diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 045eed5c8..85aa65030 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -5,7 +5,6 @@ "dockerComposeFile": "docker-compose.yml", // Container user to use in VSCode Online and GitHub Codespaces - "containerUser" : "vscode", "remoteUser" : "vscode", // The 'service' property is the name of the service for the container that VS Code should diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml index 3086b960e..1334b3cf8 100644 --- a/.devcontainer/docker-compose.yml +++ b/.devcontainer/docker-compose.yml @@ -6,7 +6,7 @@ version: '3.7' services: rover: - image: aztfmod/rover:1.0.4-2108.1802 + image: aztfmod/rover:1.0.9-2111.0103 user: vscode labels: diff --git a/.github/workflows/landingzones-tf100.yml b/.github/workflows/landingzones-tf100.yml index f8bbac139..3dbea9099 100644 --- a/.github/workflows/landingzones-tf100.yml +++ b/.github/workflows/landingzones-tf100.yml @@ -18,7 +18,7 @@ on: env: TF_CLI_ARGS: '-no-color' - TF_CLI_ARGS_destroy: '-auto-approve -refresh=false' + TF_CLI_ARGS_destroy: '-refresh=false' ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} @@ -37,7 +37,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/rover:1.0.4-2108.1802 + image: aztfmod/rover:1.0.9-2111.0103 options: --user 0 steps: @@ -64,6 +64,7 @@ jobs: - name: foundations run: | + sleep 60 /tf/rover/rover.sh -lz ${GITHUB_WORKSPACE}/caf_solution -a apply \ -var-folder ${GITHUB_WORKSPACE}/caf_solution/scenario/foundations/100-passthrough \ -tfstate caf_foundations.tfstate \ @@ -89,7 +90,7 @@ jobs: ] container: - image: aztfmod/rover:1.0.4-2108.1802 + image: aztfmod/rover:1.0.9-2111.0103 options: --user 0 steps: @@ -117,8 +118,7 @@ jobs: -parallelism=30 \ -var-folder ${GITHUB_WORKSPACE}/${{ matrix.config_files }} \ --environment ${{ github.run_id }} \ - -refresh=false \ - -auto-approve + -refresh=false foundations200: name: foundations-200 @@ -133,7 +133,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/rover:1.0.4-2108.1802 + image: aztfmod/rover:1.0.9-2111.0103 options: --user 0 steps: @@ -184,7 +184,7 @@ jobs: ] container: - image: aztfmod/rover:1.0.4-2108.1802 + image: aztfmod/rover:1.0.9-2111.0103 options: --user 0 steps: @@ -212,8 +212,7 @@ jobs: -parallelism=30 \ -var-folder ${GITHUB_WORKSPACE}/${{ matrix.config_files }} \ --environment ${{ github.run_id }} \ - -refresh=false \ - -auto-approve + -refresh=false foundations_destroy: name: foundations_destroy @@ -227,7 +226,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/rover:1.0.4-2108.1802 + image: aztfmod/rover:1.0.9-2111.0103 options: --user 0 steps: @@ -248,8 +247,7 @@ jobs: -level level1 \ -parallelism=30 \ --environment ${{ github.run_id }} \ - '-var tags={testing_job_id="${{ github.run_id }}"}' \ - -auto-approve + '-var tags={testing_job_id="${{ github.run_id }}"}' - name: Remove launchpad run: | @@ -261,8 +259,7 @@ jobs: --environment ${{ github.run_id }} \ '-var random_length=${{ matrix.random_length }}' \ '-var prefix=g${{ github.run_id }}' \ - '-var tags={testing_job_id="${{ github.run_id }}"}' \ - -auto-approve + '-var tags={testing_job_id="${{ github.run_id }}"}' - name: Complete purge diff --git a/.github/workflows/landingzones-tf14.yml b/.github/workflows/landingzones-tf14.yml index 470fe257a..8e84714f7 100644 --- a/.github/workflows/landingzones-tf14.yml +++ b/.github/workflows/landingzones-tf14.yml @@ -12,7 +12,7 @@ on: env: TF_CLI_ARGS: '-no-color' - TF_CLI_ARGS_destroy: '-auto-approve -refresh=false' + TF_CLI_ARGS_destroy: '-refresh=false' ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} @@ -31,7 +31,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/rover:0.14.11-2108.1802 + image: aztfmod/rover:0.14.11-2111.0103 options: --user 0 steps: @@ -83,7 +83,7 @@ jobs: ] container: - image: aztfmod/rover:0.14.11-2108.1802 + image: aztfmod/rover:0.14.11-2111.0103 options: --user 0 steps: @@ -111,8 +111,7 @@ jobs: -parallelism=30 \ -var-folder ${GITHUB_WORKSPACE}/${{ matrix.config_files }} \ --environment ${{ github.run_id }} \ - -refresh=false \ - -auto-approve + -refresh=false foundations200: name: foundations-200 @@ -127,7 +126,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/rover:0.14.11-2108.1802 + image: aztfmod/rover:0.14.11-2111.0103 options: --user 0 steps: @@ -178,7 +177,7 @@ jobs: ] container: - image: aztfmod/rover:0.14.11-2108.1802 + image: aztfmod/rover:0.14.11-2111.0103 options: --user 0 steps: @@ -206,8 +205,7 @@ jobs: -parallelism=30 \ -var-folder ${GITHUB_WORKSPACE}/${{ matrix.config_files }} \ --environment ${{ github.run_id }} \ - -refresh=false \ - -auto-approve + -refresh=false foundations_destroy: name: foundations_destroy @@ -221,7 +219,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/rover:0.14.11-2108.1802 + image: aztfmod/rover:0.14.11-2111.0103 options: --user 0 steps: @@ -242,8 +240,7 @@ jobs: -level level1 \ -parallelism=30 \ --environment ${{ github.run_id }} \ - '-var tags={testing_job_id="${{ github.run_id }}"}' \ - -auto-approve + '-var tags={testing_job_id="${{ github.run_id }}"}' - name: Remove launchpad run: | @@ -255,8 +252,7 @@ jobs: --environment ${{ github.run_id }} \ '-var random_length=${{ matrix.random_length }}' \ '-var prefix=g${{ github.run_id }}' \ - '-var tags={testing_job_id="${{ github.run_id }}"}' \ - -auto-approve + '-var tags={testing_job_id="${{ github.run_id }}"}' - name: Complete purge diff --git a/.github/workflows/landingzones-tf15.yml b/.github/workflows/landingzones-tf15.yml index 39fc95544..3d462f2b9 100644 --- a/.github/workflows/landingzones-tf15.yml +++ b/.github/workflows/landingzones-tf15.yml @@ -12,7 +12,7 @@ on: env: TF_CLI_ARGS: '-no-color' - TF_CLI_ARGS_destroy: '-auto-approve -refresh=false' + TF_CLI_ARGS_destroy: '-refresh=false' ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} @@ -31,7 +31,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/rover:0.15.5-2108.1802 + image: aztfmod/rover:0.15.5-2111.0103 options: --user 0 steps: @@ -83,7 +83,7 @@ jobs: ] container: - image: aztfmod/rover:0.15.5-2108.1802 + image: aztfmod/rover:0.15.5-2111.0103 options: --user 0 steps: @@ -111,8 +111,7 @@ jobs: -parallelism=30 \ -var-folder ${GITHUB_WORKSPACE}/${{ matrix.config_files }} \ --environment ${{ github.run_id }} \ - -refresh=false \ - -auto-approve + -refresh=false foundations200: name: foundations-200 @@ -127,7 +126,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/rover:0.15.5-2108.1802 + image: aztfmod/rover:0.15.5-2111.0103 options: --user 0 steps: @@ -178,7 +177,7 @@ jobs: ] container: - image: aztfmod/rover:0.15.5-2108.1802 + image: aztfmod/rover:0.15.5-2111.0103 options: --user 0 