Merge branch 'master' of github.com:aztfmod/terraform-azurerm-caf into appservice_vnet

Author: Daniel Valdivieso

.github/workflows/master-standalone-tf13.yaml

@@ -71,6 +71,9 @@ jobs:
             "monitoring/100-service-health-alerts",
             "mssql_server/104-sqlserver-elastic_pools",
             "mssql_server/105-sqlserver-failover_groups",
+            # "mssql_server/106-sqlserver-db-msi-authentication",
+            "mssql_server/107-sqlserver-db-retention-policy",
+            "mssql_server/108-sqlserver-db-diagnostics",
             "mysql_server/100-simple-mysql",
             "mysql_server/101-vnet-rule-mysql",
             "mysql_server/102-private-endpoint-mysql",
@@ -89,6 +92,7 @@ jobs:
             "networking/load_balancers/101-load-balancer-with-rules",
             "networking/load_balancers/102-internal-load-balancer",
             "networking/load_balancers/103-load-balancer-nic-association",
+            "networking/load_balancers/104-load-balancer-diagnostics",
             "networking/private_dns/100-private-dns-vnet-links",
             "networking/private_links/endpoints/centralized",
             "networking/virtual_network_gateway/100-expressroute-gateway",
@@ -113,14 +117,16 @@ jobs:
             "recovery_vault/102-asr-protection",
             "recovery_vault/103-asr-with-private-endpoint",
             "redis_cache/100-redis-standard",
+            "redis_cache/101-redis-diagnostics",
             "storage_accounts/102-storage-account-advanced-options",
             "synapse_analytics/100-synapse",
             "synapse_analytics/101-synapse-sparkpool",
             "webapps/appservice/101-appservice-simple",
             "webapps/appservice/102-appservice-slots",
             "webapps/appservice/103-appservice-extend",
             "webapps/appservice/104-appservice-appinsight",
-            "webapps/appservice/105-appservice-backup"
+            "webapps/appservice/105-appservice-backup",
+            "webapps/appservice/106-appservice-diagnostics"
           ]
 
     container:

.github/workflows/master-standalone-tf14.yaml

@@ -80,6 +80,9 @@ jobs:
             "monitoring/100-service-health-alerts",
             "mssql_server/104-sqlserver-elastic_pools",
             "mssql_server/105-sqlserver-failover_groups",
+            # "mssql_server/106-sqlserver-db-msi-authentication",
+            "mssql_server/107-sqlserver-db-retention-policy",
+            "mssql_server/108-sqlserver-db-diagnostics",
             "mysql_server/100-simple-mysql",
             "mysql_server/101-vnet-rule-mysql",
             "mysql_server/102-private-endpoint-mysql",
@@ -98,6 +101,7 @@ jobs:
             "networking/load_balancers/101-load-balancer-with-rules",
             "networking/load_balancers/102-internal-load-balancer",
             "networking/load_balancers/103-load-balancer-nic-association",
+            "networking/load_balancers/104-load-balancer-diagnostics",
             "networking/private_dns/100-private-dns-vnet-links",
             "networking/private_links/endpoints/centralized",
             "networking/virtual_network_gateway/100-expressroute-gateway",
@@ -122,14 +126,16 @@ jobs:
             "recovery_vault/102-asr-protection",
             "recovery_vault/103-asr-with-private-endpoint",
             "redis_cache/100-redis-standard",
+            "redis_cache/101-redis-diagnostics",
             "storage_accounts/102-storage-account-advanced-options",
             "synapse_analytics/100-synapse",
             "synapse_analytics/101-synapse-sparkpool",
             "webapps/appservice/101-appservice-simple",
             "webapps/appservice/102-appservice-slots",
             "webapps/appservice/103-appservice-extend",
             "webapps/appservice/104-appservice-appinsight",
-            "webapps/appservice/105-appservice-backup"
+            "webapps/appservice/105-appservice-backup",
+            "webapps/appservice/106-appservice-diagnostics"
           ]
 
     container:

.github/workflows/master-standalone-tf15.yaml

@@ -62,6 +62,9 @@ jobs:
             "monitoring/100-service-health-alerts",
             "mssql_server/104-sqlserver-elastic_pools",
             "mssql_server/105-sqlserver-failover_groups",
+            # "mssql_server/106-sqlserver-db-msi-authentication",
+            "mssql_server/107-sqlserver-db-retention-policy",
+            "mssql_server/108-sqlserver-db-diagnostics",
             "mysql_server/100-simple-mysql",
             "mysql_server/101-vnet-rule-mysql",
             "mysql_server/102-private-endpoint-mysql",
@@ -76,6 +79,7 @@ jobs:
             "networking/front_door/101-front_door_waf",
             "networking/ip_group/100-simple-ip_group",
             "networking/ip_group/101-firewall-ip_group",
+            "networking/load_balancers/104-load-balancer-diagnostics",
             "networking/private_dns/100-private-dns-vnet-links",
             "networking/private_links/endpoints/centralized",
             "networking/virtual_network_gateway/101-vpn-site-to-site",
@@ -99,13 +103,15 @@ jobs:
             "recovery_vault/102-asr-protection",
             "recovery_vault/103-asr-with-private-endpoint",
             "redis_cache/100-redis-standard",
+            "redis_cache/101-redis-diagnostics",
             "synapse_analytics/100-synapse",
             "synapse_analytics/101-synapse-sparkpool",
             "webapps/appservice/101-appservice-simple",
             "webapps/appservice/102-appservice-slots",
             "webapps/appservice/103-appservice-extend",
             "webapps/appservice/104-appservice-appinsight",
-            "webapps/appservice/105-appservice-backup"
+            "webapps/appservice/105-appservice-backup",
+            "webapps/appservice/106-appservice-diagnostics"
             # "mssql_mi/200-mi",
           ]
 

