diff --git a/.gitignore b/.gitignore
index bdb8854e..82fdf38c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,4 +31,6 @@ override.tf.json
.terraform.lock.hcl
#IDE files
-.idea
\ No newline at end of file
+.idea
+
+.vs/
\ No newline at end of file
diff --git a/modules/azure/analysis_services/main.tf b/modules/azure/analysis_services/main.tf
index e3500397..a63d6037 100644
--- a/modules/azure/analysis_services/main.tf
+++ b/modules/azure/analysis_services/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_connectors/arm_managed_identity/main.tf b/modules/azure/api_connectors/arm_managed_identity/main.tf
index 24373813..8102dab5 100644
--- a/modules/azure/api_connectors/arm_managed_identity/main.tf
+++ b/modules/azure/api_connectors/arm_managed_identity/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_connectors/custom_connector/main.tf b/modules/azure/api_connectors/custom_connector/main.tf
index dfdd7ce5..59cccfea 100644
--- a/modules/azure/api_connectors/custom_connector/main.tf
+++ b/modules/azure/api_connectors/custom_connector/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_connectors/event_hub_managed_identity/main.tf b/modules/azure/api_connectors/event_hub_managed_identity/main.tf
index 2217fd24..4a2672c3 100644
--- a/modules/azure/api_connectors/event_hub_managed_identity/main.tf
+++ b/modules/azure/api_connectors/event_hub_managed_identity/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_connectors/excel_online/main.tf b/modules/azure/api_connectors/excel_online/main.tf
index d0d771d2..6c29dd5a 100644
--- a/modules/azure/api_connectors/excel_online/main.tf
+++ b/modules/azure/api_connectors/excel_online/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_connectors/key_vault_managed_identity/main.tf b/modules/azure/api_connectors/key_vault_managed_identity/main.tf
index 0f684fa3..a6180b59 100644
--- a/modules/azure/api_connectors/key_vault_managed_identity/main.tf
+++ b/modules/azure/api_connectors/key_vault_managed_identity/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_connectors/log_analytics/main.tf b/modules/azure/api_connectors/log_analytics/main.tf
index be41210a..84275029 100644
--- a/modules/azure/api_connectors/log_analytics/main.tf
+++ b/modules/azure/api_connectors/log_analytics/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_connectors/logic_app_custom_connector/main.tf b/modules/azure/api_connectors/logic_app_custom_connector/main.tf
index b6ee93f0..d4051ccd 100644
--- a/modules/azure/api_connectors/logic_app_custom_connector/main.tf
+++ b/modules/azure/api_connectors/logic_app_custom_connector/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_connectors/office365/main.tf b/modules/azure/api_connectors/office365/main.tf
index d0d771d2..6c29dd5a 100644
--- a/modules/azure/api_connectors/office365/main.tf
+++ b/modules/azure/api_connectors/office365/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_connectors/office365_set/main.tf b/modules/azure/api_connectors/office365_set/main.tf
index ead069e2..c30abccc 100644
--- a/modules/azure/api_connectors/office365_set/main.tf
+++ b/modules/azure/api_connectors/office365_set/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_connectors/service_bus_managed_identity/main.tf b/modules/azure/api_connectors/service_bus_managed_identity/main.tf
index 1d270bd9..42e92ad9 100644
--- a/modules/azure/api_connectors/service_bus_managed_identity/main.tf
+++ b/modules/azure/api_connectors/service_bus_managed_identity/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_connectors/service_bus_managed_identity_set/main.tf b/modules/azure/api_connectors/service_bus_managed_identity_set/main.tf
index c3e9df6d..d31d3d78 100644
--- a/modules/azure/api_connectors/service_bus_managed_identity_set/main.tf
+++ b/modules/azure/api_connectors/service_bus_managed_identity_set/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_connectors/sftp_ssh/main.tf b/modules/azure/api_connectors/sftp_ssh/main.tf
index b1bdbc0a..5bc37382 100644
--- a/modules/azure/api_connectors/sftp_ssh/main.tf
+++ b/modules/azure/api_connectors/sftp_ssh/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_connectors/sharepoint_online/main.tf b/modules/azure/api_connectors/sharepoint_online/main.tf
index d0d771d2..6c29dd5a 100644
--- a/modules/azure/api_connectors/sharepoint_online/main.tf
+++ b/modules/azure/api_connectors/sharepoint_online/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_connectors/storage_blob/main.tf b/modules/azure/api_connectors/storage_blob/main.tf
index 8d7d4437..f352fd9c 100644
--- a/modules/azure/api_connectors/storage_blob/main.tf
+++ b/modules/azure/api_connectors/storage_blob/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_connectors/storage_blob_managed_identity/main.tf b/modules/azure/api_connectors/storage_blob_managed_identity/main.tf
index 4faebca2..422e471b 100644
--- a/modules/azure/api_connectors/storage_blob_managed_identity/main.tf
+++ b/modules/azure/api_connectors/storage_blob_managed_identity/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_connectors/storage_table/main.tf b/modules/azure/api_connectors/storage_table/main.tf
index c3eb8b4a..5b101a8a 100644
--- a/modules/azure/api_connectors/storage_table/main.tf
+++ b/modules/azure/api_connectors/storage_table/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_management/main.tf b/modules/azure/api_management/main.tf
index a0e13245..9baf1e05 100644
--- a/modules/azure/api_management/main.tf
+++ b/modules/azure/api_management/main.tf
@@ -1,14 +1,14 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
azuread = {
source = "hashicorp/azuread"
- version = "~> 2.36"
+ version = "~> 2.53"
}
}
@@ -204,13 +204,13 @@ resource "azuread_application" "application" {
}
resource "azuread_application_password" "password" {
- application_object_id = azuread_application.application.object_id
+ application_id = azuread_application.application.id
}
resource "azurerm_api_management_identity_provider_aad" "identity_provider_aad" {
resource_group_name = var.resource_group_name
api_management_name = azurerm_api_management.api_management.name
- client_id = azuread_application.application.application_id
+ client_id = azuread_application.application.client_id
client_secret = azuread_application_password.password.value
allowed_tenants = var.allowed_tenants
signin_tenant = var.signin_tenant
diff --git a/modules/azure/api_management_api/main.tf b/modules/azure/api_management_api/main.tf
index 3f95805d..af400e76 100644
--- a/modules/azure/api_management_api/main.tf
+++ b/modules/azure/api_management_api/main.tf
@@ -1,14 +1,14 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
azuread = {
source = "hashicorp/azuread"
- version = "~> 2.36"
+ version = "~> 2.53"
}
}
@@ -125,11 +125,22 @@ resource "azurerm_api_management_api_policy" "api_policy" {
- ${azuread_application.application.application_id}
+ ${azuread_application.application.client_id}
${var.aad_settings.issuer}
+ %{if length(var.role_assignments) > 0}
+
+ %{
+ for role in var.role_assignments
+ }
+ ${role}
+ %{
+ endfor
+}
+
+ %{endif}
%{if var.backend_type == "managed-identity"}
@@ -305,7 +316,7 @@ resource "azurerm_api_management_authorization_server" "oauth2" {
authorization_endpoint = var.auth_endpoint != null ? var.auth_endpoint : "https://login.microsoftonline.com/${var.authorization_tenant}/oauth2/v2.0/authorize"
token_endpoint = var.token_endpoint != null ? var.token_endpoint : "https://login.microsoftonline.com/${var.authorization_tenant}/oauth2/v2.0/token"
client_registration_endpoint = var.client_registration_endpoint
- client_id = azuread_application.application.application_id
+ client_id = azuread_application.application.client_id
client_secret = azuread_application_password.password.value
bearer_token_sending_methods = ["authorizationHeader"]
client_authentication_method = ["Body"]
@@ -314,20 +325,20 @@ resource "azurerm_api_management_authorization_server" "oauth2" {
}
resource "azuread_service_principal" "application" {
- count = local.should_assign_group ? 1 : 0
- application_id = azuread_application.application.application_id
+ client_id = azuread_application.application.client_id
app_role_assignment_required = false
owners = [data.azuread_client_config.current.object_id]
+ use_existing = true
}
resource "azuread_group_member" "registered_app_member" {
count = local.should_assign_group ? 1 : 0
group_object_id = var.group_id
- member_object_id = azuread_service_principal.application[0].object_id
+ member_object_id = azuread_service_principal.application.object_id
}
resource "azuread_application_password" "password" {
- application_object_id = azuread_application.application.object_id
+ application_id = azuread_application.application.id
}
resource "random_uuid" "oath2_uuid" {}
diff --git a/modules/azure/api_management_api/outputs.tf b/modules/azure/api_management_api/outputs.tf
index 85263e2e..f5c7f77a 100644
--- a/modules/azure/api_management_api/outputs.tf
+++ b/modules/azure/api_management_api/outputs.tf
@@ -6,8 +6,8 @@ output "api_management_api_diagnostic" {
value = (var.api_diagnostic_settings != null && var.api_management_logger_id != null) ? azurerm_api_management_api_diagnostic.api_diagnostic[0].id : null
}
-output "application_id" {
- value = azuread_application.application.application_id
+output "client_id" {
+ value = azuread_application.application.client_id
}
output "default_role" {
diff --git a/modules/azure/api_management_api/variables.tf b/modules/azure/api_management_api/variables.tf
index 7ba08013..f8aaa5bc 100644
--- a/modules/azure/api_management_api/variables.tf
+++ b/modules/azure/api_management_api/variables.tf
@@ -222,3 +222,9 @@ variable "custom_backend_policy" {
description = "Additional backend xml policies"
default = null
}
+
+variable "role_assignments" {
+ type = list(string)
+ description = "Roles to validate in the JWT token's 'roles' claim for access control."
+ default = []
+}
\ No newline at end of file
diff --git a/modules/azure/api_management_api_operation/main.tf b/modules/azure/api_management_api_operation/main.tf
index d1bacc43..daa959d9 100644
--- a/modules/azure/api_management_api_operation/main.tf
+++ b/modules/azure/api_management_api_operation/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_management_api_operation_policy/main.tf b/modules/azure/api_management_api_operation_policy/main.tf
index 6dd247ca..cfaac34f 100644
--- a/modules/azure/api_management_api_operation_policy/main.tf
+++ b/modules/azure/api_management_api_operation_policy/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_management_api_schema/main.tf b/modules/azure/api_management_api_schema/main.tf
index 6f504086..963f656a 100644
--- a/modules/azure/api_management_api_schema/main.tf
+++ b/modules/azure/api_management_api_schema/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_management_api_simple/main.tf b/modules/azure/api_management_api_simple/main.tf
index 18e5720f..b88ce44a 100644
--- a/modules/azure/api_management_api_simple/main.tf
+++ b/modules/azure/api_management_api_simple/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
@@ -71,7 +71,7 @@ resource "azurerm_api_management_api_diagnostic" "api_diagnostic" {
http_correlation_protocol = var.api_diagnostic_settings.http_correlation_protocol
frontend_request {
- body_bytes = 32
+ body_bytes = var.api_diagnostic_settings.bytes_to_log
headers_to_log = [
"content-type",
"accept",
@@ -80,7 +80,7 @@ resource "azurerm_api_management_api_diagnostic" "api_diagnostic" {
}
frontend_response {
- body_bytes = 32
+ body_bytes = var.api_diagnostic_settings.bytes_to_log
headers_to_log = [
"content-type",
"content-length",
@@ -89,7 +89,7 @@ resource "azurerm_api_management_api_diagnostic" "api_diagnostic" {
}
backend_request {
- body_bytes = 32
+ body_bytes = var.api_diagnostic_settings.bytes_to_log
headers_to_log = [
"content-type",
"accept",
@@ -98,7 +98,7 @@ resource "azurerm_api_management_api_diagnostic" "api_diagnostic" {
}
backend_response {
- body_bytes = 32
+ body_bytes = var.api_diagnostic_settings.bytes_to_log
headers_to_log = [
"content-type",
"content-length",
@@ -111,6 +111,12 @@ resource "azurerm_api_management_api_diagnostic" "api_diagnostic" {
########## API Policy ##########
#######################################################
+# This temporary output is used to retrieve the XML content of the API policy.
