Release/azurerm v4 support (#84)

* support for azureRM 4.x

* avm checks

* Create .e2eignore

* Create .e2eignore

* repo governance, linting, e2eignore

* Complete v4 support

* Remove ignore

* Fix azurerm version in test

* Update SUPPORT.md

Co-authored-by: Matt White <16320656+matt-FFFFFF@users.noreply.github.com>

---------

Co-authored-by: donovm4 <mccoy.donov@gmail.com>
Co-authored-by: Donovan McCoy <144926888+donovm4@users.noreply.github.com>
Co-authored-by: Matt White <16320656+matt-FFFFFF@users.noreply.github.com>

Author: 3 people

.github/workflows/e2e.yml

@@ -1,99 +1,29 @@
 ---
-name: e2e test
-
-on:
-  pull_request:
-    types: ['opened', 'reopened', 'synchronize']
-  merge_group:
-  workflow_dispatch:
-
-permissions:
-  contents: read
-  id-token: write
-
-jobs:
-  getexamples:
-    if: github.event.repository.name != 'terraform-azurerm-avm-template'
-    runs-on: ubuntu-latest
-    outputs:
-      examples: ${{ steps.getexamples.outputs.examples }}
-    steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
-      - name: get examples
-        id: getexamples
-        uses: Azure/terraform-azurerm-avm-template/.github/actions/e2e-getexamples@main
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-
-  testexamples:
-    if: github.event.repository.name != 'terraform-azurerm-avm-template'
-    runs-on: [ self-hosted, 1ES.Pool=ff314ac9fce031b9e7f5dde283f515666e148ae7 ]
-    needs: getexamples
-    environment: test
-    env:
-      TF_IN_AUTOMATION: 1
-      TF_VAR_enable_telemetry: false
-    strategy:
-      matrix:
-        example: ${{ fromJson(needs.getexamples.outputs.examples) }}
-      fail-fast: false
-    steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
-
-      - name: Test example
-        shell: bash
-        env:
-          SECRETS_CONTEXT: ${{ toJson(secrets) }}
-          VARS_CONTEXT: ${{ toJson(vars) }}
-        run: |
-          set -e
-           MAX_RETRIES=10
-          RETRY_COUNT=0
-          until [ $RETRY_COUNT -ge $MAX_RETRIES ]
-          do
-            az login --identity --username $MSI_ID > /dev/null && break
-            RETRY_COUNT=$[$RETRY_COUNT+1]
-            sleep 10
-          done
-          if [ $RETRY_COUNT -eq $MAX_RETRIES ]; then
-            echo "Failed to login after $MAX_RETRIES attempts."
-            exit 1
-          fi
-
-          declare -A secrets
-          eval "$(echo $SECRETS_CONTEXT | jq -r 'to_entries[] | @sh "secrets[\(.key|tostring)]=\(.value|tostring)"')"
-
-          declare -A variables
-          eval "$(echo $VARS_CONTEXT | jq -r 'to_entries[] | @sh "variables[\(.key|tostring)]=\(.value|tostring)"')"
-
-          for key in "${!secrets[@]}"; do
-            if [[ $key = \TF_VAR_* ]]; then
-              lowerKey=$(echo "$key" | tr '[:upper:]' '[:lower:]')
-              finalKey=${lowerKey/tf_var_/TF_VAR_}
-              export "$finalKey"="${secrets[$key]}"
-            fi
-          done
-
-          for key in "${!variables[@]}"; do
-            if [[ $key = \TF_VAR_* ]]; then
-              lowerKey=$(echo "$key" | tr '[:upper:]' '[:lower:]')
-              finalKey=${lowerKey/tf_var_/TF_VAR_}
-              export "$finalKey"="${variables[$key]}"
-            fi
-          done
-
-          echo -e "Custom environment variables:\n$(env | grep TF_VAR_ | grep -v ' "TF_VAR_')"
-
-          export ARM_SUBSCRIPTION_ID=$(az login --identity --username $MSI_ID | jq -r '.[0] | .id')
-          export ARM_TENANT_ID=$(az login --identity --username $MSI_ID | jq -r '.[0] | .tenantId')
-          export ARM_CLIENT_ID=$(az identity list | jq -r --arg MSI_ID "$MSI_ID" '.[] | select(.principalId == $MSI_ID) | .clientId')
-          docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src -w /src --network=host -e TF_IN_AUTOMATION -e TF_VAR_enable_telemetry -e AVM_MOD_PATH=/src -e AVM_EXAMPLE=${{ matrix.example }} -e MSI_ID -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_USE_MSI=true --env-file <(env | grep TF_VAR_ | grep -v ' "TF_VAR_') mcr.microsoft.com/azterraform:latest make test-example
-
-  # This job is only run when all the previous jobs are successful.
-  # We can use it for PR validation to ensure all examples have completed.
-  testexamplescomplete:
-    if: github.event.repository.name != 'terraform-azurerm-avm-template'
-    runs-on: ubuntu-latest
-    needs: testexamples
-    steps:
-      - run: echo "All tests passed"
+  name: test examples
+  on:
+    pull_request:
+      types: ['opened', 'reopened', 'synchronize']
+    merge_group:
+    workflow_dispatch:
+  
+  jobs:
+    check:
+      runs-on: ubuntu-latest
+      steps:
+        - name: Checking for Fork
+          shell: pwsh
+          run: |
+            $isFork = "${{ github.event.pull_request.head.repo.fork }}"
+            if($isFork -eq "true") {
+              echo "### WARNING: This workflow is disabled for forked repositories. Please follow the [release branch process](https://azure.github.io/Azure-Verified-Modules/contributing/terraform/terraform-contribution-flow/#5-create-a-pull-request-to-the-upstream-repository) if end to end tests are required." >> $env:GITHUB_STEP_SUMMARY
+            }
+
+    run-e2e-tests:
+      if: github.event.pull_request.head.repo.fork == false
+      uses: Azure/terraform-azurerm-avm-template/.github/workflows/test-examples-template.yml@main
+      name: end to end
+      secrets: inherit
+      permissions:
+        id-token: write
+        contents: read
+  

