Merge pull request #582 from aztfmod/patch_5.4.2

Integration 5.4.2
aztfmod · Aug 13, 2021 · ba3d21e · ba3d21e
2 parents 1229bab + 4e933be
commit ba3d21e
Show file tree

Hide file tree

Showing 141 changed files with 3,034 additions and 469 deletions.
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -20,9 +20,8 @@
     // You can edit these settings after create using File > Preferences > Settings > Remote.
     "settings": {
         "files.eol": "\n",
-        "terminal.integrated.shell.linux": "/bin/bash",
         "editor.tabSize": 2,
-        "terminal.integrated.scrollback": 8000,
+        "terminal.integrated.scrollback": 32000,
     },
 
     // Uncomment the next line if you want start specific services in your Docker Compose config.
@@ -32,7 +31,7 @@
     // "shutdownAction": "none",
 
     // Uncomment the next line to run commands after the container is created.
-    "postCreateCommand": "sudo cp -R /tmp/.ssh-localhost/* ~/.ssh && sudo chown -R $(whoami):$(whoami) /tf/caf && sudo chmod 400 ~/.ssh/* && git config --global core.editor vi && pre-commit install && pre-commit autoupdate",
+    "postCreateCommand": "sudo cp -R /tmp/.ssh-localhost/* ~/.ssh && sudo chown -R $(whoami):$(whoami) /tf/caf ~/.ssh && sudo chmod 400 ~/.ssh/* && git config --global core.editor vi && pre-commit install && pre-commit autoupdate",
 
     // Add the IDs of extensions you want installed when the container is created in the array below.
     "extensions": [

diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
@@ -6,7 +6,7 @@
   version: '3.7'
   services:
     rover:
-      image: aztfmod/rover:1.0.1-2106.3012
+      image: aztfmod/rover:1.0.4-2108.1305
       user: vscode
 
       labels:

diff --git a/.github/workflows/master-standalone-tf100-longrunners.yaml b/.github/workflows/master-standalone-tf100-longrunners.yaml
@@ -32,7 +32,7 @@ jobs:
           ]
 
     container:
-      image: aztfmod/rover:1.0.1-2106.3012
+      image: aztfmod/rover:1.0.4-2108.1305
       options: --user 0
 
     steps:
@@ -57,7 +57,7 @@ jobs:
     needs: examples
 
     container:
-      image: aztfmod/rover:1.0.1-2106.3012
+      image: aztfmod/rover:1.0.4-2108.1305
       options: --user 0
 
     steps:

diff --git a/.github/workflows/master-standalone-tf100.yaml b/.github/workflows/master-standalone-tf100.yaml
@@ -7,16 +7,8 @@ name: standalone-scenario-tf100
 
 on:
   workflow_dispatch:
-  pull_request:
-    paths-ignore:
-      - .github/workflows/master-100.yaml
-      - 'documentation/**'
-      - '_pictures/**'
-      - 'README.md'
-      - 'examples/README.md'
-      - 'CHANGELOG.md'
   schedule:
-    - cron:  '0 0 * * 0' #1 AM on Sunday
+    - cron:  '0 0 * * *' #1 AM on Sunday
 
 env:
   TF_CLI_ARGS: '-no-color'
@@ -50,7 +42,7 @@ jobs:
       matrix: ${{fromJSON(needs.load_scenarios.outputs.matrix)}}
 
     container:
-      image: aztfmod/rover:1.0.1-2106.3012
+      image: aztfmod/rover:1.0.4-2108.1305
       options: --user 0
 
     steps:
@@ -75,7 +67,7 @@ jobs:
     needs: examples
 
     container:
-      image: aztfmod/rover:1.0.1-2106.3012
+      image: aztfmod/rover:1.0.4-2108.1305
       options: --user 0
 
     steps:

diff --git a/.github/workflows/master-standalone-tf14-longrunners.yaml b/.github/workflows/master-standalone-tf14-longrunners.yaml
@@ -32,7 +32,7 @@ jobs:
           ]
 
     container:
-      image: aztfmod/rover:0.14.11-2106.3012
+      image: aztfmod/rover:0.14.11-2108.1305
       options: --user 0
 
     steps:
@@ -57,7 +57,7 @@ jobs:
     needs: examples
 
     container:
-      image: aztfmod/rover:0.14.11-2106.3007
+      image: aztfmod/rover:0.14.11-2108.1305
       options: --user 0
 
