Merge pull request #187 from Azure/AL-2105

May 2021 updates
Azure · Jun 2, 2021 · 1471823 · 1471823
2 parents bd8aea4 + 60f2eca
commit 1471823
Show file tree

Hide file tree

Showing 25 changed files with 334 additions and 130 deletions.
diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
@@ -6,7 +6,7 @@
   version: '3.7'
   services:
     rover:
-      image: aztfmod/rover:0.15.3-2105.1701
+      image: aztfmod/rover:0.15.4-2105.2603
       user: vscode
 
       labels:

diff --git a/.github/workflows/landingzones-tf13.yml b/.github/workflows/landingzones-tf13.yml
@@ -30,7 +30,7 @@ jobs:
           random_length: ['5']
 
     container:
-      image: aztfmod/rover:0.13.7-2105.1701
+      image: aztfmod/rover:0.13.7-2105.2603
       options: --user 0
 
     steps:
@@ -82,7 +82,7 @@ jobs:
           ]
 
     container:
-      image: aztfmod/rover:0.13.7-2105.1701
+      image: aztfmod/rover:0.13.7-2105.2603
       options: --user 0
 
     steps:
@@ -126,7 +126,7 @@ jobs:
           random_length: ['5']
 
     container:
-      image: aztfmod/rover:0.13.7-2105.1701
+      image: aztfmod/rover:0.13.7-2105.2603
       options: --user 0
 
     steps:
@@ -177,7 +177,7 @@ jobs:
           ]
 
     container:
-      image: aztfmod/rover:0.13.7-2105.1701
+      image: aztfmod/rover:0.13.7-2105.2603
       options: --user 0
 
     steps:
@@ -220,7 +220,7 @@ jobs:
         random_length: ['5']
 
     container:
-      image: aztfmod/rover:0.13.7-2105.1701
+      image: aztfmod/rover:0.13.7-2105.2603
       options: --user 0
 
     steps:

diff --git a/.github/workflows/landingzones-tf14.yml b/.github/workflows/landingzones-tf14.yml
@@ -6,12 +6,6 @@
 name: landingzones-tf14
 
 on:
-  pull_request:
-    paths-ignore:
-      - 'documentation/**'
-      - '_pictures/**'
-      - 'README.md'
-      - 'CHANGELOG.md'
   schedule:
     - cron:  '0 0 * * *'
 
@@ -36,7 +30,7 @@ jobs:
           random_length: ['5']
 
     container:
-      image: aztfmod/rover:0.14.11-2105.1701
+      image: aztfmod/rover:0.14.11-2105.2603
       options: --user 0
 
     steps:
@@ -88,7 +82,7 @@ jobs:
           ]
 
     container:
-      image: aztfmod/rover:0.14.11-2105.1701
+      image: aztfmod/rover:0.14.11-2105.2603
       options: --user 0
 
     steps:
@@ -132,7 +126,7 @@ jobs:
           random_length: ['5']
 
     container:
-      image: aztfmod/rover:0.14.11-2105.1701
+      image: aztfmod/rover:0.14.11-2105.2603
       options: --user 0
 
     steps:
@@ -183,7 +177,7 @@ jobs:
           ]
 
     container:
-      image: aztfmod/rover:0.14.11-2105.1701
+      image: aztfmod/rover:0.14.11-2105.2603
       options: --user 0
 
     steps:
@@ -226,7 +220,7 @@ jobs:
         random_length: ['5']
 
     container:
-      image: aztfmod/rover:0.14.11-2105.1701
+      image: aztfmod/rover:0.14.11-2105.2603
       options: --user 0
 
     steps:

diff --git a/.github/workflows/landingzones-tf15.yml b/.github/workflows/landingzones-tf15.yml
@@ -6,6 +6,12 @@
 name: landingzones-tf15
 
 on:
+  pull_request:
+    paths-ignore:
+      - 'documentation/**'
+      - '_pictures/**'
+      - 'README.md'
+      - 'CHANGELOG.md'
   schedule:
     - cron:  '0 3 * * *'
 
@@ -30,7 +36,7 @@ jobs:
           random_length: ['5']
 
     container:
-      image: aztfmod/rover:0.15.3-2105.1701
+      image: aztfmod/rover:0.15.4-2105.2603
       options: --user 0
 
     steps:
@@ -82,7 +88,7 @@ jobs:
           ]
 
     container:
-      image: aztfmod/rover:0.15.3-2105.1701
+      image: aztfmod/rover:0.15.4-2105.2603
       options: --user 0
 
     steps:
@@ -126,7 +132,7 @@ jobs:
           random_length: ['5']
 
     container:
-      image: aztfmod/rover:0.15.3-2105.1701
+      image: aztfmod/rover:0.15.4-2105.2603
       options: --user 0
 
     steps:
@@ -177,7 +183,7 @@ jobs:
           ]
 