+output "api_policy_xml_content" {
+ value = azurerm_api_management_api_policy.api_policy.xml_content
+ description = "The XML content of the API policy."
+}
+
resource "azurerm_api_management_api_policy" "api_policy" {
api_name = azurerm_api_management_api.api.name
api_management_name = var.api_management_name
diff --git a/modules/azure/api_management_api_simple/variables.tf b/modules/azure/api_management_api_simple/variables.tf
index 806435d0..3a1f9fd1 100644
--- a/modules/azure/api_management_api_simple/variables.tf
+++ b/modules/azure/api_management_api_simple/variables.tf
@@ -46,6 +46,7 @@ variable "api_management_logger_id" {
variable "api_diagnostic_settings" {
type = object({
sampling_percentage = number,
+ bytes_to_log = number,
always_log_errors = bool,
log_client_ip = bool,
verbosity = string, # possible values: verbose, information, error
@@ -56,6 +57,7 @@ variable "api_diagnostic_settings" {
default = {
sampling_percentage = 5.0,
+ bytes_to_log = 32
always_log_errors = true,
log_client_ip = true,
verbosity = "verbose", # possible values: verbose, information, error
diff --git a/modules/azure/api_management_certificate/main.tf b/modules/azure/api_management_certificate/main.tf
index 1ef3f98d..65074c9c 100644
--- a/modules/azure/api_management_certificate/main.tf
+++ b/modules/azure/api_management_certificate/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_management_custom_domains/main.tf b/modules/azure/api_management_custom_domains/main.tf
index d9663c57..4a4e3b99 100644
--- a/modules/azure/api_management_custom_domains/main.tf
+++ b/modules/azure/api_management_custom_domains/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_management_custom_domains_simple/main.tf b/modules/azure/api_management_custom_domains_simple/main.tf
index d206f6c2..b0d5cb4d 100644
--- a/modules/azure/api_management_custom_domains_simple/main.tf
+++ b/modules/azure/api_management_custom_domains_simple/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_management_groups/main.tf b/modules/azure/api_management_groups/main.tf
index dc307c88..419281ac 100644
--- a/modules/azure/api_management_groups/main.tf
+++ b/modules/azure/api_management_groups/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_management_logging/main.tf b/modules/azure/api_management_logging/main.tf
index 49281224..e99276bc 100644
--- a/modules/azure/api_management_logging/main.tf
+++ b/modules/azure/api_management_logging/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
@@ -34,14 +34,14 @@ resource "azurerm_api_management_api_diagnostic" "diagnostic" {
api_name = each.key
api_management_logger_id = azurerm_api_management_logger.logger.id
- sampling_percentage = 5.0
+ sampling_percentage = var.sampling_percentage
always_log_errors = true
log_client_ip = true
verbosity = "verbose"
http_correlation_protocol = "W3C"
frontend_request {
- body_bytes = 32
+ body_bytes = var.log_payload_size
headers_to_log = [
"content-type",
"accept",
@@ -50,7 +50,7 @@ resource "azurerm_api_management_api_diagnostic" "diagnostic" {
}
frontend_response {
- body_bytes = 32
+ body_bytes = var.log_payload_size
headers_to_log = [
"content-type",
"content-length",
@@ -59,7 +59,7 @@ resource "azurerm_api_management_api_diagnostic" "diagnostic" {
}
backend_request {
- body_bytes = 32
+ body_bytes = var.log_payload_size
headers_to_log = [
"content-type",
"accept",
@@ -68,7 +68,7 @@ resource "azurerm_api_management_api_diagnostic" "diagnostic" {
}
backend_response {
- body_bytes = 32
+ body_bytes = var.log_payload_size
headers_to_log = [
"content-type",
"content-length",
diff --git a/modules/azure/api_management_logging/variables.tf b/modules/azure/api_management_logging/variables.tf
index af5dd348..ded76a45 100644
--- a/modules/azure/api_management_logging/variables.tf
+++ b/modules/azure/api_management_logging/variables.tf
@@ -27,3 +27,15 @@ variable "api_names" {
type = set(string)
description = ""
}
+
+variable "log_payload_size" {
+ type = number
+ description = "max payload side to log "
+ default = 32
+}
+
+variable "sampling_percentage" {
+ type = number
+ description = "% of requests to log"
+ default = 5
+}
diff --git a/modules/azure/api_management_named_values/main.tf b/modules/azure/api_management_named_values/main.tf
index ea5ebf08..80f4e7e2 100644
--- a/modules/azure/api_management_named_values/main.tf
+++ b/modules/azure/api_management_named_values/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/api_management_permissions/main.tf b/modules/azure/api_management_permissions/main.tf
index c2739f87..640b876b 100644
--- a/modules/azure/api_management_permissions/main.tf
+++ b/modules/azure/api_management_permissions/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/application_insights/main.tf b/modules/azure/application_insights/main.tf
index cdbd9d6e..5b5c3b35 100644
--- a/modules/azure/application_insights/main.tf
+++ b/modules/azure/application_insights/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/application_insights_smart_detection_rule/main.tf b/modules/azure/application_insights_smart_detection_rule/main.tf
index 07a4d478..19185fb9 100644
--- a/modules/azure/application_insights_smart_detection_rule/main.tf
+++ b/modules/azure/application_insights_smart_detection_rule/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/application_insights_workbook/main.tf b/modules/azure/application_insights_workbook/main.tf
index e786f2fd..95ad7082 100644
--- a/modules/azure/application_insights_workbook/main.tf
+++ b/modules/azure/application_insights_workbook/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/application_performance_workbook/main.tf b/modules/azure/application_performance_workbook/main.tf
index 77572b66..0b8f64f9 100644
--- a/modules/azure/application_performance_workbook/main.tf
+++ b/modules/azure/application_performance_workbook/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/application_role_assignment/main.tf b/modules/azure/application_role_assignment/main.tf
index 211c2d0f..08239a71 100644
--- a/modules/azure/application_role_assignment/main.tf
+++ b/modules/azure/application_role_assignment/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azuread = {
source = "hashicorp/azuread"
- version = "~> 2.36"
+ version = "~> 2.53"
}
}
@@ -14,8 +14,8 @@ terraform {
provider "azuread" {}
resource "azuread_service_principal" "internal" {
- application_id = var.application_id
- use_existing = var.use_existing_service_principal
+ client_id = var.client_id
+ use_existing = var.use_existing_service_principal
}
resource "azuread_app_role_assignment" "role_assignment" {
diff --git a/modules/azure/application_role_assignment/variables.tf b/modules/azure/application_role_assignment/variables.tf
index bfbfbb00..bde8f8fa 100644
--- a/modules/azure/application_role_assignment/variables.tf
+++ b/modules/azure/application_role_assignment/variables.tf
@@ -6,9 +6,9 @@ variable "assignments" {
description = "The assignments you want to add to an application."
}
-variable "application_id" {
+variable "client_id" {
type = string
- description = "The application ID of the application the assignments are added to."
+ description = "The client ID of the application the assignments are added to."
}
variable "use_existing_service_principal" {
diff --git a/modules/azure/application_service_principal_role_assignment/main.tf b/modules/azure/application_service_principal_role_assignment/main.tf
new file mode 100644
index 00000000..60b74201
--- /dev/null
+++ b/modules/azure/application_service_principal_role_assignment/main.tf
@@ -0,0 +1,30 @@
+terraform {
+ required_version = "~> 1.12"
+
+ required_providers {
+ azuread = {
+ source = "hashicorp/azuread"
+ version = "~> 2.53"
+ }
+ }
+
+ backend "azurerm" {}
+}
+
+provider "azuread" {}
+
+resource "azuread_service_principal" "internal" {
+ for_each = toset([for assignment in var.assignments : assignment.client_id])
+ client_id = each.key
+ use_existing = var.use_existing_service_principal
+}
+
+resource "azuread_app_role_assignment" "role_assignment" {
+ for_each = {
+ for assignment in var.assignments :
+ "${assignment.role_id}_${assignment.object_id}_${assignment.client_id}" => assignment
+ }
+ app_role_id = each.value.role_id
+ principal_object_id = each.value.object_id
+ resource_object_id = azuread_service_principal.internal[each.value.client_id].object_id
+}
\ No newline at end of file
diff --git a/modules/azure/application_service_principal_role_assignment/outputs.tf b/modules/azure/application_service_principal_role_assignment/outputs.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/modules/azure/application_service_principal_role_assignment/variables.tf b/modules/azure/application_service_principal_role_assignment/variables.tf
new file mode 100644
index 00000000..88a4f777
--- /dev/null
+++ b/modules/azure/application_service_principal_role_assignment/variables.tf
@@ -0,0 +1,13 @@
+variable "assignments" {
+ type = list(object({
+ object_id = string,
+ role_id = string,
+ client_id = string
+ }))
+ description = "The assignments you want to add to an application."
+}
+variable "use_existing_service_principal" {
+ type = bool
+ default = false
+ description = "When true, any existing service principal linked to the same application will be automatically imported. When false, an import error will be raised for any pre-existing service principal."
