Skip to content
This repository has been archived by the owner on Dec 3, 2024. It is now read-only.

Commit

Permalink
Update Terraform github.com/DFE-Digital/terraform-azurerm-container-a…
Browse files Browse the repository at this point in the history
…pps-hosting to v1.12.0 (#129)

* Update Terraform github.com/DFE-Digital/terraform-azurerm-container-apps-hosting to v1.12.0

* Update Terraform github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars to v0.5.0

* Updated readme

* Updated lockfile

* Corrected deprecation

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
  • Loading branch information
renovate[bot] and DrizzlyOwl authored Sep 27, 2024
1 parent 9010dc3 commit f3f868c
Show file tree
Hide file tree
Showing 5 changed files with 30 additions and 60 deletions.
58 changes: 14 additions & 44 deletions terraform/.terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

18 changes: 9 additions & 9 deletions terraform/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -133,14 +133,14 @@ If everything looks good, answer `yes` and wait for the new infrastructure to be

| Name | Version |
|------|---------|
| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.113.0 |
| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 4.0.1 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_azure_container_apps_hosting"></a> [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.10.1 |
| <a name="module_azurerm_key_vault"></a> [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.4.2 |
| <a name="module_azure_container_apps_hosting"></a> [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.12.0 |
| <a name="module_azurerm_key_vault"></a> [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.5.0 |
| <a name="module_statuscake-tls-monitor"></a> [statuscake-tls-monitor](#module\_statuscake-tls-monitor) | github.com/dfe-digital/terraform-statuscake-tls-monitor | v0.1.4 |

