chores: update infra templates

[andreasisnes]

Update templates at22

Verification

• [ ] Your code builds clean without any errors or warnings
• [ ] Manual testing done (required)
• [ ] Relevant automated test added (if you find this hard, leave it and we'll help out)
• [ ] All tests run green

Documentation

• [ ] User documentation is updated with a separate linked PR in altinn-studio-docs. (if applicable)

[github-actions[bot]]

Terraform environment at22

Format and Style 🖌success

Initialization ⚙️success

Validation 🤖success

Validation Output

``` Success! The configuration is valid. ```

Plan 📖success

Show Plan

``` [Lines containing Refreshing state removed] [Maybe further truncated see logs for complete plan output] Acquiring state lock. This may take a few moments... data.azurerm_user_assigned_identity.admin: Reading... data.azurerm_private_dns_zone.key_vault: Reading... data.azurerm_private_dns_zone.postgres: Reading... data.azurerm_subnet.default: Reading... data.azurerm_subnet.postgres: Reading... data.azurerm_client_config.current: Reading... data.azurerm_servicebus_namespace.sb: Reading... module.key_vault.data.azurerm_client_config.current: Reading... data.azurerm_client_config.current: Read complete after 0s [id=Y2xpZW50Q29uZmlncy9jbGllbnRJZD03MjQ0YzE3OS1kZTg2LTRjMDYtYTY3YS0xMTQ3N2ExNGNhMzc7b2JqZWN0SWQ9NmVhZWQyM2UtZGY3Zi00NzA4LTljOGUtYTdmMzRkZWVhZGI0O3N1YnNjcmlwdGlvbklkPTM3YmFjNjNhLWI5NjQtNDZiMi04ZGU4LWJhOTNjNDMyZWExZjt0ZW5hbnRJZD1jZDAwMjZkOC0yODNiLTRhNTUtOWJmYS1kMGVmNGE4YmEyMWM=] module.key_vault.data.azurerm_client_config.current: Read complete after 0s [id=Y2xpZW50Q29uZmlncy9jbGllbnRJZD03MjQ0YzE3OS1kZTg2LTRjMDYtYTY3YS0xMTQ3N2ExNGNhMzc7b2JqZWN0SWQ9NmVhZWQyM2UtZGY3Zi00NzA4LTljOGUtYTdmMzRkZWVhZGI0O3N1YnNjcmlwdGlvbklkPTM3YmFjNjNhLWI5NjQtNDZiMi04ZGU4LWJhOTNjNDMyZWExZjt0ZW5hbnRJZD1jZDAwMjZkOC0yODNiLTRhNTUtOWJmYS1kMGVmNGE4YmEyMWM=] data.azurerm_private_dns_zone.postgres: Read complete after 0s [id=/subscriptions/37bac63a-b964-46b2-8de8-ba93c432ea1f/resourceGroups/rgauth001at22/providers/Microsoft.Network/privateDnsZones/privatelink.postgres.database.azure.com] data.azurerm_private_dns_zone.key_vault: Read complete after 0s [id=/subscriptions/37bac63a-b964-46b2-8de8-ba93c432ea1f/resourceGroups/rgauth001at22/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net] data.azurerm_subnet.postgres: Read complete after 0s [id=/subscriptions/37bac63a-b964-46b2-8de8-ba93c432ea1f/resourceGroups/rgauth001at22/providers/Microsoft.Network/virtualNetworks/vnetauth001at22/subnets/postgres] data.azurerm_subnet.default: Read complete after 0s [id=/subscriptions/37bac63a-b964-46b2-8de8-ba93c432ea1f/resourceGroups/rgauth001at22/providers/Microsoft.Network/virtualNetworks/vnetauth001at22/subnets/default] data.azurerm_user_assigned_identity.admin: Read complete after 0s [id=/subscriptions/37bac63a-b964-46b2-8de8-ba93c432ea1f/resourceGroups/rgauth001at22/providers/Microsoft.ManagedIdentity/userAssignedIdentities/miappadminauth001at22] data.azurerm_servicebus_namespace.sb: Read complete after 1s [id=/subscriptions/37bac63a-b964-46b2-8de8-ba93c432ea1f/resourceGroups/rgauth001at22/providers/Microsoft.ServiceBus/namespaces/sbaltinnauth001at22] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # azurerm_resource_group.rg will be created + resource "azurerm_resource_group" "rg" { + id = (known after apply) + location = "norwayeast" + name = "rgregister001at22" + tags = { + "environment" = "at22" + "instance" = "001" + "name" = "register" + "repository" = "github.com/altinn/altinn-authorization" + "suffix" = "register001at22" } } # azurerm_role_assignment.key_vault_secret_reader will be created + resource "azurerm_role_assignment" "key_vault_secret_reader" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = "ServicePrincipal" + role_definition_id = (known after apply) + role_definition_name = "Key Vault Secrets User" + scope = (known after apply) + skip_service_principal_aad_check = true } # azurerm_role_assignment.mass_transit_role will be created + resource "azurerm_role_assignment" "mass_transit_role" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = "ServicePrincipal" + role_definition_id = (known after apply) + role_definition_name = "Azure Service Bus Mass Transit" + scope = "/subscriptions/37bac63a-b964-46b2-8de8-ba93c432ea1f/resourceGroups/rgauth001at22/providers/Microsoft.ServiceBus/namespaces/sbaltinnauth001at22" + skip_service_principal_aad_check = true } # azurerm_user_assigned_identity.managed_identity will be created + resource "azurerm_user_assigned_identity" "managed_identity" { + client_id = (known after apply) + id = (known after apply) + location = "norwayeast" + name = "miregister001at22" + principal_id = (known after apply) + resource_group_name = "rgregister001at22" + tenant_id = (known after apply) } # module.key_vault.azurerm_key_vault.key_vault will be created + resource "azurerm_key_vault" "key_vault" { + access_policy = (known after apply) + enable_rbac_authorization = true + id = (known after apply) + location = "norwayeast" + name = "kvaltinnregister001at22" + public_network_access_enabled = false + purge_protection_enabled = true + resource_group_name = "rgregister001at22" + sku_name = "standard" + soft_delete_retention_days = 30 + tags = { + "environment" = "at22" + "instance" = "001" + "name" = "register" + "repository" = "github.com/altinn/altinn-authorization" + "suffix" = "register001at22" } + tenant_id = "cd0026d8-283b-4a55-9bfa-d0ef4a8ba21c" + vault_uri = (known after apply) + network_acls { + bypass = "AzureServices" + default_action = "Allow" } } # module.key_vault.azurerm_private_endpoint.key_vault will be created + resource "azurerm_private_endpoint" "key_vault" { + custom_dns_configs = (known after apply) + custom_network_interface_name = "nickvaltinnregister001at22" + id = (known after apply) + location = "norwayeast" + name = "pekvaltinnregister001at22" + network_interface = (known after apply) + private_dns_zone_configs = (known after apply) + resource_group_name = "rgregister001at22" + subnet_id = "/subscriptions/37bac63a-b964-46b2-8de8-ba93c432ea1f/resourceGroups/rgauth001at22/providers/Microsoft.Network/virtualNetworks/vnetauth001at22/subnets/default" + tags = { + "environment" = "at22" + "instance" = "001" + "name" = "register" + "repository" = "github.com/altinn/altinn-authorization" + "suffix" = "register001at22" } + private_dns_zone_group { + id = (known after apply) + name = "kvaltinnregister001at22" + private_dns_zone_ids = [ + "/subscriptions/37bac63a-b964-46b2-8de8-ba93c432ea1f/resourceGroups/rgauth001at22/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net", ] } + private_service_connection { + is_manual_connection = false + name = "kvaltinnregister001at22" + private_connection_resource_id = (known after apply) + private_ip_address = (known after apply) + subresource_names = [ + "vault", ] } } # module.key_vault.azurerm_role_assignment.key_vault_administrator["app"] will be created + resource "azurerm_role_assignment" "key_vault_administrator" { + id = (known after apply) + name = (known after apply) + principal_id = "ce54ebf6-af98-4f14-96fd-f44185dce732" + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = "Key Vault Administrator" + scope = (known after apply) + skip_service_principal_aad_check = (known after apply) } # module.key_vault.azurerm_role_assignment.key_vault_administrator["current"] will be created + resource "azurerm_role_assignment" "key_vault_administrator" { + id = (known after apply) + name = (known after apply) + principal_id = "6eaed23e-df7f-4708-9c8e-a7f34deeadb4" + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = "Key Vault Administrator" + scope = (known after apply) + skip_service_principal_aad_check = (known after apply) } # module.postgres_server.azurerm_postgresql_flexible_server.postgres_server will be created + resource "azurerm_postgresql_flexible_server" "postgres_server" { + administrator_login = (known after apply) + auto_grow_enabled = true + backup_retention_days = (known after apply) + delegated_subnet_id = "/subscriptions/37bac63a-b964-46b2-8de8-ba93c432ea1f/resourceGroups/rgauth001at22/providers/Microsoft.Network/virtualNetworks/vnetauth001at22/subnets/postgres" + fqdn = (known after apply) + geo_redundant_backup_enabled = false + id = (known after apply) + location = "norwayeast" + name = "psqlsrvaltinnregister001at22" + private_dns_zone_id = "/subscriptions/37bac63a-b964-46b2-8de8-ba93c432ea1f/resourceGroups/rgauth001at22/providers/Microsoft.Network/privateDnsZones/privatelink.postgres.database.azure.com" + public_network_access_enabled = false + resource_group_name = "rgregister001at22" + sku_name = "B_Standard_B2ms" + storage_mb = 32768 + storage_tier = (known after apply) + tags = { + "environment" = "at22" + "instance" = "001" + "name" = "register" + "repository" = "github.com/altinn/altinn-authorization" + "suffix" = "register001at22" } + version = "16" + authentication { + active_directory_auth_enabled = true + password_auth_enabled = false + tenant_id = "cd0026d8-283b-4a55-9bfa-d0ef4a8ba21c" } } # module.postgres_server.azurerm_postgresql_flexible_server_active_directory_administrator.admin["miappadminauth001at22"] will be created + resource "azurerm_postgresql_flexible_server_active_directory_administrator" "admin" { + id = (known after apply) + object_id = "ce54ebf6-af98-4f14-96fd-f44185dce732" + principal_name = "miappadminauth001at22" + principal_type = "ServicePrincipal" + resource_group_name = "rgregister001at22" + server_name = "psqlsrvaltinnregister001at22" + tenant_id = "cd0026d8-283b-4a55-9bfa-d0ef4a8ba21c" } Plan: 10 to add, 0 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: tfplan.out To perform exactly these actions, run the following command to apply: terraform apply "tfplan.out" Releasing state lock. This may take a few moments... ```