.github/workflows/purge_protection_enabled.yaml

@@ -19,6 +19,8 @@ module "app_services" {
   combined_objects     = local.dynamic_app_settings_combined_objects
   base_tags            = try(local.global_settings.inherit_tags, false) ? module.resource_groups[each.value.resource_group_key].tags : {}
   application_insight  = try(each.value.application_insight_key, null) == null ? null : module.azurerm_application_insights[each.value.application_insight_key]
+  diagnostic_profiles  = try(each.value.diagnostic_profiles, null)
+  diagnostics          = local.combined_diagnostics
   storage_accounts     = local.combined_objects_storage_accounts
   subnet_id            = try(each.value.settings.subnet_key, null) == null ? null : try(local.combined_objects_networking[local.client_config.landingzone_key][each.value.settings.vnet_key].subnets[each.value.settings.subnet_key].id, local.combined_objects_networking[each.value.settings.lz_key][each.value.settings.vnet_key].subnets[each.value.settings.subnet_key].id)
   tags                 = try(each.value.tags, null)

app_services.tf

@@ -36,6 +36,11 @@ virtual_machines = {
         enable_ip_forwarding    = false
         internal_dns_name_label = "nic0"
         public_ip_address_key   = "example_vm_pip1_rg1"
+        # example with external network objects
+        # subnet_id = "/subscriptions/sub-id/resourceGroups/test-manual/providers/Microsoft.Network/virtualNetworks/vnet/subnets/default"
+        # public_address_id = "/subscriptions/sub-id/resourceGroups/test-manual/providers/Microsoft.Network/publicIPAddresses/arnaudip"
+        # nsg_id = "/subscriptions/sub-id/resourceGroups/test-manual/providers/Microsoft.Network/networkSecurityGroups/nsgtest"
+
       }
     }
 

examples/compute/virtual_machine/100-single-linux-vm/configuration.tfvars

@@ -0,0 +1,67 @@
+global_settings = {
+  default_region = "region1"
+  regions = {
+    region1 = "southeastasia"
+  }
+}
+
+lighthouse_definitions = {
+  lighthousedef1 = {
+    name               = "CAF Maintainers - Reader"
+    description        = "Provides Contributor role to the Group CAF Maintainers"
+    managing_tenant_id = "5332f9b1-12d5-4e12-b10f-b99132616023" # The ID of the managing tenant
+    managed_subscription_id = {
+      key    = ""
+      lz_key = ""                                                    # optional
+      id     = "/subscriptions/ede4d758-a1da-4031-b27f-2752d719d820" # The ID of the managed subscription.
+    }
+    # Scope IDs to associate the Lighthouse definition (Subscription ID or Resource Group ID).
+    scopes = {
+      subscription = {
+        key    = ""
+        lz_key = ""                                                    # optional
+        id     = "/subscriptions/ede4d758-a1da-4031-b27f-2752d719d820"
+      }
+      resource_groups = {
+        rg1 = {
+          key    = ""
+          lz_key = "" # optional
+          id     = "" #
+        },
+        rg2 = {
+          key    = ""
+          lz_key = "" # optional
+          id     = ""
+        }
+      }
+    }
+    # List of Authorization objects.
+    authorizations = {
+      auth1 = {
+        principal_display_name = "CAF Maintainers (AAD Group)"
+        built_in_role_name     = "Reader"
+        #delegated_role_definitions = ["Reader", "test"]
+        managed_identity = {
+          key    = ""
+          lz_key = "" # optional
+          id     = ""
+        }
+        azuread_group = {
+          key    = ""
+          lz_key = "" # optional
+          id     = "" 
+        }
+        azuread_user = {
+          key    = ""
+          lz_key = "" # optional
+          id     = ""
+        }
+        azuread_app = {
+          key    = ""
+          lz_key = "" # optional
+          id     = ""
+        }
+      }
+    }
+  }
+}

examples/lighthouse/100-lighthouse-simple/configuration.tfvars

@@ -97,6 +97,7 @@ mssql_databases = {
     max_size_gb        = 4
     sku_name           = "BC_Gen5_2"
 
+    # Only works with SystemAssigned MSI, logged_in users will not be able to provision the db_permission for now.
     db_permissions = {
       group1 = { # group_name
         db_roles = ["db_owner", "db_accessadmin"]