.github/workflows/linting.yml

@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: checkout repository
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
 
       - name: check docs
         uses: Azure/terraform-azurerm-avm-template/.github/actions/docs-check@main
@@ -32,7 +32,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: checkout repository
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
 
       - name: lint terraform
         uses: Azure/terraform-azurerm-avm-template/.github/actions/linting@main
@@ -45,7 +45,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: checkout repository
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
 
       - name: avmfix
         uses: Azure/terraform-azurerm-avm-template/.github/actions/avmfix@main
@@ -54,4 +54,4 @@ jobs:
     needs: [docs, terraform, avmfix]
     runs-on: ubuntu-latest
     steps:
-      - run: echo "All linting checks passed"
+      - run: echo "All linting checks passed"

.github/workflows/version-check.yml

@@ -16,8 +16,8 @@ jobs:
     if: github.event.repository.name != 'terraform-azurerm-avm-template'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
       - name: Check version
         uses: Azure/terraform-azurerm-avm-template/.github/actions/version-check@main
         with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}

README.md

@@ -9,7 +9,7 @@ The following requirements are needed by this module:
 
 - <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) (>= 1.5.2)
 
-- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (~> 3.71)
+- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 3.71, < 5.0.0)
 
 - <a name="requirement_modtm"></a> [modtm](#requirement\_modtm) (~> 0.3)
 

avm

@@ -27,7 +27,7 @@ fi
 # Check if we are running in a container
 # If we are then just run make directly
 if [ -z "$AVM_IN_CONTAINER" ]; then
-  $CONTAINER_RUNTIME run --pull always --user "$(id -u):$(id -g)" --rm $AZURE_VOLUME -v /etc/passwd:/etc/passwd -v /etc/group:/etc/group -v "$(pwd)":/src -w /src -e GITHUB_REPOSITORY -e ARM_SUBSCRIPTION_ID -e GITHUB_REPOSITORY_OWNER mcr.microsoft.com/azterraform make "$1"
+  $CONTAINER_RUNTIME run --pull always --user "$(id -u):$(id -g)" --rm $AZURE_VOLUME -v "$(pwd)":/src -w /src -e GITHUB_TOKEN -e GITHUB_REPOSITORY -e ARM_SUBSCRIPTION_ID -e GITHUB_REPOSITORY_OWNER mcr.microsoft.com/azterraform make "$1"
 else
   make "$1"
-fi
+fi

avm.bat

@@ -18,6 +18,6 @@ IF "%~1"=="" (
 )
 
 REM Run the make target with CONTAINER_RUNTIME
-%CONTAINER_RUNTIME% run --pull always --rm -v "%cd%":/src -w /src --user "1000:1000" -e ARM_SUBSCRIPTION_ID -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER mcr.microsoft.com/azterraform make %1
+%CONTAINER_RUNTIME% run --pull always --rm -v "%cd%":/src -w /src --user "1000:1000" -e GITHUB_TOKEN -e ARM_SUBSCRIPTION_ID -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER mcr.microsoft.com/azterraform make %1
 
-ENDLOCAL
+ENDLOCAL

avm.tflint.override.hcl

@@ -0,0 +1,3 @@
+rule "provider_azurerm_version" {
+  enabled = false
+}

avm.tflint_example.override.hcl

@@ -0,0 +1,3 @@
+rule "provider_azurerm_version" {
+  enabled = false
+}

avm.tflint_module.hcl

@@ -1,12 +1,12 @@
 plugin "terraform" {
   enabled = true
-  version = "0.5.0"
+  version = "0.10.0"
   source  = "github.com/terraform-linters/tflint-ruleset-terraform"
 }
 
 plugin "avm" {
   enabled     = true
-  version     = "0.11.1"
+  version     = "0.11.5"
   source      = "github.com/Azure/tflint-ruleset-avm"
   signing_key = <<-KEY
 -----BEGIN PGP PUBLIC KEY BLOCK-----
@@ -190,4 +190,4 @@ rule "tags" {
 
 rule "provider_modtm_version" {
   enabled = false
-}
+}