From e470f662c337ccb96743c475073b247f98c12ee7 Mon Sep 17 00:00:00 2001 From: lolorol Date: Thu, 12 Nov 2020 00:34:55 +0000 Subject: [PATCH 01/53] Add multi-sub support --- landingzones/caf_foundations/README.md | 27 ++++++--- .../caf_foundations/locals.remote_tfstates.tf | 1 + landingzones/caf_foundations/variables.tf | 3 + .../azure_devops/locals.remote_tfstates.tf | 1 + .../add-ons/azure_devops/readme.md | 14 ++++- .../add-ons/azure_devops/variables.tf | 4 ++ .../locals.current_tfstates.tf | 1 + .../add-ons/azure_devops_agent/readme.md | 12 ++++ .../add-ons/azure_devops_agent/variables.tf | 4 ++ landingzones/caf_launchpad/readme.md | 14 ++++- .../caf_networking/locals.remote_tfstates.tf | 1 + landingzones/caf_networking/readme.md | 15 +++-- .../105-hub-and-spoke/configuration.tfvars | 2 +- .../configuration.tfvars | 2 +- .../configuration.tfvars | 2 +- .../201-multi-region-hub/configuration.tfvars | 2 +- .../210-aks-private/configuration.tfvars | 58 +++---------------- .../peerings/launchpad/configuration.tfvars | 41 +++++++++++++ landingzones/caf_networking/variables.tf | 5 +- .../locals.remote_tfstates.tf | 1 + landingzones/caf_shared_services/readme.md | 17 ++++-- landingzones/caf_shared_services/variables.tf | 4 ++ 22 files changed, 158 insertions(+), 73 deletions(-) create mode 100644 landingzones/caf_networking/scenario/210-aks-private/peerings/launchpad/configuration.tfvars diff --git a/landingzones/caf_foundations/README.md b/landingzones/caf_foundations/README.md index 6ed7e238b..6015967d7 100644 --- a/landingzones/caf_foundations/README.md +++ b/landingzones/caf_foundations/README.md @@ -22,9 +22,15 @@ By default, the content of this landing zone is empty unless you specify a confi ```bash # To deploy the CAF foundations in passthrough mode -rover -lz /tf/caf/landingzones/caf_foundations \ --level level1 \ --a apply +rover -lz /tf/caf/public/landingzones/caf_foundations \ + -level level1 \ + -a apply + +# If the tfstates are stored in a different subscription you need to execute the following command +rover -lz /tf/caf/public/landingzones/caf_foundations \ + -tfstate_subscription_id \ + -level level1 \ + -a apply ``` ## Deploying CAF foundations with enterprise-scale (experimental) @@ -33,8 +39,15 @@ This is currently work in progress. Use the following configuration file in order to get started with the enterprise-scale module integration: ```bash -rover -lz /tf/caf/landingzones/caf_foundations \ --var-folder /tf/caf/landingzones/caf_foundations/scenario/200 \ --level level1 \ --a apply +rover -lz /tf/caf/public/landingzones/caf_foundations \ + -var-folder /tf/caf/public/landingzones/caf_foundations/scenario/200 \ + -level level1 \ + -a apply + +# If the tfstates are stored in a different subscription you need to execute the following command +rover -lz /tf/caf/public/landingzones/caf_foundations \ + -tfstate_subscription_id \ + -var-folder /tf/caf/public/landingzones/caf_foundations/scenario/200 \ + -level level1 \ + -a apply ``` diff --git a/landingzones/caf_foundations/locals.remote_tfstates.tf b/landingzones/caf_foundations/locals.remote_tfstates.tf index 3bb21c81f..3417575d2 100644 --- a/landingzones/caf_foundations/locals.remote_tfstates.tf +++ b/landingzones/caf_foundations/locals.remote_tfstates.tf @@ -21,6 +21,7 @@ data "terraform_remote_state" "remote" { storage_account_name = local.landingzone[try(each.value.level, "current")].storage_account_name container_name = local.landingzone[try(each.value.level, "current")].container_name resource_group_name = local.landingzone[try(each.value.level, "current")].resource_group_name + subscription_id = var.tfstate_subscription_id key = each.value.tfstate } } diff --git a/landingzones/caf_foundations/variables.tf b/landingzones/caf_foundations/variables.tf index b69a305ee..62d8b36a6 100644 --- a/landingzones/caf_foundations/variables.tf +++ b/landingzones/caf_foundations/variables.tf @@ -3,6 +3,9 @@ variable lower_storage_account_name {} variable lower_container_name {} variable lower_resource_group_name {} +variable tfstate_subscription_id { + description = "This value is propulated by the rover. subscription id hosting the remote tfstates" +} variable tfstate_storage_account_name { description = "This value is propulated by the rover" } diff --git a/landingzones/caf_launchpad/add-ons/azure_devops/locals.remote_tfstates.tf b/landingzones/caf_launchpad/add-ons/azure_devops/locals.remote_tfstates.tf index 0cfe65a6b..7f1e87822 100644 --- a/landingzones/caf_launchpad/add-ons/azure_devops/locals.remote_tfstates.tf +++ b/landingzones/caf_launchpad/add-ons/azure_devops/locals.remote_tfstates.tf @@ -21,6 +21,7 @@ data "terraform_remote_state" "remote" { storage_account_name = local.landingzone[try(each.value.level, "current")].storage_account_name container_name = local.landingzone[try(each.value.level, "current")].container_name resource_group_name = local.landingzone[try(each.value.level, "current")].resource_group_name + subscription_id = var.tfstate_subscription_id key = each.value.tfstate } } diff --git a/landingzones/caf_launchpad/add-ons/azure_devops/readme.md b/landingzones/caf_launchpad/add-ons/azure_devops/readme.md index 405ddcd4e..85a8fcfb1 100644 --- a/landingzones/caf_launchpad/add-ons/azure_devops/readme.md +++ b/landingzones/caf_launchpad/add-ons/azure_devops/readme.md @@ -42,7 +42,19 @@ rover -lz /tf/caf/landingzones/caf_launchpad/add-ons/azure_devops \ -var-folder /tf/caf/landingzones/caf_launchpad/add-ons/azure_devops/scenario/200-contoso_demo \ -parallelism 30 \ -level level0 \ - -a apply -env sandpit + -env sandpit \ + -a apply + + +# If the tfstates are stored in a different subscription you need to execute the following command +rover -lz /tf/caf/landingzones/caf_launchpad/add-ons/azure_devops \ + -tfstate_subscription_id \ + -tfstate azure_devops-contoso_demo.tfstate \ + -var-folder /tf/caf/landingzones/caf_launchpad/add-ons/azure_devops/scenario/200-contoso_demo \ + -parallelism 30 \ + -level level0 \ + -env sandpit \ + -a apply ``` We are planning to release more examples on how to deploy the Azure Devops Agents. diff --git a/landingzones/caf_launchpad/add-ons/azure_devops/variables.tf b/landingzones/caf_launchpad/add-ons/azure_devops/variables.tf index b7dcb3142..8cf5b7916 100644 --- a/landingzones/caf_launchpad/add-ons/azure_devops/variables.tf +++ b/landingzones/caf_launchpad/add-ons/azure_devops/variables.tf @@ -8,6 +8,10 @@ variable tfstate_container_name {} variable tfstate_key {} variable tfstate_resource_group_name {} +variable tfstate_subscription_id { + description = "This value is propulated by the rover. subscription id hosting the remote tfstates" +} + variable global_settings { default = {} } diff --git a/landingzones/caf_launchpad/add-ons/azure_devops_agent/locals.current_tfstates.tf b/landingzones/caf_launchpad/add-ons/azure_devops_agent/locals.current_tfstates.tf index 1d22c002b..3bff3625b 100644 --- a/landingzones/caf_launchpad/add-ons/azure_devops_agent/locals.current_tfstates.tf +++ b/landingzones/caf_launchpad/add-ons/azure_devops_agent/locals.current_tfstates.tf @@ -21,6 +21,7 @@ data "terraform_remote_state" "remote" { storage_account_name = local.landingzone[try(each.value.level, "current")].storage_account_name container_name = local.landingzone[try(each.value.level, "current")].container_name resource_group_name = local.landingzone[try(each.value.level, "current")].resource_group_name + subscription_id = var.tfstate_subscription_id key = each.value.tfstate } } diff --git a/landingzones/caf_launchpad/add-ons/azure_devops_agent/readme.md b/landingzones/caf_launchpad/add-ons/azure_devops_agent/readme.md index 4309d4e06..dd7b29571 100644 --- a/landingzones/caf_launchpad/add-ons/azure_devops_agent/readme.md +++ b/landingzones/caf_launchpad/add-ons/azure_devops_agent/readme.md @@ -39,4 +39,16 @@ rover -lz /tf/caf/landingzones/caf_launchpad/add-ons/azure_devops_agent \ -level level1 \ -env sandpit \ -a apply + + +# If the tfstates are stored in a different subscription you need to execute the following command + +rover -lz /tf/caf/landingzones/caf_launchpad/add-ons/azure_devops_agent \ + -tfstate_subscription_id \ + -tfstate azdo-agent-level1.tfstate \ + -var-folder /tf/caf/landingzones/caf_launchpad/add-ons/azure_devops_agent/scenario/200-contoso_demo/level1 \ + -parallelism 30 \ + -level level1 \ + -env sandpit \ + -a apply ``` \ No newline at end of file diff --git a/landingzones/caf_launchpad/add-ons/azure_devops_agent/variables.tf b/landingzones/caf_launchpad/add-ons/azure_devops_agent/variables.tf index ac8ec74b4..4efef26b0 100644 --- a/landingzones/caf_launchpad/add-ons/azure_devops_agent/variables.tf +++ b/landingzones/caf_launchpad/add-ons/azure_devops_agent/variables.tf @@ -8,6 +8,10 @@ variable tfstate_container_name {} variable tfstate_key {} variable tfstate_resource_group_name {} +variable tfstate_subscription_id { + description = "This value is propulated by the rover. subscription id hosting the remote tfstates" +} + variable global_settings { default = {} } diff --git a/landingzones/caf_launchpad/readme.md b/landingzones/caf_launchpad/readme.md index 476d81e2c..4a0e30386 100644 --- a/landingzones/caf_launchpad/readme.md +++ b/landingzones/caf_launchpad/readme.md @@ -34,7 +34,19 @@ rover -lz /tf/caf/landingzones/caf_launchpad \ -a apply # Advanced scenario - Requires Azure AD privileges -rover -lz /tf/caf/landingzones/caf_launchpad -launchpad -var-folder /tf/caf/landingzones/caf_launchpad/scenario/200/configuration.tfvars -parallelism=30 -a apply +rover -lz /tf/caf/landingzones/caf_launchpad \ + -launchpad \ + -var-folder /tf/caf/landingzones/caf_launchpad/scenario/200/configuration.tfvars \ + -parallelism=30 \ + -a apply + +# If the tfstates are stored in a different subscription you need to execute the following command +rover -lz /tf/caf/landingzones/caf_launchpad \ + -tfstate_subscription_id \ + -launchpad \ + -var-folder /tf/caf/landingzones/caf_launchpad/scenario/200/configuration.tfvars \ + -parallelism=30 \ + -a apply ```
diff --git a/landingzones/caf_networking/locals.remote_tfstates.tf b/landingzones/caf_networking/locals.remote_tfstates.tf index 4bb6fb2a7..dd44b7688 100644 --- a/landingzones/caf_networking/locals.remote_tfstates.tf +++ b/landingzones/caf_networking/locals.remote_tfstates.tf @@ -21,6 +21,7 @@ data "terraform_remote_state" "remote" { storage_account_name = local.landingzone[try(each.value.level, "current")].storage_account_name container_name = local.landingzone[try(each.value.level, "current")].container_name resource_group_name = local.landingzone[try(each.value.level, "current")].resource_group_name + subscription_id = var.tfstate_subscription_id key = each.value.tfstate } } diff --git a/landingzones/caf_networking/readme.md b/landingzones/caf_networking/readme.md index ab213bfcc..cccb1a695 100644 --- a/landingzones/caf_networking/readme.md +++ b/landingzones/caf_networking/readme.md @@ -31,8 +31,15 @@ Depending on the networking scenario and topology, we provide you with different Once you have picked a scenario for test, you can deploy it using: ```bash -rover -lz /tf/caf/landingzones/caf_networking \ --level level2 \ --var-folder /tf/caf/landingzones/caf_networking/scenario/100-single-region-hub \ --a apply +rover -lz /tf/caf/public/landingzones/caf_networking \ + -level level2 \ + -var-folder /tf/caf/public/landingzones/caf_networking/scenario/100-single-region-hub \ + -a apply + +# If the tfstates are stored in a different subscription you need to execute the following command +rover -lz /tf/caf/public/landingzones/caf_networking \ + -tfstate_subscription_id \ + -level level2 \ + -var-folder /tf/caf/public/landingzones/caf_networking/scenario/100-single-region-hub \ + -a apply ``` diff --git a/landingzones/caf_networking/scenario/105-hub-and-spoke/configuration.tfvars b/landingzones/caf_networking/scenario/105-hub-and-spoke/configuration.tfvars index 6cc426493..b32be7ef7 100644 --- a/landingzones/caf_networking/scenario/105-hub-and-spoke/configuration.tfvars +++ b/landingzones/caf_networking/scenario/105-hub-and-spoke/configuration.tfvars @@ -2,7 +2,7 @@ landingzone = { backend_type = "azurerm" global_settings_key = "foundations" level = "level2" - key = "example" + key = "networking_hub" tfstates = { foundations = { level = "lower" diff --git a/landingzones/caf_networking/scenario/106-hub-virtual-wan-firewall/configuration.tfvars b/landingzones/caf_networking/scenario/106-hub-virtual-wan-firewall/configuration.tfvars index bd5fd339b..5614a5342 100644 --- a/landingzones/caf_networking/scenario/106-hub-virtual-wan-firewall/configuration.tfvars +++ b/landingzones/caf_networking/scenario/106-hub-virtual-wan-firewall/configuration.tfvars @@ -2,7 +2,7 @@ landingzone = { backend_type = "azurerm" global_settings_key = "foundations" level = "level2" - key = "example" + key = "networking_hub" tfstates = { foundations = { level = "lower" diff --git a/landingzones/caf_networking/scenario/200-single-region-hub/configuration.tfvars b/landingzones/caf_networking/scenario/200-single-region-hub/configuration.tfvars index fb4bbd5b3..c06ac4c4b 100644 --- a/landingzones/caf_networking/scenario/200-single-region-hub/configuration.tfvars +++ b/landingzones/caf_networking/scenario/200-single-region-hub/configuration.tfvars @@ -2,7 +2,7 @@ landingzone = { backend_type = "azurerm" global_settings_key = "foundations" level = "level2" - key = "example" + key = "networking_hub" tfstates = { foundations = { level = "lower" diff --git a/landingzones/caf_networking/scenario/201-multi-region-hub/configuration.tfvars b/landingzones/caf_networking/scenario/201-multi-region-hub/configuration.tfvars index 65fd2d4c5..1e23636ed 100644 --- a/landingzones/caf_networking/scenario/201-multi-region-hub/configuration.tfvars +++ b/landingzones/caf_networking/scenario/201-multi-region-hub/configuration.tfvars @@ -2,7 +2,7 @@ landingzone = { backend_type = "azurerm" global_settings_key = "foundations" level = "level2" - key = "example" + key = "networking_hub" tfstates = { foundations = { level = "lower" diff --git a/landingzones/caf_networking/scenario/210-aks-private/configuration.tfvars b/landingzones/caf_networking/scenario/210-aks-private/configuration.tfvars index ab9b614a1..6dc8046b1 100644 --- a/landingzones/caf_networking/scenario/210-aks-private/configuration.tfvars +++ b/landingzones/caf_networking/scenario/210-aks-private/configuration.tfvars @@ -2,7 +2,7 @@ landingzone = { backend_type = "azurerm" global_settings_key = "foundations" level = "level2" - key = "example" + key = "networking_hub" tfstates = { foundations = { level = "lower" @@ -20,10 +20,6 @@ resource_groups = { name = "vnet-rg1" region = "region1" } - vnet_rg2 = { - name = "vnet-rg2" - region = "region2" - } } vnets = { @@ -70,18 +66,21 @@ vnets = { name = "aks_nodepool_system" cidr = ["100.64.48.0/24"] route_table_key = "default_to_firewall_rg1" - enforce_private_link_endpoint_network_policies = true } aks_nodepool_user1 = { name = "aks_nodepool_user1" cidr = ["100.64.49.0/24"] route_table_key = "default_to_firewall_rg1" - enforce_private_link_endpoint_network_policies = true } aks_nodepool_user2 = { name = "aks_nodepool_user2" cidr = ["100.64.50.0/24"] route_table_key = "default_to_firewall_rg1" + } + private_links = { + name = "private_links" + cidr = ["100.64.51.0/24"] + route_table_key = "default_to_firewall_rg1" enforce_private_link_endpoint_network_policies = true } } @@ -95,7 +94,6 @@ vnet_peerings = { vnet_key = "hub_rg1" } to = { - tfstate_key = "foundations" lz_key = "launchpad" output_key = "vnets" vnet_key = "devops_region1" @@ -107,24 +105,6 @@ vnet_peerings = { use_remote_gateways = false } - # Inbound peer with the devops vnet - launchpad_devops-TO-hub_rg1 = { - from = { - tfstate_key = "foundations" - lz_key = "launchpad" - output_key = "vnets" - vnet_key = "devops_region1" - } - to = { - vnet_key = "hub_rg1" - } - name = "launchpad_devops-TO-hub_rg1" - allow_virtual_network_access = true - allow_forwarded_traffic = false - allow_gateway_transit = false - use_remote_gateways = false - } - hub_rg1_TO_spoke_aks_rg1 = { from = { vnet_key = "hub_rg1" @@ -766,33 +746,11 @@ azure_container_registries = { private_endpoints = { # Require enforce_private_link_endpoint_network_policies set to true on the subnet - spoke_aks_rg1-aks_nodepool_system = { - name = "acr-test-private-link" - resource_group_key = "vnet_rg1" - vnet_key = "spoke_aks_rg1" - subnet_key = "aks_nodepool_system" - private_service_connection = { - name = "acr-test-private-link-psc" - is_manual_connection = false - subresource_names = ["registry"] - } - } - spoke_aks_rg1-aks_nodepool_user1 = { - name = "acr-test-private-link" - resource_group_key = "vnet_rg1" - vnet_key = "spoke_aks_rg1" - subnet_key = "aks_nodepool_user1" - private_service_connection = { - name = "acr-test-private-link-psc" - is_manual_connection = false - subresource_names = ["registry"] - } - } - spoke_aks_rg1-aks_nodepool_user2 = { + spoke_aks_rg1-private_links = { name = "acr-test-private-link" resource_group_key = "vnet_rg1" vnet_key = "spoke_aks_rg1" - subnet_key = "aks_nodepool_user2" + subnet_key = "private_links" private_service_connection = { name = "acr-test-private-link-psc" is_manual_connection = false diff --git a/landingzones/caf_networking/scenario/210-aks-private/peerings/launchpad/configuration.tfvars b/landingzones/caf_networking/scenario/210-aks-private/peerings/launchpad/configuration.tfvars new file mode 100644 index 000000000..8a6c2fd91 --- /dev/null +++ b/landingzones/caf_networking/scenario/210-aks-private/peerings/launchpad/configuration.tfvars @@ -0,0 +1,41 @@ +landingzone = { + backend_type = "azurerm" + global_settings_key = "foundations" + level = "level2" + key = "launchpad" + tfstates = { + foundations = { + level = "lower" + tfstate = "caf_foundations.tfstate" + } + launchpad = { + level = "lower" + tfstate = "caf_foundations.tfstate" + } + networking_hub = { + tfstate = "caf_networking.tfstate" + } + } +} + +vnet_peerings = { + + # Inbound peer with the devops vnet + launchpad_devops-TO-hub_rg1 = { + from = { + vnet_key = "devops_region1" + } + to = { + lz_key = "networking_hub" + output_key = "vnets" + vnet_key = "hub_rg1" + } + name = "launchpad_devops-TO-hub_rg1" + allow_virtual_network_access = true + allow_forwarded_traffic = false + allow_gateway_transit = false + use_remote_gateways = false + } + +} + diff --git a/landingzones/caf_networking/variables.tf b/landingzones/caf_networking/variables.tf index e76ba1311..7beffa33e 100644 --- a/landingzones/caf_networking/variables.tf +++ b/landingzones/caf_networking/variables.tf @@ -3,6 +3,9 @@ variable lower_storage_account_name {} variable lower_container_name {} variable lower_resource_group_name {} +variable tfstate_subscription_id { + description = "This value is propulated by the rover. subscription id hosting the remote tfstates" +} variable tfstate_storage_account_name {} variable tfstate_container_name {} variable tfstate_key {} @@ -47,7 +50,7 @@ variable diagnostics_definition { default = null } variable resource_groups { - default = null + default = {} } variable vnets { default = {} diff --git a/landingzones/caf_shared_services/locals.remote_tfstates.tf b/landingzones/caf_shared_services/locals.remote_tfstates.tf index 3bb21c81f..3417575d2 100644 --- a/landingzones/caf_shared_services/locals.remote_tfstates.tf +++ b/landingzones/caf_shared_services/locals.remote_tfstates.tf @@ -21,6 +21,7 @@ data "terraform_remote_state" "remote" { storage_account_name = local.landingzone[try(each.value.level, "current")].storage_account_name container_name = local.landingzone[try(each.value.level, "current")].container_name resource_group_name = local.landingzone[try(each.value.level, "current")].resource_group_name + subscription_id = var.tfstate_subscription_id key = each.value.tfstate } } diff --git a/landingzones/caf_shared_services/readme.md b/landingzones/caf_shared_services/readme.md index 3ae6e8098..c87bf6d35 100644 --- a/landingzones/caf_shared_services/readme.md +++ b/landingzones/caf_shared_services/readme.md @@ -18,7 +18,7 @@ For a review of the hierarchy approach of Cloud Adoption Framework for Azure lan By default, the content of this landing zone is empty unless you specify a configuration file to enable it. ```bash -rover -lz /tf/caf/landingzones/caf_shared_services \ +rover -lz /tf/caf/public/landingzones/caf_shared_services \ -level level2 \ -a apply ``` @@ -26,8 +26,15 @@ rover -lz /tf/caf/landingzones/caf_shared_services \ You can deploy an example with Azure Site Recovery configuration and Automation: ```bash -rover -lz /tf/caf/landingzones/caf_shared_services \ --level level2 \ --var-folder /tf/caf/landingzones/caf_shared_services/scenario/100 \ --a apply +rover -lz /tf/caf/public/landingzones/caf_shared_services \ + -level level2 \ + -var-folder /tf/caf/public/landingzones/caf_shared_services/scenario/100 \ + -a apply + +# If the tfstates are stored in a different subscription you need to execute the following command +rover -lz /tf/caf/public/landingzones/caf_shared_services \ + -tfstate_subscription_id \ + -level level2 \ + -var-folder /tf/caf/public/landingzones/caf_shared_services/scenario/100 \ + -a apply ``` diff --git a/landingzones/caf_shared_services/variables.tf b/landingzones/caf_shared_services/variables.tf index 4c18715f0..5c460100d 100644 --- a/landingzones/caf_shared_services/variables.tf +++ b/landingzones/caf_shared_services/variables.tf @@ -8,6 +8,10 @@ variable tfstate_container_name {} variable tfstate_key {} variable tfstate_resource_group_name {} +variable tfstate_subscription_id { + description = "This value is propulated by the rover. subscription id hosting the remote tfstates" +} + variable landingzone { default = { backend_type = "azurerm" From 739c92df0c1b2b47c19bd2a493e59030e4e8c36f Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Thu, 12 Nov 2020 14:04:13 +0000 Subject: [PATCH 02/53] Fixing eventhub diagnostics not passed up in the stack --- landingzones/caf_foundations/locals.remote_tfstates.tf | 1 + landingzones/caf_foundations/output.tf | 1 + landingzones/caf_networking/landingzone.tf | 5 +++-- landingzones/caf_networking/locals.remote_tfstates.tf | 1 + landingzones/caf_networking/output.tf | 4 ++-- landingzones/caf_shared_services/locals.remote_tfstates.tf | 1 + 6 files changed, 9 insertions(+), 4 deletions(-) diff --git a/landingzones/caf_foundations/locals.remote_tfstates.tf b/landingzones/caf_foundations/locals.remote_tfstates.tf index 3bb21c81f..984041133 100644 --- a/landingzones/caf_foundations/locals.remote_tfstates.tf +++ b/landingzones/caf_foundations/locals.remote_tfstates.tf @@ -39,6 +39,7 @@ locals { diagnostics_destinations = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations storage_accounts = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.storage_accounts log_analytics = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.log_analytics + event_hub_namespaces = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.event_hub_namespaces } diff --git a/landingzones/caf_foundations/output.tf b/landingzones/caf_foundations/output.tf index 1c5460187..527339cb4 100644 --- a/landingzones/caf_foundations/output.tf +++ b/landingzones/caf_foundations/output.tf @@ -25,3 +25,4 @@ output tfstates { value = local.tfstates sensitive = true } + diff --git a/landingzones/caf_networking/landingzone.tf b/landingzones/caf_networking/landingzone.tf index 5fb725afa..e03b50a60 100644 --- a/landingzones/caf_networking/landingzone.tf +++ b/landingzones/caf_networking/landingzone.tf @@ -1,6 +1,7 @@ module "networking" { - source = "aztfmod/caf/azurerm" - version = "~> 0.4" + source = "/tf/caf/aztfmod" + # source = "aztfmod/caf/azurerm" + # version = "~> 0.4" current_landingzone_key = var.landingzone.key tags = local.tags diff --git a/landingzones/caf_networking/locals.remote_tfstates.tf b/landingzones/caf_networking/locals.remote_tfstates.tf index 4bb6fb2a7..251b92547 100644 --- a/landingzones/caf_networking/locals.remote_tfstates.tf +++ b/landingzones/caf_networking/locals.remote_tfstates.tf @@ -39,6 +39,7 @@ locals { diagnostics_destinations = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations storage_accounts = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.storage_accounts log_analytics = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.log_analytics + event_hub_namespaces = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.event_hub_namespaces } diff --git a/landingzones/caf_networking/output.tf b/landingzones/caf_networking/output.tf index 8b897ab60..0f47296e6 100644 --- a/landingzones/caf_networking/output.tf +++ b/landingzones/caf_networking/output.tf @@ -1,11 +1,11 @@ output tfstates { value = local.tfstates - sensitive = false + sensitive = true } output vnets { value = local.combined.vnets - sensitive = false + sensitive = true } output azurerm_firewalls { diff --git a/landingzones/caf_shared_services/locals.remote_tfstates.tf b/landingzones/caf_shared_services/locals.remote_tfstates.tf index 3bb21c81f..984041133 100644 --- a/landingzones/caf_shared_services/locals.remote_tfstates.tf +++ b/landingzones/caf_shared_services/locals.remote_tfstates.tf @@ -39,6 +39,7 @@ locals { diagnostics_destinations = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations storage_accounts = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.storage_accounts log_analytics = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.log_analytics + event_hub_namespaces = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.event_hub_namespaces } From 0f4d568791a4e5c0b9d3088a6fa76026a4a20d45 Mon Sep 17 00:00:00 2001 From: lolorol Date: Thu, 12 Nov 2020 18:17:45 +0000 Subject: [PATCH 03/53] Update for multi-sub --- landingzones/caf_foundations/landingzone.tf | 17 +++++++++++ landingzones/caf_foundations/output.tf | 7 +++++ landingzones/caf_foundations/variables.tf | 9 ++++++ landingzones/caf_launchpad/main.tf | 5 ++-- landingzones/caf_launchpad/variables.tf | 4 +++ .../caf_shared_services/landingzone.tf | 28 +++++++++++-------- .../locals.remote_tfstates.tf | 3 ++ landingzones/caf_shared_services/variables.tf | 6 ++++ 8 files changed, 65 insertions(+), 14 deletions(-) create mode 100644 landingzones/caf_foundations/landingzone.tf diff --git a/landingzones/caf_foundations/landingzone.tf b/landingzones/caf_foundations/landingzone.tf new file mode 100644 index 000000000..ac35a4359 --- /dev/null +++ b/landingzones/caf_foundations/landingzone.tf @@ -0,0 +1,17 @@ +module "foundations" { + source = "aztfmod/caf/azurerm" + version = "~> 0.4" + + current_landingzone_key = var.landingzone.key + tenant_id = var.tenant_id + tags = local.tags + diagnostics = local.diagnostics + global_settings = local.global_settings + tfstates = local.tfstates + diagnostic_storage_accounts = var.diagnostic_storage_accounts + logged_user_objectId = var.logged_user_objectId + logged_aad_app_objectId = var.logged_aad_app_objectId + resource_groups = var.resource_groups + keyvaults = var.keyvaults + +} \ No newline at end of file diff --git a/landingzones/caf_foundations/output.tf b/landingzones/caf_foundations/output.tf index 1c5460187..097cf77c4 100644 --- a/landingzones/caf_foundations/output.tf +++ b/landingzones/caf_foundations/output.tf @@ -25,3 +25,10 @@ output tfstates { value = local.tfstates sensitive = true } + +output keyvaults { + value = map( + var.landingzone.key, + module.foundations.keyvaults + ) +} \ No newline at end of file diff --git a/landingzones/caf_foundations/variables.tf b/landingzones/caf_foundations/variables.tf index 62d8b36a6..3e7a41cbf 100644 --- a/landingzones/caf_foundations/variables.tf +++ b/landingzones/caf_foundations/variables.tf @@ -53,4 +53,13 @@ variable enterprise_scale { variable diagnostics_definition { default = {} +} +variable keyvaults { + default = {} +} +variable resource_groups { + default = {} +} +variable diagnostic_storage_accounts { + default = {} } \ No newline at end of file diff --git a/landingzones/caf_launchpad/main.tf b/landingzones/caf_launchpad/main.tf index 89785b374..3e1df265b 100644 --- a/landingzones/caf_launchpad/main.tf +++ b/landingzones/caf_launchpad/main.tf @@ -74,13 +74,12 @@ locals { passthrough = var.passthrough random_length = var.random_length inherit_tags = var.inherit_tags + use_slug = var.use_slug } - tfstates = map(var.landingzone.key, - map( + tfstates = map( var.landingzone.key, local.backend[var.landingzone.backend_type] - ) ) backend = { diff --git a/landingzones/caf_launchpad/variables.tf b/landingzones/caf_launchpad/variables.tf index b2440c015..26a3e02c7 100644 --- a/landingzones/caf_launchpad/variables.tf +++ b/landingzones/caf_launchpad/variables.tf @@ -50,6 +50,10 @@ variable prefix { default = null } +variable use_slug { + default = true +} + variable log_analytics { default = {} } diff --git a/landingzones/caf_shared_services/landingzone.tf b/landingzones/caf_shared_services/landingzone.tf index adf5743e7..1d79973a8 100644 --- a/landingzones/caf_shared_services/landingzone.tf +++ b/landingzones/caf_shared_services/landingzone.tf @@ -2,23 +2,29 @@ module "landingzones_shared_services" { source = "aztfmod/caf/azurerm" version = "~> 0.4" - current_landingzone_key = var.landingzone.key - tenant_id = var.tenant_id - tags = local.tags - diagnostics = local.diagnostics - global_settings = local.global_settings - tfstates = local.tfstates - logged_user_objectId = var.logged_user_objectId - logged_aad_app_objectId = var.logged_aad_app_objectId - - resource_groups = var.resource_groups + current_landingzone_key = var.landingzone.key + tenant_id = var.tenant_id + tags = local.tags + diagnostics = local.diagnostics + global_settings = local.global_settings + tfstates = local.tfstates + diagnostic_storage_accounts = var.diagnostic_storage_accounts + logged_user_objectId = var.logged_user_objectId + logged_aad_app_objectId = var.logged_aad_app_objectId + resource_groups = var.resource_groups + shared_services = { recovery_vaults = var.recovery_vaults automations = var.automations } + compute = { + virtual_machines = var.virtual_machines + } + # Pass the remote objects you need to connect to. remote_objects = { - vnets = local.remote.vnets + vnets = local.remote.vnets + keyvaults = local.remote.keyvaults } } \ No newline at end of file diff --git a/landingzones/caf_shared_services/locals.remote_tfstates.tf b/landingzones/caf_shared_services/locals.remote_tfstates.tf index 3417575d2..54ff4d828 100644 --- a/landingzones/caf_shared_services/locals.remote_tfstates.tf +++ b/landingzones/caf_shared_services/locals.remote_tfstates.tf @@ -54,5 +54,8 @@ locals { vnets = { for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.vnets[key], {})) } + keyvaults = { + for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.keyvaults[key], {})) + } } } diff --git a/landingzones/caf_shared_services/variables.tf b/landingzones/caf_shared_services/variables.tf index 5c460100d..32e251869 100644 --- a/landingzones/caf_shared_services/variables.tf +++ b/landingzones/caf_shared_services/variables.tf @@ -63,3 +63,9 @@ variable replicated_vms { variable network_mappings { default = {} } +variable diagnostic_storage_accounts { + default = {} +} +variable virtual_machines { + default = {} +} \ No newline at end of file From 204e71199bda711e4fb964ae1037b18920165a30 Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Thu, 12 Nov 2020 23:49:46 +0000 Subject: [PATCH 04/53] Using module from registry --- landingzones/caf_networking/landingzone.tf | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/landingzones/caf_networking/landingzone.tf b/landingzones/caf_networking/landingzone.tf index e03b50a60..5fb725afa 100644 --- a/landingzones/caf_networking/landingzone.tf +++ b/landingzones/caf_networking/landingzone.tf @@ -1,7 +1,6 @@ module "networking" { - source = "/tf/caf/aztfmod" - # source = "aztfmod/caf/azurerm" - # version = "~> 0.4" + source = "aztfmod/caf/azurerm" + version = "~> 0.4" current_landingzone_key = var.landingzone.key tags = local.tags From 31f9746b2793faafc3bf4d2b227ab87ac65db77a Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 17 Nov 2020 07:28:52 +0000 Subject: [PATCH 05/53] Add Express Route Circuit --- landingzones/caf_networking/landingzone.tf | 6 ++++-- landingzones/caf_networking/variables.tf | 3 +++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/landingzones/caf_networking/landingzone.tf b/landingzones/caf_networking/landingzone.tf index 5fb725afa..02dae3b7a 100644 --- a/landingzones/caf_networking/landingzone.tf +++ b/landingzones/caf_networking/landingzone.tf @@ -1,6 +1,7 @@ module "networking" { - source = "aztfmod/caf/azurerm" - version = "~> 0.4" + # source = "aztfmod/caf/azurerm" + # version = "~> 0.4" + source = "/tf/caf/aztfmod" current_landingzone_key = var.landingzone.key tags = local.tags @@ -24,6 +25,7 @@ module "networking" { azurerm_firewall_application_rule_collection_definition = var.azurerm_firewall_application_rule_collection_definition azurerm_firewall_nat_rule_collection_definition = var.azurerm_firewall_nat_rule_collection_definition azurerm_firewalls = var.azurerm_firewalls + express_route_circuits = var.express_route_circuits public_ip_addresses = var.public_ip_addresses route_tables = var.route_tables azurerm_routes = var.azurerm_routes diff --git a/landingzones/caf_networking/variables.tf b/landingzones/caf_networking/variables.tf index 7beffa33e..34810c56d 100644 --- a/landingzones/caf_networking/variables.tf +++ b/landingzones/caf_networking/variables.tf @@ -120,4 +120,7 @@ variable keyvaults { } variable keyvault_access_policies { default = {} +} +variable express_route_circuits { + default = {} } \ No newline at end of file From 5559e6da7fcda8a259f37bb973caa2f6ed4d97a3 Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 17 Nov 2020 07:47:13 +0000 Subject: [PATCH 06/53] Add Express Route Authorization Keys --- landingzones/caf_networking/landingzone.tf | 1 + landingzones/caf_networking/variables.tf | 3 +++ 2 files changed, 4 insertions(+) diff --git a/landingzones/caf_networking/landingzone.tf b/landingzones/caf_networking/landingzone.tf index 02dae3b7a..196878edf 100644 --- a/landingzones/caf_networking/landingzone.tf +++ b/landingzones/caf_networking/landingzone.tf @@ -26,6 +26,7 @@ module "networking" { azurerm_firewall_nat_rule_collection_definition = var.azurerm_firewall_nat_rule_collection_definition azurerm_firewalls = var.azurerm_firewalls express_route_circuits = var.express_route_circuits + express_route_circuit_authorizations = var.express_route_circuit_authorizations public_ip_addresses = var.public_ip_addresses route_tables = var.route_tables azurerm_routes = var.azurerm_routes diff --git a/landingzones/caf_networking/variables.tf b/landingzones/caf_networking/variables.tf index 34810c56d..d923925f4 100644 --- a/landingzones/caf_networking/variables.tf +++ b/landingzones/caf_networking/variables.tf @@ -123,4 +123,7 @@ variable keyvault_access_policies { } variable express_route_circuits { default = {} +} +variable express_route_circuit_authorizations { + default = {} } \ No newline at end of file From 6052d2a36419b4dc7f82a06985adabb3edfe591e Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 17 Nov 2020 07:28:52 +0000 Subject: [PATCH 07/53] Add Express Route Circuit --- landingzones/caf_networking/landingzone.tf | 6 ++++-- landingzones/caf_networking/variables.tf | 3 +++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/landingzones/caf_networking/landingzone.tf b/landingzones/caf_networking/landingzone.tf index 5fb725afa..02dae3b7a 100644 --- a/landingzones/caf_networking/landingzone.tf +++ b/landingzones/caf_networking/landingzone.tf @@ -1,6 +1,7 @@ module "networking" { - source = "aztfmod/caf/azurerm" - version = "~> 0.4" + # source = "aztfmod/caf/azurerm" + # version = "~> 0.4" + source = "/tf/caf/aztfmod" current_landingzone_key = var.landingzone.key tags = local.tags @@ -24,6 +25,7 @@ module "networking" { azurerm_firewall_application_rule_collection_definition = var.azurerm_firewall_application_rule_collection_definition azurerm_firewall_nat_rule_collection_definition = var.azurerm_firewall_nat_rule_collection_definition azurerm_firewalls = var.azurerm_firewalls + express_route_circuits = var.express_route_circuits public_ip_addresses = var.public_ip_addresses route_tables = var.route_tables azurerm_routes = var.azurerm_routes diff --git a/landingzones/caf_networking/variables.tf b/landingzones/caf_networking/variables.tf index e76ba1311..8e1206d03 100644 --- a/landingzones/caf_networking/variables.tf +++ b/landingzones/caf_networking/variables.tf @@ -117,4 +117,7 @@ variable keyvaults { } variable keyvault_access_policies { default = {} +} +variable express_route_circuits { + default = {} } \ No newline at end of file From da0ed487d66cf8131d924ccfe4f904f9c13d19ff Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 17 Nov 2020 07:47:13 +0000 Subject: [PATCH 08/53] Add Express Route Authorization Keys --- landingzones/caf_networking/landingzone.tf | 1 + landingzones/caf_networking/variables.tf | 3 +++ 2 files changed, 4 insertions(+) diff --git a/landingzones/caf_networking/landingzone.tf b/landingzones/caf_networking/landingzone.tf index 02dae3b7a..196878edf 100644 --- a/landingzones/caf_networking/landingzone.tf +++ b/landingzones/caf_networking/landingzone.tf @@ -26,6 +26,7 @@ module "networking" { azurerm_firewall_nat_rule_collection_definition = var.azurerm_firewall_nat_rule_collection_definition azurerm_firewalls = var.azurerm_firewalls express_route_circuits = var.express_route_circuits + express_route_circuit_authorizations = var.express_route_circuit_authorizations public_ip_addresses = var.public_ip_addresses route_tables = var.route_tables azurerm_routes = var.azurerm_routes diff --git a/landingzones/caf_networking/variables.tf b/landingzones/caf_networking/variables.tf index 8e1206d03..fed3c656b 100644 --- a/landingzones/caf_networking/variables.tf +++ b/landingzones/caf_networking/variables.tf @@ -120,4 +120,7 @@ variable keyvault_access_policies { } variable express_route_circuits { default = {} +} +variable express_route_circuit_authorizations { + default = {} } \ No newline at end of file From 028ecd7531008c4cdcab38e9047d967709a0118e Mon Sep 17 00:00:00 2001 From: lolorol Date: Thu, 12 Nov 2020 18:17:45 +0000 Subject: [PATCH 09/53] Update for multi-sub --- landingzones/caf_foundations/landingzone.tf | 17 +++++++++++ landingzones/caf_foundations/output.tf | 6 ++++ landingzones/caf_foundations/variables.tf | 9 ++++++ landingzones/caf_launchpad/main.tf | 4 +-- .../caf_shared_services/landingzone.tf | 28 +++++++++++-------- .../locals.remote_tfstates.tf | 3 ++ landingzones/caf_shared_services/variables.tf | 6 ++++ 7 files changed, 59 insertions(+), 14 deletions(-) create mode 100644 landingzones/caf_foundations/landingzone.tf diff --git a/landingzones/caf_foundations/landingzone.tf b/landingzones/caf_foundations/landingzone.tf new file mode 100644 index 000000000..ac35a4359 --- /dev/null +++ b/landingzones/caf_foundations/landingzone.tf @@ -0,0 +1,17 @@ +module "foundations" { + source = "aztfmod/caf/azurerm" + version = "~> 0.4" + + current_landingzone_key = var.landingzone.key + tenant_id = var.tenant_id + tags = local.tags + diagnostics = local.diagnostics + global_settings = local.global_settings + tfstates = local.tfstates + diagnostic_storage_accounts = var.diagnostic_storage_accounts + logged_user_objectId = var.logged_user_objectId + logged_aad_app_objectId = var.logged_aad_app_objectId + resource_groups = var.resource_groups + keyvaults = var.keyvaults + +} \ No newline at end of file diff --git a/landingzones/caf_foundations/output.tf b/landingzones/caf_foundations/output.tf index 527339cb4..52527ee7a 100644 --- a/landingzones/caf_foundations/output.tf +++ b/landingzones/caf_foundations/output.tf @@ -26,3 +26,9 @@ output tfstates { sensitive = true } +output keyvaults { + value = map( + var.landingzone.key, + module.foundations.keyvaults + ) +} diff --git a/landingzones/caf_foundations/variables.tf b/landingzones/caf_foundations/variables.tf index b69a305ee..8173b1c07 100644 --- a/landingzones/caf_foundations/variables.tf +++ b/landingzones/caf_foundations/variables.tf @@ -50,4 +50,13 @@ variable enterprise_scale { variable diagnostics_definition { default = {} +} +variable keyvaults { + default = {} +} +variable resource_groups { + default = {} +} +variable diagnostic_storage_accounts { + default = {} } \ No newline at end of file diff --git a/landingzones/caf_launchpad/main.tf b/landingzones/caf_launchpad/main.tf index a4a0d75cb..3e1df265b 100644 --- a/landingzones/caf_launchpad/main.tf +++ b/landingzones/caf_launchpad/main.tf @@ -77,11 +77,9 @@ locals { use_slug = var.use_slug } - tfstates = map(var.landingzone.key, - map( + tfstates = map( var.landingzone.key, local.backend[var.landingzone.backend_type] - ) ) backend = { diff --git a/landingzones/caf_shared_services/landingzone.tf b/landingzones/caf_shared_services/landingzone.tf index adf5743e7..1d79973a8 100644 --- a/landingzones/caf_shared_services/landingzone.tf +++ b/landingzones/caf_shared_services/landingzone.tf @@ -2,23 +2,29 @@ module "landingzones_shared_services" { source = "aztfmod/caf/azurerm" version = "~> 0.4" - current_landingzone_key = var.landingzone.key - tenant_id = var.tenant_id - tags = local.tags - diagnostics = local.diagnostics - global_settings = local.global_settings - tfstates = local.tfstates - logged_user_objectId = var.logged_user_objectId - logged_aad_app_objectId = var.logged_aad_app_objectId - - resource_groups = var.resource_groups + current_landingzone_key = var.landingzone.key + tenant_id = var.tenant_id + tags = local.tags + diagnostics = local.diagnostics + global_settings = local.global_settings + tfstates = local.tfstates + diagnostic_storage_accounts = var.diagnostic_storage_accounts + logged_user_objectId = var.logged_user_objectId + logged_aad_app_objectId = var.logged_aad_app_objectId + resource_groups = var.resource_groups + shared_services = { recovery_vaults = var.recovery_vaults automations = var.automations } + compute = { + virtual_machines = var.virtual_machines + } + # Pass the remote objects you need to connect to. remote_objects = { - vnets = local.remote.vnets + vnets = local.remote.vnets + keyvaults = local.remote.keyvaults } } \ No newline at end of file diff --git a/landingzones/caf_shared_services/locals.remote_tfstates.tf b/landingzones/caf_shared_services/locals.remote_tfstates.tf index 984041133..772c252e3 100644 --- a/landingzones/caf_shared_services/locals.remote_tfstates.tf +++ b/landingzones/caf_shared_services/locals.remote_tfstates.tf @@ -54,5 +54,8 @@ locals { vnets = { for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.vnets[key], {})) } + keyvaults = { + for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.keyvaults[key], {})) + } } } diff --git a/landingzones/caf_shared_services/variables.tf b/landingzones/caf_shared_services/variables.tf index 4c18715f0..9be2c557d 100644 --- a/landingzones/caf_shared_services/variables.tf +++ b/landingzones/caf_shared_services/variables.tf @@ -59,3 +59,9 @@ variable replicated_vms { variable network_mappings { default = {} } +variable diagnostic_storage_accounts { + default = {} +} +variable virtual_machines { + default = {} +} \ No newline at end of file From 719461e7defc4ca03628587f909e05fe2d8946ba Mon Sep 17 00:00:00 2001 From: lolorol Date: Thu, 12 Nov 2020 18:17:45 +0000 Subject: [PATCH 10/53] Update for multi-sub --- landingzones/caf_foundations/output.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/landingzones/caf_foundations/output.tf b/landingzones/caf_foundations/output.tf index 52527ee7a..05108c1a3 100644 --- a/landingzones/caf_foundations/output.tf +++ b/landingzones/caf_foundations/output.tf @@ -31,4 +31,8 @@ output keyvaults { var.landingzone.key, module.foundations.keyvaults ) +<<<<<<< HEAD } +======= +} +>>>>>>> 0f4d568... Update for multi-sub From d7f8ca4bd7333d2180ebc420d8257d72d4cec8a0 Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 17 Nov 2020 08:59:31 +0000 Subject: [PATCH 11/53] Update output --- landingzones/caf_foundations/output.tf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/landingzones/caf_foundations/output.tf b/landingzones/caf_foundations/output.tf index 05108c1a3..52527ee7a 100644 --- a/landingzones/caf_foundations/output.tf +++ b/landingzones/caf_foundations/output.tf @@ -31,8 +31,4 @@ output keyvaults { var.landingzone.key, module.foundations.keyvaults ) -<<<<<<< HEAD } -======= -} ->>>>>>> 0f4d568... Update for multi-sub From c43621c563f16b91dda9cfcdc88450dc79417ce0 Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Thu, 12 Nov 2020 23:49:46 +0000 Subject: [PATCH 12/53] Using module from registry --- landingzones/caf_networking/landingzone.tf | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/landingzones/caf_networking/landingzone.tf b/landingzones/caf_networking/landingzone.tf index 196878edf..d2b38eba9 100644 --- a/landingzones/caf_networking/landingzone.tf +++ b/landingzones/caf_networking/landingzone.tf @@ -1,7 +1,6 @@ module "networking" { - # source = "aztfmod/caf/azurerm" - # version = "~> 0.4" - source = "/tf/caf/aztfmod" + source = "aztfmod/caf/azurerm" + version = "~> 0.4" current_landingzone_key = var.landingzone.key tags = local.tags From f8a80ecb18d2b29b2a2bc80ac5a21f7268af3783 Mon Sep 17 00:00:00 2001 From: lolorol Date: Wed, 18 Nov 2020 00:02:02 +0000 Subject: [PATCH 13/53] Add Express Route Circuit output object --- landingzones/caf_networking/output.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/landingzones/caf_networking/output.tf b/landingzones/caf_networking/output.tf index 0f47296e6..200581068 100644 --- a/landingzones/caf_networking/output.tf +++ b/landingzones/caf_networking/output.tf @@ -46,4 +46,8 @@ output managed_identities { output azuread_groups { value = local.remote.azuread_groups sensitive = true +} +output express_route_circuits { + value = module.networking.express_route_circuits + sensitive = false } \ No newline at end of file From e148db43f37ae649fadf2013d5661055aee09932 Mon Sep 17 00:00:00 2001 From: lolorol Date: Fri, 20 Nov 2020 10:21:59 +0000 Subject: [PATCH 14/53] Add Log_analytics and eventhub namspace in caf_foundations --- landingzones/caf_foundations/landingzone.tf | 3 ++- landingzones/caf_foundations/locals.remote_tfstates.tf | 6 +++--- landingzones/caf_foundations/variables.tf | 6 ++++++ 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/landingzones/caf_foundations/landingzone.tf b/landingzones/caf_foundations/landingzone.tf index ac35a4359..668e6e349 100644 --- a/landingzones/caf_foundations/landingzone.tf +++ b/landingzones/caf_foundations/landingzone.tf @@ -13,5 +13,6 @@ module "foundations" { logged_aad_app_objectId = var.logged_aad_app_objectId resource_groups = var.resource_groups keyvaults = var.keyvaults - + log_analytics = var.log_analytics + event_hub_namespaces = var.event_hub_namespaces } \ No newline at end of file diff --git a/landingzones/caf_foundations/locals.remote_tfstates.tf b/landingzones/caf_foundations/locals.remote_tfstates.tf index 724c6a19a..af3ffa455 100644 --- a/landingzones/caf_foundations/locals.remote_tfstates.tf +++ b/landingzones/caf_foundations/locals.remote_tfstates.tf @@ -38,9 +38,9 @@ locals { diagnostics = { diagnostics_definition = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_definition, var.diagnostics_definition) diagnostics_destinations = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations - storage_accounts = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.storage_accounts - log_analytics = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.log_analytics - event_hub_namespaces = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.event_hub_namespaces + storage_accounts = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.storage_accounts, try(module.foundations.diagnostic_storage_accounts, {})) + log_analytics = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.log_analytics, try(module.foundations.log_analytics, {})) + event_hub_namespaces = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.event_hub_namespaces, try(module.foundations.event_hub_namespaces, {})) } diff --git a/landingzones/caf_foundations/variables.tf b/landingzones/caf_foundations/variables.tf index 3e7a41cbf..acec210c3 100644 --- a/landingzones/caf_foundations/variables.tf +++ b/landingzones/caf_foundations/variables.tf @@ -60,6 +60,12 @@ variable keyvaults { variable resource_groups { default = {} } +variable log_analytics { + default = {} +} +variable event_hub_namespaces { + default = {} +} variable diagnostic_storage_accounts { default = {} } \ No newline at end of file From c4ea78dd94b27d41a47b3ca08c08255fb1ea66cc Mon Sep 17 00:00:00 2001 From: lolorol Date: Fri, 20 Nov 2020 10:35:37 +0000 Subject: [PATCH 15/53] Upgrade to azurerm 2.37.0 Upgrade CAF Enterprise Scale to 0.6-preview --- landingzones/caf_foundations/es_main.tf | 2 +- landingzones/caf_foundations/main.tf | 2 +- landingzones/caf_launchpad/add-ons/azure_devops/main.tf | 2 +- .../caf_launchpad/add-ons/azure_devops_agent/main.tf | 2 +- landingzones/caf_launchpad/main.tf | 2 +- landingzones/caf_networking/landingzone.tf | 5 ++--- landingzones/caf_networking/main.tf | 2 +- landingzones/caf_shared_services/main.tf | 2 +- 8 files changed, 9 insertions(+), 10 deletions(-) diff --git a/landingzones/caf_foundations/es_main.tf b/landingzones/caf_foundations/es_main.tf index 92eab72e4..ae7a80355 100644 --- a/landingzones/caf_foundations/es_main.tf +++ b/landingzones/caf_foundations/es_main.tf @@ -1,7 +1,7 @@ module "enterprise_scale" { source = "Azure/caf-enterprise-scale/azurerm" - version = "0.0.6-preview" + version = "0.0.7-preview" root_parent_id = data.azurerm_client_config.current.tenant_id diff --git a/landingzones/caf_foundations/main.tf b/landingzones/caf_foundations/main.tf index 4bc35db8a..4522d9400 100644 --- a/landingzones/caf_foundations/main.tf +++ b/landingzones/caf_foundations/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.32.0" + version = "~> 2.37.0" } azuread = { source = "hashicorp/azuread" diff --git a/landingzones/caf_launchpad/add-ons/azure_devops/main.tf b/landingzones/caf_launchpad/add-ons/azure_devops/main.tf index 8ef2817bb..eaaf74372 100644 --- a/landingzones/caf_launchpad/add-ons/azure_devops/main.tf +++ b/landingzones/caf_launchpad/add-ons/azure_devops/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.32.0" + version = "~> 2.37.0" } azuread = { source = "hashicorp/azuread" diff --git a/landingzones/caf_launchpad/add-ons/azure_devops_agent/main.tf b/landingzones/caf_launchpad/add-ons/azure_devops_agent/main.tf index b9972c502..5b3fcecb9 100644 --- a/landingzones/caf_launchpad/add-ons/azure_devops_agent/main.tf +++ b/landingzones/caf_launchpad/add-ons/azure_devops_agent/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.32.0" + version = "~> 2.37.0" } azuread = { source = "hashicorp/azuread" diff --git a/landingzones/caf_launchpad/main.tf b/landingzones/caf_launchpad/main.tf index 3e1df265b..6853d6cd6 100644 --- a/landingzones/caf_launchpad/main.tf +++ b/landingzones/caf_launchpad/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.33.0" + version = "~> 2.37.0" } azuread = { source = "hashicorp/azuread" diff --git a/landingzones/caf_networking/landingzone.tf b/landingzones/caf_networking/landingzone.tf index 196878edf..d2b38eba9 100644 --- a/landingzones/caf_networking/landingzone.tf +++ b/landingzones/caf_networking/landingzone.tf @@ -1,7 +1,6 @@ module "networking" { - # source = "aztfmod/caf/azurerm" - # version = "~> 0.4" - source = "/tf/caf/aztfmod" + source = "aztfmod/caf/azurerm" + version = "~> 0.4" current_landingzone_key = var.landingzone.key tags = local.tags diff --git a/landingzones/caf_networking/main.tf b/landingzones/caf_networking/main.tf index 101baa5ac..ea50ec543 100644 --- a/landingzones/caf_networking/main.tf +++ b/landingzones/caf_networking/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.32.0" + version = "~> 2.37.0" } azuread = { source = "hashicorp/azuread" diff --git a/landingzones/caf_shared_services/main.tf b/landingzones/caf_shared_services/main.tf index 101baa5ac..ea50ec543 100644 --- a/landingzones/caf_shared_services/main.tf +++ b/landingzones/caf_shared_services/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.32.0" + version = "~> 2.37.0" } azuread = { source = "hashicorp/azuread" From c215d1a134b121663d1e3f154d47284df1e60161 Mon Sep 17 00:00:00 2001 From: lolorol Date: Wed, 18 Nov 2020 00:02:02 +0000 Subject: [PATCH 16/53] Add Express Route Circuit output object --- landingzones/caf_networking/output.