Merge pull request #1000 from aztfmod/5.5.4-update

Update for 5.5.4

examples/networking/virtual_wan/105-vwan-hub-route-table/virtual_wan.tfvars

@@ -67,7 +67,7 @@ virtual_hub_route_tables = {
           #  lz_key = "secazfw1" # Remote Landing Zone Key from where Azure Firewall Key needs to be retrieved
           resource_type = "azurerm_firewalls" # Only supported value in case of "Secured Virtual HUB" where you need to route Internet Egress from Secured vHUB Firewall.
           #    resource_type = "virtual_hub_connection"  # Only supported value in case mapping route at VNET Connection Level
-          key = "firewall1" # Azure Firewall Key sitting in the Secured Virtual Hub
+          key = "egress-fw" # Azure Firewall Key sitting in the Secured Virtual Hub
         }
         #to cather for external object
         #next_hop_id       = "Azure_Resource_ID"

modules/apim/api_management/output.tf

@@ -51,6 +51,6 @@ output "name" {
   description = "The name of the API Management Service."
 }
 output "rbac_id" {
-  value       = azurerm_api_management.apim.identity[0].principal_id
+  value       = try(azurerm_api_management.apim.identity[0].principal_id, null)
   description = "The rbac_id of the API Management Service for role assignments."
 }

modules/networking/firewall/module.tf

@@ -95,7 +95,7 @@ resource "azurerm_firewall" "fw" {
     }
 
     content {
-      virtual_hub_id = var.virtual_wans[try(virtual_hub.value.lz_key, var.client_config.landingzone_key)][virtual_hub.value.virtual_wan_key].virtual_hubs[virtual_hub.value.virtual_hub_key].id
+      virtual_hub_id = can(var.virtual_hubs[try(virtual_hub.value.lz_key, virtual_hub.value.virtual_hub.lz_key, var.client_config.landingzone_key)][try(virtual_hub.value.virtual_hub.key, virtual_hub.value.virtual_hub_key, virtual_hub.value.key)].id) ? var.virtual_hubs[try(virtual_hub.value.lz_key, virtual_hub.value.virtual_hub.lz_key, var.client_config.landingzone_key)][try(virtual_hub.value.virtual_hub.key, virtual_hub.value.virtual_hub_key, virtual_hub.value.key)].id : var.virtual_wans[try(virtual_hub.value.lz_key, var.client_config.landingzone_key)][virtual_hub.value.virtual_wan_key].virtual_hubs[virtual_hub.value.virtual_hub_key].id
 
       public_ip_count = try(virtual_hub.value.public_ip_count, 1)
     }

modules/security/dynamic_keyvault_secrets/keyvault.tf

@@ -5,8 +5,9 @@ module "secret" {
     if try(value.value, null) == null
   }
 
-  name        = each.value.secret_name
-  value       = can(each.value.value) ? each.value.value : var.objects[each.value.output_key][try(each.value.resource_key, each.value.attribute_key)][try(each.value.attribute_key, "")]
+  name  = each.value.secret_name
+  value = can(each.value.output_key) && (can(each.value.resource_key) || can(each.value.attribute_key)) ? lookup(lookup(var.objects[each.value.output_key], try(each.value.resource_key, ""), var.objects[each.value.output_key]), each.value.attribute_key, null) : each.value.value
+  # for future generations: double lookup because each.value.resource_key is optional
   keyvault_id = var.keyvault.id
 }
 
@@ -29,7 +30,8 @@ module "secret_immutable" {
     if try(value.value, null) == ""
   }
 
-  name        = each.value.secret_name
-  value       = can(each.value.value) ? each.value.value : var.objects[each.value.output_key][try(each.value.resource_key, each.value.attribute_key)][try(each.value.attribute_key, "")]
+  name  = each.value.secret_name
+  value = can(each.value.output_key) && (can(each.value.resource_key) || can(each.value.attribute_key)) ? lookup(lookup(var.objects[each.value.output_key], try(each.value.resource_key, ""), var.objects[each.value.output_key]), each.value.attribute_key, null) : each.value.value
+  # for future generations: double lookup because each.value.resource_key is optional
   keyvault_id = var.keyvault.id
 }