Bump Microsoft.FeatureManagement from 3.5.0 to 4.0.0 in /test/IntegrationTests

[dependabot[bot]]

Bumps Microsoft.FeatureManagement from 3.5.0 to 4.0.0.

Release notes

Sourced from Microsoft.FeatureManagement's releases.

4.0.0 - November 1, 2024

Microsoft.FeatureManagement Updates

The packages associated with this release are

• Microsoft.FeatureManagement 4.0.0
• Microsoft.FeatureManagement.AspNetCore 4.0.0
• Microsoft.FeatureManagement.Telemetry.ApplicationInsights 4.0.0

Microsoft.FeatureManagement

Enhancements

Variant Feature Flags

A variant feature flag is an enhanced feature flag that supports multiple states or variations. While it can still be toggled on or off, it also allows for different configurations, ranging from simple primitives to complex JSON objects. Variant feature flags are particularly useful for feature rollouts, configuration rollouts, and feature experimentation (also known as A/B testing).

The new IVariantFeatureManager has been introduced as the successor to the existing IFeatureManager. It retains all the functionalities of IFeatureManager while adding new GetVariantAsync methods and supporting CancellationToken for all methods.

IVariantFeatureManager featureManager;
...
Variant variant = await featureManager.GetVariantAsync(MyFeatureFlags.HelpText, CancellationToken.None);
model.Text = variant.Configuration.Value;

Note: If reading variant flags from App Configuration, version 8.0.0 or above for the Microsoft.Extensions.Configuration.AzureAppConfiguration or Microsoft.Azure.AppConfiguration.AspNetCore package is required.

For more details on Variants, see here.

Variant Service Provider

Variant feature flags can be used in conjunction with dependency injection to surface different implementations of a service for different users. This is accomplished by using the Variant Service Provider.

For more details on Variant Service Provider, see here

Telemetry

Telemetry provides observability into flag evaluations, offering insights into which users received specific flag results. This enables more powerful metric analysis, such as experimentation.

For more details on Telemetry, see here.

Microsoft Feature Management Schema

Added support for variant feature flags defined using Microsoft Feature Management schema. Variants and telemetry can be declared using Microsoft Feature Flag schema v2. Here is a Sample.

Performance Optimizations

The performance of the feature flag state evaluation has been improved by up to 20%, with a memory reduction of up to 30% for .NET 8 applications compared to the version 3.5.0 release.

... (truncated)

Commits

• 99b1bef Merge pull request #514 from microsoft/main
• 2c94bdf Merge pull request #513 from microsoft/rossgrambo/target-update
• a077fc1 Adds .net 9 build to pipeline
• ffec9d6 Adds missing readonly
• 393cb5a Merge with main
• e1e98b5 Merge pull request #508 from microsoft/rossgrambo-allocation-cleanup
• 60b0e34 Resolves remaining deprecation warnings
• de563eb Naming of private field
• 4624acf Removes static from instance methods
• cc9d33a Drops .net7 and adds .net9 as targets
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions[bot]]

Terraform environment AT24

Format and Style 🖌success

Initialization ⚙️success

Validation 🤖success

Validation Output

``` Success! The configuration is valid. ```

Plan 📖success

Show Plan

