From 0487de5fa931494bf384e514922fbd31859f321d Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Mon, 6 Jan 2025 15:25:52 +0000 Subject: [PATCH 01/23] Update Azure RM provider version and refactor subnet IP range filters in Terraform configurations --- core/terraform/cosmos_mongo.tf | 4 +- core/terraform/main.tf | 2 +- core/terraform/network/main.tf | 2 +- core/terraform/network/network.tf | 214 ++++++++---------- .../network/network_security_groups.tf | 55 ----- core/terraform/network/outputs.tf | 20 +- core/terraform/statestore.tf | 2 +- 7 files changed, 107 insertions(+), 192 deletions(-) diff --git a/core/terraform/cosmos_mongo.tf b/core/terraform/cosmos_mongo.tf index 65812cc8f1..838abdce34 100644 --- a/core/terraform/cosmos_mongo.tf +++ b/core/terraform/cosmos_mongo.tf @@ -6,8 +6,8 @@ resource "azurerm_cosmosdb_account" "mongo" { kind = "MongoDB" automatic_failover_enabled = false mongo_server_version = 4.2 - ip_range_filter = "${local.azure_portal_cosmos_ips}${var.enable_local_debugging ? ",${local.myip}" : ""}" - + ip_range_filter = toset(var.enable_local_debugging ? concat(split(",", local.azure_portal_cosmos_ips), [local.myip]) : split(",", local.azure_portal_cosmos_ips)) + capabilities { name = "EnableServerless" } diff --git a/core/terraform/main.tf b/core/terraform/main.tf index 49693884c1..8355ecf9b1 100644 --- a/core/terraform/main.tf +++ b/core/terraform/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "=3.117.0" + version = "=4.14.0" } random = { source = "hashicorp/random" diff --git a/core/terraform/network/main.tf b/core/terraform/network/main.tf index a4eb095f9c..1033345566 100644 --- a/core/terraform/network/main.tf +++ b/core/terraform/network/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">= 3.117" + version = "= 4.14.0" } } } diff --git a/core/terraform/network/network.tf b/core/terraform/network/network.tf index db71fe554f..eac80ce9ec 100644 --- a/core/terraform/network/network.tf +++ b/core/terraform/network/network.tf @@ -5,146 +5,112 @@ resource "azurerm_virtual_network" "core" { address_space = [var.core_address_space] tags = local.tre_core_tags lifecycle { ignore_changes = [tags] } -} -resource "azurerm_subnet" "bastion" { - name = "AzureBastionSubnet" - virtual_network_name = azurerm_virtual_network.core.name - resource_group_name = var.resource_group_name - address_prefixes = [local.bastion_subnet_address_prefix] -} + subnet { + name = "AzureBastionSubnet" + address_prefixes = [local.bastion_subnet_address_prefix] + security_group = azurerm_network_security_group.bastion.id + } -resource "azurerm_subnet" "azure_firewall" { - name = "AzureFirewallSubnet" - virtual_network_name = azurerm_virtual_network.core.name - resource_group_name = var.resource_group_name - address_prefixes = [local.firewall_subnet_address_space] - depends_on = [azurerm_subnet.bastion] -} + subnet { + name = "AzureFirewallSubnet" + address_prefixes = [local.firewall_subnet_address_space] + } -resource "azurerm_subnet" "app_gw" { - name = "AppGwSubnet" - virtual_network_name = azurerm_virtual_network.core.name - resource_group_name = var.resource_group_name - address_prefixes = [local.app_gw_subnet_address_prefix] - private_endpoint_network_policies = "Disabled" - private_link_service_network_policies_enabled = true - depends_on = [azurerm_subnet.azure_firewall] -} + subnet { + name = "AppGwSubnet" + address_prefixes = [local.app_gw_subnet_address_prefix] + private_endpoint_network_policies = "Disabled" + private_link_service_network_policies_enabled = true + security_group = azurerm_network_security_group.app_gw.id + } -resource "azurerm_subnet" "web_app" { - name = "WebAppSubnet" - virtual_network_name = azurerm_virtual_network.core.name - resource_group_name = var.resource_group_name - address_prefixes = [local.web_app_subnet_address_prefix] - private_endpoint_network_policies = "Disabled" - private_link_service_network_policies_enabled = true - depends_on = [azurerm_subnet.app_gw] - - delegation { - name = "delegation" - - service_delegation { - name = "Microsoft.Web/serverFarms" - actions = ["Microsoft.Network/virtualNetworks/subnets/action"] + subnet { + name = "WebAppSubnet" + address_prefixes = [local.web_app_subnet_address_prefix] + private_endpoint_network_policies = "Disabled" + private_link_service_network_policies_enabled = true + security_group = azurerm_network_security_group.default_rules.id + + delegation { + name = "delegation" + + service_delegation { + name = "Microsoft.Web/serverFarms" + actions = ["Microsoft.Network/virtualNetworks/subnets/action"] + } } } -} -resource "azurerm_subnet" "shared" { - name = "SharedSubnet" - virtual_network_name = azurerm_virtual_network.core.name - resource_group_name = var.resource_group_name - address_prefixes = [local.shared_services_subnet_address_prefix] - # notice that private endpoints do not adhere to NSG rules - private_endpoint_network_policies = "Disabled" - depends_on = [azurerm_subnet.web_app] -} + subnet { + name = "SharedSubnet" + address_prefixes = [local.shared_services_subnet_address_prefix] + private_endpoint_network_policies = "Disabled" + security_group = azurerm_network_security_group.default_rules.id + } -resource "azurerm_subnet" "resource_processor" { - name = "ResourceProcessorSubnet" - virtual_network_name = azurerm_virtual_network.core.name - resource_group_name = var.resource_group_name - address_prefixes = [local.resource_processor_subnet_address_prefix] - # notice that private endpoints do not adhere to NSG rules - private_endpoint_network_policies = "Disabled" - depends_on = [azurerm_subnet.shared] -} + subnet { + name = "ResourceProcessorSubnet" + address_prefixes = [local.resource_processor_subnet_address_prefix] + private_endpoint_network_policies = "Disabled" + security_group = azurerm_network_security_group.default_rules.id + } -resource "azurerm_subnet" "airlock_processor" { - name = "AirlockProcessorSubnet" - virtual_network_name = azurerm_virtual_network.core.name - resource_group_name = var.resource_group_name - address_prefixes = [local.airlock_processor_subnet_address_prefix] - # notice that private endpoints do not adhere to NSG rules - private_endpoint_network_policies = "Disabled" - depends_on = [azurerm_subnet.resource_processor] - - delegation { - name = "delegation" - - service_delegation { - name = "Microsoft.Web/serverFarms" - actions = ["Microsoft.Network/virtualNetworks/subnets/action"] + subnet { + name = "AirlockProcessorSubnet" + address_prefixes = [local.airlock_processor_subnet_address_prefix] + private_endpoint_network_policies = "Disabled" + security_group = azurerm_network_security_group.default_rules.id + + delegation { + name = "delegation" + + service_delegation { + name = "Microsoft.Web/serverFarms" + actions = ["Microsoft.Network/virtualNetworks/subnets/action"] + } } + + service_endpoints = ["Microsoft.Storage"] } - # Todo: needed as we want to open the fw for this subnet in some of the airlock storages (export inprogress) - # https://github.com/microsoft/AzureTRE/issues/2098 - service_endpoints = ["Microsoft.Storage"] -} + subnet { + name = "AirlockNotifiactionSubnet" + address_prefixes = [local.airlock_notifications_subnet_address_prefix] + private_endpoint_network_policies = "Disabled" + security_group = azurerm_network_security_group.default_rules.id -resource "azurerm_subnet" "airlock_notification" { - name = "AirlockNotifiactionSubnet" - virtual_network_name = azurerm_virtual_network.core.name - resource_group_name = var.resource_group_name - address_prefixes = [local.airlock_notifications_subnet_address_prefix] - # notice that private endpoints do not adhere to NSG rules - private_endpoint_network_policies = "Disabled" - depends_on = [azurerm_subnet.airlock_processor] - - delegation { - name = "delegation" - - service_delegation { - name = "Microsoft.Web/serverFarms" - actions = ["Microsoft.Network/virtualNetworks/subnets/action"] + delegation { + name = "delegation" + + service_delegation { + name = "Microsoft.Web/serverFarms" + actions = ["Microsoft.Network/virtualNetworks/subnets/action"] + } } + service_endpoints = ["Microsoft.ServiceBus"] } - service_endpoints = ["Microsoft.ServiceBus"] -} -resource "azurerm_subnet" "airlock_storage" { - name = "AirlockStorageSubnet" - virtual_network_name = azurerm_virtual_network.core.name - resource_group_name = var.resource_group_name - address_prefixes = [local.airlock_storage_subnet_address_prefix] - # notice that private endpoints do not adhere to NSG rules - private_endpoint_network_policies = "Disabled" - depends_on = [azurerm_subnet.airlock_notification] -} + subnet { + name = "AirlockStorageSubnet" + address_prefixes = [local.airlock_storage_subnet_address_prefix] + private_endpoint_network_policies = "Disabled" + security_group = azurerm_network_security_group.default_rules.id + } -resource "azurerm_subnet" "airlock_events" { - name = "AirlockEventsSubnet" - virtual_network_name = azurerm_virtual_network.core.name - resource_group_name = var.resource_group_name - address_prefixes = [local.airlock_events_subnet_address_prefix] - # notice that private endpoints do not adhere to NSG rules - private_endpoint_network_policies = "Disabled" - depends_on = [azurerm_subnet.airlock_storage] - - # Eventgrid CAN'T send messages over private endpoints, hence we need to allow service endpoints to the service bus - # We are using service endpoints + managed identity to send these messaages - # https://docs.microsoft.com/en-us/azure/event-grid/consume-private-endpoints - service_endpoints = ["Microsoft.ServiceBus"] -} + subnet { + name = "AirlockEventsSubnet" + address_prefixes = [local.airlock_events_subnet_address_prefix] + private_endpoint_network_policies = "Disabled" + security_group = azurerm_network_security_group.default_rules.id + + service_endpoints = ["Microsoft.ServiceBus"] + } -resource "azurerm_subnet" "firewall_management" { - name = "AzureFirewallManagementSubnet" - virtual_network_name = azurerm_virtual_network.core.name - resource_group_name = var.resource_group_name - address_prefixes = [local.firewall_management_subnet_address_prefix] - depends_on = [azurerm_subnet.airlock_events] + subnet { + name = "AzureFirewallManagementSubnet" + address_prefixes = [local.firewall_management_subnet_address_prefix] + } } resource "azurerm_ip_group" "resource_processor" { @@ -187,3 +153,7 @@ module "terraform_azurerm_environment_configuration" { source = "git::https://github.com/microsoft/terraform-azurerm-environment-configuration.git?ref=0.2.0" arm_environment = var.arm_environment } + +locals { + subnet_ids_map = { for s in azurerm_virtual_network.core.subnet : s.name => s.id } +} diff --git a/core/terraform/network/network_security_groups.tf b/core/terraform/network/network_security_groups.tf index 50accf846b..34371dc145 100644 --- a/core/terraform/network/network_security_groups.tf +++ b/core/terraform/network/network_security_groups.tf @@ -105,13 +105,6 @@ resource "azurerm_network_security_group" "bastion" { lifecycle { ignore_changes = [tags] } } -resource "azurerm_subnet_network_security_group_association" "bastion" { - subnet_id = azurerm_subnet.bastion.id - network_security_group_id = azurerm_network_security_group.bastion.id - # depend on the last subnet we created in the vnet - depends_on = [azurerm_subnet.firewall_management] -} - # Network security group for Application Gateway # See https://docs.microsoft.com/azure/application-gateway/configuration-infrastructure#network-security-groups resource "azurerm_network_security_group" "app_gw" { @@ -147,12 +140,6 @@ resource "azurerm_network_security_group" "app_gw" { lifecycle { ignore_changes = [tags] } } -resource "azurerm_subnet_network_security_group_association" "app_gw" { - subnet_id = azurerm_subnet.app_gw.id - network_security_group_id = azurerm_network_security_group.app_gw.id - depends_on = [azurerm_subnet_network_security_group_association.bastion] -} - # Network security group with only default security rules # See https://docs.microsoft.com/azure/virtual-network/network-security-groups-overview#default-security-rules resource "azurerm_network_security_group" "default_rules" { @@ -163,45 +150,3 @@ resource "azurerm_network_security_group" "default_rules" { lifecycle { ignore_changes = [tags] } } - -resource "azurerm_subnet_network_security_group_association" "shared" { - subnet_id = azurerm_subnet.shared.id - network_security_group_id = azurerm_network_security_group.default_rules.id - depends_on = [azurerm_subnet_network_security_group_association.app_gw] -} - -resource "azurerm_subnet_network_security_group_association" "web_app" { - subnet_id = azurerm_subnet.web_app.id - network_security_group_id = azurerm_network_security_group.default_rules.id - depends_on = [azurerm_subnet_network_security_group_association.shared] -} - -resource "azurerm_subnet_network_security_group_association" "resource_processor" { - subnet_id = azurerm_subnet.resource_processor.id - network_security_group_id = azurerm_network_security_group.default_rules.id - depends_on = [azurerm_subnet_network_security_group_association.web_app] -} - -resource "azurerm_subnet_network_security_group_association" "airlock_processor" { - subnet_id = azurerm_subnet.airlock_processor.id - network_security_group_id = azurerm_network_security_group.default_rules.id - depends_on = [azurerm_subnet_network_security_group_association.resource_processor] -} - -resource "azurerm_subnet_network_security_group_association" "airlock_storage" { - subnet_id = azurerm_subnet.airlock_storage.id - network_security_group_id = azurerm_network_security_group.default_rules.id - depends_on = [azurerm_subnet_network_security_group_association.airlock_processor] -} - -resource "azurerm_subnet_network_security_group_association" "airlock_events" { - subnet_id = azurerm_subnet.airlock_events.id - network_security_group_id = azurerm_network_security_group.default_rules.id - depends_on = [azurerm_subnet_network_security_group_association.airlock_storage] -} - -resource "azurerm_subnet_network_security_group_association" "airlock_notification" { - subnet_id = azurerm_subnet.airlock_notification.id - network_security_group_id = azurerm_network_security_group.default_rules.id - depends_on = [azurerm_subnet_network_security_group_association.airlock_events] -} diff --git a/core/terraform/network/outputs.tf b/core/terraform/network/outputs.tf index 3e0aab407d..e2a7fba134 100644 --- a/core/terraform/network/outputs.tf +++ b/core/terraform/network/outputs.tf @@ -3,43 +3,43 @@ output "core_vnet_id" { } output "bastion_subnet_id" { - value = azurerm_subnet.bastion.id + value = local.subnet_ids_map["AzureBastionSubnet"] } output "azure_firewall_subnet_id" { - value = azurerm_subnet.azure_firewall.id + value = local.subnet_ids_map["AzureFirewallSubnet"] } output "app_gw_subnet_id" { - value = azurerm_subnet.app_gw.id + value = local.subnet_ids_map["AppGwSubnet"] } output "web_app_subnet_id" { - value = azurerm_subnet.web_app.id + value = local.subnet_ids_map["WebAppSubnet"] } output "shared_subnet_id" { - value = azurerm_subnet.shared.id + value = local.subnet_ids_map["SharedSubnet"] } output "airlock_processor_subnet_id" { - value = azurerm_subnet.airlock_processor.id + value = local.subnet_ids_map["AirlockProcessorSubnet"] } output "airlock_storage_subnet_id" { - value = azurerm_subnet.airlock_storage.id + value = local.subnet_ids_map["AirlockStorageSubnet"] } output "airlock_events_subnet_id" { - value = azurerm_subnet.airlock_events.id + value = local.subnet_ids_map["AirlockEventsSubnet"] } output "resource_processor_subnet_id" { - value = azurerm_subnet.resource_processor.id + value = local.subnet_ids_map["ResourceProcessorSubnet"] } output "airlock_notification_subnet_id" { - value = azurerm_subnet.airlock_notification.id + value = local.subnet_ids_map["AirlockNotifiactionSubnet"] } # DNS Zones diff --git a/core/terraform/statestore.tf b/core/terraform/statestore.tf index 66748fda58..32412cd057 100644 --- a/core/terraform/statestore.tf +++ b/core/terraform/statestore.tf @@ -5,7 +5,7 @@ resource "azurerm_cosmosdb_account" "tre_db_account" { offer_type = "Standard" kind = "GlobalDocumentDB" automatic_failover_enabled = false - ip_range_filter = "${local.azure_portal_cosmos_ips}${var.enable_local_debugging ? ",${local.myip}" : ""}" + ip_range_filter = toset(var.enable_local_debugging ? concat(split(",", local.azure_portal_cosmos_ips), [local.myip]) : split(",", local.azure_portal_cosmos_ips)) local_authentication_disabled = true tags = local.tre_core_tags From 983353b003a9a032967ea3fea2db4e9efd43029c Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Mon, 6 Jan 2025 17:07:00 +0000 Subject: [PATCH 02/23] Add .terraform.lock.hcl for Azure RM provider version 4.14.0 --- core/terraform/network/.terraform.lock.hcl | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 core/terraform/network/.terraform.lock.hcl diff --git a/core/terraform/network/.terraform.lock.hcl b/core/terraform/network/.terraform.lock.hcl new file mode 100644 index 0000000000..ec690305f6 --- /dev/null +++ b/core/terraform/network/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "4.14.0" + constraints = "4.14.0" + hashes = [ + "h1:FYZ9qh8i3X2gDmUTe1jJ/VzdSyjGjVmhBzv2R8D6CBo=", + "zh:05aaea16fc5f27b14d9fbad81654edf0638949ed3585576b2219c76a2bee095a", + "zh:065ce6ed16ba3fa7efcf77888ea582aead54e6a28f184c6701b73d71edd64bb0", + "zh:3c0cd17c249d18aa2e0120acb5f0c14810725158b379a67fec1331110e7c50df", + "zh:5a3ba3ffb2f1ce519fe3bf84a7296aa5862c437c70c62f0b0a5293bea9f2d01c", + "zh:7a8e9d72fa2714f4d567270b1761d4b4e788de7c15dada7db0cf0e29933185a2", + "zh:a11e190073f31c1238c15af29b9162e0f4564f6b0cd0310a3fa94102738450dc", + "zh:a5c004114410cc6dcb8fed584c9f3b84283b58025b0073a7e88d2bdb27840dfa", + "zh:a674a41db118e244eda7591e455d2ec338626664e0856e4125e909eb038f78db", + "zh:b5139010e4cbb2cb1a27c775610593c1c8063d3a7c82b00a65006509c434df2f", + "zh:cbb031223ccd8b099ac4d19b92641142f330b90f2fc6452843e445bae28f832c", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f7e7db1b94082a4ac3d4af3dabe7bbd335e1679305bf8e29d011f0ee440724ca", + ] +} From d1a4ab2dbccc31cea4b4f5be7496f53e3585c246 Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Mon, 6 Jan 2025 17:12:24 +0000 Subject: [PATCH 03/23] Update Terraform provider versions and constraints in .terraform.lock.hcl --- core/terraform/network/.terraform.lock.hcl | 100 ++++++++++++++++++++- 1 file changed, 99 insertions(+), 1 deletion(-) diff --git a/core/terraform/network/.terraform.lock.hcl b/core/terraform/network/.terraform.lock.hcl index ec690305f6..41d8da1a19 100644 --- a/core/terraform/network/.terraform.lock.hcl +++ b/core/terraform/network/.terraform.lock.hcl @@ -1,9 +1,29 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. +provider "registry.terraform.io/azure/azapi" { + version = "1.15.0" + constraints = ">= 1.15.0, ~> 1.15.0" + hashes = [ + "h1:Y7ruMuPh8UJRTRl4rm+cdpGtmURx2taqiuqfYaH3o48=", + "zh:0627a8bc77254debc25dc0c7b62e055138217c97b03221e593c3c56dc7550671", + "zh:2fe045f07070ef75d0bec4b0595a74c14394daa838ddb964e2fd23cc98c40c34", + "zh:343009f39c957883b2c06145a5954e524c70f93585f943f1ea3d28ef6995d0d0", + "zh:53fe9ab54485aaebc9b91e27a10bce2729a1c95b1399079e631dc6bb9e3f27dc", + "zh:63c407e7dc04d178d4798c17ad489d9cc92f7d1941d7f4a3f560b95908b6107b", + "zh:7d6fc2b432b264f036bb80ab2b2ba67f80a5d98da8a8c322aa097833dad598c9", + "zh:7ec49c0a8799d469eb6e2a1f856693f9862f1b73f5ed70adc1b346e5a4c6458d", + "zh:889704f10319d301d677539d788fc82a7c73608ab78cb93e1280ac2be39e6e00", + "zh:90b4b07405b7cde9ebae3b034cb5bb5dd18484d1b95bd250f905451f1e86ac3f", + "zh:92aa9c241a8cb2a6d81ad47bc007c119f8b818464a960ebaf39008766c361e6b", + "zh:f28fbd0a2c59e239b53067bc1adc691be444876bcb2d4f78d310f549724da6e0", + "zh:ffb15e0ddfa505d0e9b75341570199076ae574887124f398162b1ead9376b25f", + ] +} + provider "registry.terraform.io/hashicorp/azurerm" { version = "4.14.0" - constraints = "4.14.0" + constraints = ">= 3.117.0, 4.14.0" hashes = [ "h1:FYZ9qh8i3X2gDmUTe1jJ/VzdSyjGjVmhBzv2R8D6CBo=", "zh:05aaea16fc5f27b14d9fbad81654edf0638949ed3585576b2219c76a2bee095a", @@ -20,3 +40,81 @@ provider "registry.terraform.io/hashicorp/azurerm" { "zh:f7e7db1b94082a4ac3d4af3dabe7bbd335e1679305bf8e29d011f0ee440724ca", ] } + +provider "registry.terraform.io/hashicorp/http" { + version = "3.4.5" + constraints = "~> 3.4" + hashes = [ + "h1:ceAVZEuaQd7jQX13qf5w7hy3ioiXpuwUaaDRsnAiMLM=", + "zh:2072006c177efc101471f3d5eb8e1d8e6c68778cbfd6db3d3f22f59cfe6ce6ae", + "zh:3ac4cc0efe11ee054300769cfcc37491433937a8824621d1f8f7a18e7401da87", + "zh:63997e5457c9ddf9cfff17bd7bf9f083cbeff3105452045662109dd6be499ef9", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:826819bb8ab7d6e3095f597083d5b1ab93d1854312b9e1b6c18288fff9664f34", + "zh:8ad74e7d8ec2e226a73d49c7c317108f61a4cb803972fb3f945d1709d5115fcd", + "zh:a609ca9e0c91d250ac80295e39d5f524e8c0872d33ba8fde3c3e41893b4b015d", + "zh:ae07d19babc452f63f6a6511b944990e819dc20687b6c8f01d1676812f5ada53", + "zh:b7c827dc32a1a5d77185a78cd391b01217894b384f58169f98a96d683730d8ce", + "zh:d045e3db9f5e39ce78860d3fd94e04604fcbe246f6fe346ee50a971f936e9ccd", + "zh:ec28f9b52c74edd47eebbb5c254a6df5706360cde5ccd65097976efca23a2977", + "zh:f24982eaa7d34fd66554c3cf94873713a0dff14da9ea4c4be0cc76f1a6146d59", + ] +} + +provider "registry.terraform.io/hashicorp/local" { + version = "2.5.2" + constraints = ">= 2.2.0, ~> 2.5" + hashes = [ + "h1:JlMZD6nYqJ8sSrFfEAH0Vk/SL8WLZRmFaMUF9PJK5wM=", + "zh:136299545178ce281c56f36965bf91c35407c11897f7082b3b983d86cb79b511", + "zh:3b4486858aa9cb8163378722b642c57c529b6c64bfbfc9461d940a84cd66ebea", + "zh:4855ee628ead847741aa4f4fc9bed50cfdbf197f2912775dd9fe7bc43fa077c0", + "zh:4b8cd2583d1edcac4011caafe8afb7a95e8110a607a1d5fb87d921178074a69b", + "zh:52084ddaff8c8cd3f9e7bcb7ce4dc1eab00602912c96da43c29b4762dc376038", + "zh:71562d330d3f92d79b2952ffdda0dad167e952e46200c767dd30c6af8d7c0ed3", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:805f81ade06ff68fa8b908d31892eaed5c180ae031c77ad35f82cb7a74b97cf4", + "zh:8b6b3ebeaaa8e38dd04e56996abe80db9be6f4c1df75ac3cccc77642899bd464", + "zh:ad07750576b99248037b897de71113cc19b1a8d0bc235eb99173cc83d0de3b1b", + "zh:b9f1c3bfadb74068f5c205292badb0661e17ac05eb23bfe8bd809691e4583d0e", + "zh:cc4cbcd67414fefb111c1bf7ab0bc4beb8c0b553d01719ad17de9a047adff4d1", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.6.3" + constraints = ">= 3.0.0, ~> 3.6" + hashes = [ + "h1:Fnaec9vA8sZ8BXVlN3Xn9Jz3zghSETIKg7ch8oXhxno=", + "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451", + "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8", + "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe", + "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1", + "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36", + "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30", + "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615", + "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad", + "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556", + "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0", + ] +} + +provider "registry.terraform.io/hashicorp/template" { + version = "2.2.0" + constraints = ">= 2.2.0" + hashes = [ + "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=", + "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386", + "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53", + "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603", + "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16", + "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776", + "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451", + "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae", + "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde", + "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d", + "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2", + ] +} From e8320b00b572b661b37d389975757b2913afe6c8 Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Tue, 7 Jan 2025 07:19:16 +0000 Subject: [PATCH 04/23] hcl --- core/terraform/.terraform.lock.hcl | 29 +++-- core/terraform/network/.terraform.lock.hcl | 120 --------------------- 2 files changed, 14 insertions(+), 135 deletions(-) delete mode 100644 core/terraform/network/.terraform.lock.hcl diff --git a/core/terraform/.terraform.lock.hcl b/core/terraform/.terraform.lock.hcl index 1c20359910..41d8da1a19 100644 --- a/core/terraform/.terraform.lock.hcl +++ b/core/terraform/.terraform.lock.hcl @@ -6,7 +6,6 @@ provider "registry.terraform.io/azure/azapi" { constraints = ">= 1.15.0, ~> 1.15.0" hashes = [ "h1:Y7ruMuPh8UJRTRl4rm+cdpGtmURx2taqiuqfYaH3o48=", - "h1:gIOgxVmFSxHrR+XOzgUEA+ybOmp8kxZlZH3eYeB/eFI=", "zh:0627a8bc77254debc25dc0c7b62e055138217c97b03221e593c3c56dc7550671", "zh:2fe045f07070ef75d0bec4b0595a74c14394daa838ddb964e2fd23cc98c40c34", "zh:343009f39c957883b2c06145a5954e524c70f93585f943f1ea3d28ef6995d0d0", @@ -23,22 +22,22 @@ provider "registry.terraform.io/azure/azapi" { } provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.117.0" - constraints = ">= 3.117.0, 3.117.0" + version = "4.14.0" + constraints = ">= 3.117.0, 4.14.0" hashes = [ - "h1:Ynfg+Iy7x6K8M6W1AhqXCe3wkoiqIQhROlca7C3KC3w=", - "zh:2e25f47492366821a786762369f0e0921cc9452d64bfd5075f6fdfcf1a9c6d70", - "zh:41eb34f2f7469bf3eb1019dfb0e7fc28256f809824016f4f8b9d691bf473b2ac", - "zh:48bb9c87b3d928da1abc1d3db75453c9725de4674c612daf3800160cc7145d30", - "zh:5d6b0de0bbd78943fcc65c53944ef4496329e247f434c6eab86ed051c5cea67b", - "zh:78c9f6fdb1206a89cf0e6706b4f46178169a93b6c964a4cad8a321058ccbd9b4", - "zh:793b702c352589d4360b580d4a1cf654a7439d2ad6bdb7bfea91de07bc4b0fac", - "zh:7ed687ff0a5509463a592f97431863574fe5cc80a34e395be06766215b8c6285", - "zh:955ba18789bd15592824eb426a8d0f38595bd09fffc6939c1c58933489c1a71e", - "zh:bf5949a55be0714cd9c8815d472eae4baa48ba06d0f6bf2b96775869acda8a54", - "zh:da5d31f635abd2c645ffc76d6176d73f646128e73720cc368247cc424975c127", - "zh:eed5a66d59883c9c56729b0a964a2b60d758ea7489ef3e920a6fbd48518ce5f5", + "h1:FYZ9qh8i3X2gDmUTe1jJ/VzdSyjGjVmhBzv2R8D6CBo=", + "zh:05aaea16fc5f27b14d9fbad81654edf0638949ed3585576b2219c76a2bee095a", + "zh:065ce6ed16ba3fa7efcf77888ea582aead54e6a28f184c6701b73d71edd64bb0", + "zh:3c0cd17c249d18aa2e0120acb5f0c14810725158b379a67fec1331110e7c50df", + "zh:5a3ba3ffb2f1ce519fe3bf84a7296aa5862c437c70c62f0b0a5293bea9f2d01c", + "zh:7a8e9d72fa2714f4d567270b1761d4b4e788de7c15dada7db0cf0e29933185a2", + "zh:a11e190073f31c1238c15af29b9162e0f4564f6b0cd0310a3fa94102738450dc", + "zh:a5c004114410cc6dcb8fed584c9f3b84283b58025b0073a7e88d2bdb27840dfa", + "zh:a674a41db118e244eda7591e455d2ec338626664e0856e4125e909eb038f78db", + "zh:b5139010e4cbb2cb1a27c775610593c1c8063d3a7c82b00a65006509c434df2f", + "zh:cbb031223ccd8b099ac4d19b92641142f330b90f2fc6452843e445bae28f832c", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f7e7db1b94082a4ac3d4af3dabe7bbd335e1679305bf8e29d011f0ee440724ca", ] } diff --git a/core/terraform/network/.terraform.lock.hcl b/core/terraform/network/.terraform.lock.hcl deleted file mode 100644 index 41d8da1a19..0000000000 --- a/core/terraform/network/.terraform.lock.hcl +++ /dev/null @@ -1,120 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/azure/azapi" { - version = "1.15.0" - constraints = ">= 1.15.0, ~> 1.15.0" - hashes = [ - "h1:Y7ruMuPh8UJRTRl4rm+cdpGtmURx2taqiuqfYaH3o48=", - "zh:0627a8bc77254debc25dc0c7b62e055138217c97b03221e593c3c56dc7550671", - "zh:2fe045f07070ef75d0bec4b0595a74c14394daa838ddb964e2fd23cc98c40c34", - "zh:343009f39c957883b2c06145a5954e524c70f93585f943f1ea3d28ef6995d0d0", - "zh:53fe9ab54485aaebc9b91e27a10bce2729a1c95b1399079e631dc6bb9e3f27dc", - "zh:63c407e7dc04d178d4798c17ad489d9cc92f7d1941d7f4a3f560b95908b6107b", - "zh:7d6fc2b432b264f036bb80ab2b2ba67f80a5d98da8a8c322aa097833dad598c9", - "zh:7ec49c0a8799d469eb6e2a1f856693f9862f1b73f5ed70adc1b346e5a4c6458d", - "zh:889704f10319d301d677539d788fc82a7c73608ab78cb93e1280ac2be39e6e00", - "zh:90b4b07405b7cde9ebae3b034cb5bb5dd18484d1b95bd250f905451f1e86ac3f", - "zh:92aa9c241a8cb2a6d81ad47bc007c119f8b818464a960ebaf39008766c361e6b", - "zh:f28fbd0a2c59e239b53067bc1adc691be444876bcb2d4f78d310f549724da6e0", - "zh:ffb15e0ddfa505d0e9b75341570199076ae574887124f398162b1ead9376b25f", - ] -} - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "4.14.0" - constraints = ">= 3.117.0, 4.14.0" - hashes = [ - "h1:FYZ9qh8i3X2gDmUTe1jJ/VzdSyjGjVmhBzv2R8D6CBo=", - "zh:05aaea16fc5f27b14d9fbad81654edf0638949ed3585576b2219c76a2bee095a", - "zh:065ce6ed16ba3fa7efcf77888ea582aead54e6a28f184c6701b73d71edd64bb0", - "zh:3c0cd17c249d18aa2e0120acb5f0c14810725158b379a67fec1331110e7c50df", - "zh:5a3ba3ffb2f1ce519fe3bf84a7296aa5862c437c70c62f0b0a5293bea9f2d01c", - "zh:7a8e9d72fa2714f4d567270b1761d4b4e788de7c15dada7db0cf0e29933185a2", - "zh:a11e190073f31c1238c15af29b9162e0f4564f6b0cd0310a3fa94102738450dc", - "zh:a5c004114410cc6dcb8fed584c9f3b84283b58025b0073a7e88d2bdb27840dfa", - "zh:a674a41db118e244eda7591e455d2ec338626664e0856e4125e909eb038f78db", - "zh:b5139010e4cbb2cb1a27c775610593c1c8063d3a7c82b00a65006509c434df2f", - "zh:cbb031223ccd8b099ac4d19b92641142f330b90f2fc6452843e445bae28f832c", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f7e7db1b94082a4ac3d4af3dabe7bbd335e1679305bf8e29d011f0ee440724ca", - ] -} - -provider "registry.terraform.io/hashicorp/http" { - version = "3.4.5" - constraints = "~> 3.4" - hashes = [ - "h1:ceAVZEuaQd7jQX13qf5w7hy3ioiXpuwUaaDRsnAiMLM=", - "zh:2072006c177efc101471f3d5eb8e1d8e6c68778cbfd6db3d3f22f59cfe6ce6ae", - "zh:3ac4cc0efe11ee054300769cfcc37491433937a8824621d1f8f7a18e7401da87", - "zh:63997e5457c9ddf9cfff17bd7bf9f083cbeff3105452045662109dd6be499ef9", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:826819bb8ab7d6e3095f597083d5b1ab93d1854312b9e1b6c18288fff9664f34", - "zh:8ad74e7d8ec2e226a73d49c7c317108f61a4cb803972fb3f945d1709d5115fcd", - "zh:a609ca9e0c91d250ac80295e39d5f524e8c0872d33ba8fde3c3e41893b4b015d", - "zh:ae07d19babc452f63f6a6511b944990e819dc20687b6c8f01d1676812f5ada53", - "zh:b7c827dc32a1a5d77185a78cd391b01217894b384f58169f98a96d683730d8ce", - "zh:d045e3db9f5e39ce78860d3fd94e04604fcbe246f6fe346ee50a971f936e9ccd", - "zh:ec28f9b52c74edd47eebbb5c254a6df5706360cde5ccd65097976efca23a2977", - "zh:f24982eaa7d34fd66554c3cf94873713a0dff14da9ea4c4be0cc76f1a6146d59", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.5.2" - constraints = ">= 2.2.0, ~> 2.5" - hashes = [ - "h1:JlMZD6nYqJ8sSrFfEAH0Vk/SL8WLZRmFaMUF9PJK5wM=", - "zh:136299545178ce281c56f36965bf91c35407c11897f7082b3b983d86cb79b511", - "zh:3b4486858aa9cb8163378722b642c57c529b6c64bfbfc9461d940a84cd66ebea", - "zh:4855ee628ead847741aa4f4fc9bed50cfdbf197f2912775dd9fe7bc43fa077c0", - "zh:4b8cd2583d1edcac4011caafe8afb7a95e8110a607a1d5fb87d921178074a69b", - "zh:52084ddaff8c8cd3f9e7bcb7ce4dc1eab00602912c96da43c29b4762dc376038", - "zh:71562d330d3f92d79b2952ffdda0dad167e952e46200c767dd30c6af8d7c0ed3", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:805f81ade06ff68fa8b908d31892eaed5c180ae031c77ad35f82cb7a74b97cf4", - "zh:8b6b3ebeaaa8e38dd04e56996abe80db9be6f4c1df75ac3cccc77642899bd464", - "zh:ad07750576b99248037b897de71113cc19b1a8d0bc235eb99173cc83d0de3b1b", - "zh:b9f1c3bfadb74068f5c205292badb0661e17ac05eb23bfe8bd809691e4583d0e", - "zh:cc4cbcd67414fefb111c1bf7ab0bc4beb8c0b553d01719ad17de9a047adff4d1", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.6.3" - constraints = ">= 3.0.0, ~> 3.6" - hashes = [ - "h1:Fnaec9vA8sZ8BXVlN3Xn9Jz3zghSETIKg7ch8oXhxno=", - "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451", - "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8", - "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe", - "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1", - "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36", - "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30", - "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615", - "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad", - "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556", - "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0", - ] -} - -provider "registry.terraform.io/hashicorp/template" { - version = "2.2.0" - constraints = ">= 2.2.0" - hashes = [ - "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=", - "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386", - "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53", - "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603", - "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16", - "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776", - "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451", - "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae", - "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde", - "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d", - "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2", - ] -} From 9b2d576f992b92a14a9bdbb8b3c81a935ea6edef Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Tue, 7 Jan 2025 07:28:17 +0000 Subject: [PATCH 05/23] lock file --- core/terraform/network/.terraform.lock.hcl | 22 +++++++++++++++++++ .../terraform/network/.terraform.lock.hcl | 22 +++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 core/terraform/network/.terraform.lock.hcl create mode 100644 templates/workspaces/base/terraform/network/.terraform.lock.hcl diff --git a/core/terraform/network/.terraform.lock.hcl b/core/terraform/network/.terraform.lock.hcl new file mode 100644 index 0000000000..ec690305f6 --- /dev/null +++ b/core/terraform/network/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "4.14.0" + constraints = "4.14.0" + hashes = [ + "h1:FYZ9qh8i3X2gDmUTe1jJ/VzdSyjGjVmhBzv2R8D6CBo=", + "zh:05aaea16fc5f27b14d9fbad81654edf0638949ed3585576b2219c76a2bee095a", + "zh:065ce6ed16ba3fa7efcf77888ea582aead54e6a28f184c6701b73d71edd64bb0", + "zh:3c0cd17c249d18aa2e0120acb5f0c14810725158b379a67fec1331110e7c50df", + "zh:5a3ba3ffb2f1ce519fe3bf84a7296aa5862c437c70c62f0b0a5293bea9f2d01c", + "zh:7a8e9d72fa2714f4d567270b1761d4b4e788de7c15dada7db0cf0e29933185a2", + "zh:a11e190073f31c1238c15af29b9162e0f4564f6b0cd0310a3fa94102738450dc", + "zh:a5c004114410cc6dcb8fed584c9f3b84283b58025b0073a7e88d2bdb27840dfa", + "zh:a674a41db118e244eda7591e455d2ec338626664e0856e4125e909eb038f78db", + "zh:b5139010e4cbb2cb1a27c775610593c1c8063d3a7c82b00a65006509c434df2f", + "zh:cbb031223ccd8b099ac4d19b92641142f330b90f2fc6452843e445bae28f832c", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f7e7db1b94082a4ac3d4af3dabe7bbd335e1679305bf8e29d011f0ee440724ca", + ] +} diff --git a/templates/workspaces/base/terraform/network/.terraform.lock.hcl b/templates/workspaces/base/terraform/network/.terraform.lock.hcl new file mode 100644 index 0000000000..33ef70eec9 --- /dev/null +++ b/templates/workspaces/base/terraform/network/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "4.14.0" + constraints = ">= 3.117.0" + hashes = [ + "h1:FYZ9qh8i3X2gDmUTe1jJ/VzdSyjGjVmhBzv2R8D6CBo=", + "zh:05aaea16fc5f27b14d9fbad81654edf0638949ed3585576b2219c76a2bee095a", + "zh:065ce6ed16ba3fa7efcf77888ea582aead54e6a28f184c6701b73d71edd64bb0", + "zh:3c0cd17c249d18aa2e0120acb5f0c14810725158b379a67fec1331110e7c50df", + "zh:5a3ba3ffb2f1ce519fe3bf84a7296aa5862c437c70c62f0b0a5293bea9f2d01c", + "zh:7a8e9d72fa2714f4d567270b1761d4b4e788de7c15dada7db0cf0e29933185a2", + "zh:a11e190073f31c1238c15af29b9162e0f4564f6b0cd0310a3fa94102738450dc", + "zh:a5c004114410cc6dcb8fed584c9f3b84283b58025b0073a7e88d2bdb27840dfa", + "zh:a674a41db118e244eda7591e455d2ec338626664e0856e4125e909eb038f78db", + "zh:b5139010e4cbb2cb1a27c775610593c1c8063d3a7c82b00a65006509c434df2f", + "zh:cbb031223ccd8b099ac4d19b92641142f330b90f2fc6452843e445bae28f832c", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f7e7db1b94082a4ac3d4af3dabe7bbd335e1679305bf8e29d011f0ee440724ca", + ] +} From d7f216a9e3ac34a09ef8ae7a991e53db0bacc1d6 Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Tue, 7 Jan 2025 08:36:10 +0000 Subject: [PATCH 06/23] remove locks files --- core/terraform/.terraform.lock.hcl | 120 ------------------ .../base/terraform/.terraform.lock.hcl | 83 ------------ 2 files changed, 203 deletions(-) delete mode 100644 core/terraform/.terraform.lock.hcl delete mode 100644 templates/workspaces/base/terraform/.terraform.lock.hcl diff --git a/core/terraform/.terraform.lock.hcl b/core/terraform/.terraform.lock.hcl deleted file mode 100644 index 41d8da1a19..0000000000 --- a/core/terraform/.terraform.lock.hcl +++ /dev/null @@ -1,120 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/azure/azapi" { - version = "1.15.0" - constraints = ">= 1.15.0, ~> 1.15.0" - hashes = [ - "h1:Y7ruMuPh8UJRTRl4rm+cdpGtmURx2taqiuqfYaH3o48=", - "zh:0627a8bc77254debc25dc0c7b62e055138217c97b03221e593c3c56dc7550671", - "zh:2fe045f07070ef75d0bec4b0595a74c14394daa838ddb964e2fd23cc98c40c34", - "zh:343009f39c957883b2c06145a5954e524c70f93585f943f1ea3d28ef6995d0d0", - "zh:53fe9ab54485aaebc9b91e27a10bce2729a1c95b1399079e631dc6bb9e3f27dc", - "zh:63c407e7dc04d178d4798c17ad489d9cc92f7d1941d7f4a3f560b95908b6107b", - "zh:7d6fc2b432b264f036bb80ab2b2ba67f80a5d98da8a8c322aa097833dad598c9", - "zh:7ec49c0a8799d469eb6e2a1f856693f9862f1b73f5ed70adc1b346e5a4c6458d", - "zh:889704f10319d301d677539d788fc82a7c73608ab78cb93e1280ac2be39e6e00", - "zh:90b4b07405b7cde9ebae3b034cb5bb5dd18484d1b95bd250f905451f1e86ac3f", - "zh:92aa9c241a8cb2a6d81ad47bc007c119f8b818464a960ebaf39008766c361e6b", - "zh:f28fbd0a2c59e239b53067bc1adc691be444876bcb2d4f78d310f549724da6e0", - "zh:ffb15e0ddfa505d0e9b75341570199076ae574887124f398162b1ead9376b25f", - ] -} - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "4.14.0" - constraints = ">= 3.117.0, 4.14.0" - hashes = [ - "h1:FYZ9qh8i3X2gDmUTe1jJ/VzdSyjGjVmhBzv2R8D6CBo=", - "zh:05aaea16fc5f27b14d9fbad81654edf0638949ed3585576b2219c76a2bee095a", - "zh:065ce6ed16ba3fa7efcf77888ea582aead54e6a28f184c6701b73d71edd64bb0", - "zh:3c0cd17c249d18aa2e0120acb5f0c14810725158b379a67fec1331110e7c50df", - "zh:5a3ba3ffb2f1ce519fe3bf84a7296aa5862c437c70c62f0b0a5293bea9f2d01c", - "zh:7a8e9d72fa2714f4d567270b1761d4b4e788de7c15dada7db0cf0e29933185a2", - "zh:a11e190073f31c1238c15af29b9162e0f4564f6b0cd0310a3fa94102738450dc", - "zh:a5c004114410cc6dcb8fed584c9f3b84283b58025b0073a7e88d2bdb27840dfa", - "zh:a674a41db118e244eda7591e455d2ec338626664e0856e4125e909eb038f78db", - "zh:b5139010e4cbb2cb1a27c775610593c1c8063d3a7c82b00a65006509c434df2f", - "zh:cbb031223ccd8b099ac4d19b92641142f330b90f2fc6452843e445bae28f832c", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f7e7db1b94082a4ac3d4af3dabe7bbd335e1679305bf8e29d011f0ee440724ca", - ] -} - -provider "registry.terraform.io/hashicorp/http" { - version = "3.4.5" - constraints = "~> 3.4" - hashes = [ - "h1:ceAVZEuaQd7jQX13qf5w7hy3ioiXpuwUaaDRsnAiMLM=", - "zh:2072006c177efc101471f3d5eb8e1d8e6c68778cbfd6db3d3f22f59cfe6ce6ae", - "zh:3ac4cc0efe11ee054300769cfcc37491433937a8824621d1f8f7a18e7401da87", - "zh:63997e5457c9ddf9cfff17bd7bf9f083cbeff3105452045662109dd6be499ef9", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:826819bb8ab7d6e3095f597083d5b1ab93d1854312b9e1b6c18288fff9664f34", - "zh:8ad74e7d8ec2e226a73d49c7c317108f61a4cb803972fb3f945d1709d5115fcd", - "zh:a609ca9e0c91d250ac80295e39d5f524e8c0872d33ba8fde3c3e41893b4b015d", - "zh:ae07d19babc452f63f6a6511b944990e819dc20687b6c8f01d1676812f5ada53", - "zh:b7c827dc32a1a5d77185a78cd391b01217894b384f58169f98a96d683730d8ce", - "zh:d045e3db9f5e39ce78860d3fd94e04604fcbe246f6fe346ee50a971f936e9ccd", - "zh:ec28f9b52c74edd47eebbb5c254a6df5706360cde5ccd65097976efca23a2977", - "zh:f24982eaa7d34fd66554c3cf94873713a0dff14da9ea4c4be0cc76f1a6146d59", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.5.2" - constraints = ">= 2.2.0, ~> 2.5" - hashes = [ - "h1:JlMZD6nYqJ8sSrFfEAH0Vk/SL8WLZRmFaMUF9PJK5wM=", - "zh:136299545178ce281c56f36965bf91c35407c11897f7082b3b983d86cb79b511", - "zh:3b4486858aa9cb8163378722b642c57c529b6c64bfbfc9461d940a84cd66ebea", - "zh:4855ee628ead847741aa4f4fc9bed50cfdbf197f2912775dd9fe7bc43fa077c0", - "zh:4b8cd2583d1edcac4011caafe8afb7a95e8110a607a1d5fb87d921178074a69b", - "zh:52084ddaff8c8cd3f9e7bcb7ce4dc1eab00602912c96da43c29b4762dc376038", - "zh:71562d330d3f92d79b2952ffdda0dad167e952e46200c767dd30c6af8d7c0ed3", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:805f81ade06ff68fa8b908d31892eaed5c180ae031c77ad35f82cb7a74b97cf4", - "zh:8b6b3ebeaaa8e38dd04e56996abe80db9be6f4c1df75ac3cccc77642899bd464", - "zh:ad07750576b99248037b897de71113cc19b1a8d0bc235eb99173cc83d0de3b1b", - "zh:b9f1c3bfadb74068f5c205292badb0661e17ac05eb23bfe8bd809691e4583d0e", - "zh:cc4cbcd67414fefb111c1bf7ab0bc4beb8c0b553d01719ad17de9a047adff4d1", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.6.3" - constraints = ">= 3.0.0, ~> 3.6" - hashes = [ - "h1:Fnaec9vA8sZ8BXVlN3Xn9Jz3zghSETIKg7ch8oXhxno=", - "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451", - "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8", - "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe", - "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1", - "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36", - "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30", - "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615", - "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad", - "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556", - "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0", - ] -} - -provider "registry.terraform.io/hashicorp/template" { - version = "2.2.0" - constraints = ">= 2.2.0" - hashes = [ - "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=", - "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386", - "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53", - "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603", - "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16", - "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776", - "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451", - "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae", - "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde", - "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d", - "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2", - ] -} diff --git a/templates/workspaces/base/terraform/.terraform.lock.hcl b/templates/workspaces/base/terraform/.terraform.lock.hcl deleted file mode 100644 index 8a229681d9..0000000000 --- a/templates/workspaces/base/terraform/.terraform.lock.hcl +++ /dev/null @@ -1,83 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/azure/azapi" { - version = "1.15.0" - constraints = ">= 1.15.0, 1.15.0" - hashes = [ - "h1:Y7ruMuPh8UJRTRl4rm+cdpGtmURx2taqiuqfYaH3o48=", - "h1:gIOgxVmFSxHrR+XOzgUEA+ybOmp8kxZlZH3eYeB/eFI=", - "zh:0627a8bc77254debc25dc0c7b62e055138217c97b03221e593c3c56dc7550671", - "zh:2fe045f07070ef75d0bec4b0595a74c14394daa838ddb964e2fd23cc98c40c34", - "zh:343009f39c957883b2c06145a5954e524c70f93585f943f1ea3d28ef6995d0d0", - "zh:53fe9ab54485aaebc9b91e27a10bce2729a1c95b1399079e631dc6bb9e3f27dc", - "zh:63c407e7dc04d178d4798c17ad489d9cc92f7d1941d7f4a3f560b95908b6107b", - "zh:7d6fc2b432b264f036bb80ab2b2ba67f80a5d98da8a8c322aa097833dad598c9", - "zh:7ec49c0a8799d469eb6e2a1f856693f9862f1b73f5ed70adc1b346e5a4c6458d", - "zh:889704f10319d301d677539d788fc82a7c73608ab78cb93e1280ac2be39e6e00", - "zh:90b4b07405b7cde9ebae3b034cb5bb5dd18484d1b95bd250f905451f1e86ac3f", - "zh:92aa9c241a8cb2a6d81ad47bc007c119f8b818464a960ebaf39008766c361e6b", - "zh:f28fbd0a2c59e239b53067bc1adc691be444876bcb2d4f78d310f549724da6e0", - "zh:ffb15e0ddfa505d0e9b75341570199076ae574887124f398162b1ead9376b25f", - ] -} - -provider "registry.terraform.io/hashicorp/azuread" { - version = "2.20.0" - constraints = ">= 2.20.0, 2.20.0" - hashes = [ - "h1:qKo6WfRyml6w4qcnqDoeTmlWCL/kzng4qOB/5/XAW9g=", - "zh:0262b33661825b54edc0c539415ebdc942ecb3e2cf90af75f7ef134a1f901816", - "zh:0b569b6427e0a1f6c38ad19dd50f036bf65d5b64751e8a083fb36df76337faba", - "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:4f3d017077eb9264ad4047ea0eda87ae7bc76da119f98361d10df27654b5b01c", - "zh:5566a523690f75f5fd4577f24a3194c719ebd22c011bf8619b86594a352afc71", - "zh:6101be64bf464d763585d144ee2cafae4aad74eb2f7f5264340addc9a9f227f7", - "zh:632627f20e48ce7e47f3be86a4d5869eb8412bf8083b5770decbb1e3cc335a1c", - "zh:63e7fbf0a34d7be50a4b83853600be6116a7c1600484d2e7ff2f15cc98abcf6f", - "zh:7909a7a074440e50be426f57e616e920745f8c38288537220f37c2d1ec719452", - "zh:e4f20c9887062a9ae1edcd208112d4d90c12afb7577f943220b54b83de8f10b7", - "zh:eb76ecf86977cd310f3311bc8f0015763c0a91594172a6b2d4ddb3d981d9c28e", - "zh:ffe05338f3e98fcbc5ffcf8b19dab8463849558d2ee6284afc91cdf9636c3330", - ] -} - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.117.0" - constraints = ">= 3.117.0, 3.117.0" - hashes = [ - "h1:Ynfg+Iy7x6K8M6W1AhqXCe3wkoiqIQhROlca7C3KC3w=", - "zh:2e25f47492366821a786762369f0e0921cc9452d64bfd5075f6fdfcf1a9c6d70", - "zh:41eb34f2f7469bf3eb1019dfb0e7fc28256f809824016f4f8b9d691bf473b2ac", - "zh:48bb9c87b3d928da1abc1d3db75453c9725de4674c612daf3800160cc7145d30", - "zh:5d6b0de0bbd78943fcc65c53944ef4496329e247f434c6eab86ed051c5cea67b", - "zh:78c9f6fdb1206a89cf0e6706b4f46178169a93b6c964a4cad8a321058ccbd9b4", - "zh:793b702c352589d4360b580d4a1cf654a7439d2ad6bdb7bfea91de07bc4b0fac", - "zh:7ed687ff0a5509463a592f97431863574fe5cc80a34e395be06766215b8c6285", - "zh:955ba18789bd15592824eb426a8d0f38595bd09fffc6939c1c58933489c1a71e", - "zh:bf5949a55be0714cd9c8815d472eae4baa48ba06d0f6bf2b96775869acda8a54", - "zh:da5d31f635abd2c645ffc76d6176d73f646128e73720cc368247cc424975c127", - "zh:eed5a66d59883c9c56729b0a964a2b60d758ea7489ef3e920a6fbd48518ce5f5", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.3.2" - constraints = "~> 3.3.0" - hashes = [ - "h1:H5V+7iXol/EHB2+BUMzGlpIiCOdV74H8YjzCxnSAWcg=", - "zh:038293aebfede983e45ee55c328e3fde82ae2e5719c9bd233c324cfacc437f9c", - "zh:07eaeab03a723d83ac1cc218f3a59fceb7bbf301b38e89a26807d1c93c81cef8", - "zh:427611a4ce9d856b1c73bea986d841a969e4c2799c8ac7c18798d0cc42b78d32", - "zh:49718d2da653c06a70ba81fd055e2b99dfd52dcb86820a6aeea620df22cd3b30", - "zh:5574828d90b19ab762604c6306337e6cd430e65868e13ef6ddb4e25ddb9ad4c0", - "zh:7222e16f7833199dabf1bc5401c56d708ec052b2a5870988bc89ff85b68a5388", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:b1b2d7d934784d2aee98b0f8f07a8ccfc0410de63493ae2bf2222c165becf938", - "zh:b8f85b6a20bd264fcd0814866f415f0a368d1123cd7879c8ebbf905d370babc8", - "zh:c3813133acc02bbebddf046d9942e8ba5c35fc99191e3eb057957dafc2929912", - "zh:e7a41dbc919d1de800689a81c240c27eec6b9395564630764ebb323ea82ac8a9", - "zh:ee6d23208449a8eaa6c4f203e33f5176fa795b4b9ecf32903dffe6e2574732c2", - ] -} From 8ee780f8e399b0be1a48456c9ab1926999b22fbf Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Tue, 7 Jan 2025 10:15:01 +0000 Subject: [PATCH 07/23] lock files --- core/terraform/.terraform.lock.hcl | 120 ++++++++++++++++++ .../terraform/network/.terraform.lock.hcl | 22 ---- 2 files changed, 120 insertions(+), 22 deletions(-) create mode 100644 core/terraform/.terraform.lock.hcl delete mode 100644 templates/workspaces/base/terraform/network/.terraform.lock.hcl diff --git a/core/terraform/.terraform.lock.hcl b/core/terraform/.terraform.lock.hcl new file mode 100644 index 0000000000..41d8da1a19 --- /dev/null +++ b/core/terraform/.terraform.lock.hcl @@ -0,0 +1,120 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/azure/azapi" { + version = "1.15.0" + constraints = ">= 1.15.0, ~> 1.15.0" + hashes = [ + "h1:Y7ruMuPh8UJRTRl4rm+cdpGtmURx2taqiuqfYaH3o48=", + "zh:0627a8bc77254debc25dc0c7b62e055138217c97b03221e593c3c56dc7550671", + "zh:2fe045f07070ef75d0bec4b0595a74c14394daa838ddb964e2fd23cc98c40c34", + "zh:343009f39c957883b2c06145a5954e524c70f93585f943f1ea3d28ef6995d0d0", + "zh:53fe9ab54485aaebc9b91e27a10bce2729a1c95b1399079e631dc6bb9e3f27dc", + "zh:63c407e7dc04d178d4798c17ad489d9cc92f7d1941d7f4a3f560b95908b6107b", + "zh:7d6fc2b432b264f036bb80ab2b2ba67f80a5d98da8a8c322aa097833dad598c9", + "zh:7ec49c0a8799d469eb6e2a1f856693f9862f1b73f5ed70adc1b346e5a4c6458d", + "zh:889704f10319d301d677539d788fc82a7c73608ab78cb93e1280ac2be39e6e00", + "zh:90b4b07405b7cde9ebae3b034cb5bb5dd18484d1b95bd250f905451f1e86ac3f", + "zh:92aa9c241a8cb2a6d81ad47bc007c119f8b818464a960ebaf39008766c361e6b", + "zh:f28fbd0a2c59e239b53067bc1adc691be444876bcb2d4f78d310f549724da6e0", + "zh:ffb15e0ddfa505d0e9b75341570199076ae574887124f398162b1ead9376b25f", + ] +} + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "4.14.0" + constraints = ">= 3.117.0, 4.14.0" + hashes = [ + "h1:FYZ9qh8i3X2gDmUTe1jJ/VzdSyjGjVmhBzv2R8D6CBo=", + "zh:05aaea16fc5f27b14d9fbad81654edf0638949ed3585576b2219c76a2bee095a", + "zh:065ce6ed16ba3fa7efcf77888ea582aead54e6a28f184c6701b73d71edd64bb0", + "zh:3c0cd17c249d18aa2e0120acb5f0c14810725158b379a67fec1331110e7c50df", + "zh:5a3ba3ffb2f1ce519fe3bf84a7296aa5862c437c70c62f0b0a5293bea9f2d01c", + "zh:7a8e9d72fa2714f4d567270b1761d4b4e788de7c15dada7db0cf0e29933185a2", + "zh:a11e190073f31c1238c15af29b9162e0f4564f6b0cd0310a3fa94102738450dc", + "zh:a5c004114410cc6dcb8fed584c9f3b84283b58025b0073a7e88d2bdb27840dfa", + "zh:a674a41db118e244eda7591e455d2ec338626664e0856e4125e909eb038f78db", + "zh:b5139010e4cbb2cb1a27c775610593c1c8063d3a7c82b00a65006509c434df2f", + "zh:cbb031223ccd8b099ac4d19b92641142f330b90f2fc6452843e445bae28f832c", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f7e7db1b94082a4ac3d4af3dabe7bbd335e1679305bf8e29d011f0ee440724ca", + ] +} + +provider "registry.terraform.io/hashicorp/http" { + version = "3.4.5" + constraints = "~> 3.4" + hashes = [ + "h1:ceAVZEuaQd7jQX13qf5w7hy3ioiXpuwUaaDRsnAiMLM=", + "zh:2072006c177efc101471f3d5eb8e1d8e6c68778cbfd6db3d3f22f59cfe6ce6ae", + "zh:3ac4cc0efe11ee054300769cfcc37491433937a8824621d1f8f7a18e7401da87", + "zh:63997e5457c9ddf9cfff17bd7bf9f083cbeff3105452045662109dd6be499ef9", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:826819bb8ab7d6e3095f597083d5b1ab93d1854312b9e1b6c18288fff9664f34", + "zh:8ad74e7d8ec2e226a73d49c7c317108f61a4cb803972fb3f945d1709d5115fcd", + "zh:a609ca9e0c91d250ac80295e39d5f524e8c0872d33ba8fde3c3e41893b4b015d", + "zh:ae07d19babc452f63f6a6511b944990e819dc20687b6c8f01d1676812f5ada53", + "zh:b7c827dc32a1a5d77185a78cd391b01217894b384f58169f98a96d683730d8ce", + "zh:d045e3db9f5e39ce78860d3fd94e04604fcbe246f6fe346ee50a971f936e9ccd", + "zh:ec28f9b52c74edd47eebbb5c254a6df5706360cde5ccd65097976efca23a2977", + "zh:f24982eaa7d34fd66554c3cf94873713a0dff14da9ea4c4be0cc76f1a6146d59", + ] +} + +provider "registry.terraform.io/hashicorp/local" { + version = "2.5.2" + constraints = ">= 2.2.0, ~> 2.5" + hashes = [ + "h1:JlMZD6nYqJ8sSrFfEAH0Vk/SL8WLZRmFaMUF9PJK5wM=", + "zh:136299545178ce281c56f36965bf91c35407c11897f7082b3b983d86cb79b511", + "zh:3b4486858aa9cb8163378722b642c57c529b6c64bfbfc9461d940a84cd66ebea", + "zh:4855ee628ead847741aa4f4fc9bed50cfdbf197f2912775dd9fe7bc43fa077c0", + "zh:4b8cd2583d1edcac4011caafe8afb7a95e8110a607a1d5fb87d921178074a69b", + "zh:52084ddaff8c8cd3f9e7bcb7ce4dc1eab00602912c96da43c29b4762dc376038", + "zh:71562d330d3f92d79b2952ffdda0dad167e952e46200c767dd30c6af8d7c0ed3", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:805f81ade06ff68fa8b908d31892eaed5c180ae031c77ad35f82cb7a74b97cf4", + "zh:8b6b3ebeaaa8e38dd04e56996abe80db9be6f4c1df75ac3cccc77642899bd464", + "zh:ad07750576b99248037b897de71113cc19b1a8d0bc235eb99173cc83d0de3b1b", + "zh:b9f1c3bfadb74068f5c205292badb0661e17ac05eb23bfe8bd809691e4583d0e", + "zh:cc4cbcd67414fefb111c1bf7ab0bc4beb8c0b553d01719ad17de9a047adff4d1", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.6.3" + constraints = ">= 3.0.0, ~> 3.6" + hashes = [ + "h1:Fnaec9vA8sZ8BXVlN3Xn9Jz3zghSETIKg7ch8oXhxno=", + "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451", + "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8", + "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe", + "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1", + "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36", + "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30", + "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615", + "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad", + "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556", + "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0", + ] +} + +provider "registry.terraform.io/hashicorp/template" { + version = "2.2.0" + constraints = ">= 2.2.0" + hashes = [ + "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=", + "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386", + "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53", + "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603", + "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16", + "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776", + "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451", + "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae", + "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde", + "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d", + "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2", + ] +} diff --git a/templates/workspaces/base/terraform/network/.terraform.lock.hcl b/templates/workspaces/base/terraform/network/.terraform.lock.hcl deleted file mode 100644 index 33ef70eec9..0000000000 --- a/templates/workspaces/base/terraform/network/.terraform.lock.hcl +++ /dev/null @@ -1,22 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "4.14.0" - constraints = ">= 3.117.0" - hashes = [ - "h1:FYZ9qh8i3X2gDmUTe1jJ/VzdSyjGjVmhBzv2R8D6CBo=", - "zh:05aaea16fc5f27b14d9fbad81654edf0638949ed3585576b2219c76a2bee095a", - "zh:065ce6ed16ba3fa7efcf77888ea582aead54e6a28f184c6701b73d71edd64bb0", - "zh:3c0cd17c249d18aa2e0120acb5f0c14810725158b379a67fec1331110e7c50df", - "zh:5a3ba3ffb2f1ce519fe3bf84a7296aa5862c437c70c62f0b0a5293bea9f2d01c", - "zh:7a8e9d72fa2714f4d567270b1761d4b4e788de7c15dada7db0cf0e29933185a2", - "zh:a11e190073f31c1238c15af29b9162e0f4564f6b0cd0310a3fa94102738450dc", - "zh:a5c004114410cc6dcb8fed584c9f3b84283b58025b0073a7e88d2bdb27840dfa", - "zh:a674a41db118e244eda7591e455d2ec338626664e0856e4125e909eb038f78db", - "zh:b5139010e4cbb2cb1a27c775610593c1c8063d3a7c82b00a65006509c434df2f", - "zh:cbb031223ccd8b099ac4d19b92641142f330b90f2fc6452843e445bae28f832c", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f7e7db1b94082a4ac3d4af3dabe7bbd335e1679305bf8e29d011f0ee440724ca", - ] -} From 6f24989176b8cc2da07db3510f4381f9057de8f4 Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Mon, 3 Feb 2025 10:39:19 +0000 Subject: [PATCH 08/23] change log update --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 929f97efc4..34c04aaa52 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -54,6 +54,8 @@ BUG FIXES: * Fix VM actions where Workspace shared storage doesn't allow shared key access ([#4222](https://github.com/microsoft/AzureTRE/issues/4222)) * Fix public exposure in Guacamole service ([[#4199](https://github.com/microsoft/AzureTRE/issues/4199)]) * Fix Azure ML network tags to use name rather than ID ([[#4151](https://github.com/microsoft/AzureTRE/issues/4151)]) +* Upgrade AzureRM Terraform provider from `3.117.0` to `4.14.0`. ([[PR_link](https://github.com/microsoft/AzureTRE/pull/4255/)]) +* Subnet definitions are now inline in the `azurerm_virtual_network` resource, and NSG associations are set using `security_group` in each subnet block (no separate `azurerm_subnet_network_security_group_association` needed). ([[PR_link](https://github.com/microsoft/AzureTRE/pull/4255/)]) COMPONENTS: From dc2c8463b7186feed761272900cba4118e0cfbad Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Mon, 3 Feb 2025 10:42:31 +0000 Subject: [PATCH 09/23] version update --- core/version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version.txt b/core/version.txt index 318bf6c824..a43ff2b5d7 100644 --- a/core/version.txt +++ b/core/version.txt @@ -1 +1 @@ -__version__ = "0.11.19" +__version__ = "0.11.20" From 9ec2ab3dcae66975406d979ae04fccceb662dc1f Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Mon, 3 Feb 2025 10:48:48 +0000 Subject: [PATCH 10/23] Add Terraform lock file for Azure providers --- .../base/terraform/.terraform.lock.hcl | 82 +++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 templates/workspaces/base/terraform/.terraform.lock.hcl diff --git a/templates/workspaces/base/terraform/.terraform.lock.hcl b/templates/workspaces/base/terraform/.terraform.lock.hcl new file mode 100644 index 0000000000..021fad23b4 --- /dev/null +++ b/templates/workspaces/base/terraform/.terraform.lock.hcl @@ -0,0 +1,82 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/azure/azapi" { + version = "1.15.0" + constraints = ">= 1.15.0, 1.15.0" + hashes = [ + "h1:Y7ruMuPh8UJRTRl4rm+cdpGtmURx2taqiuqfYaH3o48=", + "zh:0627a8bc77254debc25dc0c7b62e055138217c97b03221e593c3c56dc7550671", + "zh:2fe045f07070ef75d0bec4b0595a74c14394daa838ddb964e2fd23cc98c40c34", + "zh:343009f39c957883b2c06145a5954e524c70f93585f943f1ea3d28ef6995d0d0", + "zh:53fe9ab54485aaebc9b91e27a10bce2729a1c95b1399079e631dc6bb9e3f27dc", + "zh:63c407e7dc04d178d4798c17ad489d9cc92f7d1941d7f4a3f560b95908b6107b", + "zh:7d6fc2b432b264f036bb80ab2b2ba67f80a5d98da8a8c322aa097833dad598c9", + "zh:7ec49c0a8799d469eb6e2a1f856693f9862f1b73f5ed70adc1b346e5a4c6458d", + "zh:889704f10319d301d677539d788fc82a7c73608ab78cb93e1280ac2be39e6e00", + "zh:90b4b07405b7cde9ebae3b034cb5bb5dd18484d1b95bd250f905451f1e86ac3f", + "zh:92aa9c241a8cb2a6d81ad47bc007c119f8b818464a960ebaf39008766c361e6b", + "zh:f28fbd0a2c59e239b53067bc1adc691be444876bcb2d4f78d310f549724da6e0", + "zh:ffb15e0ddfa505d0e9b75341570199076ae574887124f398162b1ead9376b25f", + ] +} + +provider "registry.terraform.io/hashicorp/azuread" { + version = "2.20.0" + constraints = ">= 2.20.0, 2.20.0" + hashes = [ + "h1:qKo6WfRyml6w4qcnqDoeTmlWCL/kzng4qOB/5/XAW9g=", + "zh:0262b33661825b54edc0c539415ebdc942ecb3e2cf90af75f7ef134a1f901816", + "zh:0b569b6427e0a1f6c38ad19dd50f036bf65d5b64751e8a083fb36df76337faba", + "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", + "zh:4f3d017077eb9264ad4047ea0eda87ae7bc76da119f98361d10df27654b5b01c", + "zh:5566a523690f75f5fd4577f24a3194c719ebd22c011bf8619b86594a352afc71", + "zh:6101be64bf464d763585d144ee2cafae4aad74eb2f7f5264340addc9a9f227f7", + "zh:632627f20e48ce7e47f3be86a4d5869eb8412bf8083b5770decbb1e3cc335a1c", + "zh:63e7fbf0a34d7be50a4b83853600be6116a7c1600484d2e7ff2f15cc98abcf6f", + "zh:7909a7a074440e50be426f57e616e920745f8c38288537220f37c2d1ec719452", + "zh:e4f20c9887062a9ae1edcd208112d4d90c12afb7577f943220b54b83de8f10b7", + "zh:eb76ecf86977cd310f3311bc8f0015763c0a91594172a6b2d4ddb3d981d9c28e", + "zh:ffe05338f3e98fcbc5ffcf8b19dab8463849558d2ee6284afc91cdf9636c3330", + ] +} + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.117.0" + constraints = ">= 3.117.0, 3.117.0" + hashes = [ + "h1:Ynfg+Iy7x6K8M6W1AhqXCe3wkoiqIQhROlca7C3KC3w=", + "zh:2e25f47492366821a786762369f0e0921cc9452d64bfd5075f6fdfcf1a9c6d70", + "zh:41eb34f2f7469bf3eb1019dfb0e7fc28256f809824016f4f8b9d691bf473b2ac", + "zh:48bb9c87b3d928da1abc1d3db75453c9725de4674c612daf3800160cc7145d30", + "zh:5d6b0de0bbd78943fcc65c53944ef4496329e247f434c6eab86ed051c5cea67b", + "zh:78c9f6fdb1206a89cf0e6706b4f46178169a93b6c964a4cad8a321058ccbd9b4", + "zh:793b702c352589d4360b580d4a1cf654a7439d2ad6bdb7bfea91de07bc4b0fac", + "zh:7ed687ff0a5509463a592f97431863574fe5cc80a34e395be06766215b8c6285", + "zh:955ba18789bd15592824eb426a8d0f38595bd09fffc6939c1c58933489c1a71e", + "zh:bf5949a55be0714cd9c8815d472eae4baa48ba06d0f6bf2b96775869acda8a54", + "zh:da5d31f635abd2c645ffc76d6176d73f646128e73720cc368247cc424975c127", + "zh:eed5a66d59883c9c56729b0a964a2b60d758ea7489ef3e920a6fbd48518ce5f5", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.3.2" + constraints = "~> 3.3.0" + hashes = [ + "h1:H5V+7iXol/EHB2+BUMzGlpIiCOdV74H8YjzCxnSAWcg=", + "zh:038293aebfede983e45ee55c328e3fde82ae2e5719c9bd233c324cfacc437f9c", + "zh:07eaeab03a723d83ac1cc218f3a59fceb7bbf301b38e89a26807d1c93c81cef8", + "zh:427611a4ce9d856b1c73bea986d841a969e4c2799c8ac7c18798d0cc42b78d32", + "zh:49718d2da653c06a70ba81fd055e2b99dfd52dcb86820a6aeea620df22cd3b30", + "zh:5574828d90b19ab762604c6306337e6cd430e65868e13ef6ddb4e25ddb9ad4c0", + "zh:7222e16f7833199dabf1bc5401c56d708ec052b2a5870988bc89ff85b68a5388", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:b1b2d7d934784d2aee98b0f8f07a8ccfc0410de63493ae2bf2222c165becf938", + "zh:b8f85b6a20bd264fcd0814866f415f0a368d1123cd7879c8ebbf905d370babc8", + "zh:c3813133acc02bbebddf046d9942e8ba5c35fc99191e3eb057957dafc2929912", + "zh:e7a41dbc919d1de800689a81c240c27eec6b9395564630764ebb323ea82ac8a9", + "zh:ee6d23208449a8eaa6c4f203e33f5176fa795b4b9ecf32903dffe6e2574732c2", + ] +} From a494ead0f8c601ce229dd983eb4207cf20948f3d Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Wed, 5 Feb 2025 15:45:40 +0000 Subject: [PATCH 11/23] save the current state --- Makefile | 2 +- core/terraform/deploy.sh | 1 - core/terraform/migrate.sh | 74 +++++++++++++++++++++++++++++++++++++-- 3 files changed, 72 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 58719016b3..dbda578d7b 100644 --- a/Makefile +++ b/Makefile @@ -106,7 +106,7 @@ prepare-tf-state: && pushd ${MAKEFILE_DIR}/templates/shared_services/firewall/terraform > /dev/null && ./import_state.sh && popd > /dev/null # / End migration targets -deploy-core: tre-start +deploy-core: #tre-start $(call target_title, "Deploying TRE") \ && . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh nodocker,env \ && rm -fr ~/.config/tre/environment.json \ diff --git a/core/terraform/deploy.sh b/core/terraform/deploy.sh index 148cf1aca4..b8d5d662c2 100755 --- a/core/terraform/deploy.sh +++ b/core/terraform/deploy.sh @@ -23,7 +23,6 @@ LOG_FILE="${TS}-tre-core.log" -k "${TRE_ID}" \ -l "${LOG_FILE}" \ -c "terraform plan -out ${PLAN_FILE} && \ - terraform apply -input=false -auto-approve ${PLAN_FILE} && \ terraform output -json > ../tre_output.json" ./update_tags.sh diff --git a/core/terraform/migrate.sh b/core/terraform/migrate.sh index 3c88e2ed2d..c3b083767f 100755 --- a/core/terraform/migrate.sh +++ b/core/terraform/migrate.sh @@ -3,7 +3,7 @@ set -o errexit set -o pipefail set -o nounset -# set -o xtrace +set -o xtrace # Configure AzureRM provider to user Azure AD to connect to storage accounts export ARM_STORAGE_USE_AZUREAD=true @@ -23,8 +23,8 @@ terraform init -input=false -backend=true -reconfigure \ -backend-config="key=${TRE_ID}" echo "*** Migrating TF Resources... ***" - - +terraform show +terraform show -json terraform_show_json=$(terraform show -json) # Remove cnab-state legacy state path form state. Needs to be run before refresh, as refresh will fail. @@ -61,4 +61,72 @@ terraform_show_json=$(terraform show -json) # fi # fi +# Remove old NSG association resources +declare -a old_nsg_assoc_resources=( + "module.network.azurerm_subnet_network_security_group_association.bastion" + "module.network.azurerm_subnet_network_security_group_association.app_gw" + "module.network.azurerm_subnet_network_security_group_association.shared" + "module.network.azurerm_subnet_network_security_group_association.web_app" + "module.network.azurerm_subnet_network_security_group_association.resource_processor" + "module.network.azurerm_subnet_network_security_group_association.airlock_processor" + "module.network.azurerm_subnet_network_security_group_association.airlock_notification" + "module.network.azurerm_subnet_network_security_group_association.airlock_storage" + "module.network.azurerm_subnet_network_security_group_association.airlock_events" + "module.network.azurerm_subnet_network_security_group_association.firewall_management" +) + +for resource in "${old_nsg_assoc_resources[@]}"; do + if terraform state list | grep -q "$resource"; then + echo "Removing NSG association resource: $resource" + terraform state rm "$resource" + else + echo "NSG association resource not found in state: $resource" + fi +done + +# Remove old subnet resources +declare -a