steps: @@ -206,8 +205,7 @@ jobs: -parallelism=30 \ -var-folder ${GITHUB_WORKSPACE}/${{ matrix.config_files }} \ --environment ${{ github.run_id }} \ - -refresh=false \ - -auto-approve + -refresh=false foundations_destroy: name: foundations_destroy @@ -221,7 +219,7 @@ jobs: random_length: ['5'] container: - image: aztfmod/rover:0.15.5-2108.1802 + image: aztfmod/rover:0.15.5-2111.0103 options: --user 0 steps: @@ -242,8 +240,7 @@ jobs: -level level1 \ -parallelism=30 \ --environment ${{ github.run_id }} \ - '-var tags={testing_job_id="${{ github.run_id }}"}' \ - -auto-approve + '-var tags={testing_job_id="${{ github.run_id }}"}' - name: Remove launchpad run: | @@ -255,8 +252,7 @@ jobs: --environment ${{ github.run_id }} \ '-var random_length=${{ matrix.random_length }}' \ '-var prefix=g${{ github.run_id }}' \ - '-var tags={testing_job_id="${{ github.run_id }}"}' \ - -auto-approve + '-var tags={testing_job_id="${{ github.run_id }}"}' - name: Complete purge diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 000000000..9c1c2fc1d --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,8 @@ +{ + "markdownlint.config": { + "MD028": false, + "MD025": { + "front_matter_title": "" + } + } +} \ No newline at end of file diff --git a/README.md b/README.md index 41717bb8a..6de6611e9 100644 --- a/README.md +++ b/README.md @@ -2,49 +2,43 @@ [![Gitter](https://badges.gitter.im/aztfmod/community.svg)](https://gitter.im/aztfmod/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge) -# Cloud Adoption Framework for Azure landing zones on Terraform +# Cloud Adoption Framework for Azure Terraform landing zones Microsoft [Cloud Adoption Framework for Azure](https://docs.microsoft.com/azure/cloud-adoption-framework/overview) provides you with guidance and best practices to adopt Azure. A landing zone is a segment of a cloud environment, that has been pre-provisioned through code, and is dedicated to the support of one or more workloads. Landing zones provide access to foundational tools and controls to establish a compliant place to innovate and build new workloads in the cloud, or to migrate existing workloads to the cloud. Landing zones use defined sets of cloud services and best practices to set you up for success. -Components parts of the Cloud Adoption Framework for Azure Terraform landing zones: +We leverage Azure enterprise-scale landing zones and propose a Terraform-native structure, set of mechanisms and artifacts to get started to deploy workloads fast. -![caf_elements](./_pictures/caf_elements.png) +You can review the different components parts of the Cloud Adoption Framework for Azure Terraform landing zones and look at the quick intro :vhs: below: + +[![caf_elements](./_pictures/caf_elements.png)](https://www.youtube.com/watch?v=FlQ17u4NNts "CAF Introduction") ## Goals -Cloud Adoption Framework for Azure Terraform landing zones is an Open Source project with the following objectives: +Cloud Adoption Framework for Azure Terraform landing zones is an Open Source project equiping the Site Reliability Engineer on Azure with: -* Enable the community with a set of sample reusable landing zones. +* Enable the community with a set of reusable landing artifacts. * Standardize deployments using battlefield-proven components. * Accelerate the setup of complex environments on Azure. -* Propose an enterprise-grade approach to adopting Terraform on Microsoft Azure using Cloud Adoption Framework. +* Implement Azure enterprise-scale design and approach with native Terraform and DevOps. * Propose a prescriptive guidance on how to enable DevOps for infrastructure as code on Microsoft Azure. * Foster a community of Azure *Terraformers* using a common set of practices and sharing best practices. -## Getting started +## :rocket: Getting started When starting an enterprise deployment, we recommend you start creating a configuration repository where you craft the configuration files for your environments. -You can find the [starter repository here](https://github.com/Azure/caf-terraform-landingzones-starter) and our sample configuration [onboarding video here](https://www.youtube.com/watch?v=M5BXm30IpdY) +The best way to start is to clone the [starter repository](https://github.com/Azure/caf-terraform-landingzones-starter) and getting started with the configuration files, you can find a quick [onboarding video here](https://www.youtube.com/watch?v=M5BXm30IpdY) ## Documentation -More details on how to develop, deploy and operate with landing zones can be found in the reference section [here](./documentation/README.md) - -## Sample landing zones - -Currently we provide you with the following core sample landing zones: - -| Name | Level | Purpose | -|--|--|--| -| [caf_launchpad](./caf_launchpad) | 0 | provides the state management capabilities and security features leveraging Azure storage for the backend, provides secret management and modular approach to support plugin for Azure DevOps automated pipeline creation (and others) | -| [caf_solution](./caf_solution) | 1-4 | "universal" landing zone that allow you to compose with any object from the CAF module and beyond. | - +The documentation on this repo is on how to develop, deploy and operate with landing zones can be found in the reference section [here](./documentation/README.md) ## Repositories +In CAF Terraform landing zones, we use multiple projects in a modular way so you can leverage all of them or some of them depending on where you are in your DevOps and GitOps journey. The main repositories are listed below, feel free to evaluate, use them and contribute to them also! + | Repo | Description | |---------------------------------------------------------------------------------------------------|------------------------------------------------------------| | [starter kit](https://github.com/azure/caf-terraform-landingzones-starter) | landing zones configuration repository | diff --git a/_pictures/caf_elements.png b/_pictures/caf_elements.png index eca9d78e7..965fe02c3 100644 Binary files a/_pictures/caf_elements.png and b/_pictures/caf_elements.png differ diff --git a/caf_launchpad/landingzone.tf b/caf_launchpad/landingzone.tf index a272d4340..bfed9e82d 100644 --- a/caf_launchpad/landingzone.tf +++ b/caf_launchpad/landingzone.tf @@ -2,7 +2,7 @@ module "launchpad" { source = "aztfmod/caf/azurerm" version = "~>5.4.2" - # source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git?ref=master" + # source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git?ref=patch.5.4.6" # source = "../../aztfmod" current_landingzone_key = var.landingzone.key diff --git a/caf_launchpad/main.tf