Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

testing import of new frontdoor #1741

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

testing import of new frontdoor #1741

wants to merge 3 commits into from

Conversation

cpareek
Copy link
Contributor

@cpareek cpareek commented Sep 19, 2023

JIRA link (if applicable)

https://tools.hmcts.net/jira/browse/DTSPO-13990

Change description

Testing import of new front door

Does this PR introduce a breaking change? (check one with "x")

[ ] Yes
[ X] No

@cpareek cpareek requested a review from a team as a code owner September 19, 2023 14:00
@hmcts-platform-operations
Copy link

Plan Result (sbox_shutter_webapp)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (sbox_frontendappgateway)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (sbox_backendappgateway)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (sbox_apim_appgw)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (sbox_private_dns)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (sbox_apim)

⚠️ Resource Deletion will happen ⚠️

This plan contains resource delete operation. Please check the plan result very carefully!

Plan: 2 to add, 1 to change, 1 to destroy.
  • Create
    • module.api-mgmt.azurerm_api_management_custom_domain.api-management-custom-domain
  • Update
    • module.api-mgmt.azurerm_api_management.apim
  • Replace
    • module.api-mgmt.azurerm_role_assignment.apim
Change Result (Click me) 
  # module.api-mgmt.data.azurerm_api_management.apim will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "azurerm_api_management" "apim" {
      + additional_location       = (known after apply)
      + developer_portal_url      = (known after apply)
      + gateway_regional_url      = (known after apply)
      + gateway_url               = (known after apply)
      + hostname_configuration    = (known after apply)
      + id                        = (known after apply)
      + identity                  = (known after apply)
      + location                  = (known after apply)
      + management_api_url        = (known after apply)
      + name                      = "cft-api-mgmt-sbox"
      + notification_sender_email = (known after apply)
      + portal_url                = (known after apply)
      + private_ip_addresses      = (known after apply)
      + public_ip_address_id      = (known after apply)
      + public_ip_addresses       = (known after apply)
      + publisher_email           = (known after apply)
      + publisher_name            = (known after apply)
      + resource_group_name       = "cft-sbox-network-rg"
      + scm_url                   = (known after apply)
      + sku_name                  = (known after apply)
      + tags                      = (known after apply)
      + tenant_access             = (known after apply)
    }

  # module.api-mgmt.azurerm_api_management.apim will be updated in-place
  ~ resource "azurerm_api_management" "apim" {
        id                            = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.ApiManagement/service/cft-api-mgmt-sbox"
        name                          = "cft-api-mgmt-sbox"
      ~ tags                          = {
            "application"  = "core"
            "builtFrom"    = "hmcts/azure-platform-terraform"
            "businessArea" = "CFT"
            "criticality"  = "Low"
          ~ "environment"  = "Sandbox" -> "sandbox"
            "expiresAfter" = "3000-01-01"
        }
        # (20 unchanged attributes hidden)

        # (9 unchanged blocks hidden)
    }

  # module.api-mgmt.azurerm_api_management_custom_domain.api-management-custom-domain will be created
  + resource "azurerm_api_management_custom_domain" "api-management-custom-domain" {
      + api_management_id = (known after apply)
      + id                = (known after apply)

      + gateway {
          + certificate_source           = (known after apply)
          + certificate_status           = (known after apply)
          + default_ssl_binding          = true
          + expiry                       = (known after apply)
          + host_name                    = "cft-api-mgmt.sandbox.platform.hmcts.net"
          + key_vault_id                 = "https://acmedcdcftappssbox.vault.azure.net/secrets/wildcard-sandbox-platform-hmcts-net"
          + negotiate_client_certificate = true
          + subject                      = (known after apply)
          + thumbprint                   = (known after apply)
        }
      + gateway {
          + certificate_source           = (known after apply)
          + certificate_status           = (known after apply)
          + default_ssl_binding          = true
          + expiry                       = (known after apply)
          + host_name                    = "cft-api-mgmt-appgw.sandbox.platform.hmcts.net"
          + key_vault_id                 = "https://acmedcdcftappssbox.vault.azure.net/secrets/wildcard-sandbox-platform-hmcts-net"
          + negotiate_client_certificate = true
          + subject                      = (known after apply)
          + thumbprint                   = (known after apply)
        }
      + gateway {
          + certificate_source           = (known after apply)
          + certificate_status           = (known after apply)
          + default_ssl_binding          = true
          + expiry                       = (known after apply)
          + host_name                    = "cft-mtls-api-mgmt-appgw.sandbox.platform.hmcts.net"
          + key_vault_id                 = "https://acmedcdcftappssbox.vault.azure.net/secrets/wildcard-sandbox-platform-hmcts-net"
          + negotiate_client_certificate = true
          + subject                      = (known after apply)
          + thumbprint                   = (known after apply)
        }
    }