## Resources
Expand Down Expand Up @@ -174,16 +174,16 @@ If everything looks good, answer `yes` and wait for the new infrastructure to be
| <a name="input_cdn_frontdoor_origin_fqdn_override"></a> [cdn\_frontdoor\_origin\_fqdn\_override](#input\_cdn\_frontdoor\_origin\_fqdn\_override) | Manually specify the hostname that the CDN Front Door should target. Defaults to the Container App FQDN | `string` | `""` | no |
| <a name="input_cdn_frontdoor_origin_host_header_override"></a> [cdn\_frontdoor\_origin\_host\_header\_override](#input\_cdn\_frontdoor\_origin\_host\_header\_override) | Manually specify the host header that the CDN sends to the target. Defaults to the recieved host header. Set to null to set it to the host\_name (`cdn_frontdoor_origin_fqdn_override`) | `string` | `""` | no |
| <a name="input_cdn_frontdoor_rate_limiting_duration_in_minutes"></a> [cdn\_frontdoor\_rate\_limiting\_duration\_in\_minutes](#input\_cdn\_frontdoor\_rate\_limiting\_duration\_in\_minutes) | CDN Front Door rate limiting duration in minutes | `number` | `5` | no |
| <a name="input_cdn_frontdoor_waf_custom_rules"></a> [cdn\_frontdoor\_waf\_custom\_rules](#input\_cdn\_frontdoor\_waf\_custom\_rules) | Map of all Custom rules you want to apply to the CDN WAF | <pre>map(object({<br> priority : number,<br> action : string<br> match_conditions : map(object({<br> match_variable : string,<br> match_values : optional(list(string), []),<br> operator : optional(string, "Any"),<br> selector : optional(string, null),<br> negation_condition : optional(bool, false),<br> }))<br> }))</pre> | `{}` | no |
| <a name="input_cdn_frontdoor_waf_custom_rules"></a> [cdn\_frontdoor\_waf\_custom\_rules](#input\_cdn\_frontdoor\_waf\_custom\_rules) | Map of all Custom rules you want to apply to the CDN WAF | <pre>map(object({<br/> priority : number,<br/> action : string<br/> match_conditions : map(object({<br/> match_variable : string,<br/> match_values : optional(list(string), []),<br/> operator : optional(string, "Any"),<br/> selector : optional(string, null),<br/> negation_condition : optional(bool, false),<br/> }))<br/> }))</pre> | `{}` | no |
| <a name="input_container_apps_allow_ips_inbound"></a> [container\_apps\_allow\_ips\_inbound](#input\_container\_apps\_allow\_ips\_inbound) | Restricts access to the Container Apps by creating a network security group rule that only allow inbound traffic from the provided list of IPs | `list(string)` | `[]` | no |
| <a name="input_container_command"></a> [container\_command](#input\_container\_command) | Container command | `list(any)` | n/a | yes |
| <a name="input_container_health_probe_path"></a> [container\_health\_probe\_path](#input\_container\_health\_probe\_path) | Specifies the path that is used to determine the liveness of the Container | `string` | `"/"` | no |
| <a name="input_container_health_probe_protocol"></a> [container\_health\_probe\_protocol](#input\_container\_health\_probe\_protocol) | Use HTTPS or a TCP connection for the Container liveness probe | `string` | `"tcp"` | no |
| <a name="input_container_scale_http_concurrency"></a> [container\_scale\_http\_concurrency](#input\_container\_scale\_http\_concurrency) | When the number of concurrent HTTP requests exceeds this value, then another replica is added. Replicas continue to add to the pool up to the max-replicas amount. | `number` | `10` | no |
| <a name="input_container_secret_environment_variables"></a> [container\_secret\_environment\_variables](#input\_container\_secret\_environment\_variables) | Container secret environment variables | `map(string)` | n/a | yes |
| <a name="input_dns_mx_records"></a> [dns\_mx\_records](#input\_dns\_mx\_records) | DNS MX records to add to the DNS Zone | <pre>map(<br> object({<br> ttl : optional(number, 300),<br> records : list(<br> object({<br> preference : number,<br> exchange : string<br> })<br> )<br> })<br> )</pre> | `{}` | no |
| <a name="input_dns_ns_records"></a> [dns\_ns\_records](#input\_dns\_ns\_records) | DNS NS records to add to the DNS Zone | <pre>map(<br> object({<br> ttl : optional(number, 300),<br> records : list(string)<br> })<br> )</pre> | n/a | yes |
| <a name="input_dns_txt_records"></a> [dns\_txt\_records](#input\_dns\_txt\_records) | DNS TXT records to add to the DNS Zone | <pre>map(<br> object({<br> ttl : optional(number, 300),<br> records : list(string)<br> })<br> )</pre> | n/a | yes |
| <a name="input_dns_mx_records"></a> [dns\_mx\_records](#input\_dns\_mx\_records) | DNS MX records to add to the DNS Zone | <pre>map(<br/> object({<br/> ttl : optional(number, 300),<br/> records : list(<br/> object({<br/> preference : number,<br/> exchange : string<br/> })<br/> )<br/> })<br/> )</pre> | `{}` | no |
