dd1 100644 --- a/examples/compute/virtual_machine_scale_set/103-linux-win-vmss-domain-join-extension/configuration.tfvars +++ b/examples/compute/virtual_machine_scale_set/103-linux-win-vmss-domain-join-extension/configuration.tfvars @@ -155,7 +155,7 @@ public_ip_addresses = { load_balancers = { lb1 = { name = "lb-vmss" - sku = "basic" + sku = "Basic" resource_group_key = "rg1" backend_address_pool_name = "vmss1" frontend_ip_configurations = { @@ -167,7 +167,7 @@ load_balancers = { } lb2 = { name = "lb-vmss2" - sku = "basic" + sku = "Basic" resource_group_key = "rg1" backend_address_pool_name = "vmss1" frontend_ip_configurations = { diff --git a/examples/compute/virtual_machine_scale_set/104-linux-win-vmss-as-lb/configuration.tfvars b/examples/compute/virtual_machine_scale_set/104-linux-win-vmss-as-lb/configuration.tfvars index 88fbf0f5f7..96b867d738 100644 --- a/examples/compute/virtual_machine_scale_set/104-linux-win-vmss-as-lb/configuration.tfvars +++ b/examples/compute/virtual_machine_scale_set/104-linux-win-vmss-as-lb/configuration.tfvars @@ -109,7 +109,7 @@ public_ip_addresses = { load_balancers = { lb1 = { name = "lb-vmss" - sku = "basic" + sku = "Basic" resource_group_key = "rg1" backend_address_pool_name = "vmss1" frontend_ip_configurations = { @@ -121,7 +121,7 @@ load_balancers = { } lb2 = { name = "lb-vmss2" - sku = "basic" + sku = "Basic" resource_group_key = "rg1" backend_address_pool_name = "vmss1" frontend_ip_configurations = { diff --git a/examples/compute/virtual_machine_scale_set/105-linux-win-vmss-autorepair/configuration.tfvars b/examples/compute/virtual_machine_scale_set/105-linux-win-vmss-autorepair/configuration.tfvars index 5e22758626..2a0b5811e2 100644 --- a/examples/compute/virtual_machine_scale_set/105-linux-win-vmss-autorepair/configuration.tfvars +++ b/examples/compute/virtual_machine_scale_set/105-linux-win-vmss-autorepair/configuration.tfvars @@ -124,7 +124,7 @@ load_balancers = { resource_group_key = "lb" load_balancer_key = "lb1" lb_rule_name = "rule1" - protocol = "tcp" + protocol = "Tcp" probe_id_key = "probe1" frontend_port = "22" backend_port = "22" @@ -157,7 +157,7 @@ load_balancers = { resource_group_key = "lb" load_balancer_key = "lb1" lb_rule_name = "rule1" - protocol = "tcp" + protocol = "Tcp" probe_id_key = "probe1" frontend_port = "3389" backend_port = "3389" diff --git a/examples/compute/virtual_machine_scale_set/106-linux-win-vmss-diagnostic-extensions/configuration.tfvars b/examples/compute/virtual_machine_scale_set/106-linux-win-vmss-diagnostic-extensions/configuration.tfvars new file mode 100644 index 0000000000..e5b16a92df --- /dev/null +++ b/examples/compute/virtual_machine_scale_set/106-linux-win-vmss-diagnostic-extensions/configuration.tfvars @@ -0,0 +1,391 @@ +global_settings = { + default_region = "region1" + regions = { + region1 = "southeastasia" + } +} + +tags = { + level = "100" +} + +resource_groups = { + rg1 = { + name = "vmss-lb-cse-rg" + } +} + +storage_accounts = { + sa1 = { + name = "sa1" + resource_group_key = "rg1" + # Account types are BlobStorage, BlockBlobStorage, FileStorage, Storage and StorageV2. Defaults to StorageV2 + #account_kind = "BlobStorage" + # Account Tier options are Standard and Premium. For BlockBlobStorage and FileStorage accounts only Premium is valid. + account_tier = "Standard" + # Valid options are LRS, GRS, RAGRS, ZRS, GZRS and RAGZRS + account_replication_type = "LRS" # https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy + containers = { + files = { + name = "files" + } + } + } +} + +# Give managed identity Storage Blob Data reader and executing user Storage Blob Data Contributor permissions on storage account +role_mapping = { + built_in_role_mapping = { + storage_accounts = { + sa1 = { + "Storage Blob Data Reader" = { + managed_identities = { + keys = ["user_mi"] + } + } + "Storage Blob Data Contributor" = { + logged_in = { + keys = ["user"] + } + } + } + } + } +} + +vnets = { + vnet1 = { + resource_group_key = "rg1" + vnet = { + name = "vmss" + address_space = ["10.100.0.0/16"] + } + specialsubnets = {} + subnets = { + subnet1 = { + name = "compute" + cidr = ["10.100.1.0/24"] + } + } + } +} + +keyvaults = { + example_vm_rg1 = { + name = "vmsecretskv" + resource_group_key = "rg1" + sku_name = "standard" + tags = { + env = "Standalone" + } + creation_policies = { + logged_in_user = { + secret_permissions = ["Set", "Get", "List", "Delete", "Purge", "Recover"] + } + } + } +} + +# Store output attributes into keyvault secret +dynamic_keyvault_secrets = { + example_vm_rg1 = { # Key of the keyvault + vmadmin-username = { + secret_name = "vmadmin-username" + value = "vmadmin" + } + vmadmin-password = { + secret_name = "vmadmin-password" + value = "Very@Str5ngP!44w0rdToChaNge#" + } + } +} + +diagnostic_storage_accounts = { + # Stores boot diagnostic for region1 + bootdiag1 = { + name = "lebootdiag1" + resource_group_key = "rg1" + account_kind = "StorageV2" + account_tier = "Standard" + account_replication_type = "LRS" + access_tier = "Cool" + } +} + +# Application security groups +application_security_groups = { + app_sg1 = { + resource_group_key = "rg1" + name = "app_sg1" + } +} + +# Load Balancer +public_ip_addresses = { + lb_pip1 = { + name = "lb_pip1" + resource_group_key = "rg1" + sku = "Basic" + # Note: For UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be sku "Basic" not "Standard" + allocation_method = "Dynamic" + # allocation method needs to be Dynamic + ip_version = "IPv4" + idle_timeout_in_minutes = "4" + } + lb_pip2 = { + name = "lb_pip2" + resource_group_key = "rg1" + sku = "Basic" + # Note: For UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be sku "Basic" not "Standard" + allocation_method = "Dynamic" + # allocation method needs to be Dynamic + ip_version = "IPv4" + idle_timeout_in_minutes = "4" + } +} + +# Public Load Balancer will be created. For Internal/Private Load Balancer config, please refer 102-internal-load-balancer example. +load_balancers = { + lb1 = { + name = "lb-vmss" + sku = "Basic" + resource_group_key = "rg1" + backend_address_pool_name = "vmss1" + frontend_ip_configurations = { + config1 = { + name = "config1" + public_ip_address_key = "lb_pip1" + } + } + } + lb2 = { + name = "lb-vmss2" + sku = "Basic" + resource_group_key = "rg1" + backend_address_pool_name = "vmss1" + frontend_ip_configurations = { + config1 = { + name = "config1" + public_ip_address_key = "lb_pip2" + } + } + } +} + +virtual_machine_scale_sets = { + vmss1 = { + resource_group_key = "rg1" + boot_diagnostics_storage_account_key = "bootdiag1" + os_type = "linux" + keyvault_key = "kv1" + + vmss_settings = { + linux = { + name = "linux_vmss1" + computer_name_prefix = "lnx" + sku = "Standard_F2" + instances = 1 + admin_username = "adminuser" + disable_password_authentication = true + provision_vm_agent = true + priority = "Spot" + eviction_policy = "Deallocate" + ultra_ssd_enabled = false # required if planning to use UltraSSD_LRS + + upgrade_mode = "Manual" # Automatic / Rolling / Manual + + # rolling_upgrade_policy = { + # # Only for upgrade mode = "Automatic / Rolling " + # max_batch_instance_percent = 20 + # max_unhealthy_instance_percent = 20 + # max_unhealthy_upgraded_instance_percent = 20 + # pause_time_between_batches = "" + # } + # automatic_os_upgrade_policy = { + # # Only for upgrade mode = "Automatic" + # disable_automatic_rollback = false + # enable_automatic_os_upgrade = true + # } + + os_disk = { + caching = "ReadWrite" + storage_account_type = "Standard_LRS" + disk_size_gb = 128 + # disk_encryption_set_key = "" + # lz_key = "" + } + + + # custom_image_id = "" + + source_image_reference = { + publisher = "Canonical" + offer = "UbuntuServer" + sku = "18.04-LTS" + version = "latest" + } + + } + } + + network_interfaces = { + # option to assign each nic to different LB/ App GW + + nic0 = { + + name = "0" + primary = true + vnet_key = "vnet1" + subnet_key = "subnet1" + load_balancers = { + lb1 = { + lb_key = "lb1" + # lz_key = "" + } + } + + application_security_groups = { + asg1 = { + asg_key = "app_sg1" + # lz_key = "" + } + } + + enable_accelerated_networking = false + enable_ip_forwarding = false + internal_dns_name_label = "nic0" + } + } + + data_disks = { + data1 = { + caching = "None" # None / ReadOnly / ReadWrite + create_option = "Empty" # Empty / FromImage (only if source image includes data disks) + disk_size_gb = "10" + lun = 1 + storage_account_type = "Standard_LRS" # UltraSSD_LRS only possible when > additional_capabilities { ultra_ssd_enabled = true } + disk_iops_read_write = 100 # only for UltraSSD Disks + disk_mbps_read_write = 100 # only for UltraSSD Disks + write_accelerator_enabled = false # true requires Premium_LRS and caching = "None" + # disk_encryption_set_key = "set1" + # lz_key = "" # lz_key for disk_encryption_set_key if remote + } + } + + virtual_machine_scale_set_extensions = { + da_extension = { + name = "DAExtension" + publisher = "Microsoft.Azure.Monitoring.DependencyAgent" + type = "DependencyAgentLinux" + type_handler_version = "9.5" + auto_upgrade_minor_version = false + } + + } + } + + vmss2 = { + resource_group_key = "rg1" + provision_vm_agent = true + boot_diagnostics_storage_account_key = "bootdiag1" + os_type = "windows" + keyvault_key = "kv1" + + vmss_settings = { + windows = { + name = "win" + computer_name_prefix = "win" + sku = "Standard_F2" + instances = 1 + admin_username = "adminuser" + disable_password_authentication = true + priority = "Spot" + eviction_policy = "Deallocate" + + upgrade_mode = "Manual" # Automatic / Rolling / Manual + + # rolling_upgrade_policy = { + # # Only for upgrade mode = "Automatic / Rolling " + # max_batch_instance_percent = 20 + # max_unhealthy_instance_percent = 20 + # max_unhealthy_upgraded_instance_percent = 20 + # pause_time_between_batches = "" + # } + # automatic_os_upgrade_policy = { + # # Only for upgrade mode = "Automatic" + # disable_automatic_rollback = false + # enable_automatic_os_upgrade = true + # } + + os_disk = { + caching = "ReadWrite" + storage_account_type = "Standard_LRS" + disk_size_gb = 128 + } + + + source_image_reference = { + publisher = "MicrosoftWindowsServer" + offer = "WindowsServer" + sku = "2016-Datacenter" + version = "latest" + } + + } + } + + network_interfaces = { + nic0 = { + # Value of the keys from networking.tfvars + name = "0" + primary = true + vnet_key = "vnet1" + subnet_key = "subnet1" + + load_balancers = { + lb2 = { + lb_key = "lb2" + # lz_key = "" + } + } + + application_security_groups = { + asg1 = { + asg_key = "app_sg1" + # lz_key = "" + } + } + + enable_accelerated_networking = false + enable_ip_forwarding = false + internal_dns_name_label = "nic0" + } + } + ultra_ssd_enabled = false # required if planning to use UltraSSD_LRS + + data_disks = { + data1 = { + caching = "None" # None / ReadOnly / ReadWrite + create_option = "Empty" # Empty / FromImage (only if source image includes data disks) + disk_size_gb = "10" + lun = 1 + storage_account_type = "Standard_LRS" # UltraSSD_LRS only possible when > additional_capabilities { ultra_ssd_enabled = true } + disk_iops_read_write = 100 # only for UltraSSD Disks + disk_mbps_read_write = 100 # only for UltraSSD Disks + write_accelerator_enabled = false # true requires Premium_LRS and caching = "None" + # disk_encryption_set_key = "set1" + # lz_key = "" # lz_key for disk_encryption_set_key if remote + } + } + + virtual_machine_scale_set_extensions = { + microsoft_azure_domainjoin = { + domain_name = "test.local" + ou_path = "OU=test,DC=test,DC=local" + restart = "true" + # specify the AKV location of the password to retrieve for domain join operation + } + } + + } +} diff --git a/examples/compute/virtual_machine_scale_set/106-vmss_monitoring/configuration.tfvars b/examples/compute/virtual_machine_scale_set/106-vmss_monitoring/configuration.tfvars index 1fcffd08f5..859d1368d3 100644 --- a/examples/compute/virtual_machine_scale_set/106-vmss_monitoring/configuration.tfvars +++ b/examples/compute/virtual_machine_scale_set/106-vmss_monitoring/configuration.tfvars @@ -170,7 +170,7 @@ public_ip_addresses = { load_balancers = { lb1 = { name = "lb-vmss1" - sku = "basic" + sku = "Basic" resource_group_key = "example_vmss_rg1" backend_address_pool_name = "vmss1" frontend_ip_configurations = { @@ -194,7 +194,7 @@ load_balancers = { resource_group_key = "example_vmss_rg1" load_balancer_key = "lb1" lb_rule_name = "rule1" - protocol = "tcp" + protocol = "Tcp" probe_id_key = "probe1" frontend_port = "22" backend_port = "22" @@ -209,7 +209,7 @@ load_balancers = { } lb2 = { name = "lb-vmss2" - sku = "basic" + sku = "Basic" resource_group_key = "example_vmss_rg1" backend_address_pool_name = "vmss2" frontend_ip_configurations = { @@ -233,7 +233,7 @@ load_balancers = { resource_group_key = "example_vmss_rg1" load_balancer_key = "lb2" lb_rule_name = "rule1" - protocol = "tcp" + protocol = "Tcp" probe_id_key = "probe1" frontend_port = "3389" backend_port = "3389" diff --git a/examples/compute/virtual_machine_scale_set/106-windows-vmss-data-factory-self-hosted-runtime/configuration.tfvars b/examples/compute/virtual_machine_scale_set/106-windows-vmss-data-factory-self-hosted-runtime/configuration.tfvars index 2750c293f6..9f59072e60 100644 --- a/examples/compute/virtual_machine_scale_set/106-windows-vmss-data-factory-self-hosted-runtime/configuration.tfvars +++ b/examples/compute/virtual_machine_scale_set/106-windows-vmss-data-factory-self-hosted-runtime/configuration.tfvars @@ -38,7 +38,7 @@ keyvaults = { purge_protection_enabled = true creation_policies = { logged_in_user = { - certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Purge", "Recover", "Getissuers", "Setissuers", "Listissuers", "Deleteissuers", "Manageissuers", "Restore", "Managecontacts"] + certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Purge", "Recover", "GetIssuers", "SetIssuers", "ListIssuers", "DeleteIssuers", "ManageIssuers", "Restore", "ManageContacts"] secret_permissions = ["Set", "Get", "List", "Delete", "Purge", "Recover"] } } @@ -135,7 +135,7 @@ application_security_groups = { load_balancers = { lb-vmss = { name = "lb-vmss" - sku = "basic" + sku = "Basic" resource_group_key = "integration" backend_address_pool_name = "vmss1" frontend_ip_configurations = { @@ -157,7 +157,7 @@ load_balancers = { resource_group_key = "integration" load_balancer_key = "lb-vmss" lb_rule_name = "rule1" - protocol = "tcp" + protocol = "Tcp" probe_id_key = "probe1" frontend_port = "3389" backend_port = "3389" diff --git a/examples/compute/virtual_machine_scale_set/107-linux-win-vmss-application-health-extension/configuration.tfvars b/examples/compute/virtual_machine_scale_set/107-linux-win-vmss-application-health-extension/configuration.tfvars index 6dd38da304..e53262a206 100644 --- a/examples/compute/virtual_machine_scale_set/107-linux-win-vmss-application-health-extension/configuration.tfvars +++ b/examples/compute/virtual_machine_scale_set/107-linux-win-vmss-application-health-extension/configuration.tfvars @@ -155,7 +155,7 @@ public_ip_addresses = { load_balancers = { lb1 = { name = "lb-vmss" - sku = "basic" + sku = "Basic" resource_group_key = "rg1" backend_address_pool_name = "vmss1" frontend_ip_configurations = { @@ -167,7 +167,7 @@ load_balancers = { } lb2 = { name = "lb-vmss2" - sku = "basic" + sku = "Basic" resource_group_key = "rg1" backend_address_pool_name = "vmss1" frontend_ip_configurations = { diff --git a/examples/compute/virtual_machine_scale_set/108-linux-win-vmss-keyvault-extension/configuration.tfvars b/examples/compute/virtual_machine_scale_set/108-linux-win-vmss-keyvault-extension/configuration.tfvars index 04e94d6b62..5cb0b3b9a1 100644 --- a/examples/compute/virtual_machine_scale_set/108-linux-win-vmss-keyvault-extension/configuration.tfvars +++ b/examples/compute/virtual_machine_scale_set/108-linux-win-vmss-keyvault-extension/configuration.tfvars @@ -242,7 +242,7 @@ public_ip_addresses = { load_balancers = { lb1 = { name = "lb-vmss" - sku = "basic" + sku = "Basic" resource_group_key = "rg1" backend_address_pool_name = "vmss1" frontend_ip_configurations = { @@ -254,7 +254,7 @@ load_balancers = { } lb2 = { name = "lb-vmss2" - sku = "basic" + sku = "Basic" resource_group_key = "rg1" backend_address_pool_name = "vmss1" frontend_ip_configurations = { diff --git a/examples/consumption_budget/105-consumption-budget-subscription-aks/networking.tfvars b/examples/consumption_budget/105-consumption-budget-subscription-aks/networking.tfvars index 04a9ceba6a..b8ed1dda00 100644 --- a/examples/consumption_budget/105-consumption-budget-subscription-aks/networking.tfvars +++ b/examples/consumption_budget/105-consumption-budget-subscription-aks/networking.tfvars @@ -53,7 +53,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "*" @@ -64,7 +64,7 @@ network_security_group_definition = { priority = "110" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -75,7 +75,7 @@ network_security_group_definition = { priority = "100" direction = "Outbound" access = "Allow" - protocol = "udp" + protocol = "Udp" source_port_range = "*" destination_port_range = "1194" source_address_prefix = "*" @@ -86,7 +86,7 @@ network_security_group_definition = { priority = "110" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "9000" source_address_prefix = "*" @@ -97,7 +97,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "udp" + protocol = "Udp" source_port_range = "*" destination_port_range = "123" source_address_prefix = "*" @@ -108,7 +108,7 @@ network_security_group_definition = { priority = "130" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -124,7 +124,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -135,7 +135,7 @@ network_security_group_definition = { priority = "120" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "135" source_address_prefix = "GatewayManager" @@ -146,7 +146,7 @@ network_security_group_definition = { priority = "121" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "4443" source_address_prefix = "GatewayManager" @@ -157,7 +157,7 @@ network_security_group_definition = { priority = "103" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" @@ -168,7 +168,7 @@ network_security_group_definition = { priority = "101" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "*" @@ -179,7 +179,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" diff --git a/examples/cosmos_db/100-simple-cosmos-db-gremlin/gremlin_databases.tfvars b/examples/cosmos_db/100-simple-cosmos-db-gremlin/gremlin_databases.tfvars index c79bd7fc38..14719c716b 100644 --- a/examples/cosmos_db/100-simple-cosmos-db-gremlin/gremlin_databases.tfvars +++ b/examples/cosmos_db/100-simple-cosmos-db-gremlin/gremlin_databases.tfvars @@ -72,7 +72,7 @@ cosmos_dbs = { index_policies = { index_policy_1 = { automatic = true - indexing_mode = "Consistent" + indexing_mode = "consistent" included_paths = ["/*"] excluded_paths = ["/\"_etag\"/?"] } diff --git a/examples/cosmos_db/100-simple-cosmos-db-mongo/mongodb_databases.tfvars b/examples/cosmos_db/100-simple-cosmos-db-mongo/mongodb_databases.tfvars index 02cf1c933c..2a542b98dc 100644 --- a/examples/cosmos_db/100-simple-cosmos-db-mongo/mongodb_databases.tfvars +++ b/examples/cosmos_db/100-simple-cosmos-db-mongo/mongodb_databases.tfvars @@ -66,7 +66,7 @@ cosmos_dbs = { name = "cosmos-mongo-excoll" shard_key = "user_id" thoughput = 400 - default_ttl_seconds = 0 + default_ttl_seconds = 55 indexes = { index_1 = { keys = ["user_id"] diff --git a/examples/data_explorer/102-kusto_clusters_vnet/configuration.tfvars b/examples/data_explorer/102-kusto_clusters_vnet/configuration.tfvars index 19a7801957..a05c8648e2 100644 --- a/examples/data_explorer/102-kusto_clusters_vnet/configuration.tfvars +++ b/examples/data_explorer/102-kusto_clusters_vnet/configuration.tfvars @@ -20,7 +20,7 @@ network_security_group_definition = { priority = "100" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -31,7 +31,7 @@ network_security_group_definition = { priority = "101" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -42,7 +42,7 @@ network_security_group_definition = { priority = "102" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -53,7 +53,7 @@ network_security_group_definition = { priority = "103" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "5671" source_address_prefix = "*" @@ -64,7 +64,7 @@ network_security_group_definition = { priority = "104" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -75,7 +75,7 @@ network_security_group_definition = { priority = "105" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -86,7 +86,7 @@ network_security_group_definition = { priority = "106" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "*" @@ -97,7 +97,7 @@ network_security_group_definition = { priority = "107" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "*" source_address_prefix = "*" @@ -108,7 +108,7 @@ network_security_group_definition = { # priority = "108" # direction = "Outbound" # access = "Allow" - # protocol = "tcp" + # protocol = "Tcp" # source_port_range = "*" # destination_port_range = "*" # source_address_prefix = "*" diff --git a/examples/data_factory/115-data_factory_runtime_self_hoste_databricks/nsg.tfvars b/examples/data_factory/115-data_factory_runtime_self_hoste_databricks/nsg.tfvars index 15d80a9145..cffc48d21d 100644 --- a/examples/data_factory/115-data_factory_runtime_self_hoste_databricks/nsg.tfvars +++ b/examples/data_factory/115-data_factory_runtime_self_hoste_databricks/nsg.tfvars @@ -39,7 +39,7 @@ network_security_group_definition = { priority = "102" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "5557" source_address_prefix = "AzureDatabricks" @@ -51,7 +51,7 @@ network_security_group_definition = { priority = "101" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "AzureDatabricks" @@ -63,7 +63,7 @@ network_security_group_definition = { priority = "104" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "9093" source_address_prefix = "VirtualNetwork" @@ -75,7 +75,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "*" source_address_prefix = "VirtualNetwork" @@ -87,7 +87,7 @@ network_security_group_definition = { priority = "103" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "*" source_address_prefix = "VirtualNetwork" @@ -99,7 +99,7 @@ network_security_group_definition = { priority = "101" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3306" source_address_prefix = "VirtualNetwork" @@ -111,7 +111,7 @@ network_security_group_definition = { priority = "102" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -123,7 +123,7 @@ network_security_group_definition = { priority = "100" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" diff --git a/examples/databricks/101-standard-databricks-vnet/configuration.tfvars b/examples/databricks/101-standard-databricks-vnet/configuration.tfvars index 11827fab39..c7ef9f153b 100644 --- a/examples/databricks/101-standard-databricks-vnet/configuration.tfvars +++ b/examples/databricks/101-standard-databricks-vnet/configuration.tfvars @@ -123,7 +123,7 @@ network_security_group_definition = { priority = "102" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "5557" source_address_prefix = "AzureDatabricks" @@ -135,7 +135,7 @@ network_security_group_definition = { priority = "101" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "AzureDatabricks" @@ -147,7 +147,7 @@ network_security_group_definition = { priority = "104" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "9093" source_address_prefix = "VirtualNetwork" @@ -159,7 +159,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "*" source_address_prefix = "VirtualNetwork" @@ -171,7 +171,7 @@ network_security_group_definition = { priority = "103" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "*" source_address_prefix = "VirtualNetwork" @@ -183,7 +183,7 @@ network_security_group_definition = { priority = "101" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3306" source_address_prefix = "VirtualNetwork" @@ -195,7 +195,7 @@ network_security_group_definition = { priority = "102" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -207,7 +207,7 @@ network_security_group_definition = { priority = "100" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" diff --git a/examples/diagnostics_profiles/100-multiple-destinations/keyvaults.tfvars b/examples/diagnostics_profiles/100-multiple-destinations/keyvaults.tfvars index fd51701cfa..b0c646e795 100644 --- a/examples/diagnostics_profiles/100-multiple-destinations/keyvaults.tfvars +++ b/examples/diagnostics_profiles/100-multiple-destinations/keyvaults.tfvars @@ -8,7 +8,7 @@ keyvaults = { creation_policies = { logged_in_user = { secret_permissions = ["Set", "Get", "List", "Delete", "Purge"] - certificate_permissions = ["managecontacts", "manageissuers"] + certificate_permissions = ["ManageContacts", "ManageIssuers"] } } diff --git a/examples/digital_twins/101-adt-servicebus/configuration.tfvars b/examples/digital_twins/101-adt-servicebus/configuration.tfvars index 09b9c3494f..94209583e9 100644 --- a/examples/digital_twins/101-adt-servicebus/configuration.tfvars +++ b/examples/digital_twins/101-adt-servicebus/configuration.tfvars @@ -103,9 +103,9 @@ servicebus_namespaces = { key = "rg1" } name = "jstestbusaztfmod" - sku = "premium" # basic | standard | premium - capacity = 1 # capacity only for premium: 1,2,4,8,16 otherwise 0 - # zone_redundant = false # only true for premium + sku = "Premium" # Basic | standard | Premium + capacity = 1 # capacity only for Premium: 1,2,4,8,16 otherwise 0 + # zone_redundant = false # only true for Premium # tags = {} # optional namespace_auth_rules = { rule1 = { diff --git a/examples/identity/active_directory_domain_service/100-active_directory_domain_service-replica/nsg.tfvars b/examples/identity/active_directory_domain_service/100-active_directory_domain_service-replica/nsg.tfvars index 277ece28ae..370e327b24 100644 --- a/examples/identity/active_directory_domain_service/100-active_directory_domain_service-replica/nsg.tfvars +++ b/examples/identity/active_directory_domain_service/100-active_directory_domain_service-replica/nsg.tfvars @@ -10,7 +10,7 @@ network_security_group_definition = { priority = "400" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "CorpNetSaw" @@ -21,7 +21,7 @@ network_security_group_definition = { priority = "401" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "5986" source_address_prefix = "AzureActiveDirectoryDomainServices" @@ -32,7 +32,7 @@ network_security_group_definition = { priority = "400" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -43,7 +43,7 @@ network_security_group_definition = { priority = "401" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -54,7 +54,7 @@ network_security_group_definition = { priority = "402" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -65,7 +65,7 @@ network_security_group_definition = { priority = "403" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -76,7 +76,7 @@ network_security_group_definition = { priority = "404" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -87,7 +87,7 @@ network_security_group_definition = { priority = "405" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -98,7 +98,7 @@ network_security_group_definition = { priority = "406" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -117,7 +117,7 @@ network_security_group_definition = { priority = "400" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "CorpNetSaw" @@ -128,7 +128,7 @@ network_security_group_definition = { priority = "401" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "5986" source_address_prefix = "AzureActiveDirectoryDomainServices" @@ -139,7 +139,7 @@ network_security_group_definition = { priority = "400" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -150,7 +150,7 @@ network_security_group_definition = { priority = "401" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -161,7 +161,7 @@ network_security_group_definition = { priority = "402" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -172,7 +172,7 @@ network_security_group_definition = { priority = "403" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -183,7 +183,7 @@ network_security_group_definition = { priority = "404" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -194,7 +194,7 @@ network_security_group_definition = { priority = "405" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -205,7 +205,7 @@ network_security_group_definition = { priority = "406" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" diff --git a/examples/keyvault/101-keyvault-policies/keyvaults.tfvars b/examples/keyvault/101-keyvault-policies/keyvaults.tfvars index 394ce3d4ad..70a2b4cad8 100644 --- a/examples/keyvault/101-keyvault-policies/keyvaults.tfvars +++ b/examples/keyvault/101-keyvault-policies/keyvaults.tfvars @@ -12,7 +12,7 @@ keyvaults = { creation_policies = { logged_in_user = { secret_permissions = ["Set", "Get", "List", "Delete", "Purge"] - certificate_permissions = ["managecontacts", "manageissuers"] + certificate_permissions = ["ManageContacts", "ManageIssuers"] } } @@ -47,7 +47,7 @@ keyvaults = { creation_policies = { logged_in_user = { secret_permissions = ["Set", "Get", "List", "Delete", "Purge"] - certificate_permissions = ["managecontacts", "manageissuers"] + certificate_permissions = ["ManageContacts", "ManageIssuers"] } } diff --git a/examples/keyvault/102-keyvault-cert-issuer/configuration.tfvars b/examples/keyvault/102-keyvault-cert-issuer/configuration.tfvars index caaa7d303d..62a4072e3a 100644 --- a/examples/keyvault/102-keyvault-cert-issuer/configuration.tfvars +++ b/examples/keyvault/102-keyvault-cert-issuer/configuration.tfvars @@ -24,7 +24,7 @@ keyvaults = { # cert_password_key = "cert-password" creation_policies = { logged_in_user = { - certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Purge", "Recover", "Getissuers", "Setissuers", "Listissuers", "Deleteissuers", "Manageissuers", "Restore", "Managecontacts"] + certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Purge", "Recover", "GetIssuers", "SetIssuers", "ListIssuers", "DeleteIssuers", "ManageIssuers", "Restore", "ManageContacts"] secret_permissions = ["Set", "Get", "List", "Delete", "Purge"] } } diff --git a/examples/keyvault/103-keyvault-cert-request/configuration.tfvars b/examples/keyvault/103-keyvault-cert-request/configuration.tfvars index 5c793a93a7..c4c4ef7739 100644 --- a/examples/keyvault/103-keyvault-cert-request/configuration.tfvars +++ b/examples/keyvault/103-keyvault-cert-request/configuration.tfvars @@ -99,7 +99,7 @@ keyvaults = { sku_name = "standard" creation_policies = { logged_in_user = { - certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Purge", "Recover", "Getissuers", "Setissuers", "Listissuers", "Deleteissuers", "Manageissuers", "Restore", "Managecontacts"] + certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Purge", "Recover", "GetIssuers", "SetIssuers", "ListIssuers", "DeleteIssuers", "ManageIssuers", "Restore", "ManageContacts"] secret_permissions = ["Set", "Get", "List", "Delete", "Purge"] } } diff --git a/examples/keyvault/104-keyvault-dynamic-secret/configuration.tfvars b/examples/keyvault/104-keyvault-dynamic-secret/configuration.tfvars index 15749ee2e2..6845cd5464 100644 --- a/examples/keyvault/104-keyvault-dynamic-secret/configuration.tfvars +++ b/examples/keyvault/104-keyvault-dynamic-secret/configuration.tfvars @@ -24,7 +24,7 @@ keyvaults = { # cert_password_key = "cert-password" creation_policies = { logged_in_user = { - certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Purge", "Recover", "Getissuers", "Setissuers", "Listissuers", "Deleteissuers", "Manageissuers", "Restore", "Managecontacts"] + certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Purge", "Recover", "GetIssuers", "SetIssuers", "ListIssuers", "DeleteIssuers", "ManageIssuers", "Restore", "ManageContacts"] secret_permissions = ["Set", "Get", "List", "Delete", "Purge"] } } diff --git a/examples/keyvault/105-keyvault-dynamic-certificate/configuration.tfvars b/examples/keyvault/105-keyvault-dynamic-certificate/configuration.tfvars index 9ec7179706..b19d773d01 100644 --- a/examples/keyvault/105-keyvault-dynamic-certificate/configuration.tfvars +++ b/examples/keyvault/105-keyvault-dynamic-certificate/configuration.tfvars @@ -23,7 +23,7 @@ keyvaults = { sku_name = "standard" creation_policies = { logged_in_user = { - certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Purge", "Recover", "Getissuers", "Setissuers", "Listissuers", "Deleteissuers", "Manageissuers", "Restore", "Managecontacts"] + certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Purge", "Recover", "GetIssuers", "SetIssuers", "ListIssuers", "DeleteIssuers", "ManageIssuers", "Restore", "ManageContacts"] secret_permissions = ["Set", "Get", "List", "Delete", "Purge"] } } @@ -40,12 +40,12 @@ dynamic_keyvault_certificates = { # attribute_key = "certificate_bundle_pem" # } dynamic_certificate_pem = { - secret_name = "dynamic-certificate-pem" + secret_name = "dynamic-certificate-pem" // certificate base64 encoded - contents = "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRQ3lKR2o4dXlrTUN3UmIKcEx6NU9YWTJUcy9WaWpLKzZIV2ZVZTI2QlgxMzYwOXluWkZRbXhURHJkVlR1RXcrT1czcGxEUUlMTGZQSWNlZwozYzdCYnI0VlNNazhvNWFhaTFSclZKemxKMlUvNWlDK3l1Uk0wSFV5Y09RbE01K1NiU3QyY1gvSCtScTlOdTM0CmJBVXRIM0s4NE9yb2ZnRFBPb3dsRjdrSm0yL29WaGRkeTVqOU9DWUpIUmFSZys3R1ZlSnFDaHQ0NjNkYjlBMloKYXZ5a0VTb3EvWGpxR1NGTEpGRjBXb0ZFSklMRE0xY3ZyZWJRNEl6NTMwSWVDTHFqRjI5NzhOcFJGMTk2TTBKOApiVVk0STNtNTk3Nk04Vk8zVWxWUk53cThkZWc1YVVkeW04eVQ2T2cxaTlEZVZLRnlaOHVWaHJKZFI1WUNKMzI1CmxqeERiQUpyQWdNQkFBRUNnZ0VBTVp3WUxNSEdkWmNmMkpHeEdzclkwOWp3NGl3Qlk4OEM2cUo3VE1HNHBrdSsKclZHYUpWTjYzZCtzT0F0c0dDd1FJdXRsN2h6ZDkyNFYxUVBRVDJnU3dZU3FuaHVFbG5kVXhDc2xJbC90UDNWTQpDellmakJERmdvMlR5NVJyelBCZ0dUVVVlOUV3bEI4VytJYkVqa05peFp6eGJsdWd5QlVxOEMyQ0YxM1ZOV05GClRSc1c1SXpiUnpaQm9Rd1U0aFQ5NWJGNkxkcHp1NWRFNjY5eEZrSmh6cWVlczNqWkVLK3BvVWV0VjFneEt1TkUKUW5MN1ZPQXdraFp5UjR4cXg2cVZPaEw0QlFSempJSDUzRlJBRWFiWmZhUVRDMm0wVlNzMndlOFJhaFFTOEFrYwptNitpWkJHcVFhQ0lLVDBQSkhNbi9GaFVQTHNwZEU3b1Z5WXc4UU5OS1FLQmdRRE9Wa0hVU25oOFhCR2VwMExXClVtdmtRQ1VvcXMzZnhKMmh3VjMxZ2IwZEt4OUZPU25qMkRlUHFic2hsVWdBMW4vcnFXQ05aNnhNazh3OWh2dDkKSXlkWWg3TWVjK3l4VTYxaElET1ZkcUxFS2d1UWZ5akZ1NzNUYTNIRDlKOEZvazBmWmFINWxMd3k1NHUvVjBWSApmaUpzZ3RTOTZVZnRuUC93ZnRWZUlpdFFEd0tCZ1FEZEJPVkt5S2xyUWFuWVptVGRTVUxFaE1TQnRDdm50ZTM4ClgvM3NwRms5WE45Z0NzUnpoekozQkM3NzA4SUlOdVZJV1kzRzBoYUNRNDMweURna29SNm8yWTlNSU1TNkQwWUQKREVXaXM5c2pEQlFQNEMrMXc1ZVlKRWFWUllaeE1vMXBsZitrNk5DK3ZaSXYxQXlPQTQ1S0twUDhZSmdmNk5GQQpNY2h0UVRkTDVRS0JnSDlOZEp2M3ZsSnJzMnRCSXRsOFRKaXNnc0NPY1NwbjhpRkVYaVlFZjVzcGFjZVp0eUNkCjI5bkZESEZ4MnRTNWduN3hKMkxXM2RUNU12K2E4anFJbjlQZEZVUHFuZFBpSG94WUE3dHBVSTdhcWZ2aW1GTTIKdTYxZkV2ZWxTeDk4dlR4cnhmMW9LSnozZ3A3d3h3dU81TW95QmZPTnBCVVQwa3ljMUNPWnpVTTlBb0dBWjZ6aQpPZUJDeUpNMnJ0SHBRbndaRzhJRHc2dldaSXpNby9RTFVyUU5RR0dPVHFqK1dncnpPeXoxTlIreUJ0UnBYVFRVCjhveWVEbUROK0NMcll4TkpKSDlaWHFhSVlaYkVpcTE1Qk1kRlpmMUdjK1AvdlUyUWtNZURiSVgrZUo3MEFyRmcKQitWRjloTkt2YkRFYXVGMEg0bzFmTTk2ekkwVGl2OVBPeUM2WlprQ2dZQVdkUjNxYVJrUzJuVVNiT2hrS2s2ZgoyK0xkRWMwcmFuSE5EYW9kMzZTbDYrRm5RbVNSWC90QTB3UUFnZnhoRERlWENGR3lnV1EvKytTUmt3a0g1Nnp2CjYxb0lCWmlEdkd5YkYrb251dDRJRnlTU0NQM3BiQ2ExeHpVNVNUaVgzMTdOVUVkUG00M3hOVS96eVA3MFlid1UKc01rd1AvUXFmaVcyTVhVcTRoaEU3QT09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURiekNDQWxlZ0F3SUJBZ0lRUFMwL2ZLTlhWWUpoWW5YVm9zU0wxREFOQmdrcWhraUc5dzBCQVFzRkFEQVcKTVJRd0VnWURWUVFERXd0bGVHRnRjR3hsTG1OdmJUQWVGdzB5TWpBM01qWXhORFUxTlROYUZ3MHpNakEzTWpNeApORFUxTlROYU1GY3hDekFKQmdOVkJBWVRBbFZUTVJ3d0dnWURWUVFLRXhORmVHRnRjR3hsSUZObGJHWWdVMmxuCmJtVmtNUlF3RWdZRFZRUUxFd3RsZUdGdGNHeGxMbU52YlRFVU1CSUdBMVVFQXhNTFpYaGhiWEJzWlM1amIyMHcKZ2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3lKR2o4dXlrTUN3UmJwTHo1T1hZMgpUcy9WaWpLKzZIV2ZVZTI2QlgxMzYwOXluWkZRbXhURHJkVlR1RXcrT1czcGxEUUlMTGZQSWNlZzNjN0JicjRWClNNazhvNWFhaTFSclZKemxKMlUvNWlDK3l1Uk0wSFV5Y09RbE01K1NiU3QyY1gvSCtScTlOdTM0YkFVdEgzSzgKNE9yb2ZnRFBPb3dsRjdrSm0yL29WaGRkeTVqOU9DWUpIUmFSZys3R1ZlSnFDaHQ0NjNkYjlBMlphdnlrRVNvcQovWGpxR1NGTEpGRjBXb0ZFSklMRE0xY3ZyZWJRNEl6NTMwSWVDTHFqRjI5NzhOcFJGMTk2TTBKOGJVWTRJM201Cjk3Nk04Vk8zVWxWUk53cThkZWc1YVVkeW04eVQ2T2cxaTlEZVZLRnlaOHVWaHJKZFI1WUNKMzI1bGp4RGJBSnIKQWdNQkFBR2plREIyTUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSQpLd1lCQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCVEFxYWFkZ1diNGFLc1IyS2VFCmZlQ1NBNEFqZlRBV0JnTlZIUkVFRHpBTmdndGxlR0Z0Y0d4bExtTnZiVEFOQmdrcWhraUc5dzBCQVFzRkFBT0MKQVFFQVhSRkVraTVTbXJkL2p5OGk5TzBhYmpDSWczd0NpQkxaU0V0aE1MZ3hIbjZwUDN4K0xialZ3OGdOb0FQNApUNndaTmdhWkYvSlF0c09UQ2Ird0thenc0b1IvOE5xajFIWjdWT0hERU5yWVdPaG5nSjl0MFh1TC90OU1UaXBXCnRkR21wT0xVMURReU9VRFlJbWhhY05IVUxaeHd4TFdVU1F4Y25SSUJRTjdjemZ1NjFmcFp0dWFhMkhTYzIrVDkKNjFKeG5hRERlWldzQXQ1MXp3bjk0M3h2V3BFQjB1dGVKQnVIVWNUbUxGalVoaVV4RmxSM3Q0dWI0bDdPR1pmWgoxUG90OE4wM2lmNUN1N2lldGRhSUczYW4wNWZKYnJFTXVBaXFEdWtjb3FnNmxVRzlyZVdHQnRKUlBIMHMwRHNxCkVXNFM5Tzc2eHhUTWxLai9Tdlh2WHVkVUVBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" + contents = "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRQ3lKR2o4dXlrTUN3UmIKcEx6NU9YWTJUcy9WaWpLKzZIV2ZVZTI2QlgxMzYwOXluWkZRbXhURHJkVlR1RXcrT1czcGxEUUlMTGZQSWNlZwozYzdCYnI0VlNNazhvNWFhaTFSclZKemxKMlUvNWlDK3l1Uk0wSFV5Y09RbE01K1NiU3QyY1gvSCtScTlOdTM0CmJBVXRIM0s4NE9yb2ZnRFBPb3dsRjdrSm0yL29WaGRkeTVqOU9DWUpIUmFSZys3R1ZlSnFDaHQ0NjNkYjlBMloKYXZ5a0VTb3EvWGpxR1NGTEpGRjBXb0ZFSklMRE0xY3ZyZWJRNEl6NTMwSWVDTHFqRjI5NzhOcFJGMTk2TTBKOApiVVk0STNtNTk3Nk04Vk8zVWxWUk53cThkZWc1YVVkeW04eVQ2T2cxaTlEZVZLRnlaOHVWaHJKZFI1WUNKMzI1CmxqeERiQUpyQWdNQkFBRUNnZ0VBTVp3WUxNSEdkWmNmMkpHeEdzclkwOWp3NGl3Qlk4OEM2cUo3VE1HNHBrdSsKclZHYUpWTjYzZCtzT0F0c0dDd1FJdXRsN2h6ZDkyNFYxUVBRVDJnU3dZU3FuaHVFbG5kVXhDc2xJbC90UDNWTQpDellmakJERmdvMlR5NVJyelBCZ0dUVVVlOUV3bEI4VytJYkVqa05peFp6eGJsdWd5QlVxOEMyQ0YxM1ZOV05GClRSc1c1SXpiUnpaQm9Rd1U0aFQ5NWJGNkxkcHp1NWRFNjY5eEZrSmh6cWVlczNqWkVLK3BvVWV0VjFneEt1TkUKUW5MN1ZPQXdraFp5UjR4cXg2cVZPaEw0QlFSempJSDUzRlJBRWFiWmZhUVRDMm0wVlNzMndlOFJhaFFTOEFrYwptNitpWkJHcVFhQ0lLVDBQSkhNbi9GaFVQTHNwZEU3b1Z5WXc4UU5OS1FLQmdRRE9Wa0hVU25oOFhCR2VwMExXClVtdmtRQ1VvcXMzZnhKMmh3VjMxZ2IwZEt4OUZPU25qMkRlUHFic2hsVWdBMW4vcnFXQ05aNnhNazh3OWh2dDkKSXlkWWg3TWVjK3l4VTYxaElET1ZkcUxFS2d1UWZ5akZ1NzNUYTNIRDlKOEZvazBmWmFINWxMd3k1NHUvVjBWSApmaUpzZ3RTOTZVZnRuUC93ZnRWZUlpdFFEd0tCZ1FEZEJPVkt5S2xyUWFuWVptVGRTVUxFaE1TQnRDdm50ZTM4ClgvM3NwRms5WE45Z0NzUnpoekozQkM3NzA4SUlOdVZJV1kzRzBoYUNRNDMweURna29SNm8yWTlNSU1TNkQwWUQKREVXaXM5c2pEQlFQNEMrMXc1ZVlKRWFWUllaeE1vMXBsZitrNk5DK3ZaSXYxQXlPQTQ1S0twUDhZSmdmNk5GQQpNY2h0UVRkTDVRS0JnSDlOZEp2M3ZsSnJzMnRCSXRsOFRKaXNnc0NPY1NwbjhpRkVYaVlFZjVzcGFjZVp0eUNkCjI5bkZESEZ4MnRTNWduN3hKMkxXM2RUNU12K2E4anFJbjlQZEZVUHFuZFBpSG94WUE3dHBVSTdhcWZ2aW1GTTIKdTYxZkV2ZWxTeDk4dlR4cnhmMW9LSnozZ3A3d3h3dU81TW95QmZPTnBCVVQwa3ljMUNPWnpVTTlBb0dBWjZ6aQpPZUJDeUpNMnJ0SHBRbndaRzhJRHc2dldaSXpNby9RTFVyUU5RR0dPVHFqK1dncnpPeXoxTlIreUJ0UnBYVFRVCjhveWVEbUROK0NMcll4TkpKSDlaWHFhSVlaYkVpcTE1Qk1kRlpmMUdjK1AvdlUyUWtNZURiSVgrZUo3MEFyRmcKQitWRjloTkt2YkRFYXVGMEg0bzFmTTk2ekkwVGl2OVBPeUM2WlprQ2dZQVdkUjNxYVJrUzJuVVNiT2hrS2s2ZgoyK0xkRWMwcmFuSE5EYW9kMzZTbDYrRm5RbVNSWC90QTB3UUFnZnhoRERlWENGR3lnV1EvKytTUmt3a0g1Nnp2CjYxb0lCWmlEdkd5YkYrb251dDRJRnlTU0NQM3BiQ2ExeHpVNVNUaVgzMTdOVUVkUG00M3hOVS96eVA3MFlid1UKc01rd1AvUXFmaVcyTVhVcTRoaEU3QT09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURiekNDQWxlZ0F3SUJBZ0lRUFMwL2ZLTlhWWUpoWW5YVm9zU0wxREFOQmdrcWhraUc5dzBCQVFzRkFEQVcKTVJRd0VnWURWUVFERXd0bGVHRnRjR3hsTG1OdmJUQWVGdzB5TWpBM01qWXhORFUxTlROYUZ3MHpNakEzTWpNeApORFUxTlROYU1GY3hDekFKQmdOVkJBWVRBbFZUTVJ3d0dnWURWUVFLRXhORmVHRnRjR3hsSUZObGJHWWdVMmxuCmJtVmtNUlF3RWdZRFZRUUxFd3RsZUdGdGNHeGxMbU52YlRFVU1CSUdBMVVFQXhNTFpYaGhiWEJzWlM1amIyMHcKZ2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3lKR2o4dXlrTUN3UmJwTHo1T1hZMgpUcy9WaWpLKzZIV2ZVZTI2QlgxMzYwOXluWkZRbXhURHJkVlR1RXcrT1czcGxEUUlMTGZQSWNlZzNjN0JicjRWClNNazhvNWFhaTFSclZKemxKMlUvNWlDK3l1Uk0wSFV5Y09RbE01K1NiU3QyY1gvSCtScTlOdTM0YkFVdEgzSzgKNE9yb2ZnRFBPb3dsRjdrSm0yL29WaGRkeTVqOU9DWUpIUmFSZys3R1ZlSnFDaHQ0NjNkYjlBMlphdnlrRVNvcQovWGpxR1NGTEpGRjBXb0ZFSklMRE0xY3ZyZWJRNEl6NTMwSWVDTHFqRjI5NzhOcFJGMTk2TTBKOGJVWTRJM201Cjk3Nk04Vk8zVWxWUk53cThkZWc1YVVkeW04eVQ2T2cxaTlEZVZLRnlaOHVWaHJKZFI1WUNKMzI1bGp4RGJBSnIKQWdNQkFBR2plREIyTUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSQpLd1lCQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCVEFxYWFkZ1diNGFLc1IyS2VFCmZlQ1NBNEFqZlRBV0JnTlZIUkVFRHpBTmdndGxlR0Z0Y0d4bExtTnZiVEFOQmdrcWhraUc5dzBCQVFzRkFBT0MKQVFFQVhSRkVraTVTbXJkL2p5OGk5TzBhYmpDSWczd0NpQkxaU0V0aE1MZ3hIbjZwUDN4K0xialZ3OGdOb0FQNApUNndaTmdhWkYvSlF0c09UQ2Ird0thenc0b1IvOE5xajFIWjdWT0hERU5yWVdPaG5nSjl0MFh1TC90OU1UaXBXCnRkR21wT0xVMURReU9VRFlJbWhhY05IVUxaeHd4TFdVU1F4Y25SSUJRTjdjemZ1NjFmcFp0dWFhMkhTYzIrVDkKNjFKeG5hRERlWldzQXQ1MXp3bjk0M3h2V3BFQjB1dGVKQnVIVWNUbUxGalVoaVV4RmxSM3Q0dWI0bDdPR1pmWgoxUG90OE4wM2lmNUN1N2lldGRhSUczYW4wNWZKYnJFTXVBaXFEdWtjb3FnNmxVRzlyZVdHQnRKUlBIMHMwRHNxCkVXNFM5Tzc2eHhUTWxLai9Tdlh2WHVkVUVBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" } dynamic_certificate_pfx = { - secret_name = "dynamic-certificate-pfx" + secret_name = "dynamic-certificate-pfx" // certificate base64 encoded contents = "MIIM8wIBAzCCDL8GCSqGSIb3DQEHAaCCDLAEggysMIIMqDCCB18GCSqGSIb3DQEHBqCCB1AwggdMAgEAMIIHRQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIOn8btp7gM8oCAggAgIIHGH2SSQOxF/aCbG3YninS6Z/aGEFNJCcYLOgIhy2t0SrBAjBPgRYy+qcuB91XmmGUgyhr5xlN2OXpJ0FAusny4YP0MTqb4ojTAJuUFX/voLNwUxzJQTu87kVp+pdpXG05IqI6Sv/ubqGSQZYPIg6iKq7an2PJzJecGvSZx1DgHWLCN4YAhsd6P95ch5QMneM9Sag0o6F0lV87z6NT+RTqUCjpLzq/wvRrnJ8/SSO7E7g56RqteOz0kEh/wgbSEkjQK5E6DqfC5PoDOXj6fl6wi6InFe17B2TeJlwDfZfJkzZ4hwKetlOOT0B3dxO0TylqTbPxya1c5jRgY05YHFfWyyQaCrleDgDTeuGXFb70S0xDK7sLCgKmnnwVarVLTyRLhhaNmoCKuKhQpnSh2YUJSWCuDsQVVLUbulovtrUZP3GzwXk3NA+bevlgWPuoYCAFYQA4rBg2Ef8gmnxZNmURlnuEE23CywBdLIoJbjbK8RoZCYSa8Pu35y86Dtq8HeIfwVroDYvWhhSsT5sfJuNYZ/j8jMUFJJaCZYs1X0hFhWxAASXL/2P/Ll3ckWDfXuY+eu8bLjOUCgt36cpYqGNXSRUNSyxB+NqhxM0c3Zq+OagB2JhF+736ZocA4belcMrKKGVMlHm3jKQyTHnMT+dsVmrfsijU3SKcOdi5V7xdzrGwJ30l8I9h9irdaB+IuNoK3MT/go64oNR3A2ffDx4Co5UyICWzBUkhxOErAJJu4HIE3ygPTFC7HrusnjZstdhF5WwS3WTNT9asBV6VLBJ4/jyNS2fFhV445Z9kM65Emf16Gw29L42zcjl+oe3dS2zdb3jnpj/oBSeg156c/xol5Is2HfXNvEL1bydkCFKv5FAk4jPsr1UmRJt5b+uVF/Mdkdu2BOjUMOFRoxKcKEmjuVBggE28rIj+evUlP44zk1SoUDhxoaAyefo+963PrUmNEb18NqEKlLUJAqu1f0/544FQsPTJlMoEj7YZ+N+VQjXDb8vvBJv4Pn8y72aWUi8L6BLDvK4pg8plk2COPmdUdlDuHSIOQDbGUuAtvsciC8jxBcuJIZ/U/FB+GJpKFM0BFrnwmCve5wnLS4Ixwe+WeFX1H4C8tqJ3tJGTbPEThLvY1VugBH6BzJlFkpCH5j9N1IT9AoNNT7xGT5RZRakfLO7s4MIBsEFzW8zCPuuPuC9ryeorRzzSioewFVUIsXoiYjhan+JWgo622sxrfYO1n4uO2QQHzj6HoiBFUOYPHCMFGG8y/UJVXp4z9eRn+0JTndNHrutr6zUB99O5M7a/EU4MIJIQ5ButTcDMTEqOBddFjj+eoKFgENRkz5PpTuX+nlA2jMPv1cbhZmcoUWhJbioBONTSU2xozoB+gq5kh8Uq81lyXUoXSxDBSHEOrhOd5KyqTdQZO99br3icJzTXy5kOvc2hbx9NwK8WJQugaBomVgByyEei2OUVhH/WIXesrcX2el8if8oWQmCiDqLT9zjaWoTUsQM8L+C7QVSIv717kFJYeGWb2XfcKfYqWTI95n34zG3FJUkLch2hNSbb7ZMDZ1QHWx2l/qDr4f24ZkWce7RMiHjcAV+OH1oCAb732823/1KIo1MhiIoJPiqi7jtMzoI9rznFEtA2IRtkoW+w6qeGPTDuyF32OmuO6AHDtmUZS3TVPs/0xH5t0ZxFg0AWPZQQZ7BAqf6NWXbOtgHBuIZRQ409qwi7pIEMq4WjSa6P3VQU8HLip3U8uE37dn8dPGUSRqDYOfi1V8NJ7SlqxWoyxDOFz7mAfTsc014aZQNfwl9fRY5RDS0mcuo/WNoe9ISjEPtF2hopZU3oyWkNLqNKTK6hZNa1kkqlU+tkJaaTHccr16xHjlbgHiZFQRG6qe9gFaufUdYSpNnyCdtBB0zcoeA3yMCiQ2hUlk28ffVEQ1pvTMMlWotqLmgQJluletxociIetd8a+j0lJ5npq/p716PITvRY6Sr/A3+4Kk3itvuFZfEyvTEmZzyvoHD4PAWxpsQHdNRHMUhy29QOhYfjIkC6bO4/or/clpdW5O4skWlnL1bocg8gG2poZ0QgCNQez21ipH6AyWKrADdA61UJwBgP6RFQkRoyeCgTnsjDovB3wbgxftpgFja/m9hI1XSWHusp0OGcrUuya+cSetShkTZdh+Fa+KLzXckGlNcbpylW+terFyHstWtP37bE/C1K4OeLYFovf2APqMOQTi/+8YXinzo3s67whrgLwXZF80y0Zp+zYKRSPCnZZJBFkfSXcjIzm2XcLRNADtoz7GDXpubfjhxNNYR+6r+X+hAAP3JrxBoHffy2BslRBXMkXv1CedQR9o4Wdl3ss5AcyVY5c3YGOrcmXSE18eMnHFpE7/hqvVQELfTNQW1bAGHbQFlg+ZiRUd5ARW5kqPXPYl2e7u0KHN4wggVBBgkqhkiG9w0BBwGgggUyBIIFLjCCBSowggUmBgsqhkiG9w0BDAoBAqCCBO4wggTqMBwGCiqGSIb3DQEMAQMwDgQI07XZ77IH3fECAggABIIEyI34v47l0NUqzu/UKZBHi5gJhYhgZ6VmUOq1e/US1smmZ+iMs7GqnXTM14JRTo09qjplGFsmiHDLjBFl1vCHBeBmXkawbLQOh4nK9E49tibL42vDmHnk4WMYnZ2AcuL3krfNxtH0Z1zTv76UC8er0cmS8ZgyG4bYrbfhqcsSdQAd0bGWHF79DCcstSwhocjM583m1LrrP99IrBdh46+5XFEyx6cm85PjJw3Em73ql8RoymmREz5m8zCwt/5x9uv6JAGxNfobqEVn0FIiqVO29qk7SPmoM1cN92c8IbVQFGUSkXw1JNuvJzIt6fKOV7ISKr1mhIKIIwaCQgzaiOa6Rr2M8vSJFYM9lYXpaaaUj0aGzALjtKHk2oOh4SHTLqtCag2WCOrFYEPMcf8wdchGwNmLNlpoqlZFD22EZOWBl3sbTxHEstZ9KW37NCeoyW1t14pCPyQfQa0OKu8jcqUEZZgGYBAgZ0ogc+a8efvtoNFKyPF0CX0mrl0uN7jT8YtoQGgFZSda30hWoDU0zzei/RArJRozg/L+6Sh3ySc+w418P9tqe29pnqz2rEOLAAVETvtxHAXasn8x7fCks4nwtbvvghVNNhTj69Es8S+5I3jlBDKp28IFejZSzaQeI4dukQeJ/xU9TbJBTLbQC/6Y/eqZXITThln5YJ1qbQBAdC6Ztkyxj6M1eq4ffLbtNqH9auOaxUor1u84qt2Ekm+s8LWv6sIBS6GpmKOQRrMqiEvjtq5eQ9uL0owho5Q+3qb6knihGVMcFk99fiU0EZ7JkAMBST9wl8g/almb7PwW6982Q5E/IRK0W3b1iegTD5QcwGXZl+x2mlBX15O+7Vlgo0VXVBhIAWlj5yax9Jk2Pxdk9EZQ6xqIxu98CY8BVt0l4kyKP9YrDWXsQS/8A8CPLkx6n289SaIerRfcMtejorizil9pn5lyDG/eN2I6gZkZ+hvIZHNHqubbIh/S6mMvX0wiR/O2j8bBYplmF+NjxdOJO8MSmIXXONIxFNLHupzgwXn0EO531YCKvEEFC6mUyTjlCeCNkjsA2Ler2xxj6TcGLRb283x5L9x9SyMpYsAzQjmT9MN0Tt9UaqDiWSOlUIGGNsEHZp+cqD6+wLXJ28ZPORc2eWQ7NybuzfvMOrH3GOpoo47TNFEBOjCGLtcaOxslhCqGVz7Tx/TXXUe54F9fxbL8N1IR+RlU8C0UMXfFq6OyC+49IQtvj8pPlzo0Ral+CYfN/29y1IobqgaPGxamDk+xZc9ZsssUlPUVoYnC55Y2LJwye5JhJqD/3UE/MTPkwLHMt2qNUPZcoYfdZAfna7QWqTuQcWDxQdntz7ZOn5RX5ooZPRXzxeG5+G+kKeRoS2O2fFneQOgcg+0GpdJvNhNWeHV8yO6xr+WZG4fmycr1MjZD/4lXbiY8fmJOwvMk8613B+EnuneNbEHhNUi2paQ5XViCaQ5iw6HIFajEeRMtGuI4gqg+r+uuYRSxaC6QLMUPN8rtmGwfAMrOolZGXFsCmaLRZlriJSOp73W+skdYvNbsdpM2sGbkTZO9G3IVdV59KZp7qnhaMjr2Wq18a+Zk+l/4jNJyoJJSWFdu7WWmbcP2JMMcd1/K+7CrSoY+Y3m8CpS8FzElMCMGCSqGSIb3DQEJFTEWBBR0eGXbMQ5mdUXHorc690d+nso+MjArMB8wBwYFKw4DAhoEFPwYsGkHLRf93xrTonzQ0czQn5VtBAjTPjR/kFkWHg==" } diff --git a/examples/machine_learning/101-aml-vnet/networking_spoke.tfvars b/examples/machine_learning/101-aml-vnet/networking_spoke.tfvars index 3487ee2788..e7d143122c 100644 --- a/examples/machine_learning/101-aml-vnet/networking_spoke.tfvars +++ b/examples/machine_learning/101-aml-vnet/networking_spoke.tfvars @@ -59,7 +59,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -70,7 +70,7 @@ network_security_group_definition = { priority = "120" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "135" source_address_prefix = "GatewayManager" @@ -81,7 +81,7 @@ network_security_group_definition = { priority = "121" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "4443" source_address_prefix = "GatewayManager" @@ -92,7 +92,7 @@ network_security_group_definition = { priority = "103" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" @@ -103,7 +103,7 @@ network_security_group_definition = { priority = "101" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "*" @@ -114,7 +114,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -129,7 +129,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "44224" source_address_prefix = "AzureMachineLearning" @@ -140,7 +140,7 @@ network_security_group_definition = { priority = "110" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "29876-29877" source_address_prefix = "BatchNodeManagement" diff --git a/examples/messaging/servicebus/100-servicebus-services/configuration.tfvars b/examples/messaging/servicebus/100-servicebus-services/configuration.tfvars index e33d2e5c4c..dc3d330a1f 100644 --- a/examples/messaging/servicebus/100-servicebus-services/configuration.tfvars +++ b/examples/messaging/servicebus/100-servicebus-services/configuration.tfvars @@ -52,9 +52,9 @@ servicebus_namespaces = { key = "rg1" } name = "sbexample" - sku = "premium" # basic | standard | premium - capacity = 1 # capacity only for premium: 1,2,4,8,16 otherwise 0 - # zone_redundant = false # only true for premium + sku = "Premium" # Basic | standard | Premium + capacity = 1 # capacity only for Premium: 1,2,4,8,16 otherwise 0 + # zone_redundant = false # only true for Premium # tags = {} # optional namespace_auth_rules = { rule1 = { @@ -211,7 +211,7 @@ servicebus_queues = { # status = "Active" # Active, Creating, Deleting, Disabled, ReceiveDisabled, Renaming, SendDisabled, Unknown # enable_batched_operations = true # auto_delete_on_idle = "PT5M" - # enable_partitioning = false # must be true on premium + # enable_partitioning = false # must be true on Premium # enable_express = false # forward_to = { diff --git a/examples/mssql_mi/200-mi-two-regions/configuration.tfvars b/examples/mssql_mi/200-mi-two-regions/configuration.tfvars index b785291d15..8b56d271ce 100644 --- a/examples/mssql_mi/200-mi-two-regions/configuration.tfvars +++ b/examples/mssql_mi/200-mi-two-regions/configuration.tfvars @@ -325,21 +325,21 @@ keyvaults = { # tde_primary = { # sqlmi1 = { # mssql_managed_instance_key = "sqlmi1" -# key_permissions = ["get", "unwrapKey", "wrapKey"] +# key_permissions = ["get", "UnwrapKey", "WrapKey"] # } # sqlmi2 = { # mssql_managed_instance_secondary_key = "sqlmi2" -# key_permissions = ["get", "unwrapKey", "wrapKey"] +# key_permissions = ["get", "UnwrapKey", "WrapKey"] # } # } # tde_secondary = { # sqlmi1 = { # mssql_managed_instance_key = "sqlmi1" -# key_permissions = ["get", "unwrapKey", "wrapKey"] +# key_permissions = ["get", "UnwrapKey", "WrapKey"] # } # sqlmi2 = { # mssql_managed_instance_secondary_key = "sqlmi2" -# key_permissions = ["get", "unwrapKey", "wrapKey"] +# key_permissions = ["get", "UnwrapKey", "WrapKey"] # } # } # } @@ -349,7 +349,7 @@ keyvaults = { # keyvault_key = "tde_primary" # name = "TDE" # key_type = "RSA" -# key_opts = ["encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey"] +# key_opts = ["Encrypt", "Decrypt", "Sign", "Verify", "WrapKey", "UnwrapKey"] # key_size = 2048 # } # } diff --git a/examples/mssql_server/110-sqlserver-tde/configurations.tfvars b/examples/mssql_server/110-sqlserver-tde/configurations.tfvars index b3564a1163..47e3da1303 100644 --- a/examples/mssql_server/110-sqlserver-tde/configurations.tfvars +++ b/examples/mssql_server/110-sqlserver-tde/configurations.tfvars @@ -156,6 +156,6 @@ keyvault_keys = { name = "tdekey" key_type = "RSA" key_size = 2048 - key_opts = ["unwrapKey", "wrapKey"] + key_opts = ["UnwrapKey", "WrapKey"] } } \ No newline at end of file diff --git a/examples/mysql_server/101-vnet-rule-mysql/configuration.tfvars b/examples/mysql_server/101-vnet-rule-mysql/configuration.tfvars index 36d51a9bb0..134b4f6ab8 100644 --- a/examples/mysql_server/101-vnet-rule-mysql/configuration.tfvars +++ b/examples/mysql_server/101-vnet-rule-mysql/configuration.tfvars @@ -64,9 +64,9 @@ mysql_servers = { name = "mysql-vnet-rule" } msql_vnet_rule_two = { - name = "msql-vnet-rule-two" + name = "msql-vnet-rule-two" subnet_key = "mysql_subnet_two" - vnet_key = "vnet_region1" + vnet_key = "vnet_region1" } } diff --git a/examples/networking/bastion/100-bastion-with-vm/nsg_definitions.tfvars b/examples/networking/bastion/100-bastion-with-vm/nsg_definitions.tfvars index e2c487aca7..dddec6c1b4 100644 --- a/examples/networking/bastion/100-bastion-with-vm/nsg_definitions.tfvars +++ b/examples/networking/bastion/100-bastion-with-vm/nsg_definitions.tfvars @@ -48,7 +48,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -59,7 +59,7 @@ network_security_group_definition = { priority = "120" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "135" source_address_prefix = "GatewayManager" @@ -70,7 +70,7 @@ network_security_group_definition = { priority = "121" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "4443" source_address_prefix = "GatewayManager" @@ -81,7 +81,7 @@ network_security_group_definition = { priority = "103" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" @@ -92,7 +92,7 @@ network_security_group_definition = { priority = "101" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "*" @@ -103,7 +103,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -137,7 +137,7 @@ network_security_group_definition = { priority = "200" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" diff --git a/examples/networking/front_door/100-simple-front_door/keyvault.tfvars b/examples/networking/front_door/100-simple-front_door/keyvault.tfvars index 26059b105a..2e9b0e958a 100644 --- a/examples/networking/front_door/100-simple-front_door/keyvault.tfvars +++ b/examples/networking/front_door/100-simple-front_door/keyvault.tfvars @@ -5,7 +5,7 @@ keyvaults = { sku_name = "standard" creation_policies = { logged_in_user = { - certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Purge", "Recover", "Getissuers", "Setissuers", "Listissuers", "Deleteissuers", "Manageissuers", "Restore", "Managecontacts"] + certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Purge", "Recover", "GetIssuers", "SetIssuers", "ListIssuers", "DeleteIssuers", "ManageIssuers", "Restore", "ManageContacts"] secret_permissions = ["Set", "Get", "List", "Delete", "Purge"] } } diff --git a/examples/networking/front_door/102-front_door_advanced/keyvault.tfvars