  # module.api-mgmt.azurerm_role_assignment.apim must be replaced
-/+ resource "azurerm_role_assignment" "apim" {
      ~ id                               = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-platform-sbox-rg/providers/Microsoft.KeyVault/vaults/acmedcdcftappssbox/providers/Microsoft.Authorization/roleAssignments/830fcbb4-d020-743e-a713-83e54891c9d3" -> (known after apply)
      ~ name                             = "830fcbb4-d020-743e-a713-83e54891c9d3" -> (known after apply)
      ~ principal_id                     = "ffb21f6c-fa49-4b24-843d-ddb4c100cbf6" # forces replacement -> (known after apply) # forces replacement
      ~ principal_type                   = "ServicePrincipal" -> (known after apply)
      ~ role_definition_id               = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/providers/Microsoft.Authorization/roleDefinitions/4633458b-17de-408a-b874-0445c86b69e6" -> (known after apply)
      + skip_service_principal_aad_check = (known after apply)
        # (2 unchanged attributes hidden)
    }

Plan: 2 to add, 1 to change, 1 to destroy.

@hmcts-platform-operations
Copy link

Plan Result (ptl_dynatrace_activegate)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (prod_frontendappgateway)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (ithc_frontendappgateway)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (test_frontendappgateway)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (prod_apim)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (test_apim)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (prod_backendappgateway)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (prod_shutter_webapp)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (test_backendappgateway)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (test_cftapps_private_dns)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (demo_apim)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (ithc_apim)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (stg_backendappgateway)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (sbox_global)

⚠️ Resource Deletion will happen ⚠️

This plan contains resource delete operation. Please check the plan result very carefully!

Plan: 18 to add, 0 to change, 4 to destroy.
  • Create
    • module.frontdoor_classic[0].azurerm_cdn_frontdoor_custom_domain.custom_domain["plumclassic"]
    • module.frontdoor_classic[0].azurerm_cdn_frontdoor_custom_domain_association.custom_association_A["plumclassic"]
    • module.frontdoor_classic[0].azurerm_cdn_frontdoor_custom_domain_association.custom_association_B["plumclassic"]
    • module.frontdoor_classic[0].azurerm_cdn_frontdoor_endpoint.endpoint
    • module.frontdoor_classic[0].azurerm_cdn_frontdoor_firewall_policy.custom["plumclassic"]
    • module.frontdoor_classic[0].azurerm_cdn_frontdoor_origin.defaultBackend_origin
    • module.frontdoor_classic[0].azurerm_cdn_frontdoor_origin.front_door_origin["plumclassic"]
    • module.frontdoor_classic[0].azurerm_cdn_frontdoor_origin_group.defaultBackend
    • module.frontdoor_classic[0].azurerm_cdn_frontdoor_origin_group.origin_group["plumclassic"]
    • module.frontdoor_classic[0].azurerm_cdn_frontdoor_profile.front_door
    • module.frontdoor_classic[0].azurerm_cdn_frontdoor_route.default_routing_rule
    • module.frontdoor_classic[0].azurerm_cdn_frontdoor_route.routing_rule_A["plumclassic"]
    • module.frontdoor_classic[0].azurerm_cdn_frontdoor_route.routing_rule_B["plumclassic"]
    • module.frontdoor_classic[0].azurerm_cdn_frontdoor_rule.https_redirect_rules
    • module.frontdoor_classic[0].azurerm_cdn_frontdoor_rule_set.https_redirect
    • module.frontdoor_classic[0].azurerm_cdn_frontdoor_security_policy.security_policy["plumclassic"]
    • module.frontdoor_classic[0].azurerm_dns_txt_record.public_dns_record["plumclassic"]
  • Delete
    • module.frontdoor_classic[0].azurerm_frontdoor.main
    • module.frontdoor_classic[0].azurerm_frontdoor_custom_https_configuration.https["plumclassic"]
    • module.frontdoor_classic[0].azurerm_frontdoor_firewall_policy.custom["plumclassic"]
  • Replace
    • module.frontdoor_classic[0].azurerm_monitor_diagnostic_setting.frontdoor_diagnostics
Change Result (Click me) 
  # module.frontdoor_classic[0].azurerm_cdn_frontdoor_custom_domain.custom_domain["plumclassic"] will be created
  + resource "azurerm_cdn_frontdoor_custom_domain" "custom_domain" {
      + cdn_frontdoor_profile_id = (known after apply)
      + expiration_date          = (known after apply)
      + host_name                = "plumclassic.sandbox.platform.hmcts.net"
      + id                       = (known after apply)
      + name                     = "plumclassic"
      + validation_token         = (known after apply)

