From 51ee8c72eef157768ab2cef6c918ca2ca064bd33 Mon Sep 17 00:00:00 2001 From: lolorol Date: Fri, 26 May 2023 12:03:28 +0800 Subject: [PATCH 1/3] Int 5.6.9 - ESLZ upgrade to 3.3.0, Update azure devops agent (#472) * Update from bug bash 2 * Udpate from bug bash * Update * Update git settings * Update pipelines * Fix repo * Fix conditions * Udapte * Update * Update * Cleanup * Update token * Update * Update * Update pipelines * Update * Udpate * Update * Update * Update * fix pre-commit * Update * Update * Update * Update * Update * Update * Update * Update -bug bash * Fixes from bug bash * Fix parameters type * Fix pipeline and custom role template * Fixes from bug bash * Update * Update bug bash * Set Monitoring Contributor * Fix permissions for remediation * Add Azureservices to access management stg logs * Update firewall rules and nsg stg type * Update fw rule templates * Update firewall rules * Update gitops rules * Update * Fix walk through * Update fw rule processing * Update fw rules * Udpate variables path * Update * Update bug bash * Update typo * Update from bug bash * Fix a condition * Update from bug bash * Update pr * Update from bug bash * Update from bug bash * Fix ci * Update from bug bash * Update from bug bash * Update aztfmod version * Update asvm * Update * Update bootstrap process * Fix for exact match search * Update * Update aztfmod version * Update pipelines * Update from bug bash * Update aci agent and pipeline * Fix module path * Update multi_subscriptions * Update * Typos * Update from bug bash * Update pipelines * Update from bug bash * Update ACI token * Update from bug bash * Update templates with private endpoints and vnet * Add rover bot details * Update dependency condition * Updates * Merge branch 'int-5.6.0' into fix.bootstrap_order * Update module and adding automation * bbash 1- ALZ 3.3.0 - PL - M-Sub - Secure bootstrap * Add alz native deployment mode * Update to default to the loggedin sub for mono sub deployment * Update to default to the loggedin sub for mono sub deployment * Update to default to the loggedin sub for mono sub deployment * Update to default to the loggedin sub for mono sub deployment * Update to default to the loggedin sub for mono sub deployment * Update to default to the loggedin sub for mono sub deployment * Update to default to the loggedin sub for mono sub deployment * Update to default to the loggedin sub for mono sub deployment * Added subscription_id_identity * Updating output to be more verbose about vnet, subnet, firewall, firewall policies, private dns zones and vnet gateway * agent * upload blob and use managed identity * Fix azure_container_registries * Rebase main templates * Update caf_launchpad/main.tf Co-authored-by: Arnaud Lheureux * Update caf_solution/main.tf Co-authored-by: Arnaud Lheureux * Update caf_solution/add-ons/caf_eslz/main.tf Required to enable azurerm backend to use the new azuread graph MSAL library Co-authored-by: Arnaud Lheureux --------- Co-authored-by: Arnaud Lheureux Co-authored-by: Arnaud Lheureux Co-authored-by: Arnaud Lheureux Co-authored-by: Sujay Pillai Co-authored-by: Amit Roy <126342793+amro-acc@users.noreply.github.com> --- .gitignore | 3 +- caf_launchpad/landingzone.tf | 11 +- caf_launchpad/local.storage.tf | 5 + caf_launchpad/locals.remote_tfstates.tf | 2 +- caf_launchpad/main.tf | 2 +- caf_launchpad/variables.storage.tf | 3 + caf_launchpad/variables.tf | 12 + .../extensions/devops_selfhosted_agent.tf | 30 +- .../add-ons/azure_devops_agent/variables.tf | 6 + .../vm_extention_devops_agent.tf | 1 + .../add-ons/caf_eslz/enterprise_scale.tf | 25 +- caf_solution/add-ons/caf_eslz/main.tf | 30 +- caf_solution/add-ons/caf_eslz/output.tf | 32 +- caf_solution/add-ons/caf_eslz/variables.tf | 16 +- .../add-ons/caf_eslz/variables_alz.tf | 612 ++++++++++++++++++ .../terraform_cloud/terraform_cloud.tf | 2 +- caf_solution/local.data_protection.tf | 6 +- caf_solution/locals.remote_tfstates.tf | 2 +- caf_solution/main.tf | 2 +- caf_solution/vmss_extensions.tf | 8 +- 20 files changed, 767 insertions(+), 43 deletions(-) create mode 100644 caf_launchpad/local.storage.tf create mode 100644 caf_launchpad/variables.storage.tf create mode 100644 caf_solution/add-ons/caf_eslz/variables_alz.tf diff --git a/.gitignore b/.gitignore index dc01ba48..04900d49 100644 --- a/.gitignore +++ b/.gitignore @@ -10,4 +10,5 @@ **/*.log **/backend.azurerm.tf public -*output.json \ No newline at end of file +*output.json +**/*.pyc \ No newline at end of file diff --git a/caf_launchpad/landingzone.tf b/caf_launchpad/landingzone.tf index fabac64c..a224e28b 100644 --- a/caf_launchpad/landingzone.tf +++ b/caf_launchpad/landingzone.tf @@ -49,22 +49,27 @@ module "launchpad" { } compute = { - bastion_hosts = try(var.compute.bastion_hosts, var.bastion_hosts) - container_groups = var.container_groups - virtual_machines = try(var.compute.virtual_machines, var.virtual_machines) + bastion_hosts = try(var.compute.bastion_hosts, var.bastion_hosts) + container_groups = var.container_groups + azure_container_registries = try(var.compute.azure_container_registries, var.azure_container_registries) + virtual_machines = try(var.compute.virtual_machines, var.virtual_machines) } networking = { azurerm_routes = try(var.networking.azurerm_routes, var.azurerm_routes) network_profiles = var.network_profiles network_security_group_definition = try(var.networking.network_security_group_definition, var.network_security_group_definition) + private_dns = try(var.networking.private_dns, var.private_dns) public_ip_addresses = try(var.networking.public_ip_addresses, var.public_ip_addresses) route_tables = try(var.networking.route_tables, var.route_tables) virtual_hub_connections = try(var.networking.virtual_hub_connections, var.virtual_hub_connections) + vnet_peerings_v1 = try(var.networking.vnet_peerings_v1, var.vnet_peerings_v1) vnets = try(var.networking.vnets, var.vnets) } security = { keyvault_keys = var.keyvault_keys } + + storage = local.storage } diff --git a/caf_launchpad/local.storage.tf b/caf_launchpad/local.storage.tf new file mode 100644 index 00000000..a01a5c0f --- /dev/null +++ b/caf_launchpad/local.storage.tf @@ -0,0 +1,5 @@ +locals { + storage = { + storage_account_queues = var.storage_account_queues + } +} \ No newline at end of file diff --git a/caf_launchpad/locals.remote_tfstates.tf b/caf_launchpad/locals.remote_tfstates.tf index 69ccffc8..db55b458 100644 --- a/caf_launchpad/locals.remote_tfstates.tf +++ b/caf_launchpad/locals.remote_tfstates.tf @@ -29,7 +29,7 @@ locals { tenant_id = value.tenant_id sas_token = try(value.sas_token, null) != null ? var.sas_token : null } if try(value.backend_type, "azurerm") == "azurerm" - } + } remote = { for key, value in try(var.landingzone.tfstates, {}) : key => { hostname = try(value.hostname, null) diff --git a/caf_launchpad/main.tf b/caf_launchpad/main.tf index 83e29399..88309e43 100644 --- a/caf_launchpad/main.tf +++ b/caf_launchpad/main.tf @@ -32,7 +32,7 @@ provider "azurerm" { partner_id = "ca4078f8-9bc4-471b-ab5b-3af6b86a42c8" features { api_management { - purge_soft_delete_on_destroy = var.provider_azurerm_features_api_management.purge_soft_delete_on_destroy + purge_soft_delete_on_destroy = try(var.provider_azurerm_features_api_management.purge_soft_delete_on_destroy, null) # recover_soft_deleted_api_managements = var.provider_azurerm_features_api_management.recover_soft_deleted_api_managements } # application_insights { diff --git a/caf_launchpad/variables.storage.tf b/caf_launchpad/variables.storage.tf new file mode 100644 index 00000000..64d08181 --- /dev/null +++ b/caf_launchpad/variables.storage.tf @@ -0,0 +1,3 @@ +variable "storage_account_queues" { + default = {} +} \ No newline at end of file diff --git a/caf_launchpad/variables.tf b/caf_launchpad/variables.tf index 0be38ee2..5702cb47 100644 --- a/caf_launchpad/variables.tf +++ b/caf_launchpad/variables.tf @@ -226,6 +226,10 @@ variable "vnets" { default = {} } +variable "vnet_peerings_v1" { + default = {} +} + variable "network_security_group_definition" { default = {} } @@ -260,4 +264,12 @@ variable "virtual_hub_connections" { variable "custom_variables" { default = {} +} + +variable "azure_container_registries" { + default = {} +} + +variable "private_dns" { + default = {} } \ No newline at end of file diff --git a/caf_solution/add-ons/azure_devops_agent/extensions/devops_selfhosted_agent.tf b/caf_solution/add-ons/azure_devops_agent/extensions/devops_selfhosted_agent.tf index 5372db55..eacc6b66 100644 --- a/caf_solution/add-ons/azure_devops_agent/extensions/devops_selfhosted_agent.tf +++ b/caf_solution/add-ons/azure_devops_agent/extensions/devops_selfhosted_agent.tf @@ -14,18 +14,8 @@ resource "azurerm_virtual_machine_extension" "devops_selfhosted_agent" { #timestamp: use this field only to trigger a re-run of the script by changing value of this field. # Any integer value is acceptable; it must only be different than the previous value. - settings = jsonencode( - { - "timestamp" : each.value.version, - "fileUris" : concat(local.devops_selfhosted_agent.file_uris, local.devops_selfhosted_agent.storage_account_blobs_urls), - - } - ) - protected_settings = jsonencode( - { - "commandToExecute" : format("bash %s '%s' '%s' '%s' '%s' '%s' '%s' '%s'", var.extensions[each.key].agent_init_script, var.settings[each.key].azure_devops.url, var.settings[each.key].agent_pat, var.settings[each.key].azure_devops.agent_pool.name, var.settings[each.key].azure_devops.agent_pool.agent_name_prefix, var.settings[each.key].azure_devops.agent_pool.num_agents, var.settings[each.key].admin_username, var.settings[each.key].azure_devops.rover_version) - } - ) + settings = jsonencode(local.settings) + protected_settings = jsonencode(local.protected_settings) } @@ -41,4 +31,18 @@ locals { storage_account_blobs_urls = try(var.settings.devops_selfhosted_agent.storage_account_blobs_urls, []) } -} + + settings = { + timestamp = var.extensions.devops_selfhosted_agent.version + fileUris = concat(local.devops_selfhosted_agent.file_uris, local.devops_selfhosted_agent.storage_account_blobs_urls) + + } + + protected_settings = { + commandToExecute = format("bash %s '%s' '%s' '%s' '%s' '%s' '%s' '%s'", var.extensions["devops_selfhosted_agent"].agent_init_script, var.settings["devops_selfhosted_agent"].azure_devops.url, var.settings["devops_selfhosted_agent"].agent_pat, var.settings["devops_selfhosted_agent"].azure_devops.agent_pool.name, var.settings["devops_selfhosted_agent"].azure_devops.agent_pool.agent_name_prefix, var.settings["devops_selfhosted_agent"].azure_devops.agent_pool.num_agents, var.settings["devops_selfhosted_agent"].admin_username, var.settings["devops_selfhosted_agent"].azure_devops.rover_version) + managedIdentity = can(var.settings.devops_selfhosted_agent.managed_identity) ? { + objectId = var.settings.devops_selfhosted_agent.managed_identity + } : {} + } + +} \ No newline at end of file diff --git a/caf_solution/add-ons/azure_devops_agent/variables.tf b/caf_solution/add-ons/azure_devops_agent/variables.tf index 0b5ad965..feb91432 100644 --- a/caf_solution/add-ons/azure_devops_agent/variables.tf +++ b/caf_solution/add-ons/azure_devops_agent/variables.tf @@ -61,6 +61,9 @@ variable "mssql_servers" { variable "storage_accounts" { default = {} } +variable "storage_containers" { + default = {} +} variable "storage_account_blobs" { default = {} } @@ -103,3 +106,6 @@ variable "dynamic_keyvault_secrets" { variable "managed_identities" { default = {} } +variable "var_folder_path" { + default = null +} \ No newline at end of file diff --git a/caf_solution/add-ons/azure_devops_agent/vm_extention_devops_agent.tf b/caf_solution/add-ons/azure_devops_agent/vm_extention_devops_agent.tf index 65349a17..464dcc04 100644 --- a/caf_solution/add-ons/azure_devops_agent/vm_extention_devops_agent.tf +++ b/caf_solution/add-ons/azure_devops_agent/vm_extention_devops_agent.tf @@ -33,6 +33,7 @@ module "vm_extensions" { [ for key, value in try(var.storage_account_blobs, []) : module.caf.storage_account_blobs[key].url ]) + managed_identity = can(each.value.virtual_machine_extensions.devops_selfhosted_agent.managed_identity.lz_key) ? local.remote.managed_identities[each.value.virtual_machine_extensions.devops_selfhosted_agent.managed_identity.lz_key][each.value.virtual_machine_extensions.devops_selfhosted_agent.managed_identity.key].rbac_id : module.caf.managed_identities[each.value.virtual_machine_extensions.devops_selfhosted_agent.managed_identity.key].rbac_id } } } diff --git a/caf_solution/add-ons/caf_eslz/enterprise_scale.tf b/caf_solution/add-ons/caf_eslz/enterprise_scale.tf index 3b21b977..199b4091 100644 --- a/caf_solution/add-ons/caf_eslz/enterprise_scale.tf +++ b/caf_solution/add-ons/caf_eslz/enterprise_scale.tf @@ -2,14 +2,14 @@ module "enterprise_scale" { source = "Azure/caf-enterprise-scale/azurerm" - version = "1.1.3" + version = "3.3.0" # source = "/tf/caf/alz" providers = { azurerm = azurerm - azurerm.connectivity = azurerm - azurerm.management = azurerm + azurerm.connectivity = azurerm.connectivity + azurerm.management = azurerm.management } root_parent_id = var.root_parent_id == null ? data.azurerm_client_config.current.tenant_id : var.root_parent_id @@ -23,4 +23,23 @@ module "enterprise_scale" { root_id = var.root_id root_name = var.root_name subscription_id_overrides = local.subscription_id_overrides + + # To support native alz deployment mode + configure_connectivity_resources = var.configure_connectivity_resources + configure_identity_resources = var.configure_identity_resources + configure_management_resources = var.configure_management_resources + deploy_connectivity_resources = var.deploy_connectivity_resources + deploy_diagnostics_for_mg = var.deploy_diagnostics_for_mg + deploy_identity_resources = var.deploy_identity_resources + deploy_management_resources = var.deploy_management_resources + disable_telemetry = var.disable_telemetry + subscription_id_connectivity = local.subscription_id_connectivity + subscription_id_management = local.subscription_id_management + subscription_id_identity = local.subscription_id_identity +} + +locals { + subscription_id_connectivity = var.subscription_id_connectivity == null ? data.azurerm_client_config.current.subscription_id : var.subscription_id_connectivity + subscription_id_management = var.subscription_id_management == null ? data.azurerm_client_config.current.subscription_id : var.subscription_id_management + subscription_id_identity = var.subscription_id_identity == null ? data.azurerm_client_config.current.subscription_id : var.subscription_id_identity } \ No newline at end of file diff --git a/caf_solution/add-ons/caf_eslz/main.tf b/caf_solution/add-ons/caf_eslz/main.tf index 5fb34bb9..a818cfcf 100644 --- a/caf_solution/add-ons/caf_eslz/main.tf +++ b/caf_solution/add-ons/caf_eslz/main.tf @@ -3,18 +3,40 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.93.1" + version = "~> 3.35.0" } } - required_version = ">= 1.1.0" - experiments = [module_variable_optional_attrs] + required_version = ">= 1.3.0" } - provider "azurerm" { partner_id = "ca4078f8-9bc4-471b-ab5b-3af6b86a42c8" # partner identifier for CAF Terraform landing zones. features {} } +provider "azurerm" { + partner_id = "ca4078f8-9bc4-471b-ab5b-3af6b86a42c8" + alias = "connectivity" + features {} + subscription_id = local.subscription_id_connectivity + tenant_id = var.tenant_id +} + +provider "azurerm" { + partner_id = "ca4078f8-9bc4-471b-ab5b-3af6b86a42c8" + alias = "management" + features {} + subscription_id = var.subscription_id_management == null ? data.azurerm_client_config.current.subscription_id : var.subscription_id_management + tenant_id = var.tenant_id +} + +provider "azurerm" { + partner_id = "ca4078f8-9bc4-471b-ab5b-3af6b86a42c8" + alias = "identity" + features {} + subscription_id = var.subscription_id_identity == null ? data.azurerm_client_config.current.subscription_id : var.subscription_id_identity + tenant_id = var.tenant_id +} + data "azurerm_client_config" "current" {} diff --git a/caf_solution/add-ons/caf_eslz/output.tf b/caf_solution/add-ons/caf_eslz/output.tf index 9c05cc8f..3ee01188 100644 --- a/caf_solution/add-ons/caf_eslz/output.tf +++ b/caf_solution/add-ons/caf_eslz/output.tf @@ -1,4 +1,34 @@ output "objects" { - value = module.enterprise_scale + value = merge( + tomap( + { + (var.landingzone.key) = { + "vnets" = { + for key, value in module.enterprise_scale.azurerm_virtual_network.connectivity : value.location => value + } + "virtual_subnets" = { + for key, value in module.enterprise_scale.azurerm_subnet.connectivity : value.name => value + } + "azurerm_firewalls" = { + for key, value in module.enterprise_scale.azurerm_firewall.connectivity : value.location => value + } + "azurerm_firewall_policies" = { + for key, value in module.enterprise_scale.azurerm_firewall_policy.connectivity : value.location => value + } + "private_dns_zones" = { + for key, value in module.enterprise_scale.azurerm_private_dns_zone.connectivity : value.name => value + } + "virtual_network_gateways" = { + for key, value in module.enterprise_scale.azurerm_virtual_network_gateway.connectivity : value.name => value + } + } + } + ), + module.enterprise_scale + ) sensitive = true +} + +output "custom_landing_zones" { + value = local.custom_landing_zones } \ No newline at end of file diff --git a/caf_solution/add-ons/caf_eslz/variables.tf b/caf_solution/add-ons/caf_eslz/variables.tf index bce716cc..94af89f3 100644 --- a/caf_solution/add-ons/caf_eslz/variables.tf +++ b/caf_solution/add-ons/caf_eslz/variables.tf @@ -62,6 +62,16 @@ variable "tags" { default = {} } +variable "root_parent_id" { + type = string + description = "The root_parent_id is used to specify where to set the root for all Landing Zone deployments. Usually the Tenant ID when deploying the core Enterprise-scale Landing Zones." + default = null + + validation { + condition = can(regex("^[a-zA-Z0-9-_\\(\\)\\.]