v0.3.0 merge branch. Merging other PRs for testing

avm

@@ -48,6 +48,15 @@ if [ -d "${AZURE_CONFIG_DIR}" ]; then
   AZURE_CONFIG_MOUNT="-v ${AZURE_CONFIG_DIR}:/home/runtimeuser/.azure"
 fi
 
+# Check if AVM_TMP_DIR is set, if so mount it to /tmp
+if [ -z "${AVM_TMP_DIR}" ] && [ -n "${RUNNER_TEMP}" ]; then
+  AVM_TMP_DIR="${RUNNER_TEMP}"
+fi
+
+if [ -n "${AVM_TMP_DIR}" ]; then
+  TMP_MOUNT="-v ${AVM_TMP_DIR}:/tmp"
+fi
+
 # If the host Docker socket exists, mount it into the container so the container can talk to the host docker daemon
 if [ -S /var/run/docker.sock ]; then
   DOCKER_SOCK_MOUNT="-v /var/run/docker.sock:/var/run/docker.sock"
@@ -87,6 +96,19 @@ if [ -n "${AVM_PORCH_BASE_URL}" ]; then
   PORCH_BASE_URL_MAKE_ADD="PORCH_BASE_URL=${AVM_PORCH_BASE_URL}"
 fi
 
+# Get the repo specific environment variables from avm.config if it exists
+LOCAL_ENVIRONMENT_VARIABLES=""
+if [ -f "avm.config.json" ]; then
+  declare -A variables
+  eval "$(cat "avm.config.json" | jq -r 'to_entries[] | @sh "variables[\(.key|tostring)]=\(.value|tostring)"')"
+
+  for key in "${!variables[@]}"; do
+    export "$key"="${variables[$key]}"
+    LOCAL_ENVIRONMENT_VARIABLES="${LOCAL_ENVIRONMENT_VARIABLES}-e $key "
+    echo "Set environment variable: $key"="${variables[$key]}"
+  done
+fi
+
 # Check if we are running in a container
 # If we are then just run make directly
 if [ -z "${AVM_IN_CONTAINER}" ]; then
@@ -99,6 +121,7 @@ if [ -z "${AVM_IN_CONTAINER}" ]; then
     ${AZURE_CONFIG_MOUNT:-} \
     ${DOCKER_SOCK_MOUNT:-} \
     ${SSL_CERT_MOUNTS:-} \
+    ${TMP_MOUNT:-} \
     -e ARM_CLIENT_ID \
     -e ARM_OIDC_REQUEST_TOKEN \
     -e ARM_OIDC_REQUEST_URL \
@@ -110,11 +133,13 @@ if [ -z "${AVM_IN_CONTAINER}" ]; then
     -e NO_COLOR \
     -e PORCH_LOG_LEVEL \
     -e TF_IN_AUTOMATION=1 \
+    ${LOCAL_ENVIRONMENT_VARIABLES} \
     --env-file <(env | grep '^TF_VAR_') \
     --env-file <(env | grep '^AVM_') \
     "${CONTAINER_IMAGE}" \
     make \
     TUI="${TUI}" \
+    AVM_PORCH_STDOUT="${AVM_PORCH_STDOUT}" \
     AVM_MAKEFILE_REF="${AVM_MAKEFILE_REF}" \
     "${PORCH_BASE_URL_MAKE_ADD}" \
     AVM_PORCH_REF="${AVM_PORCH_REF}" \

avm.ps1

@@ -130,6 +130,7 @@ if (-not $env:AVM_IN_CONTAINER) {
     "MPTF_URL",
     "NO_COLOR",
     "PORCH_LOG_LEVEL",
+    "AVM_PORCH_STDOUT",
     "TEST_TYPE",
     "TFLINT_CONFIG_URL"
   )
@@ -154,13 +155,27 @@ if (-not $env:AVM_IN_CONTAINER) {
     $dockerArgs += @("-e", "$($_.Name)=$($_.Value)")
   }
 
