Azure · arnaudlh · Jun 20, 2023 · Jun 15, 2023 · Jun 15, 2023
diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
@@ -6,7 +6,7 @@
   version: '3.7'
   services:
     rover:
-      image: aztfmod/rover:1.4.6-2305.1807
+      image: aztfmod/rover:1.4.6-2306.1405
       user: vscode
 
       labels:

diff --git a/.github/workflows/landingzones-tf100.yml b/.github/workflows/landingzones-tf100.yml
@@ -39,7 +39,7 @@ jobs:
           random_length: ['5']
 
     container:
-      image: aztfmod/rover:1.4.6-2305.1807
+      image: aztfmod/rover:1.4.6-2306.1405
       options: --user 0
 
     steps:
@@ -96,7 +96,7 @@ jobs:
           ]
 
     container:
-      image: aztfmod/rover:1.4.6-2305.1807
+      image: aztfmod/rover:1.4.6-2306.1405
       options: --user 0
 
     steps:
@@ -143,7 +143,7 @@ jobs:
           random_length: ['5']
 
     container:
-      image: aztfmod/rover:1.4.6-2305.1807
+      image: aztfmod/rover:1.4.6-2306.1405
       options: --user 0
 
     steps:
@@ -198,7 +198,7 @@ jobs:
           ]
 
     container:
-      image: aztfmod/rover:1.4.6-2305.1807
+      image: aztfmod/rover:1.4.6-2306.1405
       options: --user 0
 
     steps:
@@ -244,7 +244,7 @@ jobs:
         random_length: ['5']
 
     container:
-      image: aztfmod/rover:1.4.6-2305.1807
+      image: aztfmod/rover:1.4.6-2306.1405
       options: --user 0
 
     steps:

diff --git a/caf_launchpad/main.tf b/caf_launchpad/main.tf
@@ -23,7 +23,7 @@ terraform {
       version = "~> 1.2.0"
     }
   }
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.3.5"
 }
 
 

diff --git a/caf_solution/add-ons/aad-pod-identity/main.tf b/caf_solution/add-ons/aad-pod-identity/main.tf
@@ -13,5 +13,5 @@ terraform {
       version = "~> 0.5.0"
     }
   }
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.3.5"
 }
diff --git a/caf_solution/add-ons/aks-secure-baseline/main.tf b/caf_solution/add-ons/aks-secure-baseline/main.tf
@@ -13,5 +13,5 @@ terraform {
       version = ">= 0.5.0"
     }
   }
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.3.5"
 }
diff --git a/caf_solution/add-ons/aks_applications/main.tf b/caf_solution/add-ons/aks_applications/main.tf
@@ -17,5 +17,5 @@ terraform {
       version = "~> 0.5.0"
     }
   }
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.3.5"
 }
diff --git a/caf_solution/add-ons/aks_applications_v2/cluster_role/cluster_role.tf b/caf_solution/add-ons/aks_applications_v2/cluster_role/cluster_role.tf
@@ -13,17 +13,17 @@ resource "kubernetes_cluster_role_v1" "cluster_role" {
   metadata {
     annotations = try(var.settings.annotations, null)
     labels      = try(var.settings.labels, null)
-    name = azurecaf_name.cluster_role.result
+    name        = azurecaf_name.cluster_role.result
   }
   dynamic "rule" {
     for_each = try(var.settings.rule, {})
-      content {
-        api_groups = try(rule.value.api_groups, null)
-        non_resource_urls = try(rule.value.non_resource_urls, null)
-        resource_names = try(rule.value.resource_names, null)
-        resources = try(rule.value.resources, null)
-        verbs = try(rule.value.verbs, null)
-      }
+    content {
+      api_groups        = try(rule.value.api_groups, null)
+      non_resource_urls = try(rule.value.non_resource_urls, null)
+      resource_names    = try(rule.value.resource_names, null)
+      resources         = try(rule.value.resources, null)
+      verbs             = try(rule.value.verbs, null)
+    }
   }
 
   dynamic "aggregation_rule" {
@@ -33,7 +33,7 @@ resource "kubernetes_cluster_role_v1" "cluster_role" {
         dynamic "match_expressions" {
           for_each = try(aggregation_rule.value.match_expressions, {})
           content {
-            key = try(match_expressions.value.key, null)
+            key      = try(match_expressions.value.key, null)
             operator = try(match_expressions.value.operator, null)
             values   = try(match_expressions.value.values, [])
           }