``` [Lines containing Refreshing state removed] [Maybe further truncated see logs for complete plan output] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create <= read (data resources) Terraform will perform the following actions: # azurerm_resource_group.shared will be created + resource "azurerm_resource_group" "shared" { + id = (known after apply) + location = "norwayeast" + name = "rgshared001at24" } # module.dns.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at24" + tags = (known after apply) } # module.dns.azurerm_private_dns_zone.dns["app_configuration"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.azconfig.io" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at24" } # module.dns.azurerm_private_dns_zone.dns["key_vault"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.vaultcore.azure.net" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at24" } # module.dns.azurerm_private_dns_zone.dns["postgres"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.postgres.database.azure.com" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at24" } # module.dns.azurerm_private_dns_zone.dns["service_bus"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.servicebus.windows.net" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at24" } # module.dns.azurerm_private_dns_zone.dns["storage_account_blob"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.blob.core.windows.net" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at24" } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["app_configuration"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "app_configuration" + private_dns_zone_name = "privatelink.azconfig.io" + registration_enabled = false + resource_group_name = "rgshared001at24" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["key_vault"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "key_vault" + private_dns_zone_name = "privatelink.vaultcore.azure.net" + registration_enabled = false + resource_group_name = "rgshared001at24" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["postgres"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "postgres" + private_dns_zone_name = "privatelink.postgres.database.azure.com" + registration_enabled = false + resource_group_name = "rgshared001at24" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["service_bus"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "service_bus" + private_dns_zone_name = "privatelink.servicebus.windows.net" + registration_enabled = false + resource_group_name = "rgshared001at24" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["storage_account_blob"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "storage_account_blob" + private_dns_zone_name = "privatelink.blob.core.windows.net" + registration_enabled = false + resource_group_name = "rgshared001at24" + virtual_network_id = (known after apply) } # module.key_vault.data.azurerm_client_config.current will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_client_config" "current" { + client_id = (known after apply) + id = (known after apply) + object_id = (known after apply) + subscription_id = (known after apply) + tenant_id = (known after apply) } # module.key_vault.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at24" + tags = (known after apply) } # module.key_vault.data.azurerm_role_definition.key_vault_administrator will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_role_definition" "key_vault_administrator" { + assignable_scopes = (known after apply) + description = (known after apply) + id = (known after apply) + name = (known after apply) + permissions = (known after apply) + role_definition_id = "00482a5a-887f-4fb3-b363-3b7fe8e74483" + type = (known after apply) } # module.key_vault.azurerm_key_vault.key_vault will be created + resource "azurerm_key_vault" "key_vault" { + access_policy = (known after apply) + enable_rbac_authorization = true + id = (known after apply) + location = (known after apply) + name = (known after apply) + public_network_access_enabled = true + purge_protection_enabled = true + resource_group_name = "rgshared001at24" + sku_name = "standard" + soft_delete_retention_days = 30 + tenant_id = (known after apply) + vault_uri = (known after apply) + network_acls { + bypass = "AzureServices" + default_action = "Allow" } } # module.key_vault.azurerm_private_endpoint.key_vault will be created + resource "azurerm_private_endpoint" "key_vault" { + custom_dns_configs = (known after