+  # Add local environment variables from avm.config.json
+  if (Test-Path "avm.config.json") {
+    $jsonContent = Get-Content "avm.config.json" -Raw | ConvertFrom-Json -AsHashtable
+
+    foreach ($key in $jsonContent.Keys) {
+      [System.Environment]::SetEnvironmentVariable($key, $jsonContent[$key])
+      $dockerArgs += @("-e", "$key")
+    }
+  }
+
   $dockerArgs += $CONTAINER_IMAGE
   $dockerArgs += "make"
 
   if ($TUI) {
     $dockerArgs += "TUI=$TUI"
   }
 
+  if($env:AVM_PORCH_STDOUT) {
+    $dockerArgs += "AVM_PORCH_STDOUT=$($env:AVM_PORCH_STDOUT)"
+  }
+
   $dockerArgs += "MAKEFILE_REF=$MAKEFILE_REF"
 
   if ($PORCH_BASE_URL_MAKE_ADD) {

examples/default-byo-vnet/README.md

@@ -140,7 +140,8 @@ module "test" {
   ai_foundry_definition = {
     purge_on_destroy = true
     ai_foundry = {
-      create_ai_agent_service = true
+      create_ai_agent_service    = true
+      enable_diagnostic_settings = false
     }
     ai_model_deployments = {
       "gpt-4o" = {
@@ -175,25 +176,21 @@ module "test" {
     }
     ai_search_definition = {
       this = {
-        enable_diagnostic_settings = false
       }
     }
     cosmosdb_definition = {
       this = {
-        enable_diagnostic_settings = false
-        consistency_level          = "Session"
+        consistency_level = "Session"
       }
     }
     key_vault_definition = {
       this = {
-        enable_diagnostic_settings = false
       }
     }
 
     storage_account_definition = {
       this = {
-        enable_diagnostic_settings = false
-        shared_access_key_enabled  = true #configured for testing
+        shared_access_key_enabled = true #configured for testing
         endpoints = {
           blob = {
             type = "blob"
@@ -249,11 +246,14 @@ module "test" {
   }
   enable_telemetry           = var.enable_telemetry
   flag_platform_landing_zone = false
+  genai_app_configuration_definition = {
+    enable_diagnostic_settings = false
+  }
   genai_container_registry_definition = {
     enable_diagnostic_settings = false
   }
   genai_cosmosdb_definition = {
-    enable_diagnostic_settings = false
+    consistency_level = "Session"
   }
   genai_key_vault_definition = {
     #this is for AVM testing purposes only. Doing this as we don't have an easy for the test runner to be privately connected for testing.
@@ -264,7 +264,6 @@ module "test" {
     }
   }
   genai_storage_account_definition = {
-    enable_diagnostic_settings = false
   }
   ks_ai_search_definition = {
     enable_diagnostic_settings = false

examples/default-byo-vnet/main.tf

@@ -133,7 +133,8 @@ module "test" {
   ai_foundry_definition = {
     purge_on_destroy = true
     ai_foundry = {
-      create_ai_agent_service = true
+      create_ai_agent_service    = true
+      enable_diagnostic_settings = false
     }
     ai_model_deployments = {
       "gpt-4o" = {
@@ -168,25 +169,21 @@ module "test" {
     }
     ai_search_definition = {
       this = {
-        enable_diagnostic_settings = false
       }
     }
     cosmosdb_definition = {
       this = {
-        enable_diagnostic_settings = false
-        consistency_level          = "Session"
+        consistency_level = "Session"
       }
     }
     key_vault_definition = {
       this = {
-        enable_diagnostic_settings = false
       }
     }
 