+}
\ No newline at end of file
diff --git a/modules/azure/container_registery/main.tf b/modules/azure/container_registery/main.tf
index b73fc55c..fb9a8971 100644
--- a/modules/azure/container_registery/main.tf
+++ b/modules/azure/container_registery/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/data_factory/main.tf b/modules/azure/data_factory/main.tf
index 567ec3aa..cf4279f0 100644
--- a/modules/azure/data_factory/main.tf
+++ b/modules/azure/data_factory/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/data_factory_blob_to_blob/main.tf b/modules/azure/data_factory_blob_to_blob/main.tf
index 7e6e6441..a90d2992 100644
--- a/modules/azure/data_factory_blob_to_blob/main.tf
+++ b/modules/azure/data_factory_blob_to_blob/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/data_factory_http_to_blob/main.tf b/modules/azure/data_factory_http_to_blob/main.tf
index 81e85a60..844d2e75 100644
--- a/modules/azure/data_factory_http_to_blob/main.tf
+++ b/modules/azure/data_factory_http_to_blob/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/data_lake_filesystem/main.tf b/modules/azure/data_lake_filesystem/main.tf
index 5aae4e72..80093c90 100644
--- a/modules/azure/data_lake_filesystem/main.tf
+++ b/modules/azure/data_lake_filesystem/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/data_lake_storage/main.tf b/modules/azure/data_lake_storage/main.tf
index f11a3fb4..0531c282 100644
--- a/modules/azure/data_lake_storage/main.tf
+++ b/modules/azure/data_lake_storage/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/databricks_cluster/main.tf b/modules/azure/databricks_cluster/main.tf
index 730debb8..a35f9924 100644
--- a/modules/azure/databricks_cluster/main.tf
+++ b/modules/azure/databricks_cluster/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
databricks = {
source = "databricks/databricks"
- version = "~> 1.0"
+ version = "~> 1.84"
}
}
diff --git a/modules/azure/databricks_permissions/main.tf b/modules/azure/databricks_permissions/main.tf
index 5d62e467..dc5609c4 100644
--- a/modules/azure/databricks_permissions/main.tf
+++ b/modules/azure/databricks_permissions/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
databricks = {
source = "databricks/databricks"
- version = "~> 1.0"
+ version = "~> 1.84"
}
}
diff --git a/modules/azure/databricks_permissions_user_based/main.tf b/modules/azure/databricks_permissions_user_based/main.tf
index dbec6211..c3531632 100644
--- a/modules/azure/databricks_permissions_user_based/main.tf
+++ b/modules/azure/databricks_permissions_user_based/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
databricks = {
source = "databricks/databricks"
- version = "~> 1.0"
+ version = "~> 1.84"
}
}
diff --git a/modules/azure/databricks_secrets/main.tf b/modules/azure/databricks_secrets/main.tf
index c5a1b55e..ed099186 100644
--- a/modules/azure/databricks_secrets/main.tf
+++ b/modules/azure/databricks_secrets/main.tf
@@ -1,14 +1,14 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
databricks = {
source = "databricks/databricks"
- version = "~> 1.0"
+ version = "~> 1.84"
}
}
diff --git a/modules/azure/databricks_workspace/main.tf b/modules/azure/databricks_workspace/main.tf
index f9477002..a093670e 100644
--- a/modules/azure/databricks_workspace/main.tf
+++ b/modules/azure/databricks_workspace/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/event_grid_topic/main.tf b/modules/azure/event_grid_topic/main.tf
index 7b05f8cd..3be36752 100644
--- a/modules/azure/event_grid_topic/main.tf
+++ b/modules/azure/event_grid_topic/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/event_grid_topic_subscription/main.tf b/modules/azure/event_grid_topic_subscription/main.tf
index 45d4d3fb..815c1065 100644
--- a/modules/azure/event_grid_topic_subscription/main.tf
+++ b/modules/azure/event_grid_topic_subscription/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/event_hub/main.tf b/modules/azure/event_hub/main.tf
index f4561735..491db493 100644
--- a/modules/azure/event_hub/main.tf
+++ b/modules/azure/event_hub/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/frontdoor_classic/main.tf b/modules/azure/frontdoor_classic/main.tf
index ccfbc824..9a05937b 100644
--- a/modules/azure/frontdoor_classic/main.tf
+++ b/modules/azure/frontdoor_classic/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/frontdoor_firewall_policy/main.tf b/modules/azure/frontdoor_firewall_policy/main.tf
index 829053de..eeb5d4af 100644
--- a/modules/azure/frontdoor_firewall_policy/main.tf
+++ b/modules/azure/frontdoor_firewall_policy/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
@@ -15,9 +15,10 @@ provider "azurerm" {
features {}
}
-resource "azurerm_frontdoor_firewall_policy" "firewall_policy" {
+resource "azurerm_cdn_frontdoor_firewall_policy" "firewall_policy" {
name = var.name
resource_group_name = var.resource_group_name
+ sku_name = var.sku_name
enabled = var.enabled
mode = var.mode
redirect_url = var.redirect_url
@@ -69,6 +70,7 @@ resource "azurerm_frontdoor_firewall_policy" "firewall_policy" {
content {
type = rule.value.type
version = rule.value.version
+ action = rule.value.action
# Managed rule exclusions
dynamic "exclusion" {
diff --git a/modules/azure/frontdoor_firewall_policy/outputs.tf b/modules/azure/frontdoor_firewall_policy/outputs.tf
index 6f2bf691..5d7466c8 100644
--- a/modules/azure/frontdoor_firewall_policy/outputs.tf
+++ b/modules/azure/frontdoor_firewall_policy/outputs.tf
@@ -1,7 +1,7 @@
output "id" {
- value = azurerm_frontdoor_firewall_policy.firewall_policy.id
+ value = azurerm_cdn_frontdoor_firewall_policy.firewall_policy.id
}
-output "frontend_endpoint_ids" {
- value = azurerm_frontdoor_firewall_policy.firewall_policy.frontend_endpoint_ids
+output "name" {
+ value = azurerm_cdn_frontdoor_firewall_policy.firewall_policy.name
}
diff --git a/modules/azure/frontdoor_firewall_policy/variables.tf b/modules/azure/frontdoor_firewall_policy/variables.tf
index 74148fe6..762fcaf0 100644
--- a/modules/azure/frontdoor_firewall_policy/variables.tf
+++ b/modules/azure/frontdoor_firewall_policy/variables.tf
@@ -13,6 +13,16 @@ variable "resource_group_name" {
description = "Name of the resource group."
}
+variable "sku_name" {
+ type = string
+ description = "The SKU name of the WAF policy. Possible values are Standard_AzureFrontDoor and Premium_AzureFrontDoor."
+
+ validation {
+ condition = can(regex("^(Standard_AzureFrontDoor|Premium_AzureFrontDoor)$", var.sku_name))
+ error_message = "The SKU name must be either Standard_AzureFrontDoor or Premium_AzureFrontDoor."
+ }
+}
+
variable "enabled" {
type = bool
description = "Is the WAF policy in a enabled state or disabled state."
@@ -23,6 +33,11 @@ variable "mode" {
type = string
description = "The firewall policy mode. Possible values are Detection, Prevention."
default = "Prevention"
+
+ validation {
+ condition = can(regex("^(Detection|Prevention)$", var.mode))
+ error_message = "The mode must be either Detection or Prevention."
+ }
}
variable "redirect_url" {
@@ -49,7 +64,7 @@ variable "custom_rules" {
rate_limit_duration_in_minutes = optional(number)
rate_limit_threshold = optional(number)
}))
- description = "A list of custom rule objects. For details see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/frontdoor_firewall_policy#custom_rule"
+ description = "A list of custom rule objects. For details see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cdn_frontdoor_firewall_policy#custom_rule-1"
default = []
}
@@ -61,7 +76,7 @@ variable "custom_block_response_status_code" {
variable "custom_block_response_body" {
type = string
- description = "If a custom_rule block's action type is block, this is the response body. Must be bas64 encoded."
+ description = "If a custom_rule block's action type is block, this is the response body. Must be base64 encoded."
default = null
}
@@ -93,6 +108,6 @@ variable "managed_rules" {
})))
})))
}))
- description = "A list of managed rule objects. For details see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/frontdoor_firewall_policy#managed_rule"
+ description = "A list of managed rule objects. For details see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cdn_frontdoor_firewall_policy#managed_rule"
default = []
}
diff --git a/modules/azure/frontdoor_firewall_policy_classic/main.tf b/modules/azure/frontdoor_firewall_policy_classic/main.tf
new file mode 100644
index 00000000..1e14da6b
--- /dev/null
+++ b/modules/azure/frontdoor_firewall_policy_classic/main.tf
@@ -0,0 +1,144 @@
+terraform {
+ required_version = "~> 1.12"
+
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = "~> 3.117"
+ }
+ }
+
+ backend "azurerm" {}
+}
+
+provider "azurerm" {
+ features {}
+}
+
+resource "azurerm_frontdoor_firewall_policy" "firewall_policy" {
+ name = var.name
+ resource_group_name = var.resource_group_name
+ enabled = var.enabled
+ mode = var.mode
+ redirect_url = var.redirect_url
+ custom_block_response_status_code = var.custom_block_response_status_code
+ custom_block_response_body = var.custom_block_response_body
+
+ dynamic "custom_rule" {
+ for_each = {
+ for rule in var.custom_rules :
+ rule.name => rule
+ }
+ iterator = rule
+
+ content {
+ name = rule.value.name
+ action = rule.value.action
+ enabled = rule.value.enabled
+ priority = rule.value.priority
+ type = rule.value.type
+ rate_limit_duration_in_minutes = rule.value.rate_limit_duration_in_minutes
+ rate_limit_threshold = rule.value.rate_limit_threshold
+
+ dynamic "match_condition" {
+ for_each = {
+ for index, condition in rule.value.match_conditions :
+ index => condition
+ }
+ iterator = condition
+
+ content {
+ match_variable = condition.value.match_variable
+ match_values = condition.value.match_values
+ operator = condition.value.operator
+ selector = condition.value.selector
+ negation_condition = condition.value.negation_condition
+ transforms = condition.value.transforms
+ }
+ }
+ }
+ }
+
+ dynamic "managed_rule" {
+ for_each = {
+ for rule in var.managed_rules :
+ rule.name => rule
+ }
+ iterator = rule
+
+ content {
+ type = rule.value.type
+ version = rule.value.version
+
+ # Managed rule exclusions
+ dynamic "exclusion" {
+ for_each = {
+ for index, exclusion in rule.value.exclusions :
+ index => exclusion
+ }
+
+ content {
+ match_variable = exclusion.value.match_variable
+ operator = exclusion.value.operator
+ selector = exclusion.value.selector
+ }
+ }
+
+ # Managed rule overrides
+ dynamic "override" {
+ for_each = {
+ for index, override in rule.value.overrides :
+ index => override
+ }
+
+ content {
+ rule_group_name = override.value.rule_group_name
+
+ # Managed rule overrides exclusions
+ dynamic "exclusion" {
+ for_each = {
+ for index, exclusion in override.value.exclusions :
+ index => exclusion
+ }
+ iterator = override_exclusion
+
+ content {
+ match_variable = override_exclusion.value.match_variable
+ operator = override_exclusion.value.operator
+ selector = override_exclusion.value.selector
+ }
+ }
+
+ # Managed rule overrides rules
+ dynamic "rule" {
+ for_each = {
+ for rule in override.value.rules :
+ rule.rule_id => rule
+ }
+
+ content {
+ rule_id = rule.value.rule_id
+ action = rule.value.action
+ enabled = rule.value.enabled
+
+ # Managed rule overrides rules exlusions
+ dynamic "exclusion" {
+ for_each = {
+ for index, exclusion in rule.value.exclusions :
+ index => exclusion
+ }
+ iterator = rule_exclusion
+
+ content {
+ match_variable = rule_exclusion.value.match_variable
+ operator = rule_exclusion.value.operator
+ selector = rule_exclusion.value.selector
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/modules/azure/frontdoor_firewall_policy_classic/outputs.tf b/modules/azure/frontdoor_firewall_policy_classic/outputs.tf
new file mode 100644
index 00000000..6f2bf691
--- /dev/null
+++ b/modules/azure/frontdoor_firewall_policy_classic/outputs.tf
@@ -0,0 +1,7 @@
+output "id" {
+ value = azurerm_frontdoor_firewall_policy.firewall_policy.id
+}
+
+output "frontend_endpoint_ids" {
+ value = azurerm_frontdoor_firewall_policy.firewall_policy.frontend_endpoint_ids
+}
diff --git a/modules/azure/frontdoor_firewall_policy_classic/variables.tf b/modules/azure/frontdoor_firewall_policy_classic/variables.tf
new file mode 100644
index 00000000..74148fe6
--- /dev/null
+++ b/modules/azure/frontdoor_firewall_policy_classic/variables.tf
@@ -0,0 +1,98 @@
+variable "name" {
+ type = string
+ description = "The name of the WAF policy."
+
+ validation {
+ condition = can(regex("^waf", var.name))
+ error_message = "The name of this resource must start with 'waf'. For a list of common Azure abbreviations see https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations."
+ }
+}
+
+variable "resource_group_name" {
+ type = string
+ description = "Name of the resource group."
+}
+
+variable "enabled" {
+ type = bool
+ description = "Is the WAF policy in a enabled state or disabled state."
