Merge pull request #164 from Azure/patch.5.3.1

Patch.5.3.1
Azure · Apr 21, 2021 · dd05ce0 · dd05ce0
2 parents d355282 + b467c67
commit dd05ce0
Show file tree

Hide file tree

Showing 22 changed files with 100 additions and 86 deletions.
diff --git a/caf_launchpad/dynamic_secrets.tf b/caf_launchpad/dynamic_secrets.tf
@@ -1,9 +1,9 @@
 
 module "dynamic_keyvault_secrets" {
   source  = "aztfmod/caf/azurerm//modules/security/dynamic_keyvault_secrets"
-  version = "~>5.3.0"
-  # source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git//modules/security/dynamic_keyvault_secrets?ref=master"
+  version = "~>5.3.2"
 
+  # source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git//modules/security/dynamic_keyvault_secrets?ref=master"
 
   for_each = try(var.dynamic_keyvault_secrets, {})
 

diff --git a/caf_launchpad/landingzone.tf b/caf_launchpad/landingzone.tf
@@ -1,6 +1,7 @@
 module "launchpad" {
   source  = "aztfmod/caf/azurerm"
-  version = "~>5.3.0"
+  version = "~>5.3.2"
+
   # source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git?ref=master"
 
 

diff --git a/caf_launchpad/main.tf b/caf_launchpad/main.tf
@@ -64,10 +64,10 @@ locals {
   }
 
   tfstates = tomap(
-      {
-        (var.landingzone.key) = local.backend[var.landingzone.backend_type]
-      }
-    )
+    {
+      (var.landingzone.key) = local.backend[var.landingzone.backend_type]
+    }
+  )
 
   backend = {
     azurerm = {

diff --git a/caf_solution/add-ons/aad-pod-identity/providers.tf b/caf_solution/add-ons/aad-pod-identity/providers.tf
@@ -13,20 +13,24 @@ provider "kubernetes" {
   cluster_ca_certificate = local.k8sconfigs[var.aks_cluster_key].cluster_ca_certificate
 }
 
-provider "kustomization" {
-  kubeconfig_raw = local.k8sconfigs[var.aks_cluster_key].kube_admin_config_raw
-}
-
 locals {
   k8sconfigs = {
     for key, value in var.aks_clusters : key => {
-      kube_admin_config_raw  = local.remote.aks_clusters[value.lz_key][value.key].kube_admin_config_raw
-      host                   = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? local.remote.aks_clusters[value.lz_key][value.key].kube_admin_config.0.host : local.remote.aks_clusters[value.lz_key][value.key].kube_config.0.host
-      username               = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? local.remote.aks_clusters[value.lz_key][value.key].kube_admin_config.0.username : local.remote.aks_clusters[value.lz_key][value.key].kube_config.0.username
-      password               = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? local.remote.aks_clusters[value.lz_key][value.key].kube_admin_config.0.password : local.remote.aks_clusters[value.lz_key][value.key].kube_config.0.password
-      client_certificate     = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? base64decode(local.remote.aks_clusters[value.lz_key][value.key].kube_admin_config.0.client_certificate) : base64decode(local.remote.aks_clusters[value.lz_key][value.key].kube_config.0.client_certificate)
-      client_key             = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? base64decode(local.remote.aks_clusters[value.lz_key][value.key].kube_admin_config.0.client_key) : base64decode(local.remote.aks_clusters[value.lz_key][value.key].kube_config.0.client_key)
-      cluster_ca_certificate = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? base64decode(local.remote.aks_clusters[value.lz_key][value.key].kube_admin_config.0.cluster_ca_certificate) : base64decode(local.remote.aks_clusters[value.lz_key][value.key].kube_config.0.cluster_ca_certificate)
+      kube_admin_config_raw  = data.azurerm_kubernetes_cluster.kubeconfig[key].kube_admin_config_raw
+      host                   = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? data.azurerm_kubernetes_cluster.kubeconfig[key].kube_admin_config.0.host : data.azurerm_kubernetes_cluster.kubeconfig[key].kube_config.0.host
+      username               = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? data.azurerm_kubernetes_cluster.kubeconfig[key].kube_admin_config.0.username : data.azurerm_kubernetes_cluster.kubeconfig[key].kube_config.0.username
+      password               = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? data.azurerm_kubernetes_cluster.kubeconfig[key].kube_admin_config.0.password : data.azurerm_kubernetes_cluster.kubeconfig[key].kube_config.0.password
+      client_certificate     = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? base64decode(data.azurerm_kubernetes_cluster.kubeconfig[key].kube_admin_config.0.client_certificate) : base64decode(data.azurerm_kubernetes_cluster.kubeconfig[key].kube_config.0.client_certificate)
+      client_key             = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? base64decode(data.azurerm_kubernetes_cluster.kubeconfig[key].kube_admin_config.0.client_key) : base64decode(data.azurerm_kubernetes_cluster.kubeconfig[key].kube_config.0.client_key)
+      cluster_ca_certificate = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? base64decode(data.azurerm_kubernetes_cluster.kubeconfig[key].kube_admin_config.0.cluster_ca_certificate) : base64decode(data.azurerm_kubernetes_cluster.kubeconfig[key].kube_config.0.cluster_ca_certificate)
     }
   }
+}
+
+# Get kubeconfig from AKS clusters
+data "azurerm_kubernetes_cluster" "kubeconfig" {
+  for_each = var.aks_clusters
+
+  name                = local.remote.aks_clusters[each.value.lz_key][each.value.key].cluster_name
+  resource_group_name = local.remote.aks_clusters[each.value.lz_key][each.value.key].resource_group_name
 }
diff --git a/caf_solution/add-ons/aks-secure-baseline/main.tf b/caf_solution/add-ons/aks-secure-baseline/main.tf
@@ -10,7 +10,7 @@ terraform {
     }
     kustomization = {
       source  = "kbst/kustomization"
-      version = ">= 0.4.0"
+      version = ">= 0.5.0"
     }
   }
   required_version = ">= 0.13"