     steps:

diff --git a/.github/workflows/master-standalone-tf14.yaml b/.github/workflows/master-standalone-tf14.yaml
@@ -7,7 +7,7 @@ name: standalone-scenario-tf14
 
 on:
   schedule:
-    - cron:  '0 5 * * 0' #1 AM on Sunday
+    - cron:  '0 5 * * *' #1 AM on Sunday
 
 env:
   TF_CLI_ARGS: '-no-color'
@@ -41,7 +41,7 @@ jobs:
       matrix: ${{fromJSON(needs.load_scenarios.outputs.matrix)}}
 
     container:
-      image: aztfmod/rover:0.14.11-2106.3012
+      image: aztfmod/rover:0.14.11-2108.1305
       options: --user 0
 
     steps:
@@ -66,7 +66,7 @@ jobs:
     needs: examples
 
     container:
-      image: aztfmod/rover:0.14.11-2106.3012
+      image: aztfmod/rover:0.14.11-2108.1305
       options: --user 0
 
     steps:

diff --git a/.github/workflows/master-standalone-tf15-longrunners.yaml b/.github/workflows/master-standalone-tf15-longrunners.yaml
@@ -32,7 +32,7 @@ jobs:
           ]
 
     container:
-      image: aztfmod/rover:0.15.5-2106.3012
+      image: aztfmod/rover:0.15.5-2108.1305
       options: --user 0
 
     steps:
@@ -57,7 +57,7 @@ jobs:
     needs: examples
 
     container:
-      image: aztfmod/rover:0.15.5-2106.3012
+      image: aztfmod/rover:0.15.5-2108.1305
       options: --user 0
 
     steps:

diff --git a/.github/workflows/master-standalone-tf15.yaml b/.github/workflows/master-standalone-tf15.yaml
@@ -8,7 +8,7 @@ name: standalone-scenario-tf15
 on:
   workflow_dispatch:
   schedule:
-    - cron:  '0 2 * * 0' #1 AM on Sunday
+    - cron:  '0 2 * * *' #1 AM on Sunday
 
 env:
   TF_CLI_ARGS: '-no-color'
@@ -42,7 +42,7 @@ jobs:
       matrix: ${{fromJSON(needs.load_scenarios.outputs.matrix)}}
 
     container:
-      image: aztfmod/rover:0.15.5-2106.3012
+      image: aztfmod/rover:0.15.5-2108.1305
       options: --user 0
 
     steps:
@@ -67,7 +67,7 @@ jobs:
     needs: examples
 
     container:
-      image: aztfmod/rover:0.15.5-2106.3012
+      image: aztfmod/rover:0.15.5-2108.1305
       options: --user 0
 
     steps:

diff --git a/.github/workflows/standalone-scenarios-additional.json b/.github/workflows/standalone-scenarios-additional.json
@@ -0,0 +1,14 @@
+{
+  "config_files": [
+    "consumption_budget/100-consumption-budget-rg",
+    "consumption_budget/101-consumption-budget-subscription",
+    "consumption_budget/102-consumption-budget-rg-alerts",
+    "consumption_budget/103-consumption-budget-subscription-alerts",
+    "consumption_budget/104-consumption-budget-subscription-vm",
+    "consumption_budget/105-consumption-budget-subscription-aks"
+
+
+    // Waiting for support to register arm provider - https://github.com/Azure/caf-terraform-landingzones/pull/238
+    "cognitive_services/100-cognitive-services-account"
+  ]
+}
diff --git a/.github/workflows/standalone-scenarios.json b/.github/workflows/standalone-scenarios.json
@@ -24,17 +24,16 @@
     "compute/dedicated_hosts/102-dedicated-host-vms",
     "compute/kubernetes_services/101-single-cluster",
     "compute/kubernetes_services/102-multi-nodepools",
+    "compute/kubernetes_services/103-multi-clusters",
+    "compute/kubernetes_services/104-private-cluster",
+    "compute/kubernetes_services/105-cluster-usermsi",
     "compute/proximity_placement_group",
     "compute/virtual_machine/101-single-windows-vm",
     "compute/virtual_machine/102-single-vm-data-disks",
     "compute/virtual_machine/104-single-windows-backup",
     "compute/virtual_machine/106-marketplace-image-with-plan",
     "compute/virtual_machine/210-vm-bastion-winrm",
     "compute/virtual_machine/211-vm-bastion-winrm-agents",
-    "consumption_budget/100-consumption-budget-rg",
-    "consumption_budget/101-consumption-budget-subscription",
-    "consumption_budget/102-consumption-budget-rg-alerts",
-    "consumption_budget/103-consumption-budget-subscription-alerts",
     "compute/virtual_machine_scale_set/100-linux-win-vmss-lb",
     "compute/virtual_machine_scale_set/101-linux-win-vmss-agw",
     "compute/windows_virtual_desktop/wvd_resources",
@@ -92,6 +91,7 @@
     "networking/load_balancers/102-internal-load-balancer",
     "networking/load_balancers/103-load-balancer-nic-association",
     "networking/load_balancers/104-load-balancer-diagnostics",
+    "networking/nat_gateways/100-nat-gateways-with-public-ip",
     "networking/private_dns/100-private-dns-vnet-links",
     "networking/private_links/endpoints/centralized",
     "networking/virtual_network_gateway/100-expressroute-gateway",
@@ -123,6 +123,7 @@
     "redis_cache/100-redis-standard",
     "redis_cache/101-redis-diagnostics",
     "redis_cache/102-redis-private",
+    "role_mapping/100-simple-role-mapping",
     "storage_accounts/101-storage-account-with-protection",
     "storage_accounts/102-storage-account-advanced-options",
     "storage_accounts/103-storage-account-network-rules",