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/landingzones/caf_networking/output.tf b/landingzones/caf_networking/output.tf index 0f47296e6..200581068 100644 --- a/landingzones/caf_networking/output.tf +++ b/landingzones/caf_networking/output.tf @@ -46,4 +46,8 @@ output managed_identities { output azuread_groups { value = local.remote.azuread_groups sensitive = true +} +output express_route_circuits { + value = module.networking.express_route_circuits + sensitive = false } \ No newline at end of file From 08cb3652747e52a8e3dd18b55984ed43e249e139 Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 17 Nov 2020 07:28:52 +0000 Subject: [PATCH 17/53] Add Express Route Circuit --- landingzones/caf_networking/landingzone.tf | 8 ++++++-- landingzones/caf_networking/variables.tf | 3 +++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/landingzones/caf_networking/landingzone.tf b/landingzones/caf_networking/landingzone.tf index d2b38eba9..17b5e8b30 100644 --- a/landingzones/caf_networking/landingzone.tf +++ b/landingzones/caf_networking/landingzone.tf @@ -1,6 +1,7 @@ module "networking" { - source = "aztfmod/caf/azurerm" - version = "~> 0.4" + # source = "aztfmod/caf/azurerm" + # version = "~> 0.4" + source = "/tf/caf/aztfmod" current_landingzone_key = var.landingzone.key tags = local.tags @@ -25,7 +26,10 @@ module "networking" { azurerm_firewall_nat_rule_collection_definition = var.azurerm_firewall_nat_rule_collection_definition azurerm_firewalls = var.azurerm_firewalls express_route_circuits = var.express_route_circuits +<<<<<<< HEAD express_route_circuit_authorizations = var.express_route_circuit_authorizations +======= +>>>>>>> 31f9746... Add Express Route Circuit public_ip_addresses = var.public_ip_addresses route_tables = var.route_tables azurerm_routes = var.azurerm_routes diff --git a/landingzones/caf_networking/variables.tf b/landingzones/caf_networking/variables.tf index fed3c656b..e1dbc92bb 100644 --- a/landingzones/caf_networking/variables.tf +++ b/landingzones/caf_networking/variables.tf @@ -120,7 +120,10 @@ variable keyvault_access_policies { } variable express_route_circuits { default = {} +<<<<<<< HEAD } variable express_route_circuit_authorizations { default = {} +======= +>>>>>>> 31f9746... Add Express Route Circuit } \ No newline at end of file From 54c3f5c4324e83fa0997c1638ce974a60ba07e96 Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 17 Nov 2020 07:28:52 +0000 Subject: [PATCH 18/53] Add Express Route Circuit --- landingzones/caf_networking/landingzone.tf | 3 +++ landingzones/caf_networking/variables.tf | 3 +++ 2 files changed, 6 insertions(+) diff --git a/landingzones/caf_networking/landingzone.tf b/landingzones/caf_networking/landingzone.tf index 17b5e8b30..22c620473 100644 --- a/landingzones/caf_networking/landingzone.tf +++ b/landingzones/caf_networking/landingzone.tf @@ -26,9 +26,12 @@ module "networking" { azurerm_firewall_nat_rule_collection_definition = var.azurerm_firewall_nat_rule_collection_definition azurerm_firewalls = var.azurerm_firewalls express_route_circuits = var.express_route_circuits +<<<<<<< HEAD <<<<<<< HEAD express_route_circuit_authorizations = var.express_route_circuit_authorizations ======= +>>>>>>> 31f9746... Add Express Route Circuit +======= >>>>>>> 31f9746... Add Express Route Circuit public_ip_addresses = var.public_ip_addresses route_tables = var.route_tables diff --git a/landingzones/caf_networking/variables.tf b/landingzones/caf_networking/variables.tf index e1dbc92bb..6cdf72f0e 100644 --- a/landingzones/caf_networking/variables.tf +++ b/landingzones/caf_networking/variables.tf @@ -121,9 +121,12 @@ variable keyvault_access_policies { variable express_route_circuits { default = {} <<<<<<< HEAD +<<<<<<< HEAD } variable express_route_circuit_authorizations { default = {} ======= >>>>>>> 31f9746... Add Express Route Circuit +======= +>>>>>>> 31f9746... Add Express Route Circuit } \ No newline at end of file From bac56a211bee25dcde87e35492a355b01c79c72d Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 17 Nov 2020 07:28:52 +0000 Subject: [PATCH 19/53] Add Express Route Circuit --- landingzones/caf_networking/landingzone.tf | 6 ------ landingzones/caf_networking/variables.tf | 6 ------ 2 files changed, 12 deletions(-) diff --git a/landingzones/caf_networking/landingzone.tf b/landingzones/caf_networking/landingzone.tf index 22c620473..196878edf 100644 --- a/landingzones/caf_networking/landingzone.tf +++ b/landingzones/caf_networking/landingzone.tf @@ -26,13 +26,7 @@ module "networking" { azurerm_firewall_nat_rule_collection_definition = var.azurerm_firewall_nat_rule_collection_definition azurerm_firewalls = var.azurerm_firewalls express_route_circuits = var.express_route_circuits -<<<<<<< HEAD -<<<<<<< HEAD express_route_circuit_authorizations = var.express_route_circuit_authorizations -======= ->>>>>>> 31f9746... Add Express Route Circuit -======= ->>>>>>> 31f9746... Add Express Route Circuit public_ip_addresses = var.public_ip_addresses route_tables = var.route_tables azurerm_routes = var.azurerm_routes diff --git a/landingzones/caf_networking/variables.tf b/landingzones/caf_networking/variables.tf index 6cdf72f0e..fed3c656b 100644 --- a/landingzones/caf_networking/variables.tf +++ b/landingzones/caf_networking/variables.tf @@ -120,13 +120,7 @@ variable keyvault_access_policies { } variable express_route_circuits { default = {} -<<<<<<< HEAD -<<<<<<< HEAD } variable express_route_circuit_authorizations { default = {} -======= ->>>>>>> 31f9746... Add Express Route Circuit -======= ->>>>>>> 31f9746... Add Express Route Circuit } \ No newline at end of file From ac0a73b5288c03bb9b1bcfec9fecebcc68026dd6 Mon Sep 17 00:00:00 2001 From: lolorol Date: Fri, 20 Nov 2020 10:21:59 +0000 Subject: [PATCH 20/53] Add Log_analytics and eventhub namspace in caf_foundations --- landingzones/caf_foundations/landingzone.tf | 3 ++- landingzones/caf_foundations/locals.remote_tfstates.tf | 6 +++--- landingzones/caf_foundations/variables.tf | 6 ++++++ 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/landingzones/caf_foundations/landingzone.tf b/landingzones/caf_foundations/landingzone.tf index ac35a4359..668e6e349 100644 --- a/landingzones/caf_foundations/landingzone.tf +++ b/landingzones/caf_foundations/landingzone.tf @@ -13,5 +13,6 @@ module "foundations" { logged_aad_app_objectId = var.logged_aad_app_objectId resource_groups = var.resource_groups keyvaults = var.keyvaults - + log_analytics = var.log_analytics + event_hub_namespaces = var.event_hub_namespaces } \ No newline at end of file diff --git a/landingzones/caf_foundations/locals.remote_tfstates.tf b/landingzones/caf_foundations/locals.remote_tfstates.tf index 984041133..bbda9c3d0 100644 --- a/landingzones/caf_foundations/locals.remote_tfstates.tf +++ b/landingzones/caf_foundations/locals.remote_tfstates.tf @@ -37,9 +37,9 @@ locals { diagnostics = { diagnostics_definition = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_definition, var.diagnostics_definition) diagnostics_destinations = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations - storage_accounts = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.storage_accounts - log_analytics = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.log_analytics - event_hub_namespaces = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.event_hub_namespaces + storage_accounts = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.storage_accounts, try(module.foundations.diagnostic_storage_accounts, {})) + log_analytics = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.log_analytics, try(module.foundations.log_analytics, {})) + event_hub_namespaces = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.event_hub_namespaces, try(module.foundations.event_hub_namespaces, {})) } diff --git a/landingzones/caf_foundations/variables.tf b/landingzones/caf_foundations/variables.tf index 8173b1c07..b45947498 100644 --- a/landingzones/caf_foundations/variables.tf +++ b/landingzones/caf_foundations/variables.tf @@ -57,6 +57,12 @@ variable keyvaults { variable resource_groups { default = {} } +variable log_analytics { + default = {} +} +variable event_hub_namespaces { + default = {} +} variable diagnostic_storage_accounts { default = {} } \ No newline at end of file From 5984c0fda7a49de2a66cf3c5f799118a89822e09 Mon Sep 17 00:00:00 2001 From: lolorol Date: Fri, 20 Nov 2020 10:35:37 +0000 Subject: [PATCH 21/53] Upgrade to azurerm 2.37.0 Upgrade CAF Enterprise Scale to 0.6-preview --- landingzones/caf_foundations/es_main.tf | 2 +- landingzones/caf_foundations/main.tf | 2 +- landingzones/caf_launchpad/add-ons/azure_devops/main.tf | 2 +- .../caf_launchpad/add-ons/azure_devops_agent/main.tf | 2 +- landingzones/caf_launchpad/main.tf | 2 +- landingzones/caf_networking/landingzone.tf | 5 ++--- landingzones/caf_networking/main.tf | 2 +- landingzones/caf_shared_services/main.tf | 2 +- 8 files changed, 9 insertions(+), 10 deletions(-) diff --git a/landingzones/caf_foundations/es_main.tf b/landingzones/caf_foundations/es_main.tf index 92eab72e4..ae7a80355 100644 --- a/landingzones/caf_foundations/es_main.tf +++ b/landingzones/caf_foundations/es_main.tf @@ -1,7 +1,7 @@ module "enterprise_scale" { source = "Azure/caf-enterprise-scale/azurerm" - version = "0.0.6-preview" + version = "0.0.7-preview" root_parent_id = data.azurerm_client_config.current.tenant_id diff --git a/landingzones/caf_foundations/main.tf b/landingzones/caf_foundations/main.tf index 4bc35db8a..4522d9400 100644 --- a/landingzones/caf_foundations/main.tf +++ b/landingzones/caf_foundations/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.32.0" + version = "~> 2.37.0" } azuread = { source = "hashicorp/azuread" diff --git a/landingzones/caf_launchpad/add-ons/azure_devops/main.tf b/landingzones/caf_launchpad/add-ons/azure_devops/main.tf index 8ef2817bb..eaaf74372 100644 --- a/landingzones/caf_launchpad/add-ons/azure_devops/main.tf +++ b/landingzones/caf_launchpad/add-ons/azure_devops/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.32.0" + version = "~> 2.37.0" } azuread = { source = "hashicorp/azuread" diff --git a/landingzones/caf_launchpad/add-ons/azure_devops_agent/main.tf b/landingzones/caf_launchpad/add-ons/azure_devops_agent/main.tf index b9972c502..5b3fcecb9 100644 --- a/landingzones/caf_launchpad/add-ons/azure_devops_agent/main.tf +++ b/landingzones/caf_launchpad/add-ons/azure_devops_agent/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.32.0" + version = "~> 2.37.0" } azuread = { source = "hashicorp/azuread" diff --git a/landingzones/caf_launchpad/main.tf b/landingzones/caf_launchpad/main.tf index 3e1df265b..6853d6cd6 100644 --- a/landingzones/caf_launchpad/main.tf +++ b/landingzones/caf_launchpad/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.33.0" + version = "~> 2.37.0" } azuread = { source = "hashicorp/azuread" diff --git a/landingzones/caf_networking/landingzone.tf b/landingzones/caf_networking/landingzone.tf index 196878edf..d2b38eba9 100644 --- a/landingzones/caf_networking/landingzone.tf +++ b/landingzones/caf_networking/landingzone.tf @@ -1,7 +1,6 @@ module "networking" { - # source = "aztfmod/caf/azurerm" - # version = "~> 0.4" - source = "/tf/caf/aztfmod" + source = "aztfmod/caf/azurerm" + version = "~> 0.4" current_landingzone_key = var.landingzone.key tags = local.tags diff --git a/landingzones/caf_networking/main.tf b/landingzones/caf_networking/main.tf index 101baa5ac..ea50ec543 100644 --- a/landingzones/caf_networking/main.tf +++ b/landingzones/caf_networking/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.32.0" + version = "~> 2.37.0" } azuread = { source = "hashicorp/azuread" diff --git a/landingzones/caf_shared_services/main.tf b/landingzones/caf_shared_services/main.tf index 101baa5ac..ea50ec543 100644 --- a/landingzones/caf_shared_services/main.tf +++ b/landingzones/caf_shared_services/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.32.0" + version = "~> 2.37.0" } azuread = { source = "hashicorp/azuread" From 86a8d2d9dd05fcf591ca40bdb615997459facb37 Mon Sep 17 00:00:00 2001 From: lolorol Date: Fri, 20 Nov 2020 10:48:46 +0000 Subject: [PATCH 22/53] Update to rover aztfmod/roveralpha:2011.121352 --- .github/workflows/landingzones.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/landingzones.yml b/.github/workflows/landingzones.yml index 7c0e716b0..5afe3915f 100644 --- a/.github/workflows/landingzones.yml +++ b/.github/workflows/landingzones.yml @@ -41,7 +41,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/rover:2010.2808 + image: aztfmod/roveralpha:2011.121352 options: --user 0 steps: @@ -90,7 +90,7 @@ jobs: ] container: - image: aztfmod/rover:2010.2808 + image: aztfmod/roveralpha:2011.121352 options: --user 0 steps: @@ -134,7 +134,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/rover:2010.2808 + image: aztfmod/roveralpha:2011.121352 options: --user 0 steps: @@ -181,7 +181,7 @@ jobs: ] container: - image: aztfmod/rover:2010.2808 + image: aztfmod/roveralpha:2011.121352 options: --user 0 steps: @@ -224,7 +224,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/rover:2010.2808 + image: aztfmod/roveralpha:2011.121352 options: --user 0 steps: From 55f1b0a7526f0a2149cfc5bf1213b7f77447e07a Mon Sep 17 00:00:00 2001 From: lolorol Date: Wed, 25 Nov 2020 06:55:53 +0000 Subject: [PATCH 23/53] Update for multi-sub --- landingzones/caf_foundations/landingzone.tf | 9 ++++++--- .../caf_foundations/locals.remote_tfstates.tf | 12 +++++------- landingzones/caf_foundations/output.tf | 2 +- landingzones/caf_foundations/variables.tf | 3 +++ landingzones/caf_shared_services/landingzone.tf | 5 +++-- .../caf_shared_services/locals.remote_tfstates.tf | 3 +++ landingzones/caf_shared_services/output.tf | 7 +++++++ 7 files changed, 28 insertions(+), 13 deletions(-) diff --git a/landingzones/caf_foundations/landingzone.tf b/landingzones/caf_foundations/landingzone.tf index 668e6e349..2e9f29bb0 100644 --- a/landingzones/caf_foundations/landingzone.tf +++ b/landingzones/caf_foundations/landingzone.tf @@ -1,13 +1,16 @@ module "foundations" { - source = "aztfmod/caf/azurerm" - version = "~> 0.4" + # source = "aztfmod/caf/azurerm" + # version = "~> 0.4" + source = "/tf/caf/aztfmod" current_landingzone_key = var.landingzone.key tenant_id = var.tenant_id tags = local.tags - diagnostics = local.diagnostics + diagnostics = var.diagnostics_destinations == {} ? local.diagnostics : null global_settings = local.global_settings tfstates = local.tfstates + diagnostics_definition = var.diagnostics_definition + diagnostics_destinations = var.diagnostics_destinations diagnostic_storage_accounts = var.diagnostic_storage_accounts logged_user_objectId = var.logged_user_objectId logged_aad_app_objectId = var.logged_aad_app_objectId diff --git a/landingzones/caf_foundations/locals.remote_tfstates.tf b/landingzones/caf_foundations/locals.remote_tfstates.tf index af3ffa455..f725768ea 100644 --- a/landingzones/caf_foundations/locals.remote_tfstates.tf +++ b/landingzones/caf_foundations/locals.remote_tfstates.tf @@ -35,15 +35,13 @@ locals { global_settings = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.global_settings - diagnostics = { + diagnostics = var.diagnostics_destinations == {} ? { diagnostics_definition = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_definition, var.diagnostics_definition) diagnostics_destinations = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations - storage_accounts = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.storage_accounts, try(module.foundations.diagnostic_storage_accounts, {})) - log_analytics = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.log_analytics, try(module.foundations.log_analytics, {})) - event_hub_namespaces = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.event_hub_namespaces, try(module.foundations.event_hub_namespaces, {})) - } - - + storage_accounts = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.storage_accounts + log_analytics = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.log_analytics + event_hub_namespaces = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.event_hub_namespaces + } : null remote = { managed_identities = { diff --git a/landingzones/caf_foundations/output.tf b/landingzones/caf_foundations/output.tf index 52527ee7a..2ec83d420 100644 --- a/landingzones/caf_foundations/output.tf +++ b/landingzones/caf_foundations/output.tf @@ -4,7 +4,7 @@ output global_settings { } output diagnostics { - value = local.diagnostics + value = module.foundations.diagnostics sensitive = true } diff --git a/landingzones/caf_foundations/variables.tf b/landingzones/caf_foundations/variables.tf index acec210c3..ce9e10fa1 100644 --- a/landingzones/caf_foundations/variables.tf +++ b/landingzones/caf_foundations/variables.tf @@ -68,4 +68,7 @@ variable event_hub_namespaces { } variable diagnostic_storage_accounts { default = {} +} +variable diagnostics_destinations { + default = {} } \ No newline at end of file diff --git a/landingzones/caf_shared_services/landingzone.tf b/landingzones/caf_shared_services/landingzone.tf index 1d79973a8..d7dd17281 100644 --- a/landingzones/caf_shared_services/landingzone.tf +++ b/landingzones/caf_shared_services/landingzone.tf @@ -24,7 +24,8 @@ module "landingzones_shared_services" { # Pass the remote objects you need to connect to. remote_objects = { - vnets = local.remote.vnets - keyvaults = local.remote.keyvaults + vnets = local.remote.vnets + keyvaults = local.remote.keyvaults + recovery_vaults = local.remote.recovery_vaults } } \ No newline at end of file diff --git a/landingzones/caf_shared_services/locals.remote_tfstates.tf b/landingzones/caf_shared_services/locals.remote_tfstates.tf index 502fcd46a..9a2b19f2e 100644 --- a/landingzones/caf_shared_services/locals.remote_tfstates.tf +++ b/landingzones/caf_shared_services/locals.remote_tfstates.tf @@ -58,5 +58,8 @@ locals { keyvaults = { for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.keyvaults[key], {})) } + recovery_vaults = { + for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.recovery_vaults[key], {})) + } } } diff --git a/landingzones/caf_shared_services/output.tf b/landingzones/caf_shared_services/output.tf index 4ab45337e..92eed0a31 100644 --- a/landingzones/caf_shared_services/output.tf +++ b/landingzones/caf_shared_services/output.tf @@ -20,4 +20,11 @@ output managed_identities { output azuread_groups { value = local.remote.azuread_groups sensitive = true +} + +output recovery_vaults { + value = map( + var.landingzone.key, + module.landingzones_shared_services.recovery_vaults + ) } \ No newline at end of file From 20b7685c9c6b5a52ec56e966fb37eff83e3db3ad Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 1 Dec 2020 17:19:54 +0000 Subject: [PATCH 24/53] Update to support diagnostics ihneritance --- landingzones/caf_foundations/landingzone.tf | 10 ++--- .../caf_foundations/locals.remote_tfstates.tf | 27 +++++++++--- landingzones/caf_foundations/output.tf | 9 ++-- landingzones/caf_foundations/variables.tf | 6 +++ landingzones/caf_launchpad/main.tf | 4 +- .../210-aks-private/configuration.tfvars | 24 +++++----- .../peerings/launchpad/configuration.tfvars | 8 ++-- .../caf_shared_services/landingzone.tf | 7 +-- .../caf_shared_services/vm_extensions.tf | 44 +++++++++++++++++++ 9 files changed, 100 insertions(+), 39 deletions(-) create mode 100644 landingzones/caf_shared_services/vm_extensions.tf diff --git a/landingzones/caf_foundations/landingzone.tf b/landingzones/caf_foundations/landingzone.tf index 2e9f29bb0..ccb4f4022 100644 --- a/landingzones/caf_foundations/landingzone.tf +++ b/landingzones/caf_foundations/landingzone.tf @@ -1,12 +1,12 @@ module "foundations" { # source = "aztfmod/caf/azurerm" # version = "~> 0.4" - source = "/tf/caf/aztfmod" + source = "github.com/aztfmod/terraform-azurerm-caf?ref=patch-diagnostics" current_landingzone_key = var.landingzone.key tenant_id = var.tenant_id tags = local.tags - diagnostics = var.diagnostics_destinations == {} ? local.diagnostics : null + diagnostics = local.remote.diagnostics global_settings = local.global_settings tfstates = local.tfstates diagnostics_definition = var.diagnostics_definition @@ -16,6 +16,6 @@ module "foundations" { logged_aad_app_objectId = var.logged_aad_app_objectId resource_groups = var.resource_groups keyvaults = var.keyvaults - log_analytics = var.log_analytics - event_hub_namespaces = var.event_hub_namespaces -} \ No newline at end of file + log_analytics = var.diagnostic_log_analytics + event_hub_namespaces = var.diagnostic_event_hub_namespaces +} diff --git a/landingzones/caf_foundations/locals.remote_tfstates.tf b/landingzones/caf_foundations/locals.remote_tfstates.tf index f725768ea..4a4b6508b 100644 --- a/landingzones/caf_foundations/locals.remote_tfstates.tf +++ b/landingzones/caf_foundations/locals.remote_tfstates.tf @@ -35,15 +35,28 @@ locals { global_settings = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.global_settings - diagnostics = var.diagnostics_destinations == {} ? { - diagnostics_definition = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_definition, var.diagnostics_definition) - diagnostics_destinations = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations - storage_accounts = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.storage_accounts - log_analytics = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.log_analytics - event_hub_namespaces = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.event_hub_namespaces - } : null remote = { + diagnostics = { + diagnostics_definition = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_definition, var.diagnostics_definition) + diagnostics_destinations = { + event_hub_namespaces = merge( + try(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations.event_hub_namespaces, {}), + try(var.diagnostics_destinations.event_hub_namespaces, {}) + ) + log_analytics = merge( + try(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations.log_analytics, {}), + try(var.diagnostics_destinations.log_analytics, {}) + ) + storage = merge( + try(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations.storage, {}), + try(var.diagnostics_destinations.storage, {}) + ) + } + storage_accounts = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.storage_accounts + log_analytics = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.log_analytics + event_hub_namespaces = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.event_hub_namespaces + } managed_identities = { for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.managed_identities[key], {})) } diff --git a/landingzones/caf_foundations/output.tf b/landingzones/caf_foundations/output.tf index 2ec83d420..f88b232d2 100644 --- a/landingzones/caf_foundations/output.tf +++ b/landingzones/caf_foundations/output.tf @@ -2,12 +2,10 @@ output global_settings { value = local.global_settings sensitive = true } - output diagnostics { value = module.foundations.diagnostics - sensitive = true + sensitive = false } - output vnets { value = local.remote.vnets sensitive = true @@ -20,15 +18,14 @@ output azuread_groups { value = local.remote.azuread_groups sensitive = true } - output tfstates { value = local.tfstates sensitive = true } - output keyvaults { value = map( var.landingzone.key, - module.foundations.keyvaults + try(module.foundations.keyvaults, {}) ) + sensitive = true } diff --git a/landingzones/caf_foundations/variables.tf b/landingzones/caf_foundations/variables.tf index ce9e10fa1..f853e3e8c 100644 --- a/landingzones/caf_foundations/variables.tf +++ b/landingzones/caf_foundations/variables.tf @@ -69,6 +69,12 @@ variable event_hub_namespaces { variable diagnostic_storage_accounts { default = {} } +variable diagnostic_event_hub_namespaces { + default = {} +} +variable diagnostic_log_analytics { + default = {} +} variable diagnostics_destinations { default = {} } \ No newline at end of file diff --git a/landingzones/caf_launchpad/main.tf b/landingzones/caf_launchpad/main.tf index 6853d6cd6..ad0fe6f62 100644 --- a/landingzones/caf_launchpad/main.tf +++ b/landingzones/caf_launchpad/main.tf @@ -78,8 +78,8 @@ locals { } tfstates = map( - var.landingzone.key, - local.backend[var.landingzone.backend_type] + var.landingzone.key, + local.backend[var.landingzone.backend_type] ) backend = { diff --git a/landingzones/caf_networking/scenario/210-aks-private/configuration.tfvars b/landingzones/caf_networking/scenario/210-aks-private/configuration.tfvars index 6dc8046b1..b264d5adc 100644 --- a/landingzones/caf_networking/scenario/210-aks-private/configuration.tfvars +++ b/landingzones/caf_networking/scenario/210-aks-private/configuration.tfvars @@ -63,19 +63,19 @@ vnets = { specialsubnets = {} subnets = { aks_nodepool_system = { - name = "aks_nodepool_system" - cidr = ["100.64.48.0/24"] - route_table_key = "default_to_firewall_rg1" + name = "aks_nodepool_system" + cidr = ["100.64.48.0/24"] + route_table_key = "default_to_firewall_rg1" } aks_nodepool_user1 = { - name = "aks_nodepool_user1" - cidr = ["100.64.49.0/24"] - route_table_key = "default_to_firewall_rg1" + name = "aks_nodepool_user1" + cidr = ["100.64.49.0/24"] + route_table_key = "default_to_firewall_rg1" } aks_nodepool_user2 = { - name = "aks_nodepool_user2" - cidr = ["100.64.50.0/24"] - route_table_key = "default_to_firewall_rg1" + name = "aks_nodepool_user2" + cidr = ["100.64.50.0/24"] + route_table_key = "default_to_firewall_rg1" } private_links = { name = "private_links" @@ -94,9 +94,9 @@ vnet_peerings = { vnet_key = "hub_rg1" } to = { - lz_key = "launchpad" - output_key = "vnets" - vnet_key = "devops_region1" + lz_key = "launchpad" + output_key = "vnets" + vnet_key = "devops_region1" } name = "hub_rg1-TO-devops_region1" allow_virtual_network_access = true diff --git a/landingzones/caf_networking/scenario/210-aks-private/peerings/launchpad/configuration.tfvars b/landingzones/caf_networking/scenario/210-aks-private/peerings/launchpad/configuration.tfvars index 8a6c2fd91..16bc4fd29 100644 --- a/landingzones/caf_networking/scenario/210-aks-private/peerings/launchpad/configuration.tfvars +++ b/landingzones/caf_networking/scenario/210-aks-private/peerings/launchpad/configuration.tfvars @@ -23,12 +23,12 @@ vnet_peerings = { # Inbound peer with the devops vnet launchpad_devops-TO-hub_rg1 = { from = { - vnet_key = "devops_region1" + vnet_key = "devops_region1" } to = { - lz_key = "networking_hub" - output_key = "vnets" - vnet_key = "hub_rg1" + lz_key = "networking_hub" + output_key = "vnets" + vnet_key = "hub_rg1" } name = "launchpad_devops-TO-hub_rg1" allow_virtual_network_access = true diff --git a/landingzones/caf_shared_services/landingzone.tf b/landingzones/caf_shared_services/landingzone.tf index d7dd17281..b6f8cf338 100644 --- a/landingzones/caf_shared_services/landingzone.tf +++ b/landingzones/caf_shared_services/landingzone.tf @@ -1,6 +1,7 @@ module "landingzones_shared_services" { - source = "aztfmod/caf/azurerm" - version = "~> 0.4" + # source = "aztfmod/caf/azurerm" + # version = "~> 0.4" + source = "github.com/aztfmod/terraform-azurerm-caf?ref=patch-diagnostics" current_landingzone_key = var.landingzone.key tenant_id = var.tenant_id @@ -12,7 +13,7 @@ module "landingzones_shared_services" { logged_user_objectId = var.logged_user_objectId logged_aad_app_objectId = var.logged_aad_app_objectId resource_groups = var.resource_groups - + shared_services = { recovery_vaults = var.recovery_vaults automations = var.automations diff --git a/landingzones/caf_shared_services/vm_extensions.tf b/landingzones/caf_shared_services/vm_extensions.tf new file mode 100644 index 000000000..87d6e3e35 --- /dev/null +++ b/landingzones/caf_shared_services/vm_extensions.tf @@ -0,0 +1,44 @@ +# +# microsoft_enterprise_cloud_monitoring - Install the monitoring agent in the virtual machine +# + + +module "vm_extension_monitoring_agent" { + source = "aztfmod/caf/azurerm//modules/compute/virtual_machine_extensions" + version = "~> 0.4" + depends_on = [module.landingzones_shared_services] + + for_each = { + for key, value in try(var.virtual_machines, {}) : key => value + if try(value.virtual_machine_extensions.microsoft_enterprise_cloud_monitoring, null) != null + } + + client_config = module.landingzones_shared_services.client_config + virtual_machine_id = module.landingzones_shared_services.virtual_machines[each.key].id + extension = each.value.virtual_machine_extensions.microsoft_enterprise_cloud_monitoring + extension_name = "microsoft_enterprise_cloud_monitoring" + settings = { + diagnostics = local.diagnostics + } +} + +module "vm_extension_diagnostics" { + source = "aztfmod/caf/azurerm//modules/compute/virtual_machine_extensions" + version = "~> 0.4" + depends_on = [module.landingzones_shared_services] + + for_each = { + for key, value in try(var.virtual_machines, {}) : key => value + if try(value.virtual_machine_extensions.microsoft_azure_diagnostics, null) != null + } + + client_config = module.landingzones_shared_services.client_config + virtual_machine_id = module.landingzones_shared_services.virtual_machines[each.key].id + extension = each.value.virtual_machine_extensions.microsoft_azure_diagnostics + extension_name = "microsoft_azure_diagnostics" + settings = { + diagnostics = local.diagnostics + xml_diagnostics_file = try(each.value.virtual_machine_extensions.microsoft_azure_diagnostics.xml_diagnostics_file, null) + diagnostics_storage_account_keys = each.value.virtual_machine_extensions.microsoft_azure_diagnostics.diagnostics_storage_account_keys + } +} From dcc8d0d91b9cfee6ef5a8eb2416b3c2839a27609 Mon Sep 17 00:00:00 2001 From: lolorol Date: Wed, 2 Dec 2020 01:51:03 +0000 Subject: [PATCH 25/53] Update for nsg flow logs --- landingzones/caf_networking/landingzone.tf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/landingzones/caf_networking/landingzone.tf b/landingzones/caf_networking/landingzone.tf index d2b38eba9..5a3928308 100644 --- a/landingzones/caf_networking/landingzone.tf +++ b/landingzones/caf_networking/landingzone.tf @@ -1,6 +1,7 @@ module "networking" { - source = "aztfmod/caf/azurerm" - version = "~> 0.4" + # source = "aztfmod/caf/azurerm" + # version = "~> 0.4" + source = "github.com/aztfmod/terraform-azurerm-caf?ref=patch-diagnostics" current_landingzone_key = var.landingzone.key tags = local.tags From f37b28242b4fad208a110b1f8cd086de64c75931 Mon Sep 17 00:00:00 2001 From: lolorol Date: Wed, 2 Dec 2020 04:57:13 +0000 Subject: [PATCH 26/53] Break - update of diagnostics to support inheritence --- landingzones/caf_launchpad/landingzone.tf | 17 ++-- landingzones/caf_launchpad/output.tf | 2 +- .../diagnostic_event_hub_namespaces.tfvars | 20 +++++ .../200/diagnostic_log_analytics.tfvars | 48 +++++++++++ ...ars => diagnostic_storage_accounts.tfvars} | 79 ++----------------- landingzones/caf_launchpad/variables.tf | 7 +- 6 files changed, 92 insertions(+), 81 deletions(-) create mode 100644 landingzones/caf_launchpad/scenario/200/diagnostic_event_hub_namespaces.tfvars create mode 100644 landingzones/caf_launchpad/scenario/200/diagnostic_log_analytics.tfvars rename landingzones/caf_launchpad/scenario/200/{diagnostics_repositories.tfvars => diagnostic_storage_accounts.tfvars} (51%) diff --git a/landingzones/caf_launchpad/landingzone.tf b/landingzones/caf_launchpad/landingzone.tf index c8a64c6a1..70d400eb0 100644 --- a/landingzones/caf_launchpad/landingzone.tf +++ b/landingzones/caf_launchpad/landingzone.tf @@ -1,6 +1,8 @@ module "launchpad" { - source = "aztfmod/caf/azurerm" - version = "~> 0.4" + # source = "aztfmod/caf/azurerm" + # version = "~> 0.4" + # source = "github.com/aztfmod/terraform-azurerm-caf?ref=patch-diagnostics" + source = "../../../aztfmod" current_landingzone_key = var.landingzone.key tenant_id = var.tenant_id @@ -11,9 +13,14 @@ module "launchpad" { logged_aad_app_objectId = var.logged_aad_app_objectId user_type = var.user_type log_analytics = var.log_analytics + diagnostics = { + diagnostics_definition = var.diagnostics_definition + diagnostics_destinations = var.diagnostics_destinations + diagnostic_event_hub_namespaces = var.diagnostic_event_hub_namespaces + diagnostic_log_analytics = var.diagnostic_log_analytics + diagnostic_storage_accounts = var.diagnostic_storage_accounts + } event_hub_namespaces = var.event_hub_namespaces - diagnostics_definition = var.diagnostics_definition - diagnostics_destinations = var.diagnostics_destinations resource_groups = var.resource_groups keyvaults = var.keyvaults keyvault_access_policies = var.keyvault_access_policies @@ -31,7 +38,7 @@ module "launchpad" { route_tables = var.route_tables } storage_accounts = var.storage_accounts - diagnostic_storage_accounts = var.diagnostic_storage_accounts + # diagnostic_storage_accounts = var.diagnostic_storage_accounts azuread_apps = var.azuread_apps azuread_api_permissions = var.azuread_api_permissions azuread_groups = var.azuread_groups diff --git a/landingzones/caf_launchpad/output.tf b/landingzones/caf_launchpad/output.tf index 8d276d398..4cb2761db 100644 --- a/landingzones/caf_launchpad/output.tf +++ b/landingzones/caf_launchpad/output.tf @@ -5,7 +5,7 @@ output global_settings { output diagnostics { value = module.launchpad.diagnostics - sensitive = true + sensitive = false } output networking { diff --git a/landingzones/caf_launchpad/scenario/200/diagnostic_event_hub_namespaces.tfvars b/landingzones/caf_launchpad/scenario/200/diagnostic_event_hub_namespaces.tfvars new file mode 100644 index 000000000..75c3e3e90 --- /dev/null +++ b/landingzones/caf_launchpad/scenario/200/diagnostic_event_hub_namespaces.tfvars @@ -0,0 +1,20 @@ + +# Event hub diagnostics +diagnostic_event_hub_namespaces = { + central_logs_region1 = { + name = "logs" + resource_group_key = "ops" + sku = "Standard" + region = "region1" + + diagnostic_profiles = { + central_logs_region1 = { + definition_key = "event_hub_namespace" + destination_type = "storage" + destination_key = "all_regions" + } + } + } +} + + diff --git a/landingzones/caf_launchpad/scenario/200/diagnostic_log_analytics.tfvars b/landingzones/caf_launchpad/scenario/200/diagnostic_log_analytics.tfvars new file mode 100644 index 000000000..fd2cb048f --- /dev/null +++ b/landingzones/caf_launchpad/scenario/200/diagnostic_log_analytics.tfvars @@ -0,0 +1,48 @@ +# +# Define the settings for log analytics workspace and solution map +# +diagnostic_log_analytics = { + central_logs_region1 = { + region = "region1" + name = "logs" + resource_group_key = "ops" + # you can setup up to 5 key + diagnostic_profiles = { + central_logs_region1 = { + definition_key = "log_analytics" + destination_type = "log_analytics" + destination_key = "central_logs" + } + } + solutions_maps = { + NetworkMonitoring = { + "publisher" = "Microsoft" + "product" = "OMSGallery/NetworkMonitoring" + }, + ADAssessment = { + "publisher" = "Microsoft" + "product" = "OMSGallery/ADAssessment" + }, + ADReplication = { + "publisher" = "Microsoft" + "product" = "OMSGallery/ADReplication" + }, + AgentHealthAssessment = { + "publisher" = "Microsoft" + "product" = "OMSGallery/AgentHealthAssessment" + }, + DnsAnalytics = { + "publisher" = "Microsoft" + "product" = "OMSGallery/DnsAnalytics" + }, + ContainerInsights = { + "publisher" = "Microsoft" + "product" = "OMSGallery/ContainerInsights" + }, + KeyVaultAnalytics = { + "publisher" = "Microsoft" + "product" = "OMSGallery/KeyVaultAnalytics" + } + } + } +} diff --git a/landingzones/caf_launchpad/scenario/200/diagnostics_repositories.tfvars b/landingzones/caf_launchpad/scenario/200/diagnostic_storage_accounts.tfvars similarity index 51% rename from landingzones/caf_launchpad/scenario/200/diagnostics_repositories.tfvars rename to landingzones/caf_launchpad/scenario/200/diagnostic_storage_accounts.tfvars index 9b47a0094..a58c5eee8 100644 --- a/landingzones/caf_launchpad/scenario/200/diagnostics_repositories.tfvars +++ b/landingzones/caf_launchpad/scenario/200/diagnostic_storage_accounts.tfvars @@ -7,7 +7,7 @@ diagnostic_storage_accounts = { name = "diaglogsrg1" region = "region1" resource_group_key = "ops" - account_kind = "BlobStorage" + account_kind = "StorageV2" account_tier = "Standard" account_replication_type = "LRS" access_tier = "Cool" @@ -17,7 +17,7 @@ diagnostic_storage_accounts = { name = "diaglogrg2" region = "region2" resource_group_key = "ops" - account_kind = "BlobStorage" + account_kind = "StorageV2" account_tier = "Standard" account_replication_type = "LRS" access_tier = "Cool" @@ -26,7 +26,7 @@ diagnostic_storage_accounts = { diagsiem_region1 = { name = "siemsg1" resource_group_key = "siem" - account_kind = "BlobStorage" + account_kind = "StorageV2" account_tier = "Standard" account_replication_type = "LRS" access_tier = "Cool" @@ -36,7 +36,7 @@ diagnostic_storage_accounts = { name = "siemrg2" region = "region2" resource_group_key = "siem" - account_kind = "BlobStorage" + account_kind = "StorageV2" account_tier = "Standard" account_replication_type = "LRS" access_tier = "Cool" @@ -61,73 +61,4 @@ diagnostic_storage_accounts = { account_replication_type = "LRS" access_tier = "Cool" } -} - -# -# Define the settings for log analytics workspace and solution map -# -log_analytics = { - central_logs_region1 = { - region = "region1" - name = "logs" - resource_group_key = "ops" - # you can setup up to 5 key - diagnostic_profiles = { - central_logs_region1 = { - definition_key = "log_analytics" - destination_type = "log_analytics" - destination_key = "central_logs" - } - } - solutions_maps = { - NetworkMonitoring = { - "publisher" = "Microsoft" - "product" = "OMSGallery/NetworkMonitoring" - }, - ADAssessment = { - "publisher" = "Microsoft" - "product" = "OMSGallery/ADAssessment" - }, - ADReplication = { - "publisher" = "Microsoft" - "product" = "OMSGallery/ADReplication" - }, - AgentHealthAssessment = { - "publisher" = "Microsoft" - "product" = "OMSGallery/AgentHealthAssessment" - }, - DnsAnalytics = { - "publisher" = "Microsoft" - "product" = "OMSGallery/DnsAnalytics" - }, - ContainerInsights = { - "publisher" = "Microsoft" - "product" = "OMSGallery/ContainerInsights" - }, - KeyVaultAnalytics = { - "publisher" = "Microsoft" - "product" = "OMSGallery/KeyVaultAnalytics" - } - } - } -} - -# Event hub diagnostics -event_hub_namespaces = { - central_logs_region1 = { - name = "logs" - resource_group_key = "ops" - sku = "Standard" - region = "region1" - - diagnostic_profiles = { - central_logs_region1 = { - definition_key = "event_hub_namespace" - destination_type = "storage" - destination_key = "all_regions" - } - } - } -} - - +} \ No newline at end of file diff --git a/landingzones/caf_launchpad/variables.tf b/landingzones/caf_launchpad/variables.tf index 26a3e02c7..5d04bce8c 100644 --- a/landingzones/caf_launchpad/variables.tf +++ b/landingzones/caf_launchpad/variables.tf @@ -74,7 +74,12 @@ variable storage_accounts {} variable diagnostic_storage_accounts { default = {} } - +variable diagnostic_event_hub_namespaces { + default = {} +} +variable diagnostic_log_analytics { + default = {} +} variable keyvaults {} variable keyvault_access_policies { default = {} From 94fc56fb4888f5555b8685bd6e1aabc1cd352b32 Mon