{1,36}$", var.root_parent_id)) || var.root_parent_id == null + error_message = "Value must be a valid Management Group ID, consisting of alphanumeric characters, hyphens, underscores, periods and parentheses." + } +} variable "root_id" { type = string @@ -85,12 +95,6 @@ variable "root_name" { } } -variable "root_parent_id" { - type = string - description = "If specified, will deploy the Enterprise scale bellow the root_parent_id." - default = null -} - variable "deploy_core_landing_zones" { type = bool description = "If set to true, will include the core Enterprise-scale Management Group hierarchy." diff --git a/caf_solution/add-ons/caf_eslz/variables_alz.tf b/caf_solution/add-ons/caf_eslz/variables_alz.tf new file mode 100644 index 00000000..d337bf97 --- /dev/null +++ b/caf_solution/add-ons/caf_eslz/variables_alz.tf @@ -0,0 +1,612 @@ +variable "deploy_management_resources" { + type = bool + description = "If set to true, will enable the \"Management\" landing zone settings and add \"Management\" resources into the current Subscription context." + default = false +} +variable "deploy_diagnostics_for_mg" { + type = bool + description = "If set to true, will deploy Diagnostic Settings for management groups" + default = false +} + +variable "configure_management_resources" { + type = object({ + settings = optional(object({ + log_analytics = optional(object({ + enabled = optional(bool, true) + config = optional(object({ + retention_in_days = optional(number, 30) + enable_monitoring_for_vm = optional(bool, true) + enable_monitoring_for_vmss = optional(bool, true) + enable_solution_for_agent_health_assessment = optional(bool, true) + enable_solution_for_anti_malware = optional(bool, true) + enable_solution_for_change_tracking = optional(bool, true) + enable_solution_for_service_map = optional(bool, true) + enable_solution_for_sql_assessment = optional(bool, true) + enable_solution_for_sql_vulnerability_assessment = optional(bool, true) + enable_solution_for_sql_advanced_threat_detection = optional(bool, true) + enable_solution_for_updates = optional(bool, true) + enable_solution_for_vm_insights = optional(bool, true) + enable_sentinel = optional(bool, true) + }), {}) + }), {}) + security_center = optional(object({ + enabled = optional(bool, true) + config = optional(object({ + email_security_contact = optional(string, "security_contact@replace_me") + enable_defender_for_app_services = optional(bool, true) + enable_defender_for_arm = optional(bool, true) + enable_defender_for_containers = optional(bool, true) + enable_defender_for_dns = optional(bool, true) + enable_defender_for_key_vault = optional(bool, true) + enable_defender_for_oss_databases = optional(bool, true) + enable_defender_for_servers = optional(bool, true) + enable_defender_for_sql_servers = optional(bool, true) + enable_defender_for_sql_server_vms = optional(bool, true) + enable_defender_for_storage = optional(bool, true) + }), {}) + }), {}) + }), {}) + location = optional(string, "") + tags = optional(any, {}) + advanced = optional(any, {}) + }) + description = "If specified, will customize the \"Management\" landing zone settings and resources." + default = { + settings = { + log_analytics = { + enabled = true + config = { + retention_in_days = 30 + enable_monitoring_for_vm = true + enable_monitoring_for_vmss = true + enable_solution_for_agent_health_assessment = true + enable_solution_for_anti_malware = true + enable_solution_for_change_tracking = true + enable_solution_for_service_map = true + enable_solution_for_sql_assessment = true + enable_solution_for_sql_vulnerability_assessment = true + enable_solution_for_sql_advanced_threat_detection = true + enable_solution_for_updates = true + enable_solution_for_vm_insights = true + enable_sentinel = true + } + } + security_center = { + enabled = true + config = { + email_security_contact = "security_contact@replace_me" + enable_defender_for_app_services = true + enable_defender_for_arm = true + enable_defender_for_containers = true + enable_defender_for_dns = true + enable_defender_for_key_vault = true + enable_defender_for_oss_databases = true + enable_defender_for_servers = true + enable_defender_for_sql_servers = true + enable_defender_for_sql_server_vms = true + enable_defender_for_storage = true + } + } + } + } +} + +variable "deploy_identity_resources" { + type = bool + description = "If set to true, will enable the \"Identity\" landing zone settings." + default = false +} + +variable "configure_identity_resources" { + type = object({ + settings = optional(object({ + identity = optional(object({ + enabled = optional(bool, true) + config = optional(object({ + enable_deny_public_ip = optional(bool, true) + enable_deny_rdp_from_internet = optional(bool, true) + enable_deny_subnet_without_nsg = optional(bool, true) + enable_deploy_azure_backup_on_vms = optional(bool, true) + }), {}) + }), {}) + }), {}) + }) + description = "If specified, will customize the \"Identity\" landing zone settings." + default = { + settings = { + identity = { + enabled = true + config = { + enable_deny_public_ip = true + enable_deny_rdp_from_internet = true + enable_deny_subnet_without_nsg = true + enable_deploy_azure_backup_on_vms = true + } + } + } + } +} + +variable "deploy_connectivity_resources" { + type = bool + description = "If set to true, will enable the \"Connectivity\" landing zone settings and add \"Connectivity\" resources into the current Subscription context." + default = false +} + +# Notes for the `configure_connectivity_resources` variable: +# +# `settings.hub_network_virtual_network_gateway.config.address_prefix` +# - Only support adding a single address prefix for GatewaySubnet subnet +# +# `settings.hub_network_virtual_network_gateway.config.gateway_sku_expressroute` +# - If specified, will deploy the ExpressRoute gateway into the GatewaySubnet subnet +# +# `settings.hub_network_virtual_network_gateway.config.gateway_sku_vpn` +# - If specified, will deploy the VPN gateway into the GatewaySubnet subnet +# +# `settings.hub_network_virtual_network_gateway.config.advanced_vpn_settings.private_ip_address_allocation` +# - Valid options are "", "Static" or "Dynamic". Will set `private_ip_address_enabled` and `private_ip_address_allocation` as needed. +# +# `settings.azure_firewall.config.address_prefix` +# - Only support adding a single address prefix for AzureFirewallManagementSubnet subnet + +variable "configure_connectivity_resources" { + type = object({ + settings = optional(object({ + hub_networks = optional(list( + object({ + enabled = optional(bool, true) + config = object({ + address_space = list(string) + location = optional(string, "") + link_to_ddos_protection_plan = optional(bool, false) + dns_servers = optional(list(string), []) + bgp_community = optional(string, "") + subnets = optional(list( + object({ + name = string + address_prefixes = list(string) + network_security_group_id = optional(string, "") + route_table_id = optional(string, "") + }) + ), []) + virtual_network_gateway = optional(object({ + enabled = optional(bool, false) + config = optional(object({ + address_prefix = optional(string, "") + gateway_sku_expressroute = optional(string, "") + gateway_sku_vpn = optional(string, "") + advanced_vpn_settings = optional(object({ + enable_bgp = optional(bool, null) + active_active = optional(bool, null) + private_ip_address_allocation = optional(string, "") + default_local_network_gateway_id = optional(string, "") + vpn_client_configuration = optional(list( + object({ + address_space = list(string) + aad_tenant = optional(string, null) + aad_audience = optional(string, null) + aad_issuer = optional(string, null) + root_certificate = optional(list( + object({ + name = string + public_cert_data = string + }) + ), []) + revoked_certificate = optional(list( + object({ + name = string + public_cert_data = string + }) + ), []) + radius_server_address = optional(string, null) + radius_server_secret = optional(string, null) + vpn_client_protocols = optional(list(string), null) + vpn_auth_types = optional(list(string), null) + }) + ), []) + bgp_settings = optional(list( + object({ + asn = optional(number, null) + peer_weight = optional(number, null) + peering_addresses = optional(list( + object({ + ip_configuration_name = optional(string, null) + apipa_addresses = optional(list(string), null) + }) + ), []) + }) + ), []) + custom_route = optional(list( + object({ + address_prefixes = optional(list(string), []) + }) + ), []) + }), {}) + }), {}) + }), {}) + azure_firewall = optional(object({ + enabled = optional(bool, false) + config = optional(object({ + address_prefix = optional(string, "") + enable_dns_proxy = optional(bool, true) + dns_servers = optional(list(string), []) + sku_tier = optional(string, "Standard") + base_policy_id = optional(string, "") + private_ip_ranges = optional(list(string), []) + threat_intelligence_mode = optional(string, "Alert") + threat_intelligence_allowlist = optional(list(string), []) + availability_zones = optional(object({ + zone_1 = optional(bool, true) + zone_2 = optional(bool, true) + zone_3 = optional(bool, true) + }), {}) + }), {}) + }), {}) + spoke_virtual_network_resource_ids = optional(list(string), []) + enable_outbound_virtual_network_peering = optional(bool, false) + enable_hub_network_mesh_peering = optional(bool, false) + }) + }) + ), []) + vwan_hub_networks = optional(list( + object({ + enabled = optional(bool, true) + config = object({ + address_prefix = string + location = string + sku = optional(string, "") + routes = optional(list( + object({ + address_prefixes = list(string) + next_hop_ip_address = string + }) + ), []) + expressroute_gateway = optional(object({ + enabled = optional(bool, false) + config = optional(object({ + scale_unit = optional(number, 1) + }), {}) + }), {}) + vpn_gateway = optional(object({ + enabled = optional(bool, false) + config = optional(object({ + bgp_settings = optional(list( + object({ + asn = number + peer_weight = number + instance_0_bgp_peering_address = optional(list( + object({ + custom_ips = list(string) + }) + ), []) + instance_1_bgp_peering_address = optional(list( + object({ + custom_ips = list(string) + }) + ), []) + }) + ), []) + routing_preference = optional(string, "Microsoft Network") + scale_unit = optional(number, 1) + }), {}) + }), {}) + azure_firewall = optional(object({ + enabled = optional(bool, false) + config = optional(object({ + enable_dns_proxy = optional(bool, true) + dns_servers = optional(list(string), []) + sku_tier = optional(string, "Standard") + base_policy_id = optional(string, "") + private_ip_ranges = optional(list(string), []) + threat_intelligence_mode = optional(string, "Alert") + threat_intelligence_allowlist = optional(list(string), []) + availability_zones = optional(object({ + zone_1 = optional(bool, true) + zone_2 = optional(bool, true) + zone_3 = optional(bool, true) + }), {}) + }), {}) + }), {}) + spoke_virtual_network_resource_ids = optional(list(string), []) + secure_spoke_virtual_network_resource_ids = optional(list(string), []) + enable_virtual_hub_connections = optional(bool, false) + }) + }) + ), []) + ddos_protection_plan = optional(object({ + enabled = optional(bool, false) + config = optional(object({ + location = optional(string, "") + }), {}) + }), {}) + dns = optional(object({ + enabled = optional(bool, true) + config = optional(object({ + location = optional(string, "") + enable_private_link_by_service = optional(object({ + azure_api_management = optional(bool, true) + azure_app_configuration_stores = optional(bool, true) + azure_arc = optional(bool, true) + azure_automation_dscandhybridworker = optional(bool, true) + azure_automation_webhook = optional(bool, true) + azure_backup = optional(bool, true) + azure_batch_account = optional(bool, true) + azure_bot_service_bot = optional(bool, true) + azure_bot_service_token = optional(bool, true) + azure_cache_for_redis = optional(bool, true) + azure_cache_for_redis_enterprise = optional(bool, true) + azure_container_registry = optional(bool, true) + azure_cosmos_db_cassandra = optional(bool, true) + azure_cosmos_db_gremlin = optional(bool, true) + azure_cosmos_db_mongodb = optional(bool, true) + azure_cosmos_db_sql = optional(bool, true) + azure_cosmos_db_table = optional(bool, true) + azure_data_explorer = optional(bool, true) + azure_data_factory = optional(bool, true) + azure_data_factory_portal = optional(bool, true) + azure_data_health_data_services = optional(bool, true) + azure_data_lake_file_system_gen2 = optional(bool, true) + azure_database_for_mariadb_server = optional(bool, true) + azure_database_for_mysql_server = optional(bool, true) + azure_database_for_postgresql_server = optional(bool, true) + azure_digital_twins = optional(bool, true) + azure_event_grid_domain = optional(bool, true) + azure_event_grid_topic = optional(bool, true) + azure_event_hubs_namespace = optional(bool, true) + azure_file_sync = optional(bool, true) + azure_hdinsights = optional(bool, true) + azure_iot_dps = optional(bool, true) + azure_iot_hub = optional(bool, true) + azure_key_vault = optional(bool, true) + azure_key_vault_managed_hsm = optional(bool, true) + azure_kubernetes_service_management = optional(bool, true) + azure_machine_learning_workspace = optional(bool, true) + azure_managed_disks = optional(bool, true) + azure_media_services = optional(bool, true) + azure_migrate = optional(bool, true) + azure_monitor = optional(bool, true) + azure_purview_account = optional(bool, true) + azure_purview_studio = optional(bool, true) + azure_relay_namespace = optional(bool, true) + azure_search_service = optional(bool, true) + azure_service_bus_namespace = optional(bool, true) + azure_site_recovery = optional(bool, true) + azure_sql_database_sqlserver = optional(bool, true) + azure_synapse_analytics_dev = optional(bool, true) + azure_synapse_analytics_sql = optional(bool, true) + azure_synapse_studio = optional(bool, true) + azure_web_apps_sites = optional(bool, true) + azure_web_apps_static_sites = optional(bool, true) + cognitive_services_account = optional(bool, true) + microsoft_power_bi = optional(bool, true) + signalr = optional(bool, true) + signalr_webpubsub = optional(bool, true) + storage_account_blob = optional(bool, true) + storage_account_file = optional(bool, true) + storage_account_queue = optional(bool, true) + storage_account_table = optional(bool, true) + storage_account_web = optional(bool, true) + }), {}) + private_link_locations = optional(list(string), []) + public_dns_zones = optional(list(string), []) + private_dns_zones = optional(list(string), []) + enable_private_dns_zone_virtual_network_link_on_hubs = optional(bool, true) + enable_private_dns_zone_virtual_network_link_on_spokes = optional(bool, true) + virtual_network_resource_ids_to_link = optional(list(string), []) + }), {}) + }), {}) + }), {}) + location = optional(string, "") + tags = optional(any, {}) + advanced = optional(any, {}) + }) + description = "If specified, will customize the \"Connectivity\" landing zone settings and resources." + default = { + settings = { + hub_networks = [ + { + enabled = true + config = { + address_space = ["10.100.0.0/16", ] + location = "" + link_to_ddos_protection_plan = false + dns_servers = [] + bgp_community = "" + subnets = [] + virtual_network_gateway = { + enabled = false + config = { + address_prefix = "10.100.1.0/24" + gateway_sku_expressroute = "ErGw2AZ" + gateway_sku_vpn = "VpnGw3" + advanced_vpn_settings = { + enable_bgp = null + active_active = null + private_ip_address_allocation = "" + default_local_network_gateway_id = "" + vpn_client_configuration = [] + bgp_settings = [] + custom_route = [] + } + } + } + azure_firewall = { + enabled = false + config = { + address_prefix = "10.100.0.0/24" + enable_dns_proxy = true + dns_servers = [] + sku_tier = "" + base_policy_id = "" + private_ip_ranges = [] + threat_intelligence_mode = "" + threat_intelligence_allowlist = [] + availability_zones = { + zone_1 = true + zone_2 = true + zone_3 = true + } + } + } + spoke_virtual_network_resource_ids = [] + enable_outbound_virtual_network_peering = false + enable_hub_network_mesh_peering = false + } + }, + ] + vwan_hub_networks = [ + { + enabled = false + config = { + address_prefix = "10.200.0.0/22" + location = "" + sku = "" + routes = [] + expressroute_gateway = { + enabled = false + config = { + scale_unit = 1 + } + } + vpn_gateway = { + enabled = false + config = { + bgp_settings = [] + routing_preference = "" + scale_unit = 1 + } + } + azure_firewall = { + enabled = false + config = { + enable_dns_proxy = false + dns_servers = [] + sku_tier = "Standard" + base_policy_id = "" + private_ip_ranges = [] + threat_intelligence_mode = "" + threat_intelligence_allowlist = [] + availability_zones = { + zone_1 = true + zone_2 = true + zone_3 = true + } + } + } + spoke_virtual_network_resource_ids = [] + secure_spoke_virtual_network_resource_ids = [] + enable_virtual_hub_connections = false + } + }, + ] + ddos_protection_plan = { + enabled = false + config = { + location = "" + } + } + dns = { + enabled = true + config = { + location = "" + enable_private_link_by_service = { + azure_api_management = true + azure_app_configuration_stores = true + azure_arc = true + azure_automation_dscandhybridworker = true + azure_automation_webhook = true + azure_backup = true + azure_batch_account = true + azure_bot_service_bot = true + azure_bot_service_token = true + azure_cache_for_redis = true + azure_cache_for_redis_enterprise = true + azure_container_registry = true + azure_cosmos_db_cassandra = true + azure_cosmos_db_gremlin = true + azure_cosmos_db_mongodb = true + azure_cosmos_db_sql = true + azure_cosmos_db_table = true + azure_data_explorer = true + azure_data_factory = true + azure_data_factory_portal = true + azure_data_health_data_services = true + azure_data_lake_file_system_gen2 = true + azure_database_for_mariadb_server = true + azure_database_for_mysql_server = true + azure_database_for_postgresql_server = true + azure_digital_twins = true + azure_event_grid_domain = true + azure_event_grid_topic = true + azure_event_hubs_namespace = true + azure_file_sync = true + azure_hdinsights = true + azure_iot_dps = true + azure_iot_hub = true + azure_key_vault = true + azure_key_vault_managed_hsm = true + azure_kubernetes_service_management = true + azure_machine_learning_workspace = true + azure_managed_disks = true + azure_media_services = true + azure_migrate = true + azure_monitor = true + azure_purview_account = true + azure_purview_studio = true + azure_relay_namespace = true + azure_search_service = true + azure_service_bus_namespace = true + azure_site_recovery = true + azure_sql_database_sqlserver = true + azure_synapse_analytics_dev = true + azure_synapse_analytics_sql = true + azure_synapse_studio = true + azure_web_apps_sites = true + azure_web_apps_static_sites = true + cognitive_services_account = true + microsoft_power_bi = true + signalr = true + signalr_webpubsub = true + storage_account_blob = true + storage_account_file = true + storage_account_queue = true + storage_account_table = true + storage_account_web = true + } + private_link_locations = [] + public_dns_zones = [] + private_dns_zones = [] + enable_private_dns_zone_virtual_network_link_on_hubs = true + enable_private_dns_zone_virtual_network_link_on_spokes = true + virtual_network_resource_ids_to_link = [] + } + } + } + } +} + +variable "disable_telemetry" { + type = bool + description = "If set to true, will disable telemetry for the module. See https://aka.ms/alz-terraform-module-telemetry." + default = false +} + +variable "subscription_id_connectivity" { + type = string + description = "If specified, identifies the Platform subscription for \"Connectivity\" for resource deployment and correct placement in the Management Group hierarchy." + default = null +} + +variable "subscription_id_management" { + type = string + description = "If specified, identifies the Platform subscription for \"Management\" for resource deployment and correct placement in the Management Group hierarchy." + default = null +} + +variable "subscription_id_identity" { + type = string + description = "If specified, identifies the Platform subscription for \"Identity\" for resource deployment and correct placement in the Management Group hierarchy." + default = null +} \ No newline at end of file diff --git a/caf_solution/add-ons/terraform_cloud/terraform_cloud.tf b/caf_solution/add-ons/terraform_cloud/terraform_cloud.tf index 8ccc501b..448e3e3f 100644 --- a/caf_solution/add-ons/terraform_cloud/terraform_cloud.tf +++ b/caf_solution/add-ons/terraform_cloud/terraform_cloud.tf @@ -93,7 +93,7 @@ resource "tfe_agent_pool" "tfe_agent_pools" { resource "tfe_agent_token" "tfe_agent_pool_tokens" { depends_on = [tfe_agent_pool.tfe_agent_pools] - for_each = try(var.tfe_agent_pool_tokens, {}) + for_each = try(var.tfe_agent_pool_tokens, {}) agent_pool_id = try(each.value.agent_pool_id, tfe_agent_pool.tfe_agent_pools[each.value.agent_pool_key].id) description = each.value.description diff --git a/caf_solution/local.data_protection.tf b/caf_solution/local.data_protection.tf index b0702bbb..aaa97d8a 100644 --- a/caf_solution/local.data_protection.tf +++ b/caf_solution/local.data_protection.tf @@ -2,9 +2,9 @@ locals { data_protection = merge( var.data_protection, { - backup_vaults = var.backup_vaults - backup_vault_policies = var.backup_vault_policies - backup_vault_instances = var.backup_vault_instances + backup_vaults = var.backup_vaults + backup_vault_policies = var.backup_vault_policies + backup_vault_instances = var.backup_vault_instances } ) } diff --git a/caf_solution/locals.remote_tfstates.tf b/caf_solution/locals.remote_tfstates.tf index d6c0e764..8307ffbc 100644 --- a/caf_solution/locals.remote_tfstates.tf +++ b/caf_solution/locals.remote_tfstates.tf @@ -34,7 +34,7 @@ locals { sas_token = try(value.sas_token, null) != null ? var.sas_token : null use_azuread_auth = try(value.use_azuread_auth, true) } if try(value.backend_type, "azurerm") == "azurerm" - } + } remote = { for key, value in try(var.landingzone.tfstates, {}) : key => { hostname = try(value.hostname, var.tf_cloud_hostname) diff --git a/caf_solution/main.tf b/caf_solution/main.tf index 74e35845..9baa289c 100644 --- a/caf_solution/main.tf +++ b/caf_solution/main.tf @@ -35,7 +35,7 @@ provider "azurerm" { # partner identifier for CAF Terraform landing zones. features { api_management { - purge_soft_delete_on_destroy = var.provider_azurerm_features_api_management.purge_soft_delete_on_destroy + purge_soft_delete_on_destroy = try(var.provider_azurerm_features_api_management.purge_soft_delete_on_destroy, null) # recover_soft_deleted_api_managements = var.provider_azurerm_features_api_management.recover_soft_deleted_api_managements } # application_insights { diff --git a/caf_solution/vmss_extensions.tf b/caf_solution/vmss_extensions.tf index 48743add..d36d7c5b 100644 --- a/caf_solution/vmss_extensions.tf +++ b/caf_solution/vmss_extensions.tf @@ -2,11 +2,11 @@ ## The moved instructions are supported Terraform 1.1 and are to be removed after a couple of release. moved { - from = module.vmss_extension_custom_scriptextension - to = module.solution.module.vmss_extension_custom_scriptextension + from = module.vmss_extension_custom_scriptextension + to = module.solution.module.vmss_extension_custom_scriptextension } moved { - from = module.vmss_extension_microsoft_azure_domainjoin - to = module.solution.module.vmss_extension_microsoft_azure_domainjoin + from = module.vmss_extension_microsoft_azure_domainjoin + to = module.solution.module.vmss_extension_microsoft_azure_domainjoin } \ No newline at end of file From 2851b4f5b28cec74e64bf1ca309257e49aa59f55 Mon Sep 17 00:00:00 2001 From: lolorol Date: Fri, 26 May 2023 04:06:12 +0000 Subject: [PATCH 2/3] Update minimum terraform version to 1.3.0 --- caf_solution/add-ons/aad-pod-identity/main.tf | 2 +- caf_solution/add-ons/aks-secure-baseline/main.tf | 2 +- caf_solution/add-ons/aks_applications/main.tf | 2 +- caf_solution/add-ons/aks_applications_v2/main.tf | 2 +- caf_solution/add-ons/aks_azure_devops_agents/main.tf | 2 +- caf_solution/add-ons/aks_gitlab_agents/main.tf | 2 +- caf_solution/add-ons/aks_secure_baseline_v2/main.tf | 4 ++-- caf_solution/add-ons/azure_devops/main.tf | 2 +- caf_solution/add-ons/azure_devops_v1/main.tf | 2 +- caf_solution/add-ons/cross_tenant_hub_connection/main.tf | 2 +- caf_solution/add-ons/databricks_v1/main.tf | 2 +- caf_solution/add-ons/hashicorp_vault_secrets/main.tf | 2 +- caf_solution/add-ons/helm-charts/main.tf | 2 +- .../add-ons/secrets-store-csi-driver-provider-azure/main.tf | 2 +- caf_solution/add-ons/terraform_cloud/main.tf | 2 +- 15 files changed, 16 insertions(+), 16 deletions(-) diff --git a/caf_solution/add-ons/aad-pod-identity/main.tf b/caf_solution/add-ons/aad-pod-identity/main.tf index 71118c6e..73614841 100644 --- a/caf_solution/add-ons/aad-pod-identity/main.tf +++ b/caf_solution/add-ons/aad-pod-identity/main.tf @@ -13,5 +13,5 @@ terraform { version = "~> 0.5.0" } } - required_version = ">= 0.13" + required_version = ">= 1.3.0" } diff --git a/caf_solution/add-ons/aks-secure-baseline/main.tf b/caf_solution/add-ons/aks-secure-baseline/main.tf