b/caf_launchpad/main.tf index 15e1a4c73..ca832f9a8 100644 --- a/caf_launchpad/main.tf +++ b/caf_launchpad/main.tf @@ -28,6 +28,8 @@ terraform { provider "azurerm" { + partner_id = "ca4078f8-9bc4-471b-ab5b-3af6b86a42c8" + # partner identifier for CAF Terraform landing zones. features {} } diff --git a/caf_launchpad/readme.md b/caf_launchpad/readme.md index 1106cc605..0b6361dfb 100644 --- a/caf_launchpad/readme.md +++ b/caf_launchpad/readme.md @@ -8,7 +8,7 @@ The launchpad allows you to manage the foundations of landing zone environments Launchpad operates at **level 0**. -For a review of the hierarchy approach of Cloud Adoption Framework for Azure landing zones on Terraform, you can refer to [the following documentation](../../documentation/code_architecture/hierarchy.md). +For a review of the hierarchy approach of Cloud Adoption Framework for Azure landing zones on Terraform, you can refer to [the following documentation](https://github.com/Azure/caf-terraform-landingzones/blob/master/documentation/code_architecture/hierarchy.md).
diff --git a/caf_solution/add-ons/aad-pod-identity/providers.tf b/caf_solution/add-ons/aad-pod-identity/providers.tf index 06e22a736..bd6e87ab3 100644 --- a/caf_solution/add-ons/aad-pod-identity/providers.tf +++ b/caf_solution/add-ons/aad-pod-identity/providers.tf @@ -1,5 +1,7 @@ provider "azurerm" { + partner_id = "ca4078f8-9bc4-471b-ab5b-3af6b86a42c8" + # partner identifier for CAF Terraform landing zones. features { } } diff --git a/caf_solution/add-ons/aks_applications/providers.tf b/caf_solution/add-ons/aks_applications/providers.tf index 30ca3256c..46aef793c 100644 --- a/caf_solution/add-ons/aks_applications/providers.tf +++ b/caf_solution/add-ons/aks_applications/providers.tf @@ -1,4 +1,6 @@ provider "azurerm" { + partner_id = "ca4078f8-9bc4-471b-ab5b-3af6b86a42c8" + # partner identifier for CAF Terraform landing zones. features { } } diff --git a/caf_solution/add-ons/aks_secure_baseline_v2/aks-pod-identity-assignment.tf b/caf_solution/add-ons/aks_secure_baseline_v2/aks-pod-identity-assignment.tf index d7995fb99..45954f1aa 100644 --- a/caf_solution/add-ons/aks_secure_baseline_v2/aks-pod-identity-assignment.tf +++ b/caf_solution/add-ons/aks_secure_baseline_v2/aks-pod-identity-assignment.tf @@ -28,7 +28,7 @@ resource "azurerm_role_assignment" "kubelet_noderg_vmcontrib" { resource "azurerm_role_assignment" "kubelet_subnets_networkcontrib" { for_each = toset(try(var.vnets[var.aks_cluster_vnet_key].subnet_keys, [var.vnets[var.aks_cluster_vnet_key].key])) - scope = try(var.vnets[var.aks_cluster_vnet_key].subnet_keys != null, false) ? local.remote.vnets[var.vnets[var.aks_cluster_vnet_key].lz_key][var.vnets[var.aks_cluster_vnet_key].key].subnets[each.value].id : local.remote.vnets[var.vnets[var.aks_cluster_vnet_key].lz_key][var.vnets[var.aks_cluster_vnet_key].key].id + scope = try(var.vnets[var.aks_cluster_vnet_key].subnet_keys != null, false) ? local.remote.vnets[var.vnets[var.aks_cluster_vnet_key].lz_key][var.vnets[var.aks_cluster_vnet_key].key].subnets[each.value].id : local.remote.vnets[var.vnets[var.aks_cluster_vnet_key].lz_key][var.vnets[var.aks_cluster_vnet_key].key].id role_definition_name = "Network Contributor" principal_id = coalesce( try(local.remote.aks_clusters[var.aks_clusters[var.aks_cluster_key].lz_key][var.aks_cluster_key].identity[0].principal_id, null), diff --git a/caf_solution/add-ons/aks_secure_baseline_v2/main.tf b/caf_solution/add-ons/aks_secure_baseline_v2/main.tf index a409122ce..572713796 100644 --- a/caf_solution/add-ons/aks_secure_baseline_v2/main.tf +++ b/caf_solution/add-ons/aks_secure_baseline_v2/main.tf @@ -14,7 +14,4 @@ terraform { } } required_version = ">= 0.13" -} - - - +} \ No newline at end of file diff --git a/caf_solution/add-ons/aks_secure_baseline_v2/providers.tf b/caf_solution/add-ons/aks_secure_baseline_v2/providers.tf index aafa4dd61..f0ed01acf 100644 --- a/caf_solution/add-ons/aks_secure_baseline_v2/providers.tf +++ b/caf_solution/add-ons/aks_secure_baseline_v2/providers.tf @@ -1,4 +1,6 @@ provider "azurerm" { + partner_id = "ca4078f8-9bc4-471b-ab5b-3af6b86a42c8" + # partner identifier for CAF Terraform landing zones. features { } } diff --git a/caf_solution/add-ons/azure_devops/main.tf b/caf_solution/add-ons/azure_devops/main.tf index e81716efc..35b1d8ad8 100644 --- a/caf_solution/add-ons/azure_devops/main.tf +++ b/caf_solution/add-ons/azure_devops/main.tf @@ -1,5 +1,9 @@ terraform { required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 2.81.0" + } azuread = { source = "hashicorp/azuread" version = "~> 1.4.0" @@ -33,6 +37,8 @@ terraform { } provider "azurerm" { + partner_id = "ca4078f8-9bc4-471b-ab5b-3af6b86a42c8" + # partner identifier for CAF Terraform landing zones. features { key_vault { purge_soft_delete_on_destroy = true diff --git a/caf_solution/add-ons/azure_devops/readme.md b/caf_solution/add-ons/azure_devops/readme.md index 1ebbb675f..4604a00a6 100644 --- a/caf_solution/add-ons/azure_devops/readme.md +++ b/caf_solution/add-ons/azure_devops/readme.md @@ -1,5 +1,7 @@ # Cloud Adoption Framework for Azure - Landing zones on Terraform - Azure Devops add-on +**:warning: This add-on is here for backward compatibility and will no longer be maintained. For new deployments, we recommend that you leverage the latest version available [azure_devops_v1](../azure_devops_v1)** + The Azure Devops add-ons allow you to setup you Azure Devops environment as a platform to automate all your subsequent landing zone deployment from level 0 until level 4 through Azure pipelines with self hosted agents. * Azure Devops: diff --git a/caf_solution/add-ons/azure_devops_agent/main.tf b/caf_solution/add-ons/azure_devops_agent/main.tf index 9fb1f0611..e0623cf27 100644 --- a/caf_solution/add-ons/azure_devops_agent/main.tf +++ b/caf_solution/add-ons/azure_devops_agent/main.tf @@ -1,5 +1,9 @@ terraform { required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 2.81.0" + } azuread = { source = "hashicorp/azuread" version = "~> 1.4.0" @@ -33,6 +37,8 @@ terraform { } provider "azurerm" { + partner_id = "ca4078f8-9bc4-471b-ab5b-3af6b86a42c8" + # partner identifier for CAF Terraform landing zones. features { key_vault { purge_soft_delete_on_destroy = true diff --git a/caf_solution/add-ons/azure_devops_v1/azdo_service_endpoint.tf b/caf_solution/add-ons/azure_devops_v1/azdo_service_endpoint.tf index cf02cac3e..bd8de7a90 100644 --- a/caf_solution/add-ons/azure_devops_v1/azdo_service_endpoint.tf +++ b/caf_solution/add-ons/azure_devops_v1/azdo_service_endpoint.tf @@ -18,10 +18,16 @@ resource "azuredevops_serviceendpoint_azurerm" "azure" { project_id = data.azuredevops_project.project[each.value.project_key].id service_endpoint_name = each.value.endpoint_name credentials { - serviceprincipalid = local.remote.azuread_applications[each.value.azuread_application.lz_key][each.value.azuread_application.key].application_id + serviceprincipalid = try( + local.remote.azuread_applications[each.value.azuread_application.lz_key][each.value.azuread_application.key].application_id, + local.remote.aad_apps[each.value.azuread_application.lz_key][each.value.azuread_application.key].azuread_application.application_id + ) serviceprincipalkey = data.external.client_secret[each.key].result.value } - azurerm_spn_tenantid = local.remote.azuread_applications[each.value.azuread_application.lz_key][each.value.azuread_application.key].tenant_id + azurerm_spn_tenantid = try( + local.remote.azuread_applications[each.value.azuread_application.lz_key][each.value.azuread_application.key].tenant_id, + local.remote.aad_apps[each.value.azuread_application.lz_key][each.value.azuread_application.key].tenant_id + ) azurerm_subscription_id = each.value.subscription.id azurerm_subscription_name = each.value.subscription.name } @@ -37,4 +43,4 @@ resource "azuredevops_resource_authorization" "endpoint" { resource_id = azuredevops_serviceendpoint_azurerm.azure[each.key].id type = "endpoint" authorized = true -} \ No newline at end of file +} diff --git a/caf_solution/add-ons/azure_devops_v1/main.tf b/caf_solution/add-ons/azure_devops_v1/main.tf index f9408c02f..aac34366d 100644 --- a/caf_solution/add-ons/azure_devops_v1/main.tf +++ b/caf_solution/add-ons/azure_devops_v1/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.64.0" + version = "~> 2.81.0" } azuread = { source = "hashicorp/azuread" @@ -17,6 +17,8 @@ terraform { } provider "azurerm" { + partner_id = "ca4078f8-9bc4-471b-ab5b-3af6b86a42c8" + # partner identifier for CAF Terraform landing zones. features { key_vault { purge_soft_delete_on_destroy = true diff --git a/caf_solution/add-ons/azure_devops_v1/scenario/200-contoso_demo/projects.tfvars b/caf_solution/add-ons/azure_devops_v1/scenario/200-contoso_demo/projects.tfvars index 45a427d90..634601dff 100644 --- a/caf_solution/add-ons/azure_devops_v1/scenario/200-contoso_demo/projects.tfvars +++ b/caf_solution/add-ons/azure_devops_v1/scenario/200-contoso_demo/projects.tfvars @@ -1,5 +1,3 @@ -organization_url = "https://dev.azure.com/azure-terraform" - projects = { contoso_demo = { create = true @@ -13,4 +11,4 @@ projects = { "testplans" = "disabled" } } -} \ No newline at end of file +} diff --git a/caf_solution/add-ons/azure_devops_v1/variables.tf b/caf_solution/add-ons/azure_devops_v1/variables.tf index 1d0f82507..36a172638 100644 --- a/caf_solution/add-ons/azure_devops_v1/variables.tf +++ b/caf_solution/add-ons/azure_devops_v1/variables.tf @@ -55,9 +55,6 @@ variable "tags" { variable "organization_agent_pools" { default = {} } -variable "organization_url" { - default = null -} variable "projects" { default = {} } diff --git a/caf_solution/add-ons/caf_eslz/archetype_config_overrides.tf b/caf_solution/add-ons/caf_eslz/archetype_config_overrides.tf index 806189b50..5a62f60b7 100644 --- a/caf_solution/add-ons/caf_eslz/archetype_config_overrides.tf +++ b/caf_solution/add-ons/caf_eslz/archetype_config_overrides.tf @@ -21,7 +21,7 @@ locals { ] ], [ - try(roles.principal_ids, []) + roles.principal_ids != null ? try(roles.principal_ids, []) : [] ] ] ) //flatten (ids) @@ -30,11 +30,73 @@ locals { ) : mapping.role => mapping.ids } - parameters = { - for param_key, param_value in try(mg_value.parameters, {}) : param_key => { - for key, value in param_value : key => jsonencode(try(local.caf[value.output_key][value.lz_key][value.resource_type][value.resource_key][value.attribute_key], value.value)) - } + parameters = local.aco_parameters_combined[mg_id] + } + } + + aco_parameters_combined = { + for mg_id, mg_value in try(var.archetype_config_overrides, {}) : mg_id => { + for param_key, param_value in try(mg_value.parameters, {}) : param_key => merge( + local.aco_parameters_value[mg_id][param_key], + local.aco_parameters_values[mg_id][param_key], + local.aco_parameters_integer[mg_id][param_key], + local.aco_parameters_boolean[mg_id][param_key], + local.aco_parameters_hcl_jsonencoded[mg_id][param_key], + local.aco_parameters_remote_lz[mg_id][param_key] + ) + } + } + + aco_parameters_value = { + for mg_id, mg_value in try(var.archetype_config_overrides, {}) : mg_id => { + for param_key, param_value in try(mg_value.parameters, {}) : param_key => { + for key, value in param_value : key => value.value + if value.value != null + } + } + } + + aco_parameters_values = { + for mg_id, mg_value in try(var.archetype_config_overrides, {}) : mg_id => { + for param_key, param_value in try(mg_value.parameters, {}) : param_key => { + for key, value in param_value : key => value.values + if value.values != null + } + } + } + aco_parameters_integer = { + for mg_id, mg_value in try(var.archetype_config_overrides, {}) : mg_id => { + for param_key, param_value in try(mg_value.parameters, {}) : param_key => { + for key, value in param_value : key => value.integer + if value.integer != null + } + } + } + + aco_parameters_boolean = { + for mg_id, mg_value in try(var.archetype_config_overrides, {}) : mg_id => { + for param_key, param_value in try(mg_value.parameters, {}) : param_key => { + for key, value in param_value : key => value.boolean + if value.boolean != null + } + } + } + + aco_parameters_hcl_jsonencoded = { + for mg_id, mg_value in try(var.archetype_config_overrides, {}) : mg_id => { + for param_key, param_value in try(mg_value.parameters, {}) : param_key => { + for key, value in param_value : key => jsondecode(value.hcl_jsonencoded) + if value.hcl_jsonencoded != null + } + } + } + + aco_parameters_remote_lz = { + for mg_id, mg_value in try(var.archetype_config_overrides, {}) : mg_id => { + for param_key, param_value in try(mg_value.parameters, {}) : param_key => { + for key, value in param_value : key => local.caf[value.output_key][value.lz_key][value.resource_type][value.resource_key][value.attribute_key] + if value.output_key != null } } } diff --git a/caf_solution/add-ons/caf_eslz/custom_landing_zones.tf b/caf_solution/add-ons/caf_eslz/custom_landing_zones.tf index b90fe7cbb..f0963f36c 100644 --- a/caf_solution/add-ons/caf_eslz/custom_landing_zones.tf +++ b/caf_solution/add-ons/caf_eslz/custom_landing_zones.tf @@ -52,7 +52,7 @@ locals { ] ], [ - try(roles.principal_ids, []) + roles.principal_ids != null ? try(roles.principal_ids, []) : [] ] ] ) //flatten (ids) @@ -61,12 +61,76 @@ locals { ) : mapping.role => mapping.ids } - parameters = { - for param_key, param_value in try(mg_value.archetype_config.parameters, {}) : param_key => { - for key, value in param_value : key => jsonencode(try(local.caf[value.output_key][value.lz_key][value.resource_type][value.resource_key][value.attribute_key], value.value)) - } + parameters = local.clz_parameters_combined[mg_id] + + } + } + + clz_parameters_combined = { + for mg_id, mg_value in try(var.custom_landing_zones, {}) : mg_id => { + for param_key, param_value in try(mg_value.archetype_config.parameters, {}) : param_key => merge( + local.clz_parameters_value[mg_id][param_key], + local.clz_parameters_values[mg_id][param_key], + local.clz_parameters_integer[mg_id][param_key], + local.clz_parameters_boolean[mg_id][param_key], + local.clz_parameters_hcl_jsonencoded[mg_id][param_key], + local.clz_parameters_remote_lz[mg_id][param_key] + ) + } + } + + clz_parameters_value = { + for mg_id, mg_value in try(var.custom_landing_zones, {}) : mg_id => { + for param_key, param_value in try(mg_value.archetype_config.parameters, {}) : param_key => { + for key, value in param_value : key => value.value + if value.value != null } + } + } + clz_parameters_values = { + for mg_id, mg_value in try(var.custom_landing_zones, {}) : mg_id => { + for param_key, param_value in try(mg_value.archetype_config.parameters, {}) : param_key => { + for key, value in param_value : key => value.values + if value.values != null + } } } + + clz_parameters_integer = { + for mg_id, mg_value in try(var.custom_landing_zones, {}) : mg_id => { + for param_key, param_value in try(mg_value.archetype_config.parameters, {}) : param_key => { + for key, value in param_value : key => value.integer + if value.integer != null + } + } + } + + clz_parameters_boolean = { + for mg_id, mg_value in try(var.custom_landing_zones, {}) : mg_id => { + for param_key, param_value in try(mg_value.archetype_config.parameters, {}) : param_key => { + for key, value in param_value : key => value.boolean + if value.boolean != null + } + } + } + + clz_parameters_hcl_jsonencoded = { + for mg_id, mg_value in try(var.custom_landing_zones, {}) : mg_id => { + for param_key, param_value in try(mg_value.archetype_config.parameters, {}) : param_key => { + for key, value in param_value : key => jsondecode(value.hcl_jsonencoded) + if value.hcl_jsonencoded != null + } + } + } + + clz_parameters_remote_lz = { + for mg_id, mg_value in try(var.custom_landing_zones, {}) : mg_id => { + for param_key, param_value in try(mg_value.archetype_config.parameters, {}) : param_key => { + for key, value in param_value : key => local.caf[value.output_key][value.lz_key][value.resource_type][value.resource_key][value.attribute_key] + if value.output_key != null + } + } + } + } diff --git a/caf_solution/add-ons/caf_eslz/enterprise_scale.tf b/caf_solution/add-ons/caf_eslz/enterprise_scale.tf index 690f1d423..a85f8699c 100644 --- a/caf_solution/add-ons/caf_eslz/enterprise_scale.tf +++ b/caf_solution/add-ons/caf_eslz/enterprise_scale.tf @@ -2,7 +2,9 @@ module "enterprise_scale" { source = "Azure/caf-enterprise-scale/azurerm" - version = "~> 0.1.0" + version = "~> 0.3.0" + + # source = "../../../../eslz" root_parent_id = data.azurerm_client_config.current.tenant_id default_location = local.global_settings.regions[local.global_settings.default_region] diff --git a/caf_solution/add-ons/caf_eslz/lib/archetype_definitions/README.md b/caf_solution/add-ons/caf_eslz/lib/archetype_definitions/README.md deleted file mode 100644 index cb8923540..000000000 --- a/caf_solution/add-ons/caf_eslz/lib/archetype_definitions/README.md +++ /dev/null @@ -1,10 +0,0 @@ - -# Public documentation of the custom landingzones - -https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Archetype-Definitions - -https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BExamples%5D-Deploy-Custom-Landing-Zone-Archetypes - -# List of the default archetypes - -https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/tree/main/modules/archetypes/lib/archetype_definitions diff --git a/caf_solution/add-ons/caf_eslz/lib/policy_assignments/README.md b/caf_solution/add-ons/caf_eslz/lib/policy_assignments/README.md deleted file mode 100644 index def2a5a6d..000000000 --- a/caf_solution/add-ons/caf_eslz/lib/policy_assignments/README.md +++ /dev/null @@ -1,10 +0,0 @@ - -# Public documentation of the custom landingzones - -https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Archetype-Definitions - -https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BExamples%5D-Deploy-Custom-Landing-Zone-Archetypes - -# List of the default policy assignments - -https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/tree/main/modules/archetypes/lib/policy_assignments diff --git a/caf_solution/add-ons/caf_eslz/lib/policy_definitions/README.md b/caf_solution/add-ons/caf_eslz/lib/policy_definitions/README.md deleted file mode 100644 index e47f922fd..000000000 --- a/caf_solution/add-ons/caf_eslz/lib/policy_definitions/README.md +++ /dev/null @@ -1,10 +0,0 @@ - -# Public documentation of the custom landingzones - -https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Archetype-Definitions - -https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BExamples%5D-Deploy-Custom-Landing-Zone-Archetypes - -# List of the default policy definitions - -https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/tree/main/modules/archetypes/lib/policy_definitions diff --git a/caf_solution/add-ons/caf_eslz/lib/policy_set_definitions/README.md b/caf_solution/add-ons/caf_eslz/lib/policy_set_definitions/README.md deleted file mode 100644 index c09d2c016..000000000 --- a/caf_solution/add-ons/caf_eslz/lib/policy_set_definitions/README.md +++ /dev/null @@ -1,10 +0,0 @@ - -# Public documentation of the custom landingzones - -https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Archetype-Definitions - -https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BExamples%5D-Deploy-Custom-Landing-Zone-Archetypes - -# List of the default policy set definitions - -https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/tree/main/modules/archetypes/lib/policy_set_definitions diff --git a/caf_solution/add-ons/caf_eslz/lib/role_definitions/README.md b/caf_solution/add-ons/caf_eslz/lib/role_definitions/README.md deleted file mode 100644 index 2230928aa..000000000 --- a/caf_solution/add-ons/caf_eslz/lib/role_definitions/README.md +++ /dev/null @@ -1,11 +0,0 @@ - -# Public documentation of the custom landingzones - -https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BUser-Guide%5D-Archetype-Definitions - -https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BExamples%5D-Deploy-Custom-Landing-Zone-Archetypes - - -# List of the default role defitions - -https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/tree/main/modules/archetypes/lib/role_definitions diff --git a/caf_solution/add-ons/caf_eslz/locals.remote_tfstates.tf b/caf_solution/add-ons/caf_eslz/locals.remote_tfstates.tf index 4b96e1324..2e88cee3d 100644 --- a/caf_solution/add-ons/caf_eslz/locals.remote_tfstates.tf +++ b/caf_solution/add-ons/caf_eslz/locals.remote_tfstates.tf @@ -72,6 +72,9 @@ locals { subscriptions = { for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].subscriptions, {})) } + objects = { + for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key], {})) + } } } diff --git a/caf_solution/add-ons/caf_eslz/main.tf b/caf_solution/add-ons/caf_eslz/main.tf index 5f72dc890..47fea53cb 100644 --- a/caf_solution/add-ons/caf_eslz/main.tf +++ b/caf_solution/add-ons/caf_eslz/main.tf @@ -3,16 +3,18 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.55.0" + version = "~> 2.65.0" } } - required_version = ">= 0.13" + required_version = ">= 0.14" + experiments = [module_variable_optional_attrs] } provider "azurerm" { + partner_id = "ca4078f8-9bc4-471b-ab5b-3af6b86a42c8" + # partner identifier for CAF Terraform landing zones. features {} } data "azurerm_client_config" "current" {} - diff --git a/caf_solution/add-ons/caf_eslz/scenario/contoso/archetype_config_overrides.tfvars b/caf_solution/add-ons/caf_eslz/scenario/contoso/archetype_config_overrides.tfvars deleted file mode 100644 index 781917ec1..000000000 --- a/caf_solution/add-ons/caf_eslz/scenario/contoso/archetype_config_overrides.tfvars +++ /dev/null @@ -1,77 +0,0 @@ -archetype_config_overrides = { - - root = { - archetype_id = "es_root" - parameters = { - "Deploy-Resource-Diag" = { - "logAnalytics" = { - # value = "resource_id" - lz_key = "caf_foundations_sharedservices" - output_key = "diagnostics" - resource_type = "log_analytics" - resource_key = "central_logs_region1" - attribute_key = "id" - } - } - } - access_control = { - "Contributor" = { - "managed_identities" = { - # principal_ids = ["principal_id1", "principal_id2"] - lz_key = "launchpad" - attribute_key = "principal_id" - resource_keys = [ - "level1" - ] - } - } - } - } - - # decommissioned = { - # archetype_id = "es_decommissioned" - # parameters = {} - # access_control = {} - # } - - # sandboxes = { - # archetype_id = "es_sandboxes" - # parameters = {} - # access_control = {} - # } - - landing-zones = { - archetype_id = "es_landing_zones" - parameters = {} - access_control = { - "Contributor" = { - "managed_identities" = { - # principal_ids = ["principal_id1", "principal_id2"] - lz_key = "launchpad" - attribute_key = "principal_id" - resource_keys = [ - "level3", "subscription_creation_landingzones" - ] - } - } - } - } - - # platform = { - # archetype_id = "es_platform" - # parameters = {} - # access_control = {} - # } - - # connectivity = { - # archetype_id = "es_connectivity_foundation" - # parameters = {} - # access_control = {} - # } - - # management = { - # archetype_id = "es_management" - # parameters = {} - # access_control = {} - # } -} \ No newline at end of file diff --git a/caf_solution/add-ons/caf_eslz/scenario/contoso/custom_landing_zones.tfvars b/caf_solution/add-ons/caf_eslz/scenario/contoso/custom_landing_zones.tfvars deleted file mode 100644 index 48dc2d807..000000000 --- a/caf_solution/add-ons/caf_eslz/scenario/contoso/custom_landing_zones.tfvars +++ /dev/null @@ -1,47 +0,0 @@ -custom_landing_zones = { - - contoso-devops = { - display_name = "Devops" - parent_management_group_id = "contoso-platform" - subscription_ids = [] - archetype_config = { - archetype_id = "default_empty" - parameters = {} - access_control = {} - } - } - - contoso-staging = { - display_name = "Staging" - parent_management_group_id = "contoso-landing-zones" - subscription_ids = [] - archetype_config = { - archetype_id = "default_empty" - parameters = {} - access_control = {} - } - } - - contoso-dev = { - display_name = "Dev" - parent_management_group_id = "contoso-landing-zones" - subscription_ids = [] - archetype_config = { - archetype_id = "default_empty" - parameters = {} - access_control = {} - } - } - - contoso-production = { - display_name = "Production" - parent_management_group_id = "contoso-landing-zones" - subscription_ids = [] - archetype_config = { - archetype_id = "default_empty" - parameters = {} - access_control = {} - } - } - -} \ No newline at end of file diff --git a/caf_solution/add-ons/caf_eslz/scenario/contoso/enterprise_scale.tfvars b/caf_solution/add-ons/caf_eslz/scenario/contoso/enterprise_scale.tfvars deleted file mode 100644 index 8aa30df26..000000000 --- a/caf_solution/add-ons/caf_eslz/scenario/contoso/enterprise_scale.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -library_path = "landingzones/caf_solution/add-ons/caf_eslz/scenario/contoso" // Adjust the path as needed -root_id = "contoso" -root_name = "Contoso" -deploy_core_landing_zones = true \ No newline at end of file diff --git a/caf_solution/add-ons/caf_eslz/scenario/contoso/landingzone.tfvars b/caf_solution/add-ons/caf_eslz/scenario/contoso/landingzone.tfvars deleted file mode 100644 index 5ef87fc15..000000000 --- a/caf_solution/add-ons/caf_eslz/scenario/contoso/landingzone.tfvars +++ /dev/null @@ -1,19 +0,0 @@ -landingzone = { - backend_type = "azurerm" - global_settings_key = "caf_foundations_sharedservices" - level = "level1" - key = "caf_foundations_enterprise_scale" - tfstates = { - // Remote tfstate to retrieve default location and log analytics workspace - caf_foundations_sharedservices = { - level = "current" - tfstate = "caf_foundations_sharedservices.tfstate" - } - // Remote tfstate to retrieve the MSI created by the launchpad and set permissions on the MG hierarchy - // Requires scenarion 200 to get access to Log Analytics key 'central_logs_region1' - launchpad = { - level = "lower" - tfstate = "caf_launchpad.tfstate" - } - } -} \ No newline at end of file diff --git a/caf_solution/add-ons/caf_eslz/scenario/contoso/subscription_id_overrides.tfvars b/caf_solution/add-ons/caf_eslz/scenario/contoso/subscription_id_overrides.tfvars deleted file mode 100644 index 915ca2691..000000000 --- a/caf_solution/add-ons/caf_eslz/scenario/contoso/subscription_id_overrides.tfvars +++ /dev/null @@ -1,10 +0,0 @@ -subscription_id_overrides = { - root = [] - decommissioned = [] - sandboxes = [] - landing-zones = [] - platform = [] - connectivity = [] - management = [] - identity = [] -} \ No newline at end of file diff --git