diff --git a/caf_solution/add-ons/aks_applications_v2/cluster_role_binding/cluster_role_binding.tf b/caf_solution/add-ons/aks_applications_v2/cluster_role_binding/cluster_role_binding.tf
@@ -1,5 +1,5 @@
 resource "azurecaf_name" "cluster_role_binding" {
-  name = var.settings.name
+  name          = var.settings.name
   resource_type = "azurerm_role_assignment"
   prefixes      = var.global_settings.prefixes
   random_length = var.global_settings.random_length
@@ -12,19 +12,19 @@ resource "kubernetes_cluster_role_binding_v1" "cluster_role_binding" {
   metadata {
     annotations = try(var.settings.annotations, null)
     labels      = try(var.settings.labels, null)
-    name = azurecaf_name.cluster_role_binding.result
+    name        = azurecaf_name.cluster_role_binding.result
   }
   role_ref {
-    name = try(var.cluster_role[var.settings.role_key].name, var.settings.role_name)
-    kind = "ClusterRole"
+    name      = try(var.cluster_role[var.settings.role_key].name, var.settings.role_name)
+    kind      = "ClusterRole"
     api_group = "rbac.authorization.k8s.io"
   }
   dynamic "subject" {
     for_each = try(var.settings.subjects, {})
     content {
-        name = coalesce(try(subject.value.name, null), try(var.managed_identities[subject.value.lz_key][subject.value.object_key].rbac_id, null), try(var.azuread_service_principals[subject.value.lz_key][subject.value.object_key].rbac_id, null), try(var.azuread_groups[subject.value.lz_key][subject.value.object_key].rbac_id, null))
-        kind = can(subject.value.kind) ?  subject.value.kind : can(try(var.managed_identities[subject.value.lz_key][subject.value.object_key].rbac_id, null)) ? "User" : can(try(var.azuread_service_principals[subject.value.lz_key][subject.value.object_key].rbac_id, null)) ? "User" : can(try(var.azuread_groups[subject.value.lz_key][subject.value.object_key].rbac_id, null)) ? "Group" : null
-        api_group = "rbac.authorization.k8s.io"
+      name      = coalesce(try(subject.value.name, null), try(var.managed_identities[subject.value.lz_key][subject.value.object_key].rbac_id, null), try(var.azuread_service_principals[subject.value.lz_key][subject.value.object_key].rbac_id, null), try(var.azuread_groups[subject.value.lz_key][subject.value.object_key].rbac_id, null))
+      kind      = can(subject.value.kind) ? subject.value.kind : can(try(var.managed_identities[subject.value.lz_key][subject.value.object_key].rbac_id, null)) ? "User" : can(try(var.azuread_service_principals[subject.value.lz_key][subject.value.object_key].rbac_id, null)) ? "User" : can(try(var.azuread_groups[subject.value.lz_key][subject.value.object_key].rbac_id, null)) ? "Group" : null
+      api_group = "rbac.authorization.k8s.io"
     }
   }
 }
diff --git a/caf_solution/add-ons/aks_applications_v2/examples/configuration.tfvars b/caf_solution/add-ons/aks_applications_v2/examples/configuration.tfvars
@@ -21,7 +21,7 @@ namespaces = {
 kv_csi_driver = {
   workload_kv_reader = {
     aks_clusters = {
-      lz_key = "aks" 
+      lz_key = "aks"
       key    = "aks_cluster1"
     }
     keyvault = {
@@ -74,10 +74,10 @@ role_binding = {
     namespace_key = "default"
     role_name     = "admin"
     subjects = {
-			demouser = {
-				# user object id
-				name = "e74a2ee6-433c-46b3-b10f-9abac25b1ba8"
-			}
+      demouser = {
+        # user object id
+        name = "e74a2ee6-433c-46b3-b10f-9abac25b1ba8"
+      }
     }
   }
 }
diff --git a/caf_solution/add-ons/aks_applications_v2/main.tf b/caf_solution/add-ons/aks_applications_v2/main.tf
@@ -17,7 +17,7 @@ terraform {
       version = "~> 1.2.24"
     }
   }
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.3.5"
 }
 
