Merge remote-tracking branch 'origin/main' into visiativ/feat/azurerm…

…_maintenance_assignment_dynamic_scope

.github/workflows/standalone-scenarios.json

@@ -74,6 +74,7 @@
     "messaging/eventgrid/101-simple-eventgrid-topic-private-endpoint",
     "messaging/eventgrid/102-eventgrid_subscription",
     "messaging/eventgrid/200-simple-eventgrid-domain-topic",
+    "messaging/eventgrid/300-simple-eventgrid-system-topic",
     "messaging/servicebus/100-servicebus-services",
     "messaging/servicebus/200-servicebus-privatelink",
     "messaging/web_pubsub/100-simple-web-pubsub",

cognitive_service.tf

@@ -9,6 +9,12 @@ module "cognitive_services_account" {
   resource_group_name = local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].name
   location            = lookup(each.value, "region", null) == null ? local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location : local.global_settings.regions[each.value.region]
   settings            = each.value
+  resource_groups     = local.combined_objects_resource_groups
+  vnets               = local.combined_objects_networking
+  private_endpoints   = try(each.value.private_endpoints, {})
+  private_dns         = local.combined_objects_private_dns
+  diagnostics         = local.combined_diagnostics
+  diagnostic_profiles = try(each.value.diagnostic_profiles, {})
 
   managed_identities = local.combined_objects_managed_identities
 }

eventgrid.tf

@@ -77,3 +77,42 @@ module "eventgrid_domain_topic" {
 output "eventgrid_domain_topic" {
   value = module.eventgrid_domain_topic
 }
+
+module "eventgrid_system_topic" {
+  source   = "./modules/messaging/eventgrid/eventgrid_system_topic"
+  for_each = local.messaging.eventgrid_system_topic
+
+  global_settings = local.global_settings
+  client_config   = local.client_config
+  settings        = each.value
+  base_tags       = try(local.global_settings.inherit_tags, false) ? try(local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].tags, {}) : {}
+
+  location = can(local.global_settings.regions[each.value.region]) ? local.global_settings.regions[each.value.region] : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location
+
+  remote_objects = local.remote_objects
+}
+output "eventgrid_system_topic" {
+  value = module.eventgrid_system_topic
+}
+module "eventgrid_system_event_subscription" {
+  source   = "./modules/messaging/eventgrid/eventgrid_system_event_subscription"
+  for_each = local.messaging.eventgrid_system_event_subscription
+
+  global_settings = local.global_settings
+  client_config   = local.client_config
+  settings        = each.value
+
+  remote_objects = merge(
+    local.remote_objects,
+    {
+      functions               = local.combined_objects_function_apps,
+      eventhubs               = local.combined_objects_event_hubs,
+      eventgrid_system_topics = local.combined_objects_eventgrid_system_topics,
+      hybrid_connections      = local.combined_objects_relay_hybrid_connection,
+      storage_account_queues  = local.combined_objects_storage_account_queues
+    }
+  )
+}
+output "eventgrid_system_event_subscription" {
+  value = module.eventgrid_system_event_subscription
+}

examples/azuread/107-azuread-application-with-single-page-application/configuration.tfvars

@@ -51,6 +51,13 @@ azuread_applications = {
           id    = "d4c3605a-b327-35c5-f04d-77f7fcdd4995"
           type  = "Admin"
           value = "app"
+        },
+        {
+          admin_consent_description  = "Allow to administer app2."
+          admin_consent_display_name = "Administer app2"
+          enabled                    = true
+          type                       = "Admin"
+          value                      = "app2"
         }
       ]
     }

examples/messaging/eventgrid/300-simple-eventgrid-system-topic/configuration.tfvars