diff --git a/caf_solution/add-ons/aks-secure-baseline/providers.tf b/caf_solution/add-ons/aks-secure-baseline/providers.tf
@@ -20,13 +20,21 @@ provider "kustomization" {
 locals {
   k8sconfigs = {
     for key, value in var.aks_clusters : key => {
-      kube_admin_config_raw  = local.remote.aks_clusters[value.lz_key][value.key].kube_admin_config_raw
-      host                   = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? local.remote.aks_clusters[value.lz_key][value.key].kube_admin_config.0.host : local.remote.aks_clusters[value.lz_key][value.key].kube_config.0.host
-      username               = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? local.remote.aks_clusters[value.lz_key][value.key].kube_admin_config.0.username : local.remote.aks_clusters[value.lz_key][value.key].kube_config.0.username
-      password               = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? local.remote.aks_clusters[value.lz_key][value.key].kube_admin_config.0.password : local.remote.aks_clusters[value.lz_key][value.key].kube_config.0.password
-      client_certificate     = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? base64decode(local.remote.aks_clusters[value.lz_key][value.key].kube_admin_config.0.client_certificate) : base64decode(local.remote.aks_clusters[value.lz_key][value.key].kube_config.0.client_certificate)
-      client_key             = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? base64decode(local.remote.aks_clusters[value.lz_key][value.key].kube_admin_config.0.client_key) : base64decode(local.remote.aks_clusters[value.lz_key][value.key].kube_config.0.client_key)
-      cluster_ca_certificate = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? base64decode(local.remote.aks_clusters[value.lz_key][value.key].kube_admin_config.0.cluster_ca_certificate) : base64decode(local.remote.aks_clusters[value.lz_key][value.key].kube_config.0.cluster_ca_certificate)
+      kube_admin_config_raw  = data.azurerm_kubernetes_cluster.kubeconfig[key].kube_admin_config_raw
+      host                   = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? data.azurerm_kubernetes_cluster.kubeconfig[key].kube_admin_config.0.host : data.azurerm_kubernetes_cluster.kubeconfig[key].kube_config.0.host
+      username               = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? data.azurerm_kubernetes_cluster.kubeconfig[key].kube_admin_config.0.username : data.azurerm_kubernetes_cluster.kubeconfig[key].kube_config.0.username
+      password               = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? data.azurerm_kubernetes_cluster.kubeconfig[key].kube_admin_config.0.password : data.azurerm_kubernetes_cluster.kubeconfig[key].kube_config.0.password
+      client_certificate     = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? base64decode(data.azurerm_kubernetes_cluster.kubeconfig[key].kube_admin_config.0.client_certificate) : base64decode(data.azurerm_kubernetes_cluster.kubeconfig[key].kube_config.0.client_certificate)
+      client_key             = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? base64decode(data.azurerm_kubernetes_cluster.kubeconfig[key].kube_admin_config.0.client_key) : base64decode(data.azurerm_kubernetes_cluster.kubeconfig[key].kube_config.0.client_key)
+      cluster_ca_certificate = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? base64decode(data.azurerm_kubernetes_cluster.kubeconfig[key].kube_admin_config.0.cluster_ca_certificate) : base64decode(data.azurerm_kubernetes_cluster.kubeconfig[key].kube_config.0.cluster_ca_certificate)
     }
   }
+}
+
+# Get kubeconfig from AKS clusters
+data "azurerm_kubernetes_cluster" "kubeconfig" {
+  for_each = var.aks_clusters
+
+  name                = local.remote.aks_clusters[each.value.lz_key][each.value.key].cluster_name
+  resource_group_name = local.remote.aks_clusters[each.value.lz_key][each.value.key].resource_group_name
 }
diff --git a/caf_solution/add-ons/azure_devops/locals.remote_tfstates.tf b/caf_solution/add-ons/azure_devops/locals.remote_tfstates.tf
@@ -37,10 +37,10 @@ locals {
   diagnostics     = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.objects[var.landingzone.global_settings_key].diagnostics
 