Context	Values
Pusher	@andreasisnes
Action	push
Working Directory	infra/deploy/altinn-register
State File	github.com/altinn/altinn-authorization-tmp/environments/at22/altinn.register.tfstate
Plan File	github.com_altinn_altinn-authorization-tmp_environments_at22_altinn.register.tfstate.tfplan

[github-actions[bot]]

Terraform environment at21

Format and Style 🖌success

Initialization ⚙️success

Validation 🤖success

Validation Output

``` Success! The configuration is valid. ```

Plan 📖success

Show Plan

``` [Lines containing Refreshing state removed] [Maybe further truncated see logs for complete plan output] Acquiring state lock. This may take a few moments... module.app.data.azurerm_servicebus_namespace.sb: Reading... module.app.data.azurerm_container_app_environment.caenv: Reading... module.app.data.azurerm_key_vault.kv: Reading... module.app.data.azurerm_app_configuration.appconf: Reading... module.app.data.azurerm_key_vault.kv: Read complete after 1s [id=/subscriptions/45177a0a-d27e-490f-9f23-b4726de8ccc1/resourceGroups/rgauth001at21/providers/Microsoft.KeyVault/vaults/kvaltinnauth001at21] module.app.data.azurerm_container_app_environment.caenv: Read complete after 2s [id=/subscriptions/45177a0a-d27e-490f-9f23-b4726de8ccc1/resourceGroups/rgauth001at21/providers/Microsoft.App/managedEnvironments/caenvauth001at21] module.app.data.azurerm_servicebus_namespace.sb: Read complete after 2s [id=/subscriptions/45177a0a-d27e-490f-9f23-b4726de8ccc1/resourceGroups/rgauth001at21/providers/Microsoft.ServiceBus/namespaces/sbaltinnauth001at21] module.app.data.azurerm_app_configuration.appconf: Read complete after 3s [id=/subscriptions/45177a0a-d27e-490f-9f23-b4726de8ccc1/resourceGroups/rgauth001at21/providers/Microsoft.AppConfiguration/configurationStores/appconfaltinnauth001at21] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.app.azurerm_container_app.app will be updated in-place ~ resource "azurerm_container_app" "app" { id = "/subscriptions/45177a0a-d27e-490f-9f23-b4726de8ccc1/resourceGroups/rgaccesspackages001at21/providers/Microsoft.App/containerApps/caaccesspackages001at21" name = "caaccesspackages001at21" tags = {} # (9 unchanged attributes hidden) ~ template { # (2 unchanged attributes hidden) ~ container { ~ image = "ghcr.io/altinn/altinn-authorization-tmp/altinn-authorization-access-packages:debd59e" -> "ghcr.io/altinn/altinn-authorization-tmp/altinn-authorization-access-packages:6eb6688" name = "accesspackages" # (5 unchanged attributes hidden) # (2 unchanged blocks hidden) } } # (2 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: tfplan.out To perform exactly these actions, run the following command to apply: terraform apply "tfplan.out" Releasing state lock. This may take a few moments... ```

Context	Values
Pusher	@andreasisnes
Action	push
Working Directory	src/apps/Altinn.Authorization.AccessPackages/deploy
State File	github.com/altinn/altinn-authorization-tmp/environments/at21/altinn.authorization.accesspackages.tfstate
Plan File	github.com_altinn_altinn-authorization-tmp_environments_at21_altinn.authorization.accesspackages.tfstate.tfplan