Merge pull request #334 from Azure/aci_network

March 2022

.devcontainer/docker-compose.yml

@@ -6,7 +6,7 @@
   version: '3.7'
   services:
     rover:
-      image: aztfmod/rover:1.1.3-2201.2106
+      image: aztfmod/rover:1.1.6-2202.2503
       user: vscode
 
       labels:

.github/workflows/landingzones-tf100.yml

@@ -39,7 +39,7 @@ jobs:
           random_length: ['5']
 
     container:
-      image: aztfmod/rover:1.1.3-2201.2106
+      image: aztfmod/rover:1.1.6-2202.2503
       options: --user 0
 
     steps:
@@ -92,7 +92,7 @@ jobs:
           ]
 
     container:
-      image: aztfmod/rover:1.1.3-2201.2106
+      image: aztfmod/rover:1.1.6-2202.2503
       options: --user 0
 
     steps:
@@ -135,7 +135,7 @@ jobs:
           random_length: ['5']
 
     container:
-      image: aztfmod/rover:1.1.3-2201.2106
+      image: aztfmod/rover:1.1.6-2202.2503
       options: --user 0
 
     steps:
@@ -186,7 +186,7 @@ jobs:
           ]
 
     container:
-      image: aztfmod/rover:1.1.3-2201.2106
+      image: aztfmod/rover:1.1.6-2202.2503
       options: --user 0
 
     steps:
@@ -228,7 +228,7 @@ jobs:
         random_length: ['5']
 
     container:
-      image: aztfmod/rover:1.1.3-2201.2106
+      image: aztfmod/rover:1.1.6-2202.2503
       options: --user 0
 
     steps:

.github/workflows/landingzones-tf15.yml

@@ -33,7 +33,7 @@ jobs:
           random_length: ['5']
 
     container:
-      image: aztfmod/rover:0.15.5-2201.2106
+      image: aztfmod/rover:0.15.5-2202.2503
       options: --user 0
 
     steps:
@@ -86,7 +86,7 @@ jobs:
           ]
 
     container:
-      image: aztfmod/rover:0.15.5-2201.2106
+      image: aztfmod/rover:0.15.5-2202.2503
       options: --user 0
 
     steps:
@@ -129,7 +129,7 @@ jobs:
           random_length: ['5']
 
     container:
-      image: aztfmod/rover:0.15.5-2201.2106
+      image: aztfmod/rover:0.15.5-2202.2503
       options: --user 0
 
     steps:
@@ -180,7 +180,7 @@ jobs:
           ]
 
     container:
-      image: aztfmod/rover:0.15.5-2201.2106
+      image: aztfmod/rover:0.15.5-2202.2503
       options: --user 0
 
     steps:
@@ -222,7 +222,7 @@ jobs:
         random_length: ['5']
 
     container:
-      image: aztfmod/rover:0.15.5-2201.2106
+      image: aztfmod/rover:0.15.5-2202.2503
       options: --user 0
 
     steps:

.pre-commit-config.yaml

@@ -2,7 +2,7 @@
 # See http://pre-commit.com/hooks.html for more hooks
 repos:
   - repo: git://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.62.3
+    rev: v1.64.0
     hooks:
     - id: terraform_fmt
     - id: terraform_docs
@@ -14,8 +14,13 @@ repos:
     hooks:
       - id: check-merge-conflict
       - id: trailing-whitespace
-    #  - id: check-yaml
+      # - id: check-yaml
+      - id: detect-private-key
       - id: check-added-large-files
+  # - repo: git://github.com/ansible-community/ansible-lint
+  #   rev: v5.3.2
+  #   hooks:
+  #     - id: ansible-lint
   # - repo: git://github.com/markdownlint/markdownlint
   #   rev: v0.9.0
   #   hooks:

README.md

@@ -6,46 +6,30 @@
 
 Microsoft [Cloud Adoption Framework for Azure](https://docs.microsoft.com/azure/cloud-adoption-framework/overview) provides you with guidance and best practices to adopt Azure.
 
-A landing zone is a segment of a cloud environment, that has been pre-provisioned through code, and is dedicated to the support of one or more workloads. Landing zones provide access to foundational tools and controls to establish a compliant place to innovate and build new workloads in the cloud, or to migrate existing workloads to the cloud. Landing zones use defined sets of cloud services and best practices to set you up for success.
+CAF Terraform landing zones team mission statement is to:
 
-We leverage Azure enterprise-scale landing zones and propose a Terraform-native structure, set of mechanisms and artifacts to get started to deploy workloads fast.
-
-You can review the different components parts of the Cloud Adoption Framework for Azure Terraform landing zones and look at the quick intro :vhs:  below:
-
-[![caf_elements](./_pictures/caf_elements.png)](https://www.youtube.com/watch?v=FlQ17u4NNts "CAF Introduction")
-
-## Goals
-
-Cloud Adoption Framework for Azure Terraform landing zones is an open-source project equipping the Site Reliability Engineers on Azure with:
-
-* Reusable community artifacts.
-* Standardize deployments using battlefield-proven components.
-* Accelerate the setup of complex environments on Azure.
+* Equip the Site Reliability Engineering teams for Terraform on Azure.
+* Democratize an IaC: Infrastructure-as-Configuration.
+* Commoditize state management and enterprise-wide composition.
+* Standardize deployments using Azure enterprise-scale landing zones.
 * Implement Azure enterprise-scale design and approach with native Terraform and DevOps.
 * Propose a prescriptive guidance on how to enable DevOps for infrastructure as code on Microsoft Azure.
-* Develop configuration-based "infrastructure-as-data" as a democratization of "infrastructure-as-code".
+* Foster a community of Azure *Terraformers* using a common set of practices and sharing best practices.
 