old_subnet_resources=( + "module.network.azurerm_subnet.bastion" + "module.network.azurerm_subnet.azure_firewall" + "module.network.azurerm_subnet.app_gw" + "module.network.azurerm_subnet.web_app" + "module.network.azurerm_subnet.shared" + "module.network.azurerm_subnet.resource_processor" + "module.network.azurerm_subnet.airlock_processor" + "module.network.azurerm_subnet.airlock_notification" + "module.network.azurerm_subnet.airlock_storage" + "module.network.azurerm_subnet.airlock_events" + "module.network.azurerm_subnet.firewall_management" +) + +for resource in "${old_subnet_resources[@]}"; do + if terraform state list | grep -q "$resource"; then + echo "Removing subnet resource: $resource" + terraform state rm "$resource" + else + echo "Subnet resource not found in state: $resource" + fi +done + +# Remove the old Virtual Network resource +old_vnet_address="module.network.azurerm_virtual_network.core" +if terraform state list | grep -q "$old_vnet_address"; then + # Retrieve the VNet ID from state + vnet_id=$(terraform state show "$old_vnet_address" | awk '/^id/ {print $3}') + echo "Removing VNet resource: $old_vnet_address (ID: $vnet_id)" + terraform state rm "$old_vnet_address" +else + echo "VNet resource not found in state: $old_vnet_address" +fi + +# Re-import the Virtual Network using the new inline configuration. +# With the new configuration the VNet is now defined as "azurerm_virtual_network.core". +new_vnet_address="azurerm_virtual_network.core" +if [ -n "${vnet_id:-}" ]; then + echo "Importing VNet with ID: $vnet_id into new resource address: $new_vnet_address" + terraform import "$new_vnet_address" "$vnet_id" +else + echo "No VNet ID found; skipping re-import of VNet." +fi + echo "*** Migration is done. ***" From 82032b0c7fc4efcc666b52e0c95471f03392bd66 Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Thu, 6 Feb 2025 10:06:56 +0000 Subject: [PATCH 12/23] migration work without apply --- Makefile | 2 +- core/terraform/deploy.sh | 1 + core/terraform/migrate.sh | 88 +++++++++++++++++++++------------------ 3 files changed, 49 insertions(+), 42 deletions(-) diff --git a/Makefile b/Makefile index dbda578d7b..58719016b3 100644 --- a/Makefile +++ b/Makefile @@ -106,7 +106,7 @@ prepare-tf-state: && pushd ${MAKEFILE_DIR}/templates/shared_services/firewall/terraform > /dev/null && ./import_state.sh && popd > /dev/null # / End migration targets -deploy-core: #tre-start +deploy-core: tre-start $(call target_title, "Deploying TRE") \ && . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh nodocker,env \ && rm -fr ~/.config/tre/environment.json \ diff --git a/core/terraform/deploy.sh b/core/terraform/deploy.sh index b8d5d662c2..148cf1aca4 100755 --- a/core/terraform/deploy.sh +++ b/core/terraform/deploy.sh @@ -23,6 +23,7 @@ LOG_FILE="${TS}-tre-core.log" -k "${TRE_ID}" \ -l "${LOG_FILE}" \ -c "terraform plan -out ${PLAN_FILE} && \ + terraform apply -input=false -auto-approve ${PLAN_FILE} && \ terraform output -json > ../tre_output.json" ./update_tags.sh diff --git a/core/terraform/migrate.sh b/core/terraform/migrate.sh index c3b083767f..2cfdd3d0a0 100755 --- a/core/terraform/migrate.sh +++ b/core/terraform/migrate.sh @@ -12,8 +12,6 @@ export ARM_STORAGE_USE_AZUREAD=true export ARM_USE_AZUREAD=true export ARM_USE_OIDC=true -# terraform_wrapper_path="../../devops/scripts/terraform_wrapper.sh" - # This variables are loaded in for us # shellcheck disable=SC2154 terraform init -input=false -backend=true -reconfigure \ @@ -23,20 +21,7 @@ terraform init -input=false -backend=true -reconfigure \ -backend-config="key=${TRE_ID}" echo "*** Migrating TF Resources... ***" -terraform show -terraform show -json -terraform_show_json=$(terraform show -json) - -# Remove cnab-state legacy state path form state. Needs to be run before refresh, as refresh will fail. -state_store_legacy_path=$(echo "${terraform_show_json}" \ - | jq 'select(.values.root_module.resources != null) | .values.root_module.resources[] | select(.address=="azurerm_storage_share.storage_state_path") | .values.id') - -if [ -n "${state_store_legacy_path}" ]; then - echo -e "\n\e[96mRemoving legacy state path from TF state\e[0m..." - terraform state rm azurerm_storage_share.storage_state_path -fi -# terraform show might fail if provider schema has changed. Since we don't call apply at this stage a refresh is needed terraform refresh # 1. Check we have a root_module in state @@ -61,8 +46,8 @@ terraform_show_json=$(terraform show -json) # fi # fi -# Remove old NSG association resources -declare -a old_nsg_assoc_resources=( +# List of NSG association resource addresses to remove. +declare -a NSG_ASSOC_RESOURCES=( "module.network.azurerm_subnet_network_security_group_association.bastion" "module.network.azurerm_subnet_network_security_group_association.app_gw" "module.network.azurerm_subnet_network_security_group_association.shared" @@ -75,16 +60,25 @@ declare -a old_nsg_assoc_resources=( "module.network.azurerm_subnet_network_security_group_association.firewall_management" ) -for resource in "${old_nsg_assoc_resources[@]}"; do - if terraform state list | grep -q "$resource"; then - echo "Removing NSG association resource: $resource" +echo "*** Removing NSG Associations ***" + +for resource in "${NSG_ASSOC_RESOURCES[@]}"; do + resource_id=$(echo "${terraform_show_json}" | jq -r --arg addr "$resource" ' + def walk_resources: + (.resources[]? ), + (.child_modules[]? | walk_resources); + .values.root_module | walk_resources | select(.address==$addr) | .values.id + ') + + if [ -n "$resource_id" ] && [ "$resource_id" != "null" ]; then + echo "Removing NSG association: ${resource} (id: ${resource_id})" terraform state rm "$resource" else - echo "NSG association resource not found in state: $resource" + echo "NSG association resource not found in state: ${resource}" fi done -# Remove old subnet resources +### Step 2: Remove Old Subnets declare -a old_subnet_resources=( "module.network.azurerm_subnet.bastion" "module.network.azurerm_subnet.azure_firewall" @@ -99,34 +93,46 @@ declare -a old_subnet_resources=( "module.network.azurerm_subnet.firewall_management" ) +echo "*** Removing Subnets ***" for resource in "${old_subnet_resources[@]}"; do - if terraform state list | grep -q "$resource"; then - echo "Removing subnet resource: $resource" + resource_id=$(echo "${terraform_show_json}" | jq -r --arg addr "$resource" ' + def walk_resources: + (.resources[]? ), + (.child_modules[]? | walk_resources); + .values.root_module | walk_resources | select(.address==$addr) | .values.id + ') + + if [ -n "$resource_id" ] && [ "$resource_id" != "null" ]; then + echo "Removing subnet: ${resource} (id: ${resource_id})" terraform state rm "$resource" else - echo "Subnet resource not found in state: $resource" + echo "Subnet resource not found in state: ${resource}" fi done -# Remove the old Virtual Network resource -old_vnet_address="module.network.azurerm_virtual_network.core" -if terraform state list | grep -q "$old_vnet_address"; then - # Retrieve the VNet ID from state - vnet_id=$(terraform state show "$old_vnet_address" | awk '/^id/ {print $3}') - echo "Removing VNet resource: $old_vnet_address (ID: $vnet_id)" - terraform state rm "$old_vnet_address" +### Step 3: Remove Old Virtual Network +echo "*** Removing VNet ***" +vnet_address="module.network.azurerm_virtual_network.core" +vnet_id=$(echo "${terraform_show_json}" | jq -r --arg addr "$vnet_address" ' + def walk_resources: + (.values.root_module.resources[]?), + (.values.root_module.child_modules[]? | .resources[]?); + walk_resources | select(.address == $addr) | .values.id +') + +if [ -n "${vnet_id}" ] && [ "${vnet_id}" != "null" ]; then + echo "Removing VNet from state: ${vnet_address} (ID: ${vnet_id})" + terraform state rm "${vnet_address}" else - echo "VNet resource not found in state: $old_vnet_address" + echo "VNet resource not found in state: ${vnet_address}" fi -# Re-import the Virtual Network using the new inline configuration. -# With the new configuration the VNet is now defined as "azurerm_virtual_network.core". -new_vnet_address="azurerm_virtual_network.core" -if [ -n "${vnet_id:-}" ]; then - echo "Importing VNet with ID: $vnet_id into new resource address: $new_vnet_address" - terraform import "$new_vnet_address" "$vnet_id" + +### Step 4: Re-import Virtual Network +echo "*** Re-importing VNet ***" +if [ -n "${vnet_id}" ] && [ "${vnet_id}" != "null" ]; then + echo "Importing VNet with ID: ${vnet_id} into new resource address: ${vnet_address}" + terraform import "${vnet_address}" "${vnet_id}" else echo "No VNet ID found; skipping re-import of VNet." fi - -echo "*** Migration is done. ***" From 206875a0520fa3db24a1c799215f6c70b9a98e4f Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Thu, 6 Feb 2025 10:45:20 +0000 Subject: [PATCH 13/23] Disable xtrace for migration script --- core/terraform/migrate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/terraform/migrate.sh b/core/terraform/migrate.sh index 2cfdd3d0a0..32da87a93e 100755 --- a/core/terraform/migrate.sh +++ b/core/terraform/migrate.sh @@ -3,7 +3,7 @@ set -o errexit set -o pipefail set -o nounset -set -o xtrace +# set -o xtrace # Configure AzureRM provider to user Azure AD to connect to storage accounts export ARM_STORAGE_USE_AZUREAD=true From 1d2e90c9284473d4ccceb78233c7e029eeab9129 Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Thu, 6 Feb 2025 10:52:14 +0000 Subject: [PATCH 14/23] remove the change on the lock file. --- templates/workspaces/base/terraform/.terraform.lock.hcl | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/workspaces/base/terraform/.terraform.lock.hcl b/templates/workspaces/base/terraform/.terraform.lock.hcl index 021fad23b4..8a229681d9 100644 --- a/templates/workspaces/base/terraform/.terraform.lock.hcl +++ b/templates/workspaces/base/terraform/.terraform.lock.hcl @@ -6,6 +6,7 @@ provider "registry.terraform.io/azure/azapi" { constraints = ">= 1.15.0, 1.15.0" hashes = [ "h1:Y7ruMuPh8UJRTRl4rm+cdpGtmURx2taqiuqfYaH3o48=", + "h1:gIOgxVmFSxHrR+XOzgUEA+ybOmp8kxZlZH3eYeB/eFI=", "zh:0627a8bc77254debc25dc0c7b62e055138217c97b03221e593c3c56dc7550671", "zh:2fe045f07070ef75d0bec4b0595a74c14394daa838ddb964e2fd23cc98c40c34", "zh:343009f39c957883b2c06145a5954e524c70f93585f943f1ea3d28ef6995d0d0", From 648e00d904ed9b709db6414799d5e996d3dff2c2 Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Thu, 6 Feb 2025 12:54:53 +0000 Subject: [PATCH 15/23] Implement migration steps for managing private endpoints in Terraform --- core/terraform/migrate.sh | 55 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/core/terraform/migrate.sh b/core/terraform/migrate.sh index 32da87a93e..515b371fe2 100755 --- a/core/terraform/migrate.sh +++ b/core/terraform/migrate.sh @@ -136,3 +136,58 @@ if [ -n "${vnet_id}" ] && [ "${vnet_id}" != "null" ]; then else echo "No VNet ID found; skipping re-import of VNet." fi + + +### Step 5: Remove Old Private Endpoints +echo "*** Removing Private Endpoints ***" + +declare -a PRIVATE_ENDPOINTS=( + "module.network.azurerm_private_endpoint.azure_monitor" + "module.network.azurerm_private_endpoint.azure_monitor_agentsvc" + "module.network.azurerm_private_endpoint.azure_monitor_ods_opinsights" + "module.network.azurerm_private_endpoint.azure_monitor_oms_opinsights" + "module.network.azurerm_private_endpoint.azurecr" + "module.network.azurerm_private_endpoint.azurewebsites" + "module.network.azurerm_private_endpoint.blobcore" + "module.network.azurerm_private_endpoint.eventgrid" + "module.network.azurerm_private_endpoint.filecore" + "module.network.azurerm_private_endpoint.queuecore" + "module.network.azurerm_private_endpoint.tablecore" + "module.network.azurerm_private_endpoint.static_web" + "module.network.azurerm_private_endpoint.vaultcore" +) + +for resource in "${PRIVATE_ENDPOINTS[@]}"; do + resource_id=$(echo "${terraform_show_json}" | jq -r --arg addr "$resource" ' + def walk_resources: + (.resources[]? ), + (.child_modules[]? | walk_resources); + .values.root_module | walk_resources | select(.address==$addr) | .values.id + ') + + if [ -n "$resource_id" ] && [ "$resource_id" != "null" ]; then + echo "Removing Private Endpoint: ${resource} (id: ${resource_id})" + terraform state rm "$resource" + else + echo "Private Endpoint resource not found in state: ${resource}" + fi +done + +### Step 6: Re-import Private Endpoints +echo "*** Re-importing Private Endpoints ***" + +for resource in "${PRIVATE_ENDPOINTS[@]}"; do + resource_id=$(echo "${terraform_show_json}" | jq -r --arg addr "$resource" ' + def walk_resources: + (.resources[]? ), + (.child_modules[]? | walk_resources); + .values.root_module | walk_resources | select(.address==$addr) | .values.id + ') + + if [ -n "$resource_id" ] && [ "$resource_id" != "null" ]; then + echo "Re-importing Private Endpoint: ${resource} (id: ${resource_id})" + terraform import "$resource" "$resource_id" + else + echo "No Private Endpoint ID found for ${resource}, skipping import." + fi +done From 53ef850a0970d3714bc1811da4d61af9fe4c732a Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Thu, 