b/examples/networking/front_door/102-front_door_advanced/keyvault.tfvars index 8013db20f1..8feaebcd5e 100644 --- a/examples/networking/front_door/102-front_door_advanced/keyvault.tfvars +++ b/examples/networking/front_door/102-front_door_advanced/keyvault.tfvars @@ -5,7 +5,7 @@ keyvaults = { sku_name = "standard" creation_policies = { logged_in_user = { - certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Purge", "Recover", "Getissuers", "Setissuers", "Listissuers", "Deleteissuers", "Manageissuers", "Restore", "Managecontacts"] + certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Purge", "Recover", "GetIssuers", "SetIssuers", "ListIssuers", "DeleteIssuers", "ManageIssuers", "Restore", "ManageContacts"] secret_permissions = ["Set", "Get", "List", "Delete", "Purge"] } } diff --git a/examples/networking/lb/101-vm_lb/configurations.tfvars b/examples/networking/lb/101-vm_lb/configurations.tfvars index 486690cc85..44ef70dfa0 100644 --- a/examples/networking/lb/101-vm_lb/configurations.tfvars +++ b/examples/networking/lb/101-vm_lb/configurations.tfvars @@ -118,7 +118,7 @@ lb = { } private_ip_address_allocation = "Dynamic" } - sku = "basic" #SKU must match with the SKU of the PIP + sku = "Basic" #SKU must match with the SKU of the PIP } } lb_backend_address_pool = { diff --git a/examples/networking/lb/102-vm_lb_dns_servers/configurations.tfvars b/examples/networking/lb/102-vm_lb_dns_servers/configurations.tfvars index 85a541d70f..e8e6a98eab 100644 --- a/examples/networking/lb/102-vm_lb_dns_servers/configurations.tfvars +++ b/examples/networking/lb/102-vm_lb_dns_servers/configurations.tfvars @@ -145,7 +145,7 @@ lb = { } private_ip_address_allocation = "Dynamic" } - sku = "basic" #SKU must match with the SKU of the PIP + sku = "Basic" #SKU must match with the SKU of the PIP } } lb_backend_address_pool = { diff --git a/examples/networking/private_links/endpoints/centralized/keyvaults.tfvars b/examples/networking/private_links/endpoints/centralized/keyvaults.tfvars index 4219be0fc1..72325c8ff0 100644 --- a/examples/networking/private_links/endpoints/centralized/keyvaults.tfvars +++ b/examples/networking/private_links/endpoints/centralized/keyvaults.tfvars @@ -12,7 +12,7 @@ keyvaults = { creation_policies = { logged_in_user = { secret_permissions = ["Set", "Get", "List", "Delete", "Purge"] - certificate_permissions = ["managecontacts", "manageissuers"] + certificate_permissions = ["ManageContacts", "ManageIssuers"] } } diff --git a/examples/networking/virtual_network/100-simple-vnet-subnets-nsgs/nsg.tfvars b/examples/networking/virtual_network/100-simple-vnet-subnets-nsgs/nsg.tfvars index 8236e3edef..6a5026101d 100644 --- a/examples/networking/virtual_network/100-simple-vnet-subnets-nsgs/nsg.tfvars +++ b/examples/networking/virtual_network/100-simple-vnet-subnets-nsgs/nsg.tfvars @@ -8,7 +8,7 @@ network_security_group_definition = { priority = "200" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "5985" source_address_prefix = "VirtualNetwork" @@ -19,7 +19,7 @@ network_security_group_definition = { priority = "201" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "5986" source_address_prefix = "VirtualNetwork" @@ -30,7 +30,7 @@ network_security_group_definition = { priority = "210" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "VirtualNetwork" @@ -47,7 +47,7 @@ network_security_group_definition = { priority = "103" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "*" @@ -58,7 +58,7 @@ network_security_group_definition = { priority = "104" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -69,7 +69,7 @@ network_security_group_definition = { priority = "105" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "10.1.1.0/24" @@ -86,7 +86,7 @@ network_security_group_definition = { priority = "103" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "8443" source_address_prefix = "10.2.1.0/24" @@ -97,7 +97,7 @@ network_security_group_definition = { priority = "104" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "10.1.1.0/24" @@ -114,7 +114,7 @@ network_security_group_definition = { priority = "103" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "5233" source_address_prefix = "10.3.1.0/24" @@ -125,7 +125,7 @@ network_security_group_definition = { priority = "104" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "10.1.1.0/24" diff --git a/examples/networking/virtual_network/101-vnet-peering-nsg/network_security_group_definition.tfvars b/examples/networking/virtual_network/101-vnet-peering-nsg/network_security_group_definition.tfvars index 61836cacef..2ff194ff80 100644 --- a/examples/networking/virtual_network/101-vnet-peering-nsg/network_security_group_definition.tfvars +++ b/examples/networking/virtual_network/101-vnet-peering-nsg/network_security_group_definition.tfvars @@ -14,7 +14,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -25,7 +25,7 @@ network_security_group_definition = { priority = "120" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "135" source_address_prefix = "GatewayManager" @@ -36,7 +36,7 @@ network_security_group_definition = { priority = "121" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "4443" source_address_prefix = "GatewayManager" @@ -47,7 +47,7 @@ network_security_group_definition = { priority = "103" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" @@ -58,7 +58,7 @@ network_security_group_definition = { priority = "101" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "*" @@ -69,7 +69,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -125,7 +125,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3443" source_address_prefix = "ApiManagement" @@ -136,7 +136,7 @@ network_security_group_definition = { priority = "110" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "6381-6383" source_address_prefix = "VirtualNetwork" @@ -147,7 +147,7 @@ network_security_group_definition = { priority = "120" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "*" source_address_prefix = "AzureLoadBalancer" @@ -158,7 +158,7 @@ network_security_group_definition = { priority = "100" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "VirtualNetwork" @@ -169,7 +169,7 @@ network_security_group_definition = { priority = "110" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -180,7 +180,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "VirtualNetwork" @@ -191,7 +191,7 @@ network_security_group_definition = { priority = "130" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -202,7 +202,7 @@ network_security_group_definition = { priority = "140" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "1433" source_address_prefix = "VirtualNetwork" @@ -213,7 +213,7 @@ network_security_group_definition = { priority = "150" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "5671-5672" source_address_prefix = "VirtualNetwork" @@ -224,7 +224,7 @@ network_security_group_definition = { priority = "160" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -235,7 +235,7 @@ network_security_group_definition = { priority = "170" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "445" source_address_prefix = "VirtualNetwork" @@ -246,7 +246,7 @@ network_security_group_definition = { priority = "180" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "1886" source_address_prefix = "VirtualNetwork" @@ -257,7 +257,7 @@ network_security_group_definition = { priority = "190" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -268,7 +268,7 @@ network_security_group_definition = { priority = "200" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "25" source_address_prefix = "VirtualNetwork" @@ -279,7 +279,7 @@ network_security_group_definition = { priority = "210" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "587" source_address_prefix = "VirtualNetwork" @@ -290,7 +290,7 @@ network_security_group_definition = { priority = "220" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "25028" source_address_prefix = "VirtualNetwork" @@ -301,7 +301,7 @@ network_security_group_definition = { priority = "230" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "6381-6383" source_address_prefix = "VirtualNetwork" @@ -318,7 +318,7 @@ network_security_group_definition = { priority = "200" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" diff --git a/examples/networking/virtual_network/102-simple-vnet-special-subnet-udr/nsg.tfvars b/examples/networking/virtual_network/102-simple-vnet-special-subnet-udr/nsg.tfvars index 8236e3edef..6a5026101d 100644 --- a/examples/networking/virtual_network/102-simple-vnet-special-subnet-udr/nsg.tfvars +++ b/examples/networking/virtual_network/102-simple-vnet-special-subnet-udr/nsg.tfvars @@ -8,7 +8,7 @@ network_security_group_definition = { priority = "200" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "5985" source_address_prefix = "VirtualNetwork" @@ -19,7 +19,7 @@ network_security_group_definition = { priority = "201" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "5986" source_address_prefix = "VirtualNetwork" @@ -30,7 +30,7 @@ network_security_group_definition = { priority = "210" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "VirtualNetwork" @@ -47,7 +47,7 @@ network_security_group_definition = { priority = "103" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "*" @@ -58,7 +58,7 @@ network_security_group_definition = { priority = "104" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -69,7 +69,7 @@ network_security_group_definition = { priority = "105" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "10.1.1.0/24" @@ -86,7 +86,7 @@ network_security_group_definition = { priority = "103" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "8443" source_address_prefix = "10.2.1.0/24" @@ -97,7 +97,7 @@ network_security_group_definition = { priority = "104" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "10.1.1.0/24" @@ -114,7 +114,7 @@ network_security_group_definition = { priority = "103" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "5233" source_address_prefix = "10.3.1.0/24" @@ -125,7 +125,7 @@ network_security_group_definition = { priority = "104" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "10.1.1.0/24" diff --git a/examples/networking/virtual_network/103-vnet-peering-v1/configuration.tfvars b/examples/networking/virtual_network/103-vnet-peering-v1/configuration.tfvars index 315251ff63..4c24cd68dc 100644 --- a/examples/networking/virtual_network/103-vnet-peering-v1/configuration.tfvars +++ b/examples/networking/virtual_network/103-vnet-peering-v1/configuration.tfvars @@ -33,7 +33,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -44,7 +44,7 @@ network_security_group_definition = { priority = "120" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "135" source_address_prefix = "GatewayManager" @@ -55,7 +55,7 @@ network_security_group_definition = { priority = "121" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "4443" source_address_prefix = "GatewayManager" @@ -66,7 +66,7 @@ network_security_group_definition = { priority = "103" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" @@ -77,7 +77,7 @@ network_security_group_definition = { priority = "101" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "*" @@ -88,7 +88,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -144,7 +144,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3443" source_address_prefix = "ApiManagement" @@ -155,7 +155,7 @@ network_security_group_definition = { priority = "110" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "6381-6383" source_address_prefix = "VirtualNetwork" @@ -166,7 +166,7 @@ network_security_group_definition = { priority = "120" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "*" source_address_prefix = "AzureLoadBalancer" @@ -177,7 +177,7 @@ network_security_group_definition = { priority = "100" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "VirtualNetwork" @@ -188,7 +188,7 @@ network_security_group_definition = { priority = "110" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -199,7 +199,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "VirtualNetwork" @@ -210,7 +210,7 @@ network_security_group_definition = { priority = "130" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -221,7 +221,7 @@ network_security_group_definition = { priority = "140" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "1433" source_address_prefix = "VirtualNetwork" @@ -232,7 +232,7 @@ network_security_group_definition = { priority = "150" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "5671-5672" source_address_prefix = "VirtualNetwork" @@ -243,7 +243,7 @@ network_security_group_definition = { priority = "160" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -254,7 +254,7 @@ network_security_group_definition = { priority = "170" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "445" source_address_prefix = "VirtualNetwork" @@ -265,7 +265,7 @@ network_security_group_definition = { priority = "180" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "1886" source_address_prefix = "VirtualNetwork" @@ -276,7 +276,7 @@ network_security_group_definition = { priority = "190" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -287,7 +287,7 @@ network_security_group_definition = { priority = "200" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "25" source_address_prefix = "VirtualNetwork" @@ -298,7 +298,7 @@ network_security_group_definition = { priority = "210" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "587" source_address_prefix = "VirtualNetwork" @@ -309,7 +309,7 @@ network_security_group_definition = { priority = "220" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "25028" source_address_prefix = "VirtualNetwork" @@ -320,7 +320,7 @@ network_security_group_definition = { priority = "230" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "6381-6383" source_address_prefix = "VirtualNetwork" @@ -337,7 +337,7 @@ network_security_group_definition = { priority = "200" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" diff --git a/examples/networking/virtual_network/200-nsg-flow-logs/nsg_definitions.tfvars b/examples/networking/virtual_network/200-nsg-flow-logs/nsg_definitions.tfvars index 2323d5ab66..4001a789f9 100644 --- a/examples/networking/virtual_network/200-nsg-flow-logs/nsg_definitions.tfvars +++ b/examples/networking/virtual_network/200-nsg-flow-logs/nsg_definitions.tfvars @@ -83,7 +83,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -94,7 +94,7 @@ network_security_group_definition = { priority = "120" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "135" source_address_prefix = "GatewayManager" @@ -105,7 +105,7 @@ network_security_group_definition = { priority = "121" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "4443" source_address_prefix = "GatewayManager" @@ -116,7 +116,7 @@ network_security_group_definition = { priority = "103" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" @@ -127,7 +127,7 @@ network_security_group_definition = { priority = "101" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "*" @@ -138,7 +138,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -261,7 +261,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3443" source_address_prefix = "ApiManagement" @@ -272,7 +272,7 @@ network_security_group_definition = { priority = "110" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "6381-6383" source_address_prefix = "VirtualNetwork" @@ -283,7 +283,7 @@ network_security_group_definition = { priority = "120" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "*" source_address_prefix = "AzureLoadBalancer" @@ -294,7 +294,7 @@ network_security_group_definition = { priority = "100" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "VirtualNetwork" @@ -305,7 +305,7 @@ network_security_group_definition = { priority = "110" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -316,7 +316,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "VirtualNetwork" @@ -327,7 +327,7 @@ network_security_group_definition = { priority = "130" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -338,7 +338,7 @@ network_security_group_definition = { priority = "140" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "1433" source_address_prefix = "VirtualNetwork" @@ -349,7 +349,7 @@ network_security_group_definition = { priority = "150" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "5671-5672" source_address_prefix = "VirtualNetwork" @@ -360,7 +360,7 @@ network_security_group_definition = { priority = "160" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -371,7 +371,7 @@ network_security_group_definition = { priority = "170" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "445" source_address_prefix = "VirtualNetwork" @@ -382,7 +382,7 @@ network_security_group_definition = { priority = "180" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "1886" source_address_prefix = "VirtualNetwork" @@ -393,7 +393,7 @@ network_security_group_definition = { priority = "190" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -404,7 +404,7 @@ network_security_group_definition = { priority = "200" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "25" source_address_prefix = "VirtualNetwork" @@ -415,7 +415,7 @@ network_security_group_definition = { priority = "210" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "587" source_address_prefix = "VirtualNetwork" @@ -426,7 +426,7 @@ network_security_group_definition = { priority = "220" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "25028" source_address_prefix = "VirtualNetwork" @@ -437,7 +437,7 @@ network_security_group_definition = { priority = "230" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "6381-6383" source_address_prefix = "VirtualNetwork" @@ -494,7 +494,7 @@ network_security_group_definition = { priority = "200" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" diff --git a/examples/networking/virtual_network/201-nsg-flow-logs-v1/nsg_definitions.tfvars b/examples/networking/virtual_network/201-nsg-flow-logs-v1/nsg_definitions.tfvars index 651aec55ad..b7a06e65cd 100644 --- a/examples/networking/virtual_network/201-nsg-flow-logs-v1/nsg_definitions.tfvars +++ b/examples/networking/virtual_network/201-nsg-flow-logs-v1/nsg_definitions.tfvars @@ -85,7 +85,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -96,7 +96,7 @@ network_security_group_definition = { priority = "120" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "135" source_address_prefix = "GatewayManager" @@ -107,7 +107,7 @@ network_security_group_definition = { priority = "121" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "4443" source_address_prefix = "GatewayManager" @@ -118,7 +118,7 @@ network_security_group_definition = { priority = "103" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" @@ -129,7 +129,7 @@ network_security_group_definition = { priority = "101" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "*" @@ -140,7 +140,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -265,7 +265,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3443" source_address_prefix = "ApiManagement" @@ -276,7 +276,7 @@ network_security_group_definition = { priority = "110" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "6381-6383" source_address_prefix = "VirtualNetwork" @@ -287,7 +287,7 @@ network_security_group_definition = { priority = "120" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "*" source_address_prefix = "AzureLoadBalancer" @@ -298,7 +298,7 @@ network_security_group_definition = { priority = "100" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "VirtualNetwork" @@ -309,7 +309,7 @@ network_security_group_definition = { priority = "110" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -320,7 +320,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "VirtualNetwork" @@ -331,7 +331,7 @@ network_security_group_definition = { priority = "130" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -342,7 +342,7 @@ network_security_group_definition = { priority = "140" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "1433" source_address_prefix = "VirtualNetwork" @@ -353,7 +353,7 @@ network_security_group_definition = { priority = "150" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "5671-5672" source_address_prefix = "VirtualNetwork" @@ -364,7 +364,7 @@ network_security_group_definition = { priority = "160" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -375,7 +375,7 @@ network_security_group_definition = { priority = "170" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "445" source_address_prefix = "VirtualNetwork" @@ -386,7 +386,7 @@ network_security_group_definition = { priority = "180" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "1886" source_address_prefix = "VirtualNetwork" @@ -397,7 +397,7 @@ network_security_group_definition = { priority = "190" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -408,7 +408,7 @@ network_security_group_definition = { priority = "200" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "25" source_address_prefix = "VirtualNetwork" @@ -419,7 +419,7 @@ network_security_group_definition = { priority = "210" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "587" source_address_prefix = "VirtualNetwork" @@ -430,7 +430,7 @@ network_security_group_definition = { priority = "220" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "25028" source_address_prefix = "VirtualNetwork" @@ -441,7 +441,7 @@ network_security_group_definition = { priority = "230" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "6381-6383" source_address_prefix = "VirtualNetwork" @@ -499,7 +499,7 @@ network_security_group_definition = { priority = "200" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" diff --git a/examples/networking/virtual_network/202-nsg-flow-logs-v2/nsg_definitions.tfvars b/examples/networking/virtual_network/202-nsg-flow-logs-v2/nsg_definitions.tfvars index 8a37693bd7..fd07269d7d 100644 --- a/examples/networking/virtual_network/202-nsg-flow-logs-v2/nsg_definitions.tfvars +++ b/examples/networking/virtual_network/202-nsg-flow-logs-v2/nsg_definitions.tfvars @@ -84,7 +84,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -95,7 +95,7 @@ network_security_group_definition = { priority = "120" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "135" source_address_prefix = "GatewayManager" @@ -106,7 +106,7 @@ network_security_group_definition = { priority = "121" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "4443" source_address_prefix = "GatewayManager" @@ -117,7 +117,7 @@ network_security_group_definition = { priority = "103" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" @@ -128,7 +128,7 @@ network_security_group_definition = { priority = "101" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "*" @@ -139,7 +139,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" @@ -262,7 +262,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3443" source_address_prefix = "ApiManagement" @@ -273,7 +273,7 @@ network_security_group_definition = { priority = "110" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "6381-6383" source_address_prefix = "VirtualNetwork" @@ -284,7 +284,7 @@ network_security_group_definition = { priority = "120" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "*" source_address_prefix = "AzureLoadBalancer" @@ -295,7 +295,7 @@ network_security_group_definition = { priority = "100" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "VirtualNetwork" @@ -306,7 +306,7 @@ network_security_group_definition = { priority = "110" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -317,7 +317,7 @@ network_security_group_definition = { priority = "120" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "VirtualNetwork" @@ -328,7 +328,7 @@ network_security_group_definition = { priority = "130" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -339,7 +339,7 @@ network_security_group_definition = { priority = "140" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "1433" source_address_prefix = "VirtualNetwork" @@ -350,7 +350,7 @@ network_security_group_definition = { priority = "150" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "5671-5672" source_address_prefix = "VirtualNetwork" @@ -361,7 +361,7 @@ network_security_group_definition = { priority = "160" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -372,7 +372,7 @@ network_security_group_definition = { priority = "170" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "445" source_address_prefix = "VirtualNetwork" @@ -383,7 +383,7 @@ network_security_group_definition = { priority = "180" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "1886" source_address_prefix = "VirtualNetwork" @@ -394,7 +394,7 @@ network_security_group_definition = { priority = "190" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "VirtualNetwork" @@ -405,7 +405,7 @@ network_security_group_definition = { priority = "200" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "25" source_address_prefix = "VirtualNetwork" @@ -416,7 +416,7 @@ network_security_group_definition = { priority = "210" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "587" source_address_prefix = "VirtualNetwork" @@ -427,7 +427,7 @@ network_security_group_definition = { priority = "220" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "25028" source_address_prefix = "VirtualNetwork" @@ -438,7 +438,7 @@ network_security_group_definition = { priority = "230" direction = "Outbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "6381-6383" source_address_prefix = "VirtualNetwork" @@ -493,7 +493,7 @@ network_security_group_definition = { priority = "200" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" diff --git a/examples/networking/virtual_wan/109-vwan-vpn-gateway-connection/virtual_wan.tfvars b/examples/networking/virtual_wan/109-vwan-vpn-gateway-connection/virtual_wan.tfvars index c77afb4a4a..38bff20c3b 100644 --- a/examples/networking/virtual_wan/109-vwan-vpn-gateway-connection/virtual_wan.tfvars +++ b/examples/networking/virtual_wan/109-vwan-vpn-gateway-connection/virtual_wan.tfvars @@ -150,7 +150,7 @@ vpn_gateway_connections = { key = "routetable1" # Set the 'key' of the Route Table created in this (or a remote) deployment } - propagated_route_tables = { + propagated_route_table = { routetable1 = { # id = "" # Set the Resource ID of an existing Virtual WAN Route Table # lz_key = "" # Set