     container:
-      image: aztfmod/rover:0.15.3-2105.1701
+      image: aztfmod/rover:0.15.4-2105.2603
       options: --user 0
 
     steps:
@@ -220,7 +226,7 @@ jobs:
         random_length: ['5']
 
     container:
-      image: aztfmod/rover:0.15.3-2105.1701
+      image: aztfmod/rover:0.15.4-2105.2603
       options: --user 0
 
     steps:

diff --git a/README.md b/README.md
@@ -3,7 +3,7 @@
 
 # Cloud Adoption Framework for Azure landing zones on Terraform
 
-Microsoft [Cloud Adoption Framework for Azure](https://aka.ms/caf) provides you with guidance and best practices to adopt Azure.
+Microsoft [Cloud Adoption Framework for Azure](https://docs.microsoft.com/azure/cloud-adoption-framework/overview) provides you with guidance and best practices to adopt Azure.
 
 A landing zone is a segment of a cloud environment, that has been pre-provisioned through code, and is dedicated to the support of one or more workloads. Landing zones provide access to foundational tools and controls to establish a compliant place to innovate and build new workloads in the cloud, or to migrate existing workloads to the cloud. Landing zones use defined sets of cloud services and best practices to set you up for success.
 

diff --git a/caf_launchpad/landingzone.tf b/caf_launchpad/landingzone.tf
@@ -4,7 +4,7 @@ module "launchpad" {
 
   # source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git?ref=master"
 
-
+  # azuread                               = var.azuread
   azuread_api_permissions               = var.azuread_api_permissions
   azuread_apps                          = var.azuread_apps
   azuread_groups                        = var.azuread_groups

diff --git a/caf_launchpad/main.tf b/caf_launchpad/main.tf
@@ -1,10 +1,7 @@
 terraform {
   required_providers {
     // azurerm version driven by the caf module
-    azuread = {
-      source  = "hashicorp/azuread"
-      version = "~> 1.4.0"
-    }
+    // azuread version driven by the caf module
     random = {
       source  = "hashicorp/random"
       version = "~> 2.2.1"

diff --git a/caf_launchpad/output.tf b/caf_launchpad/output.tf
@@ -10,7 +10,28 @@ output "objects" {
   sensitive = true
 }
 
+output "global_settings" {
+  value = module.launchpad.global_settings
+  sensitive = true
+}
+
+output "diagnostics" {
+  value = module.launchpad.diagnostics
+  sensitive = true
+}
+
 output "tfstates" {
   value     = local.tfstates
   sensitive = true
 }
+
+
+output "launchpad_identities" {
+  value = var.propagate_launchpad_identities ? {
+    (var.landingzone.key) = {
+      azuread_groups = module.launchpad.azuread_groups
+      managed_identities = module.launchpad.managed_identities
+    }
+  } : {}
+  sensitive = true
+}
diff --git a/caf_launchpad/variables.tf b/caf_launchpad/variables.tf
@@ -85,6 +85,9 @@ variable "subscriptions" {
 }
 
 ## Azure Active Directory
+variable "azuread" {
+  default = {}
+}
 variable "azuread_apps" {
   default = {}
 }
@@ -208,4 +211,8 @@ variable "azurerm_routes" {
 
 variable "route_tables" {
   default = {}
+}
+
+variable "propagate_launchpad_identities" {
+  default = false
 }
diff --git a/caf_solution/add-ons/caf_eslz/archetype_config_overrides.tf b/caf_solution/add-ons/caf_eslz/archetype_config_overrides.tf
@@ -11,25 +11,22 @@ locals {
           [
             for role, roles in try(mg_value.access_control, {}) : {
               role = role
-              ids = coalescelist(
-                flatten(
+              ids = flatten(
+                [
                   [
                     for resource_type, value in roles : [
                       for resource_key in try(value.resource_keys, []) : [
                         local.caf[resource_type][value.lz_key][resource_key][value.attribute_key]
                       ]
                     ]
-                  ]
-                ) //flatten
-                ,
-                flatten(
+                  ],
                   [
                     for principal_id in try(roles.principal_ids, []) : [
                       principal_id
                     ]
                   ]
-                ) //flatten
-              )   //coalescelist (ids)
+                ]
+              )   //flatten (ids)
             }
           ]
         ) : mapping.role => mapping.ids

