Merge branch 'main' into feat/cdn_frontdoor

Author: arnaudlh

.github/workflows/release-drafter.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # Drafts your next Release notes as Pull Requests are merged into "master"
-      - uses: release-drafter/release-drafter@v5
+      - uses: release-drafter/release-drafter@v6
         #with:
           # (Optional) specify config name to use, relative to .github/. Default: release-drafter.yml
           # config-name: my-config.yml

.github/workflows/standalone-scenarios-additional.json

@@ -1,6 +1,7 @@
 {
   "config_files": [
     "cognitive_services/100-cognitive-services-account",
+    "cognitive_services/101-cognitive-services-account-managed-identity",
     "compute/batch/batch_certificate/100-batch-certificate - path",
     "compute/batch/batch_job/100-batch-job - quotas",
     "compute/batch/batch_pool/100-batch-pool - quotas",

.github/workflows/standalone-scenarios.json

@@ -73,6 +73,7 @@
     "messaging/eventgrid/101-simple-eventgrid-topic-private-endpoint",
     "messaging/eventgrid/102-eventgrid_subscription",
     "messaging/eventgrid/200-simple-eventgrid-domain-topic",
+    "messaging/eventgrid/300-simple-eventgrid-system-topic",
     "messaging/servicebus/100-servicebus-services",
     "messaging/servicebus/200-servicebus-privatelink",
     "messaging/web_pubsub/100-simple-web-pubsub",
@@ -119,6 +120,7 @@
     "storage_accounts/107-storage-account-management-policy",
     "storage_accounts/109-storage-account-advanced-options-cmk",
     "storage_accounts/110-file-share-with-acl",
+    "storage_accounts/112-storage-account-with-defender",
     "storage_container/101-storage_container",
     "synapse_analytics/100-synapse",
     "synapse_analytics/101-synapse-sparkpool",

cognitive_service.tf

@@ -4,9 +4,19 @@ module "cognitive_services_account" {
 
   client_config       = local.client_config
   global_settings     = local.global_settings
+  base_tags           = local.global_settings.inherit_tags
+  resource_group      = local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group_key, each.value.resource_group.key)]
   resource_group_name = local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].name
   location            = lookup(each.value, "region", null) == null ? local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location : local.global_settings.regions[each.value.region]
   settings            = each.value
+  resource_groups     = local.combined_objects_resource_groups
+  vnets               = local.combined_objects_networking
+  private_endpoints   = try(each.value.private_endpoints, {})
+  private_dns         = local.combined_objects_private_dns
+  diagnostics         = local.combined_diagnostics
+  diagnostic_profiles = try(each.value.diagnostic_profiles, {})
+
+  managed_identities = local.combined_objects_managed_identities
 }
 
 output "cognitive_services_account" {

compute_virtual_machines.tf

@@ -14,7 +14,7 @@ module "virtual_machines" {
     module.storage_account_blobs,
     time_sleep.azurerm_role_assignment_for[0]
   ]
-  
+
   for_each = local.compute.virtual_machines
 
   application_security_groups = local.combined_objects_application_security_groups

compute_virtual_machines_scale_sets.tf

@@ -15,7 +15,7 @@ module "virtual_machine_scale_sets" {
     module.proximity_placement_groups,
     time_sleep.azurerm_role_assignment_for[0]
   ]
-  
+
   for_each = local.compute.virtual_machine_scale_sets
 
   availability_sets           = local.combined_objects_availability_sets

databricks_access_connectors.tf

@@ -2,12 +2,12 @@ module "databricks_access_connectors" {
   source   = "./modules/analytics/databricks_access_connector"
   for_each = local.database.databricks_access_connectors
 
-  client_config     = local.client_config
-  global_settings   = local.global_settings
-  name              = each.value.name
-  settings          = each.value
-  resource_groups   = local.combined_objects_resource_groups
-  base_tags         = local.global_settings.inherit_tags
+  client_config   = local.client_config
+  global_settings = local.global_settings
+  name            = each.value.name
+  settings        = each.value
+  resource_groups = local.combined_objects_resource_groups
+  base_tags       = local.global_settings.inherit_tags
   remote_objects = {
     managed_identities = local.combined_objects_managed_identities
   }

eventgrid.tf

@@ -77,3 +77,42 @@ module "eventgrid_domain_topic" {
 output "eventgrid_domain_topic" {
   value = module.eventgrid_domain_topic
 }
+
+module "eventgrid_system_topic" {
+  source   = "./modules/messaging/eventgrid/eventgrid_system_topic"
+  for_each = local.messaging.eventgrid_system_topic
+
+  global_settings = local.global_settings
+  client_config   = local.client_config
+  settings        = each.value
+  base_tags       = try(local.global_settings.inherit_tags, false) ? try(local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].tags, {}) : {}
+
+  location = can(local.global_settings.regions[each.value.region]) ? local.global_settings.regions[each.value.region] : local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location
+
+  remote_objects = local.remote_objects
+}
+output "eventgrid_system_topic" {
+  value = module.eventgrid_system_topic
+}
+module "eventgrid_system_event_subscription" {
+  source   = "./modules/messaging/eventgrid/eventgrid_system_event_subscription"
+  for_each = local.messaging.eventgrid_system_event_subscription
+
+  global_settings = local.global_settings
+  client_config   = local.client_config
+  settings        = each.value
+
+  remote_objects = merge(
+    local.remote_objects,
+    {
+      functions               = local.combined_objects_function_apps,
+      eventhubs               = local.combined_objects_event_hubs,
+      eventgrid_system_topics = local.combined_objects_eventgrid_system_topics,
+      hybrid_connections      = local.combined_objects_relay_hybrid_connection,
+      storage_account_queues  = local.combined_objects_storage_account_queues
+    }
+  )
+}
+output "eventgrid_system_event_subscription" {
+  value = module.eventgrid_system_event_subscription
+}

examples/azuread/107-azuread-application-with-single-page-application/configuration.tfvars