@@ -0,0 +1,64 @@
+global_settings = {
+  default_region = "region1"
+  regions = {
+    region1 = "southeastasia"
+  }
+}
+
+resource_groups = {
+  evg_examples = {
+    name   = "eventgrid"
+    region = "region1"
+  }
+}
+
+storage_accounts = {
+  sa1 = {
+    name               = "0665ba08d3ae"
+    resource_group_key = "evg_examples"
+    account_kind       = "BlobStorage"
+    account_tier       = "Standard"
+    # account_replication_type = "LRS"
+    containers = {
+      dev = {
+        name = "random"
+      }
+    }
+  }
+}
+
+eventgrid_system_topic = {
+  egt1 = {
+    name = "egt1"
+    resource_group = {
+      key = "evg_examples"
+    }
+    region = "region1"
+
+    # topic_type can be one of these, more resource types can be supported
+    # Microsoft.AppConfiguration.ConfigurationStores
+    # Microsoft.Communication.CommunicationServices
+    # Microsoft.ContainerRegistry.Registries
+    # Microsoft.Devices.IoTHubs
+    # Microsoft.EventGrid.Domains
+    # Microsoft.EventGrid.Topics
+    # Microsoft.Eventhub.Namespaces
+    # Microsoft.KeyVault.vaults
+    # Microsoft.MachineLearningServices.Workspaces
+    # Microsoft.Maps.Accounts
+    # Microsoft.Media.MediaServices
+    # Microsoft.Resources.ResourceGroups
+    # Microsoft.Resources.Subscriptions
+    # Microsoft.ServiceBus.Namespaces
+    # Microsoft.SignalRService.SignalR
+    # Microsoft.Storage.StorageAccounts
+    # Microsoft.Web.ServerFarms
+    # Microsoft.Web.Sites
+    topic_type = "Microsoft.Storage.StorageAccounts"
+
+    source_resource = {
+      type = "storage_accounts"
+      key  = "sa1"
+    }
+  }
+}

examples/mysql_flexible_server/103-mysql-flexible-private-endpoint/configuration.tfvars

@@ -0,0 +1,110 @@
+global_settings = {
+  default_region = "region1"
+  regions = {
+    region1 = "australiaeast"
+  }
+}
+
+resource_groups = {
+  mysql_region1 = {
+    name   = "mysql-region1"
+    region = "region1"
+  }
+  security_region1 = {
+    name = "security-region1"
+  }
+}
+
+mysql_flexible_server = {
+  primary_region1 = {
+    name     = "vks-flexible-testservers"
+    version  = "8.0.21" #Possible values are 5.7, and 8.0.21
+    sku_name = "GP_Standard_D2ds_v4"
+    zone     = 1
+    resource_group = {
+      key = "mysql_region1"
+      # lz_key = ""                           # Set the lz_key if the resource group is remote.
+    }
+
+    private_dns_zone_id = "dns_zone1"
+
+    # Auto-generated administrator credentials stored in azure keyvault when not set (recommended).
+    #administrator_username  = "psqladmin"
+    #administrator_password  = "ComplxP@ssw0rd!"
+    keyvault = {
+      key = "mysql_region1" # (Required) when auto-generated administrator credentials needed.
+      # lz_key      = ""                      # Set the lz_key if the keyvault is remote.
+    }
+
+    # [Optional] Server Configurations
+    mysql_configurations = {
+      mysql_configurations = {
+        name  = "interactive_timeout"
+        value = "600"
+      }
+
+    }
+    # [Optional] Database Configurations
+    mysql_databases = {
+      flex_mysql_database = {
+        name      = "exampledb"
+        collation = "utf8mb3_unicode_ci"
+        charset   = "utf8mb3"
+      }
+    }
+
+    tags = {
+      server = "MysqlFlexible"
+    }
+
+    private_endpoints = {
+      private-link-level4 = {
+        name               = "sales-sql-rg1"
+        vnet_key           = "vnet_region1"
+        subnet_key         = "private_dns"
+        resource_group_key = "sql_region1"
+
+        private_service_connection = {
+          name                 = "sales-sql-rg1"
+          is_manual_connection = false
+          subresource_names    = ["mysqlServer"]
+        }
+      }
+    }
+
+  }
+
+}
+
+keyvaults = {
+  mysql_region1 = {
+    name                = "mysql-region123"
+    resource_group_key  = "security_region1"
+    sku_name            = "standard"
+    soft_delete_enabled = true
+    creation_policies = {
+      logged_in_user = {
+        secret_permissions = ["Set", "Get", "List", "Delete", "Purge"]
+      }
+    }
+  }
+}
+
+vnets = {
+  vnet_region1 = {
+    resource_group_key = "mysql_region1"
+    region             = "region1"
+    vnet = {
+      name          = "mysql"
+      address_space = ["10.10.0.0/24"]
+    }
+    subnets = {
+      private_dns = {
+        name                                           = "private-dns"
+        cidr                                           = ["10.10.0.0/25"]
+        enforce_private_link_endpoint_network_policies = true
+        enforce_private_link_service_network_policies  = false
+      }
+    }
+  }
+}