-## :rocket: Getting started
 
-When starting an enterprise deployment, we recommend you start creating a configuration repository where you craft the configuration files for your environments.
+You can review the different components parts of the Cloud Adoption Framework for Azure Terraform landing zones and look at the quick intro video below:
 
-The best way to start is to clone the [starter repository](https://github.com/Azure/caf-terraform-landingzones-starter) and getting started with the configuration files, you can find a quick [onboarding video here](https://www.youtube.com/watch?v=M5BXm30IpdY)
+[![caf_elements](./_pictures/caf_elements.png)](https://www.youtube.com/watch?v=FlQ17u4NNts "CAF Introduction")
 
-## :books: Documentation
 
-You can refer to our new integrated documentation: [GitHub Pages documentation](https://aztfmod.github.io/documentation)
+## :rocket: Getting started
 
-## Repositories
+When starting an enterprise deployment, we recommend you start creating a configuration repository where you craft the configuration files for your environments.
 
-In CAF Terraform landing zones, we use multiple projects in a modular way so you can leverage all of them or some of them depending on where you are in your DevOps and GitOps journey. The main repositories are listed below, feel free to evaluate, use them and contribute to them also!
+The best way to start is to clone the [platform starter repository](https://github.com/Azure/caf-terraform-landingzones-platform-starter) and getting started with the configuration files. 
 
-| Repo                                                                                              | Description                                                |
-|---------------------------------------------------------------------------------------------------|------------------------------------------------------------|
-| [starter kit](https://github.com/azure/caf-terraform-landingzones-starter)                        | landing zones configuration repository                     |
-| [caf-terraform-landingzones](https://github.com/azure/caf-terraform-landingzones) (You are here!) | landing zones repo with sample and core documentations     |
-| [rover](https://github.com/aztfmod/rover)                                                         | devops toolset for operating landing zones                 |
-| [azure_caf_provider](https://github.com/aztfmod/terraform-provider-azurecaf)                      | custom provider for naming conventions                     |
-| [module](https://github.com/aztfmod/terraform-azurerm-caf)                                        | CAF universal module available in the Terraform registry   |
+If you are reading this, you are probably interested also in reading the doc as below:
+:books: Read our [centralized documentation page](https://aka.ms/caf/terraform)
 
 ## Community
 

caf_launchpad/dynamic_secrets.tf

@@ -1,9 +1,9 @@
 
 module "dynamic_keyvault_secrets" {
   source  = "aztfmod/caf/azurerm//modules/security/dynamic_keyvault_secrets"
-  version = "5.5.1"
+  version = "5.5.4"
 
-  #source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git//modules/security/dynamic_keyvault_secrets?ref=master"
+  # source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git//modules/security/dynamic_keyvault_secrets?ref=patch.5.5.4"
 
   for_each = try(var.dynamic_keyvault_secrets, {})
 

caf_launchpad/landingzone.tf

@@ -1,9 +1,9 @@
 module "launchpad" {
   source  = "aztfmod/caf/azurerm"
-  version = "5.5.1"
+  version = "5.5.4"
 
-
-  # source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git?ref=master"
+  # during dev cycles for the module, you can pick dev branches from GitHub, or from a local fork
+  # source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git?ref=patch.5.5.4"
   # source = "../../aztfmod"
 
   providers = {
@@ -59,11 +59,12 @@ module "launchpad" {
   }
 
   networking = {
-    vnets                             = try(var.networking.vnets, var.vnets)
+    azurerm_routes                    = try(var.networking.azurerm_routes, var.azurerm_routes)
+    network_profiles                  = var.network_profiles
     network_security_group_definition = try(var.networking.network_security_group_definition, var.network_security_group_definition)
     public_ip_addresses               = try(var.networking.public_ip_addresses, var.public_ip_addresses)
-    azurerm_routes                    = try(var.networking.azurerm_routes, var.azurerm_routes)
     route_tables                      = try(var.networking.route_tables, var.route_tables)
+    vnets                             = try(var.networking.vnets, var.vnets)
   }
 
   security = {

caf_launchpad/variables.tf

@@ -239,4 +239,8 @@ variable "propagate_launchpad_identities" {
 
 variable "container_groups" {
   default = {}
+}
+
+variable "network_profiles" {
+  default = {}
 }

caf_solution/add-ons/caf_eslz/enterprise_scale.tf

@@ -2,17 +2,17 @@
 
 module "enterprise_scale" {
   source  = "Azure/caf-enterprise-scale/azurerm"
-  version = "1.1.1"
+  version = "1.1.3"
 