the 'lz_key' of a Route Table created in a remote deployment diff --git a/examples/role_mapping/101-function-app-managed-identity/configuration.tfvars b/examples/role_mapping/101-function-app-managed-identity/configuration.tfvars index 9dae36d1a1..d6954a52da 100644 --- a/examples/role_mapping/101-function-app-managed-identity/configuration.tfvars +++ b/examples/role_mapping/101-function-app-managed-identity/configuration.tfvars @@ -62,7 +62,7 @@ keyvaults = { creation_policies = { logged_in_user = { - certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Purge", "Recover", "Getissuers", "Setissuers", "Listissuers", "Deleteissuers", "Manageissuers", "Restore", "Managecontacts"] + certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Purge", "Recover", "GetIssuers", "SetIssuers", "ListIssuers", "DeleteIssuers", "ManageIssuers", "Restore", "ManageContacts"] secret_permissions = ["Set", "Get", "List", "Delete", "Purge"] } } diff --git a/examples/servicebus/100-servicebus-simple/configuration.tfvars b/examples/servicebus/100-servicebus-simple/configuration.tfvars index 141f4b4240..ac6557c032 100644 --- a/examples/servicebus/100-servicebus-simple/configuration.tfvars +++ b/examples/servicebus/100-servicebus-simple/configuration.tfvars @@ -36,9 +36,9 @@ servicebus_namespaces = { key = "rg1" } name = "jstestbusaztfmod" - sku = "premium" # basic | standard | premium - capacity = 1 # capacity only for premium: 1,2,4,8,16 otherwise 0 - # zone_redundant = false # only true for premium + sku = "Premium" # Basic | standard | Premium + capacity = 1 # capacity only for Premium: 1,2,4,8,16 otherwise 0 + # zone_redundant = false # only true for Premium # tags = {} # optional namespace_auth_rules = { rule1 = { diff --git a/examples/servicebus/200-servicebus-privatelink/configuration.tfvars b/examples/servicebus/200-servicebus-privatelink/configuration.tfvars index 8718f10225..cc7639392c 100644 --- a/examples/servicebus/200-servicebus-privatelink/configuration.tfvars +++ b/examples/servicebus/200-servicebus-privatelink/configuration.tfvars @@ -42,9 +42,9 @@ servicebus_namespaces = { key = "rg1" } name = "jstestbusaztfmod" - sku = "premium" # basic | standard | premium - capacity = 1 # capacity only for premium: 1,2,4,8,16 otherwise 0 - # zone_redundant = false # only true for premium + sku = "Premium" # Basic | standard | Premium + capacity = 1 # capacity only for Premium: 1,2,4,8,16 otherwise 0 + # zone_redundant = false # only true for Premium # tags = {} # optional namespace_auth_rules = { rule1 = { diff --git a/examples/shared_image_gallery/101-packer_service_principal/vm.tfvars b/examples/shared_image_gallery/101-packer_service_principal/vm.tfvars index 9fbc367ba9..f67eadbe68 100644 --- a/examples/shared_image_gallery/101-packer_service_principal/vm.tfvars +++ b/examples/shared_image_gallery/101-packer_service_principal/vm.tfvars @@ -108,7 +108,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "Internet" diff --git a/examples/shared_image_gallery/104-packer_build_windows/vm.tfvars b/examples/shared_image_gallery/104-packer_build_windows/vm.tfvars index 8cdb7046f2..2fd3288c5a 100644 --- a/examples/shared_image_gallery/104-packer_build_windows/vm.tfvars +++ b/examples/shared_image_gallery/104-packer_build_windows/vm.tfvars @@ -113,7 +113,7 @@ network_security_group_definition = { priority = "100" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "3389" source_address_prefix = "Internet" diff --git a/examples/storage_accounts/100-simple-storage-account-blob-container/keyvaults.tfvars b/examples/storage_accounts/100-simple-storage-account-blob-container/keyvaults.tfvars index 1eae003942..6840a0a559 100644 --- a/examples/storage_accounts/100-simple-storage-account-blob-container/keyvaults.tfvars +++ b/examples/storage_accounts/100-simple-storage-account-blob-container/keyvaults.tfvars @@ -13,16 +13,16 @@ keyvault_access_policies = { stg_byok = { stg = { storage_account_key = "sa1" - key_permissions = ["get", "create", "list", "restore", "recover", "unwrapkey", "wrapkey", "purge", "encrypt", "decrypt", "sign", "verify"] + key_permissions = ["get", "create", "list", "restore", "recover", "unwrapkey", "wrapkey", "purge", "Encrypt", "Decrypt", "Sign", "Verify"] secret_permissions = ["Set", "Get", "List", "Delete", "Purge", "Recover"] } diastg = { diagnostic_storage_account_key = "dsa1" - key_permissions = ["get", "create", "list", "restore", "recover", "unwrapkey", "wrapkey", "purge", "encrypt", "decrypt", "sign", "verify"] + key_permissions = ["get", "create", "list", "restore", "recover", "unwrapkey", "wrapkey", "purge", "Encrypt", "Decrypt", "Sign", "Verify"] secret_permissions = ["Set", "Get", "List", "Delete", "Purge", "Recover"] } logged_in_user = { - key_permissions = ["get", "create", "delete", "list", "restore", "recover", "unwrapkey", "wrapkey", "purge", "encrypt", "decrypt", "sign", "verify"] + key_permissions = ["get", "create", "delete", "list", "restore", "recover", "unwrapkey", "wrapkey", "purge", "Encrypt", "Decrypt", "Sign", "Verify"] secret_permissions = ["Set", "Get", "List", "Delete", "Purge", "Recover"] } } @@ -34,13 +34,13 @@ keyvault_keys = { keyvault_key = "stg_byok" key_type = "RSA" key_size = 2048 - key_opts = ["decrypt", "encrypt", "sign", "unwrapKey", "verify", "wrapKey"] + key_opts = ["Decrypt", "Encrypt", "Sign", "UnwrapKey", "Verify", "WrapKey"] } diabyok = { name = "diagnosticstorage" keyvault_key = "stg_byok" key_type = "RSA" key_size = 2048 - key_opts = ["decrypt", "encrypt", "sign", "unwrapKey", "verify", "wrapKey"] + key_opts = ["Decrypt", "Encrypt", "Sign", "UnwrapKey", "Verify", "WrapKey"] } } \ No newline at end of file diff --git a/examples/storage_accounts/109-storage-account-advanced-options-cmk/configuration.tfvars b/examples/storage_accounts/109-storage-account-advanced-options-cmk/configuration.tfvars index 2ed720a667..0ba04cbe25 100644 --- a/examples/storage_accounts/109-storage-account-advanced-options-cmk/configuration.tfvars +++ b/examples/storage_accounts/109-storage-account-advanced-options-cmk/configuration.tfvars @@ -165,12 +165,12 @@ keyvault_access_policies = { kv1 = { logged_in_user = { secret_permissions = ["Set", "Get", "List", "Delete", "Purge", "Recover"] - key_permissions = ["decrypt", "encrypt", "sign", "unwrapKey", "verify", "wrapKey", "List", "Get", "Create", "Purge", "Delete"] + key_permissions = ["Decrypt", "Encrypt", "Sign", "UnwrapKey", "Verify", "WrapKey", "List", "Get", "Create", "Purge", "Delete"] } storage_accounts = { storage_account_key = "sa1" # lz_key = "example" # for remote storage account - key_permissions = ["decrypt", "encrypt", "sign", "unwrapKey", "verify", "wrapKey", "List", "Get", "Create", "Purge"] + key_permissions = ["Decrypt", "Encrypt", "Sign", "UnwrapKey", "Verify", "WrapKey", "List", "Get", "Create", "Purge"] secret_permissions = ["Get"] } } diff --git a/examples/webapps/appservice-environment/101-simple_ase/configuration.tfvars b/examples/webapps/appservice-environment/101-simple_ase/configuration.tfvars index a0d1a7573c..94272f0976 100644 --- a/examples/webapps/appservice-environment/101-simple_ase/configuration.tfvars +++ b/examples/webapps/appservice-environment/101-simple_ase/configuration.tfvars @@ -244,7 +244,7 @@ network_security_group_definition = { priority = "180" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "1433" source_address_prefix = "*" diff --git a/front_doors.tf b/front_doors.tf index 9c27fd7dc4..19b976b5e1 100644 --- a/front_doors.tf +++ b/front_doors.tf @@ -3,6 +3,7 @@ module "front_doors" { for_each = local.networking.front_doors resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name + location = can(each.value.resource_group.location) || can(each.value.resource_group_location) ? try(each.value.resource_group.location, each.value.resource_group_location) : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)].location base_tags = try(local.global_settings.inherit_tags, false) ? try(local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].tags, {}) : {} client_config = local.client_config diff --git a/lb.tf b/lb.tf index 640c5ae830..6009c0d3e1 100644 --- a/lb.tf +++ b/lb.tf @@ -118,8 +118,6 @@ module "lb_probe" { client_config = local.client_config settings = each.value - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name - remote_objects = { resource_group = local.combined_objects_resource_groups lb = local.combined_objects_lb diff --git a/locals.combined_objects.tf b/locals.combined_objects.tf index cb3e9f30b2..05149ec74d 100644 --- a/locals.combined_objects.tf +++ b/locals.combined_objects.tf @@ -161,4 +161,3 @@ locals { ) } - \ No newline at end of file diff --git a/main.tf b/main.tf index 90fa1bb7a1..f1c751d028 100644 --- a/main.tf +++ b/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.99" + version = "~> 3.9.0" configuration_aliases = [ azurerm.vhub ] diff --git a/modules/analytics/databricks_workspace/workspace.tf b/modules/analytics/databricks_workspace/workspace.tf index 3b4fe543ad..bdd59f6a05 100644 --- a/modules/analytics/databricks_workspace/workspace.tf +++ b/modules/analytics/databricks_workspace/workspace.tf @@ -15,7 +15,7 @@ resource "azurerm_databricks_workspace" "ws" { name = azurecaf_name.wp.result resource_group_name = var.resource_group_name location = var.location - sku = try(var.settings.sku, "standard") + sku = try(var.settings.sku, null) managed_resource_group_name = try(var.settings.managed_resource_group_name, null) tags = try(local.tags, null) diff --git a/modules/analytics/synapse/workspace.tf b/modules/analytics/synapse/workspace.tf index 927ae4df55..0f3cb4053c 100644 --- a/modules/analytics/synapse/workspace.tf +++ b/modules/analytics/synapse/workspace.tf @@ -21,8 +21,13 @@ resource "azurerm_synapse_workspace" "ws" { managed_virtual_network_enabled = try(var.settings.managed_virtual_network_enabled, false) sql_identity_control_enabled = try(var.settings.sql_identity_control_enabled, null) managed_resource_group_name = try(var.settings.managed_resource_group_name, null) + data_exfiltration_protection_enabled = try(var.settings.data_exfiltration_protection_enabled, null) tags = local.tags + identity { + type = "SystemAssigned" + } + dynamic "aad_admin" { for_each = try(var.settings.aad_admin, {}) diff --git a/modules/apim/api_management/module.tf b/modules/apim/api_management/module.tf index 03a31c15aa..8a9266596c 100644 --- a/modules/apim/api_management/module.tf +++ b/modules/apim/api_management/module.tf @@ -159,8 +159,7 @@ resource "azurerm_api_management" "apim" { tls_rsa_with_aes128_gcm_sha256_ciphers_enabled = try(security.value.tls_rsa_with_aes128_gcm_sha256_ciphers_enabled, null) tls_rsa_with_aes256_cbc_sha256_ciphers_enabled = try(security.value.tls_rsa_with_aes256_cbc_sha256_ciphers_enabled, null) tls_rsa_with_aes256_cbc_sha_ciphers_enabled = try(security.value.tls_rsa_with_aes256_cbc_sha_ciphers_enabled, null) - enable_triple_des_ciphers = try(security.value.enable_triple_des_ciphers, null) - triple_des_ciphers_enabled = try(security.value.triple_des_ciphers_enabled, null) + triple_des_ciphers_enabled = try(security.value.triple_des_ciphers_enabled, security.value.enable_triple_des_ciphers, null) # disable_backend_ssl30 = try(security.value.disable_backend_ssl30, null) # disable_backend_tls10 = try(security.value.disable_backend_tls10, null) # disable_backend_tls11 = try(security.value.disable_backend_tls11, null) diff --git a/modules/apim/api_management_api_operation/module.tf b/modules/apim/api_management_api_operation/module.tf index 6f51c0af71..a5e252d299 100644 --- a/modules/apim/api_management_api_operation/module.tf +++ b/modules/apim/api_management_api_operation/module.tf @@ -48,17 +48,16 @@ resource "azurerm_api_management_api_operation" "apim" { values = try(form_parameter.value.values, null) } } - # dynamic "example" { - # for_each = try(var.settings.example, null) != null ? [var.settings.example] : [] - # content { - # name = try(example.value.name, null) - # summary = try(example.value.summary, null) - # description = try(example.value.description, null) - # value = try(example.value.value, null) - # external_value = try(example.value.external_value, null) - # } - # } - sample = try(representation.value.sample, null) + dynamic "example" { + for_each = try(var.settings.example, {}) + content { + name = example.value.name + summary = try(example.value.summary, null) + description = try(example.value.description, null) + value = try(example.value.value, null) + external_value = try(example.value.external_value, null) + } + } schema_id = try(representation.value.schema_id, null) type_name = try(representation.value.type_name, null) } @@ -96,17 +95,16 @@ resource "azurerm_api_management_api_operation" "apim" { values = try(form_parameter.value.values, null) } } - # dynamic "example" { - # for_each = try(var.settings.example, null) != null ? [var.settings.example] : [] - # content { - # name = try(example.value.name, null) - # summary = try(example.value.summary, null) - # description = try(example.value.description, null) - # value = try(example.value.value, null) - # external_value = try(example.value.external_value, null) - # } - # } - sample = try(representation.value.sample, null) + dynamic "example" { + for_each = try(var.settings.example, {}) + content { + name = example.value.name + summary = try(example.value.summary, null) + description = try(example.value.description, null) + value = try(example.value.value, null) + external_value = try(example.value.external_value, null) + } + } schema_id = try(representation.value.schema_id, null) type_name = try(representation.value.type_name, null) } diff --git a/modules/apim/api_management_custom_domain/module.tf b/modules/apim/api_management_custom_domain/module.tf index 09a3eab880..10bdca33e8 100644 --- a/modules/apim/api_management_custom_domain/module.tf +++ b/modules/apim/api_management_custom_domain/module.tf @@ -40,25 +40,25 @@ resource "azurerm_api_management_custom_domain" "apim" { } } - dynamic "proxy" { - for_each = try(var.settings.proxy, null) != null ? [var.settings.proxy] : [] + dynamic "gateway" { + for_each = can(var.settings.proxy) || can(var.settings.gateways) ? try(var.settings.proxy, var.settings.gateways) : [] content { - host_name = try(proxy.value.host_name, null) - certificate = try(proxy.value.certificate, null) - certificate_password = try(proxy.value.certificate_password, null) - default_ssl_binding = try(proxy.value.default_ssl_binding, null) - #key_vault_id = var.remote_objects.keyvault_certificates[var.client_config.landingzone_key][proxy.value.key_vault_certificate.certificate_key].secret_id + host_name = try(gateway.value.host_name, null) + certificate = try(gateway.value.certificate, null) + certificate_password = try(gateway.value.certificate_password, null) + default_ssl_binding = try(gateway.value.default_ssl_binding, null) + #key_vault_id = var.remote_objects.keyvault_certificates[var.client_config.landingzone_key][gateway.value.key_vault_certificate.certificate_key].secret_id key_vault_id = try( #data.azurerm_key_vault_certificate.manual_certs[each.key].secret_id, - try(var.remote_objects.keyvault_certificates[proxy.value.key_vault_certificate.lz_key][proxy.value.key_vault_certificate.certificate_key].secret_id, null), - try(var.remote_objects.keyvault_certificates[var.client_config.landingzone_key][proxy.value.key_vault_certificate.certificate_key].secret_id, null), - try(var.remote_objects.keyvault_certificate_requests[var.client_config.landingzone_key][proxy.value.certificate_request_key].secret_id, null), - try(var.remote_objects.keyvault_certificate_requests[proxy.value.key_vault_certificate.lz_key][proxy.value.certificate_request_key].secret_id, null), - try(proxy.value.key_vault_id, null), + try(var.remote_objects.keyvault_certificates[gateway.value.key_vault_certificate.lz_key][gateway.value.key_vault_certificate.certificate_key].secret_id, null), + try(var.remote_objects.keyvault_certificates[var.client_config.landingzone_key][gateway.value.key_vault_certificate.certificate_key].secret_id, null), + try(var.remote_objects.keyvault_certificate_requests[var.client_config.landingzone_key][gateway.value.certificate_request_key].secret_id, null), + try(var.remote_objects.keyvault_certificate_requests[gateway.value.key_vault_certificate.lz_key][gateway.value.certificate_request_key].secret_id, null), + try(gateway.value.key_vault_id, null), null ) - negotiate_client_certificate = try(proxy.value.negotiate_client_certificate, null) + negotiate_client_certificate = try(gateway.value.negotiate_client_certificate, null) } } diff --git a/modules/apim/api_management_product/output.tf b/modules/apim/api_management_product/output.tf index f3f584552e..493139b755 100644 --- a/modules/apim/api_management_product/output.tf +++ b/modules/apim/api_management_product/output.tf @@ -1,9 +1,9 @@ output "id" { - value = azurerm_api_management_product.apim.id - description = "The ID of the API Management Product." - } + value = azurerm_api_management_product.apim.id + description = "The ID of the API Management Product." +} - output "product_id" { - value = azurerm_api_management_product.apim.product_id - description = "The Product ID of the API Management Product." - } \ No newline at end of file +output "product_id" { + value = azurerm_api_management_product.apim.product_id + description = "The Product ID of the API Management Product." +} \ No newline at end of file diff --git a/modules/cognitive_services/cognitive_services_account/cognitive_service_account.tf b/modules/cognitive_services/cognitive_services_account/cognitive_service_account.tf index 28341d4244..c61ddf1707 100644 --- a/modules/cognitive_services/cognitive_services_account/cognitive_service_account.tf +++ b/modules/cognitive_services/cognitive_services_account/cognitive_service_account.tf @@ -18,11 +18,28 @@ resource "azurerm_cognitive_account" "service" { qna_runtime_endpoint = var.settings.kind == "QnAMaker" ? var.settings.qna_runtime_endpoint : try(var.settings.qna_runtime_endpoint, null) dynamic "network_acls" { - for_each = try(var.settings.network_acls, null) == null ? [] : [1] + for_each = can(var.settings.network_acls) ? [var.settings.network_acls] : [] content { - default_action = var.settings.network_acls.default_action - ip_rules = try(var.settings.network_acls.ip_rules, null) - virtual_network_subnet_ids = try(var.settings.network_acls.virtual_network_subnet_ids, null) + default_action = network_acls.value.default_action + ip_rules = try(network_acls.value.ip_rules, null) + + # to support migration from 2.99.0 to 3.7.0 + dynamic "virtual_network_rules" { + for_each = can(network_acls.value.virtual_network_subnet_ids) ? toset(network_acls.value.virtual_network_subnet_ids) : [] + + content { + subnet_id = virtual_network_rules.value + } + } + + dynamic "virtual_network_rules" { + for_each = try(network_acls.value.virtual_network_rules, {}) + + content { + subnet_id = virtual_network_rules.value.subnet_id + ignore_missing_vnet_service_endpoint = try(virtual_network_rules.value.ignore_missing_vnet_service_endpoint, null) + } + } } } diff --git a/modules/compute/aks/aks.tf b/modules/compute/aks/aks.tf index bca3186d44..de1598fd23 100644 --- a/modules/compute/aks/aks.tf +++ b/modules/compute/aks/aks.tf @@ -43,7 +43,6 @@ resource "null_resource" "aks_registration_preview" { } } ### AKS cluster resource - resource "azurerm_kubernetes_cluster" "aks" { depends_on = [ null_resource.aks_registration_preview @@ -54,7 +53,6 @@ resource "azurerm_kubernetes_cluster" "aks" { role_based_access_control_enabled = try(var.settings.role_based_access_control_enabled, null) default_node_pool { - availability_zones = try(var.settings.default_node_pool.availability_zones, null) enable_auto_scaling = try(var.settings.default_node_pool.enable_auto_scaling, false) enable_host_encryption = try(var.settings.default_node_pool.enable_host_encryption, false) enable_node_public_ip = try(var.settings.default_node_pool.enable_node_public_ip, false) @@ -76,6 +74,7 @@ resource "azurerm_kubernetes_cluster" "aks" { type = try(var.settings.default_node_pool.type, "VirtualMachineScaleSets") ultra_ssd_enabled = try(var.settings.default_node_pool.ultra_ssd_enabled, false) vm_size = var.settings.default_node_pool.vm_size + zones = can(var.settings.default_node_pool.availability_zones) || can(var.settings.default_node_pool.zones) == false ? try(var.settings.default_node_pool.availability_zones, null) : var.settings.default_node_pool.zones pod_subnet_id = can(var.settings.default_node_pool.pod_subnet_key) == false || can(var.settings.default_node_pool.pod_subnet.key) == false || can(var.settings.default_node_pool.pod_subnet_id) || can(var.settings.default_node_pool.pod_subnet.resource_id) ? try(var.settings.default_node_pool.pod_subnet_id, var.settings.default_node_pool.pod_subnet.resource_id, null) : var.vnets[try(var.settings.lz_key, var.client_config.landingzone_key)][var.settings.vnet_key].subnets[try(var.settings.default_node_pool.pod_subnet_key, var.settings.default_node_pool.pod_subnet.key)].id vnet_subnet_id = can(var.settings.default_node_pool.vnet_subnet_id) || can(var.settings.default_node_pool.subnet.resource_id) ? try(var.settings.default_node_pool.vnet_subnet_id, var.settings.default_node_pool.subnet.resource_id) : var.vnets[try(var.settings.lz_key, var.client_config.landingzone_key)][var.settings.vnet_key].subnets[try(var.settings.default_node_pool.subnet_key, var.settings.default_node_pool.subnet.key)].id @@ -150,6 +149,7 @@ resource "azurerm_kubernetes_cluster" "aks" { dns_prefix_private_cluster = try(var.settings.dns_prefix_private_cluster, null) automatic_channel_upgrade = try(var.settings.automatic_channel_upgrade, null) + dynamic "aci_connector_linux" { for_each = try(var.settings.addon_profile.aci_connector_linux[*], var.settings.aci_connector_linux[*], []) @@ -158,7 +158,8 @@ resource "azurerm_kubernetes_cluster" "aks" { } } - azure_policy_enabled = can(var.settings.addon_profile.azure_policy) || can(var.settings.azure_policy_enabled) == false ? try(var.settings.addon_profile.azure_policy.0.enabled, null) : var.settings.azure_policy_enabled + azure_policy_enabled = can(var.settings.addon_profile.azure_policy) || can(var.settings.azure_policy_enabled) == false ? try(var.settings.addon_profile.azure_policy.0.enabled, null) : var.settings.azure_policy_enabled + http_application_routing_enabled = can(var.settings.addon_profile.http_application_routing) || can(var.settings.http_application_routing_enabled) == false ? try(var.settings.addon_profile.http_application_routing.0.enabled, null) : var.settings.http_application_routing_enabled dynamic "oms_agent" { @@ -180,30 +181,15 @@ resource "azurerm_kubernetes_cluster" "aks" { } dynamic "key_vault_secrets_provider" { - for_each = can(var.settings.addon_profile.azure_keyvault_secrets_provider) || can(var.settings.key_vault_secrets_provider) ? try([var.settings.addon_profile.azure_keyvault_secrets_provider], [var.settings.key_vault_secrets_provider]) : [] + for_each = can(var.settings.addon_profile.azure_keyvault_secrets_provider) || can(var.settings.key_vault_secrets_provider) ? try(var.settings.addon_profile.azure_keyvault_secrets_provider, var.settings.key_vault_secrets_provider) : {} content { secret_rotation_enabled = key_vault_secrets_provider.value.secret_rotation_enabled secret_rotation_interval = key_vault_secrets_provider.value.secret_rotation_interval } } - # dynamic "addon_profile" { - # for_each = lookup(var.settings, "addon_profile", null) == null ? [] : [1] - # dynamic "kube_dashboard" { - # for_each = try(var.settings.addon_profile.kube_dashboard[*], [{ enabled = false }]) - - # content { - # enabled = kube_dashboard.value.enabled - # } - # } - api_server_authorized_ip_ranges = try(var.settings.api_server_authorized_ip_ranges, null) - - disk_encryption_set_id = try(coalesce( - try(var.settings.disk_encryption_set_id, ""), - try(var.settings.disk_encryption_set.id, "") - ), null) - + disk_encryption_set_id = can(var.settings.disk_encryption_set_id) || can(var.settings.disk_encryption_set.id) == false ? try(var.settings.disk_encryption_set_id, null) : var.settings.disk_encryption_set.id dynamic "auto_scaler_profile" { for_each = try(var.settings.auto_scaler_profile[*], {}) @@ -230,11 +216,20 @@ resource "azurerm_kubernetes_cluster" "aks" { } dynamic "identity" { - for_each = try(var.settings.identity, null) == null ? [] : [1] + for_each = can(var.settings.identity) && can(var.settings.identity.identity_ids) == false ? [1] : [] content { - type = var.settings.identity.type - user_assigned_identity_id = lower(var.settings.identity.type) == "userassigned" ? can(var.settings.identity.user_assigned_identity_id) ? var.settings.identity.user_assigned_identity_id : var.managed_identities[try(var.settings.identity.lz_key, var.client_config.landingzone_key)][var.settings.identity.managed_identity_key].id : null + type = var.settings.identity.type + identity_ids = lower(var.settings.identity.type) == "userassigned" ? can(var.settings.identity.user_assigned_identity_id) ? [var.settings.identity.user_assigned_identity_id] : [var.managed_identities[try(var.settings.identity.lz_key, var.client_config.landingzone_key)][var.settings.identity.managed_identity_key].id] : null + } + } + + dynamic "identity" { + for_each = can(var.settings.identity.identity_ids) ? [1] : [] + + content { + type = var.settings.identity.type + identity_ids = var.settings.identity.identity_ids } } @@ -296,14 +291,16 @@ resource "azurerm_kubernetes_cluster" "aks" { outbound_type = try(network_profile.value.outbound_type, null) pod_cidr = try(network_profile.value.pod_cidr, null) service_cidr = try(network_profile.value.service_cidr, null) - load_balancer_sku = try(network_profile.value.load_balancer_sku, null) + load_balancer_sku = try(lower(network_profile.value.load_balancer_sku), null) dynamic "load_balancer_profile" { for_each = try(network_profile.value.load_balancer_profile[*], {}) content { + idle_timeout_in_minutes = try(load_balancer_profile.value.idle_timeout_in_minutes, null) managed_outbound_ip_count = try(load_balancer_profile.value.managed_outbound_ip_count, null) - outbound_ip_prefix_ids = try(load_balancer_profile.value.outbound_ip_prefix_ids, null) outbound_ip_address_ids = try(load_balancer_profile.value.outbound_ip_address_ids, null) + outbound_ip_prefix_ids = try(load_balancer_profile.value.outbound_ip_prefix_ids, null) + outbound_ports_allocated = try(load_balancer_profile.value.outbound_ports_allocated, null) } } } @@ -315,6 +312,25 @@ resource "azurerm_kubernetes_cluster" "aks" { private_cluster_public_fqdn_enabled = try(var.settings.private_cluster_public_fqdn_enabled, null) #Enabled RBAC + dynamic "azure_active_directory_role_based_access_control" { + for_each = try(var.settings.azure_active_directory_role_based_access_control[*], {}) + + content { + managed = try(azure_active_directory_role_based_access_control.value.managed, true) + tenant_id = try(azure_active_directory_role_based_access_control.value.tenant_id, null) + + # when managed is set to true + admin_group_object_ids = try(azure_active_directory_role_based_access_control.value.managed, true) ? try(azure_active_directory_role_based_access_control.value.admin_group_object_ids, try(var.admin_group_object_ids, null)) : null + azure_rbac_enabled = try(azure_active_directory_role_based_access_control.value.managed, true) ? try(azure_active_directory_role_based_access_control.value.azure_rbac_enabled, true) : null + + # when managed is set to false + client_app_id = try(azure_active_directory_role_based_access_control.value.managed, true) == false ? azure_active_directory_role_based_access_control.value.client_app_id : null + server_app_id = try(azure_active_directory_role_based_access_control.value.managed, true) == false ? azure_active_directory_role_based_access_control.value.server_app_id : null + server_app_secret = try(azure_active_directory_role_based_access_control.value.managed, true) == false ? azure_active_directory_role_based_access_control.value.server_app_secret : null + } + } + + # for backward compatibility with 2.99.0 dynamic "azure_active_directory_role_based_access_control" { for_each = try(var.settings.role_based_access_control[*], {}) @@ -379,7 +395,7 @@ resource "azurerm_kubernetes_cluster_node_pool" "nodepools" { name = each.value.name kubernetes_cluster_id = azurerm_kubernetes_cluster.aks.id vm_size = each.value.vm_size - availability_zones = try(each.value.availability_zones, null) + zones = can(each.value.availability_zones) || can(each.value.zones) == false ? try(each.value.availability_zones, null) : each.value.zones enable_auto_scaling = try(each.value.enable_auto_scaling, false) enable_host_encryption = try(each.value.enable_host_encryption, false) enable_node_public_ip = try(each.value.enable_node_public_ip, false) diff --git a/modules/compute/aks/output.tf b/modules/compute/aks/output.tf index f330c8720b..1336a1670e 100644 --- a/modules/compute/aks/output.tf +++ b/modules/compute/aks/output.tf @@ -47,7 +47,3 @@ output "node_resource_group" { output "private_fqdn" { value = azurerm_kubernetes_cluster.aks.private_fqdn } - -output "addon_profile" { - value = azurerm_kubernetes_cluster.aks.addon_profile -} \ No newline at end of file diff --git a/modules/compute/container_group/container_group.tf b/modules/compute/container_group/container_group.tf index 6fba8cb488..4253f8e2da 100644 --- a/modules/compute/container_group/container_group.tf +++ b/modules/compute/container_group/container_group.tf @@ -33,7 +33,7 @@ resource "azurerm_container_group" "acg" { tags = merge(local.tags, try(var.settings.tags, null)) ip_address_type = try(var.settings.ip_address_type, "Public") restart_policy = try(var.settings.restart_policy, "Always") - network_profile_id = try(var.combined_resources.network_profiles[var.client_config.landingzone_key][var.settings.network_profile.key].id, null) + network_profile_id = try(var.combined_resources.network_profiles[try(var.settings.network_profile.lz_key, var.client_config.landingzone_key)][var.settings.network_profile.key].id, null) dynamic "exposed_port" { for_each = try(var.settings.exposed_port, []) @@ -49,12 +49,12 @@ resource "azurerm_container_group" "acg" { for_each = local.combined_containers content { - name = container.value.name - image = container.value.image - cpu = container.value.cpu - memory = container.value.memory - environment_variables = merge( - try(container.value.environment_variables, null), + name = container.value.name + image = container.value.image + cpu = container.value.cpu + memory = container.value.memory + environment_variables = merge( + try(container.value.environment_variables, null), try(local.environment_variables_from_resources[container.key], null), try(module.variables_from_command[container.key].variables, null) ) @@ -63,7 +63,7 @@ resource "azurerm_container_group" "acg" { try(module.secure_variables_from_command[container.key].variables, null) ) - commands = try(container.value.commands, null) + commands = try(container.value.commands, null) dynamic "gpu" { for_each = try(container.value.gpu, null) == null ? [] : [1] diff --git a/modules/compute/dedicated_host_groups/module.tf b/modules/compute/dedicated_host_groups/module.tf index 241e9ccc58..a915d805b8 100644 --- a/modules/compute/dedicated_host_groups/module.tf +++ b/modules/compute/dedicated_host_groups/module.tf @@ -18,6 +18,6 @@ resource "azurerm_dedicated_host_group" "dhg" { location = var.location platform_fault_domain_count = var.settings.platform_fault_domain_count automatic_placement_enabled = try(var.settings.automatic_placement_enabled, false) - zones = try(var.settings.zones, null) + zone = try(var.settings.zone, null) tags = local.tags } \ No newline at end of file diff --git a/modules/compute/virtual_machine/vm_disk.tf b/modules/compute/virtual_machine/vm_disk.tf index 9c7ccec8f7..b27cdcb96c 100644 --- a/modules/compute/virtual_machine/vm_disk.tf +++ b/modules/compute/virtual_machine/vm_disk.tf @@ -26,7 +26,7 @@ resource "azurerm_managed_disk" "disk" { storage_account_type = each.value.storage_account_type create_option = each.value.create_option disk_size_gb = each.value.disk_size_gb - zones = try(each.value.zones, null) + zone = try(each.value.zone, each.value.zones[0], null) disk_iops_read_write = try(each.value.disk_iops_read_write, null) disk_mbps_read_write = try(each.value.disk.disk_mbps_read_write, null) tags = local.tags diff --git a/modules/compute/virtual_machine_scale_set/vmss_linux.tf b/modules/compute/virtual_machine_scale_set/vmss_linux.tf index 72d0229a41..5e6a9a69f0 100644 --- a/modules/compute/virtual_machine_scale_set/vmss_linux.tf +++ b/modules/compute/virtual_machine_scale_set/vmss_linux.tf @@ -135,15 +135,15 @@ resource "azurerm_linux_virtual_machine_scale_set" "vmss" { for_each = try(var.settings.data_disks, {}) content { - caching = data_disk.value.caching - create_option = try(data_disk.value.create_option, null) - disk_encryption_set_id = try(data_disk.value.disk_encryption_set_key, null) == null ? null : try(var.disk_encryption_sets[var.client_config.landingzone_key][data_disk.value.disk_encryption_set_key].id, var.disk_encryption_sets[data_disk.value.lz_key][data_disk.value.disk_encryption_set_key].id, null) - disk_iops_read_write = try(data_disk.value.storage_account_type == "UltraSSD_LRS" ? data_disk.value.disk_iops_read_write : null, null) - disk_mbps_read_write = try(data_disk.value.storage_account_type == "UltraSSD_LRS" ? data_disk.value.disk_mbps_read_write : null, null) - disk_size_gb = data_disk.value.disk_size_gb - lun = data_disk.value.lun - storage_account_type = data_disk.value.storage_account_type - write_accelerator_enabled = try(data_disk.value.write_accelerator_enabled, null) + caching = data_disk.value.caching + create_option = try(data_disk.value.create_option, null) + disk_encryption_set_id = try(data_disk.value.disk_encryption_set_key, null) == null ? null : try(var.disk_encryption_sets[var.client_config.landingzone_key][data_disk.value.disk_encryption_set_key].id, var.disk_encryption_sets[data_disk.value.lz_key][data_disk.value.disk_encryption_set_key].id, null) + ultra_ssd_disk_iops_read_write = try(data_disk.value.storage_account_type == "UltraSSD_LRS" ? try(data_disk.value.disk_iops_read_write, data_disk.value.ultra_ssd_disk_iops_read_write) : null, null) + ultra_ssd_disk_mbps_read_write = try(data_disk.value.storage_account_type == "UltraSSD_LRS" ? try(data_disk.value.disk_mbps_read_write, ultra_ssd_disk_mbps_read_write) : null, null) + disk_size_gb = data_disk.value.disk_size_gb + lun = data_disk.value.lun + storage_account_type = data_disk.value.storage_account_type + write_accelerator_enabled = try(data_disk.value.write_accelerator_enabled, null) } } @@ -299,9 +299,9 @@ resource "azurerm_linux_virtual_machine_scale_set" "vmss_autoscaled" { network_security_group_id = try(network_interface.value.network_security_group_id, null) ip_configuration { - name = azurecaf_name.linux_nic[network_interface.key].result - primary = try(network_interface.value.primary, false) - subnet_id = can(network_interface.value.subnet_id) ? network_interface.value.subnet_id : var.vnets[try(network_interface.value.lz_key, var.client_config.landingzone_key)][network_interface.value.vnet_key].subnets[network_interface.value.subnet_key].id + name = azurecaf_name.linux_nic[network_interface.key].result + primary = try(network_interface.value.primary, false) + subnet_id = can(network_interface.value.subnet_id) ? network_interface.value.subnet_id : var.vnets[try(network_interface.value.lz_key, var.client_config.landingzone_key)][network_interface.value.vnet_key].subnets[network_interface.value.subnet_key].id #################################################################### # load_balancer_backend_address_pool_ids = try(local.load_balancer_backend_address_pool_ids, null) # Copied from azurerm_linux_virtual_machine_scale_set resource above to auto-scaled here as @@ -331,15 +331,15 @@ resource "azurerm_linux_virtual_machine_scale_set" "vmss_autoscaled" { for_each = try(var.settings.data_disks, {}) content { - caching = data_disk.value.caching - create_option = try(data_disk.value.create_option, null) - disk_encryption_set_id = try(data_disk.value.disk_encryption_set_key, null) == null ? null : try(var.disk_encryption_sets[var.client_config.landingzone_key][data_disk.value.disk_encryption_set_key].id, var.disk_encryption_sets[data_disk.value.lz_key][data_disk.value.disk_encryption_set_key].id, null) - disk_iops_read_write = try(data_disk.value.storage_account_type == "UltraSSD_LRS" ? data_disk.value.disk_iops_read_write : null, null) - disk_mbps_read_write = try(data_disk.value.storage_account_type == "UltraSSD_LRS" ? data_disk.value.disk_mbps_read_write : null, null) - disk_size_gb = data_disk.value.disk_size_gb - lun = data_disk.value.lun - storage_account_type = data_disk.value.storage_account_type - write_accelerator_enabled = try(data_disk.value.write_accelerator_enabled, null) + caching = data_disk.value.caching + create_option = try(data_disk.value.create_option, null) + disk_encryption_set_id = try(data_disk.value.disk_encryption_set_key, null) == null ? null : try(var.disk_encryption_sets[var.client_config.landingzone_key][data_disk.value.disk_encryption_set_key].id, var.disk_encryption_sets[data_disk.value.lz_key][data_disk.value.disk_encryption_set_key].id, null) + ultra_ssd_disk_iops_read_write = try(data_disk.value.storage_account_type == "UltraSSD_LRS" ? try(data_disk.value.disk_iops_read_write, data_disk.value.ultra_ssd_disk_iops_read_write) : null, null) + ultra_ssd_disk_mbps_read_write = try(data_disk.value.storage_account_type == "UltraSSD_LRS" ? try(data_disk.value.disk_mbps_read_write, ultra_ssd_disk_mbps_read_write) : null, null) + disk_size_gb = data_disk.value.disk_size_gb + lun = data_disk.value.lun + storage_account_type = data_disk.value.storage_account_type + write_accelerator_enabled = try(data_disk.value.write_accelerator_enabled, null) } } diff --git a/modules/compute/virtual_machine_scale_set/vmss_windows.tf b/modules/compute/virtual_machine_scale_set/vmss_windows.tf index 2c3a068d57..875055f557 100644 --- a/modules/compute/virtual_machine_scale_set/vmss_windows.tf +++ b/modules/compute/virtual_machine_scale_set/vmss_windows.tf @@ -128,15 +128,15 @@ resource "azurerm_windows_virtual_machine_scale_set" "vmss" { for_each = try(var.settings.data_disks, {}) content { - caching = data_disk.value.caching - create_option = try(data_disk.value.create_option, null) - disk_encryption_set_id = try(data_disk.value.disk_encryption_set_key, null) == null ? null : try(var.disk_encryption_sets[var.client_config.landingzone_key][data_disk.value.disk_encryption_set_key].id, var.disk_encryption_sets[data_disk.value.lz_key][data_disk.value.disk_encryption_set_key].id, null) - disk_iops_read_write = try(data_disk.value.storage_account_type == "UltraSSD_LRS" ? data_disk.value.disk_iops_read_write : null, null) - disk_mbps_read_write = try(data_disk.value.storage_account_type == "UltraSSD_LRS" ? data_disk.value.disk_mbps_read_write : null, null) - disk_size_gb = data_disk.value.disk_size_gb - lun = data_disk.value.lun - storage_account_type = data_disk.value.storage_account_type - write_accelerator_enabled = try(data_disk.value.write_accelerator_enabled, null) + caching = data_disk.value.caching + create_option = try(data_disk.value.create_option, null) + disk_encryption_set_id = try(data_disk.value.disk_encryption_set_key, null) == null ? null : try(var.disk_encryption_sets[var.client_config.landingzone_key][data_disk.value.disk_encryption_set_key].id, var.disk_encryption_sets[data_disk.value.lz_key][data_disk.value.disk_encryption_set_key].id, null) + ultra_ssd_disk_iops_read_write = try(data_disk.value.storage_account_type == "UltraSSD_LRS" ? try(data_disk.value.disk_iops_read_write, data_disk.value.ultra_ssd_disk_iops_read_write) : null, null) + ultra_ssd_disk_mbps_read_write = try(data_disk.value.storage_account_type == "UltraSSD_LRS" ? try(data_disk.value.disk_mbps_read_write, ultra_ssd_disk_mbps_read_write) : null, null) + disk_size_gb = data_disk.value.disk_size_gb + lun = data_disk.value.lun + storage_account_type = data_disk.value.storage_account_type + write_accelerator_enabled = try(data_disk.value.write_accelerator_enabled, null) } } diff --git a/modules/compute/virtual_machine_scale_set_extensions/diagnostics.tf b/modules/compute/virtual_machine_scale_set_extensions/diagnostics.tf new file mode 100644 index 0000000000..7420cfca71 --- /dev/null +++ b/modules/compute/virtual_machine_scale_set_extensions/diagnostics.tf @@ -0,0 +1,9 @@ +resource "azurerm_virtual_machine_scale_set_extension" "daextension" { + for_each = var.extension_name == "microsoft_azure_da_extension" ? toset(["enabled"]) : toset([]) + name = "microsoft_azure_da_extension" + virtual_machine_scale_set_id = var.virtual_machine_scale_set_id + publisher = "Microsoft.Azure.Monitoring.DependencyAgent" + type = "DependencyAgentLinux" + type_handler_version = try(var.extension.type_handler_version, "9.5") + auto_upgrade_minor_version = try(var.extension.auto_upgrade_minor_version, false) +} diff --git a/modules/data_factory/data_factory/variables.tf b/modules/data_factory/data_factory/variables.tf index 2186324511..fa2d9eb8d7 100644 --- a/modules/data_factory/data_factory/variables.tf +++ b/modules/data_factory/data_factory/variables.tf @@ -8,10 +8,6 @@ variable "location" { description = "Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." default = null } -variable "resource_group_name" { - description = "Name of the existing resource group to deploy the virtual machine" - default = null -} variable "resource_groups" { description = "combined objetcs of the resource groups. Either resource_group_name or resource_groups is required." default = {} diff --git a/modules/data_factory/data_factory_integration_runtime_azure_ssis/module.tf b/modules/data_factory/data_factory_integration_runtime_azure_ssis/module.tf index 5a4440849f..b35c018dd5 100644 --- a/modules/data_factory/data_factory_integration_runtime_azure_ssis/module.tf +++ b/modules/data_factory/data_factory_integration_runtime_azure_ssis/module.tf @@ -18,7 +18,6 @@ resource "azurerm_data_factory_integration_runtime_azure_ssis" "dfiras" { name = azurecaf_name.dfiras.result data_factory_id = var.data_factory_id - resource_group_name = var.resource_group_name location = var.location node_size = var.settings.node_size number_of_nodes = try(var.settings.number_of_nodes, null) diff --git a/modules/data_factory/data_factory_integration_runtime_azure_ssis/variables.tf b/modules/data_factory/data_factory_integration_runtime_azure_ssis/variables.tf index f4ffa33176..cf2ea6b265 100644 --- a/modules/data_factory/data_factory_integration_runtime_azure_ssis/variables.tf +++ b/modules/data_factory/data_factory_integration_runtime_azure_ssis/variables.tf @@ -19,9 +19,6 @@ variable "base_tags" { variable "data_factory_id" { description = " Specifies the ID of the Data Factory the Azure-SSIS Integration Runtime belongs to. Changing this forces a new resource to be created." } -variable "resource_group_name" { - description = " The name of the resource group in which to create the Azure-SSIS Integration Runtime. Changing this forces a new resource to be created." -} variable "location" { description = "" diff --git a/modules/data_factory/data_factory_integration_runtime_self_hosted/module.tf b/modules/data_factory/data_factory_integration_runtime_self_hosted/module.tf index 1f3d59bf45..b653226454 100644 --- a/modules/data_factory/data_factory_integration_runtime_self_hosted/module.tf +++ b/modules/data_factory/data_factory_integration_runtime_self_hosted/module.tf @@ -11,6 +11,4 @@ resource "azurecaf_name" "dfirsh" { resource "azurerm_data_factory_integration_runtime_self_hosted" "dfirsh" { data_factory_id = var.data_factory_id name = azurecaf_name.dfirsh.result - - resource_group_name = var.resource_group_name } diff --git a/modules/data_factory/data_factory_integration_runtime_self_hosted/output.tf b/modules/data_factory/data_factory_integration_runtime_self_hosted/output.tf index 5c72802b2a..804b3bbf7b 100644 --- a/modules/data_factory/data_factory_integration_runtime_self_hosted/output.tf +++ b/modules/data_factory/data_factory_integration_runtime_self_hosted/output.tf @@ -6,11 +6,21 @@ output "name" { value = azurecaf_name.dfirsh.result description = "The name of the Data Factory runtime." } +# TODO - kept to simplify 3.0 migration output "auth_key_1" { - value = azurerm_data_factory_integration_runtime_self_hosted.dfirsh.auth_key_1 + value = azurerm_data_factory_integration_runtime_self_hosted.dfirsh.primary_authorization_key description = "The primary integration runtime authentication key." } +output "primary_authorization_key" { + value = azurerm_data_factory_integration_runtime_self_hosted.dfirsh.primary_authorization_key + description = "The primary integration runtime authentication key." +} +# TODO - kept to simplify 3.0 migration output "auth_key_2" { - value = azurerm_data_factory_integration_runtime_self_hosted.dfirsh.auth_key_2 + value = azurerm_data_factory_integration_runtime_self_hosted.dfirsh.secondary_authorization_key + description = "The secondary integration runtime authentication key." +} +output "secondary_authorization_key" { + value = azurerm_data_factory_integration_runtime_self_hosted.dfirsh.secondary_authorization_key description = "The secondary integration runtime authentication key." } diff --git a/modules/data_factory/data_factory_integration_runtime_self_hosted/variables.tf b/modules/data_factory/data_factory_integration_runtime_self_hosted/variables.tf index c25d146640..08c5b899b2 100644 --- a/modules/data_factory/data_factory_integration_runtime_self_hosted/variables.tf +++ b/modules/data_factory/data_factory_integration_runtime_self_hosted/variables.tf @@ -19,6 +19,3 @@ variable "base_tags" { variable "data_factory_id" { description = " Changing this forces a new Data Factory Self-hosted Integration Runtime to be created." } -variable "resource_group_name" { - description = " The name of the Resource Group where the Data Factory should exist. Changing this forces a new Data Factory Self-hosted Integration Runtime to be created." -} diff --git a/modules/data_factory/data_factory_pipeline/module.tf b/modules/data_factory/data_factory_pipeline/module.tf index c9304b1dad..462003860c 100644 --- a/modules/data_factory/data_factory_pipeline/module.tf +++ b/modules/data_factory/data_factory_pipeline/module.tf @@ -9,7 +9,6 @@ resource "azurecaf_name" "pipeline" { } resource "azurerm_data_factory_pipeline" "pipeline" { name = azurecaf_name.pipeline.result - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id description = try(var.settings.description, null) annotations = try(var.settings.annotations, null) diff --git a/modules/data_factory/data_factory_pipeline/variables.tf b/modules/data_factory/data_factory_pipeline/variables.tf index f20d33ed9f..6303e8eb55 100644 --- a/modules/data_factory/data_factory_pipeline/variables.tf +++ b/modules/data_factory/data_factory_pipeline/variables.tf @@ -7,9 +7,6 @@ variable "client_config" { variable "settings" { description = "Used for general parameter." } -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Pipeline" -} variable "data_factory_id" { description = "(Required) The Data Factory ID in which to associate the Pipeline with. Changing this forces a new resource" } diff --git a/modules/data_factory/data_factory_trigger_schedule/module.tf b/modules/data_factory/data_factory_trigger_schedule/module.tf index c566f68ae0..b1a3a9b16c 100644 --- a/modules/data_factory/data_factory_trigger_schedule/module.tf +++ b/modules/data_factory/data_factory_trigger_schedule/module.tf @@ -9,7 +9,6 @@ resource "azurecaf_name" "schedule" { } resource "azurerm_data_factory_trigger_schedule" "schedule" { name = azurecaf_name.schedule.name - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id pipeline_name = var.pipeline_name start_time = try(var.settings.start_time, null) diff --git a/modules/data_factory/data_factory_trigger_schedule/variables.tf b/modules/data_factory/data_factory_trigger_schedule/variables.tf index 9260827294..91048a835b 100644 --- a/modules/data_factory/data_factory_trigger_schedule/variables.tf +++ b/modules/data_factory/data_factory_trigger_schedule/variables.tf @@ -7,9 +7,6 @@ variable "client_config" { variable "settings" { description = "Used for general parameter." } -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Schedule Trigger" -} variable "data_factory_id" { description = "(Required) The Data Factory ID in which to associate the Schedule Trigger with" } diff --git a/modules/data_factory/datasets/azure_blob/module.tf b/modules/data_factory/datasets/azure_blob/module.tf index 8015c44f8a..60acf9f517 100644 --- a/modules/data_factory/datasets/azure_blob/module.tf +++ b/modules/data_factory/datasets/azure_blob/module.tf @@ -9,7 +9,6 @@ resource "azurecaf_name" "dataset" { } resource "azurerm_data_factory_dataset_azure_blob" "dataset" { name = azurecaf_name.dataset.result - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id linked_service_name = var.linked_service_name folder = try(var.settings.folder, null) diff --git a/modules/data_factory/datasets/azure_blob/variables.tf b/modules/data_factory/datasets/azure_blob/variables.tf index 95c604b766..7bdc2f9ae8 100644 --- a/modules/data_factory/datasets/azure_blob/variables.tf +++ b/modules/data_factory/datasets/azure_blob/variables.tf @@ -7,9 +7,6 @@ variable "client_config" { variable "settings" { description = "Used for general parameter." } -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Dataset" -} variable "data_factory_id" { description = "(Required) The Data Factory name in which to associate the Dataset with" diff --git a/modules/data_factory/datasets/cosmosdb_sqlapi/module.tf b/modules/data_factory/datasets/cosmosdb_sqlapi/module.tf index e74b022231..ff81bb1bb8 100644 --- a/modules/data_factory/datasets/cosmosdb_sqlapi/module.tf +++ b/modules/data_factory/datasets/cosmosdb_sqlapi/module.tf @@ -9,7 +9,6 @@ resource "azurecaf_name" "dataset" { } resource "azurerm_data_factory_dataset_cosmosdb_sqlapi" "dataset" { name = azurecaf_name.dataset.result - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id linked_service_name = var.linked_service_name folder = try(var.settings.folder, null) diff --git a/modules/data_factory/datasets/cosmosdb_sqlapi/variables.tf b/modules/data_factory/datasets/cosmosdb_sqlapi/variables.tf index c7b09a106c..1950492029 100644 --- a/modules/data_factory/datasets/cosmosdb_sqlapi/variables.tf +++ b/modules/data_factory/datasets/cosmosdb_sqlapi/variables.tf @@ -7,9 +7,6 @@ variable "client_config" { variable "settings" { description = "Used for general parameter." } -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Dataset" -} variable "data_factory_id" { description = "(Required) The Data Factory ID in which to associate the Dataset with" diff --git a/modules/data_factory/datasets/delimited_text/module.tf b/modules/data_factory/datasets/delimited_text/module.tf index 4dcff402ab..0ac1837765 100644 --- a/modules/data_factory/datasets/delimited_text/module.tf +++ b/modules/data_factory/datasets/delimited_text/module.tf @@ -9,7 +9,6 @@ resource "azurecaf_name" "dataset" { } resource "azurerm_data_factory_dataset_delimited_text" "dataset" { name = azurecaf_name.dataset.name - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id linked_service_name = var.linked_service_name folder = try(var.settings.folder, null) diff --git a/modules/data_factory/datasets/delimited_text/variables.tf b/modules/data_factory/datasets/delimited_text/variables.tf index c7b09a106c..1950492029 100644 --- a/modules/data_factory/datasets/delimited_text/variables.tf +++ b/modules/data_factory/datasets/delimited_text/variables.tf @@ -7,9 +7,6 @@ variable "client_config" { variable "settings" { description = "Used for general parameter." } -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Dataset" -} variable "data_factory_id" { description = "(Required) The Data Factory ID in which to associate the Dataset with" diff --git a/modules/data_factory/datasets/http/module.tf b/modules/data_factory/datasets/http/module.tf index 8f1d6ed30f..f1c0636499 100644 --- a/modules/data_factory/datasets/http/module.tf +++ b/modules/data_factory/datasets/http/module.tf @@ -9,7 +9,6 @@ resource "azurecaf_name" "dataset" { } resource "azurerm_data_factory_dataset_http" "dataset" { name = azurecaf_name.dataset.name - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id linked_service_name = var.linked_service_name folder = try(var.settings.folder, null) diff --git a/modules/data_factory/datasets/http/variables.tf b/modules/data_factory/datasets/http/variables.tf index 95c604b766..7bdc2f9ae8 100644 --- a/modules/data_factory/datasets/http/variables.tf +++ b/modules/data_factory/datasets/http/variables.tf @@ -7,9 +7,6 @@ variable "client_config" { variable "settings" { description = "Used for general parameter." } -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Dataset" -} variable "data_factory_id" { description = "(Required) The Data Factory name in which to associate the Dataset with" diff --git a/modules/data_factory/datasets/json/module.tf b/modules/data_factory/datasets/json/module.tf index 1fb40a7794..fc62b20ce9 100644 --- a/modules/data_factory/datasets/json/module.tf +++ b/modules/data_factory/datasets/json/module.tf @@ -9,7 +9,6 @@ resource "azurecaf_name" "dataset" { } resource "azurerm_data_factory_dataset_json" "dataset" { name = azurecaf_name.dataset.name - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id linked_service_name = var.linked_service_name folder = try(var.settings.folder, null) diff --git a/modules/data_factory/datasets/json/variables.tf b/modules/data_factory/datasets/json/variables.tf index 26c439f659..8fddf14293 100644 --- a/modules/data_factory/datasets/json/variables.tf +++ b/modules/data_factory/datasets/json/variables.tf @@ -7,9 +7,6 @@ variable "client_config" { variable "settings" { description = "Used for general parameter." } -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Linked Service." -} variable "data_factory_id" { description = "(Required) The Data Factory name in which to associate the Linked Service with. Changing this forces a new resource." } diff --git a/modules/data_factory/datasets/mysql/module.tf b/modules/data_factory/datasets/mysql/module.tf index db563ba1fb..0248b11758 100644 --- a/modules/data_factory/datasets/mysql/module.tf +++ b/modules/data_factory/datasets/mysql/module.tf @@ -9,7 +9,6 @@ resource "azurecaf_name" "dataset" { } resource "azurerm_data_factory_dataset_mysql" "dataset" { name = azurecaf_name.dataset.name - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id linked_service_name = var.linked_service_name table_name = try(var.settings.table_name, null) diff --git a/modules/data_factory/datasets/mysql/variables.tf b/modules/data_factory/datasets/mysql/variables.tf index 26c439f659..8fddf14293 100644 --- a/modules/data_factory/datasets/mysql/variables.tf +++ b/modules/data_factory/datasets/mysql/variables.tf @@ -7,9 +7,6 @@ variable "client_config" { variable "settings" { description = "Used for general parameter." } -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Linked Service." -} variable "data_factory_id" { description = "(Required) The Data Factory name in which to associate the Linked Service with. Changing this forces a new resource." } diff --git a/modules/data_factory/datasets/postgresql/module.tf b/modules/data_factory/datasets/postgresql/module.tf index 8ca1048ded..048514cde5 100644 --- a/modules/data_factory/datasets/postgresql/module.tf +++ b/modules/data_factory/datasets/postgresql/module.tf @@ -9,7 +9,6 @@ resource "azurecaf_name" "dataset" { } resource "azurerm_data_factory_dataset_postgresql" "dataset" { name = azurecaf_name.dataset.name - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id linked_service_name = var.linked_service_name table_name = try(var.settings.table_name, null) diff --git a/modules/data_factory/datasets/postgresql/variables.tf b/modules/data_factory/datasets/postgresql/variables.tf index 26c439f659..8fddf14293 100644 --- a/modules/data_factory/datasets/postgresql/variables.tf +++ b/modules/data_factory/datasets/postgresql/variables.tf @@ -7,9 +7,6 @@ variable "client_config" { variable "settings" { description = "Used for general parameter." } -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Linked Service." -} variable "data_factory_id" { description = "(Required) The Data Factory name in which to associate the Linked Service with. Changing this forces a new resource." } diff --git a/modules/data_factory/datasets/sql_server_table/module.tf b/modules/data_factory/datasets/sql_server_table/module.tf index 7d2b0d253d..c511697f5c 100644 --- a/modules/data_factory/datasets/sql_server_table/module.tf +++ b/modules/data_factory/datasets/sql_server_table/module.tf @@ -9,7 +9,6 @@ resource "azurecaf_name" "dataset" { } resource "azurerm_data_factory_dataset_sql_server_table" "dataset" { name = azurecaf_name.dataset.name - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id linked_service_name = var.linked_service_name table_name = try(var.settings.table_name, null) diff --git a/modules/data_factory/datasets/sql_server_table/variables.tf b/modules/data_factory/datasets/sql_server_table/variables.tf index 26c439f659..8fddf14293 100644 --- a/modules/data_factory/datasets/sql_server_table/variables.tf +++ b/modules/data_factory/datasets/sql_server_table/variables.tf @@ -7,9 +7,6 @@ variable "client_config" { variable "settings" { description = "Used for general parameter." } -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Linked Service." -} variable "data_factory_id" { description = "(Required) The Data Factory name in which to associate the Linked Service with. Changing this forces a new resource." } diff --git a/modules/data_factory/linked_services/azure_blob_storage/module.tf b/modules/data_factory/linked_services/azure_blob_storage/module.tf index ee6b7e0d00..f305394815 100644 --- a/modules/data_factory/linked_services/azure_blob_storage/module.tf +++ b/modules/data_factory/linked_services/azure_blob_storage/module.tf @@ -10,7 +10,6 @@ resource "azurecaf_name" "lsabs" { resource "azurerm_data_factory_linked_service_azure_blob_storage" "linked_service_azure_blob_storage" { name = azurecaf_name.lsabs.result - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id description = try(var.settings.description, null) integration_runtime_name = try(var.settings.integration_runtime_name, var.integration_runtime_name) diff --git a/modules/data_factory/linked_services/azure_blob_storage/variables.tf b/modules/data_factory/linked_services/azure_blob_storage/variables.tf index 952fb0f365..c49baa73e9 100644 --- a/modules/data_factory/linked_services/azure_blob_storage/variables.tf +++ b/modules/data_factory/linked_services/azure_blob_storage/variables.tf @@ -7,9 +7,6 @@ variable "client_config" { variable "settings" { description = "Used for general parameter." } -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Linked Service." -} variable "data_factory_id" { description = "(Required) The Data Factory ID in which to associate the Linked Service with. Changing this forces a new resource." } diff --git a/modules/data_factory/linked_services/azure_databricks/module.tf b/modules/data_factory/linked_services/azure_databricks/module.tf index 3b37c797ad..dd8cd785e9 100644 --- a/modules/data_factory/linked_services/azure_databricks/module.tf +++ b/modules/data_factory/linked_services/azure_databricks/module.tf @@ -10,10 +10,9 @@ resource "azurecaf_name" "dflsad" { resource "azurerm_data_factory_linked_service_azure_databricks" "dflsad" { - name = azurecaf_name.dflsad.result - resource_group_name = var.resource_group_name - data_factory_id = var.remote_objects.data_factory.id - access_token = try(var.settings.access_token, null) + name = azurecaf_name.dflsad.result + data_factory_id = var.remote_objects.data_factory.id + access_token = try(var.settings.access_token, null) dynamic "key_vault_password" { for_each = try(var.settings.key_vault_password, null) != null ? [var.settings.key_vault_password] : [] diff --git a/modules/data_factory/linked_services/azure_databricks/variables.tf b/modules/data_factory/linked_services/azure_databricks/variables.tf index ae488cdc27..6d688d967a 100644 --- a/modules/data_factory/linked_services/azure_databricks/variables.tf +++ b/modules/data_factory/linked_services/azure_databricks/variables.tf @@ -16,9 +16,6 @@ variable "base_tags" { type = map(any) default = {} } -variable "resource_group_name" { - description = " The name of the resource group in which to create the Data Factory Linked Service. Changing this forces a new resource." -} variable "integration_runtime_name" { description = "(Optional) The integration runtime reference to associate with the Data Factory Linked Service Databricks." default = "null" diff --git a/modules/data_factory/linked_services/azure_file_storage/module.tf b/modules/data_factory/linked_services/azure_file_storage/module.tf index ab063d6bff..818583fbe4 100644 --- a/modules/data_factory/linked_services/azure_file_storage/module.tf +++ b/modules/data_factory/linked_services/azure_file_storage/module.tf @@ -10,7 +10,6 @@ resource "azurecaf_name" "dataset" { resource "azurerm_data_factory_linked_service_azure_file_storage" "linked_service_azure_file_storage" { name = azurecaf_name.dataset.name - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id description = try(var.description, null) integration_runtime_name = try(var.integration_runtime_name, null) diff --git a/modules/data_factory/linked_services/azure_file_storage/variables.tf b/modules/data_factory/linked_services/azure_file_storage/variables.tf index af3c77be17..a96d4dd58b 100644 --- a/modules/data_factory/linked_services/azure_file_storage/variables.tf +++ b/modules/data_factory/linked_services/azure_file_storage/variables.tf @@ -2,10 +2,6 @@ variable "name" { description = "(Required) Specifies the name of the Data Factory Linked Service. Changing this forces a new resource to be created. Must be globally unique." } -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Linked Service. Changing this forces a new resource." -} - variable "data_factory_id" { description = "(Required) The Data Factory name in which to associate the Linked Service with. Changing this forces a new resource." } diff --git a/modules/data_factory/linked_services/azure_function/module.tf b/modules/data_factory/linked_services/azure_function/module.tf index 94c1504042..f7d77b7eec 100644 --- a/modules/data_factory/linked_services/azure_function/module.tf +++ b/modules/data_factory/linked_services/azure_function/module.tf @@ -9,7 +9,6 @@ resource "azurecaf_name" "dataset" { } resource "azurerm_data_factory_linked_service_azure_function" "linked_service_azure_function" { name = azurecaf_name.dataset.name - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id description = try(var.description, null) integration_runtime_name = try(var.integration_runtime_name, null) diff --git a/modules/data_factory/linked_services/azure_function/variables.tf b/modules/data_factory/linked_services/azure_function/variables.tf index 84f942b57d..0c8ba34679 100644 --- a/modules/data_factory/linked_services/azure_function/variables.tf +++ b/modules/data_factory/linked_services/azure_function/variables.tf @@ -2,10 +2,6 @@ variable "name" { description = "(Required) Specifies the name of the Data Factory Linked Service. Changing this forces a new resource to be created. Must be globally unique." } -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Linked Service. Changing this forces a new resource." -} - variable "data_factory_id" { description = "(Required) The Data Factory name in which to associate the Linked Service with. Changing this forces a new resource." } diff --git a/modules/data_factory/linked_services/azure_sql_database/module.tf b/modules/data_factory/linked_services/azure_sql_database/module.tf index 297b3b8d29..8e608aad5a 100644 --- a/modules/data_factory/linked_services/azure_sql_database/module.tf +++ b/modules/data_factory/linked_services/azure_sql_database/module.tf @@ -9,7 +9,6 @@ resource "azurecaf_name" "dataset" { } resource "azurerm_data_factory_linked_service_azure_sql_database" "linked_service_azure_sql_database" { name = azurecaf_name.dataset.name - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id description = try(var.description, null) integration_runtime_name = try(var.integration_runtime_name, null) diff --git a/modules/data_factory/linked_services/azure_sql_database/variables.tf b/modules/data_factory/linked_services/azure_sql_database/variables.tf index 488143237c..8beab050d8 100644 --- a/modules/data_factory/linked_services/azure_sql_database/variables.tf +++ b/modules/data_factory/linked_services/azure_sql_database/variables.tf @@ -1,11 +1,6 @@ variable "name" { description = "(Required) Specifies the name of the Data Factory Linked Service Azure SQL Database. Changing this forces a new resource to be created. Must be globally unique." } - -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Linked Service Azure SQL Database. Changing this forces a new resource to be created." -} - variable "data_factory_id" { description = "(Required) The Data Factory name in which to associate the Linked Service with. Changing this forces a new resource to be created." } diff --git a/modules/data_factory/linked_services/cosmosdb/module.tf b/modules/data_factory/linked_services/cosmosdb/module.tf index 9c1fc0c1ef..830862481c 100644 --- a/modules/data_factory/linked_services/cosmosdb/module.tf +++ b/modules/data_factory/linked_services/cosmosdb/module.tf @@ -9,7 +9,6 @@ resource "azurecaf_name" "linked_service_cosmosdb" { } resource "azurerm_data_factory_linked_service_cosmosdb" "linked_service_cosmosdb" { name = azurecaf_name.linked_service_cosmosdb.result - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id description = try(var.settings.description, null) integration_runtime_name = try(var.settings.integration_runtime_name, null) diff --git a/modules/data_factory/linked_services/cosmosdb/variables.tf b/modules/data_factory/linked_services/cosmosdb/variables.tf index 80c7e070bb..7ed223d594 100644 --- a/modules/data_factory/linked_services/cosmosdb/variables.tf +++ b/modules/data_factory/linked_services/cosmosdb/variables.tf @@ -7,9 +7,6 @@ variable "client_config" { variable "settings" { description = "Used for general parameter." } -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Linked Service." -} variable "data_factory_id" { description = "(Required) The Data Factory ID in which to associate the Linked Service with. Changing this forces a new resource." } diff --git a/modules/data_factory/linked_services/data_lake_storage_gen2/module.tf b/modules/data_factory/linked_services/data_lake_storage_gen2/module.tf index 07fee4ded0..e112eed4f3 100644 --- a/modules/data_factory/linked_services/data_lake_storage_gen2/module.tf +++ b/modules/data_factory/linked_services/data_lake_storage_gen2/module.tf @@ -9,7 +9,6 @@ resource "azurecaf_name" "linked" { } resource "azurerm_data_factory_linked_service_data_lake_storage_gen2" "linked_service_data_lake_storage_gen2" { name = azurecaf_name.linked.name - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id description = try(var.description, null) integration_runtime_name = try(var.integration_runtime_name, null) diff --git a/modules/data_factory/linked_services/data_lake_storage_gen2/variables.tf b/modules/data_factory/linked_services/data_lake_storage_gen2/variables.tf index 7f60c651f8..bcb80407b9 100644 --- a/modules/data_factory/linked_services/data_lake_storage_gen2/variables.tf +++ b/modules/data_factory/linked_services/data_lake_storage_gen2/variables.tf @@ -2,10 +2,6 @@ variable "name" { description = "(Required) Specifies the name of the Data Factory Linked Service. Changing this forces a new resource to be created. Must be globally unique" } -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Linked Service. Changing this forces a new resource" -} - variable "data_factory_id" { description = "(Required) The Data Factory name in which to associate the Linked Service with. Changing this forces a new resource" } diff --git a/modules/data_factory/linked_services/key_vault/module.tf b/modules/data_factory/linked_services/key_vault/module.tf index 227b7b388f..e3e9cc91c7 100644 --- a/modules/data_factory/linked_services/key_vault/module.tf +++ b/modules/data_factory/linked_services/key_vault/module.tf @@ -9,7 +9,6 @@ resource "azurecaf_name" "linked" { } resource "azurerm_data_factory_linked_service_key_vault" "linked_service_key_vault" { name = azurecaf_name.linked.name - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id description = var.description integration_runtime_name = var.integration_runtime_name diff --git a/modules/data_factory/linked_services/key_vault/variables.tf b/modules/data_factory/linked_services/key_vault/variables.tf index 3c6f5c0e8e..f1d096e24f 100644 --- a/modules/data_factory/linked_services/key_vault/variables.tf +++ b/modules/data_factory/linked_services/key_vault/variables.tf @@ -6,10 +6,6 @@ variable "name" { description = "(Required) Specifies the name of the Data Factory Linked Service Key Vault. Changing this forces a new resource to be created. Must be globally unique." } -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Linked Service Key Vault. Changing this forces a new resource." -} - variable "data_factory_id" { description = "(Required) The Data Factory ID in which to associate the Linked Service with. Changing this forces a new resource." } diff --git a/modules/data_factory/linked_services/mysql/module.tf b/modules/data_factory/linked_services/mysql/module.tf index 2c754ee5bf..76cb2977fb 100644 --- a/modules/data_factory/linked_services/mysql/module.tf +++ b/modules/data_factory/linked_services/mysql/module.tf @@ -9,7 +9,6 @@ resource "azurecaf_name" "dataset" { } resource "azurerm_data_factory_linked_service_mysql" "linked_service_mysql" { name = azurecaf_name.dataset.name - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id description = try(var.settings.description, null) integration_runtime_name = try(var.settings.integration_runtime_name, null) diff --git a/modules/data_factory/linked_services/mysql/variables.tf b/modules/data_factory/linked_services/mysql/variables.tf index 3ad41503d3..eb2e3f745f 100644 --- a/modules/data_factory/linked_services/mysql/variables.tf +++ b/modules/data_factory/linked_services/mysql/variables.tf @@ -7,9 +7,6 @@ variable "client_config" { variable "settings" { description = "Used for general parameter." } -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Linked Service." -} variable "data_factory_id" { description = "(Required) The Data Factory ID in which to associate the Linked Service with. Changing this forces a new resource." } diff --git a/modules/data_factory/linked_services/postgresql/module.tf b/modules/data_factory/linked_services/postgresql/module.tf index 252d43c644..cf0c4ca277 100644 --- a/modules/data_factory/linked_services/postgresql/module.tf +++ b/modules/data_factory/linked_services/postgresql/module.tf @@ -9,7 +9,6 @@ resource "azurecaf_name" "linked" { } resource "azurerm_data_factory_linked_service_postgresql" "linked_service_postgresql" { name = azurecaf_name.linked.name - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id description = try(var.settings.description, null) integration_runtime_name = try(var.settings.integration_runtime_name, null) diff --git a/modules/data_factory/linked_services/postgresql/variables.tf b/modules/data_factory/linked_services/postgresql/variables.tf index cd0b28c88c..db0dd3ad91 100644 --- a/modules/data_factory/linked_services/postgresql/variables.tf +++ b/modules/data_factory/linked_services/postgresql/variables.tf @@ -7,9 +7,6 @@ variable "client_config" { variable "settings" { description = "Used for general parameter." } -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Linked Service." -} variable "data_factory_id" { description = "(Required) The Data Factory ID in which to associate the Linked Service with. Changing this forces a new resource." } \ No newline at end of file diff --git a/modules/data_factory/linked_services/sftp/module.tf b/modules/data_factory/linked_services/sftp/module.tf index 09fad5dfa7..3cb0cab59c 100644 --- a/modules/data_factory/linked_services/sftp/module.tf +++ b/modules/data_factory/linked_services/sftp/module.tf @@ -9,7 +9,6 @@ resource "azurecaf_name" "dataset" { } resource "azurerm_data_factory_linked_service_sftp" "linked_service_sftp" { name = azurecaf_name.dataset.name - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id description = try(var.description, null) integration_runtime_name = try(var.integration_runtime_name, null) diff --git a/modules/data_factory/linked_services/sftp/variables.tf b/modules/data_factory/linked_services/sftp/variables.tf index 2f149c6f63..3b0f8166d4 100644 --- a/modules/data_factory/linked_services/sftp/variables.tf +++ b/modules/data_factory/linked_services/sftp/variables.tf @@ -2,10 +2,6 @@ variable "name" { description = "(Required) Specifies the name of the Data Factory Linked Service. Changing this forces a new resource to be created. Must be globally unique." } -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Linked Service. Changing this forces a new resource" -} - variable "data_factory_id" { description = "(Required) The Data Factory name in which to associate the Linked Service with. Changing this forces a new resource." } diff --git a/modules/data_factory/linked_services/sql_server/module.tf b/modules/data_factory/linked_services/sql_server/module.tf index ceb8c071a2..1fee48c3bb 100644 --- a/modules/data_factory/linked_services/sql_server/module.tf +++ b/modules/data_factory/linked_services/sql_server/module.tf @@ -9,7 +9,6 @@ resource "azurecaf_name" "linked" { } resource "azurerm_data_factory_linked_service_sql_server" "linked_service_sql_server" { name = azurecaf_name.linked.name - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id description = try(var.settings.description, null) integration_runtime_name = try(var.settings.integration_runtime_name, null) diff --git a/modules/data_factory/linked_services/sql_server/variables.tf b/modules/data_factory/linked_services/sql_server/variables.tf index e339fcf43a..15e55ff300 100644 --- a/modules/data_factory/linked_services/sql_server/variables.tf +++ b/modules/data_factory/linked_services/sql_server/variables.tf @@ -7,9 +7,6 @@ variable "client_config" { variable "settings" { description = "Used for general parameter." } -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Linked Service." -} variable "data_factory_id" { description = "(Required) The Data Factory name in which to associate the Linked Service with. Changing this forces a new resource." } diff --git a/modules/data_factory/linked_services/web/module.tf b/modules/data_factory/linked_services/web/module.tf index 1ddba69bcf..571d5df24a 100644 --- a/modules/data_factory/linked_services/web/module.tf +++ b/modules/data_factory/linked_services/web/module.tf @@ -9,7 +9,6 @@ resource "azurecaf_name" "linked_service_web" { } resource "azurerm_data_factory_linked_service_web" "linked_service_web" { name = azurecaf_name.linked_service_web.name - resource_group_name = var.resource_group_name data_factory_id = var.data_factory_id description = try(var.settings.description, null) integration_runtime_name = try(var.settings.integration_runtime_name, null) diff --git a/modules/data_factory/linked_services/web/variables.tf b/modules/data_factory/linked_services/web/variables.tf index 3ad41503d3..eb2e3f745f 100644 --- a/modules/data_factory/linked_services/web/variables.tf +++ b/modules/data_factory/linked_services/web/variables.tf @@ -7,9 +7,6 @@ variable "client_config" { variable "settings" { description = "Used for general parameter." } -variable "resource_group_name" { - description = "(Required) The name of the resource group in which to create the Data Factory Linked Service." -} variable "data_factory_id" { description = "(Required) The Data Factory ID in which to associate the Linked Service with. Changing this forces a new resource." } diff --git a/modules/databases/mssql_database/database.tf b/modules/databases/mssql_database/database.tf index aec0ad3616..0c35f506d9 100644 --- a/modules/databases/mssql_database/database.tf +++ b/modules/databases/mssql_database/database.tf @@ -10,57 +10,59 @@ resource "azurecaf_name" "mssqldb" { } resource "azurerm_mssql_database" "mssqldb" { - auto_pause_delay_in_minutes = try(var.settings.auto_pause_delay_in_minutes, null) - collation = try(var.settings.collation, null) - create_mode = try(var.settings.create_mode, null) - creation_source_database_id = try(var.settings.creation_source_database_id, null) - elastic_pool_id = try(var.elastic_pool_id, null) - geo_backup_enabled = try(var.settings.geo_backup_enabled, null) - license_type = try(var.settings.license_type, null) - max_size_gb = try(var.settings.max_size_gb, null) - min_capacity = try(var.settings.min_capacity, null) - name = azurecaf_name.mssqldb.result - read_replica_count = try(var.settings.read_replica_count, null) - read_scale = try(var.settings.read_scale, null) - recover_database_id = try(var.settings.recover_database_id, null) - restore_dropped_database_id = try(var.settings.restore_dropped_database_id, null) - restore_point_in_time = try(var.settings.restore_point_in_time, null) - sample_name = try(var.settings.sample_name, null) - server_id = var.server_id - sku_name = try(var.settings.sku_name, null) - storage_account_type = try(var.settings.storage_account_type, null) - tags = local.tags - zone_redundant = try(var.settings.zone_redundant, null) + auto_pause_delay_in_minutes = try(var.settings.auto_pause_delay_in_minutes, null) + collation = try(var.settings.collation, null) + create_mode = try(var.settings.create_mode, null) + creation_source_database_id = try(var.settings.creation_source_database_id, null) + elastic_pool_id = try(var.elastic_pool_id, null) + geo_backup_enabled = try(var.settings.geo_backup_enabled, false) + ledger_enabled = try(var.settings.ledger_enabled, false) + license_type = try(var.settings.license_type, null) + max_size_gb = try(var.settings.max_size_gb, null) + min_capacity = try(var.settings.min_capacity, null) + name = azurecaf_name.mssqldb.result + read_replica_count = try(var.settings.read_replica_count, null) + read_scale = try(var.settings.read_scale, null) + recover_database_id = try(var.settings.recover_database_id, null) + restore_dropped_database_id = try(var.settings.restore_dropped_database_id, null) + restore_point_in_time = try(var.settings.restore_point_in_time, null) + sample_name = try(var.settings.sample_name, null) + server_id = var.server_id + sku_name = try(var.settings.sku_name, null) + storage_account_type = try(var.settings.storage_account_type, null) + transparent_data_encryption_enabled = try(var.settings.transparent_data_encryption_enabled, null) + tags = local.tags + zone_redundant = try(var.settings.zone_redundant, null) dynamic "threat_detection_policy" { - for_each = lookup(var.settings, "threat_detection_policy", {}) == {} ? [] : [1] + for_each = can(var.settings.threat_detection_policy) ? [var.settings.threat_detection_policy] : [] content { - state = var.settings.threat_detection_policy.state - disabled_alerts = try(var.settings.threat_detection_policy.disabled_alerts, null) - email_account_admins = try(var.settings.threat_detection_policy.email_account_admins, null) - email_addresses = try(var.settings.threat_detection_policy.email_addresses, null) - retention_days = try(var.settings.threat_detection_policy.retention_days, null) + state = threat_detection_policy.value.state + disabled_alerts = try(threat_detection_policy.value.disabled_alerts, null) + email_account_admins = try(threat_detection_policy.value.email_account_admins, null) + email_addresses = try(threat_detection_policy.value.email_addresses, null) + retention_days = try(threat_detection_policy.value.retention_days, null) storage_endpoint = try(data.azurerm_storage_account.mssqldb_tdp.0.primary_blob_endpoint, null) storage_account_access_key = try(data.azurerm_storage_account.mssqldb_tdp.0.primary_access_key, null) - use_server_default = try(var.settings.threat_detection_policy.use_server_default, null) } } dynamic "short_term_retention_policy" { - for_each = lookup(var.settings, "short_term_retention_policy", {}) == {} ? [] : [1] + for_each = can(var.settings.short_term_retention_policy) ? [var.settings.short_term_retention_policy] : [] content { - retention_days = try(var.settings.short_term_retention_policy.retention_days, null) + retention_days = try(short_term_retention_policy.value.retention_days, null) + backup_interval_in_hours = try(short_term_retention_policy.value.backup_interval_in_hours, null) } } dynamic "long_term_retention_policy" { - for_each = lookup(var.settings, "long_term_retention_policy", {}) == {} ? [] : [1] + for_each = can(var.settings.long_term_retention_policy) ? [var.settings.long_term_retention_policy] : [] content { - weekly_retention = try(var.settings.long_term_retention_policy.weekly_retention, null) - monthly_retention = try(var.settings.long_term_retention_policy.monthly_retention, null) - yearly_retention = try(var.settings.long_term_retention_policy.yearly_retention, null) - week_of_year = try(var.settings.long_term_retention_policy.week_of_year, null) + weekly_retention = try(long_term_retention_policy.value.weekly_retention, null) + monthly_retention = try(long_term_retention_policy.value.monthly_retention, null) + yearly_retention = try(long_term_retention_policy.value.yearly_retention, null) + week_of_year = try(long_term_retention_policy.value.week_of_year, null) } } @@ -76,4 +78,4 @@ data "azurerm_storage_account" "mssqldb_tdp" { name = var.storage_accounts[var.settings.threat_detection_policy.storage_account.key].name resource_group_name = var.storage_accounts[var.settings.threat_detection_policy.storage_account.key].resource_group_name -} \ No newline at end of file +} diff --git a/modules/databases/mssql_managed_database/managed_database.tf b/modules/databases/mssql_managed_database/managed_database.tf index d13c859198..cd2cff94ec 100644 --- a/modules/databases/mssql_managed_database/managed_database.tf +++ b/modules/databases/mssql_managed_database/managed_database.tf @@ -8,14 +8,20 @@ resource "azurecaf_name" "manageddb" { passthrough = var.global_settings.passthrough } -resource "azurerm_template_deployment" "manageddb" { +# Part of migration from 2.99.0 to 3.7.0 +moved { + from = azurerm_template_deployment.manageddb + to = azurerm_resource_group_template_deployment.manageddb +} + +resource "azurerm_resource_group_template_deployment" "manageddb" { name = azurecaf_name.manageddb.result resource_group_name = var.resource_group_name - template_body = file(local.arm_filename) + template_content = file(local.arm_filename) - parameters_body = jsonencode(local.parameters_body) + parameters_content = jsonencode(local.parameters_body) deployment_mode = "Incremental" } @@ -23,7 +29,7 @@ resource "azurerm_template_deployment" "manageddb" { resource "null_resource" "destroy_manageddb" { triggers = { - resource_id = lookup(azurerm_template_deployment.manageddb.outputs, "id") + resource_id = jsondecode(azurerm_resource_group_template_deployment.manageddb.output_content).id.value } provisioner "local-exec" { diff --git a/modules/databases/mssql_managed_database/output.tf b/modules/databases/mssql_managed_database/output.tf index 450a16bb9a..a5fb6fd0ca 100644 --- a/modules/databases/mssql_managed_database/output.tf +++ b/modules/databases/mssql_managed_database/output.tf @@ -5,6 +5,6 @@ output "name" { } output "id" { - value = lookup(azurerm_template_deployment.manageddb.outputs, "id") + value = jsondecode(azurerm_resource_group_template_deployment.manageddb.output_content).id.value description = "SQL Managed DB Id" } \ No newline at end of file diff --git a/modules/databases/mssql_managed_instance/managed_instance.tf b/modules/databases/mssql_managed_instance/managed_instance.tf index 5b652d3e6a..41274818c3 100644 --- a/modules/databases/mssql_managed_instance/managed_instance.tf +++ b/modules/databases/mssql_managed_instance/managed_instance.tf @@ -8,14 +8,20 @@ resource "azurecaf_name" "mssqlmi" { passthrough = var.global_settings.passthrough } -resource "azurerm_template_deployment" "mssqlmi" { +# Part of migration from 2.99.0 to 3.7.0 +moved { + from = azurerm_template_deployment.mssqlmi + to = azurerm_resource_group_template_deployment.mssqlmi +} + +resource "azurerm_resource_group_template_deployment" "mssqlmi" { name = azurecaf_name.mssqlmi.result resource_group_name = var.resource_group_name - template_body = file(local.arm_filename) + template_content = file(local.arm_filename) - parameters_body = jsonencode(local.parameters_body) + parameters_content = jsonencode(local.parameters_body) deployment_mode = "Incremental" diff --git a/modules/monitoring/log_analytics_storage_insights/main.tf b/modules/monitoring/log_analytics_storage_insights/main.tf index 3708e5970e..cd7d94f3a8 100644 --- a/modules/monitoring/log_analytics_storage_insights/main.tf +++ b/modules/monitoring/log_analytics_storage_insights/main.tf @@ -4,11 +4,9 @@ terraform { source = "aztfmod/azurecaf" } } - required_version = ">= 0.13" } locals { module_tag = { "module" = basename(abspath(path.module)) } - tags = merge(var.base_tags, local.module_tag, try(var.settings.tags, null)) } diff --git a/modules/monitoring/log_analytics_storage_insights/module.tf b/modules/monitoring/log_analytics_storage_insights/module.tf index b7ed99f5ae..8be560ef75 100644 --- a/modules/monitoring/log_analytics_storage_insights/module.tf +++ b/modules/monitoring/log_analytics_storage_insights/module.tf @@ -16,6 +16,4 @@ resource "azurerm_log_analytics_storage_insights" "lasi" { storage_account_key = var.primary_access_key blob_container_names = try(var.settings.blob_container_names, null) table_names = try(var.settings.table_names, null) - tags = local.tags - } \ No newline at end of file diff --git a/modules/monitoring/log_analytics_storage_insights/variables.tf b/modules/monitoring/log_analytics_storage_insights/variables.tf index 03782d64e3..7d93299eae 100644 --- a/modules/monitoring/log_analytics_storage_insights/variables.tf +++ b/modules/monitoring/log_analytics_storage_insights/variables.tf @@ -11,11 +11,6 @@ variable "remote_objects" { description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." default = {} } -variable "base_tags" { - description = "Base tags for the resource to be inherited from the resource group." - type = map(any) - default = {} -} variable "resource_group_name" { description = " The name of the Resource Group where the Log Analytics Storage Insights should exist. Changing this forces a new Log Analytics Storage Insights to be created." } diff --git a/modules/monitoring/service_health_alerts/service_health_alert.tf b/modules/monitoring/service_health_alerts/service_health_alert.tf index 56a68a1bed..2d37007240 100644 --- a/modules/monitoring/service_health_alerts/service_health_alert.tf +++ b/modules/monitoring/service_health_alerts/service_health_alert.tf @@ -69,16 +69,22 @@ resource "azurerm_monitor_action_group" "ag1" { } -resource "azurerm_template_deployment" "alert1" { +# Part of migration from 2.99.0 to 3.7.0 +moved { + from = azurerm_template_deployment.alert1 + to = azurerm_resource_group_template_deployment.alert +} + +resource "azurerm_resource_group_template_deployment" "alert" { name = random_string.random1.result resource_group_name = var.resource_group_name - template_body = file("${path.module}/alert-servicehealth.json") - parameters = { + template_content = file("${path.module}/alert-servicehealth.json") + parameters_content = jsonencode({ "name" = azurecaf_name.service_health_alert_name.result "actionGroups_name" = azurerm_monitor_action_group.ag1.name "region" = var.location - } + }) deployment_mode = "Incremental" } diff --git a/modules/networking/application_gateway/application_gateway.tf b/modules/networking/application_gateway/application_gateway.tf index e3442bc422..feafe739d1 100644 --- a/modules/networking/application_gateway/application_gateway.tf +++ b/modules/networking/application_gateway/application_gateway.tf @@ -150,7 +150,7 @@ resource "azurerm_application_gateway" "agw" { } } dynamic "probe" { - for_each = try(local.probes) + for_each = try(local.probes, {}) content { name = probe.value.name diff --git a/modules/networking/front_door/diagnostics.tf b/modules/networking/front_door/diagnostics.tf index 47b4d9332d..1127944b6d 100644 --- a/modules/networking/front_door/diagnostics.tf +++ b/modules/networking/front_door/diagnostics.tf @@ -4,7 +4,7 @@ module "diagnostics" { count = lookup(var.settings, "diagnostic_profiles", null) == null ? 0 : 1 resource_id = azurerm_frontdoor.frontdoor.id - resource_location = azurerm_frontdoor.frontdoor.location + resource_location = var.location diagnostics = var.diagnostics profiles = var.settings.diagnostic_profiles } \ No newline at end of file diff --git a/modules/networking/front_door/front_door.tf b/modules/networking/front_door/front_door.tf index 35767f4a5e..dc8e3a25f4 100644 --- a/modules/networking/front_door/front_door.tf +++ b/modules/networking/front_door/front_door.tf @@ -9,13 +9,12 @@ resource "azurecaf_name" "frontdoor" { } # Ref : https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/frontdoor -# Tested with AzureRM 2.57.0 +# Tested with AzureRM 3.0.1 resource "azurerm_frontdoor" "frontdoor" { - name = azurecaf_name.frontdoor.result - resource_group_name = var.resource_group_name - enforce_backend_pools_certificate_name_check = try(var.settings.certificate_name_check, false) - tags = local.tags + name = azurecaf_name.frontdoor.result + resource_group_name = var.resource_group_name + tags = local.tags dynamic "routing_rule" { for_each = var.settings.routing_rule @@ -61,9 +60,8 @@ resource "azurerm_frontdoor" "frontdoor" { } } - backend_pools_send_receive_timeout_seconds = try(var.settings.backend_pools_send_receive_timeout_seconds, 60) - load_balancer_enabled = try(var.settings.load_balancer_enabled, true) - friendly_name = try(var.settings.backend_pool.name, null) + load_balancer_enabled = try(var.settings.load_balancer_enabled, true) + friendly_name = try(var.settings.backend_pool.name, null) dynamic "backend_pool_load_balancing" { @@ -112,6 +110,11 @@ resource "azurerm_frontdoor" "frontdoor" { } } + backend_pool_settings { + backend_pools_send_receive_timeout_seconds = try(var.settings.backend_pools_send_receive_timeout_seconds, 60) + enforce_backend_pools_certificate_name_check = try(var.settings.certificate_name_check, false) + } + dynamic "frontend_endpoint" { for_each = var.settings.frontend_endpoints diff --git a/modules/networking/front_door/variables.tf b/modules/networking/front_door/variables.tf index 35cad7269a..aa5de55162 100644 --- a/modules/networking/front_door/variables.tf +++ b/modules/networking/front_door/variables.tf @@ -22,6 +22,7 @@ variable "keyvaults" { default = {} } variable "resource_group_name" {} +variable "location" {} variable "settings" {} variable "tags" { default = {} diff --git a/modules/networking/lb/module.tf b/modules/networking/lb/module.tf index 6563022406..e024a7a1ae 100644 --- a/modules/networking/lb/module.tf +++ b/modules/networking/lb/module.tf @@ -18,14 +18,17 @@ resource "azurerm_lb" "lb" { for_each = try(var.settings.frontend_ip_configuration, null) != null ? [var.settings.frontend_ip_configuration] : [] content { name = try(frontend_ip_configuration.value.name, null) - availability_zone = try(frontend_ip_configuration.value.availability_zone, null) - subnet_id = can(frontend_ip_configuration.value.subnet.key) ? var.remote_objects.virtual_network[try(frontend_ip_configuration.value.subnet.lz_key, var.client_config.landingzone_key)][frontend_ip_configuration.value.subnet.vnet_key].subnets[frontend_ip_configuration.value.subnet.key].id : try(frontend_ip_configuration.value.subnet.id, null) gateway_load_balancer_frontend_ip_configuration_id = try(frontend_ip_configuration.value.gateway_load_balancer_frontend_ip_configuration_id, null) private_ip_address = try(frontend_ip_configuration.value.private_ip_address, null) private_ip_address_allocation = try(frontend_ip_configuration.value.private_ip_address_allocation, null) private_ip_address_version = try(frontend_ip_configuration.value.private_ip_address_version, null) - public_ip_address_id = can(frontend_ip_configuration.value.public_ip_address.key) ? var.remote_objects.public_ip_addresses[try(frontend_ip_configuration.value.public_ip_address.lz_key, var.client_config.landingzone_key)][frontend_ip_configuration.value.public_ip_address.key].id : try(frontend_ip_configuration.value.public_ip_address.id, null) public_ip_prefix_id = try(frontend_ip_configuration.value.public_ip_prefix_id, null) + zones = can(frontend_ip_configuration.value.zones) ? frontend_ip_configuration.value.zones : try(frontend_ip_configuration.value.availability_zone, null) + # TODO: availability_zone kept for smooth migration to 3.0 + + public_ip_address_id = can(frontend_ip_configuration.value.public_ip_address.id) || can(frontend_ip_configuration.value.public_ip_address.key) ? try(frontend_ip_configuration.value.public_ip_address.id, var.remote_objects.public_ip_addresses[try(frontend_ip_configuration.value.public_ip_address.lz_key, var.client_config.landingzone_key)][frontend_ip_configuration.value.public_ip_address.key].id) : null + subnet_id = can(frontend_ip_configuration.value.subnet.id) || can(frontend_ip_configuration.value.subnet.key) ? try(frontend_ip_configuration.value.subnet.id, var.remote_objects.virtual_network[try(frontend_ip_configuration.value.subnet.lz_key, var.client_config.landingzone_key)][frontend_ip_configuration.value.subnet.vnet_key].subnets[frontend_ip_configuration.value.subnet.key].id) : null + } } sku = try(var.settings.sku, null) diff --git a/modules/networking/lb_backend_address_pool/module.tf b/modules/networking/lb_backend_address_pool/module.tf index b5f3eee9ec..d9ce721bab 100644 --- a/modules/networking/lb_backend_address_pool/module.tf +++ b/modules/networking/lb_backend_address_pool/module.tf @@ -10,8 +10,9 @@ resource "azurecaf_name" "lb" { use_slug = var.global_settings.use_slug } resource "azurerm_lb_backend_address_pool" "lb" { + loadbalancer_id = can(var.settings.loadbalancer.id) || can(var.settings.loadbalancer.key) ? try(var.settings.loadbalancer.id, var.remote_objects.lb[try(var.settings.loadbalancer.lz_key, var.client_config.landingzone_key)][var.settings.loadbalancer.key].id) : null name = azurecaf_name.lb.result - loadbalancer_id = can(var.settings.loadbalancer.id) ? var.settings.loadbalancer.id : var.remote_objects.lb[try(var.settings.loadbalancer.lz_key, var.client_config.landingzone_key)][var.settings.loadbalancer.key].id + dynamic "tunnel_interface" { for_each = try(var.settings.tunnel_interface, null) != null ? [var.settings.tunnel_interface] : [] content { diff --git a/modules/networking/lb_backend_address_pool_address/module.tf b/modules/networking/lb_backend_address_pool_address/module.tf index bb648af716..89f8b49abd 100644 --- a/modules/networking/lb_backend_address_pool_address/module.tf +++ b/modules/networking/lb_backend_address_pool_address/module.tf @@ -10,9 +10,8 @@ resource "azurecaf_name" "lb" { use_slug = var.global_settings.use_slug } resource "azurerm_lb_backend_address_pool_address" "lb" { - backend_address_pool_id = can(var.settings.backend_address_pool.id) ? var.settings.backend_address_pool.id : var.remote_objects.lb_backend_address_pool[try(var.settings.backend_address_pool.lz_key, var.client_config.landingzone_key)][var.settings.backend_address_pool.key].id - virtual_network_id = can(var.settings.virtual_network.id) ? var.settings.virtual_network.id : var.remote_objects.virtual_network[try(var.settings.virtual_network.lz_key, var.client_config.landingzone_key)][var.settings.virtual_network.key].id + backend_address_pool_id = can(var.settings.backend_address_pool.id) || can(var.settings.backend_address_pool.key) ? try(var.settings.backend_address_pool.id, var.remote_objects.lb_backend_address_pool[try(var.settings.backend_address_pool.lz_key, var.client_config.landingzone_key)][var.settings.backend_address_pool.key].id) : null ip_address = var.settings.ip_address name = azurecaf_name.lb.result - + virtual_network_id = can(var.settings.virtual_network.id) || can(var.settings.virtual_network.key) ? try(var.settings.virtual_network.id, var.remote_objects.virtual_network[try(var.settings.virtual_network.lz_key, var.client_config.landingzone_key)][var.settings.virtual_network.key].id) : null } \ No newline at end of file diff --git a/modules/networking/lb_nat_pool/module.tf b/modules/networking/lb_nat_pool/module.tf index a4c5fb676e..a716c2854c 100644 --- a/modules/networking/lb_nat_pool/module.tf +++ b/modules/networking/lb_nat_pool/module.tf @@ -10,15 +10,15 @@ resource "azurecaf_name" "lb" { use_slug = var.global_settings.use_slug } resource "azurerm_lb_nat_pool" "lb" { - name = azurecaf_name.lb.result - resource_group_name = var.resource_group_name - loadbalancer_id = can(var.settings.loadbalancer.id) ? var.settings.loadbalancer.id : var.remote_objects.lb[try(var.settings.loadbalancer.lz_key, var.client_config.landingzone_key)][var.settings.loadbalancer.key].id + backend_port = var.settings.backend_port + floating_ip_enabled = try(var.settings.floating_ip_enabled, null) frontend_ip_configuration_name = var.settings.frontend_ip_configuration_name - protocol = var.settings.protocol - frontend_port_start = var.settings.frontend_port_start frontend_port_end = var.settings.frontend_port_end - backend_port = var.settings.backend_port + frontend_port_start = var.settings.frontend_port_start idle_timeout_in_minutes = try(var.settings.idle_timeout_in_minutes, null) - floating_ip_enabled = try(var.settings.floating_ip_enabled, null) + loadbalancer_id = can(var.settings.loadbalancer.id) || can(var.settings.loadbalancer.key) ? try(var.settings.loadbalancer.id, var.remote_objects.lb[try(var.settings.loadbalancer.lz_key, var.client_config.landingzone_key)][var.settings.loadbalancer.key].id) : null + name = azurecaf_name.lb.result + protocol = var.settings.protocol + resource_group_name = var.resource_group_name tcp_reset_enabled = try(var.settings.tcp_reset_enabled, null) } \ No newline at end of file diff --git a/modules/networking/lb_nat_rule/module.tf b/modules/networking/lb_nat_rule/module.tf index ad2ed54238..fb868020e5 100644 --- a/modules/networking/lb_nat_rule/module.tf +++ b/modules/networking/lb_nat_rule/module.tf @@ -10,14 +10,14 @@ resource "azurecaf_name" "lb" { use_slug = var.global_settings.use_slug } resource "azurerm_lb_nat_rule" "lb" { - name = azurecaf_name.lb.result - resource_group_name = var.resource_group_name - loadbalancer_id = can(var.settings.loadbalancer.id) ? var.settings.loadbalancer.id : var.remote_objects.lb[try(var.settings.loadbalancer.lz_key, var.client_config.landingzone_key)][var.settings.loadbalancer.key].id - frontend_ip_configuration_name = var.settings.frontend_ip_configuration_name - protocol = var.settings.protocol - frontend_port = var.settings.frontend_port backend_port = var.settings.backend_port - idle_timeout_in_minutes = try(var.settings.idle_timeout_in_minutes, null) enable_floating_ip = try(var.settings.enable_floating_ip, null) enable_tcp_reset = try(var.settings.enable_tcp_reset, null) + frontend_ip_configuration_name = var.settings.frontend_ip_configuration_name + frontend_port = var.settings.frontend_port + idle_timeout_in_minutes = try(var.settings.idle_timeout_in_minutes, null) + loadbalancer_id = can(var.settings.loadbalancer.id) || can(var.settings.loadbalancer.key) ? try(var.settings.loadbalancer.id, var.remote_objects.lb[try(var.settings.loadbalancer.lz_key, var.client_config.landingzone_key)][var.settings.loadbalancer.key].id) : null + name = azurecaf_name.lb.result + protocol = var.settings.protocol + resource_group_name = var.resource_group_name } \ No newline at end of file diff --git a/modules/networking/lb_outbound_rule/module.tf b/modules/networking/lb_outbound_rule/module.tf index bda610c959..ce4037a516 100644 --- a/modules/networking/lb_outbound_rule/module.tf +++ b/modules/networking/lb_outbound_rule/module.tf @@ -10,10 +10,13 @@ resource "azurecaf_name" "lb" { use_slug = var.global_settings.use_slug } resource "azurerm_lb_outbound_rule" "lb" { - name = azurecaf_name.lb.result - resource_group_name = var.resource_group_name - loadbalancer_id = can(var.settings.loadbalancer.id) ? var.settings.loadbalancer.id : var.remote_objects.lb[try(var.settings.loadbalancer.lz_key, var.client_config.landingzone_key)][var.settings.loadbalancer.key].id - backend_address_pool_id = can(var.settings.backend_address_pool.id) ? var.settings.backend_address_pool.id : var.remote_objects.lb_backend_address_pool[try(var.settings.backend_address_pool.lz_key, var.client_config.landingzone_key)][var.settings.backend_address_pool.key].id + allocated_outbound_ports = try(var.settings.allocated_outbound_ports, null) + backend_address_pool_id = can(var.settings.backend_address_pool.id) || can(var.settings.backend_address_pool.key) ? try(var.settings.backend_address_pool.id, var.remote_objects.lb_backend_address_pool[try(var.settings.backend_address_pool.lz_key, var.client_config.landingzone_key)][var.settings.backend_address_pool.key].id) : null + enable_tcp_reset = try(var.settings.enable_tcp_reset, null) + idle_timeout_in_minutes = try(var.settings.idle_timeout_in_minutes, null) + loadbalancer_id = can(var.settings.loadbalancer.id) || can(var.settings.loadbalancer.key) ? try(var.settings.loadbalancer.id, var.remote_objects.lb[try(var.settings.loadbalancer.lz_key, var.client_config.landingzone_key)][var.settings.loadbalancer.key].id) : null + name = azurecaf_name.lb.result + protocol = var.settings.protocol dynamic "frontend_ip_configuration" { for_each = try(var.settings.frontend_ip_configuration, null) != null ? [var.settings.frontend_ip_configuration] : [] @@ -22,8 +25,4 @@ resource "azurerm_lb_outbound_rule" "lb" { } } - protocol = var.settings.protocol - enable_tcp_reset = try(var.settings.enable_tcp_reset, null) - allocated_outbound_ports = try(var.settings.allocated_outbound_ports, null) - idle_timeout_in_minutes = try(var.settings.idle_timeout_in_minutes, null) } \ No newline at end of file diff --git a/modules/networking/lb_probe/module.tf b/modules/networking/lb_probe/module.tf index 09a0468536..021336590e 100644 --- a/modules/networking/lb_probe/module.tf +++ b/modules/networking/lb_probe/module.tf @@ -11,8 +11,7 @@ resource "azurecaf_name" "lb" { } resource "azurerm_lb_probe" "lb" { name = azurecaf_name.lb.result - resource_group_name = var.resource_group_name - loadbalancer_id = can(var.settings.loadbalancer.id) ? var.settings.loadbalancer.id : var.remote_objects.lb[try(var.settings.loadbalancer.lz_key, var.client_config.landingzone_key)][var.settings.loadbalancer.key].id + loadbalancer_id = can(var.settings.loadbalancer.id) || can(var.settings.loadbalancer.key) ? try(var.settings.loadbalancer.id, var.remote_objects.lb[try(var.settings.loadbalancer.lz_key, var.client_config.landingzone_key)][var.settings.loadbalancer.key].id) : null protocol = try(var.settings.protocol, null) port = var.settings.port request_path = try(var.settings.request_path, null) diff --git a/modules/networking/lb_probe/variables.tf b/modules/networking/lb_probe/variables.tf index dfab227989..aade8e83bf 100644 --- a/modules/networking/lb_probe/variables.tf +++ b/modules/networking/lb_probe/variables.tf @@ -16,6 +16,3 @@ variable "base_tags" { type = map(any) default = {} } -variable "resource_group_name" { - description = " The name of the resource group in which to create the resource." -} diff --git a/modules/networking/lb_rule/module.tf b/modules/networking/lb_rule/module.tf index bb0833441d..e72378e527 100644 --- a/modules/networking/lb_rule/module.tf +++ b/modules/networking/lb_rule/module.tf @@ -11,8 +11,7 @@ resource "azurecaf_name" "lb" { } resource "azurerm_lb_rule" "lb" { name = azurecaf_name.lb.result - resource_group_name = var.resource_group_name - loadbalancer_id = can(var.settings.loadbalancer.id) ? var.settings.loadbalancer.id : var.remote_objects.lb[try(var.settings.loadbalancer.lz_key, var.client_config.landingzone_key)][var.settings.loadbalancer.key].id + loadbalancer_id = can(var.settings.loadbalancer.id) || can(var.settings.loadbalancer.key) ? try(var.settings.loadbalancer.id, var.remote_objects.lb[try(var.settings.loadbalancer.lz_key, var.client_config.landingzone_key)][var.settings.loadbalancer.key].id) : null frontend_ip_configuration_name = var.settings.frontend_ip_configuration_name protocol = var.settings.protocol frontend_port = var.settings.frontend_port diff --git a/modules/networking/load_balancers/load_balancers.tf b/modules/networking/load_balancers/load_balancers.tf index 4ff1eb6884..af89d6256d 100644 --- a/modules/networking/load_balancers/load_balancers.tf +++ b/modules/networking/load_balancers/load_balancers.tf @@ -49,7 +49,6 @@ resource "azurerm_lb_backend_address_pool_address" "backend_address_pool_address resource "azurerm_lb_probe" "lb_probe" { for_each = try(var.settings.probes, {}) - resource_group_name = var.resource_group_name loadbalancer_id = azurerm_lb.lb.id name = each.value.probe_name port = each.value.port @@ -67,7 +66,6 @@ resource "azurerm_lb_probe" "lb_probe" { resource "azurerm_lb_rule" "lb_rule" { for_each = try(var.settings.lb_rules, {}) - resource_group_name = var.resource_group_name loadbalancer_id = azurerm_lb.lb.id name = each.value.lb_rule_name protocol = each.value.protocol @@ -96,7 +94,6 @@ resource "azurerm_lb_rule" "lb_rule" { resource "azurerm_lb_outbound_rule" "outbound_rule" { for_each = try(var.settings.outbound_rules, {}) - resource_group_name = var.resource_group_name loadbalancer_id = azurerm_lb.lb.id name = each.value.name protocol = each.value.protocol diff --git a/modules/networking/public_ip_addresses/module.tf b/modules/networking/public_ip_addresses/module.tf index 9c26ba0c8a..f1efc8c8d5 100644 --- a/modules/networking/public_ip_addresses/module.tf +++ b/modules/networking/public_ip_addresses/module.tf @@ -1,18 +1,18 @@ -# Last review : AzureRM version 2.63.0 -# Ref : https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_desktop_host_pool +# Ref : https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip resource "azurerm_public_ip" "pip" { name = var.name resource_group_name = var.resource_group_name location = var.location allocation_method = var.allocation_method - sku = var.sku - ip_version = var.ip_version - idle_timeout_in_minutes = var.idle_timeout_in_minutes domain_name_label = var.generate_domain_name_label ? var.name : var.domain_name_label + idle_timeout_in_minutes = var.idle_timeout_in_minutes + ip_tags = var.ip_tags + ip_version = var.ip_version + public_ip_prefix_id = var.public_ip_prefix_id reverse_fqdn = var.reverse_fqdn - availability_zone = var.zones + sku = var.sku + sku_tier = var.sku_tier tags = local.tags - public_ip_prefix_id = var.public_ip_prefix_id - ip_tags = var.ip_tags + zones = var.zones } \ No newline at end of file diff --git a/modules/networking/public_ip_addresses/variables.tf b/modules/networking/public_ip_addresses/variables.tf index 8a1fc9e5bd..2640b922c2 100644 --- a/modules/networking/public_ip_addresses/variables.tf +++ b/modules/networking/public_ip_addresses/variables.tf @@ -19,6 +19,15 @@ variable "sku" { error_message = "Provide an allowed value as defined in https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip#sku." } } +variable "sku_tier" { + description = "(Optional) The SKU Tier that should be used for the Public IP. Possible values are Regional and Global. Defaults to Regional." + type = string + default = "Regional" + # validation { + # condition = contains(["Regional", "Global"], var.sku_tier) + # error_message = "Provide an allowed value as defined in https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip#sku_tier." + # } +} variable "allocation_method" { description = "(Required) Defines the allocation method for this IP address. Possible values are Static or Dynamic." @@ -77,14 +86,14 @@ variable "tags" { } variable "zones" { - description = "(Optional) The availability zone to allocate the Public IP in. Possible values are Zone-Redundant, 1, 2, 3, and No-Zone. Defaults to Zone-Redundant." - type = string - default = "Zone-Redundant" + description = "(Optional) The availability zone to allocate the Public IP in. Possible values are 1, 2, 3. Defaults to null." + type = list(any) + default = null - validation { - condition = contains(["Zone-Redundant", "No-Zone", "1", "2", "3"], var.zones) - error_message = "Provide an allowed value as defined in https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip#availability_zone." - } + # validation { + # condition = contains(["1", "2", "3"], var.zones) + # error_message = "Provide an allowed value as defined in https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip#availability_zone." + # } } variable "diagnostics" { diff --git a/modules/networking/public_ip_prefixes/module.tf b/modules/networking/public_ip_prefixes/module.tf index 8fb0a7ff7f..c831b5048f 100755 --- a/modules/networking/public_ip_prefixes/module.tf +++ b/modules/networking/public_ip_prefixes/module.tf @@ -8,7 +8,7 @@ resource "azurerm_public_ip_prefix" "pip_prefix" { prefix_length = var.prefix_length tags = local.tags sku = var.sku - availability_zone = var.zones + zones = var.zones ip_version = var.ip_version } diff --git a/modules/networking/public_ip_prefixes/variables.tf b/modules/networking/public_ip_prefixes/variables.tf index 428a018715..93b3f22ffb 100755 --- a/modules/networking/public_ip_prefixes/variables.tf +++ b/modules/networking/public_ip_prefixes/variables.tf @@ -61,8 +61,8 @@ variable "pip_settings" { variable "zones" { description = "(Optional) The availability zone to allocate the Public IP in. Possible values are Zone-Redundant, 1, 2, 3, and No-Zone. Defaults to Zone-Redundant." - type = string - default = "Zone-Redundant" + type = list(any) + default = null validation { condition = contains(["Zone-Redundant", "No-Zone", "1", "2", "3"], var.zones) diff --git a/modules/networking/virtual_network/nsg/module.tf b/modules/networking/virtual_network/nsg/module.tf index 06cf3fc0f9..f2c9f3f3e0 100644 --- a/modules/networking/virtual_network/nsg/module.tf +++ b/modules/networking/virtual_network/nsg/module.tf @@ -30,7 +30,7 @@ resource "azurerm_network_security_group" "nsg_obj" { priority = value.priority direction = value.direction access = value.access - protocol = value.protocol + protocol = title(value.protocol) source_port_range = lookup(value, "source_port_range", "") source_port_ranges = lookup(value, "source_port_ranges", []) destination_port_range = lookup(value, "destination_port_range", "") diff --git a/modules/networking/virtual_network_gateways/module.tf b/modules/networking/virtual_network_gateways/module.tf index f0970a8783..9916a9c89f 100644 --- a/modules/networking/virtual_network_gateways/module.tf +++ b/modules/networking/virtual_network_gateways/module.tf @@ -9,15 +9,23 @@ resource "azurecaf_name" "vgw" { } resource "azurerm_virtual_network_gateway" "vngw" { - name = azurecaf_name.vgw.result - location = var.location - resource_group_name = var.resource_group_name - type = var.settings.type #ExpressRoute or VPN + name = azurecaf_name.vgw.result + edge_zone = try(var.settings.edge_zone, null) + generation = try(var.settings.generation, null) + location = var.location + private_ip_address_enabled = try(var.settings.private_ip_address_enabled, null) + resource_group_name = var.resource_group_name + type = var.settings.type #ExpressRoute or VPN # ExpressRoute SKUs : Basic, Standard, HighPerformance, UltraPerformance # VPN SKUs : Basic, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ # SKUs are subject to change. Check Documentation page for updated information # The following options may change depending upon SKU type. Check product documentation - sku = var.settings.sku + sku = var.settings.sku + active_active = try(var.settings.active_active, null) + enable_bgp = try(var.settings.enable_bgp, null) + #vpn_type defaults to 'RouteBased'. Type 'PolicyBased' supported only by Basic SKU + vpn_type = try(var.settings.vpn_type, null) + tags = local.tags #Create multiple IPs only if active-active mode is enabled. dynamic "ip_configuration" { @@ -48,6 +56,14 @@ resource "azurerm_virtual_network_gateway" "vngw" { name = vpn_client_configuration.value.root_certificate.name public_cert_data = vpn_client_configuration.value.root_certificate.public_cert_data } + dynamic "root_certificate" { + for_each = try(vpn_client_configuration.value.root_certificates, {}) + + content { + name = root_certificate.value.name + public_cert_data = root_certificate.value.public_cert_data + } + } dynamic "revoked_certificate" { for_each = try(vpn_client_configuration.value.revoked_certificate, {}) content { @@ -55,6 +71,13 @@ resource "azurerm_virtual_network_gateway" "vngw" { thumbprint = revoked_certificate.value.thumbprint } } + dynamic "revoked_certificate" { + for_each = try(vpn_client_configuration.value.revoked_certificates, {}) + content { + name = revoked_certificate.value.name + thumbprint = revoked_certificate.value.thumbprint + } + } } } @@ -65,25 +88,27 @@ resource "azurerm_virtual_network_gateway" "vngw" { } } - active_active = try(var.settings.active_active, null) - enable_bgp = try(var.settings.enable_bgp, null) - #vpn_type defaults to 'RouteBased'. Type 'PolicyBased' supported only by Basic SKU - vpn_type = try(var.settings.vpn_type, null) - dynamic "bgp_settings" { for_each = try(var.settings.bgp_settings, {}) content { - asn = bgp_settings.value.asn - peering_address = bgp_settings.value.peering_address - peer_weight = bgp_settings.value.peer_weight + asn = bgp_settings.value.asn + peer_weight = bgp_settings.value.peer_weight + + dynamic "peering_addresses" { + for_each = try(bgp_settings.value.peering_addresses, {}) + content { + ip_configuration_name = peering_addresses.value.ip_configuration_name + apipa_addresses = peering_addresses.value.apipa_addresses + } + } } } + + timeouts { create = "60m" delete = "60m" } - tags = local.tags - } diff --git a/modules/networking/virtual_wan/virtual_hub/azure_firewall.tf b/modules/networking/virtual_wan/virtual_hub/azure_firewall.tf index 783f0bea7c..46ab07a826 100644 --- a/modules/networking/virtual_wan/virtual_hub/azure_firewall.tf +++ b/modules/networking/virtual_wan/virtual_hub/azure_firewall.tf @@ -12,20 +12,26 @@ resource "azurecaf_name" "virtualhub_fw" { } +# Part of migration from 2.99.0 to 3.7.0 +moved { + from = azurerm_template_deployment.arm_template_vhub_firewall + to = azurerm_resource_group_template_deployment.arm_template_vhub_firewall +} + # As per https://docs.microsoft.com/en-us/azure/templates/microsoft.network/2019-09-01/azurefirewalls -resource "azurerm_template_deployment" "arm_template_vhub_firewall" { +resource "azurerm_resource_group_template_deployment" "arm_template_vhub_firewall" { count = try(var.virtual_hub_config.deploy_firewall, false) ? 1 : 0 name = azurecaf_name.virtualhub_fw.0.result resource_group_name = var.resource_group_name - template_body = file("${path.module}/arm_template_vhub_firewall.json") + template_content = file("${path.module}/arm_template_vhub_firewall.json") - parameters = { + parameters_content = jsonencode({ "vwan_id" = azurerm_virtual_hub.vwan_hub.id, "name" = var.virtual_hub_config.firewall_name, "location" = var.location, "Tier" = "Standard", - } + }) deployment_mode = "Incremental" } @@ -34,7 +40,7 @@ resource "null_resource" "arm_template_vhub_firewall" { count = try(var.virtual_hub_config.deploy_firewall, false) ? 1 : 0 triggers = { - resource_id = azurerm_template_deployment.arm_template_vhub_firewall[0].outputs.resourceID + resource_id = jsondecode(azurerm_resource_group_template_deployment.arm_template_vhub_firewall[0].output_content).resourceID.value } provisioner "local-exec" { diff --git a/modules/networking/virtual_wan/virtual_hub/output.tf b/modules/networking/virtual_wan/virtual_hub/output.tf index 7fb98185f5..5c0e7abb4d 100644 --- a/modules/networking/virtual_wan/virtual_hub/output.tf +++ b/modules/networking/virtual_wan/virtual_hub/output.tf @@ -15,7 +15,7 @@ output "name" { output "firewall_id" { description = "Resource ID of the Azure Firewall for Virtual Hub" - value = try(var.virtual_hub_config.deploy_firewall, false) ? azurerm_template_deployment.arm_template_vhub_firewall.*.outputs.resourceID : null + value = try(var.virtual_hub_config.deploy_firewall, false) ? jsondecode(azurerm_resource_group_template_deployment.arm_template_vhub_firewall.*.output_content).resourceID.value : null } # output virtual network gateway objects: p2s, s2s, er objects diff --git a/modules/networking/vpn_gateway_connection/module.tf b/modules/networking/vpn_gateway_connection/module.tf index aebdd66367..09a70a0a6e 100644 --- a/modules/networking/vpn_gateway_connection/module.tf +++ b/modules/networking/vpn_gateway_connection/module.tf @@ -53,19 +53,21 @@ resource "azurerm_vpn_gateway_connection" "vpn_gateway_connection" { } dynamic "routing" { - for_each = lookup(var.settings, "routing", null) == null ? [] : [1] + for_each = can(var.settings.routing) ? [var.settings.routing] : [] content { - associated_route_table = coalesce( - try(var.route_tables[try(var.settings.routing.associated_route_table.lz_key, var.client_config.landingzone_key)][var.settings.routing.associated_route_table.key].id, null), - try(var.settings.routing.associated_route_table.id, null) - ) + associated_route_table = can(routing.value.associated_route_table.key) ? var.route_tables[try(routing.value.associated_route_table.lz_key, var.client_config.landingzone_key)][routing.value.associated_route_table.key].id : try(routing.value.associated_route_table.id, null) + + dynamic "propagated_route_table" { + # propagated_route_tables kept to smooth the migration to azurerm 3.0 + for_each = can(routing.value.propagated_route_table) ? routing.value.propagated_route_table : routing.value.propagated_route_tables + + content { + route_table_ids = can(propagated_route_table.value.id) ? propagated_route_table.value.id : var.route_tables[try(propagated_route_table.value.lz_key, var.client_config.landingzone_key)][propagated_route_table.value.key].id + + labels = try(propagated_route_table.value.labels, null) + } + } - propagated_route_tables = [ - for key, value in var.settings.routing.propagated_route_tables : coalesce( - try(var.route_tables[try(value.lz_key, var.client_config.landingzone_key)][value.key].id, null), - try(value.id, null) - ) - ] } } } diff --git a/modules/purview/purview_accounts/module.tf b/modules/purview/purview_accounts/module.tf index 0202d9147f..b110459052 100755 --- a/modules/purview/purview_accounts/module.tf +++ b/modules/purview/purview_accounts/module.tf @@ -15,4 +15,8 @@ resource "azurerm_purview_account" "pva" { public_network_enabled = try(var.settings.public_network_enabled, null) managed_resource_group_name = try(var.settings.managed_resource_group_name, null) tags = local.tags + + identity { + type = "SystemAssigned" + } } \ No newline at end of file diff --git a/modules/security/dynamic_keyvault_certificates/keyvault.tf b/modules/security/dynamic_keyvault_certificates/keyvault.tf index 873d6a29ad..3dfd98b544 100644 --- a/modules/security/dynamic_keyvault_certificates/keyvault.tf +++ b/modules/security/dynamic_keyvault_certificates/keyvault.tf @@ -1,5 +1,5 @@ module "certificate" { - source = "./certificate" + source = "./certificate" for_each = var.settings name = each.value.secret_name diff --git a/modules/security/sentinel/ar_scheduled/module.tf b/modules/security/sentinel/ar_scheduled/module.tf index 395225656a..f49ba2d3d4 100644 --- a/modules/security/sentinel/ar_scheduled/module.tf +++ b/modules/security/sentinel/ar_scheduled/module.tf @@ -36,8 +36,10 @@ resource "azurerm_sentinel_alert_rule_scheduled" "scheduled" { enabled = lookup(var.settings.incident_configuration.grouping, "enabled", true) lookback_duration = lookup(var.settings.incident_configuration.grouping, "lookback_duration", "PT5M") reopen_closed_incidents = lookup(var.settings.incident_configuration.grouping, "reopen_closed_incidents", false) - entity_matching_method = lookup(var.settings.incident_configuration.grouping, "entity_matching_method", "None") - group_by = lookup(var.settings.incident_configuration.grouping, "group_by", null) + entity_matching_method = lookup(var.settings.incident_configuration.grouping, "entity_matching_method", null) + group_by_entities = lookup(var.settings.incident_configuration.grouping, "group_by_entities", null) + group_by_alert_details = lookup(var.settings.incident_configuration.grouping, "group_by_alert_details", null) + group_by_custom_details = lookup(var.settings.incident_configuration.grouping, "group_by_custom_details", null) } } } diff --git a/modules/security/sentinel/watchlist/module.tf b/modules/security/sentinel/watchlist/module.tf index 62b8158b03..038049e6ec 100644 --- a/modules/security/sentinel/watchlist/module.tf +++ b/modules/security/sentinel/watchlist/module.tf @@ -4,5 +4,6 @@ resource "azurerm_sentinel_watchlist" "watchlist" { display_name = var.display_name default_duration = var.default_duration description = var.description + item_search_key = var.item_search_key labels = var.labels } diff --git a/modules/security/sentinel/watchlist/variables.tf b/modules/security/sentinel/watchlist/variables.tf index f1aeaeed11..20e741d978 100644 --- a/modules/security/sentinel/watchlist/variables.tf +++ b/modules/security/sentinel/watchlist/variables.tf @@ -16,3 +16,6 @@ variable "description" { variable "labels" { default = null } +variable "item_search_key" { + default = null +} \ No newline at end of file diff --git a/modules/storage_account/storage_account.tf b/modules/storage_account/storage_account.tf index 9c41940dfd..0b09e123ba 100644 --- a/modules/storage_account/storage_account.tf +++ b/modules/storage_account/storage_account.tf @@ -18,21 +18,23 @@ resource "azurecaf_name" "stg" { # Ref : https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account resource "azurerm_storage_account" "stg" { - access_tier = try(var.storage_account.access_tier, "Hot") - account_kind = try(var.storage_account.account_kind, "StorageV2") - account_replication_type = try(var.storage_account.account_replication_type, "LRS") + name = azurecaf_name.stg.result + resource_group_name = var.resource_group_name + location = var.location account_tier = try(var.storage_account.account_tier, "Standard") - allow_blob_public_access = try(var.storage_account.allow_blob_public_access, false) + account_replication_type = try(var.storage_account.account_replication_type, "LRS") + account_kind = try(var.storage_account.account_kind, "StorageV2") + access_tier = try(var.storage_account.access_tier, "Hot") + allow_nested_items_to_be_public = try(var.storage_account.allow_nested_items_to_be_public, var.storage_account.allow_blob_public_access, false) + cross_tenant_replication_enabled = try(var.storage_account.cross_tenant_replication_enabled, null) + edge_zone = try(var.storage_account.edge_zone, null) enable_https_traffic_only = try(var.storage_account.enable_https_traffic_only, true) infrastructure_encryption_enabled = try(var.storage_account.infrastructure_encryption_enabled, null) - is_hns_enabled = try(var.storage_account.is_hns_enabled, false) - large_file_share_enabled = try(var.storage_account.large_file_share_enabled, null) - location = var.location min_tls_version = try(var.storage_account.min_tls_version, "TLS1_2") - name = azurecaf_name.stg.result + is_hns_enabled = try(var.storage_account.is_hns_enabled, false) nfsv3_enabled = try(var.storage_account.nfsv3_enabled, false) + large_file_share_enabled = try(var.storage_account.large_file_share_enabled, null) queue_encryption_key_type = try(var.storage_account.queue_encryption_key_type, null) - resource_group_name = var.resource_group_name table_encryption_key_type = try(var.storage_account.table_encryption_key_type, null) tags = merge(var.base_tags, local.tags) @@ -206,6 +208,44 @@ resource "azurerm_storage_account" "stg" { } } + dynamic "share_properties" { + for_each = can(var.storage_account.share_properties) ? [1] : [] + + content { + dynamic "cors_rule" { + for_each = can(var.storage_account.share_properties.cors_rule) ? [1] : [] + + content { + allowed_headers = var.storage_account.share_properties.cors_rule.allowed_headers + allowed_methods = var.storage_account.share_properties.cors_rule.allowed_methods + allowed_origins = var.storage_account.share_properties.cors_rule.allowed_origins + exposed_headers = var.storage_account.share_properties.cors_rule.exposed_headers + max_age_in_seconds = var.storage_account.share_properties.cors_rule.max_age_in_seconds + } + } + + dynamic "retention_policy" { + for_each = can(var.storage_account.share_properties.retention_policy) ? [1] : [] + + content { + days = try(var.storage_account.share_properties.retention_policy.days, 7) + } + } + + dynamic "smb" { + for_each = can(var.storage_account.share_properties.smb) ? [1] : [] + + content { + versions = try(var.storage_account.share_properties.smb.versions, null) + authentication_types = try(var.storage_account.share_properties.smb.authentication_types, null) + kerberos_ticket_encryption_type = try(var.storage_account.share_properties.smb.kerberos_ticket_encryption_type, null) + channel_encryption_type = try(var.storage_account.share_properties.smb.channel_encryption_type, null) + } + } + + } + } + lifecycle { ignore_changes = [ location, resource_group_name diff --git a/modules/webapps/ase/diagnostic.tf b/modules/webapps/ase/diagnostic.tf index 110a4393a1..d8bc406fc5 100644 --- a/modules/webapps/ase/diagnostic.tf +++ b/modules/webapps/ase/diagnostic.tf @@ -3,7 +3,7 @@ module "diagnostics" { source = "../../diagnostics" count = var.diagnostic_profiles == null ? 0 : 1 - resource_id = lookup(azurerm_template_deployment.ase.outputs, "id") + resource_id = jsondecode(azurerm_template_deployment.ase.outputs).id.value resource_location = var.location diagnostics = var.diagnostics profiles = var.diagnostic_profiles diff --git a/modules/webapps/ase/examples/single-ase-internal/configuration.tfvars b/modules/webapps/ase/examples/single-ase-internal/configuration.tfvars index d1c73df19b..8841ce873a 100644 --- a/modules/webapps/ase/examples/single-ase-internal/configuration.tfvars +++ b/modules/webapps/ase/examples/single-ase-internal/configuration.tfvars @@ -186,7 +186,7 @@ network_security_group_definition = { priority = "180" direction = "Inbound" access = "Allow" - protocol = "tcp" + protocol = "Tcp" source_port_range = "*" destination_port_range = "1433" source_address_prefix = "*" diff --git a/networking.tf b/networking.tf index 9834efce9f..d00154395d 100644 --- a/networking.tf +++ b/networking.tf @@ -123,27 +123,26 @@ module "public_ip_addresses" { source = "./modules/networking/public_ip_addresses" for_each = local.networking.public_ip_addresses - name = azurecaf_name.public_ip_addresses[each.key].result - location = can(local.global_settings.regions[each.value.region]) ? local.global_settings.regions[each.value.region] : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location - resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name - sku = try(each.value.sku, "Basic") + name = azurecaf_name.public_ip_addresses[each.key].result + location = can(local.global_settings.regions[each.value.region]) ? local.global_settings.regions[each.value.region] : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location + resource_group_name = can(each.value.resource_group.name) || can(each.value.resource_group_name) ? try(each.value.resource_group.name, each.value.resource_group_name) : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)].name + allocation_method = try(each.value.allocation_method, "Dynamic") - ip_version = try(each.value.ip_version, "IPv4") - idle_timeout_in_minutes = try(each.value.idle_timeout_in_minutes, null) + base_tags = try(local.global_settings.inherit_tags, false) ? try(local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].tags, {}) : {} + diagnostic_profiles = try(each.value.diagnostic_profiles, {}) + diagnostics = local.combined_diagnostics domain_name_label = try(each.value.domain_name_label, null) - reverse_fqdn = try(each.value.reverse_fqdn, null) generate_domain_name_label = try(each.value.generate_domain_name_label, false) - tags = try(each.value.tags, null) + idle_timeout_in_minutes = try(each.value.idle_timeout_in_minutes, null) ip_tags = try(each.value.ip_tags, null) + ip_version = try(each.value.ip_version, "IPv4") public_ip_prefix_id = can(each.value.public_ip_prefix.key) ? local.combined_objects_public_ip_prefixes[try(each.value.public_ip_prefix.lz_key, local.client_config.landingzone_key)][each.value.public_ip_prefix.key].id : try(each.value.public_ip_prefix_id, null) - zones = coalesce( - try(each.value.availability_zone, ""), - try(tostring(each.value.zones[0]), ""), - try(each.value.sku, "Basic") == "Basic" ? "No-Zone" : "Zone-Redundant" - ) - diagnostic_profiles = try(each.value.diagnostic_profiles, {}) - diagnostics = local.combined_diagnostics - base_tags = try(local.global_settings.inherit_tags, false) ? try(local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].tags, {}) : {} + reverse_fqdn = try(each.value.reverse_fqdn, null) + sku = try(each.value.sku, "Basic") + sku_tier = try(each.value.sku_tier, null) + tags = try(each.value.tags, null) + # TODO - kept availability_zone to support smooth migration to azurerm 3.0 + zones = can(each.value.zones) ? each.value.zones : try(tolist(each.value.availability_zone), null) } # @@ -175,7 +174,7 @@ module "public_ip_prefixes" { sku = try(each.value.sku, "Standard") ip_version = try(each.value.ip_version, "IPv4") tags = try(each.value.tags, null) - zones = try(each.value.zones, "Zone-Redundant") + zones = try(each.value.zones, null) prefix_length = try(each.value.prefix_length, 28) create_pips = try(each.value.create_pips, false) diagnostic_profiles = try(each.value.diagnostic_profiles, {}) diff --git a/sentinel.tf b/sentinel.tf index 90b6680e48..dbfda69fcc 100644 --- a/sentinel.tf +++ b/sentinel.tf @@ -23,7 +23,7 @@ module "sentinel_watchlists" { default_duration = try(each.value.default_duration, null) description = try(each.value.description, null) labels = try(each.value.labels, null) - # item_search_key = try(each.value.item_search_key, null) #azurerm 3.x + item_search_key = try(each.value.item_search_key, null) } module "sentinel_watchlist_items" {