locals.combined_objects.tf

@@ -78,6 +78,7 @@ locals {
   combined_objects_event_hubs                                     = merge(tomap({ (local.client_config.landingzone_key) = module.event_hubs }), try(var.remote_objects.event_hubs, {}))
   combined_objects_eventgrid_domains                              = merge(tomap({ (local.client_config.landingzone_key) = module.eventgrid_domain }), try(var.remote_objects.eventgrid_domain, {}))
   combined_objects_eventgrid_topics                               = merge(tomap({ (local.client_config.landingzone_key) = module.eventgrid_topic }), try(var.remote_objects.eventgrid_topic, {}))
+  combined_objects_eventgrid_system_topics                        = merge(tomap({ (local.client_config.landingzone_key) = module.eventgrid_system_topic }), lookup(var.remote_objects, "eventgrid_system_topic", {}))
   combined_objects_express_route_circuit_authorizations           = merge(tomap({ (local.client_config.landingzone_key) = module.express_route_circuit_authorizations }), try(var.remote_objects.express_route_circuit_authorizations, {}))
   combined_objects_express_route_circuit_peerings                 = merge(tomap({ (local.client_config.landingzone_key) = module.express_route_circuit_peerings }), try(var.remote_objects.express_route_circuit_peerings, {}))
   combined_objects_express_route_circuits                         = merge(tomap({ (local.client_config.landingzone_key) = module.express_route_circuits }), try(var.remote_objects.express_route_circuits, {}), try(var.data_sources.express_route_circuits, {}))

locals.tf

@@ -255,16 +255,18 @@ locals {
     maps_accounts = try(var.maps.maps_accounts, {})
   }
   messaging = {
-    signalr_services             = try(var.messaging.signalr_services, {})
-    servicebus_namespaces        = try(var.messaging.servicebus_namespaces, {})
-    servicebus_queues            = try(var.messaging.servicebus_queues, {})
-    servicebus_topics            = try(var.messaging.servicebus_topics, {})
-    eventgrid_domain             = try(var.messaging.eventgrid_domain, {})
-    eventgrid_topic              = try(var.messaging.eventgrid_topic, {})
-    eventgrid_event_subscription = try(var.messaging.eventgrid_event_subscription, {})
-    eventgrid_domain_topic       = try(var.messaging.eventgrid_domain_topic, {})
-    web_pubsubs                  = try(var.messaging.web_pubsubs, {})
-    web_pubsub_hubs              = try(var.messaging.web_pubsub_hubs, {})
+    signalr_services                    = try(var.messaging.signalr_services, {})
+    servicebus_namespaces               = try(var.messaging.servicebus_namespaces, {})
+    servicebus_queues                   = try(var.messaging.servicebus_queues, {})
+    servicebus_topics                   = try(var.messaging.servicebus_topics, {})
+    eventgrid_domain                    = try(var.messaging.eventgrid_domain, {})
+    eventgrid_topic                     = try(var.messaging.eventgrid_topic, {})
+    eventgrid_event_subscription        = try(var.messaging.eventgrid_event_subscription, {})
+    eventgrid_domain_topic              = try(var.messaging.eventgrid_domain_topic, {})
+    eventgrid_system_topic              = try(var.messaging.eventgrid_system_topic, {})
+    eventgrid_system_event_subscription = try(var.messaging.eventgrid_system_event_subscription, {})
+    web_pubsubs                         = try(var.messaging.web_pubsubs, {})
+    web_pubsub_hubs                     = try(var.messaging.web_pubsub_hubs, {})
   }
 