diff --git a/.gitignore b/.gitignore
@@ -11,4 +11,5 @@
 **/backend.azurerm.tf
 public
 **/.terraform.lock.hcl
-**/*.backup
+**/*.backup
+landingzones
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -16,7 +16,6 @@ repos:
       - id: check-merge-conflict
       - id: trailing-whitespace
       - id: check-yaml
-      - id: check-json
       - id: check-added-large-files
       - id: detect-private-key
   # - repo: git://github.com/markdownlint/markdownlint

diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -1,7 +1,12 @@
 {
     "files.eol": "\n",
-    "terminal.integrated.shell.linux": "/bin/bash",
     "editor.tabSize": 2,
-    "terminal.integrated.scrollback": 8000,
-    "terminal.integrated.cwd": "/tf/caf",
+    "terminal.integrated.scrollback": 32000,
+    "terminal.integrated.profiles.linux": {
+        "caf (rover on docker)": {
+            "path": "docker-compose",
+            "args": ["-f", "rover_on_ssh_host.yml", "run", "-e", "ROVER_RUNNER=true", "--rm", "-w", "/tf/caf" ,"rover", "/bin/bash"],
+            "overrideName": true
+        }
+    }
 }
diff --git a/README.md b/README.md
@@ -17,21 +17,20 @@ This module can be used inside [Cloud Adoption Framework Landing zones](https://
 ```terraform
 module "caf" {
   source  = "aztfmod/caf/azurerm"
-  version = "~>5.1.0"
+  version = "~>5.4.0"
   # insert the 7 required variables here
 }
 ```
 
-Fill the variables as needed and documented, there is a [quick example here](./examples/standalone.md).
+Fill the variables as needed and documented, there is a [quick example here](https://github.com/aztfmod/terraform-azurerm-caf/tree/master/examples/standalone.md).
 
-For a complete set of examples you can review the [full library here](./examples).
-
-<img src="https://aztfmod.blob.core.windows.net/media/standalone.gif" width="720"/> <br/> <br/>
+For a complete set of examples you can review the [full library here](https://github.com/aztfmod/terraform-azurerm-caf/tree/master/examples).
 
+<img src="https://aztfmod.azureedge.net/media/standalone.gif" width="720"/> <br/> <br/>
 
 ## Community
 
-Feel free to open an issue for feature or bug, or to submit a PR, [please review the module contribution and conventions guidelines](./documentation/conventions.md)
+Feel free to open an issue for feature or bug, or to submit a PR, [Please check out the WIKI for coding standards, common patterns and PR checklist.](https://github.com/aztfmod/terraform-azurerm-caf/wiki)
 
 In case you have any question, you can reach out to tf-landingzones at microsoft dot com.
 