apply) + custom_network_interface_name = (known after apply) + id = (known after apply) + location = (known after apply) + name = (known after apply) + network_interface = (known after apply) + private_dns_zone_configs = (known after apply) + resource_group_name = "rgshared001at24" + subnet_id = (known after apply) + private_dns_zone_group { + id = (known after apply) + name = (known after apply) + private_dns_zone_ids = (known after apply) } + private_service_connection { + is_manual_connection = false + name = (known after apply) + private_connection_resource_id = (known after apply) + private_ip_address = (known after apply) + subresource_names = [ + "vault", ] } } # module.key_vault.azurerm_role_assignment.key_vault_administrator will be created + resource "azurerm_role_assignment" "key_vault_administrator" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = (known after apply) + scope = (known after apply) + skip_service_principal_aad_check = (known after apply) } # module.key_vault.random_string.key_vault_name_prefix will be created + resource "random_string" "key_vault_name_prefix" { + id = (known after apply) + length = 4 + lower = true + min_lower = 0 + min_numeric = 0 + min_special = 0 + min_upper = 0 + number = false + numeric = false + result = (known after apply) + special = false + upper = false } # module.nat.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at24" + tags = (known after apply) } # module.nat.azurerm_nat_gateway.nat_gateway will be created + resource "azurerm_nat_gateway" "nat_gateway" { + id = (known after apply) + idle_timeout_in_minutes = 4 + location = (known after apply) + name = "natgwshared001at24" + resource_group_name = "rgshared001at24" + resource_guid = (known after apply) + sku_name = "Standard" } # module.nat.azurerm_nat_gateway_public_ip_association.nat_gateway will be created + resource "azurerm_nat_gateway_public_ip_association" "nat_gateway" { + id = (known after apply) + nat_gateway_id = (known after apply) + public_ip_address_id = (known after apply) } # module.nat.azurerm_public_ip.nat_gateway will be created + resource "azurerm_public_ip" "nat_gateway" { + allocation_method = "Static" + ddos_protection_mode = "VirtualNetworkInherited" + fqdn = (known after apply) + id = (known after apply) + idle_timeout_in_minutes = 4 + ip_address = (known after apply) + ip_version = "IPv4" + location = (known after apply) + name = "pipegressshared001at24" + resource_group_name = "rgshared001at24" + sku = "Standard" + sku_tier = "Regional" } # module.nat.azurerm_subnet_nat_gateway_association.nat_gateway["default"] will be created + resource "azurerm_subnet_nat_gateway_association" "nat_gateway" { + id = (known after apply) + nat_gateway_id = (known after apply) + subnet_id = (known after apply) } # module.nat.azurerm_subnet_nat_gateway_association.nat_gateway["postgres"] will be created + resource "azurerm_subnet_nat_gateway_association" "nat_gateway" { + id = (known after apply) + nat_gateway_id = (known after apply) + subnet_id = (known after apply) } # module.postgres_server.data.azurerm_client_config.current will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_client_config" "current" { + client_id = (known after apply) + id = (known after apply) + object_id = (known after apply) + subscription_id = (known after apply) + tenant_id = (known after apply) } # module.postgres_server.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at24" + tags = (known after apply) } # module.postgres_server.data.azurerm_role_definition.key_vault_crypto_officer will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_role_definition" "key_vault_crypto_officer" { + assignable_scopes = (known after apply) + description = (known after apply) + id = (known after apply) + name = (known after apply) + permissions = (known after apply) + role_definition_id = "14b46e9e-c2b7-41b4-b07b-48a6ebf60603" + type = (known after apply) } # module.postgres_server.azurerm_key_vault_key.postgres_server will be created + resource "azurerm_key_vault_key" "postgres_server" { + curve = (known after apply) + e = (known after apply) + id = (known after apply) + key_opts = [ + "unwrapKey", + "wrapKey", ] + key_size = 2048 + key_type = "RSA" + key_vault_id = (known after apply) + n = (known after apply) + name = "psqlsrvshared001at24" + public_key_openssh = (known after apply) + public_key_pem = (known after apply) + resource_id = (known after apply) + resource_versionless_id = (known after