-  # source = "../../../../eslz"
+  # source = "/tf/caf/alz"
 
   providers = {
     azurerm              = azurerm
     azurerm.connectivity = azurerm
     azurerm.management   = azurerm
   }
 
-  root_parent_id   = data.azurerm_client_config.current.tenant_id
+  root_parent_id   = var.root_parent_id == null ? data.azurerm_client_config.current.tenant_id : var.root_parent_id
   default_location = local.global_settings.regions[local.global_settings.default_region]
 
   #path to the policies definition and assignment repo

caf_solution/add-ons/caf_eslz/variables.tf

@@ -85,6 +85,12 @@ variable "root_name" {
   }
 }
 
+variable "root_parent_id" {
+  type        = string
+  description = "If specified, will deploy the Enterprise scale bellow the root_parent_id."
+  default     = null
+}
+
 variable "deploy_core_landing_zones" {
   type        = bool
   description = "If set to true, will include the core Enterprise-scale Management Group hierarchy."
@@ -233,4 +239,4 @@ variable "reconcile_vending_subscriptions" {
   type        = bool
   default     = false
   description = "Will reconcile the subrisciptions created outside of enterprise scale to prevent them to be revoved by the execution of this module."
-}
+}

caf_solution/dynamic_secrets.tf

@@ -1,8 +1,8 @@
 module "dynamic_keyvault_secrets" {
   source  = "aztfmod/caf/azurerm//modules/security/dynamic_keyvault_secrets"
-  version = "5.5.1"
+  version = "5.5.4"
 
-  #source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git//modules/security/dynamic_keyvault_secrets?ref=master"
+  # source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git//modules/security/dynamic_keyvault_secrets?ref=patch.5.5.4"
 
   for_each = {
     for keyvault_key, secrets in try(var.dynamic_keyvault_secrets, {}) : keyvault_key => {

caf_solution/landingzone.tf

@@ -1,8 +1,9 @@
 module "solution" {
   source  = "aztfmod/caf/azurerm"
-  version = "5.5.1"
+  version = "5.5.4"
 
-  # source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git?ref=master"
+  # during dev cycles for the module, you can pick dev branches from GitHub, or from a local fork
+  # source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git?ref=patch.5.5.4"
   # source = "../../aztfmod"
 
   providers = {

caf_solution/local.database.tf

@@ -26,6 +26,7 @@ locals {
       mysql_databases                    = var.mysql_databases
       mysql_servers                      = var.mysql_servers
       postgresql_servers                 = var.postgresql_servers
+      postgresql_flexible_servers        = var.postgresql_flexible_servers
       synapse_workspaces                 = var.synapse_workspaces
     }
   )

caf_solution/local.networking.tf

@@ -2,9 +2,9 @@ locals {
   networking = merge(
     var.networking,
     {
-      application_gateway_platforms                           = var.application_gateway_platforms
-      application_gateway_applications_v1                     = var.application_gateway_applications_v1
       application_gateway_applications                        = var.application_gateway_applications
+      application_gateway_applications_v1                     = var.application_gateway_applications_v1
+      application_gateway_platforms                           = var.application_gateway_platforms
       application_gateway_waf_policies                        = var.application_gateway_waf_policies
       application_gateways                                    = var.application_gateways
       application_security_groups                             = var.application_security_groups
@@ -15,8 +15,8 @@ locals {
       azurerm_firewall_policy_rule_collection_groups          = var.azurerm_firewall_policy_rule_collection_groups
       azurerm_firewalls                                       = var.azurerm_firewalls
       azurerm_routes                                          = var.azurerm_routes
-      cdn_profiles                                            = var.cdn_profiles
       cdn_endpoints                                           = var.cdn_endpoints
+      cdn_profiles                                            = var.cdn_profiles
       ddos_services                                           = var.ddos_services
       dns_zone_records                                        = var.dns_zone_records
       dns_zones                                               = var.dns_zones
@@ -46,10 +46,11 @@ locals {
       virtual_hubs                                            = var.virtual_hubs
       virtual_network_gateway_connections                     = var.virtual_network_gateway_connections
       virtual_network_gateways                                = var.virtual_network_gateways
+      virtual_subnets                                         = var.virtual_subnets
       virtual_wans                                            = var.virtual_wans
       vnet_peerings                                           = var.vnet_peerings
       vnets                                                   = var.vnets
-      virtual_subnets                                         = var.virtual_subnets
+      vpn_gateway_connections                                 = var.vpn_gateway_connections
       vpn_sites                                               = var.vpn_sites
     }
   )

caf_solution/local.remote.tf

@@ -86,6 +86,9 @@ locals {
     dns_zones = {
       for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].dns_zones, {}))
     }
+    domain_name_registrations = {
+      for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].domain_name_registrations, {}))
+    }
     event_hub_namespaces = {
       for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].event_hub_namespaces, {}))
     }

caf_solution/variables.database.tf

@@ -71,6 +71,9 @@ variable "mysql_databases" {
 variable "mysql_servers" {
   default = {}
 }
+variable "postgresql_flexible_servers" {
+  default = {}
+}
 variable "postgresql_servers" {
   default = {}
 }