From 248270197a4319d5bb34ca7c9ec4a04ddd6a770e Mon Sep 17 00:00:00 2001 From: lolorol Date: Wed, 21 Apr 2021 01:41:21 +0000 Subject: [PATCH 1/7] Update kustomization to 0.5.0 --- caf_solution/add-ons/aad-pod-identity/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/caf_solution/add-ons/aad-pod-identity/main.tf b/caf_solution/add-ons/aad-pod-identity/main.tf index b7012417d..71118c6e6 100644 --- a/caf_solution/add-ons/aad-pod-identity/main.tf +++ b/caf_solution/add-ons/aad-pod-identity/main.tf @@ -10,7 +10,7 @@ terraform { } kustomization = { source = "kbst/kustomization" - version = "~> 0.4.0" + version = "~> 0.5.0" } } required_version = ">= 0.13" From 6a834089b1a9522838d280688cc4f2fdb1d4bcb5 Mon Sep 17 00:00:00 2001 From: lolorol Date: Wed, 21 Apr 2021 01:45:48 +0000 Subject: [PATCH 2/7] Fix regression in kustomization provider --- caf_solution/add-ons/aad-pod-identity/providers.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/caf_solution/add-ons/aad-pod-identity/providers.tf b/caf_solution/add-ons/aad-pod-identity/providers.tf index bc0831228..06e22a736 100644 --- a/caf_solution/add-ons/aad-pod-identity/providers.tf +++ b/caf_solution/add-ons/aad-pod-identity/providers.tf @@ -13,6 +13,10 @@ provider "kubernetes" { cluster_ca_certificate = local.k8sconfigs[var.aks_cluster_key].cluster_ca_certificate } +provider "kustomization" { + kubeconfig_raw = local.k8sconfigs[var.aks_cluster_key].kube_admin_config_raw +} + locals { k8sconfigs = { for key, value in var.aks_clusters : key => { From a08554bd65e621b6af145abc90946b35664883fc Mon Sep 17 00:00:00 2001 From: Papun Senapati Date: Mon, 26 Apr 2021 01:07:32 +0000 Subject: [PATCH 3/7] added lighthouse variables --- caf_solution/local.remote.tf | 3 +++ caf_solution/local.security.tf | 1 + caf_solution/variables.security.tf | 5 ++++- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/caf_solution/local.remote.tf b/caf_solution/local.remote.tf index b369b0f5d..d70665d69 100644 --- a/caf_solution/local.remote.tf +++ b/caf_solution/local.remote.tf @@ -123,6 +123,9 @@ locals { storage_accounts = { for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].storage_accounts, {})) } + subscriptions = { + for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].subscriptions, {})) + } synapse_workspaces = { for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].synapse_workspaces, {})) } diff --git a/caf_solution/local.security.tf b/caf_solution/local.security.tf index 3d5daf9e9..69f91cadc 100644 --- a/caf_solution/local.security.tf +++ b/caf_solution/local.security.tf @@ -8,6 +8,7 @@ locals { keyvault_certificate_requests = var.keyvault_certificate_requests keyvault_certificates = var.keyvault_certificates keyvault_keys = var.keyvault_keys + lighthouse_definitions = var.lighthouse_definitions } ) } diff --git a/caf_solution/variables.security.tf b/caf_solution/variables.security.tf index 5caae44dd..a2afd3fdb 100644 --- a/caf_solution/variables.security.tf +++ b/caf_solution/variables.security.tf @@ -13,7 +13,10 @@ variable "keyvault_certificates" { variable "keyvault_keys" { default = {} } +variable "lighthouse_definitions" { + default = {} +} ## Security variables variable "security" { default = {} -} \ No newline at end of file +} From 04ddf8b938290fbc5f14dd86743e94edfade892e Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 27 Apr 2021 10:32:51 +0000 Subject: [PATCH 4/7] Add variable azurerm_firewall_policies --- caf_solution/local.networking.tf | 1 + caf_solution/variables.networking.tf | 3 +++ 2 files changed, 4 insertions(+) diff --git a/caf_solution/local.networking.tf b/caf_solution/local.networking.tf index 299bc4b11..f0410f384 100644 --- a/caf_solution/local.networking.tf +++ b/caf_solution/local.networking.tf @@ -8,6 +8,7 @@ locals { azurerm_firewall_application_rule_collection_definition = var.azurerm_firewall_application_rule_collection_definition azurerm_firewall_nat_rule_collection_definition = var.azurerm_firewall_nat_rule_collection_definition azurerm_firewall_network_rule_collection_definition = var.azurerm_firewall_network_rule_collection_definition + azurerm_firewall_policies = var.azurerm_firewall_policies azurerm_firewalls = var.azurerm_firewalls azurerm_routes = var.azurerm_routes ddos_services = var.ddos_services diff --git a/caf_solution/variables.networking.tf b/caf_solution/variables.networking.tf index a0519ce4a..4ff270324 100644 --- a/caf_solution/variables.networking.tf +++ b/caf_solution/variables.networking.tf @@ -20,6 +20,9 @@ variable "azurerm_firewall_nat_rule_collection_definition" { variable "azurerm_firewall_network_rule_collection_definition" { default = {} } +variable "azurerm_firewall_policies" { + default = {} +} variable "azurerm_routes" { default = {} } From bb667807628cf673b12b2b675324b172371d6d30 Mon Sep 17 00:00:00 2001 From: Abdullah Khairi Date: Tue, 27 Apr 2021 18:47:23 +0800 Subject: [PATCH 5/7] add waf policy --- caf_solution/add-ons/databricks/variables.tf | 3 +++ caf_solution/local.networking.tf | 1 + caf_solution/local.remote.tf | 3 +++ caf_solution/variables.networking.tf | 3 +++ 4 files changed, 10 insertions(+) diff --git a/caf_solution/add-ons/databricks/variables.tf b/caf_solution/add-ons/databricks/variables.tf index 6c3a9e993..54aa3cfd8 100644 --- a/caf_solution/add-ons/databricks/variables.tf +++ b/caf_solution/add-ons/databricks/variables.tf @@ -137,6 +137,9 @@ variable "application_gateways" { variable "application_gateway_applications" { default = {} } +variable "application_gateway_waf_policies" { + default = {} +} variable "dynamic_keyvault_secrets" { default = {} } diff --git a/caf_solution/local.networking.tf b/caf_solution/local.networking.tf index 299bc4b11..a7aaa7cb5 100644 --- a/caf_solution/local.networking.tf +++ b/caf_solution/local.networking.tf @@ -3,6 +3,7 @@ locals { var.networking, { application_gateway_applications = var.application_gateway_applications + application_gateway_waf_policies = var.application_gateway_waf_policies application_gateways = var.application_gateways application_security_groups = var.application_security_groups azurerm_firewall_application_rule_collection_definition = var.azurerm_firewall_application_rule_collection_definition diff --git a/caf_solution/local.remote.tf b/caf_solution/local.remote.tf index b369b0f5d..9c7855a27 100644 --- a/caf_solution/local.remote.tf +++ b/caf_solution/local.remote.tf @@ -21,6 +21,9 @@ locals { application_gateway_applications = { for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].application_gateway_applications, {})) } + application_gateway_waf_policies = { + for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].application_gateway_waf_policies, {})) + } application_gateways = { for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].application_gateways, {})) } diff --git a/caf_solution/variables.networking.tf b/caf_solution/variables.networking.tf index a0519ce4a..1d1d974ea 100644 --- a/caf_solution/variables.networking.tf +++ b/caf_solution/variables.networking.tf @@ -5,6 +5,9 @@ variable "application_gateways" { variable "application_gateway_applications" { default = {} } +variable "application_gateway_waf_policies" { + default = {} +} variable "application_security_groups" { default = {} } From 847fefe5b12d089f2705752d4e1db9d92c81944a Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Wed, 28 Apr 2021 01:21:43 +0000 Subject: [PATCH 6/7] Lowercasing AAD roles names after AAD update --- caf_launchpad/scenario/200/iam_azuread.tfvars | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/caf_launchpad/scenario/200/iam_azuread.tfvars b/caf_launchpad/scenario/200/iam_azuread.tfvars index 9c7bedc6a..f043e1d4e 100644 --- a/caf_launchpad/scenario/200/iam_azuread.tfvars +++ b/caf_launchpad/scenario/200/iam_azuread.tfvars @@ -146,38 +146,38 @@ azuread_roles = { azuread_apps = { caf_launchpad_level0 = { roles = [ - "Application Administrator", - "Application Developer", - "User Administrator" + "Application administrator", + "Application developer", + "User administrator" ] } } managed_identities = { level0 = { roles = [ - "Directory Readers", - "Application Developer", - "User Administrator" + "Directory readers", + "Application developer", + "User administrator" ] } level1 = { roles = [ - "Directory Readers" + "Directory readers" ] } level2 = { roles = [ - "Directory Readers" + "Directory readers" ] } level3 = { roles = [ - "Directory Readers" + "Directory readers" ] } level4 = { roles = [ - "Directory Readers" + "Directory readers" ] } } From 3ef1c3c891d4da6efcc0031ecaeee922007f4768 Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Wed, 28 Apr 2021 05:30:40 +0000 Subject: [PATCH 7/7] Revert "Lowercasing AAD roles names after AAD update" This reverts commit 847fefe5b12d089f2705752d4e1db9d92c81944a. --- caf_launchpad/scenario/200/iam_azuread.tfvars | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/caf_launchpad/scenario/200/iam_azuread.tfvars b/caf_launchpad/scenario/200/iam_azuread.tfvars index f043e1d4e..9c7bedc6a 100644 --- a/caf_launchpad/scenario/200/iam_azuread.tfvars +++ b/caf_launchpad/scenario/200/iam_azuread.tfvars @@ -146,38 +146,38 @@ azuread_roles = { azuread_apps = { caf_launchpad_level0 = { roles = [ - "Application administrator", - "Application developer", - "User administrator" + "Application Administrator", + "Application Developer", + "User Administrator" ] } } managed_identities = { level0 = { roles = [ - "Directory readers", - "Application developer", - "User administrator" + "Directory Readers", + "Application Developer", + "User Administrator" ] } level1 = { roles = [ - "Directory readers" + "Directory Readers" ] } level2 = { roles = [ - "Directory readers" + "Directory Readers" ] } level3 = { roles = [ - "Directory readers" + "Directory Readers" ] } level4 = { roles = [ - "Directory readers" + "Directory Readers" ] } }