| <a name="input_dns_ns_records"></a> [dns\_ns\_records](#input\_dns\_ns\_records) | DNS NS records to add to the DNS Zone | <pre>map(<br/> object({<br/> ttl : optional(number, 300),<br/> records : list(string)<br/> })<br/> )</pre> | n/a | yes |
| <a name="input_dns_txt_records"></a> [dns\_txt\_records](#input\_dns\_txt\_records) | DNS TXT records to add to the DNS Zone | <pre>map(<br/> object({<br/> ttl : optional(number, 300),<br/> records : list(string)<br/> })<br/> )</pre> | n/a | yes |
| <a name="input_dns_zone_domain_name"></a> [dns\_zone\_domain\_name](#input\_dns\_zone\_domain\_name) | DNS zone domain name. If created, records will automatically be created to point to the CDN. | `string` | n/a | yes |
| <a name="input_enable_cdn_frontdoor"></a> [enable\_cdn\_frontdoor](#input\_enable\_cdn\_frontdoor) | Enable Azure CDN FrontDoor. This will use the Container Apps endpoint as the origin. | `bool` | n/a | yes |
| <a name="input_enable_cdn_frontdoor_health_probe"></a> [enable\_cdn\_frontdoor\_health\_probe](#input\_enable\_cdn\_frontdoor\_health\_probe) | Enable CDN Front Door health probe | `bool` | `false` | no |
Expand All @@ -192,15 +192,15 @@ If everything looks good, answer `yes` and wait for the new infrastructure to be
| <a name="input_enable_dns_zone"></a> [enable\_dns\_zone](#input\_enable\_dns\_zone) | Conditionally create a DNS zone | `bool` | n/a | yes |
| <a name="input_enable_monitoring"></a> [enable\_monitoring](#input\_enable\_monitoring) | Create an App Insights instance and notification group for the Container App | `bool` | n/a | yes |
| <a name="input_environment"></a> [environment](#input\_environment) | Environment name. Will be used along with `project_name` as a prefix for all resources. | `string` | n/a | yes |
| <a name="input_existing_logic_app_workflow"></a> [existing\_logic\_app\_workflow](#input\_existing\_logic\_app\_workflow) | Name, and Resource Group of an existing Logic App Workflow. Leave empty to create a new Resource | <pre>object({<br> name : string<br> resource_group_name : string<br> })</pre> | <pre>{<br> "name": "",<br> "resource_group_name": ""<br>}</pre> | no |
| <a name="input_existing_logic_app_workflow"></a> [existing\_logic\_app\_workflow](#input\_existing\_logic\_app\_workflow) | Name, and Resource Group of an existing Logic App Workflow. Leave empty to create a new Resource | <pre>object({<br/> name : string<br/> resource_group_name : string<br/> })</pre> | <pre>{<br/> "name": "",<br/> "resource_group_name": ""<br/>}</pre> | no |
| <a name="input_existing_network_watcher_name"></a> [existing\_network\_watcher\_name](#input\_existing\_network\_watcher\_name) | Use an existing network watcher to add flow logs. | `string` | n/a | yes |
| <a name="input_existing_network_watcher_resource_group_name"></a> [existing\_network\_watcher\_resource\_group\_name](#input\_existing\_network\_watcher\_resource\_group\_name) | Existing network watcher resource group. | `string` | n/a | yes |
| <a name="input_image_name"></a> [image\_name](#input\_image\_name) | Image name | `string` | n/a | yes |
| <a name="input_image_tag"></a> [image\_tag](#input\_image\_tag) | Default image tag for the primary container | `string` | `"latest"` | no |
| <a name="input_key_vault_access_ipv4"></a> [key\_vault\_access\_ipv4](#input\_key\_vault\_access\_ipv4) | List of IPv4 Addresses that are permitted to access the Key Vault | `list(string)` | n/a | yes |
| <a name="input_monitor_email_receivers"></a> [monitor\_email\_receivers](#input\_monitor\_email\_receivers) | A list of email addresses that should be notified by monitoring alerts | `list(string)` | n/a | yes |
| <a name="input_monitor_endpoint_healthcheck"></a> [monitor\_endpoint\_healthcheck](#input\_monitor\_endpoint\_healthcheck) | Specify a route that should be monitored for a 200 OK status | `string` | n/a | yes |