@@ -51,6 +51,13 @@ azuread_applications = {
           id    = "d4c3605a-b327-35c5-f04d-77f7fcdd4995"
           type  = "Admin"
           value = "app"
+        },
+        {
+          admin_consent_description  = "Allow to administer app2."
+          admin_consent_display_name = "Administer app2"
+          enabled                    = true
+          type  = "Admin"
+          value = "app2"
         }
       ]
     }

examples/cognitive_services/101-cognitive-services-account-managed-identity/configuration.tfvars

@@ -0,0 +1,71 @@
+global_settings = {
+  default_region = "region1"
+  regions = {
+    region1 = "westus"
+  }
+  random_length = 5
+}
+
+resource_groups = {
+  test-rg = {
+    name = "rg-cognitive-test"
+  }
+}
+
+managed_identities = {
+  cognitive_msi = {
+    name               = "cognitive-msi"
+    resource_group_key = "test-rg"
+  }
+}
+
+cognitive_services_account = {
+  test_account-1 = {
+    resource_group = {
+      # accepts either id or key to get resource group id
+      # id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1"
+      # lz_key = "examples"
+      key = "test-rg"
+    }
+    name                          = "cs-test-1"
+    kind                          = "OpenAI"
+    sku_name                      = "S0"
+    public_network_access_enabled = true
+
+    identity = {
+      type = "SystemAssigned, UserAssigned" // Can be "SystemAssigned, UserAssigned" or "SystemAssigned" or "UserAssigned"
+      key  = "cognitive_msi"                // A must with "SystemAssigned, UserAssigned" and "UserAssigned"
+    }
+
+    tags = {
+      env = "test"
+    }
+    # custom_subdomain_name = "cs-test-1"
+    # network_acls = {
+    #   default_action = "Allow"
+    #   ip_rules       = ["10.10.10.0/16"]
+    # }
+  }
+  test_account-2 = {
+    resource_group = {
+      # accepts either id or key to get resource group id
+      # id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1"
+      # lz_key = "examples"
+      key = "test-rg"
+    }
+    name     = "cs-test-2"
+    kind     = "QnAMaker"
+    sku_name = "F0"
+
+    identity = {
+      type = "SystemAssigned"
+    }
+
+    tags = {
+      env = "test"
+    }
+    qna_runtime_endpoint = "https://cs-alz-caf-test-2.azurewebsites.net"
+
+  }
+}
+

examples/compute/kubernetes_services/101-single-cluster/aks.tfvars

@@ -18,6 +18,8 @@ aks_clusters = {
     resource_group_key = "aks_re1"
     os_type            = "Linux"
 
+    cost_analysis_enabled = true
+
     identity = {
       type = "SystemAssigned"
     }

examples/messaging/eventgrid/300-simple-eventgrid-system-topic/configuration.tfvars

@@ -0,0 +1,64 @@
+global_settings = {
+  default_region = "region1"
+  regions = {
+    region1 = "southeastasia"
+  }
+}
+
+resource_groups = {
+  evg_examples = {
+    name   = "eventgrid"
+    region = "region1"
+  }
+}
+
+storage_accounts = {
+  sa1 = {
+    name               = "0665ba08d3ae"
+    resource_group_key = "evg_examples"
+    account_kind       = "BlobStorage"
+    account_tier       = "Standard"
+    # account_replication_type = "LRS"
+    containers = {
+      dev = {
+        name = "random"
+      }
+    }
+  }
+}
+
+eventgrid_system_topic = {
+  egt1 = {
+    name = "egt1"
+    resource_group = {
+      key = "evg_examples"
+    }
+    region = "region1"
+
+    # topic_type can be one of these, more resource types can be supported
+    # Microsoft.AppConfiguration.ConfigurationStores
+    # Microsoft.Communication.CommunicationServices
+    # Microsoft.ContainerRegistry.Registries
+    # Microsoft.Devices.IoTHubs
+    # Microsoft.EventGrid.Domains
+    # Microsoft.EventGrid.Topics
+    # Microsoft.Eventhub.Namespaces
+    # Microsoft.KeyVault.vaults
+    # Microsoft.MachineLearningServices.Workspaces
+    # Microsoft.Maps.Accounts
+    # Microsoft.Media.MediaServices
+    # Microsoft.Resources.ResourceGroups
+    # Microsoft.Resources.Subscriptions
+    # Microsoft.ServiceBus.Namespaces
+    # Microsoft.SignalRService.SignalR
+    # Microsoft.Storage.StorageAccounts
+    # Microsoft.Web.ServerFarms
+    # Microsoft.Web.Sites
+    topic_type = "Microsoft.Storage.StorageAccounts"
+
+    source_resource = {
+      type = "storage_accounts"
+      key  = "sa1"
+    }
+  }
+}