 data "azurerm_client_config" "current" {}
diff --git a/caf_solution/add-ons/aks_applications_v2/role/role.tf b/caf_solution/add-ons/aks_applications_v2/role/role.tf
@@ -12,15 +12,15 @@ resource "kubernetes_role_v1" "role" {
   metadata {
     annotations = try(var.settings.annotations, null)
     labels      = try(var.settings.labels, null)
-    name = azurecaf_name.role.result
+    name        = azurecaf_name.role.result
   }
   dynamic "rule" {
     for_each = try(var.settings.rule, {})
-      content {
-        api_groups = try(rule.value.api_groups, null)
-        resource_names = try(rule.value.resource_names, null)
-        resources = try(rule.value.resources, null)
-        verbs = try(rule.value.verbs, null)
-      }
+    content {
+      api_groups     = try(rule.value.api_groups, null)
+      resource_names = try(rule.value.resource_names, null)
+      resources      = try(rule.value.resources, null)
+      verbs          = try(rule.value.verbs, null)
+    }
   }
 }
diff --git a/caf_solution/add-ons/aks_applications_v2/role_binding/role_binding.tf b/caf_solution/add-ons/aks_applications_v2/role_binding/role_binding.tf
@@ -12,20 +12,20 @@ resource "kubernetes_role_binding_v1" "role_binding" {
   metadata {
     annotations = try(var.settings.annotations, null)
     labels      = try(var.settings.labels, null)
-    name = azurecaf_name.role_binding.result
-    namespace = try(var.settings.namespace, var.namespaces[var.settings.namespace_key].name)
+    name        = azurecaf_name.role_binding.result
+    namespace   = try(var.settings.namespace, var.namespaces[var.settings.namespace_key].name)
   }
   role_ref {
-    name = try(var.role[var.settings.role_key].name, var.settings.role_name)
-    kind = "Role"
+    name      = try(var.role[var.settings.role_key].name, var.settings.role_name)
+    kind      = "Role"
     api_group = "rbac.authorization.k8s.io"
   }
   dynamic "subject" {
     for_each = try(var.settings.subjects, {})
     content {
-        name = coalesce(try(subject.value.name, null), try(var.managed_identities[subject.value.lz_key][subject.value.object_key].rbac_id, null), try(var.azuread_service_principals[subject.value.lz_key][subject.value.object_key].rbac_id, null), try(var.azuread_groups[subject.value.lz_key][subject.value.object_key].rbac_id, null))
-        kind = can(subject.value.kind) ?  subject.value.kind : can(try(var.managed_identities[subject.value.lz_key][subject.value.object_key].rbac_id, null)) ? "User" : can(try(var.azuread_service_principals[subject.value.lz_key][subject.value.object_key].rbac_id, null)) ? "User" : can(try(var.azuread_groups[subject.value.lz_key][subject.value.object_key].rbac_id, null)) ? "Group" : null
-        api_group = "rbac.authorization.k8s.io"
+      name      = coalesce(try(subject.value.name, null), try(var.managed_identities[subject.value.lz_key][subject.value.object_key].rbac_id, null), try(var.azuread_service_principals[subject.value.lz_key][subject.value.object_key].rbac_id, null), try(var.azuread_groups[subject.value.lz_key][subject.value.object_key].rbac_id, null))
+      kind      = can(subject.value.kind) ? subject.value.kind : can(try(var.managed_identities[subject.value.lz_key][subject.value.object_key].rbac_id, null)) ? "User" : can(try(var.azuread_service_principals[subject.value.lz_key][subject.value.object_key].rbac_id, null)) ? "User" : can(try(var.azuread_groups[subject.value.lz_key][subject.value.object_key].rbac_id, null)) ? "Group" : null
+      api_group = "rbac.authorization.k8s.io"
     }
   }
 }
diff --git a/caf_solution/add-ons/aks_azure_devops_agents/main.tf b/caf_solution/add-ons/aks_azure_devops_agents/main.tf
@@ -17,5 +17,5 @@ terraform {
       version = "~> 0.5.0"
     }
   }
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.3.5"
 }
diff --git a/caf_solution/add-ons/aks_gitlab_agents/main.tf b/caf_solution/add-ons/aks_gitlab_agents/main.tf
@@ -13,5 +13,5 @@ terraform {
       version = "~> 2.0.3"
     }
   }
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.3.5"
 }
diff --git a/caf_solution/add-ons/aks_secure_baseline_v2/main.tf b/caf_solution/add-ons/aks_secure_baseline_v2/main.tf
@@ -13,5 +13,5 @@ terraform {
       version = ">= 0.0.13"
     }
   }
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.3.5"
 }
diff --git a/caf_solution/add-ons/azure_devops/main.tf b/caf_solution/add-ons/azure_devops/main.tf
@@ -30,7 +30,7 @@ terraform {
       version = "~> 1.2.0"
     }
   }
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.3.5"
 }
 
 provider "azurerm" {

diff --git a/caf_solution/add-ons/azure_devops_v1/main.tf b/caf_solution/add-ons/azure_devops_v1/main.tf
@@ -13,7 +13,7 @@ terraform {
       version = "~> 0.1.3"
     }
   }
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.3.5"
 }
 
 provider "azurerm" {

diff --git a/caf_solution/add-ons/caf_eslz/enterprise_scale.tf b/caf_solution/add-ons/caf_eslz/enterprise_scale.tf
@@ -39,7 +39,7 @@ module "enterprise_scale" {
 }
 