| <a name="input_private_endpoint_configurations"></a> [private\_endpoint\_configurations](#input\_private\_endpoint\_configurations) | Map of private endpoint configurations, specifying the VNet name/resource-group and a new subnet CIDR. A subnet, private endpoint and DNS zone will be created within the specified VNet.<br> {<br> endpoint-name = {<br> vnet\_name: The Name of the VNet to create the private endpoint resources<br> vnet\_resource\_group\_name: The Name of the resource group containing the VNet<br> subnet\_cidr: The CIDR of the Private Endpoint subnet to be created<br> subresource\_name: The type of resource you are targeting (e.g. sqlServer)<br> target\_resource\_id: The Resource ID for the target resource you are trying to connect to<br> create\_private\_dns\_zone: Do you want to automatically create the Private DNS Zone?<br> private\_dns\_hostname: The hostname to use for the Private DNS Zone<br> subnet\_route\_table\_name: The Route Table ID to associate the subnet with (Optional)<br> }<br> } | <pre>map(object({<br> vnet_name = string<br> vnet_resource_group_name = string<br> subnet_cidr = string<br> subresource_name = string<br> target_resource_id = string<br> create_private_dns_zone = optional(bool, true)<br> private_dns_hostname = string<br> subnet_route_table_name = optional(string, null)<br> }))</pre> | `{}` | no |
| <a name="input_private_endpoint_configurations"></a> [private\_endpoint\_configurations](#input\_private\_endpoint\_configurations) | Map of private endpoint configurations, specifying the VNet name/resource-group and a new subnet CIDR. A subnet, private endpoint and DNS zone will be created within the specified VNet.<br/> {<br/> endpoint-name = {<br/> vnet\_name: The Name of the VNet to create the private endpoint resources<br/> vnet\_resource\_group\_name: The Name of the resource group containing the VNet<br/> subnet\_cidr: The CIDR of the Private Endpoint subnet to be created<br/> subresource\_name: The type of resource you are targeting (e.g. sqlServer)<br/> target\_resource\_id: The Resource ID for the target resource you are trying to connect to<br/> create\_private\_dns\_zone: Do you want to automatically create the Private DNS Zone?<br/> private\_dns\_hostname: The hostname to use for the Private DNS Zone<br/> subnet\_route\_table\_name: The Route Table ID to associate the subnet with (Optional)<br/> }<br/> } | <pre>map(object({<br/> vnet_name = string<br/> vnet_resource_group_name = string<br/> subnet_cidr = string<br/> subresource_name = string<br/> target_resource_id = string<br/> create_private_dns_zone = optional(bool, true)<br/> private_dns_hostname = string<br/> subnet_route_table_name = optional(string, null)<br/> }))</pre> | `{}` | no |
| <a name="input_project_name"></a> [project\_name](#input\_project\_name) | Project name. Will be used along with `environment` as a prefix for all resources. | `string` | n/a | yes |
| <a name="input_registry_admin_enabled"></a> [registry\_admin\_enabled](#input\_registry\_admin\_enabled) | Do you want to enable access key based authentication for your Container Registry? | `bool` | `true` | no |
| <a name="input_registry_managed_identity_assign_role"></a> [registry\_managed\_identity\_assign\_role](#input\_registry\_managed\_identity\_assign\_role) | Assign the 'AcrPull' Role to the Container App User-Assigned Managed Identity. Note: If you do not have 'Microsoft.Authorization/roleAssignments/write' permission, you will need to manually assign the 'AcrPull' Role to the identity | `bool` | `false` | no |
Expand Down
2 changes: 1 addition & 1 deletion terraform/container-apps-hosting.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
module "azure_container_apps_hosting" {
source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.10.1"
source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.12.0"

environment = local.environment
project_name = local.project_name
Expand Down
2 changes: 1 addition & 1 deletion terraform/key-vault-tfvars-secrets.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
module "azurerm_key_vault" {
source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.4.2"
source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.5.0"

environment = local.environment
project_name = local.project_name
Expand Down
10 changes: 5 additions & 5 deletions terraform/private-endpoint.tf
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
resource "azurerm_subnet" "private_endpoint" {
for_each = local.private_endpoint_configurations

name = lower("${local.resource_prefix}-${each.value.subresource_name}privateendpoint")
virtual_network_name = "${local.resource_prefix}default"
resource_group_name = local.resource_prefix
address_prefixes = [each.value["subnet_cidr"]]
private_endpoint_network_policies_enabled = false
name = lower("${local.resource_prefix}-${each.value.subresource_name}privateendpoint")
virtual_network_name = "${local.resource_prefix}default"
resource_group_name = local.resource_prefix
address_prefixes = [each.value["subnet_cidr"]]
private_endpoint_network_policies = "Disabled"
}

resource "azurerm_subnet_route_table_association" "private_endpoint" {
Expand Down

0 comments on commit f3f868c

Please sign in to comment.