      + tls {
          + cdn_frontdoor_secret_id = (known after apply)
          + certificate_type        = "ManagedCertificate"
          + minimum_tls_version     = "TLS12"
        }
    }

  # module.frontdoor_classic[0].azurerm_cdn_frontdoor_custom_domain_association.custom_association_A["plumclassic"] will be created
  + resource "azurerm_cdn_frontdoor_custom_domain_association" "custom_association_A" {
      + cdn_frontdoor_custom_domain_id = (known after apply)
      + cdn_frontdoor_route_ids        = (known after apply)
      + id                             = (known after apply)
    }

  # module.frontdoor_classic[0].azurerm_cdn_frontdoor_custom_domain_association.custom_association_B["plumclassic"] will be created
  + resource "azurerm_cdn_frontdoor_custom_domain_association" "custom_association_B" {
      + cdn_frontdoor_custom_domain_id = (known after apply)
      + cdn_frontdoor_route_ids        = (known after apply)
      + id                             = (known after apply)
    }

  # module.frontdoor_classic[0].azurerm_cdn_frontdoor_endpoint.endpoint will be created
  + resource "azurerm_cdn_frontdoor_endpoint" "endpoint" {
      + cdn_frontdoor_profile_id = (known after apply)
      + enabled                  = true
      + host_name                = (known after apply)
      + id                       = (known after apply)
      + name                     = "cnphmcts-classic-sbox"
      + tags                     = {
          + "application"  = "core"
          + "builtFrom"    = "hmcts/azure-platform-terraform"
          + "businessArea" = "CFT"
          + "criticality"  = "Low"
          + "environment"  = "sandbox"
          + "expiresAfter" = "3000-01-01"
        }
    }

  # module.frontdoor_classic[0].azurerm_cdn_frontdoor_firewall_policy.custom["plumclassic"] will be created
  + resource "azurerm_cdn_frontdoor_firewall_policy" "custom" {
      + enabled               = true
      + frontend_endpoint_ids = (known after apply)
      + id                    = (known after apply)
      + mode                  = "Prevention"
      + name                  = "plumclassicsbox"
      + resource_group_name   = "lz-sbox-rg"
      + sku_name              = "Premium_AzureFrontDoor"
      + tags                  = {
          + "application"  = "core"
          + "builtFrom"    = "hmcts/azure-platform-terraform"
          + "businessArea" = "CFT"
          + "criticality"  = "Low"
          + "environment"  = "sandbox"
          + "expiresAfter" = "3000-01-01"
        }

      + managed_rule {
          + action  = "Block"
          + type    = "DefaultRuleSet"
          + version = "1.0"
        }
    }

  # module.frontdoor_classic[0].azurerm_cdn_frontdoor_origin.defaultBackend_origin will be created
  + resource "azurerm_cdn_frontdoor_origin" "defaultBackend_origin" {
      + cdn_frontdoor_origin_group_id  = (known after apply)
      + certificate_name_check_enabled = true
      + enabled                        = true
      + health_probes_enabled          = (known after apply)
      + host_name                      = "www.bing.com"
      + http_port                      = 80
      + https_port                     = 443
      + id                             = (known after apply)
      + name                           = "defaultBackend"
      + origin_host_header             = "www.bing.com"
      + priority                       = 1
      + weight                         = 50
    }