   combined = {
-    aad_apps           = merge(local.remote.aad_apps, tomap({(var.landingzone.key) = module.caf.aad_apps}))
-    azuread_groups     = merge(local.remote.azuread_groups, tomap({(var.landingzone.key) = module.caf.azuread_groups}))
-    keyvaults          = merge(local.remote.keyvaults, tomap({(var.landingzone.key) = module.caf.keyvaults}))
-    managed_identities = merge(local.remote.managed_identities, tomap({(var.landingzone.key) = module.caf.managed_identities}))
+    aad_apps           = merge(local.remote.aad_apps, tomap({ (var.landingzone.key) = module.caf.aad_apps }))
+    azuread_groups     = merge(local.remote.azuread_groups, tomap({ (var.landingzone.key) = module.caf.azuread_groups }))
+    keyvaults          = merge(local.remote.keyvaults, tomap({ (var.landingzone.key) = module.caf.keyvaults }))
+    managed_identities = merge(local.remote.managed_identities, tomap({ (var.landingzone.key) = module.caf.managed_identities }))
   }
 
   remote = {

diff --git a/caf_solution/add-ons/azure_devops/main.tf b/caf_solution/add-ons/azure_devops/main.tf
@@ -1,9 +1,5 @@
 terraform {
   required_providers {
-    azurerm = {
-      source  = "hashicorp/azurerm"
-      version = "~> 2.55.0"
-    }
     azuread = {
       source  = "hashicorp/azuread"
       version = "~> 1.4.0"
@@ -53,14 +49,14 @@ locals {
   tfstates = merge(
     tomap(
       {
-        (var.landingzone.key) =local.backend[var.landingzone.backend_type]
+        (var.landingzone.key) = local.backend[var.landingzone.backend_type]
       }
     )
     ,
     data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.tfstates
   )
 
-  
+
   backend = {
     azurerm = {
       storage_account_name = var.tfstate_storage_account_name

diff --git a/caf_solution/add-ons/azure_devops/output.tf b/caf_solution/add-ons/azure_devops/output.tf
@@ -1,6 +1,6 @@
 output "keyvaults" {
   value = tomap(
-    {    
+    {
       (var.landingzone.key) = module.caf.keyvaults
     }
   )

diff --git a/caf_solution/add-ons/azure_devops_agent/dynamic_secrets.tf b/caf_solution/add-ons/azure_devops_agent/dynamic_secrets.tf
@@ -1,8 +1,8 @@
 
 module "dynamic_keyvault_secrets" {
-  # source  = "aztfmod/caf/azurerm//modules/security/dynamic_keyvault_secrets"
-  # version = "~>5.3.0"
-  source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git//modules/security/dynamic_keyvault_secrets?ref=master"
+  source  = "aztfmod/caf/azurerm//modules/security/dynamic_keyvault_secrets"
+  version = "~>5.3.0"
+  # source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git//modules/security/dynamic_keyvault_secrets?ref=master"
 
 
   for_each = try(var.dynamic_keyvault_secrets, {})

diff --git a/caf_solution/add-ons/azure_devops_agent/locals.current_tfstates.tf b/caf_solution/add-ons/azure_devops_agent/locals.current_tfstates.tf
@@ -37,10 +37,10 @@ locals {
   diagnostics     = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.objects[var.landingzone.global_settings_key].diagnostics
 