+ default = true
+}
+
+variable "mode" {
+ type = string
+ description = "The firewall policy mode. Possible values are Detection, Prevention."
+ default = "Prevention"
+}
+
+variable "redirect_url" {
+ type = string
+ description = "If action type is redirect, this field represents redirect URL for the client."
+ default = null
+}
+
+variable "custom_rules" {
+ type = list(object({
+ name = string
+ action = string
+ enabled = optional(bool)
+ priority = optional(number)
+ type = string
+ match_conditions = list(object({
+ match_variable = string
+ match_values = list(string)
+ operator = string
+ selector = optional(string)
+ negation_condition = optional(bool)
+ transforms = optional(list(string))
+ }))
+ rate_limit_duration_in_minutes = optional(number)
+ rate_limit_threshold = optional(number)
+ }))
+ description = "A list of custom rule objects. For details see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/frontdoor_firewall_policy#custom_rule"
+ default = []
+}
+
+variable "custom_block_response_status_code" {
+ type = number
+ description = "If a custom_rule block's action type is block, this is the response status code."
+ default = null
+}
+
+variable "custom_block_response_body" {
+ type = string
+ description = "If a custom_rule block's action type is block, this is the response body. Must be bas64 encoded."
+ default = null
+}
+
+variable "managed_rules" {
+ type = list(object({
+ type = string
+ version = string
+ exclusion = optional(list(object({
+ match_variable = string
+ operator = string
+ selector = string
+ })))
+ override = optional(list(object({
+ rule_group_name = string
+ exclusion = optional(list(object({
+ match_variable = string
+ operator = string
+ selector = string
+ })))
+ rule = optional(list(object({
+ rule_id = string
+ action = string
+ enabled = optional(bool)
+ exclusion = optional(list(object({
+ match_variable = string
+ operator = string
+ selector = string
+ })))
+ })))
+ })))
+ }))
+ description = "A list of managed rule objects. For details see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/frontdoor_firewall_policy#managed_rule"
+ default = []
+}
diff --git a/modules/azure/frontdoor_standard/main.tf b/modules/azure/frontdoor_standard/main.tf
new file mode 100644
index 00000000..e677b770
--- /dev/null
+++ b/modules/azure/frontdoor_standard/main.tf
@@ -0,0 +1,205 @@
+terraform {
+ required_version = "~> 1.12"
+
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = "~> 3.117"
+ }
+ }
+
+ backend "azurerm" {}
+}
+
+provider "azurerm" {
+ features {}
+}
+
+# Front Door Profile
+resource "azurerm_cdn_frontdoor_profile" "fd_profile" {
+ name = var.name
+ resource_group_name = var.resource_group_name
+ sku_name = "Standard_AzureFrontDoor"
+}
+
+# Endpoint
+resource "azurerm_cdn_frontdoor_endpoint" "fd_endpoint" {
+ name = var.name
+ cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.fd_profile.id
+}
+
+# Custom domains
+resource "azurerm_cdn_frontdoor_custom_domain" "fd_custom_domains" {
+ for_each = { for custom_domain in var.custom_domains: custom_domain.name => custom_domain }
+
+ name = each.key
+ cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.fd_profile.id
+ host_name = each.value.host_name
+
+ tls {
+ certificate_type = "ManagedCertificate"
+ }
+}
+
+# Origin groups
+resource "azurerm_cdn_frontdoor_origin_group" "fd_origin_groups" {
+ for_each = { for group in var.origin_groups : group.name => group }
+
+ name = each.key
+ cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.fd_profile.id
+
+ session_affinity_enabled = false
+
+ health_probe {
+ interval_in_seconds = each.value.health_probe.interval_in_seconds
+ protocol = each.value.health_probe.protocol
+ path = each.value.health_probe.path
+ request_type = each.value.health_probe.request_type
+ }
+
+ load_balancing { }
+}
+
+# Origins
+resource "azurerm_cdn_frontdoor_origin" "fd_origins" {
+ for_each = {
+ for group in var.origin_groups :
+ group.name => group.origins[0] # assumes 1 origin per origin group (can be expanded)
+ }
+
+ name = each.key
+ cdn_frontdoor_origin_group_id = azurerm_cdn_frontdoor_origin_group.fd_origin_groups[each.key].id
+
+ certificate_name_check_enabled = false
+
+ host_name = each.value.host_name
+ http_port = each.value.http_port
+ https_port = each.value.https_port
+ origin_host_header = each.value.origin_host_header
+ priority = each.value.priority
+ weight = each.value.weight
+ enabled = each.value.enabled
+}
+
+# Redirect Rule Set
+resource "azurerm_cdn_frontdoor_rule_set" "fd_rs_redirect" {
+ name = "fdRedirectRuleSet"
+ cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.fd_profile.id
+}
+
+# HTTP to HTTPS Redirect Rule
+resource "azurerm_cdn_frontdoor_rule" "fd_rule_http_to_https" {
+ depends_on = [azurerm_cdn_frontdoor_origin_group.fd_origin_groups, azurerm_cdn_frontdoor_origin.fd_origins]
+
+ name = "FdRuleHttpToHttps"
+ cdn_frontdoor_rule_set_id = azurerm_cdn_frontdoor_rule_set.fd_rs_redirect.id
+ order = 1
+ behavior_on_match = "Continue"
+
+ actions {
+ url_redirect_action {
+ redirect_type = "PermanentRedirect"
+ redirect_protocol = "Https"
+ destination_hostname = ""
+ }
+ }
+}
+
+# Routes (redirects)
+resource "azurerm_cdn_frontdoor_route" "fd_redirect_routes" {
+ for_each = {
+ for route in var.redirect_routes : route.name => route
+ }
+
+ name = each.key
+ cdn_frontdoor_endpoint_id = azurerm_cdn_frontdoor_endpoint.fd_endpoint.id
+ cdn_frontdoor_origin_group_id = azurerm_cdn_frontdoor_origin_group.fd_origin_groups[each.value.origin_group_name].id
+ cdn_frontdoor_origin_ids = [azurerm_cdn_frontdoor_origin.fd_origins[each.value.origin_group_name].id]
+ cdn_frontdoor_rule_set_ids = [azurerm_cdn_frontdoor_rule_set.fd_rs_redirect.id]
+ cdn_frontdoor_custom_domain_ids = [azurerm_cdn_frontdoor_custom_domain.fd_custom_domains[each.value.custom_domain_name].id]
+
+ enabled = each.value.enabled
+ patterns_to_match = each.value.patterns_to_match
+ supported_protocols = each.value.supported_protocols
+ https_redirect_enabled = false
+ link_to_default_domain = false
+}
+
+# Routes (forwarding)
+resource "azurerm_cdn_frontdoor_route" "fd_forwarding_routes" {
+ for_each = {
+ for route in var.forwarding_routes : route.name => route
+ }
+
+ name = each.key
+ cdn_frontdoor_endpoint_id = azurerm_cdn_frontdoor_endpoint.fd_endpoint.id
+ cdn_frontdoor_origin_group_id = azurerm_cdn_frontdoor_origin_group.fd_origin_groups[each.value.origin_group_name].id
+ cdn_frontdoor_origin_ids = [azurerm_cdn_frontdoor_origin.fd_origins[each.value.origin_group_name].id]
+ cdn_frontdoor_custom_domain_ids = [azurerm_cdn_frontdoor_custom_domain.fd_custom_domains[each.value.custom_domain_name].id]
+
+ enabled = each.value.enabled
+ patterns_to_match = each.value.patterns_to_match
+ supported_protocols = each.value.supported_protocols
+ https_redirect_enabled = false
+ forwarding_protocol = "HttpsOnly"
+ link_to_default_domain = false
+}
+
+data "azurerm_cdn_frontdoor_firewall_policy" "fd_firewall_policy" {
+ count = var.security_policy == null ? 0 : 1
+ name = var.security_policy.firewall_policy_name
+ resource_group_name = var.resource_group_name
+}
+
+# Security policy
+resource "azurerm_cdn_frontdoor_security_policy" "fd_security_policy" {
+ count = var.security_policy == null ? 0 : 1
+ name = "${var.security_policy.firewall_policy_name}-securityPolicy"
+ cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.fd_profile.id
+
+ security_policies {
+ firewall {
+ cdn_frontdoor_firewall_policy_id = data.azurerm_cdn_frontdoor_firewall_policy.fd_firewall_policy[0].id
+
+ association {
+ domain {
+ cdn_frontdoor_domain_id = azurerm_cdn_frontdoor_custom_domain.fd_custom_domains[var.security_policy.custom_domain_name].id
+ }
+ patterns_to_match = ["/*"]
+ }
+ }
+ }
+}
+
+# Diagnostic settings
+data "azurerm_monitor_diagnostic_categories" "fd_categories" {
+ count = var.log_analytics_workspace_id == null ? 0 : 1
+ resource_id = azurerm_cdn_frontdoor_profile.fd_profile.id
+}
+
+resource "azurerm_monitor_diagnostic_setting" "fd_diagnostics" {
+ count = var.log_analytics_workspace_id == null ? 0 : 1
+ name = "diag-${var.name}"
+ target_resource_id = azurerm_cdn_frontdoor_profile.fd_profile.id
+ log_analytics_workspace_id = var.log_analytics_workspace_id
+
+ dynamic "enabled_log" {
+ for_each = data.azurerm_monitor_diagnostic_categories.fd_categories[0].log_category_types
+ content {
+ category = enabled_log.value
+ retention_policy {
+ enabled = false
+ }
+ }
+ }
+
+ dynamic "metric" {
+ for_each = data.azurerm_monitor_diagnostic_categories.fd_categories[0].metrics
+ content {
+ category = metric.value
+ retention_policy {
+ enabled = false
+ }
+ }
+ }
+}
diff --git a/modules/azure/frontdoor_standard/outputs.tf b/modules/azure/frontdoor_standard/outputs.tf
new file mode 100644
index 00000000..c158b1ce
--- /dev/null
+++ b/modules/azure/frontdoor_standard/outputs.tf
@@ -0,0 +1,7 @@
+output "id" {
+ value = azurerm_cdn_frontdoor_profile.fd_profile.id
+}
+
+output "resource_guid" {
+ value = azurerm_cdn_frontdoor_profile.fd_profile.resource_guid
+}
diff --git a/modules/azure/frontdoor_standard/variables.tf b/modules/azure/frontdoor_standard/variables.tf
new file mode 100644
index 00000000..ed169914
--- /dev/null
+++ b/modules/azure/frontdoor_standard/variables.tf
@@ -0,0 +1,92 @@
+
+variable "resource_group_name" {
+ type = string
+ description = "Name of the resource group."
+}
+
+variable "name" {
+ type = string
+ description = "Specifies the name of the Front Door service."
+
+ validation {
+ condition = can(regex("^fd", var.name))
+ error_message = "The name of this resource must start with 'fd'. For a list of common Azure abbreviations see https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations."
+ }
+}
+
+variable "security_policy" {
+ type = object({
+ firewall_policy_name = string
+ custom_domain_name = string
+ })
+ description = "Specifies front door security policy details."
+}
+
+variable "custom_domains" {
+ type = list(object({
+ name = string
+ host_name = string
+ }))
+ description = "List of custom domains for frontdoor."
+}
+variable "redirect_routes" {
+ type = list(object({
+ name = string
+ custom_domain_name = string
+ origin_group_name = string
+ enabled = optional(bool)
+ supported_protocols = list(string)
+ patterns_to_match = list(string)
+ }))
+ description = "A list of redirect routes for frontdoor."