Sep 17 00:00:00 2001 From: lolorol Date: Wed, 2 Dec 2020 09:05:29 +0000 Subject: [PATCH 27/53] Update for remote diagnostics objects --- landingzones/caf_foundations/locals.remote_tfstates.tf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/landingzones/caf_foundations/locals.remote_tfstates.tf b/landingzones/caf_foundations/locals.remote_tfstates.tf index 4a4b6508b..a57dcbbe4 100644 --- a/landingzones/caf_foundations/locals.remote_tfstates.tf +++ b/landingzones/caf_foundations/locals.remote_tfstates.tf @@ -38,6 +38,12 @@ locals { remote = { diagnostics = { + # Get the diagnostics settings of services to create + diagnostic_event_hub_namespaces = var.diagnostic_event_hub_namespaces + diagnostic_log_analytics = var.diagnostic_log_analytics + diagnostic_storage_accounts = var.diagnostic_storage_accounts + + # Combine the diagnostics definitions diagnostics_definition = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_definition, var.diagnostics_definition) diagnostics_destinations = { event_hub_namespaces = merge( @@ -53,10 +59,12 @@ locals { try(var.diagnostics_destinations.storage, {}) ) } + # Get the remote existing diagnostics objects storage_accounts = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.storage_accounts log_analytics = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.log_analytics event_hub_namespaces = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.event_hub_namespaces } + managed_identities = { for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.managed_identities[key], {})) } From 3a1296c72c715458eb88205a101a652d564c1e4a Mon Sep 17 00:00:00 2001 From: lolorol Date: Wed, 2 Dec 2020 09:14:13 +0000 Subject: [PATCH 28/53] Fix diagnostics inheritence for shared services and networking --- landingzones/caf_launchpad/landingzone.tf | 4 +- landingzones/caf_networking/landingzone.tf | 2 +- .../caf_networking/locals.remote_tfstates.tf | 36 ++++++++++++++---- .../caf_shared_services/landingzone.tf | 2 +- .../locals.remote_tfstates.tf | 38 ++++++++++++++----- 5 files changed, 60 insertions(+), 22 deletions(-) diff --git a/landingzones/caf_launchpad/landingzone.tf b/landingzones/caf_launchpad/landingzone.tf index 70d400eb0..66db8ed5b 100644 --- a/landingzones/caf_launchpad/landingzone.tf +++ b/landingzones/caf_launchpad/landingzone.tf @@ -1,8 +1,8 @@ module "launchpad" { # source = "aztfmod/caf/azurerm" # version = "~> 0.4" - # source = "github.com/aztfmod/terraform-azurerm-caf?ref=patch-diagnostics" - source = "../../../aztfmod" + source = "github.com/aztfmod/terraform-azurerm-caf?ref=patch-diagnostics" + # source = "../../../aztfmod" current_landingzone_key = var.landingzone.key tenant_id = var.tenant_id diff --git a/landingzones/caf_networking/landingzone.tf b/landingzones/caf_networking/landingzone.tf index 5a3928308..a20750fa3 100644 --- a/landingzones/caf_networking/landingzone.tf +++ b/landingzones/caf_networking/landingzone.tf @@ -5,7 +5,7 @@ module "networking" { current_landingzone_key = var.landingzone.key tags = local.tags - diagnostics = local.diagnostics + diagnostics = local.remote.diagnostics global_settings = local.global_settings tfstates = local.tfstates tenant_id = var.tenant_id diff --git a/landingzones/caf_networking/locals.remote_tfstates.tf b/landingzones/caf_networking/locals.remote_tfstates.tf index c6396f225..7f91547c7 100644 --- a/landingzones/caf_networking/locals.remote_tfstates.tf +++ b/landingzones/caf_networking/locals.remote_tfstates.tf @@ -35,16 +35,36 @@ locals { global_settings = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.global_settings - diagnostics = { - diagnostics_definition = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_definition, var.diagnostics_definition) - diagnostics_destinations = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations - storage_accounts = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.storage_accounts - log_analytics = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.log_analytics - event_hub_namespaces = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.event_hub_namespaces - } - remote = { + diagnostics = { + # Get the diagnostics settings of services to create + diagnostic_event_hub_namespaces = var.diagnostic_event_hub_namespaces + diagnostic_log_analytics = var.diagnostic_log_analytics + diagnostic_storage_accounts = var.diagnostic_storage_accounts + + # Combine the diagnostics definitions + diagnostics_definition = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_definition, var.diagnostics_definition) + diagnostics_destinations = { + event_hub_namespaces = merge( + try(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations.event_hub_namespaces, {}), + try(var.diagnostics_destinations.event_hub_namespaces, {}) + ) + log_analytics = merge( + try(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations.log_analytics, {}), + try(var.diagnostics_destinations.log_analytics, {}) + ) + storage = merge( + try(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations.storage, {}), + try(var.diagnostics_destinations.storage, {}) + ) + } + # Get the remote existing diagnostics objects + storage_accounts = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.storage_accounts + log_analytics = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.log_analytics + event_hub_namespaces = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.event_hub_namespaces + } + managed_identities = { for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.managed_identities[key], {})) } diff --git a/landingzones/caf_shared_services/landingzone.tf b/landingzones/caf_shared_services/landingzone.tf index b6f8cf338..988d12f07 100644 --- a/landingzones/caf_shared_services/landingzone.tf +++ b/landingzones/caf_shared_services/landingzone.tf @@ -6,7 +6,7 @@ module "landingzones_shared_services" { current_landingzone_key = var.landingzone.key tenant_id = var.tenant_id tags = local.tags - diagnostics = local.diagnostics + diagnostics = local.remote.diagnostics global_settings = local.global_settings tfstates = local.tfstates diagnostic_storage_accounts = var.diagnostic_storage_accounts diff --git a/landingzones/caf_shared_services/locals.remote_tfstates.tf b/landingzones/caf_shared_services/locals.remote_tfstates.tf index 9a2b19f2e..869299d1a 100644 --- a/landingzones/caf_shared_services/locals.remote_tfstates.tf +++ b/landingzones/caf_shared_services/locals.remote_tfstates.tf @@ -35,18 +35,36 @@ locals { global_settings = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.global_settings - diagnostics = { - diagnostics_definition = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_definition, var.diagnostics_definition) - diagnostics_destinations = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations - storage_accounts = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.storage_accounts - log_analytics = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.log_analytics - event_hub_namespaces = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.event_hub_namespaces - } - - - remote = { managed_identities = { + diagnostics = { + # Get the diagnostics settings of services to create + diagnostic_event_hub_namespaces = var.diagnostic_event_hub_namespaces + diagnostic_log_analytics = var.diagnostic_log_analytics + diagnostic_storage_accounts = var.diagnostic_storage_accounts + + # Combine the diagnostics definitions + diagnostics_definition = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_definition, var.diagnostics_definition) + diagnostics_destinations = { + event_hub_namespaces = merge( + try(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations.event_hub_namespaces, {}), + try(var.diagnostics_destinations.event_hub_namespaces, {}) + ) + log_analytics = merge( + try(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations.log_analytics, {}), + try(var.diagnostics_destinations.log_analytics, {}) + ) + storage = merge( + try(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations.storage, {}), + try(var.diagnostics_destinations.storage, {}) + ) + } + # Get the remote existing diagnostics objects + storage_accounts = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.storage_accounts + log_analytics = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.log_analytics + event_hub_namespaces = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.event_hub_namespaces + } + for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.managed_identities[key], {})) } azuread_groups = { From 71888ac954014fc442559b977b7f1aaf8a25d337 Mon Sep 17 00:00:00 2001 From: lolorol Date: Wed, 2 Dec 2020 09:46:44 +0000 Subject: [PATCH 29/53] Update diagnostics --- landingzones/caf_networking/landingzone.tf | 2 +- .../caf_networking/locals.remote_tfstates.tf | 36 ++++-------------- .../caf_shared_services/landingzone.tf | 3 +- .../locals.remote_tfstates.tf | 38 +++++-------------- 4 files changed, 20 insertions(+), 59 deletions(-) diff --git a/landingzones/caf_networking/landingzone.tf b/landingzones/caf_networking/landingzone.tf index a20750fa3..5a3928308 100644 --- a/landingzones/caf_networking/landingzone.tf +++ b/landingzones/caf_networking/landingzone.tf @@ -5,7 +5,7 @@ module "networking" { current_landingzone_key = var.landingzone.key tags = local.tags - diagnostics = local.remote.diagnostics + diagnostics = local.diagnostics global_settings = local.global_settings tfstates = local.tfstates tenant_id = var.tenant_id diff --git a/landingzones/caf_networking/locals.remote_tfstates.tf b/landingzones/caf_networking/locals.remote_tfstates.tf index 7f91547c7..c6396f225 100644 --- a/landingzones/caf_networking/locals.remote_tfstates.tf +++ b/landingzones/caf_networking/locals.remote_tfstates.tf @@ -35,36 +35,16 @@ locals { global_settings = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.global_settings + diagnostics = { + diagnostics_definition = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_definition, var.diagnostics_definition) + diagnostics_destinations = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations + storage_accounts = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.storage_accounts + log_analytics = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.log_analytics + event_hub_namespaces = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.event_hub_namespaces + } + remote = { - diagnostics = { - # Get the diagnostics settings of services to create - diagnostic_event_hub_namespaces = var.diagnostic_event_hub_namespaces - diagnostic_log_analytics = var.diagnostic_log_analytics - diagnostic_storage_accounts = var.diagnostic_storage_accounts - - # Combine the diagnostics definitions - diagnostics_definition = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_definition, var.diagnostics_definition) - diagnostics_destinations = { - event_hub_namespaces = merge( - try(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations.event_hub_namespaces, {}), - try(var.diagnostics_destinations.event_hub_namespaces, {}) - ) - log_analytics = merge( - try(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations.log_analytics, {}), - try(var.diagnostics_destinations.log_analytics, {}) - ) - storage = merge( - try(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations.storage, {}), - try(var.diagnostics_destinations.storage, {}) - ) - } - # Get the remote existing diagnostics objects - storage_accounts = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.storage_accounts - log_analytics = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.log_analytics - event_hub_namespaces = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.event_hub_namespaces - } - managed_identities = { for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.managed_identities[key], {})) } diff --git a/landingzones/caf_shared_services/landingzone.tf b/landingzones/caf_shared_services/landingzone.tf index 988d12f07..e5f51c966 100644 --- a/landingzones/caf_shared_services/landingzone.tf +++ b/landingzones/caf_shared_services/landingzone.tf @@ -6,10 +6,9 @@ module "landingzones_shared_services" { current_landingzone_key = var.landingzone.key tenant_id = var.tenant_id tags = local.tags - diagnostics = local.remote.diagnostics + diagnostics = local.diagnostics global_settings = local.global_settings tfstates = local.tfstates - diagnostic_storage_accounts = var.diagnostic_storage_accounts logged_user_objectId = var.logged_user_objectId logged_aad_app_objectId = var.logged_aad_app_objectId resource_groups = var.resource_groups diff --git a/landingzones/caf_shared_services/locals.remote_tfstates.tf b/landingzones/caf_shared_services/locals.remote_tfstates.tf index 869299d1a..9a2b19f2e 100644 --- a/landingzones/caf_shared_services/locals.remote_tfstates.tf +++ b/landingzones/caf_shared_services/locals.remote_tfstates.tf @@ -35,36 +35,18 @@ locals { global_settings = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.global_settings + diagnostics = { + diagnostics_definition = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_definition, var.diagnostics_definition) + diagnostics_destinations = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations + storage_accounts = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.storage_accounts + log_analytics = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.log_analytics + event_hub_namespaces = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.event_hub_namespaces + } + + + remote = { managed_identities = { - diagnostics = { - # Get the diagnostics settings of services to create - diagnostic_event_hub_namespaces = var.diagnostic_event_hub_namespaces - diagnostic_log_analytics = var.diagnostic_log_analytics - diagnostic_storage_accounts = var.diagnostic_storage_accounts - - # Combine the diagnostics definitions - diagnostics_definition = merge(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_definition, var.diagnostics_definition) - diagnostics_destinations = { - event_hub_namespaces = merge( - try(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations.event_hub_namespaces, {}), - try(var.diagnostics_destinations.event_hub_namespaces, {}) - ) - log_analytics = merge( - try(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations.log_analytics, {}), - try(var.diagnostics_destinations.log_analytics, {}) - ) - storage = merge( - try(data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.diagnostics_destinations.storage, {}), - try(var.diagnostics_destinations.storage, {}) - ) - } - # Get the remote existing diagnostics objects - storage_accounts = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.storage_accounts - log_analytics = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.log_analytics - event_hub_namespaces = data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.diagnostics.event_hub_namespaces - } - for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.managed_identities[key], {})) } azuread_groups = { From 6eb80cc9eacb94d1b667c7762197cbc2c5621dd0 Mon Sep 17 00:00:00 2001 From: lolorol Date: Thu, 3 Dec 2020 00:18:18 +0000 Subject: [PATCH 30/53] Update duplicate log_analytics --- landingzones/caf_foundations/landingzone.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/landingzones/caf_foundations/landingzone.tf b/landingzones/caf_foundations/landingzone.tf index ccb4f4022..976a8e755 100644 --- a/landingzones/caf_foundations/landingzone.tf +++ b/landingzones/caf_foundations/landingzone.tf @@ -16,6 +16,6 @@ module "foundations" { logged_aad_app_objectId = var.logged_aad_app_objectId resource_groups = var.resource_groups keyvaults = var.keyvaults - log_analytics = var.diagnostic_log_analytics - event_hub_namespaces = var.diagnostic_event_hub_namespaces + log_analytics = var.log_analytics + event_hub_namespaces = var.event_hub_namespaces } From 29d96c497f42c2e1538b6ab574cd0ca642c255cb Mon Sep 17 00:00:00 2001 From: lolorol Date: Thu, 3 Dec 2020 06:03:19 +0000 Subject: [PATCH 31/53] Update diagnostics --- landingzones/caf_foundations/landingzone.tf | 1 + landingzones/caf_networking/output.tf | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/landingzones/caf_foundations/landingzone.tf b/landingzones/caf_foundations/landingzone.tf index 976a8e755..535644824 100644 --- a/landingzones/caf_foundations/landingzone.tf +++ b/landingzones/caf_foundations/landingzone.tf @@ -2,6 +2,7 @@ module "foundations" { # source = "aztfmod/caf/azurerm" # version = "~> 0.4" source = "github.com/aztfmod/terraform-azurerm-caf?ref=patch-diagnostics" + # source = "/tf/caf/aztfmod" current_landingzone_key = var.landingzone.key tenant_id = var.tenant_id diff --git a/landingzones/caf_networking/output.tf b/landingzones/caf_networking/output.tf index 200581068..95b798b49 100644 --- a/landingzones/caf_networking/output.tf +++ b/landingzones/caf_networking/output.tf @@ -1,3 +1,8 @@ +output diagnostics { + value = module.networking.diagnostics + sensitive = false +} + output tfstates { value = local.tfstates sensitive = true From db70f4da70bf867165d47bdc1e5c4efe42a344fd Mon Sep 17 00:00:00 2001 From: lolorol Date: Fri, 4 Dec 2020 04:08:53 +0000 Subject: [PATCH 32/53] Update to rover 2011.3012 --- .devcontainer/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml index 5bf276162..d2950a5e0 100644 --- a/.devcontainer/docker-compose.yml +++ b/.devcontainer/docker-compose.yml @@ -6,7 +6,7 @@ version: '3.7' services: rover: - image: aztfmod/rover:2010.2808 + image: aztfmod/rover:2011.3012 user: vscode labels: From b871c6c5ee2fd98e52be482a6ad5b99bf5c4c603 Mon Sep 17 00:00:00 2001 From: lolorol Date: Fri, 4 Dec 2020 04:11:19 +0000 Subject: [PATCH 33/53] Update azurerm to 2.37.0 --- landingzones/caf_foundations/main.tf | 2 +- landingzones/caf_launchpad/add-ons/azure_devops/main.tf | 2 +- landingzones/caf_launchpad/add-ons/azure_devops_agent/main.tf | 2 +- landingzones/caf_launchpad/main.tf | 2 +- landingzones/caf_networking/main.tf | 2 +- landingzones/caf_shared_services/main.tf | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/landingzones/caf_foundations/main.tf b/landingzones/caf_foundations/main.tf index 4522d9400..8aa607e17 100644 --- a/landingzones/caf_foundations/main.tf +++ b/landingzones/caf_foundations/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.37.0" + version = "2.37.0" } azuread = { source = "hashicorp/azuread" diff --git a/landingzones/caf_launchpad/add-ons/azure_devops/main.tf