   combined = {
-    aad_apps           = merge(local.remote.aad_apps, tomap({(var.landingzone.key) = module.caf.aad_apps}))
-    azuread_groups     = merge(local.remote.azuread_groups, tomap({(var.landingzone.key) = module.caf.azuread_groups}))
-    keyvaults          = merge(local.remote.keyvaults, tomap({(var.landingzone.key) = module.caf.keyvaults}))
-    managed_identities = merge(local.remote.managed_identities, tomap({(var.landingzone.key) = module.caf.managed_identities}))
+    aad_apps           = merge(local.remote.aad_apps, tomap({ (var.landingzone.key) = module.caf.aad_apps }))
+    azuread_groups     = merge(local.remote.azuread_groups, tomap({ (var.landingzone.key) = module.caf.azuread_groups }))
+    keyvaults          = merge(local.remote.keyvaults, tomap({ (var.landingzone.key) = module.caf.keyvaults }))
+    managed_identities = merge(local.remote.managed_identities, tomap({ (var.landingzone.key) = module.caf.managed_identities }))
   }
 
   remote = {

diff --git a/caf_solution/add-ons/azure_devops_agent/main.tf b/caf_solution/add-ons/azure_devops_agent/main.tf
@@ -1,9 +1,5 @@
 terraform {
   required_providers {
-    azurerm = {
-      source  = "hashicorp/azurerm"
-      version = "~> 2.55"
-    }
     azuread = {
       source  = "hashicorp/azuread"
       version = "~> 1.4.0"
@@ -53,14 +49,14 @@ locals {
   tfstates = merge(
     tomap(
       {
-        (var.landingzone.key) =local.backend[var.landingzone.backend_type]
+        (var.landingzone.key) = local.backend[var.landingzone.backend_type]
       }
     )
     ,
     data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.tfstates
   )
 
-  
+
   backend = {
     azurerm = {
       storage_account_name = var.tfstate_storage_account_name

diff --git a/caf_solution/add-ons/azure_devops_agent/solution.tf b/caf_solution/add-ons/azure_devops_agent/solution.tf
@@ -1,6 +1,6 @@
 module "caf" {
   source  = "aztfmod/caf/azurerm"
-  version = "~>5.1.0"
+  version = "~>5.3.0"
 
   current_landingzone_key     = var.landingzone.key
   tenant_id                   = var.tenant_id

diff --git a/caf_solution/add-ons/caf_eslz/custom_landing_zones.tf b/caf_solution/add-ons/caf_eslz/custom_landing_zones.tf
@@ -25,7 +25,7 @@ locals {
               [
                 data.azurerm_management_group.id[mg_id].subscription_ids
               ]
-            ), 
+            ),
             []
           ),
           flatten(

diff --git a/caf_solution/add-ons/databricks/main.tf b/caf_solution/add-ons/databricks/main.tf
@@ -44,20 +44,20 @@ locals {
     log_analytics            = data.terraform_remote_state.landingzone.outputs.diagnostics.log_analytics
   }
 
-  
+
 
   # Update the tfstates map
   tfstates = merge(
     tomap(
       {
-        (var.landingzone.key) =local.backend[var.landingzone.backend_type]
+        (var.landingzone.key) = local.backend[var.landingzone.backend_type]
       }
     )
     ,
     data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.tfstates
   )
 
-  
+
   backend = {
     azurerm = {
       storage_account_name = var.tfstate_storage_account_name