apply) + version = (known after apply) + versionless_id = (known after apply) + x = (known after apply) + y = (known after apply) } # module.postgres_server.azurerm_postgresql_flexible_server.postgres_server will be created + resource "azurerm_postgresql_flexible_server" "postgres_server" { + administrator_login = (known after apply) + auto_grow_enabled = true + backup_retention_days = (known after apply) + delegated_subnet_id = (known after apply) + fqdn = (known after apply) + geo_redundant_backup_enabled = false + id = (known after apply) + location = (known after apply) + name = "psqlsrvshared001at24" + private_dns_zone_id = (known after apply) + public_network_access_enabled = false + resource_group_name = "rgshared001at24" + sku_name = "GP_Standard_D4s_v3" + storage_mb = 32768 + storage_tier = "P30" + version = "12" + zone = "1" + authentication { + active_directory_auth_enabled = true + password_auth_enabled = false + tenant_id = (known after apply) } + customer_managed_key { + key_vault_key_id = (known after apply) + primary_user_assigned_identity_id = (known after apply) } + identity { + identity_ids = (known after apply) + type = "UserAssigned" } } # module.postgres_server.azurerm_postgresql_flexible_server_active_directory_administrator.admin will be created + resource "azurerm_postgresql_flexible_server_active_directory_administrator" "admin" { + id = (known after apply) + object_id = (known after apply) + principal_name = "mipsqlsrvadminshared001at24" + principal_type = "ServicePrincipal" + resource_group_name = "rgshared001at24" + server_name = "psqlsrvshared001at24" + tenant_id = (known after apply) } # module.postgres_server.azurerm_role_assignment.key_vault_crypto_officer will be created + resource "azurerm_role_assignment" "key_vault_crypto_officer" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = (known after apply) + scope = (known after apply) + skip_service_principal_aad_check = true } # module.postgres_server.azurerm_user_assigned_identity.postgres_server will be created + resource "azurerm_user_assigned_identity" "postgres_server" { + client_id = (known after apply) + id = (known after apply) + location = (known after apply) + name = "mipsqlsrvshared001at24" + principal_id = (known after apply) + resource_group_name = "rgshared001at24" + tenant_id = (known after apply) } # module.postgres_server.azurerm_user_assigned_identity.postgres_server_admin will be created + resource "azurerm_user_assigned_identity" "postgres_server_admin" { + client_id = (known after apply) + id = (known after apply) + location = (known after apply) + name = "mipsqlsrvadminshared001at24" + principal_id = (known after apply) + resource_group_name = "rgshared001at24" + tenant_id = (known after apply) } # module.service_bus.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at24" + tags = (known after apply) } # module.service_bus.data.azurerm_role_definition.key_vault_crypto_officer will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_role_definition" "key_vault_crypto_officer" { + assignable_scopes = (known after apply) + description = (known after apply) + id = (known after apply) + name = (known after apply) + permissions = (known after apply) + role_definition_id = "14b46e9e-c2b7-41b4-b07b-48a6ebf60603" + type = (known after apply) } # module.service_bus.azurerm_key_vault_key.service_bus[0] will be created + resource "azurerm_key_vault_key" "service_bus" { + curve = (known after apply) + e = (known after apply) + id = (known after apply) + key_opts = [ + "unwrapKey", + "wrapKey", ] + key_size = 2048 + key_type = "RSA" + key_vault_id = (known after apply) + n = (known after apply) + name = "sbshared001at24" + public_key_openssh = (known after apply) + public_key_pem = (known after apply) + resource_id = (known after apply) + resource_versionless_id = (known after apply) + version = (known after apply) + versionless_id = (known after apply) + x = (known after apply) + y = (known after apply) } # module.service_bus.azurerm_private_endpoint.service_bus_private_endpoint[0] will be created + resource "azurerm_private_endpoint" "service_bus_private_endpoint" { + custom_dns_configs = (known after apply) + custom_network_interface_name = "nicsbshared001at24" + id = (known after apply) + location = (known after apply) + name = "pesbshared001at24" + network_interface = (known after apply) + private_dns_zone_configs = (known after apply) + resource_group_name = "rgshared001at24" + subnet_id = (known after