     storage_account_definition = {
       this = {
-        enable_diagnostic_settings = false
-        shared_access_key_enabled  = true #configured for testing
+        shared_access_key_enabled = true #configured for testing
         endpoints = {
           blob = {
             type = "blob"
@@ -242,11 +239,14 @@ module "test" {
   }
   enable_telemetry           = var.enable_telemetry
   flag_platform_landing_zone = false
+  genai_app_configuration_definition = {
+    enable_diagnostic_settings = false
+  }
   genai_container_registry_definition = {
     enable_diagnostic_settings = false
   }
   genai_cosmosdb_definition = {
-    enable_diagnostic_settings = false
+    consistency_level = "Session"
   }
   genai_key_vault_definition = {
     #this is for AVM testing purposes only. Doing this as we don't have an easy for the test runner to be privately connected for testing.
@@ -257,7 +257,6 @@ module "test" {
     }
   }
   genai_storage_account_definition = {
-    enable_diagnostic_settings = false
   }
   ks_ai_search_definition = {
     enable_diagnostic_settings = false

examples/default/README.md

@@ -94,7 +94,7 @@ module "test" {
   resource_group_name = "ai-lz-rg-default-${substr(module.naming.unique-seed, 0, 5)}"
   vnet_definition = {
     name          = "ai-lz-vnet-default"
-    address_space = "192.168.0.0/23"                                                                 # has to be out of 192.168.0.0/16 currently. Other RFC1918 not supported for foundry capabilityHost injection.
+    address_space = ["192.168.0.0/23"]                                                               # has to be out of 192.168.0.0/16 currently. Other RFC1918 not supported for foundry capabilityHost injection.
     dns_servers   = [for key, value in module.example_hub.dns_resolver_inbound_ip_addresses : value] # Use the DNS resolver IPs from the example hub
     hub_vnet_peering_definition = {
       peer_vnet_resource_id = module.example_hub.virtual_network_resource_id
@@ -104,7 +104,8 @@ module "test" {
   ai_foundry_definition = {
     purge_on_destroy = true
     ai_foundry = {
-      create_ai_agent_service = true
+      create_ai_agent_service    = true
+      enable_diagnostic_settings = false
     }
     ai_model_deployments = {
       "gpt-4o" = {
@@ -139,25 +140,21 @@ module "test" {
     }
     ai_search_definition = {
       this = {
-        enable_diagnostic_settings = false
       }
     }
     cosmosdb_definition = {
       this = {
-        enable_diagnostic_settings = false
-        consistency_level          = "Session"
+        consistency_level = "Session"
       }
     }
     key_vault_definition = {
       this = {
-        enable_diagnostic_settings = false
       }
     }
 
     storage_account_definition = {
       this = {
-        enable_diagnostic_settings = false
-        shared_access_key_enabled  = true #configured for testing
+        shared_access_key_enabled = true #configured for testing
         endpoints = {
           blob = {
             type = "blob"
@@ -207,21 +204,22 @@ module "test" {
     }
   }
   bastion_definition = {
+
   }
   container_app_environment_definition = {
     enable_diagnostic_settings = false
   }
   enable_telemetry           = var.enable_telemetry
   flag_platform_landing_zone = false
-  # Note: When flag_platform_landing_zone = true, you can enable direct internet routing
-  # for Azure Application Gateway v2 compatibility by setting:
-  # use_internet_routing = true
+  genai_app_configuration_definition = {
+    enable_diagnostic_settings = false
+  }
   genai_container_registry_definition = {
     enable_diagnostic_settings = false
   }
   genai_cosmosdb_definition = {
-    enable_diagnostic_settings = false
-    consistency_level          = "Session"
+
+    consistency_level = "Session"
   }
   genai_key_vault_definition = {
     public_network_access_enabled = true # configured for testing
@@ -231,16 +229,15 @@ module "test" {
     }
   }
   genai_storage_account_definition = {
-    enable_diagnostic_settings = false
   }
   ks_ai_search_definition = {
     enable_diagnostic_settings = false
   }
   private_dns_zones = {
+    azure_policy_pe_zone_linking_enabled      = true
     existing_zones_resource_group_resource_id = module.example_hub.resource_group_resource_id
   }
 }
-
 ```
 
 <!-- markdownlint-disable MD033 -->