+
+ validation {
+ condition = length(var.redirect_routes) > 0
+ error_message = "The list with redirect routes should at least contain one object."
+ }
+}
+
+variable "forwarding_routes" {
+ type = list(object({
+ name = string
+ custom_domain_name = string
+ origin_group_name = string
+ enabled = optional(bool)
+ supported_protocols = list(string)
+ patterns_to_match = list(string)
+ }))
+ description = "A list of forwarding routes for frontdoor."
+
+ validation {
+ condition = length(var.forwarding_routes) > 0
+ error_message = "The list with forwarding routes should at least contain one object."
+ }
+}
+
+variable "origin_groups" {
+ type = list(object({
+ name = string
+ health_probe = optional(object({
+ protocol = string
+ interval_in_seconds = number
+ path = optional(string)
+ request_type = optional(string)
+ }))
+ origins = list(object({
+ host_name = string
+ origin_host_header = optional(string)
+ http_port = optional(number)
+ https_port = optional(number)
+ enabled = optional(bool)
+ priority = optional(number)
+ weight = optional(number)
+ }))
+ }))
+ description = "A list of origin groups for frontdoor."
+}
+
+variable "log_analytics_workspace_id" {
+ type = string
+ description = "ID of a log analytics workspace (optional)."
+ default = null
+}
diff --git a/modules/azure/function_app_linux/main.tf b/modules/azure/function_app_linux/main.tf
index 3b4578c0..20d6f3f0 100644
--- a/modules/azure/function_app_linux/main.tf
+++ b/modules/azure/function_app_linux/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/function_app_linux_managed_identity/main.tf b/modules/azure/function_app_linux_managed_identity/main.tf
index 0bf622d3..f1d1b58a 100644
--- a/modules/azure/function_app_linux_managed_identity/main.tf
+++ b/modules/azure/function_app_linux_managed_identity/main.tf
@@ -1,18 +1,18 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
azuread = {
source = "hashicorp/azuread"
- version = "~> 2.36"
+ version = "~> 2.53"
}
azapi = {
source = "Azure/azapi"
- version = "~> 1.4"
+ version = "~> 1.15"
}
}
@@ -31,6 +31,9 @@ provider "null" {
}
+data "azurerm_client_config" "current" {
+}
+
locals {
should_create_app = var.managed_identity_provider.existing != null ? false : true
should_assign_group = var.managed_identity_provider.create.group_id != null ? true : false
@@ -93,6 +96,26 @@ resource "azurerm_linux_function_app" "function_app" {
}
}
+ auth_settings_v2 {
+ auth_enabled = true
+ require_authentication = var.authentication_settings.require_authentication == null ? false : var.authentication_settings.require_authentication
+ unauthenticated_action = var.authentication_settings.unauthenticated_action == null ? null : var.authentication_settings.unauthenticated_action
+ excluded_paths = var.authentication_settings.excluded_paths == null ? [] : var.authentication_settings.excluded_paths
+
+ active_directory_v2 {
+ client_id = local.should_create_app ? azuread_application.application[0].client_id : var.managed_identity_provider.existing.client_id
+ client_secret_setting_name = "MICROSOFT_PROVIDER_AUTHENTICATION_SECRET"
+ tenant_auth_endpoint = "https://login.microsoftonline.com/${data.azurerm_client_config.current.tenant_id}/v2.0/"
+ allowed_audiences = local.allowed_audiences
+ }
+
+ login {
+ // Bug within terraform module it just requires it
+ // https://github.com/hashicorp/terraform-provider-azurerm/issues/21002
+ }
+ }
+
+
dynamic "connection_string" {
for_each = var.connection_strings
content {
@@ -115,7 +138,6 @@ resource "azurerm_linux_function_app" "function_app" {
}
}
-
/*
* https://github.com/hashicorp/terraform-provider-azurerm/issues/12928 blocked by https://github.com/Azure/azure-rest-api-specs/issues/18888
*
@@ -126,7 +148,7 @@ resource "azurerm_linux_function_app" "function_app" {
*/
// Needed to have a trigger that allows recreating some resource every time
-resource "null_resource" "always_run" {
+/*resource "null_resource" "always_run" {
triggers = {
timestamp = "${timestamp()}"
}
@@ -153,7 +175,7 @@ resource "azapi_update_resource" "setup_auth_settings" {
azureActiveDirectory = {
enabled = true,
registration = {
- clientId = "${local.should_create_app ? azuread_application.application[0].application_id : var.managed_identity_provider.existing.client_id}",
+ clientId = "${local.should_create_app ? azuread_application.application[0].client_id : var.managed_identity_provider.existing.client_id}",
clientSecretSettingName = "MICROSOFT_PROVIDER_AUTHENTICATION_SECRET"
},
validation = {
@@ -165,15 +187,14 @@ resource "azapi_update_resource" "setup_auth_settings" {
}
})
lifecycle {
- /* This action should always be replaces since is works under the hood as an api call
- * So it does not really track issues with the function app properly
- */
+ // This action should always be replaces since is works under the hood as an api call
+ // So it does not really track issues with the function app properly
replace_triggered_by = [
null_resource.always_run
]
}
}
-
+*/
# Managed Identity Provider
data "azuread_client_config" "current" {}
@@ -221,7 +242,7 @@ resource "azuread_application" "application" {
resource "azuread_service_principal" "application" {
count = local.should_assign_group ? 1 : 0
- application_id = azuread_application.application[0].application_id
+ client_id = azuread_application.application[0].client_id
app_role_assignment_required = false
owners = [data.azuread_client_config.current.object_id]
}
@@ -234,7 +255,7 @@ resource "azuread_group_member" "registered_app_member" {
resource "azuread_application_password" "password" {
count = local.should_create_app ? 1 : 0
- application_object_id = azuread_application.application[0].object_id
+ application_id = azuread_application.application[0].id
}
resource "random_uuid" "oath2_uuid" {}
diff --git a/modules/azure/function_app_windows/main.tf b/modules/azure/function_app_windows/main.tf
index 8036b7ab..9bf77075 100644
--- a/modules/azure/function_app_windows/main.tf
+++ b/modules/azure/function_app_windows/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
@@ -32,6 +32,7 @@ resource "azurerm_windows_function_app" "function_app" {
always_on = var.always_on
vnet_route_all_enabled = var.route_all_outbound_traffic
use_32_bit_worker = var.use_32_bit_worker
+ app_scale_limit = var.app_scale_limit
dynamic "application_stack" {
for_each = var.dotnet_version != "" ? [1] : []
diff --git a/modules/azure/function_app_windows/variables.tf b/modules/azure/function_app_windows/variables.tf
index 749b9b7e..2d3c0221 100644
--- a/modules/azure/function_app_windows/variables.tf
+++ b/modules/azure/function_app_windows/variables.tf
@@ -111,3 +111,9 @@ variable "use_32_bit_worker" {
description = "Should the Windows Function App use a 32-bit worker process."
default = true
}
+
+variable "app_scale_limit" {
+ type = number
+ description = "Number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan."
+ default = 0
+}
diff --git a/modules/azure/iam/main.tf b/modules/azure/iam/main.tf
index 7d52774b..f4aac225 100644
--- a/modules/azure/iam/main.tf
+++ b/modules/azure/iam/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/iam_set/main.tf b/modules/azure/iam_set/main.tf
index 68bcbfd4..62eebaf2 100644
--- a/modules/azure/iam_set/main.tf
+++ b/modules/azure/iam_set/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/key_vault/main.tf b/modules/azure/key_vault/main.tf
index cf6fb547..99421146 100644
--- a/modules/azure/key_vault/main.tf
+++ b/modules/azure/key_vault/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/key_vault_certificate/main.tf b/modules/azure/key_vault_certificate/main.tf
index 3acec146..0e18b1dd 100644
--- a/modules/azure/key_vault_certificate/main.tf
+++ b/modules/azure/key_vault_certificate/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/key_vault_secret/main.tf b/modules/azure/key_vault_secret/main.tf
index 2a04f2cb..ba70c290 100644
--- a/modules/azure/key_vault_secret/main.tf
+++ b/modules/azure/key_vault_secret/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/key_vault_secrets_put/main.tf b/modules/azure/key_vault_secrets_put/main.tf
index debaadd9..76c10235 100644
--- a/modules/azure/key_vault_secrets_put/main.tf
+++ b/modules/azure/key_vault_secrets_put/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/key_vault_secrets_put_once/main.tf b/modules/azure/key_vault_secrets_put_once/main.tf
index 3cb4f3ee..a145570e 100644
--- a/modules/azure/key_vault_secrets_put_once/main.tf
+++ b/modules/azure/key_vault_secrets_put_once/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/log_analytics_diagnostic_setting/main.tf b/modules/azure/log_analytics_diagnostic_setting/main.tf
index 3ca22ff5..d4b6860b 100644
--- a/modules/azure/log_analytics_diagnostic_setting/main.tf
+++ b/modules/azure/log_analytics_diagnostic_setting/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/log_analytics_queries/main.tf b/modules/azure/log_analytics_queries/main.tf
index 14104bb2..5cf8e1ef 100644
--- a/modules/azure/log_analytics_queries/main.tf
+++ b/modules/azure/log_analytics_queries/main.tf
@@ -1,14 +1,14 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
random = {
source = "hashicorp/random"
- version = "~> 3.4"
+ version = "~> 3.7.2"
}
}
diff --git a/modules/azure/log_analytics_workspace/main.tf b/modules/azure/log_analytics_workspace/main.tf
index 9d9a360a..e1cdfec6 100644
--- a/modules/azure/log_analytics_workspace/main.tf
+++ b/modules/azure/log_analytics_workspace/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/logic_app/main.tf b/modules/azure/logic_app/main.tf
index be923480..338c2054 100644
--- a/modules/azure/logic_app/main.tf
+++ b/modules/azure/logic_app/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/logic_app_bicep/main.tf b/modules/azure/logic_app_bicep/main.tf
index ee28f0a4..483124fb 100644
--- a/modules/azure/logic_app_bicep/main.tf
+++ b/modules/azure/logic_app_bicep/main.tf
@@ -1,15 +1,15 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
local = {
source = "hashicorp/local"
- version = "2.4.1"
+ version = "2.5.3"
}
}
diff --git a/modules/azure/logic_app_set/main.tf b/modules/azure/logic_app_set/main.tf
index d6c69fc8..2e8a70bf 100644
--- a/modules/azure/logic_app_set/main.tf
+++ b/modules/azure/logic_app_set/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/logic_app_standard/main.tf b/modules/azure/logic_app_standard/main.tf
index 06a2fcc0..0c23114e 100644
--- a/modules/azure/logic_app_standard/main.tf
+++ b/modules/azure/logic_app_standard/main.tf
@@ -1,14 +1,18 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
- archive = {
- source = "hashicorp/archive"
- version = "~> 2.3"
+ azapi = {
+ source = "Azure/azapi"
+ version = "~> 1.15"
+ }
+ azuread = {
+ source = "hashicorp/azuread"
+ version = "~> 2.53"
}
}
@@ -19,12 +23,11 @@ provider "azurerm" {
features {}
}
-provider "archive" {
-}
-
locals {
- identity_type = var.use_managed_identity && length(var.identity_ids) > 0 ? "SystemAssigned, UserAssigned" : var.use_managed_identity ? "SystemAssigned" : length(var.identity_ids) > 0 ? "UserAssigned" : null