a/caf_solution/add-ons/caf_eslz/variables.tf b/caf_solution/add-ons/caf_eslz/variables.tf index 83449fad9..1e3ce879c 100644 --- a/caf_solution/add-ons/caf_eslz/variables.tf +++ b/caf_solution/add-ons/caf_eslz/variables.tf @@ -92,7 +92,46 @@ variable "deploy_core_landing_zones" { } variable "archetype_config_overrides" { - # type = map(any) + type = map( + object({ + archetype_id = string + parameters = map(map(object({ + hcl_jsonencoded = optional(string) + integer = optional(number) + boolean = optional(bool) + value = optional(string) + values = optional(list(string)) + lz_key = optional(string) + output_key = optional(string) + resource_type = optional(string) + resource_key = optional(string) + attribute_key = optional(string) + }))), + access_control = map(object({ + managed_identities = optional(object({ + lz_key = string, + attribute_key = string, + resource_keys = list(string) + })) + azuread_groups = optional(object({ + lz_key = string, + attribute_key = string, + resource_keys = list(string) + })) + azuread_service_principals = optional(object({ + lz_key = string, + attribute_key = string, + resource_keys = list(string) + })) + azuread_applications = optional(object({ + lz_key = string, + attribute_key = string, + resource_keys = list(string) + })) + principal_ids = optional(list(string)) + })) + }) + ) description = "If specified, will set custom Archetype configurations to the default Enterprise-scale Management Groups." default = {} } @@ -122,9 +161,42 @@ variable "custom_landing_zones" { }) ) archetype_config = object({ - archetype_id = string - parameters = any - access_control = any + archetype_id = string + parameters = map(map(object({ + hcl_jsonencoded = optional(string) + integer = optional(number) + boolean = optional(bool) + value = optional(string) + values = optional(list(string)) + lz_key = optional(string) + output_key = optional(string) + resource_type = optional(string) + resource_key = optional(string) + attribute_key = optional(string) + }))), + access_control = map(object({ + managed_identities = optional(object({ + lz_key = string, + attribute_key = string, + resource_keys = list(string) + })) + azuread_groups = optional(object({ + lz_key = string, + attribute_key = string, + resource_keys = list(string) + })) + azuread_service_principals = optional(object({ + lz_key = string, + attribute_key = string, + resource_keys = list(string) + })) + azuread_applications = optional(object({ + lz_key = string, + attribute_key = string, + resource_keys = list(string) + })) + principal_ids = optional(list(string)) + })) }) }) ) diff --git a/caf_solution/add-ons/cross_tenant_hub_connection/providers.tf b/caf_solution/add-ons/cross_tenant_hub_connection/providers.tf index a45ea3e6a..87da3a8a6 100644 --- a/caf_solution/add-ons/cross_tenant_hub_connection/providers.tf +++ b/caf_solution/add-ons/cross_tenant_hub_connection/providers.tf @@ -42,7 +42,7 @@ provider "azurerm" { # Source tenants for virtual networks. # Client ID must have permissions on those virtual_networks - auxiliary_tenant_ids = var.landingzone.tfstates[var.virtual_hub_lz_key].auxiliary_tenant_ids + auxiliary_tenant_ids = try(var.landingzone.tfstates[var.virtual_hub_lz_key].auxiliary_tenant_ids, null) } provider "azurerm" { features {} diff --git a/caf_solution/add-ons/terraform_cloud/main.tf b/caf_solution/add-ons/terraform_cloud/main.tf index 05c38ec9d..a238b42ed 100644 --- a/caf_solution/add-ons/terraform_cloud/main.tf +++ b/caf_solution/add-ons/terraform_cloud/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~> 2.40" + version = "~> 2.81" } azuread = { source = "hashicorp/azuread" @@ -22,7 +22,7 @@ terraform { } tfe = { source = "hashicorp/tfe" - version = "~> 0.22.0" + version = "~> 0.26.1" } } required_version = ">= 0.13" @@ -38,6 +38,7 @@ provider "azurerm" { data "azurerm_client_config" "current" {} + locals { # Update the tfstates map @@ -48,7 +49,6 @@ locals { } ) , - data.terraform_remote_state.remote[var.landingzone.global_settings_key].outputs.tfstates ) diff --git a/caf_solution/add-ons/terraform_cloud/readme.md b/caf_solution/add-ons/terraform_cloud/readme.md index 7bfe4e7a6..737a49a1f 100644 --- a/caf_solution/add-ons/terraform_cloud/readme.md +++ b/caf_solution/add-ons/terraform_cloud/readme.md @@ -25,20 +25,20 @@ This will setup TFC organization, workspaces and variables to host landing zones ```bash # Deploy -rover -lz /tf/caf/landingzones/caf_launchpad/add-ons/terraform_cloud/ \ --var-folder /tf/caf/landingzones/caf_launchpad/add-ons/terraform_cloud/example/ \ +rover -lz /tf/caf/landingzones/caf_solution/add-ons/terraform_cloud/ \ +-var-folder /tf/caf/landingzones/caf_solution/add-ons/terraform_cloud/example/ \ -a plan -launchpad or -cd /tf/caf/landingzones/caf_launchpad/add-ons/terraform_cloud/ +cd /tf/caf/landingzones/caf_solution/add-ons/terraform_cloud/ terraform init terraform plan \ --var-file /tf/caf/landingzones/caf_launchpad/add-ons/terraform_cloud/example/tfc.tfvars +-var-file /tf/caf/landingzones/caf_solution/add-ons/terraform_cloud/example/tfc.tfvars ``` Once ready, you can create your configuration: ```bash terraform apply \ --var-file /tf/caf/landingzones/caf_launchpad/add-ons/terraform_cloud/example/tfc.tfvars +-var-file /tf/caf/landingzones/caf_solution/add-ons/terraform_cloud/example/tfc.tfvars ``` \ No newline at end of file diff --git a/caf_solution/landingzone.tf b/caf_solution/landingzone.tf index 62d7d1889..7530cfa5b 100644 --- a/caf_solution/landingzone.tf +++ b/caf_solution/landingzone.tf @@ -2,7 +2,7 @@ module "solution" { source = "aztfmod/caf/azurerm" version = "~>5.4.2" - # source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git?ref=master" + # source = "git::https://github.com/aztfmod/terraform-azurerm-caf.git?ref=patch.5.4.6" # source = "../../aztfmod" azuread = local.azuread diff --git a/caf_solution/local.networking.tf b/caf_solution/local.networking.tf index 80406398c..dfd5ecbf1 100644 --- a/caf_solution/local.networking.tf +++ b/caf_solution/local.networking.tf @@ -2,6 +2,8 @@ locals { networking = merge( var.networking, { + application_gateway_platforms = var.application_gateway_platforms + application_gateway_applications_v1 = var.application_gateway_applications_v1 application_gateway_applications = var.application_gateway_applications application_gateway_waf_policies = var.application_gateway_waf_policies application_gateways = var.application_gateways @@ -29,6 +31,7 @@ locals { network_watchers = var.network_watchers networking_interface_asg_associations = var.networking_interface_asg_associations private_dns = var.private_dns + private_dns_vnet_links = var.private_dns_vnet_links private_endpoints = var.private_endpoints public_ip_addresses = var.public_ip_addresses route_tables = var.route_tables @@ -42,6 +45,7 @@ locals { virtual_wans = var.virtual_wans vnet_peerings = var.vnet_peerings vnets = var.vnets + virtual_subnets = var.virtual_subnets vpn_sites = var.vpn_sites vpn_gateway_connections = var.vpn_gateway_connections } diff --git a/caf_solution/local.remote.tf b/caf_solution/local.remote.tf index 39e70e43e..80ce0d607 100644 --- a/caf_solution/local.remote.tf +++ b/caf_solution/local.remote.tf @@ -47,6 +47,12 @@ locals { application_gateways = { for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].application_gateways, {})) } + application_gateway_platforms = { + for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].application_gateway_platforms, {})) + } + application_gateway_applications_v1 = { + for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].application_gateway_applications_v1, {})) + } availability_sets = { for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].availability_sets, {})) } @@ -60,7 +66,7 @@ locals { for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].azurerm_firewalls, {})) } container_registry = { - for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].container_registry, {})) + for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].azure_container_registries, {})) } disk_encryption_sets = { for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].disk_encryption_sets, {})) diff --git a/caf_solution/main.tf b/caf_solution/main.tf index a8ec361aa..a03e00bc8 100644 --- a/caf_solution/main.tf +++ b/caf_solution/main.tf @@ -28,6 +28,8 @@ terraform { provider "azurerm" { + partner_id = "ca4078f8-9bc4-471b-ab5b-3af6b86a42c8" + # partner identifier for CAF Terraform landing zones. features { key_vault { purge_soft_delete_on_destroy = var.provider_azurerm_features_keyvault.purge_soft_delete_on_destroy diff --git a/caf_solution/readme.md b/caf_solution/readme.md index 48f6c0333..a326c462c 100644 --- a/caf_solution/readme.md +++ b/caf_solution/readme.md @@ -15,7 +15,7 @@ The landing zones solutions provide the underlying infrastructure to support you Solutions landing zone operates at **level 3**. -For a review of the hierarchy approach of Cloud Adoption Framework for Azure landing zones on Terraform, you can refer to [the following documentation](../../documentation/code_architecture/hierarchy.md). +For a review of the hierarchy approach of Cloud Adoption Framework for Azure landing zones on Terraform, you can refer to [the following documentation](https://github.com/Azure/caf-terraform-landingzones/blob/master/documentation/code_architecture/hierarchy.md). ## Deploying solutions diff --git a/caf_solution/scenario/networking/106-hub-virtual-wan-firewall/peerings.tfvars b/caf_solution/scenario/networking/106-hub-virtual-wan-firewall/peerings.tfvars index bdeb8e645..ff1a4d522 100644 --- a/caf_solution/scenario/networking/106-hub-virtual-wan-firewall/peerings.tfvars +++ b/caf_solution/scenario/networking/106-hub-virtual-wan-firewall/peerings.tfvars @@ -1,9 +1,8 @@ virtual_hub_connections = { # Establish the peering with Virtual Hubs hub_rg1-TO-vnet_rg1 = { - vhub = { - virtual_wan_key = "vwan_re1" - virtual_hub_key = "hub_re1" + virtual_hub = { + key = "hub_re1" } vnet = { # If the virtual network is stored in another another landing zone, use the following attributes to refer the state file: @@ -17,9 +16,8 @@ virtual_hub_connections = { internet_security_enabled = true } hub_rg2-TO-vnet_rg2 = { - vhub = { - virtual_wan_key = "vwan_re1" - virtual_hub_key = "hub_re2" + virtual_hub = { + key = "hub_re2" } vnet = { # If the virtual network is stored in another another landing zone, use the following attributes to refer the state file: diff --git a/caf_solution/scenario/networking/106-hub-virtual-wan-firewall/virtual_hubs.tfvars b/caf_solution/scenario/networking/106-hub-virtual-wan-firewall/virtual_hubs.tfvars new file mode 100644 index 000000000..1c403c99b --- /dev/null +++ b/caf_solution/scenario/networking/106-hub-virtual-wan-firewall/virtual_hubs.tfvars @@ -0,0 +1,40 @@ +virtual_hubs = { + hub_re1 = { + virtual_wan = { + key = "vwan_re1" + } + resource_group = { + key = "hub_re1" + } + hub_name = "hub-re1" + region = "region1" + hub_address_prefix = "10.0.3.0/24" + deploy_firewall = false + deploy_p2s = false + p2s_config = {} + deploy_s2s = false + s2s_config = {} + deploy_er = false + er_config = {} + + } + hub_re2 = { + virtual_wan = { + key = "vwan_re1" + } + resource_group = { + key = "hub_re2" + } + hub_name = "hub-re2" + region = "region2" + hub_address_prefix = "10.0.4.0/24" + deploy_firewall = false + deploy_p2s = false + p2s_config = {} + deploy_s2s = false + s2s_config = {} + deploy_er = false + er_config = {} + } +} + diff --git a/caf_solution/scenario/networking/106-hub-virtual-wan-firewall/virtual_wan.tfvars b/caf_solution/scenario/networking/106-hub-virtual-wan-firewall/virtual_wan.tfvars index 4c6344697..1fcb67db4 100644 --- a/caf_solution/scenario/networking/106-hub-virtual-wan-firewall/virtual_wan.tfvars +++ b/caf_solution/scenario/networking/106-hub-virtual-wan-firewall/virtual_wan.tfvars @@ -4,33 +4,6 @@ virtual_wans = { name = "contosovWAN-re1" region = "region1" - hubs = { - hub_re1 = { - hub_name = "hub-re1" - region = "region1" - hub_address_prefix = "10.0.3.0/24" - deploy_firewall = false - deploy_p2s = false - p2s_config = {} - deploy_s2s = false - s2s_config = {} - deploy_er = false - er_config = {} - - } - hub_re2 = { - hub_name = "hub-re2" - region = "region2" - hub_address_prefix = "10.0.4.0/24" - deploy_firewall = false - deploy_p2s = false - p2s_config = {} - deploy_s2s = false - s2s_config = {} - deploy_er = false - er_config = {} - } - } } } diff --git a/caf_solution/variables.networking.tf b/caf_solution/variables.networking.tf index fb0e1980b..f1920fc9e 100644 --- a/caf_solution/variables.networking.tf +++ b/caf_solution/variables.networking.tf @@ -1,7 +1,13 @@ +variable "application_gateway_platforms" { + default = {} +} variable "application_gateways" { default = {} } +variable "application_gateway_applications_v1" { + default = {} +} variable "application_gateway_applications" { default = {} } @@ -87,6 +93,9 @@ variable "private_endpoints" { variable "private_dns" { default = {} } +variable "private_dns_vnet_links" { + default = {} +} variable "public_ip_addresses" { default = {} } @@ -108,6 +117,9 @@ variable "virtual_hubs" { variable "vnets" { default = {} } +variable "virtual_subnets" { + default = {} +} variable "vhub_peerings" { default = {} }