Update terraform tooling to the latest version (#755)

Azure · Oct 5, 2022 · 5112af4 · 5112af4
1 parent 320881f
commit 5112af4
Show file tree

Hide file tree

Showing 12 changed files with 53 additions and 42 deletions.
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -6,18 +6,18 @@ FROM ubuntu:20.04
 ENV DEBIAN_FRONTEND=noninteractive
 
 # Terraform, providers and tflint versions
-ARG TERRAFORM_VERSION=1.1.2
-ARG AZURERM_VERSION=2.90.0
-ARG RANDOM_VERSION=3.1.0
-ARG TIME_VERSION=0.7.2
-ARG TFLINT_VERSION=0.34.0
-ARG TFLINT_AZURERM=0.14.0
+ARG TERRAFORM_VERSION=1.2.9
+ARG AZURERM_VERSION=3.23.0
+ARG RANDOM_VERSION=3.4.3
+ARG TIME_VERSION=0.8.0
+ARG TFLINT_VERSION=0.40.0
+ARG TFLINT_AZURERM=0.18.0
 
 # Azure CLI version
-ARG AZURE_CLI_VERSION=2.31.0-1~focal
+ARG AZURE_CLI_VERSION=2.40.0-1~focal
 
 # Bicep version
-ARG BICEP_VERSION=v0.4.1272
+ARG BICEP_VERSION=v0.10.61
 
 # Update distro (software-properties-common installs the add-apt-repository command)
 RUN apt-get update \

diff --git a/.github/workflows/validate-build-bicep.yml b/.github/workflows/validate-build-bicep.yml
@@ -10,7 +10,7 @@ on:
  - 'src/bicep/**'
  - '!src/bicep/**.md'
 env:
- BICEP_VERSION: 'v0.4.1272'
+ BICEP_VERSION: 'v0.10.61'
 jobs:
  validate-build:
  runs-on: ubuntu-latest

diff --git a/src/terraform/mlz/main.tf b/src/terraform/mlz/main.tf
@@ -12,19 +12,19 @@ terraform {
  */
  backend "local" {}
 
- required_version = ">= 1.0.11"
+ required_version = ">= 1.2.9"
  required_providers {
  azurerm = {
  source = "hashicorp/azurerm"
- version = "= 2.90.0"
+ version = "= 3.23.0"
  }
  random = {
  source = "hashicorp/random"
- version = "= 3.1.0"
+ version = "= 3.4.3"
  }
  time = {
  source = "hashicorp/time"
- version = "0.7.2"
+ version = "0.8.0"
  }
  }
 }
@@ -131,7 +131,7 @@ locals {
 resource "random_id" "random" {
  keepers = {
  # Generate a new id each time we change resourePrefix variable
- resourcePrefix = "${var.resourcePrefix}"
+ resourcePrefix = var.resourcePrefix
  }
  byte_length = 8
 }
@@ -338,6 +338,7 @@ module "firewall" {
  client_address_space = var.hub_client_address_space
 
  firewall_name = var.firewall_name
+ firewall_sku_name = var.firewall_sku_name
  firewall_sku = contains(local.firewall_premium_environments, lower(var.environment)) ? "Premium" : "Standard"
  firewall_client_subnet_name = module.hub-network.firewall_client_subnet_name
  firewall_management_subnet_name = module.hub-network.firewall_management_subnet_name
@@ -507,8 +508,8 @@ module "jumpbox-subnet" {
  address_prefixes = var.jumpbox_subnet.address_prefixes
  service_endpoints = lookup(var.jumpbox_subnet, "service_endpoints", [])
 