  # module.frontdoor_classic[0].azurerm_cdn_frontdoor_origin.front_door_origin["plumclassic"] will be created
  + resource "azurerm_cdn_frontdoor_origin" "front_door_origin" {
      + cdn_frontdoor_origin_group_id  = (known after apply)
      + certificate_name_check_enabled = true
      + enabled                        = true
      + health_probes_enabled          = (known after apply)
      + host_name                      = "firewall-sbox-int-palo-sbox.uksouth.cloudapp.azure.com"
      + http_port                      = 80
      + https_port                     = 443
      + id                             = (known after apply)
      + name                           = "plumclassic"
      + origin_host_header             = "plumclassic.sandbox.platform.hmcts.net"
      + priority                       = 1
      + weight                         = 50
    }

  # module.frontdoor_classic[0].azurerm_cdn_frontdoor_origin_group.defaultBackend will be created
  + resource "azurerm_cdn_frontdoor_origin_group" "defaultBackend" {
      + cdn_frontdoor_profile_id                                  = (known after apply)
      + id                                                        = (known after apply)
      + name                                                      = "defaultBackend"
      + restore_traffic_time_to_healed_or_new_endpoint_in_minutes = 10
      + session_affinity_enabled                                  = false

      + load_balancing {
          + additional_latency_in_milliseconds = 0
          + sample_size                        = 4
          + successful_samples_required        = 2
        }
    }

  # module.frontdoor_classic[0].azurerm_cdn_frontdoor_origin_group.origin_group["plumclassic"] will be created
  + resource "azurerm_cdn_frontdoor_origin_group" "origin_group" {
      + cdn_frontdoor_profile_id                                  = (known after apply)
      + id                                                        = (known after apply)
      + name                                                      = "plumclassic"
      + restore_traffic_time_to_healed_or_new_endpoint_in_minutes = 10
      + session_affinity_enabled                                  = false

      + load_balancing {
          + additional_latency_in_milliseconds = 0
          + sample_size                        = 4
          + successful_samples_required        = 2
        }
    }

  # module.frontdoor_classic[0].azurerm_cdn_frontdoor_profile.front_door will be created
  + resource "azurerm_cdn_frontdoor_profile" "front_door" {
      + id                       = (known after apply)
      + name                     = "cnphmcts-classic-sbox"
      + resource_group_name      = "lz-sbox-rg"
      + resource_guid            = (known after apply)
      + response_timeout_seconds = 120
      + sku_name                 = "Premium_AzureFrontDoor"
      + tags                     = {
          + "application"  = "core"
          + "builtFrom"    = "hmcts/azure-platform-terraform"
          + "businessArea" = "CFT"
          + "criticality"  = "Low"
          + "environment"  = "sandbox"
          + "expiresAfter" = "3000-01-01"
        }
    }

  # module.frontdoor_classic[0].azurerm_cdn_frontdoor_route.default_routing_rule will be created
  + resource "azurerm_cdn_frontdoor_route" "default_routing_rule" {
      + cdn_frontdoor_endpoint_id     = (known after apply)
      + cdn_frontdoor_origin_group_id = (known after apply)
      + cdn_frontdoor_origin_ids      = (known after apply)
      + enabled                       = true
      + forwarding_protocol           = "MatchRequest"
      + https_redirect_enabled        = false
      + id                            = (known after apply)
      + link_to_default_domain        = true
      + name                          = "defaultRouting"
      + patterns_to_match             = [
          + "/*",
        ]
      + supported_protocols           = [
          + "Http",
          + "Https",
        ]
    }

  # module.frontdoor_classic[0].azurerm_cdn_frontdoor_route.routing_rule_A["plumclassic"] will be created
  + resource "azurerm_cdn_frontdoor_route" "routing_rule_A" {
      + cdn_frontdoor_custom_domain_ids = (known after apply)
      + cdn_frontdoor_endpoint_id       = (known after apply)
      + cdn_frontdoor_origin_group_id   = (known after apply)
      + cdn_frontdoor_origin_ids        = (known after apply)
      + enabled                         = true
      + forwarding_protocol             = "HttpOnly"
      + https_redirect_enabled          = false
      + id                              = (known after apply)
      + link_to_default_domain          = false
      + name                            = "plumclassic"
      + patterns_to_match               = [
          + "/*",
        ]
      + supported_protocols             = [
          + "Https",
        ]

      + cache {
          + compression_enabled           = false
          + query_string_caching_behavior = "UseQueryString"
        }
    }