6 Feb 2025 15:29:53 +0000 Subject: [PATCH 16/23] Update private endpoints in migration script --- core/terraform/migrate.sh | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/core/terraform/migrate.sh b/core/terraform/migrate.sh index 515b371fe2..feab4403b1 100755 --- a/core/terraform/migrate.sh +++ b/core/terraform/migrate.sh @@ -142,19 +142,13 @@ fi echo "*** Removing Private Endpoints ***" declare -a PRIVATE_ENDPOINTS=( - "module.network.azurerm_private_endpoint.azure_monitor" - "module.network.azurerm_private_endpoint.azure_monitor_agentsvc" - "module.network.azurerm_private_endpoint.azure_monitor_ods_opinsights" - "module.network.azurerm_private_endpoint.azure_monitor_oms_opinsights" - "module.network.azurerm_private_endpoint.azurecr" - "module.network.azurerm_private_endpoint.azurewebsites" - "module.network.azurerm_private_endpoint.blobcore" - "module.network.azurerm_private_endpoint.eventgrid" - "module.network.azurerm_private_endpoint.filecore" - "module.network.azurerm_private_endpoint.queuecore" - "module.network.azurerm_private_endpoint.tablecore" - "module.network.azurerm_private_endpoint.static_web" - "module.network.azurerm_private_endpoint.vaultcore" + "azurerm_private_endpoint.api_private_endpoint" + "azurerm_private_endpoint.blobpe" + "azurerm_private_endpoint.filepe" + "azurerm_private_endpoint.kvpe" + "azurerm_private_endpoint.mongo" + "azurerm_private_endpoint.sbpe" + "azurerm_private_endpoint.sspe" ) for resource in "${PRIVATE_ENDPOINTS[@]}"; do @@ -173,7 +167,7 @@ for resource in "${PRIVATE_ENDPOINTS[@]}"; do fi done -### Step 6: Re-import Private Endpoints +### Step 6: Re-importing Private Endpoints echo "*** Re-importing Private Endpoints ***" for resource in "${PRIVATE_ENDPOINTS[@]}"; do From be7aed9cea94d9d81a9bf64200c229ad2f4fa65c Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Sun, 9 Feb 2025 08:57:22 +0000 Subject: [PATCH 17/23] Refactor migration script to not remove old private endpoints and related steps --- core/terraform/migrate.sh | 55 +++------------------------------------ 1 file changed, 3 insertions(+), 52 deletions(-) diff --git a/core/terraform/migrate.sh b/core/terraform/migrate.sh index feab4403b1..a238cb3e7c 100755 --- a/core/terraform/migrate.sh +++ b/core/terraform/migrate.sh @@ -78,7 +78,6 @@ for resource in "${NSG_ASSOC_RESOURCES[@]}"; do fi done -### Step 2: Remove Old Subnets declare -a old_subnet_resources=( "module.network.azurerm_subnet.bastion" "module.network.azurerm_subnet.azure_firewall" @@ -94,6 +93,7 @@ declare -a old_subnet_resources=( ) echo "*** Removing Subnets ***" + for resource in "${old_subnet_resources[@]}"; do resource_id=$(echo "${terraform_show_json}" | jq -r --arg addr "$resource" ' def walk_resources: @@ -110,8 +110,8 @@ for resource in "${old_subnet_resources[@]}"; do fi done -### Step 3: Remove Old Virtual Network echo "*** Removing VNet ***" + vnet_address="module.network.azurerm_virtual_network.core" vnet_id=$(echo "${terraform_show_json}" | jq -r --arg addr "$vnet_address" ' def walk_resources: @@ -128,60 +128,11 @@ else fi -### Step 4: Re-import Virtual Network echo "*** Re-importing VNet ***" + if [ -n "${vnet_id}" ] && [ "${vnet_id}" != "null" ]; then echo "Importing VNet with ID: ${vnet_id} into new resource address: ${vnet_address}" terraform import "${vnet_address}" "${vnet_id}" else echo "No VNet ID found; skipping re-import of VNet." fi - - -### Step 5: Remove Old Private Endpoints -echo "*** Removing Private Endpoints ***" - -declare -a PRIVATE_ENDPOINTS=( - "azurerm_private_endpoint.api_private_endpoint" - "azurerm_private_endpoint.blobpe" - "azurerm_private_endpoint.filepe" - "azurerm_private_endpoint.kvpe" - "azurerm_private_endpoint.mongo" - "azurerm_private_endpoint.sbpe" - "azurerm_private_endpoint.sspe" -) - -for resource in "${PRIVATE_ENDPOINTS[@]}"; do - resource_id=$(echo "${terraform_show_json}" | jq -r --arg addr "$resource" ' - def walk_resources: - (.resources[]? ), - (.child_modules[]? | walk_resources); - .values.root_module | walk_resources | select(.address==$addr) | .values.id - ') - - if [ -n "$resource_id" ] && [ "$resource_id" != "null" ]; then - echo "Removing Private Endpoint: ${resource} (id: ${resource_id})" - terraform state rm "$resource" - else - echo "Private Endpoint resource not found in state: ${resource}" - fi -done - -### Step 6: Re-importing Private Endpoints -echo "*** Re-importing Private Endpoints ***" - -for resource in "${PRIVATE_ENDPOINTS[@]}"; do - resource_id=$(echo "${terraform_show_json}" | jq -r --arg addr "$resource" ' - def walk_resources: - (.resources[]? ), - (.child_modules[]? | walk_resources); - .values.root_module | walk_resources | select(.address==$addr) | .values.id - ') - - if [ -n "$resource_id" ] && [ "$resource_id" != "null" ]; then - echo "Re-importing Private Endpoint: ${resource} (id: ${resource_id})" - terraform import "$resource" "$resource_id" - else - echo "No Private Endpoint ID found for ${resource}, skipping import." - fi -done From 7ef995bbbffd7aa899e39478a9af0468914d96d1 Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Sun, 9 Feb 2025 09:05:02 +0000 Subject: [PATCH 18/23] lint changes --- core/terraform/cosmos_mongo.tf | 4 +-- core/terraform/network/network.tf | 50 +++++++++++++++---------------- core/terraform/statestore.tf | 2 +- 3 files changed, 28 insertions(+), 28 deletions(-) diff --git a/core/terraform/cosmos_mongo.tf b/core/terraform/cosmos_mongo.tf index 838abdce34..1c41e4d856 100644 --- a/core/terraform/cosmos_mongo.tf +++ b/core/terraform/cosmos_mongo.tf @@ -6,8 +6,8 @@ resource "azurerm_cosmosdb_account" "mongo" { kind = "MongoDB" automatic_failover_enabled = false mongo_server_version = 4.2 - ip_range_filter = toset(var.enable_local_debugging ? concat(split(",", local.azure_portal_cosmos_ips), [local.myip]) : split(",", local.azure_portal_cosmos_ips)) - + ip_range_filter = toset(var.enable_local_debugging ? concat(split(",", local.azure_portal_cosmos_ips), [local.myip]) : split(",", local.azure_portal_cosmos_ips)) + capabilities { name = "EnableServerless" } diff --git a/core/terraform/network/network.tf b/core/terraform/network/network.tf index eac80ce9ec..d823acd76d 100644 --- a/core/terraform/network/network.tf +++ b/core/terraform/network/network.tf @@ -7,14 +7,14 @@ resource "azurerm_virtual_network" "core" { lifecycle { ignore_changes = [tags] } subnet { - name = "AzureBastionSubnet" - address_prefixes = [local.bastion_subnet_address_prefix] - security_group = azurerm_network_security_group.bastion.id + name = "AzureBastionSubnet" + address_prefixes = [local.bastion_subnet_address_prefix] + security_group = azurerm_network_security_group.bastion.id } subnet { - name = "AzureFirewallSubnet" - address_prefixes = [local.firewall_subnet_address_space] + name = "AzureFirewallSubnet" + address_prefixes = [local.firewall_subnet_address_space] } subnet { @@ -43,24 +43,24 @@ resource "azurerm_virtual_network" "core" { } subnet { - name = "SharedSubnet" - address_prefixes = [local.shared_services_subnet_address_prefix] + name = "SharedSubnet" + address_prefixes = [local.shared_services_subnet_address_prefix] private_endpoint_network_policies = "Disabled" - security_group = azurerm_network_security_group.default_rules.id + security_group = azurerm_network_security_group.default_rules.id } subnet { - name = "ResourceProcessorSubnet" - address_prefixes = [local.resource_processor_subnet_address_prefix] + name = "ResourceProcessorSubnet" + address_prefixes = [local.resource_processor_subnet_address_prefix] private_endpoint_network_policies = "Disabled" - security_group = azurerm_network_security_group.default_rules.id + security_group = azurerm_network_security_group.default_rules.id } subnet { - name = "AirlockProcessorSubnet" - address_prefixes = [local.airlock_processor_subnet_address_prefix] + name = "AirlockProcessorSubnet" + address_prefixes = [local.airlock_processor_subnet_address_prefix] private_endpoint_network_policies = "Disabled" - security_group = azurerm_network_security_group.default_rules.id + security_group = azurerm_network_security_group.default_rules.id delegation { name = "delegation" @@ -75,10 +75,10 @@ resource "azurerm_virtual_network" "core" { } subnet { - name = "AirlockNotifiactionSubnet" - address_prefixes = [local.airlock_notifications_subnet_address_prefix] + name = "AirlockNotifiactionSubnet" + address_prefixes = [local.airlock_notifications_subnet_address_prefix] private_endpoint_network_policies = "Disabled" - security_group = azurerm_network_security_group.default_rules.id + security_group = azurerm_network_security_group.default_rules.id delegation { name = "delegation" @@ -92,24 +92,24 @@ resource "azurerm_virtual_network" "core" { } subnet { - name = "AirlockStorageSubnet" - address_prefixes = [local.airlock_storage_subnet_address_prefix] + name = "AirlockStorageSubnet" + address_prefixes = [local.airlock_storage_subnet_address_prefix] private_endpoint_network_policies = "Disabled" - security_group = azurerm_network_security_group.default_rules.id + security_group = azurerm_network_security_group.default_rules.id } subnet { - name = "AirlockEventsSubnet" - address_prefixes = [local.airlock_events_subnet_address_prefix] + name = "AirlockEventsSubnet" + address_prefixes = [local.airlock_events_subnet_address_prefix] private_endpoint_network_policies = "Disabled" - security_group = azurerm_network_security_group.default_rules.id + security_group = azurerm_network_security_group.default_rules.id service_endpoints = ["Microsoft.ServiceBus"] } subnet { - name = "AzureFirewallManagementSubnet" - address_prefixes = [local.firewall_management_subnet_address_prefix] + name = "AzureFirewallManagementSubnet" + address_prefixes = [local.firewall_management_subnet_address_prefix] } } diff --git a/core/terraform/statestore.tf b/core/terraform/statestore.tf index 32412cd057..0911809610 100644 --- a/core/terraform/statestore.tf +++ b/core/terraform/statestore.tf @@ -5,7 +5,7 @@ resource "azurerm_cosmosdb_account" "tre_db_account" { offer_type = "Standard" kind = "GlobalDocumentDB" automatic_failover_enabled = false - ip_range_filter = toset(var.enable_local_debugging ? concat(split(",", local.azure_portal_cosmos_ips), [local.myip]) : split(",", local.azure_portal_cosmos_ips)) + ip_range_filter = toset(var.enable_local_debugging ? concat(split(",", local.azure_portal_cosmos_ips), [local.myip]) : split(",", local.azure_portal_cosmos_ips)) local_authentication_disabled = true tags = local.tre_core_tags From a37622265d0a2cd1992451fe3091db6caea42d9c Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Sun, 9 Feb 2025 09:10:12 +0000 Subject: [PATCH 19/23] bump version to 0.11.24 --- core/version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version.txt b/core/version.txt index 836582489b..0ec8ebfc1b 100644 --- a/core/version.txt +++ b/core/version.txt @@ -1 +1 @@ -__version__ = "0.11.23" +__version__ = "0.11.24" From 29f1b9957ef4423ba25776d433e539a2459c6cdd Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Sun, 9 Feb 2025 14:09:36 +0000 Subject: [PATCH 20/23] PR comments addressed --- core/terraform/cosmos_mongo.tf | 2 +- core/terraform/locals.tf | 15 +++- core/terraform/migrate.sh | 113 ++++++++++-------------------- core/terraform/network/locals.tf | 2 + core/terraform/network/main.tf | 2 +- core/terraform/network/network.tf | 4 -- core/terraform/statestore.tf | 20 ++++-- core/version.txt | 2 +- 8 files changed, 68 insertions(+), 92 deletions(-) diff --git a/core/terraform/cosmos_mongo.tf b/core/terraform/cosmos_mongo.tf index 1c41e4d856..6bb4ec4594 100644 --- a/core/terraform/cosmos_mongo.tf +++ b/core/terraform/cosmos_mongo.tf @@ -6,7 +6,7 @@ resource "azurerm_cosmosdb_account" "mongo" { kind = "MongoDB" automatic_failover_enabled = false mongo_server_version = 4.2 - ip_range_filter = toset(var.enable_local_debugging ? concat(split(",", local.azure_portal_cosmos_ips), [local.myip]) : split(",", local.azure_portal_cosmos_ips)) + ip_range_filter = local.cosmos_ip_filter_set capabilities { name = "EnableServerless" diff --git a/core/terraform/locals.tf b/core/terraform/locals.tf index 22d327f96f..77dac22fde 100644 --- a/core/terraform/locals.tf +++ b/core/terraform/locals.tf @@ -14,7 +14,20 @@ locals { docker_registry_server = data.azurerm_container_registry.mgmt_acr.login_server # https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-configure-firewall#allow-requests-from-the-azure-portal - azure_portal_cosmos_ips = "104.42.195.92,40.76.54.131,52.176.6.30,52.169.50.45,52.187.184.26" + + azure_portal_cosmos_ips_list = [ + "104.42.195.92", + "40.76.54.131", + "52.176.6.30", + "52.169.50.45", + "52.187.184.26" + ] + + cosmos_ip_filter_set = toset( + var.enable_local_debugging + ? concat(local.azure_portal_cosmos_ips_list, [local.myip]) + : local.azure_portal_cosmos_ips_list + ) # we define some zones in core despite not used by the core infra because # it's the easier way to make them available to other services in the system. diff --git a/core/terraform/migrate.sh b/core/terraform/migrate.sh index a238cb3e7c..21feba0def 100755 --- a/core/terraform/migrate.sh +++ b/core/terraform/migrate.sh @@ -5,14 +5,25 @@ set -o pipefail set -o nounset # set -o xtrace -# Configure AzureRM provider to user Azure AD to connect to storage accounts +get_resource_id() { + local json_data="$1" + local resource_addr="$2" + echo "$json_data" | jq -r --arg addr "$resource_addr" ' + def walk_resources: + (.resources[]?), + (.child_modules[]? | walk_resources); + .values.root_module | walk_resources | select(.address==$addr) | .values.id + ' +} + +# Configure AzureRM provider to use Azure AD to connect to storage accounts export ARM_STORAGE_USE_AZUREAD=true -# Configure AzureRM backend to user Azure AD to connect to storage accounts +# Configure AzureRM backend to use Azure AD to connect to storage accounts export ARM_USE_AZUREAD=true export ARM_USE_OIDC=true -# This variables are loaded in for us +# These variables are loaded in for us # shellcheck disable=SC2154 terraform init -input=false -backend=true -reconfigure \ -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \ @@ -24,30 +35,11 @@ echo "*** Migrating TF Resources... ***" terraform refresh -# 1. Check we have a root_module in state -# 2. Grab the Resource ID -# 3. Delete the old resource from state -# 4. Import the new resource type in using the existing Azure Resource ID - +# get TF state in JSON terraform_show_json=$(terraform show -json) -# example migration -# # azurerm_app_service_plan -> azurerm_service_plan -# core_app_service_plan_id=$(echo "${terraform_show_json}" \ -# | jq -r 'select(.values.root_module.resources != null) | .values.root_module.resources[] | select(.address=="azurerm_app_service_plan.core") | .values.id') -# if [ -n "${core_app_service_plan_id}" ]; then -# echo "Migrating ${core_app_service_plan_id}" -# terraform state rm azurerm_app_service_plan.core -# if [[ $(az resource list --query "[?id=='${core_app_service_plan_id}'] | length(@)") == 0 ]]; -# then -# echo "The resource doesn't exist on Azure. Skipping importing it back to state." -# else -# terraform import azurerm_service_plan.core "${core_app_service_plan_id}" -# fi -# fi - -# List of NSG association resource addresses to remove. -declare -a NSG_ASSOC_RESOURCES=( +# List of resource addresses to remove. +declare -a RESOURCES_TO_REMOVE=( "module.network.azurerm_subnet_network_security_group_association.bastion" "module.network.azurerm_subnet_network_security_group_association.app_gw" "module.network.azurerm_subnet_network_security_group_association.shared" @@ -57,28 +49,6 @@ declare -a NSG_ASSOC_RESOURCES=( "module.network.azurerm_subnet_network_security_group_association.airlock_notification" "module.network.azurerm_subnet_network_security_group_association.airlock_storage" "module.network.azurerm_subnet_network_security_group_association.airlock_events" - "module.network.azurerm_subnet_network_security_group_association.firewall_management" -) - -echo "*** Removing NSG Associations ***" - -for resource in "${NSG_ASSOC_RESOURCES[@]}"; do - resource_id=$(echo "${terraform_show_json}" | jq -r --arg addr "$resource" ' - def walk_resources: - (.resources[]? ), - (.child_modules[]? | walk_resources); - .values.root_module | walk_resources | select(.address==$addr) | .values.id - ') - - if [ -n "$resource_id" ] && [ "$resource_id" != "null" ]; then - echo "Removing NSG association: ${resource} (id: ${resource_id})" - terraform state rm "$resource" - else - echo "NSG association resource not found in state: ${resource}" - fi -done - -declare -a old_subnet_resources=( "module.network.azurerm_subnet.bastion" "module.network.azurerm_subnet.azure_firewall" "module.network.azurerm_subnet.app_gw" @@ -92,47 +62,36 @@ declare -a old_subnet_resources=( "module.network.azurerm_subnet.firewall_management" ) -echo "*** Removing Subnets ***" +migration_is_needed=0 +for resource in "${RESOURCES_TO_REMOVE[@]}"; do + resource_id=$(get_resource_id "${terraform_show_json}" "$resource") + if [ -n "$resource_id" ] && [ "$resource_id" != "null" ]; then + migration_is_needed=1 + break + fi +done -for resource in "${old_subnet_resources[@]}"; do - resource_id=$(echo "${terraform_show_json}" | jq -r --arg addr "$resource" ' - def walk_resources: - (.resources[]? ), - (.child_modules[]? | walk_resources); - .values.root_module | walk_resources | select(.address==$addr) | .values.id - ') +if [ "$migration_is_needed" -eq 0 ]; then + echo "No old resources found in the state, skipping migration." + exit 0 +fi +# remove resources from state +for resource in "${RESOURCES_TO_REMOVE[@]}"; do + resource_id=$(get_resource_id "${terraform_show_json}" "$resource") if [ -n "$resource_id" ] && [ "$resource_id" != "null" ]; then - echo "Removing subnet: ${resource} (id: ${resource_id})" terraform state rm "$resource" else - echo "Subnet resource not found in state: ${resource}" + echo "Resource that supposed to be removed not found in state: ${resource}" fi done -echo "*** Removing VNet ***" - +# remove & import VNet vnet_address="module.network.azurerm_virtual_network.core" -vnet_id=$(echo "${terraform_show_json}" | jq -r --arg addr "$vnet_address" ' - def walk_resources: - (.values.root_module.resources[]?), - (.values.root_module.child_modules[]? | .resources[]?); - walk_resources | select(.address == $addr) | .values.id -') - +vnet_id=$(get_resource_id "${terraform_show_json}" "$vnet_address" "vnet") if [ -n "${vnet_id}" ] && [ "${vnet_id}" != "null" ]; then - echo "Removing VNet from state: ${vnet_address} (ID: ${vnet_id})" terraform state rm "${vnet_address}" -else - echo "VNet resource not found in state: ${vnet_address}" -fi - - -echo "*** Re-importing VNet ***" - -if [ -n "${vnet_id}" ] && [ "${vnet_id}" != "null" ]; then - echo "Importing VNet with ID: ${vnet_id} into new resource address: ${vnet_address}" terraform import "${vnet_address}" "${vnet_id}" else - echo "No VNet ID found; skipping re-import of VNet." + echo "VNet resource not found in state: ${vnet_address}" fi diff --git a/core/terraform/network/locals.tf b/core/terraform/network/locals.tf index aaa2aea7d1..b09deb16e1 100644 --- a/core/terraform/network/locals.tf +++ b/core/terraform/network/locals.tf @@ -32,4 +32,6 @@ locals { "privatelink.queue.core.windows.net", "privatelink.table.core.windows.net" ]) + + subnet_ids_map = { for s in azurerm_virtual_network.core.subnet : s.name => s.id } } diff --git a/core/terraform/network/main.tf b/core/terraform/network/main.tf index 1033345566..5cced47bb0 100644 --- a/core/terraform/network/main.tf +++ b/core/terraform/network/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "= 4.14.0" + version = ">= 4.14.0" } } } diff --git a/core/terraform/network/network.tf b/core/terraform/network/network.tf index d823acd76d..a511365326 100644 --- a/core/terraform/network/network.tf +++ b/core/terraform/network/network.tf @@ -153,7 +153,3 @@ module "terraform_azurerm_environment_configuration" { source = "git::https://github.com/microsoft/terraform-azurerm-environment-configuration.git?ref=0.2.0" arm_environment = var.arm_environment } - -locals { - subnet_ids_map = { for s in azurerm_virtual_network.core.subnet : s.name => s.id } -} diff --git a/core/terraform/statestore.tf b/core/terraform/statestore.tf index 0911809610..3c9ee87b4c 100644 --- a/core/terraform/statestore.tf +++ b/core/terraform/statestore.tf @@ -1,11 +1,17 @@ resource "azurerm_cosmosdb_account" "tre_db_account" { - name = "cosmos-${var.tre_id}" - location = azurerm_resource_group.core.location - resource_group_name = azurerm_resource_group.core.name - offer_type = "Standard" - kind = "GlobalDocumentDB" - automatic_failover_enabled = false - ip_range_filter = toset(var.enable_local_debugging ? concat(split(",", local.azure_portal_cosmos_ips), [local.myip]) : split(",", local.azure_portal_cosmos_ips)) + name = "cosmos-${var.tre_id}" + location = azurerm_resource_group.core.location + resource_group_name = azurerm_resource_group.core.name + offer_type = "Standard" + kind = "GlobalDocumentDB" + automatic_failover_enabled = false + ip_range_filter = local.cosmos_ip_filter_set + + + + + + local_authentication_disabled = true tags = local.tre_core_tags diff --git a/core/version.txt b/core/version.txt index 0ec8ebfc1b..ea370a8e55 100644 --- a/core/version.txt +++ b/core/version.txt @@ -1 +1 @@ -__version__ = "0.11.24" +__version__ = "0.12.0" From a624f153bbf78220c16b53df3f331e2ba3d267d9 Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Sun, 9 Feb 2025 14:12:41 +0000 Subject: [PATCH 21/23] Terraform fmt --- core/terraform/locals.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/terraform/locals.tf b/core/terraform/locals.tf index 77dac22fde..15f066ae7b 100644 --- a/core/terraform/locals.tf +++ b/core/terraform/locals.tf @@ -25,8 +25,8 @@ locals { cosmos_ip_filter_set = toset( var.enable_local_debugging - ? concat(local.azure_portal_cosmos_ips_list, [local.myip]) - : local.azure_portal_cosmos_ips_list + ? concat(local.azure_portal_cosmos_ips_list, [local.myip]) + : local.azure_portal_cosmos_ips_list ) # we define some zones in core despite not used by the core infra because From e36bf6f75ab755a7f90885da224649333a58c48d Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Mon, 10 Feb 2025 08:42:17 +0000 Subject: [PATCH 22/23] Add virtual network address variable to migration script --- core/terraform/migrate.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/core/terraform/migrate.sh b/core/terraform/migrate.sh index 21feba0def..d3b54531b0 100755 --- a/core/terraform/migrate.sh +++ b/core/terraform/migrate.sh @@ -61,6 +61,8 @@ declare -a RESOURCES_TO_REMOVE=( "module.network.azurerm_subnet.airlock_events" "module.network.azurerm_subnet.firewall_management" ) +vnet_address="module.network.azurerm_virtual_network.core" + migration_is_needed=0 for resource in "${RESOURCES_TO_REMOVE[@]}"; do From 560d37494fa39ba7c209773794c35eae29bf0690 Mon Sep 17 00:00:00 2001 From: Ron Shakutai Date: Mon, 10 Feb 2025 13:59:44 +0000 Subject: [PATCH 23/23] Refactor migration script to improve resource removal logic and add migration status messages --- core/terraform/migrate.sh | 45 ++++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/core/terraform/migrate.sh b/core/terraform/migrate.sh index d3b54531b0..5f64abeb15 100755 --- a/core/terraform/migrate.sh +++ b/core/terraform/migrate.sh @@ -63,37 +63,38 @@ declare -a RESOURCES_TO_REMOVE=( ) vnet_address="module.network.azurerm_virtual_network.core" - -migration_is_needed=0 +# Check if migration is needed +migration_needed=0 for resource in "${RESOURCES_TO_REMOVE[@]}"; do resource_id=$(get_resource_id "${terraform_show_json}" "$resource") if [ -n "$resource_id" ] && [ "$resource_id" != "null" ]; then - migration_is_needed=1 + migration_needed=1 break fi done -if [ "$migration_is_needed" -eq 0 ]; then - echo "No old resources found in the state, skipping migration." - exit 0 -fi +# Remove old resources +if [ "$migration_needed" -eq 1 ]; then + for resource in "${RESOURCES_TO_REMOVE[@]}"; do + resource_id=$(get_resource_id "${terraform_show_json}" "$resource") + if [ -n "$resource_id" ] && [ "$resource_id" != "null" ]; then + terraform state rm "$resource" + else + echo "Resource that was supposed to be removed not found in state: ${resource}" + fi + done -# remove resources from state -for resource in "${RESOURCES_TO_REMOVE[@]}"; do - resource_id=$(get_resource_id "${terraform_show_json}" "$resource") - if [ -n "$resource_id" ] && [ "$resource_id" != "null" ]; then - terraform state rm "$resource" + # Remove and re-import the VNet + vnet_address="module.network.azurerm_virtual_network.core" + vnet_id=$(get_resource_id "${terraform_show_json}" "$vnet_address" "vnet") + if [ -n "${vnet_id}" ] && [ "${vnet_id}" != "null" ]; then + terraform state rm "${vnet_address}" + terraform import "${vnet_address}" "${vnet_id}" else - echo "Resource that supposed to be removed not found in state: ${resource}" + echo "VNet resource not found in state: ${vnet_address}" fi -done - -# remove & import VNet -vnet_address="module.network.azurerm_virtual_network.core" -vnet_id=$(get_resource_id "${terraform_show_json}" "$vnet_address" "vnet") -if [ -n "${vnet_id}" ] && [ "${vnet_id}" != "null" ]; then - terraform state rm "${vnet_address}" - terraform import "${vnet_address}" "${vnet_id}" + echo "*** Migration Done ***" else - echo "VNet resource not found in state: ${vnet_address}" + echo "No old resources found in the state, skipping migration." + echo "*** Migration Skipped ***" fi