- enforce_private_link_endpoint_network_policies = lookup(var.jumpbox_subnet, "enforce_private_link_endpoint_network_policies", null)
- enforce_private_link_service_network_policies = lookup(var.jumpbox_subnet, "enforce_private_link_service_network_policies", null)
+ private_endpoint_network_policies_enabled = lookup(var.jumpbox_subnet, "private_endpoint_network_policies_enabled", null)
+ private_link_service_network_policies_enabled = lookup(var.jumpbox_subnet, "private_link_service_network_policies_enabled", null)
 
  nsg_name = var.jumpbox_subnet.nsg_name
  nsg_rules = var.jumpbox_subnet.nsg_rules

diff --git a/src/terraform/mlz/variables.tf b/src/terraform/mlz/variables.tf
@@ -86,6 +86,12 @@ variable "firewall_name" {
  default = "firewall"
 }
 
+variable "firewall_sku_name" {
+ description = "SKU name of the Firewall. Possible values are AZFW_Hub and AZFW_VNet."
+ type = string
+ default = "AZFW_VNet"
+}
+
 variable "firewall_policy_name" {
  description = "Name of the firewall policy to apply to the hub firewall"
  type = string
@@ -161,8 +167,8 @@ variable "jumpbox_subnet" {
  address_prefixes = list(string)
  service_endpoints = list(string)
 
- enforce_private_link_endpoint_network_policies = bool
- enforce_private_link_service_network_policies  = bool
+ private_endpoint_network_policies_enabled  = bool
+ private_link_service_network_policies_enabled = bool
 
  nsg_name = string
  nsg_rules = map(object({
@@ -184,8 +190,8 @@ variable "jumpbox_subnet" {
  address_prefixes = ["10.0.100.160/27"]
  service_endpoints = ["Microsoft.Storage"]
 
- enforce_private_link_endpoint_network_policies = false
- enforce_private_link_service_network_policies  = false
+ private_endpoint_network_policies_enabled  = false
+ private_link_service_network_policies_enabled = false
 
  nsg_name = "jumpbox-subnet-nsg"
  nsg_rules = {

diff --git a/src/terraform/modules/bastion/main.tf b/src/terraform/modules/bastion/main.tf
@@ -23,7 +23,6 @@ resource "azurerm_public_ip" "bastion_host_pip" {
  resource_group_name = var.resource_group_name
  allocation_method = "Static"
  sku = "Standard"
- availability_zone = "No-Zone"
  tags = var.tags
 }
 

diff --git a/src/terraform/modules/firewall/main.tf b/src/terraform/modules/firewall/main.tf
@@ -27,7 +27,6 @@ resource "azurerm_public_ip" "fw_client_pip" {
  resource_group_name = data.azurerm_resource_group.hub.name
  allocation_method = "Static"
  sku = "Standard"
- availability_zone = "No-Zone"
  tags = var.tags
 }
 
@@ -37,7 +36,6 @@ resource "azurerm_public_ip" "fw_mgmt_pip" {
  resource_group_name = data.azurerm_resource_group.hub.name
  allocation_method = "Static"
  sku = "Standard"
- availability_zone = "No-Zone"
  tags = var.tags
 }
 
@@ -53,6 +51,7 @@ resource "azurerm_firewall" "firewall" {
  name = var.firewall_name
  location = var.location
  resource_group_name = data.azurerm_resource_group.hub.name
+ sku_name = var.firewall_sku_name
  sku_tier = var.firewall_sku
  private_ip_ranges = var.disable_snat_ip_range
  firewall_policy_id = azurerm_firewall_policy.firewallpolicy.id

diff --git a/src/terraform/modules/firewall/variables.tf b/src/terraform/modules/firewall/variables.tf
@@ -26,6 +26,11 @@ variable "vnet_address_space" {
  type = list(string)
 }
 
+variable "firewall_sku_name" {
+ description = "SKU name of the Firewall. Possible values are AZFW_Hub and AZFW_VNet."
+ type = string
+}
+
 variable "firewall_sku" {
  description = "The SKU for Azure Firewall"
  type = string

diff --git a/src/terraform/modules/jumpbox/main.tf b/src/terraform/modules/jumpbox/main.tf
@@ -18,16 +18,16 @@ resource "azurerm_key_vault" "jumpbox-keyvault" {
  object_id = var.object_id
 
  key_permissions = [
- "create",
- "get",
+ "Create",
+ "Get",
  ]
 
  secret_permissions = [
- "set",
- "get",
- "delete",
- "purge",
- "recover"
+ "Set",
+ "Get",
+ "Delete",
+ "Purge",
+ "Recover"
  ]
  }
 