  # module.frontdoor_classic[0].azurerm_cdn_frontdoor_route.routing_rule_B["plumclassic"] will be created
  + resource "azurerm_cdn_frontdoor_route" "routing_rule_B" {
      + cdn_frontdoor_custom_domain_ids = (known after apply)
      + cdn_frontdoor_endpoint_id       = (known after apply)
      + cdn_frontdoor_origin_group_id   = (known after apply)
      + cdn_frontdoor_origin_ids        = (known after apply)
      + cdn_frontdoor_rule_set_ids      = (known after apply)
      + enabled                         = true
      + forwarding_protocol             = "MatchRequest"
      + https_redirect_enabled          = false
      + id                              = (known after apply)
      + link_to_default_domain          = false
      + name                            = "plumclassicHttpsRedirect"
      + patterns_to_match               = [
          + "/*",
        ]
      + supported_protocols             = [
          + "Http",
        ]
    }

  # module.frontdoor_classic[0].azurerm_cdn_frontdoor_rule.https_redirect_rules will be created
  + resource "azurerm_cdn_frontdoor_rule" "https_redirect_rules" {
      + behavior_on_match           = "Continue"
      + cdn_frontdoor_rule_set_id   = (known after apply)
      + cdn_frontdoor_rule_set_name = (known after apply)
      + id                          = (known after apply)
      + name                        = "httpsredirectrule"
      + order                       = 1

      + actions {
          + url_redirect_action {
              + redirect_protocol = "Https"
              + redirect_type     = "Moved"
            }
        }
    }

  # module.frontdoor_classic[0].azurerm_cdn_frontdoor_rule_set.https_redirect will be created
  + resource "azurerm_cdn_frontdoor_rule_set" "https_redirect" {
      + cdn_frontdoor_profile_id = (known after apply)
      + id                       = (known after apply)
      + name                     = "httpsredirect"
    }

  # module.frontdoor_classic[0].azurerm_cdn_frontdoor_security_policy.security_policy["plumclassic"] will be created
  + resource "azurerm_cdn_frontdoor_security_policy" "security_policy" {
      + cdn_frontdoor_profile_id = (known after apply)
      + id                       = (known after apply)
      + name                     = "plumclassic-Security-Policy"

      + security_policies {
          + firewall {
              + cdn_frontdoor_firewall_policy_id = (known after apply)

              + association {
                  + patterns_to_match = [
                      + "/*",
                    ]

                  + domain {
                      + active                  = (known after apply)
                      + cdn_frontdoor_domain_id = (known after apply)
                    }
                }
            }
        }
    }

  # module.frontdoor_classic[0].azurerm_dns_txt_record.public_dns_record["plumclassic"] will be created
  + resource "azurerm_dns_txt_record" "public_dns_record" {
      + fqdn                = (known after apply)
      + id                  = (known after apply)
      + name                = "_dnsauth.plumclassic"
      + resource_group_name = "reformmgmtrg"
      + ttl                 = 3600
      + zone_name           = "sandbox.platform.hmcts.net"