- is_linux = length(regexall("/home/", lower(abspath(path.root)))) > 0
+ identity_type = var.use_managed_identity && length(var.identity_ids) > 0 ? "SystemAssigned, UserAssigned" : var.use_managed_identity ? "SystemAssigned" : length(var.identity_ids) > 0 ? "UserAssigned" : null
+ is_linux = length(regexall("/home/", lower(abspath(path.root)))) > 0
+ identifiers = var.managed_identity_provider != null ? concat(["api://${var.managed_identity_provider.create.application_name}"], var.managed_identity_provider.identifier_uris != null ? var.managed_identity_provider.identifier_uris : []) : []
+ allowed_audiences = var.managed_identity_provider != null ? concat(local.identifiers, var.managed_identity_provider.allowed_audiences != null ? var.managed_identity_provider.allowed_audiences : []) : []
}
resource "azurerm_logic_app_standard" "app" {
@@ -44,15 +47,40 @@ resource "azurerm_logic_app_standard" "app" {
}
site_config {
- ftps_state = "Disabled"
- elastic_instance_minimum = var.elastic_instance_minimum
- pre_warmed_instance_count = var.pre_warmed_instance_count
+ ftps_state = "Disabled"
+ elastic_instance_minimum = var.elastic_instance_minimum
+ pre_warmed_instance_count = var.pre_warmed_instance_count
+ runtime_scale_monitoring_enabled = var.runtime_scale_monitoring_enabled
+
+ dynamic "ip_restriction" {
+ for_each = var.ip_restrictions
+
+ content {
+ ip_address = ip_restriction.value.ip_address
+ service_tag = ip_restriction.value.service_tag
+ virtual_network_subnet_id = ip_restriction.value.virtual_network_subnet_id
+ name = ip_restriction.value.name
+ priority = ip_restriction.value.priority
+ action = ip_restriction.value.action
+
+ dynamic "headers" {
+ for_each = ip_restriction.value.headers
+
+ content {
+ x_azure_fdid = headers.value.x_azure_fdid
+ x_fd_health_probe = headers.value.x_fd_health_probe
+ x_forwarded_for = headers.value.x_forwarded_for
+ x_forwarded_host = headers.value.x_forwarded_host
+ }
+ }
+ }
+ }
}
app_settings = merge({
WEBSITE_NODE_DEFAULT_VERSION = "~18",
- FUNCTIONS_WORKER_RUNTIME = "node",
- }, var.app_settings)
+ FUNCTIONS_WORKER_RUNTIME = "node"
+ }, var.managed_identity_provider != null ? { MICROSOFT_PROVIDER_AUTHENTICATION_SECRET = azuread_application_password.password[0].value } : {}, var.app_settings)
app_service_plan_id = var.service_plan_id
storage_account_access_key = var.storage_account_access_key
@@ -60,25 +88,15 @@ resource "azurerm_logic_app_standard" "app" {
virtual_network_subnet_id = var.integration_subnet_id
}
-# First, create a check.zip with archive_file to check diffs (this step is required)
-# replacing this step by checking of deploy.zip created by local-exec doesn't work
-# because local-exec is not executed during 'plan' so it would take old deploy.zip
-data "archive_file" "check_zip" {
- type = "zip"
- source_dir = var.workflows_source_path
- output_path = "${path.module}/files/check.zip"
-}
-
+# Safest way is to always zip the file, even if there are no changes, it ensures that portal changes do not affect deployment results
resource "null_resource" "zip_logic_app" {
- depends_on = [data.archive_file.check_zip]
-
triggers = {
- deploy = data.archive_file.check_zip.output_sha
+ always_run = timestamp()
}
# if check.zip file changes, create deploy.zip file
provisioner "local-exec" {
interpreter = local.is_linux ? ["bash", "-c"] : ["PowerShell", "-Command"]
- command = local.is_linux ? "cd ${path.module} && mkdir -p files && cd ${var.workflows_source_path} && zip -rq $OLDPWD/files/deploy.zip ." : "New-Item -Path \"${path.module}\" -Name \"files\" -ItemType \"directory\" -Force; Compress-Archive -Path \"${var.workflows_source_path}\\*\" -DestinationPath \"${path.module}\\files\\deploy.zip\""
+ command = local.is_linux ? "cd ${path.module} && mkdir -p files && cd ${var.workflows_source_path} && zip -rq $OLDPWD/files/deploy.zip ." : "New-Item -Path \"${path.module}\" -Name \"files\" -ItemType \"directory\" -Force; Compress-Archive -Path \"${var.workflows_source_path}\\*\" -DestinationPath \"${path.module}\\files\\deploy.zip\" -Force"
}
}
@@ -89,27 +107,18 @@ resource "null_resource" "zip_logic_app" {
# the file will not be accepted if the app setting does not exist. However, there is a small delay between
# updating the logic app and the app settings being available. Therefore, we need to add a timeout to the
# deployment to make sure the app settings are available before the deployment is started.
-
resource "time_sleep" "wait_for_app_settings" {
depends_on = [
azurerm_logic_app_standard.app,
null_resource.zip_logic_app
]
create_duration = "${var.deployment_wait_timeout}s"
-
- triggers = {
- deploy = data.archive_file.check_zip.output_sha
- }
}
# The first step is to ensure that the logic apps extension is installed
resource "null_resource" "install-extension" {
depends_on = [time_sleep.wait_for_app_settings]
- triggers = {
- deploy = data.archive_file.check_zip.output_sha
- }
-
provisioner "local-exec" {
command = "az extension add --name logic"
}
@@ -120,13 +129,162 @@ data "azurerm_subscription" "current" {}
# Then use the Azure CLI to start the deployment
resource "null_resource" "deploy" {
- depends_on = [null_resource.install-extension]
+ depends_on = [
+ null_resource.install-extension,
+ null_resource.zip_logic_app
+ ]
triggers = {
- deploy = data.archive_file.check_zip.output_sha
+ always_run = timestamp() # null_resource.zip_logic_app might not always actually change, trigger ensures the execution anyway
}
provisioner "local-exec" {
command = "az logicapp deployment source config-zip --name ${var.logic_app_name} --resource-group ${var.resource_group_name} --subscription ${data.azurerm_subscription.current.display_name} --src ${path.module}/files/deploy.zip"
}
}
+
+data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" {
+ count = var.log_analytics_workspace_id == null ? 0 : 1
+ resource_id = azurerm_logic_app_standard.app.id
+}
+
+// Write logs and metrics to log analytics if specified
+// Needs to be done once the deployment is finished, because updating Diagnostic Settings leads to a restart of the Logic App
+// which causes the deployment to fail if it is not finished yet
+resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" {
+ depends_on = [
+ null_resource.deploy
+ ]
+
+ count = var.log_analytics_workspace_id == null ? 0 : 1
+ name = "diag-${var.logic_app_name}"
+ target_resource_id = azurerm_logic_app_standard.app.id
+ log_analytics_workspace_id = var.log_analytics_workspace_id
+
+ dynamic "enabled_log" {
+ for_each = length(var.log_analytics_diagnostic_categories) > 0 ? var.log_analytics_diagnostic_categories : data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].log_category_types
+
+ content {
+ category = enabled_log.value
+
+ retention_policy {
+ enabled = false
+ }
+ }
+ }
+
+ dynamic "metric" {
+ for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].metrics
+
+ content {
+ category = metric.value
+ enabled = true
+
+ retention_policy {
+ enabled = false
+ }
+ }
+ }
+}
+
+# Managed Identity Provider
+data "azuread_client_config" "current" {}
+
+resource "random_uuid" "oath2_uuid" {}
+
+resource "azuread_application" "application" {
+ count = var.managed_identity_provider != null ? 1 : 0
+ display_name = var.managed_identity_provider.create.display_name
+ owners = var.managed_identity_provider.create.owners != null ? concat([data.azuread_client_config.current.object_id], var.managed_identity_provider.create.owners) : [data.azuread_client_config.current.object_id]
+ sign_in_audience = "AzureADMyOrg"
+ identifier_uris = local.identifiers
+
+ api {
+ requested_access_token_version = 2
+
+ oauth2_permission_scope {
+ admin_consent_description = var.managed_identity_provider.create.oauth2_settings.admin_consent_description
+ admin_consent_display_name = var.managed_identity_provider.create.oauth2_settings.admin_consent_display_name
+ enabled = var.managed_identity_provider.create.oauth2_settings.enabled
+ id = random_uuid.oath2_uuid.result
+ type = var.managed_identity_provider.create.oauth2_settings.type
+ user_consent_description = var.managed_identity_provider.create.oauth2_settings.user_consent_description
+ user_consent_display_name = var.managed_identity_provider.create.oauth2_settings.user_consent_display_name
+ value = var.managed_identity_provider.create.oauth2_settings.role_value
+ }
+ }
+
+ web {
+ redirect_uris = ["https://${var.logic_app_name}.azurewebsites.net/.auth/login/aad/callback"]
+
+ implicit_grant {
+ access_token_issuance_enabled = false
+ id_token_issuance_enabled = true
+ }
+ }
+
+ required_resource_access {
+ resource_app_id = "00000003-0000-0000-c000-000000000000" # Microsoft Graph
+
+ resource_access {
+ id = "e1fe6dd8-ba31-4d61-89e7-88639da4683d" # User.Read
+ type = "Scope"
+ }
+ }
+}
+
+resource "null_resource" "always_run" {
+ triggers = {
+ timestamp = "${timestamp()}"
+ }
+}
+
+resource "azapi_update_resource" "setup_auth_settings" {
+ count = var.managed_identity_provider != null ? 1 : 0
+ type = "Microsoft.Web/sites/config@2020-12-01"
+ resource_id = "${azurerm_logic_app_standard.app.id}/config/web"
+
+ depends_on = [
+ azurerm_logic_app_standard.app,
+ null_resource.always_run
+ ]
+
+ body = jsonencode({
+ properties = {
+ siteAuthSettingsV2 = {
+ globalValidation = {
+ excludedPaths = []
+ require_authentication = true,
+ // Even though is looks weird, it is needed. Otherwise, the app and also the designer in Azure Portal are not working
+ // https://techcommunity.microsoft.com/blog/integrationsonazureblog/trigger-workflows-in-standard-logic-apps-with-easy-auth/3207378
+ unauthenticatedClientAction = "AllowAnonymous"
+ },
+ IdentityProviders = {
+ azureActiveDirectory = {
+ enabled = true,
+ registration = {
+ clientId = azuread_application.application[0].client_id
+ clientSecretSettingName = "MICROSOFT_PROVIDER_AUTHENTICATION_SECRET"
+ },
+ validation = {
+ allowedAudiences = local.allowed_audiences
+ }
+ }
+ }
+ }
+ }
+ })
+ lifecycle {
+ /* This action should always be replaces since is works under the hood as an api call
+ * So it does not really track issues with the function app properly
+ */
+ replace_triggered_by = [
+ null_resource.always_run
+ ]
+ }
+}
+
+resource "azuread_application_password" "password" {
+ count = var.managed_identity_provider != null ? 1 : 0
+ application_id = azuread_application.application[0].id
+}
diff --git a/modules/azure/logic_app_standard/variables.tf b/modules/azure/logic_app_standard/variables.tf
index 2eca211e..1e26ccab 100644
--- a/modules/azure/logic_app_standard/variables.tf
+++ b/modules/azure/logic_app_standard/variables.tf
@@ -69,6 +69,12 @@ variable "elastic_instance_minimum" {
default = 1
}
+variable "runtime_scale_monitoring_enabled" {
+ type = bool
+ description = " Should Runtime Scale Monitoring be enabled? Only applicable to apps on the Premium plan."