b/landingzones/caf_launchpad/add-ons/azure_devops/main.tf index eaaf74372..7ca33265e 100644 --- a/landingzones/caf_launchpad/add-ons/azure_devops/main.tf +++ b/landingzones/caf_launchpad/add-ons/azure_devops/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.37.0" + version = "2.37.0" } azuread = { source = "hashicorp/azuread" diff --git a/landingzones/caf_launchpad/add-ons/azure_devops_agent/main.tf b/landingzones/caf_launchpad/add-ons/azure_devops_agent/main.tf index 5b3fcecb9..ae1c4dc00 100644 --- a/landingzones/caf_launchpad/add-ons/azure_devops_agent/main.tf +++ b/landingzones/caf_launchpad/add-ons/azure_devops_agent/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.37.0" + version = "2.37.0" } azuread = { source = "hashicorp/azuread" diff --git a/landingzones/caf_launchpad/main.tf b/landingzones/caf_launchpad/main.tf index 6853d6cd6..ce64cfcd4 100644 --- a/landingzones/caf_launchpad/main.tf +++ b/landingzones/caf_launchpad/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.37.0" + version = "2.37.0" } azuread = { source = "hashicorp/azuread" diff --git a/landingzones/caf_networking/main.tf b/landingzones/caf_networking/main.tf index ea50ec543..1d86afd9a 100644 --- a/landingzones/caf_networking/main.tf +++ b/landingzones/caf_networking/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.37.0" + version = "2.37.0" } azuread = { source = "hashicorp/azuread" diff --git a/landingzones/caf_shared_services/main.tf b/landingzones/caf_shared_services/main.tf index ea50ec543..1d86afd9a 100644 --- a/landingzones/caf_shared_services/main.tf +++ b/landingzones/caf_shared_services/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.37.0" + version = "2.37.0" } azuread = { source = "hashicorp/azuread" From 11536fef1bccd6d12d475ddb56359875b51b3983 Mon Sep 17 00:00:00 2001 From: lolorol Date: Fri, 4 Dec 2020 08:50:13 +0000 Subject: [PATCH 34/53] Update for integration --- landingzones/caf_foundations/dynamic_secrets.tf | 11 +++++++++++ landingzones/caf_foundations/landingzone.tf | 3 +-- landingzones/caf_foundations/variables.tf | 3 +++ .../add-ons/azure_devops/solution.tf | 5 +++-- .../add-ons/azure_devops_agent/solution.tf | 5 +++-- landingzones/caf_launchpad/dynamic_secrets.tf | 4 +++- landingzones/caf_launchpad/landingzone.tf | 3 +-- landingzones/caf_networking/landingzone.tf | 2 +- landingzones/caf_shared_services/landingzone.tf | 4 ++-- landingzones/caf_shared_services/vm_extensions.tf | 15 +++++++++------ 10 files changed, 37 insertions(+), 18 deletions(-) create mode 100644 landingzones/caf_foundations/dynamic_secrets.tf diff --git a/landingzones/caf_foundations/dynamic_secrets.tf b/landingzones/caf_foundations/dynamic_secrets.tf new file mode 100644 index 000000000..505dc174e --- /dev/null +++ b/landingzones/caf_foundations/dynamic_secrets.tf @@ -0,0 +1,11 @@ + +module dynamic_keyvault_secrets { + source = "aztfmod/caf/azurerm//modules/security/dynamic_keyvault_secrets" + version = "~> 0.4" + + for_each = try(var.dynamic_keyvault_secrets, {}) + + settings = each.value + keyvault_id = module.foundations.keyvaults[each.key].id + objects = module.foundations +} diff --git a/landingzones/caf_foundations/landingzone.tf b/landingzones/caf_foundations/landingzone.tf index 535644824..102e81f2a 100644 --- a/landingzones/caf_foundations/landingzone.tf +++ b/landingzones/caf_foundations/landingzone.tf @@ -1,8 +1,7 @@ module "foundations" { # source = "aztfmod/caf/azurerm" # version = "~> 0.4" - source = "github.com/aztfmod/terraform-azurerm-caf?ref=patch-diagnostics" - # source = "/tf/caf/aztfmod" + source = "github.com/aztfmod/terraform-azurerm-caf?ref=master" current_landingzone_key = var.landingzone.key tenant_id = var.tenant_id diff --git a/landingzones/caf_foundations/variables.tf b/landingzones/caf_foundations/variables.tf index f853e3e8c..fc19f2f99 100644 --- a/landingzones/caf_foundations/variables.tf +++ b/landingzones/caf_foundations/variables.tf @@ -77,4 +77,7 @@ variable diagnostic_log_analytics { } variable diagnostics_destinations { default = {} +} +variable dynamic_keyvault_secrets { + default = {} } \ No newline at end of file diff --git a/landingzones/caf_launchpad/add-ons/azure_devops/solution.tf b/landingzones/caf_launchpad/add-ons/azure_devops/solution.tf index b0053938c..df3cede39 100644 --- a/landingzones/caf_launchpad/add-ons/azure_devops/solution.tf +++ b/landingzones/caf_launchpad/add-ons/azure_devops/solution.tf @@ -1,6 +1,7 @@ module "caf" { - source = "aztfmod/caf/azurerm" - version = "~> 0.4" + # source = "aztfmod/caf/azurerm" + # version = "~> 0.4" + source = "github.com/aztfmod/terraform-azurerm-caf?ref=master" current_landingzone_key = var.landingzone.key tenant_id = var.tenant_id diff --git a/landingzones/caf_launchpad/add-ons/azure_devops_agent/solution.tf b/landingzones/caf_launchpad/add-ons/azure_devops_agent/solution.tf index a95214ad9..7b61ff24d 100644 --- a/landingzones/caf_launchpad/add-ons/azure_devops_agent/solution.tf +++ b/landingzones/caf_launchpad/add-ons/azure_devops_agent/solution.tf @@ -1,6 +1,7 @@ module "caf" { - source = "aztfmod/caf/azurerm" - version = "~> 0.4" + # source = "aztfmod/caf/azurerm" + # version = "~> 0.4" + source = "github.com/aztfmod/terraform-azurerm-caf?ref=master" current_landingzone_key = var.landingzone.key tenant_id = var.tenant_id diff --git a/landingzones/caf_launchpad/dynamic_secrets.tf b/landingzones/caf_launchpad/dynamic_secrets.tf index 49f1672c9..2cdad8b92 100644 --- a/landingzones/caf_launchpad/dynamic_secrets.tf +++ b/landingzones/caf_launchpad/dynamic_secrets.tf @@ -1,6 +1,8 @@ module dynamic_keyvault_secrets { - source = "./dynamic_keyvault_secrets" + source = "aztfmod/caf/azurerm//modules/security/dynamic_keyvault_secrets" + version = "~> 0.4" + for_each = try(var.dynamic_keyvault_secrets, {}) settings = each.value diff --git a/landingzones/caf_launchpad/landingzone.tf b/landingzones/caf_launchpad/landingzone.tf index 66db8ed5b..09f7b3f1c 100644 --- a/landingzones/caf_launchpad/landingzone.tf +++ b/landingzones/caf_launchpad/landingzone.tf @@ -1,8 +1,7 @@ module "launchpad" { # source = "aztfmod/caf/azurerm" # version = "~> 0.4" - source = "github.com/aztfmod/terraform-azurerm-caf?ref=patch-diagnostics" - # source = "../../../aztfmod" + source = "github.com/aztfmod/terraform-azurerm-caf?ref=master" current_landingzone_key = var.landingzone.key tenant_id = var.tenant_id diff --git a/landingzones/caf_networking/landingzone.tf b/landingzones/caf_networking/landingzone.tf index 5a3928308..1e1c2684f 100644 --- a/landingzones/caf_networking/landingzone.tf +++ b/landingzones/caf_networking/landingzone.tf @@ -1,7 +1,7 @@ module "networking" { # source = "aztfmod/caf/azurerm" # version = "~> 0.4" - source = "github.com/aztfmod/terraform-azurerm-caf?ref=patch-diagnostics" + source = "github.com/aztfmod/terraform-azurerm-caf?ref=master" current_landingzone_key = var.landingzone.key tags = local.tags diff --git a/landingzones/caf_shared_services/landingzone.tf b/landingzones/caf_shared_services/landingzone.tf index e5f51c966..4f368a516 100644 --- a/landingzones/caf_shared_services/landingzone.tf +++ b/landingzones/caf_shared_services/landingzone.tf @@ -1,7 +1,7 @@ module "landingzones_shared_services" { # source = "aztfmod/caf/azurerm" - # version = "~> 0.4" - source = "github.com/aztfmod/terraform-azurerm-caf?ref=patch-diagnostics" + # version = "=5.0" + source = "github.com/aztfmod/terraform-azurerm-caf?ref=master" current_landingzone_key = var.landingzone.key tenant_id = var.tenant_id diff --git a/landingzones/caf_shared_services/vm_extensions.tf b/landingzones/caf_shared_services/vm_extensions.tf index 87d6e3e35..885383db6 100644 --- a/landingzones/caf_shared_services/vm_extensions.tf +++ b/landingzones/caf_shared_services/vm_extensions.tf @@ -4,9 +4,12 @@ module "vm_extension_monitoring_agent" { - source = "aztfmod/caf/azurerm//modules/compute/virtual_machine_extensions" - version = "~> 0.4" - depends_on = [module.landingzones_shared_services] + # source = "aztfmod/caf/azurerm//modules/compute/virtual_machine_extensions" + # version = "~> 0.4" + source = "github.com/aztfmod/terraform-azurerm-caf?ref=patch-diagnostics//modules/compute/virtual_machine_extensions" + # source = "/tf/caf/aztfmod/modules/compute/virtual_machine_extensions" + + # depends_on = [module.landingzones_shared_services] for_each = { for key, value in try(var.virtual_machines, {}) : key => value @@ -23,9 +26,9 @@ module "vm_extension_monitoring_agent" { } module "vm_extension_diagnostics" { - source = "aztfmod/caf/azurerm//modules/compute/virtual_machine_extensions" - version = "~> 0.4" - depends_on = [module.landingzones_shared_services] + # source = "aztfmod/caf/azurerm//modules/compute/virtual_machine_extensions" + # version = "~> 0.4" + source = "github.com/aztfmod/terraform-azurerm-caf?ref=master//modules/compute/virtual_machine_extensions" for_each = { for key, value in try(var.virtual_machines, {}) : key => value From 8368d481a79f9af2b732ce8697fada9dde378b4a Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Fri, 4 Dec 2020 17:07:21 +0800 Subject: [PATCH 35/53] Update landingzones.yml Update to rover stable build --- .github/workflows/landingzones.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/landingzones.yml b/.github/workflows/landingzones.yml index 5afe3915f..0531b8892 100644 --- a/.github/workflows/landingzones.yml +++ b/.github/workflows/landingzones.yml @@ -41,7 +41,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/roveralpha:2011.121352 + image: aztfmod/rover:2011.3012 options: --user 0 steps: @@ -90,7 +90,7 @@ jobs: ] container: - image: aztfmod/roveralpha:2011.121352 + image: aztfmod/rover:2011.3012 options: --user 0 steps: @@ -134,7 +134,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/roveralpha:2011.121352 + image: aztfmod/rover:2011.3012 options: --user 0 steps: @@ -181,7 +181,7 @@ jobs: ] container: - image: aztfmod/roveralpha:2011.121352 + image: aztfmod/rover:2011.3012 options: --user 0 steps: @@ -224,7 +224,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/roveralpha:2011.121352 + image: aztfmod/rover:2011.3012 options: --user 0 steps: From 39c5dd2fbd2fc4573bd39181907d6f58a1772e9b Mon Sep 17 00:00:00 2001 From: lolorol Date: Fri, 4 Dec 2020 09:22:06 +0000 Subject: [PATCH 36/53] Add tags into the global settings --- landingzones/caf_launchpad/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/landingzones/caf_launchpad/main.tf b/landingzones/caf_launchpad/main.tf index 797d972c2..f776220c0 100644 --- a/landingzones/caf_launchpad/main.tf +++ b/landingzones/caf_launchpad/main.tf @@ -75,6 +75,7 @@ locals { random_length = var.random_length inherit_tags = var.inherit_tags use_slug = var.use_slug + tags = var.tags } tfstates = map( From b7488752f18dc01b18f32fe62ca20e0547ff9eab Mon Sep 17 00:00:00 2001 From: lolorol Date: Fri, 4 Dec 2020 11:55:48 +0000 Subject: [PATCH 37/53] Patch shared services extensions --- landingzones/caf_shared_services/vm_extensions.tf | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/landingzones/caf_shared_services/vm_extensions.tf b/landingzones/caf_shared_services/vm_extensions.tf index 885383db6..0bb1d84b7 100644 --- a/landingzones/caf_shared_services/vm_extensions.tf +++ b/landingzones/caf_shared_services/vm_extensions.tf @@ -6,10 +6,7 @@ module "vm_extension_monitoring_agent" { # source = "aztfmod/caf/azurerm//modules/compute/virtual_machine_extensions" # version = "~> 0.4" - source = "github.com/aztfmod/terraform-azurerm-caf?ref=patch-diagnostics//modules/compute/virtual_machine_extensions" - # source = "/tf/caf/aztfmod/modules/compute/virtual_machine_extensions" - - # depends_on = [module.landingzones_shared_services] + source = "github.com/aztfmod/terraform-azurerm-caf?ref=master//modules/compute/virtual_machine_extensions" for_each = { for key, value in try(var.virtual_machines, {}) : key => value From ba980b70123ef4ca247a1ea4137b40d3bcf7cd0e Mon Sep 17 00:00:00 2001 From: lolorol Date: Tue, 8 Dec 2020 23:47:05 +0000 Subject: [PATCH 38/53] Add private links --- landingzones/caf_networking/landingzone.tf | 14 ++++++++------ .../caf_networking/locals.remote_tfstates.tf | 3 +++ landingzones/caf_networking/variables.tf | 3 +++ 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/landingzones/caf_networking/landingzone.tf b/landingzones/caf_networking/landingzone.tf index 1e1c2684f..901db5783 100644 --- a/landingzones/caf_networking/landingzone.tf +++ b/landingzones/caf_networking/landingzone.tf @@ -1,7 +1,7 @@ module "networking" { # source = "aztfmod/caf/azurerm" # version = "~> 0.4" - source = "github.com/aztfmod/terraform-azurerm-caf?ref=master" + source = "github.com/aztfmod/terraform-azurerm-caf?ref=private_endpoints_centralized" current_landingzone_key = var.landingzone.key tags = local.tags @@ -33,6 +33,7 @@ module "networking" { virtual_wans = var.virtual_wans ddos_services = var.ddos_services private_dns = var.private_dns + private_endpoints = var.private_endpoints } compute = { virtual_machines = var.virtual_machines @@ -43,15 +44,16 @@ module "networking" { managed_identities = var.managed_identities remote_objects = { + application_gateways = local.remote.application_gateways + application_gateway_applications = local.remote.application_gateway_applications azuread_groups = local.remote.azuread_groups - managed_identities = local.remote.managed_identities - vnets = local.remote.vnets azurerm_firewalls = local.remote.azurerm_firewalls - virtual_wans = local.remote.virtual_wans + keyvaults = local.remote.keyvaults + managed_identities = local.remote.managed_identities private_dns = local.remote.private_dns - application_gateways = local.remote.application_gateways - application_gateway_applications = local.remote.application_gateway_applications public_ip_addresses = local.remote.public_ip_addresses + vnets = local.remote.vnets + virtual_wans = local.remote.virtual_wans } } diff --git a/landingzones/caf_networking/locals.remote_tfstates.tf b/landingzones/caf_networking/locals.remote_tfstates.tf index 42de117c2..8a75efc46 100644 --- a/landingzones/caf_networking/locals.remote_tfstates.tf +++ b/landingzones/caf_networking/locals.remote_tfstates.tf @@ -72,6 +72,9 @@ locals { public_ip_addresses = { for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.public_ip_addresses[key], {})) } + keyvaults = { + for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.keyvaults[key], {})) + } } diff --git a/landingzones/caf_networking/variables.tf b/landingzones/caf_networking/variables.tf index 2e76a4e0a..f313d5415 100644 --- a/landingzones/caf_networking/variables.tf +++ b/landingzones/caf_networking/variables.tf @@ -129,4 +129,7 @@ variable express_route_circuit_authorizations { } variable network_watchers { default = {} +} +variable private_endpoints { + default = {} } \ No newline at end of file From 34fa1b87ca36561512378276059cfef0325c36fe Mon Sep 17 00:00:00 2001 From: lolorol Date: Wed, 9 Dec 2020 16:20:37 +0000 Subject: [PATCH 39/53] Update module reference --- landingzones/caf_networking/landingzone.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/landingzones/caf_networking/landingzone.tf b/landingzones/caf_networking/landingzone.tf index 901db5783..d63d33ac1 100644 --- a/landingzones/caf_networking/landingzone.tf +++ b/landingzones/caf_networking/landingzone.tf @@ -1,7 +1,7 @@ module "networking" { # source = "aztfmod/caf/azurerm" # version = "~> 0.4" - source = "github.com/aztfmod/terraform-azurerm-caf?ref=private_endpoints_centralized" + source = "github.com/aztfmod/terraform-azurerm-caf?ref=master" current_landingzone_key = var.landingzone.key tags = local.tags From 5b321a7599f273a80e70c147d3889275302d291e Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Thu, 10 Dec 2020 17:57:20 +0800 Subject: [PATCH 40/53] Update landingzones.yml Updating to december roverdev --- .github/workflows/landingzones.