Skip to content

Commit

Permalink
Merge pull request #487 from Azure/int-5.7.0
Browse files Browse the repository at this point in the history
5.7.2
  • Loading branch information
arnaudlh committed Aug 4, 2023
2 parents cdc8ee2 + 3c4f95d commit 6c21e39
Show file tree
Hide file tree
Showing 69 changed files with 2,078 additions and 513 deletions.
2 changes: 1 addition & 1 deletion .devcontainer/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
version: '3.7'
services:
rover:
image: aztfmod/rover:1.4.6-2306.1405
image: aztfmod/rover:1.4.6-2307.0508
user: vscode

labels:
Expand Down
16 changes: 8 additions & 8 deletions .github/workflows/landingzones-tf100.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ jobs:
random_length: ['5']

container:
image: aztfmod/rover:1.4.6-2306.1405
image: aztfmod/rover:1.4.6-2307.0508
options: --user 0

steps:
Expand Down Expand Up @@ -96,7 +96,7 @@ jobs:
]

container:
image: aztfmod/rover:1.4.6-2306.1405
image: aztfmod/rover:1.4.6-2307.0508
options: --user 0

steps:
Expand Down Expand Up @@ -143,7 +143,7 @@ jobs:
random_length: ['5']

container:
image: aztfmod/rover:1.4.6-2306.1405
image: aztfmod/rover:1.4.6-2307.0508
options: --user 0

steps:
Expand Down Expand Up @@ -198,7 +198,7 @@ jobs:
]

container:
image: aztfmod/rover:1.4.6-2306.1405
image: aztfmod/rover:1.4.6-2307.0508
options: --user 0

steps:
Expand Down Expand Up @@ -244,7 +244,7 @@ jobs:
random_length: ['5']

container:
image: aztfmod/rover:1.4.6-2306.1405
image: aztfmod/rover:1.4.6-2307.0508
options: --user 0

steps:
Expand Down Expand Up @@ -291,7 +291,7 @@ jobs:
for i in `az monitor log-profiles list -o tsv --query '[].name'`; do az monitor log-profiles delete --name $i; done
for i in `az ad group list --query "[?contains(displayName, '${{ github.run_id }}')].objectId" -o tsv`; do echo "purging Azure AD group: $i" && $(az ad group delete --verbose --group $i || true); done
for i in `az ad app list --query "[?contains(displayName, '${{ github.run_id }}')].appId" -o tsv`; do echo "purging Azure AD app: $i" && $(az ad app delete --verbose --id $i || true); done
for i in `az keyvault list-deleted --query "[?tags.environment=='${{ github.run_id }}'].name" -o tsv`; do az keyvault purge --name $i; done
for i in `az group list --query "[?tags.environment=='${{ github.run_id }}'].name" -o tsv`; do echo "purging resource group: $i" && $(az group delete -n $i -y --no-wait || true); done
for i in `az keyvault list-deleted --query "[?tags.caf_environment=='${{ github.run_id }}'].name" -o tsv`; do az keyvault purge --name $i; done
for i in `az group list --query "[?tags.caf_environment=='${{ github.run_id }}'].name" -o tsv`; do echo "purging resource group: $i" && $(az group delete -n $i -y --no-wait || true); done
for i in `az role assignment list --query "[?contains(roleDefinitionName, '${{ github.run_id }}')].roleDefinitionName" -o tsv`; do echo "purging role assignment: $i" && $(az role assignment delete --role $i || true); done
for i in `az role definition list --query "[?contains(roleName, '${{ github.run_id }}')].roleName" -o tsv`; do echo "purging custom role definition: $i" && $(az role definition delete --name $i || true); done
for i in `az role definition list --query "[?contains(roleName, '${{ github.run_id }}')].roleName" -o tsv`; do echo "purging custom role definition: $i" && $(az role definition delete --name $i || true); done
10 changes: 5 additions & 5 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
# See http://pre-commit.com for more information
# See http://pre-commit.com/hooks.html for more hooks
repos:
- repo: git://github.com/antonbabenko/pre-commit-terraform
rev: v1.64.0
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.81.0
hooks:
- id: terraform_fmt
- id: terraform_docs
- id: terraform_tflint
# - id: terraform_tflint
# - id: terraform_validate
# - id: terraform_tfsec
- repo: git://github.com/pre-commit/pre-commit-hooks
rev: v4.1.0
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
hooks:
- id: check-merge-conflict
- id: trailing-whitespace
Expand Down
23 changes: 23 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,26 @@
## 5.7.2