+ default = false
+}
+
variable "pre_warmed_instance_count" {
type = number
description = "Amount of pre-warmed instances. Requires at least 1 for VNet-integration."
@@ -92,3 +98,64 @@ variable "logic_app_version" {
description = "The runtime version associated with the Logic App."
default = "~4"
}
+
+variable "log_analytics_workspace_id" {
+ type = string
+ description = "Specifies the ID of a Log Analytics Workspace where diagnostics data should be sent."
+ default = null
+}
+
+variable "log_analytics_diagnostic_categories" {
+ type = list(string)
+ description = "Optional list of diagnostic categories to override the default categories."
+ default = []
+}
+
+variable "managed_identity_provider" {
+ type = object({
+ existing = optional(object({
+ client_id = string
+ client_secret = string
+ }))
+ create = optional(object({
+ application_name = string
+ display_name = string
+ oauth2_settings = object({
+ admin_consent_description = string
+ admin_consent_display_name = string
+ enabled = bool
+ type = string
+ user_consent_description = string
+ user_consent_display_name = string
+ role_value = string
+ })
+ owners = optional(list(string)) # Deployment user will be added as owner by default
+ redirect_uris = optional(list(string)) # Only for additional URIs, function uri will be added by default
+ group_id = optional(string) # Group ID where service principal of the existing application will belong to
+ }))
+ identifier_uris = optional(list(string)) # api:// will be added by default if application is create
+ allowed_audiences = optional(list(string)) # api:// will be added by default
+ })
+ description = "The managed identity provider to use for connections on this function app"
+ default = null
+}
+
+variable "ip_restrictions" {
+ type = list(object({
+ ip_address = optional(string),
+ service_tag = optional(string),
+ virtual_network_subnet_id = optional(string),
+ name = optional(string),
+ priority = optional(number),
+ action = optional(string),
+
+ headers = optional(list(object({
+ x_azure_fdid = optional(list(string)),
+ x_fd_health_probe = optional(list(string)),
+ x_forwarded_for = optional(list(string)),
+ x_forwarded_host = optional(list(string))
+ })))
+ }))
+ description = "A List of objects representing IP restrictions."
+ default = []
+}
diff --git a/modules/azure/logic_app_standard_connection/main.tf b/modules/azure/logic_app_standard_connection/main.tf
index 5848b6d4..6a2d97a0 100644
--- a/modules/azure/logic_app_standard_connection/main.tf
+++ b/modules/azure/logic_app_standard_connection/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
@@ -45,5 +45,6 @@ resource "azurerm_resource_group_template_deployment" "connection_v2" {
connection_name = { value = var.connection_name }
api_id = { value = var.managed_api_id }
parameters = { value = var.parameter_values }
+ location = { value = var.location }
})
}
diff --git a/modules/azure/logic_app_standard_connection/v2_deployment.json b/modules/azure/logic_app_standard_connection/v2_deployment.json
index 4116d5a5..f8ed543a 100644
--- a/modules/azure/logic_app_standard_connection/v2_deployment.json
+++ b/modules/azure/logic_app_standard_connection/v2_deployment.json
@@ -13,6 +13,10 @@
"parameters": {
"type": "Object",
"defaultValue": {}
+ },
+ "location": {
+ "type": "string",
+ "defaultValue": ""
}
},
"variables": {},
@@ -21,7 +25,7 @@
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[parameters('connection_name')]",
- "location": "northeurope",
+ "location": "[parameters('location')]",
"kind": "V2",
"properties": {
"displayName": "[parameters('connection_name')]",
diff --git a/modules/azure/logic_app_standard_connection/variables.tf b/modules/azure/logic_app_standard_connection/variables.tf
index 6b3e4218..6ec483e5 100644
--- a/modules/azure/logic_app_standard_connection/variables.tf
+++ b/modules/azure/logic_app_standard_connection/variables.tf
@@ -1,3 +1,9 @@
+variable "location" {
+ type = string
+ description = "A datacenter location in Azure."
+ default = "northeurope" //Was hardcoded in ARM, for backward compatibility kept as northeurope
+}
+
variable "resource_group_name" {
type = string
description = "Name of the resource group."
diff --git a/modules/azure/logic_app_standard_connection_access_policy/main.tf b/modules/azure/logic_app_standard_connection_access_policy/main.tf
index 75fc6d7c..6587ff1f 100644
--- a/modules/azure/logic_app_standard_connection_access_policy/main.tf
+++ b/modules/azure/logic_app_standard_connection_access_policy/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
@@ -16,7 +16,7 @@ provider "azurerm" {
}
resource "azurerm_resource_group_template_deployment" "policy" {
- name = "${var.connection_name}-ap"
+ name = var.name != null ? var.name : "${var.connection_name}-ap"
resource_group_name = var.resource_group_name
deployment_mode = "Incremental"
template_content = file("${path.module}/policy.json")
diff --git a/modules/azure/logic_app_standard_connection_access_policy/variables.tf b/modules/azure/logic_app_standard_connection_access_policy/variables.tf
index ac699dda..6f8a6056 100644
--- a/modules/azure/logic_app_standard_connection_access_policy/variables.tf
+++ b/modules/azure/logic_app_standard_connection_access_policy/variables.tf
@@ -3,6 +3,12 @@ variable "resource_group_name" {
description = "Name of the resource group."
}
+variable "name" {
+ type = string
+ description = "Name of the resource which will be created"
+ default = null
+}
+
variable "connection_name" {
type = string
description = "Name of the connection."
diff --git a/modules/azure/logic_app_trigger_http_request_data/main.tf b/modules/azure/logic_app_trigger_http_request_data/main.tf
index b2521329..c1992d37 100644
--- a/modules/azure/logic_app_trigger_http_request_data/main.tf
+++ b/modules/azure/logic_app_trigger_http_request_data/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azapi = {
source = "Azure/azapi"
- version = "~> 1.4"
+ version = "~> 1.15"
}
}
diff --git a/modules/azure/maps_account/main.tf b/modules/azure/maps_account/main.tf
index 4eabf524..fc221fbb 100644
--- a/modules/azure/maps_account/main.tf
+++ b/modules/azure/maps_account/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/monitoring_action_group/main.tf b/modules/azure/monitoring_action_group/main.tf
index b9b7729a..2bda0b15 100644
--- a/modules/azure/monitoring_action_group/main.tf
+++ b/modules/azure/monitoring_action_group/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/monitoring_log_analytics_alert/main.tf b/modules/azure/monitoring_log_analytics_alert/main.tf
index 9322d6e2..f132fb0f 100644
--- a/modules/azure/monitoring_log_analytics_alert/main.tf
+++ b/modules/azure/monitoring_log_analytics_alert/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/monitoring_metric_alert/main.tf b/modules/azure/monitoring_metric_alert/main.tf
index f58bc6fd..22f6b585 100644
--- a/modules/azure/monitoring_metric_alert/main.tf
+++ b/modules/azure/monitoring_metric_alert/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
@@ -26,6 +26,8 @@ resource "azurerm_monitor_metric_alert" "metric_alert" {
description = each.value.description
severity = each.value.severity
enabled = each.value.enabled
+ frequency = each.value.frequency
+ window_size = each.value.window_size
criteria {
metric_namespace = each.value.metric_namespace
@@ -33,6 +35,15 @@ resource "azurerm_monitor_metric_alert" "metric_alert" {
aggregation = each.value.aggregation
operator = each.value.operator
threshold = each.value.threshold
+
+ dynamic "dimension" {
+ for_each = each.value.dimension != null ? each.value.dimension : []
+ content {
+ name = dimension.value.name
+ operator = dimension.value.operator
+ values = dimension.value.values
+ }
+ }
}
action {
diff --git a/modules/azure/monitoring_metric_alert/variables.tf b/modules/azure/monitoring_metric_alert/variables.tf
index 4bb4cdf0..96a0b596 100644
--- a/modules/azure/monitoring_metric_alert/variables.tf
+++ b/modules/azure/monitoring_metric_alert/variables.tf
@@ -19,9 +19,16 @@ variable "monitoring_rules" {
aggregation = string
operator = string
threshold = number
+ frequency = optional(string)
+ window_size = optional(string)
auto_mitigation_enabled = optional(bool)
severity = optional(number)
enabled = optional(bool)
+ dimension = optional(list(object({
+ name = string,
+ operator = string,
+ values = list(string)
+ })))
}))
description = "A list of metricts we want to monitor. For details see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert#argument-reference"
default = []
diff --git a/modules/azure/mssql/main.tf b/modules/azure/mssql/main.tf
index a962bc0b..13a6ea8d 100644
--- a/modules/azure/mssql/main.tf
+++ b/modules/azure/mssql/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/mysql/main.tf b/modules/azure/mysql/main.tf
index 842f625a..6ed78897 100644
--- a/modules/azure/mysql/main.tf
+++ b/modules/azure/mysql/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/mysql_flexible_server/main.tf b/modules/azure/mysql_flexible_server/main.tf
index 9a84d16b..1ca534d9 100644
--- a/modules/azure/mysql_flexible_server/main.tf
+++ b/modules/azure/mysql_flexible_server/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/mysql_flexible_server_public/main.tf b/modules/azure/mysql_flexible_server_public/main.tf
index 815ab2b7..899ec8c8 100644
--- a/modules/azure/mysql_flexible_server_public/main.tf
+++ b/modules/azure/mysql_flexible_server_public/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/network_security_group/main.tf b/modules/azure/network_security_group/main.tf
index 120a2ba7..61b5b003 100644
--- a/modules/azure/network_security_group/main.tf
+++ b/modules/azure/network_security_group/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/postgresql/main.tf b/modules/azure/postgresql/main.tf
index 5ad473f4..60fee1ef 100644
--- a/modules/azure/postgresql/main.tf
+++ b/modules/azure/postgresql/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/postgresql_public/main.tf b/modules/azure/postgresql_public/main.tf
index 906e35b9..141635ad 100644
--- a/modules/azure/postgresql_public/main.tf
+++ b/modules/azure/postgresql_public/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/private_dns_zone/main.tf b/modules/azure/private_dns_zone/main.tf
index 35bc7666..ea5e81f4 100644
--- a/modules/azure/private_dns_zone/main.tf
+++ b/modules/azure/private_dns_zone/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/private_endpoint/main.tf b/modules/azure/private_endpoint/main.tf
index 2b3fcbdb..dcacdd77 100644
--- a/modules/azure/private_endpoint/main.tf
+++ b/modules/azure/private_endpoint/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/public_ip/main.tf b/modules/azure/public_ip/main.tf
index bf85d686..0f8c37ed 100644
--- a/modules/azure/public_ip/main.tf
+++ b/modules/azure/public_ip/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/recovery_services_vault/main.tf b/modules/azure/recovery_services_vault/main.tf
index 702926d7..c35d6be2 100644
--- a/modules/azure/recovery_services_vault/main.tf
+++ b/modules/azure/recovery_services_vault/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/resource_group/main.tf b/modules/azure/resource_group/main.tf
index 4c1ee412..42d3a54c 100644
--- a/modules/azure/resource_group/main.tf
+++ b/modules/azure/resource_group/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/route_table/main.tf b/modules/azure/route_table/main.tf
index 3b44c3e6..436a5f41 100644
--- a/modules/azure/route_table/main.tf
+++ b/modules/azure/route_table/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/service_bus_public/main.tf b/modules/azure/service_bus_public/main.tf
index 38f674b2..32098965 100644
--- a/modules/azure/service_bus_public/main.tf
+++ b/modules/azure/service_bus_public/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
@@ -20,6 +20,7 @@ resource "azurerm_servicebus_namespace" "service_bus" {
location = var.location
resource_group_name = var.resource_group_name
sku = var.sku
+ minimum_tls_version = var.minimum_tls_version
}
resource "azurerm_servicebus_namespace_authorization_rule" "authorization_rule" {
diff --git a/modules/azure/service_bus_public/variables.tf b/modules/azure/service_bus_public/variables.tf
index 8b022c10..70067fb7 100644
--- a/modules/azure/service_bus_public/variables.tf
+++ b/modules/azure/service_bus_public/variables.tf
@@ -34,3 +34,9 @@ variable "log_analytics_workspace_id" {
description = "Specifies the ID of a Log Analytics Workspace where diagnostics data should be sent."