      + record {
          + value = (known after apply)
        }
    }

  # module.frontdoor_classic[0].azurerm_frontdoor.main will be destroyed
  # (because azurerm_frontdoor.main is not in configuration)
  - resource "azurerm_frontdoor" "main" {
      - backend_pool_health_probes           = {
          - "defaultHealthProbe"              = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/healthProbeSettings/defaultHealthProbe"
          - "healthProbeSettings-plumclassic" = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/healthProbeSettings/healthProbeSettings-plumclassic"
        } -> null
      - backend_pool_load_balancing_settings = {
          - "defaultLoadBalancing"              = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/loadBalancingSettings/defaultLoadBalancing"
          - "loadBalancingSettings-plumclassic" = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/loadBalancingSettings/loadBalancingSettings-plumclassic"
        } -> null
      - backend_pools                        = {
          - "defaultBackend" = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/backendPools/defaultBackend"
          - "plumclassic"    = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/backendPools/plumclassic"
        } -> null
      - cname                                = "cnphmcts-classic-sbox.azurefd.net" -> null
      - explicit_resource_order              = [
          - {
              - backend_pool_health_probe_ids   = [
                  - "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/healthProbeSettings/defaultHealthProbe",
                  - "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/healthProbeSettings/healthProbeSettings-plumclassic",
                ]
              - backend_pool_ids                = [
                  - "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/backendPools/defaultBackend",
                  - "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/backendPools/plumclassic",
                ]
              - backend_pool_load_balancing_ids = [
                  - "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/loadBalancingSettings/defaultLoadBalancing",
                  - "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/loadBalancingSettings/loadBalancingSettings-plumclassic",
                ]
              - frontend_endpoint_ids           = [
                  - "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/frontendEndpoints/cnphmcts-classic-sbox-azurefd-net",
                  - "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/frontendEndpoints/plumclassic",
                ]
              - routing_rule_ids                = [
                  - "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/routingRules/defaultRouting",
                  - "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/routingRules/plumclassic",
                  - "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/routingRules/plumclassicHttpsRedirect",
                ]
            },
        ] -> null
      - friendly_name                        = "cnphmcts-classic-sbox" -> null
      - frontend_endpoints                   = {
          - "cnphmcts-classic-sbox-azurefd-net" = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/frontendEndpoints/cnphmcts-classic-sbox-azurefd-net"
          - "plumclassic"                       = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/frontendEndpoints/plumclassic"
        } -> null
      - header_frontdoor_id                  = "9e362054-7148-42d5-a9ab-f02d78810574" -> null
      - id                                   = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox" -> null
      - load_balancer_enabled                = false -> null
      - name                                 = "cnphmcts-classic-sbox" -> null
      - resource_group_name                  = "lz-sbox-rg" -> null
      - routing_rules                        = {
          - "defaultRouting"           = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/routingRules/defaultRouting"
          - "plumclassic"              = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/routingRules/plumclassic"
          - "plumclassicHttpsRedirect" = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/routingRules/plumclassicHttpsRedirect"
        } -> null
      - tags                                 = {
          - "application"  = "core"
          - "builtFrom"    = "hmcts/azure-platform-terraform"
          - "businessArea" = "CFT"
          - "criticality"  = "Low"
          - "environment"  = "sandbox"
          - "expiresAfter" = "3000-01-01"
        } -> null

      - backend_pool {
          - health_probe_name   = "defaultHealthProbe" -> null
          - id                  = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/backendPools/defaultBackend" -> null
          - load_balancing_name = "defaultLoadBalancing" -> null
          - name                = "defaultBackend" -> null

          - backend {
              - address     = "www.bing.com" -> null
              - enabled     = true -> null
              - host_header = "www.bing.com" -> null
              - http_port   = 80 -> null
              - https_port  = 443 -> null
              - priority    = 1 -> null
              - weight      = 50 -> null
            }
        }
      - backend_pool {
          - health_probe_name   = "healthProbeSettings-plumclassic" -> null
          - id                  = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/backendPools/plumclassic" -> null
          - load_balancing_name = "loadBalancingSettings-plumclassic" -> null
          - name                = "plumclassic" -> null

          - backend {
              - address     = "firewall-sbox-int-palo-sbox.uksouth.cloudapp.azure.com" -> null
              - enabled     = true -> null
              - host_header = "plumclassic.sandbox.platform.hmcts.net" -> null
              - http_port   = 80 -> null
              - https_port  = 443 -> null
              - priority    = 1 -> null
              - weight      = 50 -> null
            }
        }

      - backend_pool_health_probe {
          - enabled             = true -> null
          - id                  = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/healthProbeSettings/defaultHealthProbe" -> null
          - interval_in_seconds = 120 -> null
          - name                = "defaultHealthProbe" -> null
          - path                = "/" -> null
          - probe_method        = "GET" -> null
          - protocol            = "Http" -> null
        }
      - backend_pool_health_probe {
          - enabled             = false -> null
          - id                  = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/healthProbeSettings/healthProbeSettings-plumclassic" -> null
          - interval_in_seconds = 120 -> null
          - name                = "healthProbeSettings-plumclassic" -> null
          - path                = "/health/liveness" -> null
          - probe_method        = "GET" -> null
          - protocol            = "Http" -> null
        }

      - backend_pool_load_balancing {
          - additional_latency_milliseconds = 0 -> null
          - id                              = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/loadBalancingSettings/defaultLoadBalancing" -> null
          - name                            = "defaultLoadBalancing" -> null
          - sample_size                     = 4 -> null
          - successful_samples_required     = 2 -> null
        }
      - backend_pool_load_balancing {
          - additional_latency_milliseconds = 0 -> null
          - id                              = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/loadBalancingSettings/loadBalancingSettings-plumclassic" -> null
          - name                            = "loadBalancingSettings-plumclassic" -> null
          - sample_size                     = 4 -> null
          - successful_samples_required     = 2 -> null
        }