### rover

min version: required_version = ">= 1.3.5"
https://hub.docker.com/repository/docker/aztfmod/rover/tags?page=1&ordering=last_updated&name=1.3.9
https://hub.docker.com/repository/docker/aztfmod/rover/tags?page=1&ordering=last_updated&name=1.4.

Rover has been upgraded to support new features like:

* Using MSAL library to connect to azurerm backend storage accounts (> 1.3.5)
* leverage precondition to evaluate additional check at plan time

### caf_launchpad

BREAKING CHANGES:

* replace in your tfvars the tags ***tfstate*** and ***environment*** by ***caf_tfstate*** and ***caf_environment***. You need to upgrade to the minimum rover version as stated in this upgrade note.

UPGRADE:

* use azuread_applications instead of azuread_apps to support the decoupling of apps and service principals. Refer to caf_launchpad/scenario/200/iam_azuread.tfvars for a complete example.

## v9.0.2009 (September 2020)

BREAKING CHANGES:
Expand Down
1 change: 1 addition & 0 deletions aztfmod
Submodule aztfmod added at fc45b0
2 changes: 1 addition & 1 deletion caf_launchpad/dynamic_secrets.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@

module "dynamic_keyvault_secrets" {
source = "aztfmod/caf/azurerm//modules/security/dynamic_keyvault_secrets"
version = "5.6.10"
version = "5.7.2"

for_each = try(var.dynamic_keyvault_secrets, {})

Expand Down
5 changes: 4 additions & 1 deletion caf_launchpad/landingzone.tf
Original file line number Diff line number Diff line change
@@ -1,13 +1,15 @@
module "launchpad" {
source = "aztfmod/caf/azurerm"
version = "5.6.10"
version = "5.7.2"
# source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git?ref=main"

providers = {
azurerm.vhub = azurerm.vhub
}

current_landingzone_key = var.landingzone.key
custom_role_definitions = var.custom_role_definitions
data_sources = var.data_sources
enable = var.enable
event_hub_namespaces = var.event_hub_namespaces
global_settings = local.global_settings
Expand All @@ -31,6 +33,7 @@ module "launchpad" {
azuread_api_permissions = var.azuread_api_permissions
azuread_applications = var.azuread_applications
azuread_apps = var.azuread_apps
azuread_conditional_access = var.azuread_conditional_access
azuread_credential_policies = var.azuread_credential_policies
azuread_groups = var.azuread_groups
azuread_groups_membership = var.azuread_groups_membership
Expand Down
File renamed without changes.
2 changes: 1 addition & 1 deletion caf_launchpad/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ locals {
"landingzone" = var.landingzone.key
}

tags = merge(local.global_settings.tags, local.landingzone_tag, { "environment" = local.global_settings.environment }, { "rover_version" = var.rover_version }, var.tags)
tags = merge(local.global_settings.tags, local.landingzone_tag, { "caf_environment" = local.global_settings.environment }, { "rover_version" = var.rover_version }, var.tags)

global_settings = {
default_region = var.default_region
Expand Down
65 changes: 35 additions & 30 deletions caf_launchpad/scenario/100/keyvaults.tfvars
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@

keyvaults = {
level0 = {
name = "level0"
resource_group_key = "level0"
sku_name = "standard"
soft_delete_enabled = true
name = "level0"
resource_group_key = "level0"
sku_name = "standard"
soft_delete_enabled = true
enable_rbac_authorization = false
tags = {
tfstate = "level0"
environment = "sandpit"
caf_tfstate = "level0"
caf_environment = "sandpit"
}