default = null
}
+
+variable "minimum_tls_version" {
+ type = string
+ description = "Specifies the minimum version of TLS to use (1.0 and 1.1 are deprecated from Feb 2025)"
+ default = "1.2"
+}
diff --git a/modules/azure/service_bus_subscription/main.tf b/modules/azure/service_bus_subscription/main.tf
index 8c2f40f0..467caac4 100644
--- a/modules/azure/service_bus_subscription/main.tf
+++ b/modules/azure/service_bus_subscription/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/service_bus_topic/main.tf b/modules/azure/service_bus_topic/main.tf
index 829cadee..137d0388 100644
--- a/modules/azure/service_bus_topic/main.tf
+++ b/modules/azure/service_bus_topic/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/service_plan/main.tf b/modules/azure/service_plan/main.tf
index 654f3750..ced81857 100644
--- a/modules/azure/service_plan/main.tf
+++ b/modules/azure/service_plan/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.1"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/storage_account_private/main.tf b/modules/azure/storage_account_private/main.tf
index fe389b0d..0fe1ce22 100644
--- a/modules/azure/storage_account_private/main.tf
+++ b/modules/azure/storage_account_private/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/storage_account_public/main.tf b/modules/azure/storage_account_public/main.tf
index f9ee346d..724e33e9 100644
--- a/modules/azure/storage_account_public/main.tf
+++ b/modules/azure/storage_account_public/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
@@ -27,6 +27,7 @@ resource "azurerm_storage_account" "storage_account" {
min_tls_version = var.min_tls_version
nfsv3_enabled = var.nfsv3_enabled
is_hns_enabled = var.is_hns_enabled
+ sftp_enabled = var.sftp_enabled
blob_properties {
dynamic "cors_rule" {
diff --git a/modules/azure/storage_account_public/variables.tf b/modules/azure/storage_account_public/variables.tf
index 11cd624b..ca423a35 100644
--- a/modules/azure/storage_account_public/variables.tf
+++ b/modules/azure/storage_account_public/variables.tf
@@ -143,4 +143,9 @@ variable "loganalytics_diagnostic_setting" {
description = "Specifies the log categories that have to be sent to Log analytics."
default = null
}
+variable "sftp_enabled" {
+ type = bool
+ description = "Enable or disable SFTP access for the storage account."
+ default = false
+}
diff --git a/modules/azure/storage_blob/main.tf b/modules/azure/storage_blob/main.tf
index efb59c8e..8d9d0d8b 100644
--- a/modules/azure/storage_blob/main.tf
+++ b/modules/azure/storage_blob/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/storage_container/main.tf b/modules/azure/storage_container/main.tf
index c372c6da..7b16075f 100644
--- a/modules/azure/storage_container/main.tf
+++ b/modules/azure/storage_container/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/storage_event_grid/main.tf b/modules/azure/storage_event_grid/main.tf
index 70daf236..f89bb345 100644
--- a/modules/azure/storage_event_grid/main.tf
+++ b/modules/azure/storage_event_grid/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/storage_queue/main.tf b/modules/azure/storage_queue/main.tf
index fb912016..faa1b08d 100644
--- a/modules/azure/storage_queue/main.tf
+++ b/modules/azure/storage_queue/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/storage_share/main.tf b/modules/azure/storage_share/main.tf
index 424d62f9..d4d68abd 100644
--- a/modules/azure/storage_share/main.tf
+++ b/modules/azure/storage_share/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/storage_table/main.tf b/modules/azure/storage_table/main.tf
index 88377bae..5b775d28 100644
--- a/modules/azure/storage_table/main.tf
+++ b/modules/azure/storage_table/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/storage_table_entities/main.tf b/modules/azure/storage_table_entities/main.tf
index 97c9ac56..10524e7a 100644
--- a/modules/azure/storage_table_entities/main.tf
+++ b/modules/azure/storage_table_entities/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/storage_table_entities_rewritable/main.tf b/modules/azure/storage_table_entities_rewritable/main.tf
index 445f3ff7..09b86b22 100644
--- a/modules/azure/storage_table_entities_rewritable/main.tf
+++ b/modules/azure/storage_table_entities_rewritable/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/storage_table_entity/main.tf b/modules/azure/storage_table_entity/main.tf
index e65c8178..ab6102e4 100644
--- a/modules/azure/storage_table_entity/main.tf
+++ b/modules/azure/storage_table_entity/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/stream_analytics/main.tf b/modules/azure/stream_analytics/main.tf
index 5bb8c5e7..7e90b18e 100644
--- a/modules/azure/stream_analytics/main.tf
+++ b/modules/azure/stream_analytics/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/subnet/main.tf b/modules/azure/subnet/main.tf
index 0474284c..c37517c7 100644
--- a/modules/azure/subnet/main.tf
+++ b/modules/azure/subnet/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/synapse_workspace/main.tf b/modules/azure/synapse_workspace/main.tf
index 758533b0..9bff6906 100644
--- a/modules/azure/synapse_workspace/main.tf
+++ b/modules/azure/synapse_workspace/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/virtual_machine/main.tf b/modules/azure/virtual_machine/main.tf
index 359ea8e1..fc5fc9a6 100644
--- a/modules/azure/virtual_machine/main.tf
+++ b/modules/azure/virtual_machine/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/virtual_machine_extension/main.tf b/modules/azure/virtual_machine_extension/main.tf
index 75445cdf..320be548 100644
--- a/modules/azure/virtual_machine_extension/main.tf
+++ b/modules/azure/virtual_machine_extension/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/virtual_network/main.tf b/modules/azure/virtual_network/main.tf
index a3f4484e..70cc11d3 100644
--- a/modules/azure/virtual_network/main.tf
+++ b/modules/azure/virtual_network/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/virtual_network_peering/main.tf b/modules/azure/virtual_network_peering/main.tf
index e8a2ab6e..746ade33 100644
--- a/modules/azure/virtual_network_peering/main.tf
+++ b/modules/azure/virtual_network_peering/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/web_app_linux/main.tf b/modules/azure/web_app_linux/main.tf
index cbf56776..90d91260 100644
--- a/modules/azure/web_app_linux/main.tf
+++ b/modules/azure/web_app_linux/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.1"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.70"
+ version = "~> 3.117"
}
}
diff --git a/modules/azure/web_app_windows/main.tf b/modules/azure/web_app_windows/main.tf
index 17e1f9c7..6822d373 100644
--- a/modules/azure/web_app_windows/main.tf
+++ b/modules/azure/web_app_windows/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.1"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.70"
+ version = "~> 3.117"
}
}
diff --git a/modules/cloudflare/dns_records/main.tf b/modules/cloudflare/dns_records/main.tf
index 61cc1d19..312f57c9 100644
--- a/modules/cloudflare/dns_records/main.tf
+++ b/modules/cloudflare/dns_records/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
cloudflare = {
source = "cloudflare/cloudflare"
- version = "~> 4.0"
+ version = "~> 4.52"
}
}
@@ -17,7 +17,7 @@ data "cloudflare_zone" "zone" {
name = var.zone_name
}
-resource "cloudflare_record" "record" {
+ resource "cloudflare_record" "record" {
for_each = { for idx, rec in var.records : rec.name => rec }
zone_id = data.cloudflare_zone.zone.id
name = each.value.name
@@ -27,4 +27,4 @@ resource "cloudflare_record" "record" {
priority = each.value.priority
proxied = each.value.proxied
allow_overwrite = each.value.allow_overwrite
-}
+}
\ No newline at end of file
diff --git a/modules/elastic/cluster/main.tf b/modules/elastic/cluster/main.tf
index c3da819b..782d37c3 100644
--- a/modules/elastic/cluster/main.tf
+++ b/modules/elastic/cluster/main.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
ec = {
diff --git a/modules/kubernetes/configmap/main.tf b/modules/kubernetes/configmap/main.tf
index 414908dd..f798f3ed 100644
--- a/modules/kubernetes/configmap/main.tf
+++ b/modules/kubernetes/configmap/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
- version = "~> 2.20"
+ version = "~> 2.37"
}
}
diff --git a/modules/kubernetes/cron_job/main.tf b/modules/kubernetes/cron_job/main.tf
index c1b0d3ba..273a32cb 100644
--- a/modules/kubernetes/cron_job/main.tf
+++ b/modules/kubernetes/cron_job/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
- version = "~> 2.20"
+ version = "~> 2.37"
}
}
diff --git a/modules/kubernetes/deployment_with_service/main.tf b/modules/kubernetes/deployment_with_service/main.tf
index 8f501484..437973da 100644
--- a/modules/kubernetes/deployment_with_service/main.tf
+++ b/modules/kubernetes/deployment_with_service/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
- version = "~> 2.20"
+ version = "~> 2.37"
}
}
diff --git a/modules/kubernetes/ingress/main.tf b/modules/kubernetes/ingress/main.tf
index ad3fa2f8..d3da04a5 100644
--- a/modules/kubernetes/ingress/main.tf
+++ b/modules/kubernetes/ingress/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
- version = "~> 2.20"
+ version = "~> 2.37"
}
}
diff --git a/modules/kubernetes/pvc/main.tf b/modules/kubernetes/pvc/main.tf
index ecf30d1a..686f309f 100644
--- a/modules/kubernetes/pvc/main.tf
+++ b/modules/kubernetes/pvc/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
- version = "~> 2.20"
+ version = "~> 2.37"
}
}
diff --git a/modules/kubernetes/secret/main.tf b/modules/kubernetes/secret/main.tf
index 332399d1..ed74b61f 100644
--- a/modules/kubernetes/secret/main.tf
+++ b/modules/kubernetes/secret/main.tf
@@ -1,10 +1,10 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
- version = "~> 2.20"
+ version = "~> 2.37"
}
}
diff --git a/modules/other/local_exec/main.tf b/modules/other/local_exec/main.tf
index dce35d91..3c592480 100644
--- a/modules/other/local_exec/main.tf
+++ b/modules/other/local_exec/main.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
backend "azurerm" {}
}
diff --git a/modules/other/password_generator/main.tf b/modules/other/password_generator/main.tf
index b6b5a433..cbf670bf 100644
--- a/modules/other/password_generator/main.tf
+++ b/modules/other/password_generator/main.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
backend "azurerm" {}
}
diff --git a/modules/other/vm_with_power_automate_desktop/main.tf b/modules/other/vm_with_power_automate_desktop/main.tf
index f8cb763b..2773d8c1 100644
--- a/modules/other/vm_with_power_automate_desktop/main.tf
+++ b/modules/other/vm_with_power_automate_desktop/main.tf
@@ -1,14 +1,14 @@
terraform {
- required_version = "~> 1.3"
+ required_version = "~> 1.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.48"
+ version = "~> 3.117"
}
random = {
source = "hashicorp/random"
- version = "~> 3.5"
+ version = "~> 3.7.2"
}
}