      - backend_pool_settings {
          - backend_pools_send_receive_timeout_seconds   = 60 -> null
          - enforce_backend_pools_certificate_name_check = true -> null
        }

      - frontend_endpoint {
          - host_name                    = "cnphmcts-classic-sbox.azurefd.net" -> null
          - id                           = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/frontendEndpoints/cnphmcts-classic-sbox-azurefd-net" -> null
          - name                         = "cnphmcts-classic-sbox-azurefd-net" -> null
          - session_affinity_enabled     = false -> null
          - session_affinity_ttl_seconds = 0 -> null
        }
      - frontend_endpoint {
          - host_name                               = "plumclassic.sandbox.platform.hmcts.net" -> null
          - id                                      = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/frontendEndpoints/plumclassic" -> null
          - name                                    = "plumclassic" -> null
          - session_affinity_enabled                = false -> null
          - session_affinity_ttl_seconds            = 0 -> null
          - web_application_firewall_policy_link_id = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies/plumclassicsbox" -> null
        }

      - routing_rule {
          - accepted_protocols = [
              - "Http",
              - "Https",
            ] -> null
          - enabled            = true -> null
          - frontend_endpoints = [
              - "cnphmcts-classic-sbox-azurefd-net",
            ] -> null
          - id                 = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/routingRules/defaultRouting" -> null
          - name               = "defaultRouting" -> null
          - patterns_to_match  = [
              - "/*",
            ] -> null

          - forwarding_configuration {
              - backend_pool_name                     = "defaultBackend" -> null
              - cache_enabled                         = false -> null
              - cache_query_parameter_strip_directive = "StripAll" -> null
              - cache_query_parameters                = [] -> null
              - cache_use_dynamic_compression         = false -> null
              - forwarding_protocol                   = "MatchRequest" -> null
            }
        }
      - routing_rule {
          - accepted_protocols = [
              - "Https",
            ] -> null
          - enabled            = true -> null
          - frontend_endpoints = [
              - "plumclassic",
            ] -> null
          - id                 = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/routingRules/plumclassic" -> null
          - name               = "plumclassic" -> null
          - patterns_to_match  = [
              - "/*",
            ] -> null

          - forwarding_configuration {
              - backend_pool_name                     = "plumclassic" -> null
              - cache_enabled                         = true -> null
              - cache_query_parameter_strip_directive = "StripNone" -> null
              - cache_query_parameters                = [] -> null
              - cache_use_dynamic_compression         = false -> null
              - forwarding_protocol                   = "HttpOnly" -> null
            }
        }
      - routing_rule {
          - accepted_protocols = [
              - "Http",
            ] -> null
          - enabled            = true -> null
          - frontend_endpoints = [
              - "plumclassic",
            ] -> null
          - id                 = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/routingRules/plumclassicHttpsRedirect" -> null
          - name               = "plumclassicHttpsRedirect" -> null
          - patterns_to_match  = [
              - "/*",
            ] -> null

          - redirect_configuration {
              - redirect_protocol = "HttpsOnly" -> null
              - redirect_type     = "Moved" -> null
            }
        }
    }

  # module.frontdoor_classic[0].azurerm_frontdoor_custom_https_configuration.https["plumclassic"] will be destroyed
  # (because azurerm_frontdoor_custom_https_configuration.https is not in configuration)
  - resource "azurerm_frontdoor_custom_https_configuration" "https" {
      - custom_https_provisioning_enabled = true -> null
      - frontend_endpoint_id              = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/frontendEndpoints/plumclassic" -> null
      - id                                = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox/customHttpsConfiguration/plumclassic" -> null

      - custom_https_configuration {
          - certificate_source    = "FrontDoor" -> null
          - minimum_tls_version   = "1.2" -> null
          - provisioning_state    = "Enabled" -> null
          - provisioning_substate = "CertificateDeployed" -> null
        }
    }