 locals {
-  subscription_id_connectivity     = var.subscription_id_connectivity == null ? data.azurerm_client_config.current.subscription_id : var.subscription_id_connectivity
-  subscription_id_management       = var.subscription_id_management == null ? data.azurerm_client_config.current.subscription_id : var.subscription_id_management
-  subscription_id_identity         = var.subscription_id_identity  == null ? data.azurerm_client_config.current.subscription_id : var.subscription_id_identity
+  subscription_id_connectivity = var.subscription_id_connectivity == null ? data.azurerm_client_config.current.subscription_id : var.subscription_id_connectivity
+  subscription_id_management   = var.subscription_id_management == null ? data.azurerm_client_config.current.subscription_id : var.subscription_id_management
+  subscription_id_identity     = var.subscription_id_identity == null ? data.azurerm_client_config.current.subscription_id : var.subscription_id_identity
 }
diff --git a/caf_solution/add-ons/caf_eslz/main.tf b/caf_solution/add-ons/caf_eslz/main.tf
@@ -6,7 +6,7 @@ terraform {
       version = "~> 3.35.0"
     }
   }
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.3.5"
 }
 
 provider "azurerm" {

diff --git a/caf_solution/add-ons/cross_tenant_hub_connection/main.tf b/caf_solution/add-ons/cross_tenant_hub_connection/main.tf
@@ -10,7 +10,7 @@ terraform {
       version = "~> 2.1.0"
     }
   }
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.3.5"
 }
 
 

diff --git a/caf_solution/add-ons/databricks_v1/main.tf b/caf_solution/add-ons/databricks_v1/main.tf
@@ -13,7 +13,7 @@ terraform {
       version = "~> 0.3.9"
     }
   }
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.3.5"
 }
 
 provider "azurerm" {

diff --git a/caf_solution/add-ons/hashicorp_vault_secrets/main.tf b/caf_solution/add-ons/hashicorp_vault_secrets/main.tf
@@ -9,5 +9,5 @@ terraform {
       version = "~> 2.17.0"
     }
   }
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.3.5"
 }
diff --git a/caf_solution/add-ons/helm-charts/main.tf b/caf_solution/add-ons/helm-charts/main.tf
@@ -13,5 +13,5 @@ terraform {
       version = "~> 2.0.3"
     }
   }
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.3.5"
 }
diff --git a/caf_solution/add-ons/secrets-store-csi-driver-provider-azure/main.tf b/caf_solution/add-ons/secrets-store-csi-driver-provider-azure/main.tf
@@ -13,7 +13,7 @@ terraform {
       version = "~> 0.5.0"
     }
   }
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.3.5"
 }
 
 data "azurerm_client_config" "current" {}
diff --git a/caf_solution/add-ons/terraform_cloud/main.tf b/caf_solution/add-ons/terraform_cloud/main.tf
@@ -25,7 +25,7 @@ terraform {
       version = "~> 0.26.1"
     }
   }
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.3.5"
 }
 
 provider "azurerm" {

diff --git a/caf_solution/landingzone.tf b/caf_solution/landingzone.tf
@@ -6,16 +6,17 @@ module "solution" {
     azurerm.vhub = azurerm.vhub
   }
 
+  aadb2c                                = var.aadb2c
+  apim                                  = local.apim
   azuread                               = local.azuread
   cloud                                 = local.cloud
-  compute                               = local.compute
-  apim                                  = local.apim
   cognitive_services                    = local.cognitive_services
+  compute                               = local.compute
   current_landingzone_key               = try(var.landingzone.key, var.landingzone[var.backend_type].key)
   custom_role_definitions               = var.custom_role_definitions
   data_factory                          = local.data_factory
-  database                              = local.database
   data_protection                       = local.data_protection
+  database                              = local.database
   diagnostic_storage_accounts           = var.diagnostic_storage_accounts
   diagnostics_definition                = var.diagnostics_definition
   diagnostics_destinations              = var.diagnostics_destinations
@@ -26,6 +27,7 @@ module "solution" {
   event_hubs                            = var.event_hubs
   global_settings                       = local.global_settings
   identity                              = local.identity
+  iot                                   = local.iot
   keyvault_access_policies              = var.keyvault_access_policies
   keyvault_access_policies_azuread_apps = var.keyvault_access_policies_azuread_apps
   keyvault_certificate_issuers          = var.keyvault_certificate_issuers
@@ -37,6 +39,7 @@ module "solution" {
   managed_identities                    = var.managed_identities
   messaging                             = local.messaging
   networking                            = local.networking
+  purview                               = local.purview
   random_strings                        = var.random_strings
   remote_objects                        = local.remote
   resource_groups                       = var.resource_groups