diff --git a/caf_solution/add-ons/caf_eslz/custom_landing_zones.tf b/caf_solution/add-ons/caf_eslz/custom_landing_zones.tf
@@ -51,25 +51,22 @@ locals {
           [
             for role, roles in try(mg_value.archetype_config.access_control, {}) : {
               role = role
-              ids = coalescelist(
-                flatten(
+              ids = flatten(
+                [
                   [
                     for resource_type, value in roles : [
                       for resource_key in try(value.resource_keys, []) : [
                         local.caf[resource_type][value.lz_key][resource_key][value.attribute_key]
                       ]
                     ]
-                  ]
-                ) //flatten
-                ,
-                flatten(
+                  ],
                   [
                     for principal_id in try(roles.principal_ids, []) : [
                       principal_id
                     ]
                   ]
-                ) //flatten
-              )   //coalescelist (ids)
+                ]
+              )   //flatten (ids)
             }
           ]
         ) : mapping.role => mapping.ids

diff --git a/caf_solution/dynamic_secrets.tf b/caf_solution/dynamic_secrets.tf
@@ -1,7 +1,7 @@
 module "dynamic_keyvault_secrets" {
   source  = "aztfmod/caf/azurerm//modules/security/dynamic_keyvault_secrets"
   version = "~>5.3.2"
-  
+
   # source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git//modules/security/dynamic_keyvault_secrets?ref=master"
 
   for_each = {

diff --git a/caf_solution/landingzone.tf b/caf_solution/landingzone.tf
@@ -3,13 +3,15 @@ module "solution" {
   version = "~>5.3.2"
 
   # source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git?ref=master"
+  # source = "../../aztfmod"
 
-
+  # azuread                               = var.azuread
   azuread_api_permissions               = var.azuread_api_permissions
   azuread_apps                          = var.azuread_apps
   azuread_groups                        = var.azuread_groups
   azuread_roles                         = var.azuread_roles
   azuread_users                         = var.azuread_users
+  cloud                                 = local.cloud
   compute                               = local.compute
   current_landingzone_key               = var.landingzone.key
   custom_role_definitions               = var.custom_role_definitions

diff --git a/caf_solution/local.cloud.tf b/caf_solution/local.cloud.tf
@@ -0,0 +1,40 @@
+locals {
+  cloud = merge(
+    var.cloud,
+    {
+      acrLoginServerEndpoint                      = var.acrLoginServerEndpoint
+      attestationEndpoint                         = var.attestationEndpoint
+      azureDatalakeAnalyticsCatalogAndJobEndpoint = var.azureDatalakeAnalyticsCatalogAndJobEndpoint
+      azureDatalakeStoreFileSystemEndpoint        = var.azureDatalakeStoreFileSystemEndpoint
+      keyvaultDns                                 = var.keyvaultDns
+      mariadbServerEndpoint                       = var.mariadbServerEndpoint
+      mhsmDns                                     = var.mhsmDns
+      mysqlServerEndpoint                         = var.mysqlServerEndpoint
+      postgresqlServerEndpoint                    = var.postgresqlServerEndpoint
+      sqlServerHostname                           = var.sqlServerHostname
+      storageEndpoint                             = var.storageEndpoint
+      storageSyncEndpoint                         = var.storageSyncEndpoint
+      synapseAnalyticsEndpoint                    = var.synapseAnalyticsEndpoint
+      activeDirectory                             = var.activeDirectory
+      activeDirectoryDataLakeResourceId           = var.activeDirectoryDataLakeResourceId
+      activeDirectoryGraphResourceId              = var.activeDirectoryGraphResourceId
+      activeDirectoryResourceId                   = var.activeDirectoryResourceId
+      appInsightsResourceId                       = var.appInsightsResourceId
+      appInsightsTelemetryChannelResourceId       = var.appInsightsTelemetryChannelResourceId
+      attestationResourceId                       = var.attestationResourceId
+      azmirrorStorageAccountResourceId            = var.azmirrorStorageAccountResourceId
+      batchResourceId                             = var.batchResourceId
+      gallery                                     = var.gallery
+      logAnalyticsResourceId                      = var.logAnalyticsResourceId
+      management                                  = var.management
+      mediaResourceId                             = var.mediaResourceId
+      microsoftGraphResourceId                    = var.microsoftGraphResourceId
+      ossrdbmsResourceId                          = var.ossrdbmsResourceId
+      portal                                      = var.portal
+      resourceManager                             = var.resourceManager
+      sqlManagement                               = var.sqlManagement
+      synapseAnalyticsResourceId                  = var.synapseAnalyticsResourceId
+      vmImageAliasDoc                             = var.vmImageAliasDoc
+    }
+  )
+}
diff --git a/caf_solution/local.compute.tf b/caf_solution/local.compute.tf
@@ -9,10 +9,10 @@ locals {
       container_groups           = var.container_groups
       proximity_placement_groups = var.proximity_placement_groups
       virtual_machines           = var.virtual_machines
+      virtual_machine_scale_sets = var.virtual_machine_scale_sets
       wvd_application_groups     = var.wvd_application_groups
       wvd_host_pools             = var.wvd_host_pools
-      wvd_session_hosts          = var.wvd_session_hosts
       wvd_workspaces             = var.wvd_workspaces
     }
   )
-}
+}