  # module.frontdoor_classic[0].azurerm_frontdoor_firewall_policy.custom["plumclassic"] will be destroyed
  # (because azurerm_frontdoor_firewall_policy.custom is not in configuration)
  - resource "azurerm_frontdoor_firewall_policy" "custom" {
      - custom_block_response_status_code = 0 -> null
      - enabled                           = true -> null
      - frontend_endpoint_ids             = [
          - "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourcegroups/lz-sbox-rg/providers/Microsoft.Network/frontdoors/cnphmcts-classic-sbox/frontendendpoints/plumclassic",
        ] -> null
      - id                                = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies/plumclassicsbox" -> null
      - location                          = "global" -> null
      - mode                              = "Prevention" -> null
      - name                              = "plumclassicsbox" -> null
      - resource_group_name               = "lz-sbox-rg" -> null
      - tags                              = {
          - "application"  = "core"
          - "builtFrom"    = "hmcts/azure-platform-terraform"
          - "businessArea" = "CFT"
          - "criticality"  = "Low"
          - "environment"  = "sandbox"
          - "expiresAfter" = "3000-01-01"
        } -> null

      - managed_rule {
          - type    = "DefaultRuleSet" -> null
          - version = "1.0" -> null
        }
    }

  # module.frontdoor_classic[0].azurerm_monitor_diagnostic_setting.frontdoor_diagnostics must be replaced
-/+ resource "azurerm_monitor_diagnostic_setting" "frontdoor_diagnostics" {
      ~ id                             = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox|fd-log-analytics" -> (known after apply)
      + log_analytics_destination_type = (known after apply)
        name                           = "fd-log-analytics"
      ~ target_resource_id             = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Network/frontDoors/cnphmcts-classic-sbox" # forces replacement -> (known after apply) # forces replacement
        # (1 unchanged attribute hidden)

      - enabled_log {
          - category = "FrontdoorAccessLog" -> null

          - retention_policy {
              - days    = 0 -> null
              - enabled = true -> null
            }
        }
      - enabled_log {
          - category = "FrontdoorWebApplicationFirewallLog" -> null

          - retention_policy {
              - days    = 0 -> null
              - enabled = true -> null
            }
        }
      + enabled_log {
          + category = "FrontdoorAccessLog"
        }
      + enabled_log {
          + category = "FrontdoorWebApplicationFirewallLog"
        }

      - log {
          - category = "FrontdoorAccessLog" -> null
          - enabled  = true -> null

          - retention_policy {
              - days    = 0 -> null
              - enabled = true -> null
            }
        }
      - log {
          - category = "FrontdoorWebApplicationFirewallLog" -> null
          - enabled  = true -> null

          - retention_policy {
              - days    = 0 -> null
              - enabled = true -> null
            }
        }

      - metric {
          - category = "AllMetrics" -> null
          - enabled  = true -> null

          - retention_policy {
              - days    = 0 -> null
              - enabled = true -> null
            }
        }
      + metric {
          + category = "AllMetrics"
          + enabled  = true
        }
    }

Plan: 18 to add, 0 to change, 4 to destroy.

@hmcts-platform-operations
Copy link

Plan Result (dev_global)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (perftest_global)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (ithc_global)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (prod_global)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (aat_global)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (demo_global)

No changes. Your infrastructure matches the configuration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@madjava madjava Awaiting requested review from madjava madjava is a code owner automatically assigned from hmcts/platform-operations

@ssian2 ssian2 Awaiting requested review from ssian2 ssian2 is a code owner automatically assigned from hmcts/platform-operations

@SalimKainos SalimKainos Awaiting requested review from SalimKainos SalimKainos is a code owner automatically assigned from hmcts/platform-operations

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
aat_global/no-changes demo_apim/no-changes demo_backendappgateway/no-changes demo_frontendappgateway/no-changes demo_global/no-changes demo_private_dns/no-changes dev_global/no-changes ithc_apim/no-changes ithc_backendappgateway/no-changes ithc_frontendappgateway/no-changes ithc_global/no-changes ithc_private_dns/no-changes perftest_global/no-changes prod_apim/no-changes prod_backendappgateway/no-changes prod_frontendappgateway/no-changes prod_global/no-changes prod_private_dns/no-changes prod_shutter_webapp/no-changes ptl_dynatrace_activegate/no-changes sbox_apim_appgw/no-changes sbox_apim/destroy sbox_backendappgateway/no-changes sbox_frontendappgateway/no-changes sbox_global/destroy sbox_private_dns/no-changes sbox_shutter_webapp/no-changes stg_apim/no-changes stg_backendappgateway/no-changes stg_frontendappgateway/no-changes stg_private_dns/no-changes test_apim_appgw/no-changes test_apim/no-changes test_backendappgateway/no-changes test_cftapps_private_dns/no-changes test_frontendappgateway/no-changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cpareek @hmcts-platform-operations