diff --git a/caf_solution/add-ons/helm-charts/providers.tf b/caf_solution/add-ons/helm-charts/providers.tf
@@ -27,13 +27,20 @@ provider "helm" {
 locals {
   k8sconfigs = {
     for key, value in var.aks_clusters : key => {
-      kube_admin_config_raw  = local.remote.aks_clusters[value.lz_key][value.key].kube_admin_config_raw
-      host                   = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? local.remote.aks_clusters[value.lz_key][value.key].kube_admin_config.0.host : local.remote.aks_clusters[value.lz_key][value.key].kube_config.0.host
-      username               = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? local.remote.aks_clusters[value.lz_key][value.key].kube_admin_config.0.username : local.remote.aks_clusters[value.lz_key][value.key].kube_config.0.username
-      password               = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? local.remote.aks_clusters[value.lz_key][value.key].kube_admin_config.0.password : local.remote.aks_clusters[value.lz_key][value.key].kube_config.0.password
-      client_certificate     = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? base64decode(local.remote.aks_clusters[value.lz_key][value.key].kube_admin_config.0.client_certificate) : base64decode(local.remote.aks_clusters[value.lz_key][value.key].kube_config.0.client_certificate)
-      client_key             = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? base64decode(local.remote.aks_clusters[value.lz_key][value.key].kube_admin_config.0.client_key) : base64decode(local.remote.aks_clusters[value.lz_key][value.key].kube_config.0.client_key)
-      cluster_ca_certificate = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? base64decode(local.remote.aks_clusters[value.lz_key][value.key].kube_admin_config.0.cluster_ca_certificate) : base64decode(local.remote.aks_clusters[value.lz_key][value.key].kube_config.0.cluster_ca_certificate)
+      host                   = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? data.azurerm_kubernetes_cluster.kubeconfig[key].kube_admin_config.0.host : data.azurerm_kubernetes_cluster.kubeconfig[key].kube_config.0.host
+      username               = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? data.azurerm_kubernetes_cluster.kubeconfig[key].kube_admin_config.0.username : data.azurerm_kubernetes_cluster.kubeconfig[key].kube_config.0.username
+      password               = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? data.azurerm_kubernetes_cluster.kubeconfig[key].kube_admin_config.0.password : data.azurerm_kubernetes_cluster.kubeconfig[key].kube_config.0.password
+      client_certificate     = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? base64decode(data.azurerm_kubernetes_cluster.kubeconfig[key].kube_admin_config.0.client_certificate) : base64decode(data.azurerm_kubernetes_cluster.kubeconfig[key].kube_config.0.client_certificate)
+      client_key             = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? base64decode(data.azurerm_kubernetes_cluster.kubeconfig[key].kube_admin_config.0.client_key) : base64decode(data.azurerm_kubernetes_cluster.kubeconfig[key].kube_config.0.client_key)
+      cluster_ca_certificate = local.remote.aks_clusters[value.lz_key][value.key].enable_rbac ? base64decode(data.azurerm_kubernetes_cluster.kubeconfig[key].kube_admin_config.0.cluster_ca_certificate) : base64decode(data.azurerm_kubernetes_cluster.kubeconfig[key].kube_config.0.cluster_ca_certificate)
     }
   }
+}
+
+# Get kubeconfig from AKS clusters
+data "azurerm_kubernetes_cluster" "kubeconfig" {
+  for_each = var.aks_clusters
+
+  name                = local.remote.aks_clusters[each.value.lz_key][each.value.key].cluster_name
+  resource_group_name = local.remote.aks_clusters[each.value.lz_key][each.value.key].resource_group_name
 }
diff --git a/caf_solution/add-ons/terraform_cloud/main.tf b/caf_solution/add-ons/terraform_cloud/main.tf
@@ -44,14 +44,14 @@ locals {
   tfstates = merge(
     tomap(
       {
-        (var.landingzone.key) =local.backend["tfc"]
+        (var.landingzone.key) = local.backend["tfc"]
       }
     )
     ,
     data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.tfstates
   )
 
-  
+
   backend = {
     tfc = {
       level           = var.landingzone.level,

diff --git a/caf_solution/dynamic_secrets.tf b/caf_solution/dynamic_secrets.tf
@@ -1,6 +1,7 @@
 module "dynamic_keyvault_secrets" {
   source  = "aztfmod/caf/azurerm//modules/security/dynamic_keyvault_secrets"
-  version = "~>5.3.0"
+  version = "~>5.3.2"
+
   # source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git//modules/security/dynamic_keyvault_secrets?ref=master"
 
   for_each = {

diff --git a/caf_solution/landingzone.tf b/caf_solution/landingzone.tf
@@ -1,7 +1,7 @@
 module "solution" {
   source  = "aztfmod/caf/azurerm"
-  version = "~>5.3.0"
-  
+  version = "~>5.3.2"
+
   # source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git?ref=master"
 
 
@@ -25,6 +25,7 @@ module "solution" {
   event_hubs                            = var.event_hubs
   global_settings                       = local.global_settings
   keyvault_access_policies              = var.keyvault_access_policies
+  keyvault_access_policies_azuread_apps = var.keyvault_access_policies_azuread_apps
   keyvault_certificate_issuers          = var.keyvault_certificate_issuers
   keyvaults                             = var.keyvaults
   log_analytics                         = var.log_analytics

diff --git a/caf_solution/main.tf b/caf_solution/main.tf
@@ -54,7 +54,7 @@ locals {
     data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.tfstates
   )
 
-  
+
   backend = {
     azurerm = {
       storage_account_name = var.tfstate_storage_account_name