index 3a17f5c9..cb194d94 100644 --- a/caf_solution/add-ons/aks-secure-baseline/main.tf +++ b/caf_solution/add-ons/aks-secure-baseline/main.tf @@ -13,5 +13,5 @@ terraform { version = ">= 0.5.0" } } - required_version = ">= 0.13" + required_version = ">= 1.3.0" } diff --git a/caf_solution/add-ons/aks_applications/main.tf b/caf_solution/add-ons/aks_applications/main.tf index 22c7841d..3211ffbf 100644 --- a/caf_solution/add-ons/aks_applications/main.tf +++ b/caf_solution/add-ons/aks_applications/main.tf @@ -17,5 +17,5 @@ terraform { version = "~> 0.5.0" } } - required_version = ">= 0.13" + required_version = ">= 1.3.0" } diff --git a/caf_solution/add-ons/aks_applications_v2/main.tf b/caf_solution/add-ons/aks_applications_v2/main.tf index 13bf4797..5d359fe6 100644 --- a/caf_solution/add-ons/aks_applications_v2/main.tf +++ b/caf_solution/add-ons/aks_applications_v2/main.tf @@ -17,7 +17,7 @@ terraform { version = "~> 1.2.24" } } - required_version = ">= 0.13" + required_version = ">= 1.3.0" } data "azurerm_client_config" "current" {} diff --git a/caf_solution/add-ons/aks_azure_devops_agents/main.tf b/caf_solution/add-ons/aks_azure_devops_agents/main.tf index 6b7201fb..41bd9329 100644 --- a/caf_solution/add-ons/aks_azure_devops_agents/main.tf +++ b/caf_solution/add-ons/aks_azure_devops_agents/main.tf @@ -17,5 +17,5 @@ terraform { version = "~> 0.5.0" } } - required_version = ">= 0.13" + required_version = ">= 1.3.0" } \ No newline at end of file diff --git a/caf_solution/add-ons/aks_gitlab_agents/main.tf b/caf_solution/add-ons/aks_gitlab_agents/main.tf index 263eade2..a1898418 100644 --- a/caf_solution/add-ons/aks_gitlab_agents/main.tf +++ b/caf_solution/add-ons/aks_gitlab_agents/main.tf @@ -13,5 +13,5 @@ terraform { version = "~> 2.0.3" } } - required_version = ">= 0.13" + required_version = ">= 1.3.0" } diff --git a/caf_solution/add-ons/aks_secure_baseline_v2/main.tf b/caf_solution/add-ons/aks_secure_baseline_v2/main.tf index 57271379..4e0874d6 100644 --- a/caf_solution/add-ons/aks_secure_baseline_v2/main.tf +++ b/caf_solution/add-ons/aks_secure_baseline_v2/main.tf @@ -10,8 +10,8 @@ terraform { } flux = { source = "fluxcd/flux" - version = ">= 0.0.13" + version = ">= 0.1.3.0" } } - required_version = ">= 0.13" + required_version = ">= 1.3.0" } \ No newline at end of file diff --git a/caf_solution/add-ons/azure_devops/main.tf b/caf_solution/add-ons/azure_devops/main.tf index 0a11d6d4..b70dd9a7 100644 --- a/caf_solution/add-ons/azure_devops/main.tf +++ b/caf_solution/add-ons/azure_devops/main.tf @@ -30,7 +30,7 @@ terraform { version = "~> 1.2.0" } } - required_version = ">= 0.13" + required_version = ">= 1.3.0" } provider "azurerm" { diff --git a/caf_solution/add-ons/azure_devops_v1/main.tf b/caf_solution/add-ons/azure_devops_v1/main.tf index aac34366..2468e0ff 100644 --- a/caf_solution/add-ons/azure_devops_v1/main.tf +++ b/caf_solution/add-ons/azure_devops_v1/main.tf @@ -13,7 +13,7 @@ terraform { version = "~> 0.1.3" } } - required_version = ">= 0.13" + required_version = ">= 1.3.0" } provider "azurerm" { diff --git a/caf_solution/add-ons/cross_tenant_hub_connection/main.tf b/caf_solution/add-ons/cross_tenant_hub_connection/main.tf index 0ccb8f1f..dc32f16f 100644 --- a/caf_solution/add-ons/cross_tenant_hub_connection/main.tf +++ b/caf_solution/add-ons/cross_tenant_hub_connection/main.tf @@ -10,7 +10,7 @@ terraform { version = "~> 2.1.0" } } - required_version = ">= 0.13" + required_version = ">= 1.3.0" } diff --git a/caf_solution/add-ons/databricks_v1/main.tf b/caf_solution/add-ons/databricks_v1/main.tf index 1f332cb4..35ffa445 100644 --- a/caf_solution/add-ons/databricks_v1/main.tf +++ b/caf_solution/add-ons/databricks_v1/main.tf @@ -13,7 +13,7 @@ terraform { version = "~> 0.3.9" } } - required_version = ">= 0.13" + required_version = ">= 1.3.0" } provider "azurerm" { diff --git a/caf_solution/add-ons/hashicorp_vault_secrets/main.tf b/caf_solution/add-ons/hashicorp_vault_secrets/main.tf index 30138148..bc5ecc36 100644 --- a/caf_solution/add-ons/hashicorp_vault_secrets/main.tf +++ b/caf_solution/add-ons/hashicorp_vault_secrets/main.tf @@ -9,5 +9,5 @@ terraform { version = "~> 2.17.0" } } - required_version = ">= 0.13" + required_version = ">= 1.3.0" } \ No newline at end of file diff --git a/caf_solution/add-ons/helm-charts/main.tf b/caf_solution/add-ons/helm-charts/main.tf index 263eade2..a1898418 100644 --- a/caf_solution/add-ons/helm-charts/main.tf +++ b/caf_solution/add-ons/helm-charts/main.tf @@ -13,5 +13,5 @@ terraform { version = "~> 2.0.3" } } - required_version = ">= 0.13" + required_version = ">= 1.3.0" } diff --git a/caf_solution/add-ons/secrets-store-csi-driver-provider-azure/main.tf b/caf_solution/add-ons/secrets-store-csi-driver-provider-azure/main.tf index 9c872237..089eac44 100644 --- a/caf_solution/add-ons/secrets-store-csi-driver-provider-azure/main.tf +++ b/caf_solution/add-ons/secrets-store-csi-driver-provider-azure/main.tf @@ -13,7 +13,7 @@ terraform { version = "~> 0.5.0" } } - required_version = ">= 0.13" + required_version = ">= 1.3.0" } data "azurerm_client_config" "current" {} diff --git a/caf_solution/add-ons/terraform_cloud/main.tf b/caf_solution/add-ons/terraform_cloud/main.tf index a238b42e..5dad22dc 100644 --- a/caf_solution/add-ons/terraform_cloud/main.tf +++ b/caf_solution/add-ons/terraform_cloud/main.tf @@ -25,7 +25,7 @@ terraform { version = "~> 0.26.1" } } - required_version = ">= 0.13" + required_version = ">= 1.3.0" } provider "azurerm" { From d7b7a8a37170a1e0b1ff5ad7e9fc93c45c9ede34 Mon Sep 17 00:00:00 2001 From: lolorol Date: Fri, 26 May 2023 12:08:16 +0800 Subject: [PATCH 3/3] Update caf_solution/add-ons/aks_secure_baseline_v2/main.tf --- caf_solution/add-ons/aks_secure_baseline_v2/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/caf_solution/add-ons/aks_secure_baseline_v2/main.tf b/caf_solution/add-ons/aks_secure_baseline_v2/main.tf index 4e0874d6..df6cd1b9 100644 --- a/caf_solution/add-ons/aks_secure_baseline_v2/main.tf +++ b/caf_solution/add-ons/aks_secure_baseline_v2/main.tf @@ -10,7 +10,7 @@ terraform { } flux = { source = "fluxcd/flux" - version = ">= 0.1.3.0" + version = ">= 0.0.13" } } required_version = ">= 1.3.0"