@@ -49,7 +49,7 @@ resource "random_password" "windows-jumpbox-password" {
  length = random_integer.windows-jumpbox-password.result
  upper = true
  lower = true
- number  = true
+ numeric = true
  special = true
  min_upper = 1
  min_lower = 1
@@ -72,7 +72,7 @@ resource "random_password" "linux-jumpbox-password" {
  length = random_integer.linux-jumpbox-password.result
  upper = true
  lower = true
- number  = true
+ numeric = true
  special = true
  min_upper = 1
  min_lower = 1

diff --git a/src/terraform/modules/spoke/main.tf b/src/terraform/modules/spoke/main.tf
@@ -24,8 +24,8 @@ module "subnets" {
  address_prefixes = each.value.address_prefixes
  service_endpoints = lookup(each.value, "service_endpoints", [])
 
- enforce_private_link_endpoint_network_policies = lookup(each.value, "enforce_private_link_endpoint_network_policies", null)
- enforce_private_link_service_network_policies = lookup(each.value, "enforce_private_link_service_network_policies", null)
+ private_endpoint_network_policies_enabled = lookup(each.value, "private_endpoint_network_policies_enabled", null)
+ private_link_service_network_policies_enabled = lookup(each.value, "private_link_service_network_policies_enabled", null)
 
  nsg_name = each.value.nsg_name
  nsg_rules = each.value.nsg_rules

diff --git a/src/terraform/modules/subnet/main.tf b/src/terraform/modules/subnet/main.tf
@@ -9,8 +9,8 @@ resource "azurerm_subnet" "subnet" {
 
  service_endpoints = var.service_endpoints
 
- enforce_private_link_endpoint_network_policies = var.enforce_private_link_endpoint_network_policies
- enforce_private_link_service_network_policies = var.enforce_private_link_service_network_policies
+ private_endpoint_network_policies_enabled = var.private_endpoint_network_policies_enabled
+ private_link_service_network_policies_enabled = var.private_link_service_network_policies_enabled
 }
 
 resource "azurerm_network_security_group" "nsg" {
@@ -92,6 +92,7 @@ resource "azurerm_monitor_diagnostic_setting" "nsg" {
 resource "azurerm_network_watcher_flow_log" "nsgfl" {
  depends_on = [azurerm_network_security_rule.nsgrules, azurerm_network_security_group.nsg]
 
+ name = var.name
  network_watcher_name = "NetworkWatcher_${replace(var.location, " ", "")}"
  resource_group_name = "NetworkWatcherRG"
 

diff --git a/src/terraform/modules/subnet/variables.tf b/src/terraform/modules/subnet/variables.tf
@@ -31,13 +31,13 @@ variable "service_endpoints" {
  type = list(string)
 }
 
-variable "enforce_private_link_endpoint_network_policies" {
- description = "Enforce Private Link Endpoints"
+variable "private_endpoint_network_policies_enabled" {
+ description = "Enable or Disable network policies for the private endpoint on the subnet."
  type = bool
 }
 
-variable "enforce_private_link_service_network_policies" {
- description = "Enforce Private Link Service"
+variable "private_link_service_network_policies_enabled" {
+ description = "Enable or Disable network policies for the private link service on the subnet."
  type = bool
 }
 

diff --git a/src/terraform/tier3/main.tf b/src/terraform/tier3/main.tf
@@ -12,11 +12,11 @@ terraform {
  */
  backend "local" {}
 
- required_version = ">= 1.0.11"
+ required_version = ">= 1.2.9"
  required_providers {
  azurerm = {
  source = "hashicorp/azurerm"
- version = "= 2.90.0"
+ version = "= 3.23.0"
  }
  }
 }