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/landingzones.yml b/.github/workflows/landingzones.yml index 0531b8892..2d364a84e 100644 --- a/.github/workflows/landingzones.yml +++ b/.github/workflows/landingzones.yml @@ -41,7 +41,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/rover:2011.3012 + image: aztfmod/roverdev:2012.100915 options: --user 0 steps: @@ -90,7 +90,7 @@ jobs: ] container: - image: aztfmod/rover:2011.3012 + image: aztfmod/roverdev:2012.100915 options: --user 0 steps: @@ -134,7 +134,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/rover:2011.3012 + image: aztfmod/roverdev:2012.100915 options: --user 0 steps: @@ -181,7 +181,7 @@ jobs: ] container: - image: aztfmod/rover:2011.3012 + image: aztfmod/roverdev:2012.100915 options: --user 0 steps: @@ -224,7 +224,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/rover:2011.3012 + image: aztfmod/roverdev:2012.100915 options: --user 0 steps: From 85d347d6f5e2cb7e0eef9025184707cfc29a8c02 Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Thu, 10 Dec 2020 18:06:33 +0800 Subject: [PATCH 41/53] Update docker-compose.yml --- .devcontainer/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml index d2950a5e0..6df2dacc9 100644 --- a/.devcontainer/docker-compose.yml +++ b/.devcontainer/docker-compose.yml @@ -6,7 +6,7 @@ version: '3.7' services: rover: - image: aztfmod/rover:2011.3012 + image: aztfmod/roverdev:2012.100915 user: vscode labels: From 67ba962136ef0a72a1a8129c247d23d1241166e9 Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Fri, 11 Dec 2020 07:09:16 +0000 Subject: [PATCH 42/53] Upgrade to azurerm 2.40.0 --- landingzones/caf_foundations/main.tf | 2 +- landingzones/caf_launchpad/add-ons/azure_devops/main.tf | 6 +++--- .../caf_launchpad/add-ons/azure_devops_agent/main.tf | 2 +- landingzones/caf_launchpad/add-ons/terraform_cloud/main.tf | 2 +- landingzones/caf_launchpad/main.tf | 2 +- landingzones/caf_networking/main.tf | 2 +- landingzones/caf_shared_services/main.tf | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/landingzones/caf_foundations/main.tf b/landingzones/caf_foundations/main.tf index 8aa607e17..8c26934c9 100644 --- a/landingzones/caf_foundations/main.tf +++ b/landingzones/caf_foundations/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "2.37.0" + version = "2.40.0" } azuread = { source = "hashicorp/azuread" diff --git a/landingzones/caf_launchpad/add-ons/azure_devops/main.tf b/landingzones/caf_launchpad/add-ons/azure_devops/main.tf index 7ca33265e..2168f5c36 100644 --- a/landingzones/caf_launchpad/add-ons/azure_devops/main.tf +++ b/landingzones/caf_launchpad/add-ons/azure_devops/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "2.37.0" + version = "2.40.0" } azuread = { source = "hashicorp/azuread" @@ -21,8 +21,8 @@ terraform { version = "~> 1.2.0" } azuredevops = { - source = "terraform-providers/azuredevops" - version = "~> 0.0.1" + source = "microsoft/azuredevops" + version = "~> 0.1.0" } tls = { source = "hashicorp/tls" diff --git a/landingzones/caf_launchpad/add-ons/azure_devops_agent/main.tf b/landingzones/caf_launchpad/add-ons/azure_devops_agent/main.tf index ae1c4dc00..8efbfb0ea 100644 --- a/landingzones/caf_launchpad/add-ons/azure_devops_agent/main.tf +++ b/landingzones/caf_launchpad/add-ons/azure_devops_agent/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "2.37.0" + version = "2.40.0" } azuread = { source = "hashicorp/azuread" diff --git a/landingzones/caf_launchpad/add-ons/terraform_cloud/main.tf b/landingzones/caf_launchpad/add-ons/terraform_cloud/main.tf index cc0345aaa..237afa608 100644 --- a/landingzones/caf_launchpad/add-ons/terraform_cloud/main.tf +++ b/landingzones/caf_launchpad/add-ons/terraform_cloud/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.32.0" + version = "~> 2.40.0" } azuread = { source = "hashicorp/azuread" diff --git a/landingzones/caf_launchpad/main.tf b/landingzones/caf_launchpad/main.tf index f776220c0..37ce5c4a9 100644 --- a/landingzones/caf_launchpad/main.tf +++ b/landingzones/caf_launchpad/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "2.37.0" + version = "2.40.0" } azuread = { source = "hashicorp/azuread" diff --git a/landingzones/caf_networking/main.tf b/landingzones/caf_networking/main.tf index 1d86afd9a..d5a74a86c 100644 --- a/landingzones/caf_networking/main.tf +++ b/landingzones/caf_networking/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "2.37.0" + version = "2.40.0" } azuread = { source = "hashicorp/azuread" diff --git a/landingzones/caf_shared_services/main.tf b/landingzones/caf_shared_services/main.tf index 1d86afd9a..d5a74a86c 100644 --- a/landingzones/caf_shared_services/main.tf +++ b/landingzones/caf_shared_services/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "2.37.0" + version = "2.40.0" } azuread = { source = "hashicorp/azuread" From 8ef364deb3fe64ed59ca0296e7d5054aecdf0c98 Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Fri, 11 Dec 2020 09:22:36 +0000 Subject: [PATCH 43/53] Updating to module 0.4.20 --- landingzones/caf_foundations/landingzone.tf | 5 ++--- .../caf_launchpad/add-ons/azure_devops/solution.tf | 5 ++--- .../add-ons/azure_devops_agent/solution.tf | 5 ++--- landingzones/caf_launchpad/landingzone.tf | 5 ++--- landingzones/caf_networking/landingzone.tf | 5 ++--- landingzones/caf_shared_services/landingzone.tf | 5 ++--- landingzones/caf_shared_services/vm_extensions.tf | 10 ++++------ 7 files changed, 16 insertions(+), 24 deletions(-) diff --git a/landingzones/caf_foundations/landingzone.tf b/landingzones/caf_foundations/landingzone.tf index 102e81f2a..a262bed9a 100644 --- a/landingzones/caf_foundations/landingzone.tf +++ b/landingzones/caf_foundations/landingzone.tf @@ -1,7 +1,6 @@ module "foundations" { - # source = "aztfmod/caf/azurerm" - # version = "~> 0.4" - source = "github.com/aztfmod/terraform-azurerm-caf?ref=master" + source = "aztfmod/caf/azurerm" + version = "0.4.20" current_landingzone_key = var.landingzone.key tenant_id = var.tenant_id diff --git a/landingzones/caf_launchpad/add-ons/azure_devops/solution.tf b/landingzones/caf_launchpad/add-ons/azure_devops/solution.tf index df3cede39..f00efcd0b 100644 --- a/landingzones/caf_launchpad/add-ons/azure_devops/solution.tf +++ b/landingzones/caf_launchpad/add-ons/azure_devops/solution.tf @@ -1,7 +1,6 @@ module "caf" { - # source = "aztfmod/caf/azurerm" - # version = "~> 0.4" - source = "github.com/aztfmod/terraform-azurerm-caf?ref=master" + source = "aztfmod/caf/azurerm" + version = "0.4.20" current_landingzone_key = var.landingzone.key tenant_id = var.tenant_id diff --git a/landingzones/caf_launchpad/add-ons/azure_devops_agent/solution.tf b/landingzones/caf_launchpad/add-ons/azure_devops_agent/solution.tf index 7b61ff24d..8d98938ce 100644 --- a/landingzones/caf_launchpad/add-ons/azure_devops_agent/solution.tf +++ b/landingzones/caf_launchpad/add-ons/azure_devops_agent/solution.tf @@ -1,7 +1,6 @@ module "caf" { - # source = "aztfmod/caf/azurerm" - # version = "~> 0.4" - source = "github.com/aztfmod/terraform-azurerm-caf?ref=master" + source = "aztfmod/caf/azurerm" + version = "0.4.20" current_landingzone_key = var.landingzone.key tenant_id = var.tenant_id diff --git a/landingzones/caf_launchpad/landingzone.tf b/landingzones/caf_launchpad/landingzone.tf index 09f7b3f1c..a3a6d1346 100644 --- a/landingzones/caf_launchpad/landingzone.tf +++ b/landingzones/caf_launchpad/landingzone.tf @@ -1,7 +1,6 @@ module "launchpad" { - # source = "aztfmod/caf/azurerm" - # version = "~> 0.4" - source = "github.com/aztfmod/terraform-azurerm-caf?ref=master" + source = "aztfmod/caf/azurerm" + version = "0.4.20" current_landingzone_key = var.landingzone.key tenant_id = var.tenant_id diff --git a/landingzones/caf_networking/landingzone.tf b/landingzones/caf_networking/landingzone.tf index d63d33ac1..7286caaef 100644 --- a/landingzones/caf_networking/landingzone.tf +++ b/landingzones/caf_networking/landingzone.tf @@ -1,7 +1,6 @@ module "networking" { - # source = "aztfmod/caf/azurerm" - # version = "~> 0.4" - source = "github.com/aztfmod/terraform-azurerm-caf?ref=master" + source = "aztfmod/caf/azurerm" + version = "0.4.20" current_landingzone_key = var.landingzone.key tags = local.tags diff --git a/landingzones/caf_shared_services/landingzone.tf b/landingzones/caf_shared_services/landingzone.tf index 4f368a516..1aa62c953 100644 --- a/landingzones/caf_shared_services/landingzone.tf +++ b/landingzones/caf_shared_services/landingzone.tf @@ -1,7 +1,6 @@ module "landingzones_shared_services" { - # source = "aztfmod/caf/azurerm" - # version = "=5.0" - source = "github.com/aztfmod/terraform-azurerm-caf?ref=master" + source = "aztfmod/caf/azurerm" + version = "0.4.20" current_landingzone_key = var.landingzone.key tenant_id = var.tenant_id diff --git a/landingzones/caf_shared_services/vm_extensions.tf b/landingzones/caf_shared_services/vm_extensions.tf index 0bb1d84b7..b05812fc1 100644 --- a/landingzones/caf_shared_services/vm_extensions.tf +++ b/landingzones/caf_shared_services/vm_extensions.tf @@ -4,9 +4,8 @@ module "vm_extension_monitoring_agent" { - # source = "aztfmod/caf/azurerm//modules/compute/virtual_machine_extensions" - # version = "~> 0.4" - source = "github.com/aztfmod/terraform-azurerm-caf?ref=master//modules/compute/virtual_machine_extensions" + source = "aztfmod/caf/azurerm//modules/compute/virtual_machine_extensions" + version = "0.4.20" for_each = { for key, value in try(var.virtual_machines, {}) : key => value @@ -23,9 +22,8 @@ module "vm_extension_monitoring_agent" { } module "vm_extension_diagnostics" { - # source = "aztfmod/caf/azurerm//modules/compute/virtual_machine_extensions" - # version = "~> 0.4" - source = "github.com/aztfmod/terraform-azurerm-caf?ref=master//modules/compute/virtual_machine_extensions" + source = "aztfmod/caf/azurerm//modules/compute/virtual_machine_extensions" + version = "0.4.20" for_each = { for key, value in try(var.virtual_machines, {}) : key => value From 03c349e2ac4cc4f1a35ddf239fd3dd34e6eb5f43 Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Fri, 11 Dec 2020 09:42:08 +0000 Subject: [PATCH 44/53] Update to december 2020 rover --- .devcontainer/docker-compose.yml | 2 +- .github/workflows/landingzones.yml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml index 6df2dacc9..7f50f0b5b 100644 --- a/.devcontainer/docker-compose.yml +++ b/.devcontainer/docker-compose.yml @@ -6,7 +6,7 @@ version: '3.7' services: rover: - image: aztfmod/roverdev:2012.100915 + image: aztfmod/rover:2012.0420 user: vscode labels: diff --git a/.github/workflows/landingzones.yml b/.github/workflows/landingzones.yml index 2d364a84e..9a89dcfc4 100644 --- a/.github/workflows/landingzones.yml +++ b/.github/workflows/landingzones.yml @@ -41,7 +41,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/roverdev:2012.100915 + image: aztfmod/rover:2012.0420 options: --user 0 steps: @@ -90,7 +90,7 @@ jobs: ] container: - image: aztfmod/roverdev:2012.100915 + image: aztfmod/rover:2012.0420 options: --user 0 steps: @@ -134,7 +134,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/roverdev:2012.100915 + image: aztfmod/rover:2012.0420 options: --user 0 steps: @@ -181,7 +181,7 @@ jobs: ] container: - image: aztfmod/roverdev:2012.100915 + image: aztfmod/rover:2012.0420 options: --user 0 steps: @@ -224,7 +224,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/roverdev:2012.100915 + image: aztfmod/rover:2012.0420 options: --user 0 steps: From ebfb3202b66bc118ea4e005cd2a053453eb750b3 Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Fri, 11 Dec 2020 10:42:57 +0000 Subject: [PATCH 45/53] Update readme --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0d6eabf53..b57b79be6 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,10 @@ This release is relying extensively on Terraform 0.13 capabilities (module itera Those new features allow more complex and more dynamic code composition. The following concepts are used: +* **Multi-subscription deployment**: initial support to deploy landing zones in any subscription from the launchpad subscription. +* **Autonomous module consumption**: consumption of the CAF module outside of landing zones. +* **Starter kit extension**: added new scenarios for sandpit environment, added support for AKS. +* **Verified by Hashicorp status**: status achieved for new CAF module and provider. * **No-code environment composition**: a landing zone environment can be composed customizing variable files and code must be robust enough to accommodate combinations and composition. * **Flexible foundations to meet customer needs**: everything is customizable at all layers. * **Key-based configuration and customization**: all configuration objects will call each other based on the object keys. @@ -44,7 +48,7 @@ See our [Getting Started Video](https://www.youtube.com/watch?v=t1exCkWft60) ## Sample configuration repository -When starting an enterprise deployment, we recommend you start creating a configuration repository where you start crafting you configuration environment. +When starting an enterprise deployment, we recommend you start creating a configuration repository where you craft the configuration files for your environments. You can find the [starter repository here](https://github.com/Azure/caf-terraform-landingzones-starter) and our sample configuration [onboarding video here](https://www.youtube.com/watch?v=M5BXm30IpdY) From 5632106fcf49ce9a0ab1bc94cb6e82bef734dc7e Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Fri, 11 Dec 2020 11:00:02 +0000 Subject: [PATCH 46/53] Update to rover 2012 --- .devcontainer/devcontainer.json | 1 + .devcontainer/docker-compose.yml | 2 +- .github/workflows/landingzones.yml | 10 +++++----- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 5b9d4ccdf..875330cb0 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -6,6 +6,7 @@ // Container user to use in VSCode Online and GitHub Codespaces "containerUser" : "vscode", + "remoteUser" : "vscode", // The 'service' property is the name of the service for the container that VS Code should // use. Update this value and .devcontainer/docker-compose.yml to the real service name. diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml index 7f50f0b5b..e84a1da3a 100644 --- a/.devcontainer/docker-compose.yml +++ b/.devcontainer/docker-compose.yml @@ -6,7 +6,7 @@ version: '3.7' services: rover: - image: aztfmod/rover:2012.0420 + image: aztfmod/rover:2012.1109 user: vscode labels: diff --git a/.github/workflows/landingzones.yml b/.github/workflows/landingzones.yml index 9a89dcfc4..6b35b01ef 100644 --- a/.github/workflows/landingzones.yml +++ b/.github/workflows/landingzones.yml @@ -41,7 +41,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/rover:2012.0420 + image: aztfmod/rover:2012.1109 options: --user 0 steps: @@ -90,7 +90,7 @@ jobs: ] container: - image: aztfmod/rover:2012.0420 + image: aztfmod/rover:2012.1109 options: --user 0 steps: @@ -134,7 +134,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/rover:2012.0420 + image: aztfmod/rover:2012.1109 options: --user 0 steps: @@ -181,7 +181,7 @@ jobs: ] container: - image: aztfmod/rover:2012.0420 + image: aztfmod/rover:2012.1109 options: --user 0 steps: @@ -224,7 +224,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/rover:2012.0420 + image: aztfmod/rover:2012.1109 options: --user 0 steps: From aee7637e21a43469a1e4ca8584d3726710bdfefb Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Fri, 11 Dec 2020 19:33:40 +0800 Subject: [PATCH 47/53] Update dynamic_secrets.tf --- landingzones/caf_foundations/dynamic_secrets.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/landingzones/caf_foundations/dynamic_secrets.tf b/landingzones/caf_foundations/dynamic_secrets.tf index 505dc174e..9271a3653 100644 --- a/landingzones/caf_foundations/dynamic_secrets.tf +++ b/landingzones/caf_foundations/dynamic_secrets.tf @@ -1,7 +1,7 @@ module dynamic_keyvault_secrets { source = "aztfmod/caf/azurerm//modules/security/dynamic_keyvault_secrets" - version = "~> 0.4" + version = "0.4.20" for_each = try(var.dynamic_keyvault_secrets, {}) From 5352607762ae9638af63f68ecb0c9117e51fa302 Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Fri, 11 Dec 2020 19:37:36 +0800 Subject: [PATCH 48/53] Update output.tf --- landingzones/caf_foundations/output.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/landingzones/caf_foundations/output.tf b/landingzones/caf_foundations/output.tf index f88b232d2..a3ce4c7d4 100644 --- a/landingzones/caf_foundations/output.tf +++ b/landingzones/caf_foundations/output.tf @@ -4,7 +4,7 @@ output global_settings { } output diagnostics { value = module.foundations.diagnostics - sensitive = false + sensitive = true } output vnets { value = local.remote.vnets From c705c89370727f6a3c9bdf2e3d58d7ea581e2c88 Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Fri, 11 Dec 2020 19:40:43 +0800 Subject: [PATCH 49/53] Update main.tf --- landingzones/caf_launchpad/add-ons/azure_devops/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/landingzones/caf_launchpad/add-ons/azure_devops/main.tf b/landingzones/caf_launchpad/add-ons/azure_devops/main.tf index 2168f5c36..61d269750 100644 --- a/landingzones/caf_launchpad/add-ons/azure_devops/main.tf +++ b/landingzones/caf_launchpad/add-ons/azure_devops/main.tf @@ -21,8 +21,8 @@ terraform { version = "~> 1.2.0" } azuredevops = { - source = "microsoft/azuredevops" - version = "~> 0.1.0" + source = "terraform-providers/azuredevops" + version = "~> 0.0.1" } tls = { source = "hashicorp/tls" From 776892cde0db212c7cb570e172e567368e0ef995 Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Fri, 11 Dec 2020 19:44:00 +0800 Subject: [PATCH 50/53] Update dynamic_secrets.tf --- landingzones/caf_launchpad/dynamic_secrets.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/landingzones/caf_launchpad/dynamic_secrets.tf b/landingzones/caf_launchpad/dynamic_secrets.tf index 2cdad8b92..95aef1112 100644 --- a/landingzones/caf_launchpad/dynamic_secrets.tf +++ b/landingzones/caf_launchpad/dynamic_secrets.tf @@ -1,7 +1,7 @@ module dynamic_keyvault_secrets { source = "aztfmod/caf/azurerm//modules/security/dynamic_keyvault_secrets" - version = "~> 0.4" + version = "0.4.20" for_each = try(var.dynamic_keyvault_secrets, {}) From 39f48eb626ceb7b506e48f080791e790cb4cfcee Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Fri, 11 Dec 2020 19:44:47 +0800 Subject: [PATCH 51/53] Update output.tf --- landingzones/caf_launchpad/output.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/landingzones/caf_launchpad/output.tf b/landingzones/caf_launchpad/output.tf index 4cb2761db..868edfd52 100644 --- a/landingzones/caf_launchpad/output.tf +++ b/landingzones/caf_launchpad/output.tf @@ -5,7 +5,7 @@ output global_settings { output diagnostics { value = module.launchpad.diagnostics - sensitive = false + sensitive = true } output networking { @@ -60,4 +60,4 @@ output azuread_groups { var.landingzone.key, module.launchpad.azuread_groups ) sensitive = true -} \ No newline at end of file +} From 5ee9347afede54b79d6a3cdb5d6eaaebe74df2c3 Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Fri, 11 Dec 2020 19:45:42 +0800 Subject: [PATCH 52/53] Update readme.md --- landingzones/caf_launchpad/readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/landingzones/caf_launchpad/readme.md b/landingzones/caf_launchpad/readme.md index 864e5780c..9bc5aa947 100644 --- a/landingzones/caf_launchpad/readme.md +++ b/landingzones/caf_launchpad/readme.md @@ -36,7 +36,7 @@ rover -lz /tf/caf/landingzones/caf_launchpad \ # Advanced scenario - Requires Azure AD privileges rover -lz /tf/caf/landingzones/caf_launchpad \ -launchpad \ - -var-folder /tf/caf/landingzones/caf_launchpad/scenario/200/configuration.tfvars \ + -var-folder /tf/caf/landingzones/caf_launchpad/scenario/200 \ -parallelism=30 \ -a apply @@ -44,7 +44,7 @@ rover -lz /tf/caf/landingzones/caf_launchpad \ rover -lz /tf/caf/landingzones/caf_launchpad \ -tfstate_subscription_id \ -launchpad \ - -var-folder /tf/caf/landingzones/caf_launchpad/scenario/200/configuration.tfvars \ + -var-folder /tf/caf/landingzones/caf_launchpad/scenario/200 \ -parallelism=30 \ -a apply ``` From d4202584d431ec2b10e091b2c5c383f61bad9546 Mon Sep 17 00:00:00 2001 From: Arnaud Lheureux Date: Fri, 11 Dec 2020 19:48:17 +0800 Subject: [PATCH 53/53] Update output.tf --- landingzones/caf_networking/output.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/landingzones/caf_networking/output.tf b/landingzones/caf_networking/output.tf index 95b798b49..8a177ac7f 100644 --- a/landingzones/caf_networking/output.tf +++ b/landingzones/caf_networking/output.tf @@ -1,6 +1,6 @@ output diagnostics { value = module.networking.diagnostics - sensitive = false + sensitive = true } output tfstates { @@ -55,4 +55,4 @@ output azuread_groups { output express_route_circuits { value = module.networking.express_route_circuits sensitive = false -} \ No newline at end of file +}