   networking = {

modules/azuread/applications_v1/azuread_application.tf

@@ -36,7 +36,7 @@ resource "azuread_application" "app" {
         content {
           admin_consent_description  = oauth2_permission_scope.value.admin_consent_description
           admin_consent_display_name = oauth2_permission_scope.value.admin_consent_display_name
-          id                         = oauth2_permission_scope.value.id
+          id                         = try(oauth2_permission_scope.value.id, random_uuid.oauth2_permission_scopes[oauth2_permission_scope.key].id)
           enabled                    = try(oauth2_permission_scope.value.enabled, null)
           type                       = try(oauth2_permission_scope.value.type, null)
           user_consent_description   = try(oauth2_permission_scope.value.user_consent_description, null)
@@ -131,3 +131,10 @@ resource "random_uuid" "app_role_id" {
     if try(value.id, null) == null
   }
 }
+
+resource "random_uuid" "oauth2_permission_scopes" {
+  for_each = {
+    for key, value in try(var.settings.api.oauth2_permission_scopes, {}) : key => value
+    if try(value.id, null) == null
+  }
+}

modules/cognitive_services/cognitive_services_account/diagnostics.tf

@@ -0,0 +1,9 @@
+module "diagnostics" {
+  source = "../../diagnostics"
+  count  = var.diagnostic_profiles == null ? 0 : 1
+
+  resource_id       = azurerm_cognitive_account.service.id
+  resource_location = local.location
+  diagnostics       = var.diagnostics
+  profiles          = var.diagnostic_profiles
+}

modules/cognitive_services/cognitive_services_account/main.tf

@@ -7,9 +7,10 @@ terraform {
 }
 
 locals {
+  location = coalesce(var.location, var.resource_group.location)
   tags = var.base_tags ? merge(
     var.global_settings.tags,
     try(var.resource_group.tags, null),
     try(var.settings.tags, null)
   ) : try(var.settings.tags, null)
-}
+}

modules/cognitive_services/cognitive_services_account/output.tf

@@ -8,11 +8,21 @@ output "endpoint" {
   value       = azurerm_cognitive_account.service.endpoint
 }
 
+output "primary_access_key" {
+  description = "The primary_access_key used to connect to the Cognitive Service Account."
+  value       = azurerm_cognitive_account.service.primary_access_key
+}
+
+output "secondary_access_key" {
+  description = "The secondary_access_key used to connect to the Cognitive Service Account."
+  value       = azurerm_cognitive_account.service.secondary_access_key
+}
+
 output "rbac_id" {
   description = "The Principal ID of the Cognetive Services for Role Mapping"
   value       = try(azurerm_cognitive_account.service.identity[0].principal_id, null)
 }
 
 output "identity" {
   value = try(azurerm_cognitive_account.service.identity, null)
-}
+}

modules/cognitive_services/cognitive_services_account/private_endpoints.tf

@@ -0,0 +1,20 @@
+#
+# Private endpoint
+#
+
+module "private_endpoint" {
+  source   = "../../networking/private_endpoint"
+  for_each = var.private_endpoints
+
+  resource_id         = azurerm_cognitive_account.service.id
+  name                = each.value.name
+  location            = var.resource_groups[try(each.value.resource_group.lz_key, var.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location
+  resource_group_name = var.resource_groups[try(each.value.resource_group.lz_key, var.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].name
+  subnet_id           = can(each.value.subnet_id) ? each.value.subnet_id : var.vnets[try(each.value.lz_key, var.client_config.landingzone_key)][each.value.vnet_key].subnets[each.value.subnet_key].id
+  settings            = each.value
+  global_settings     = var.global_settings
+  base_tags           = var.base_tags
+  tags                = local.tags
+  private_dns         = var.private_dns
+  client_config       = var.client_config
+}