apply) + private_dns_zone_group { + id = (known after apply) + name = "sbshared001at24" + private_dns_zone_ids = (known after apply) } + private_service_connection { + is_manual_connection = false + name = "sbshared001at24" + private_connection_resource_id = (known after apply) + private_ip_address = (known after apply) + subresource_names = [ + "namespace", ] } } # module.service_bus.azurerm_role_assignment.key_vault_crypto_officer will be created + resource "azurerm_role_assignment" "key_vault_crypto_officer" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = (known after apply) + scope = (known after apply) + skip_service_principal_aad_check = true } # module.service_bus.azurerm_role_definition.service_bus_masstransit will be created + resource "azurerm_role_definition" "service_bus_masstransit" { + assignable_scopes = (known after apply) + description = "Allow C# Applications use MassTransit with Azure Service Bus" + id = (known after apply) + name = "Azure Service Bus Mass Transit" + role_definition_id = (known after apply) + role_definition_resource_id = (known after apply) + scope = (known after apply) + permissions { + actions = [ + "Microsoft.ServiceBus/namespaces/read", + "Microsoft.ServiceBus/namespaces/queues/*", + "Microsoft.ServiceBus/namespaces/topics/*", ] } } # module.service_bus.azurerm_servicebus_namespace.service_bus will be created + resource "azurerm_servicebus_namespace" "service_bus" { + capacity = 1 + default_primary_connection_string = (sensitive value) + default_primary_key = (sensitive value) + default_secondary_connection_string = (sensitive value) + default_secondary_key = (sensitive value) + endpoint = (known after apply) + id = (known after apply) + local_auth_enabled = false + location = (known after apply) + minimum_tls_version = "1.2" + name = "sbshared001at24" + premium_messaging_partitions = 1 + public_network_access_enabled = true + resource_group_name = "rgshared001at24" + sku = "Premium" + customer_managed_key { + identity_id = (known after apply) + infrastructure_encryption_enabled = true + key_vault_key_id = (known after apply) } + identity { + identity_ids = (known after apply) + principal_id = (known after apply) + tenant_id = (known after apply) + type = "UserAssigned" } + network_rule_set { + default_action = "Deny" + ip_rules = (sensitive value) + public_network_access_enabled = false + trusted_services_allowed = true } } # module.service_bus.azurerm_user_assigned_identity.service_bus will be created + resource "azurerm_user_assigned_identity" "service_bus" { + client_id = (known after apply) + id = (known after apply) + location = (known after apply) + name = "misbshared001at24" + principal_id = (known after apply) + resource_group_name = "rgshared001at24" + tenant_id = (known after apply) } # module.vnet.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at24" + tags = (known after apply) } # module.vnet.azurerm_subnet.vnet["default"] will be created + resource "azurerm_subnet" "vnet" { + address_prefixes = [ + "10.202.0.0/23", ] + default_outbound_access_enabled = true + id = (known after apply) + name = "default" + private_endpoint_network_policies = "Disabled" + private_link_service_network_policies_enabled = true + resource_group_name = "rgshared001at24" + virtual_network_name = "vnetshared001at24" } # module.vnet.azurerm_subnet.vnet["postgres"] will be created + resource "azurerm_subnet" "vnet" { + address_prefixes = [ + "10.202.2.0/28", ] + default_outbound_access_enabled = true + id = (known after apply) + name = "postgres" + private_endpoint_network_policies = "Disabled" + private_link_service_network_policies_enabled = true + resource_group_name = "rgshared001at24" + virtual_network_name = "vnetshared001at24" + delegation { + name = "fs" + service_delegation { + actions = [ + "Microsoft.Network/virtualNetworks/subnets/join/action", ] + name = "Microsoft.DBforPostgreSQL/flexibleServers" } } } # module.vnet.azurerm_virtual_network.vnet will be created + resource "azurerm_virtual_network" "vnet" { + address_space = [ + "10.202.0.0/22", ] + dns_servers = (known after apply) + guid = (known after apply) + id = (known after apply) + location = (known after apply) + name = "vnetshared001at24" + resource_group_name = "rgshared001at24" + subnet = (known after apply) } Plan: 35 to add, 0 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: tfplan.out To perform exactly these actions, run the following command to apply: terraform apply "tfplan.out" ```