diff --git a/aks_clusters.tf b/aks_clusters.tf
@@ -15,7 +15,10 @@ module "aks_clusters" {
   settings            = each.value
   subnets             = lookup(each.value, "lz_key", null) == null ? local.combined_objects_networking[local.client_config.landingzone_key][each.value.vnet_key].subnets : local.combined_objects_networking[each.value.lz_key][each.value.vnet_key].subnets
   resource_group      = local.resource_groups[each.value.resource_group_key]
-  private_dns_zone_id = try(local.combined_objects_private_dns[try(each.value.private_dns_zone.lz_key, local.client_config.landingzone_key)][each.value.key].id, null)
+  private_dns_zone_id = try(local.combined_objects_private_dns[each.value.private_dns_zone.lz_key][each.value.private_dns_zone.key].id,
+    local.combined_objects_private_dns[local.client_config.landingzone_key][each.value.private_dns_zone.key].id,
+  null)
+  managed_identities = local.combined_objects_managed_identities
 
   admin_group_object_ids = try(each.value.admin_groups.azuread_group_keys, null) == null ? null : try(each.value.admin_groups.ids, [
     for group_key in try(each.value.admin_groups.azuread_groups.keys, {}) : local.combined_objects_azuread_groups[local.client_config.landingzone_key][group_key].id

diff --git a/cognitive_service.tf b/cognitive_service.tf
@@ -0,0 +1,14 @@
+module "cognitive_services_account" {
+  source   = "./modules/cognitive_services/cognitive_services_account"
+  for_each = local.cognitive_services.cognitive_services_account
+
+  client_config       = local.client_config
+  global_settings     = local.global_settings
+  resource_group_name = local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].name
+  location            = lookup(each.value, "region", null) == null ? local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location : local.global_settings.regions[each.value.region]
+  settings            = each.value
+}
+
+output "cognitive_services_account" {
+  value = module.cognitive_services_account
+}
diff --git a/consumption_budgets.tf b/consumption_budgets.tf
@@ -5,11 +5,15 @@ module "consumption_budgets_resource_groups" {
     if try(value.resource_group, null) != null
   }
 
-  client_config         = local.client_config
-  global_settings       = local.global_settings
-  monitor_action_groups = local.combined_objects_monitor_action_groups
-  # lz_key used in dimension to reference remote state
-  resource_groups = local.combined_objects_resource_groups
+  local_combined_resources = {
+    # Add combined objects that need to be included in the filter
+    aks                   = local.combined_objects_aks_clusters,
+    monitor_action_groups = local.combined_objects_monitor_action_groups,
+    resource_groups       = local.combined_objects_resource_groups,
+    virtual_machines      = local.combined_objects_virtual_machines,
+  }
+  client_config   = local.client_config
+  global_settings = local.global_settings
   settings        = each.value
 }
 
@@ -20,17 +24,17 @@ module "consumption_budgets_subscriptions" {
     if try(value.subscription, null) != null
   }
 
-  client_config         = local.client_config
-  global_settings       = local.global_settings
-  monitor_action_groups = local.combined_objects_monitor_action_groups
-  # lz_key used in dimension to reference remote state
-  resource_groups = local.combined_objects_resource_groups
+  local_combined_resources = {
+    # Add combined objects that need to be included in the filter
+    aks                   = local.combined_objects_aks_clusters,
+    monitor_action_groups = local.combined_objects_monitor_action_groups,
+    resource_groups       = local.combined_objects_resource_groups,
+    subscriptions         = local.combined_objects_subscriptions,
+    virtual_machines      = local.combined_objects_virtual_machines,
+  }
+  client_config   = local.client_config
+  global_settings = local.global_settings
   settings        = each.value
-  subscription_id = coalesce(
-    try(each.value.subscription.id, null),
-    try(local.combined_objects_subscriptions[try(each.value.subscription.lz_key, local.client_config.landingzone_key)][each.value.subscription.key].subscription_id, null),
-    local.client_config.subscription_id
-  )
 }
 
 output "consumption_budgets_resource_groups" {

diff --git a/event_hubs.tf b/event_hubs.tf
@@ -12,6 +12,10 @@ module "event_hub_namespaces" {
   base_tags           = try(local.global_settings.inherit_tags, false) ? local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][each.value.resource_group_key].tags : {}
 }
 
+output "event_hub_namespaces" {
+  value = module.event_hub_namespaces
+}
+
 module "event_hub_namespace_auth_rules" {
   source   = "./modules/event_hubs/namespaces/auth_rules"
   for_each = try(var.event_hub_namespace_auth_rules, {})