creation_policies = {
Expand All @@ -21,13 +22,14 @@ keyvaults = {
}

level1 = {
name = "level1"
resource_group_key = "level1"
sku_name = "standard"
soft_delete_enabled = true
name = "level1"
resource_group_key = "level1"
sku_name = "standard"
soft_delete_enabled = true
enable_rbac_authorization = false
tags = {
tfstate = "level1"
environment = "sandpit"
caf_tfstate = "level1"
caf_environment = "sandpit"
}

creation_policies = {
Expand All @@ -40,13 +42,14 @@ keyvaults = {
}

level2 = {
name = "level2"
resource_group_key = "level2"
sku_name = "standard"
soft_delete_enabled = true
name = "level2"
resource_group_key = "level2"
sku_name = "standard"
soft_delete_enabled = true
enable_rbac_authorization = false
tags = {
tfstate = "level2"
environment = "sandpit"
caf_tfstate = "level2"
caf_environment = "sandpit"
}

creation_policies = {
Expand All @@ -60,13 +63,14 @@ keyvaults = {
}

level3 = {
name = "level3"
resource_group_key = "level3"
sku_name = "standard"
soft_delete_enabled = true
name = "level3"
resource_group_key = "level3"
sku_name = "standard"
soft_delete_enabled = true
enable_rbac_authorization = false
tags = {
tfstate = "level3"
environment = "sandpit"
caf_tfstate = "level3"
caf_environment = "sandpit"
}

creation_policies = {
Expand All @@ -79,13 +83,14 @@ keyvaults = {
}

level4 = {
name = "level4"
resource_group_key = "level4"
sku_name = "standard"
soft_delete_enabled = true
name = "level4"
resource_group_key = "level4"
sku_name = "standard"
soft_delete_enabled = true
enable_rbac_authorization = false
tags = {
tfstate = "level4"
environment = "sandpit"
caf_tfstate = "level4"
caf_environment = "sandpit"
}

creation_policies = {
Expand Down
30 changes: 15 additions & 15 deletions caf_launchpad/scenario/100/storage_accounts.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ storage_accounts = {
tags = {
## Those tags must never be changed after being set as they are used by the rover to locate the launchpad and the tfstates.
# Only adjust the environment value at creation time
tfstate = "level0"
environment = "sandpit"
launchpad = "launchpad"
caf_tfstate = "level0"
caf_environment = "sandpit"
launchpad = "launchpad"
##
}
blob_properties = {
Expand All @@ -35,9 +35,9 @@ storage_accounts = {
account_replication_type = "RAGRS"
tags = {
# Those tags must never be changed while set as they are used by the rover to locate the launchpad and the tfstates.
tfstate = "level1"
environment = "sandpit"
launchpad = "launchpad"
caf_tfstate = "level1"
caf_environment = "sandpit"
launchpad = "launchpad"
}
blob_properties = {
versioning_enabled = true
Expand All @@ -59,9 +59,9 @@ storage_accounts = {
account_replication_type = "RAGRS"
tags = {
# Those tags must never be changed while set as they are used by the rover to locate the launchpad and the tfstates.
tfstate = "level2"
environment = "sandpit"
launchpad = "launchpad"
caf_tfstate = "level2"
caf_environment = "sandpit"
launchpad = "launchpad"
}
blob_properties = {
versioning_enabled = true
Expand All @@ -83,9 +83,9 @@ storage_accounts = {
account_replication_type = "RAGRS"
tags = {
# Those tags must never be changed while set as they are used by the rover to locate the launchpad and the tfstates.
tfstate = "level3"
environment = "sandpit"
launchpad = "launchpad"
caf_tfstate = "level3"
caf_environment = "sandpit"
launchpad = "launchpad"
}
blob_properties = {
versioning_enabled = true
Expand All @@ -107,9 +107,9 @@ storage_accounts = {
account_replication_type = "RAGRS"
tags = {
# Those tags must never be changed while set as they are used by the rover to locate the launchpad and the tfstates.
tfstate = "level4"
environment = "sandpit"
launchpad = "launchpad"
caf_tfstate = "level4"
caf_environment = "sandpit"
launchpad = "launchpad"
}
blob_properties = {
versioning_enabled = true
Expand Down
Loading

0 comments on commit 6c21e39

Please sign in to comment.