Context	Values
Pusher	@lovoll
Action	push
Working Directory	./infrastructure/shared
State File	github.com/altinn/altinn-authorization/environments/at24/infrastructure.tfstate
Plan File	github.com_altinn_altinn-authorization_environments_at24_infrastructure.tfstate.tfplan

[github-actions[bot]]

Terraform environment AT23

Format and Style 🖌success

Initialization ⚙️success

Validation 🤖success

Validation Output

``` Success! The configuration is valid. ```

Plan 📖success

Show Plan

``` [Lines containing Refreshing state removed] [Maybe further truncated see logs for complete plan output] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create <= read (data resources) Terraform will perform the following actions: # azurerm_resource_group.shared will be created + resource "azurerm_resource_group" "shared" { + id = (known after apply) + location = "norwayeast" + name = "rgshared001at23" } # module.dns.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at23" + tags = (known after apply) } # module.dns.azurerm_private_dns_zone.dns["app_configuration"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.azconfig.io" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at23" } # module.dns.azurerm_private_dns_zone.dns["key_vault"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.vaultcore.azure.net" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at23" } # module.dns.azurerm_private_dns_zone.dns["postgres"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.postgres.database.azure.com" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at23" } # module.dns.azurerm_private_dns_zone.dns["service_bus"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.servicebus.windows.net" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at23" } # module.dns.azurerm_private_dns_zone.dns["storage_account_blob"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.blob.core.windows.net" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at23" } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["app_configuration"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "app_configuration" + private_dns_zone_name = "privatelink.azconfig.io" + registration_enabled = false + resource_group_name = "rgshared001at23" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["key_vault"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "key_vault" + private_dns_zone_name = "privatelink.vaultcore.azure.net" + registration_enabled = false + resource_group_name = "rgshared001at23" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["postgres"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "postgres" + private_dns_zone_name = "privatelink.postgres.database.azure.com" + registration_enabled = false + resource_group_name = "rgshared001at23" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["service_bus"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "service_bus" + private_dns_zone_name = "privatelink.servicebus.windows.net" + registration_enabled = false + resource_group_name = "rgshared001at23" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["storage_account_blob"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "storage_account_blob" + private_dns_zone_name = "privatelink.blob.core.windows.net" + registration_enabled = false + resource_group_name = "rgshared001at23" + virtual_network_id = (known after apply) } # module.key_vault.data.azurerm_client_config.current will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_client_config" "current" { + client_id = (known after apply) + id = (known after apply) + object_id = (known after apply) + subscription_id = (known after apply) + tenant_id = (known after apply) } # module.key_vault.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at23" + tags = (known after apply) } # module.key_vault.data.azurerm_role_definition.key_vault_administrator will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_role_definition" "key_vault_administrator" { + assignable_scopes = (known after apply) + description = (known after apply) + id = (known after apply) + name = (known after apply) + permissions = (known after apply) + role_definition_id = "00482a5a-887f-4fb3-b363-3b7fe8e74483" + type = (known after apply) } # module.key_vault.azurerm_key_vault.key_vault will be created + resource "azurerm_key_vault" "key_vault" { + access_policy = (known after apply) + enable_rbac_authorization = true + id = (known after apply) + location = (known after apply) + name = (known after apply) + public_network_access_enabled = true + purge_protection_enabled = true + resource_group_name = "rgshared001at23" + sku_name = "standard" + soft_delete_retention_days = 30 + tenant_id = (known after apply) + vault_uri = (known after apply) + network_acls { + bypass = "AzureServices" + default_action = "Allow" } } # module.key_vault.azurerm_private_endpoint.key_vault will be created + resource "azurerm_private_endpoint" "key_vault" { + custom_dns_configs = (known after apply) + custom_network_interface_name = (known after apply) + id = (known after apply) + location = (known after apply) + name = (known after apply) + network_interface = (known after apply) + private_dns_zone_configs = (known after apply) + resource_group_name = "rgshared001at23" + subnet_id = (known after apply) + private_dns_zone_group { + id = (known after apply) + name = (known after apply) + private_dns_zone_ids = (known after apply) } + private_service_connection { + is_manual_connection = false + name = (known after apply) + private_connection_resource_id = (known after apply) + private_ip_address = (known after apply) + subresource_names = [ + "vault", ] } } # module.key_vault.azurerm_role_assignment.key_vault_administrator will be created + resource "azurerm_role_assignment" "key_vault_administrator" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = (known after apply) + scope = (known after apply) + skip_service_principal_aad_check = (known after apply) } # module.key_vault.random_string.key_vault_name_prefix will be created + resource "random_string" "key_vault_name_prefix" { + id = (known after apply) + length = 4 + lower = true + min_lower = 0 + min_numeric = 0 + min_special = 0 + min_upper = 0 + number = false + numeric = false + result = (known after apply) + special = false + upper = false } # module.nat.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at23" + tags = (known after apply) } # module.nat.azurerm_nat_gateway.nat_gateway will be created + resource "azurerm_nat_gateway" "nat_gateway" { + id = (known after apply) + idle_timeout_in_minutes = 4 + location = (known after apply) + name = "natgwshared001at23" + resource_group_name = "rgshared001at23" + resource_guid = (known after apply) + sku_name = "Standard" } # module.nat.azurerm_nat_gateway_public_ip_association.nat_gateway will be created + resource "azurerm_nat_gateway_public_ip_association" "nat_gateway" { + id = (known after apply) + nat_gateway_id = (known after apply) + public_ip_address_id = (known after apply) } # module.nat.azurerm_public_ip.nat_gateway will be created + resource "azurerm_public_ip" "nat_gateway" { + allocation_method = "Static" + ddos_protection_mode = "VirtualNetworkInherited" + fqdn = (known after apply) + id = (known after apply) + idle_timeout_in_minutes = 4 + ip_address = (known after apply) + ip_version = "IPv4" + location = (known after apply) + name = "pipegressshared001at23" + resource_group_name = "rgshared001at23" + sku = "Standard" + sku_tier = "Regional" } # module.nat.azurerm_subnet_nat_gateway_association.nat_gateway["default"] will be created + resource "azurerm_subnet_nat_gateway_association" "nat_gateway" { + id = (known after apply) + nat_gateway_id = (known after apply) + subnet_id = (known after apply) } # module.nat.azurerm_subnet_nat_gateway_association.nat_gateway["postgres"] will be created + resource "azurerm_subnet_nat_gateway_association" "nat_gateway" { + id = (known after apply) + nat_gateway_id = (known after apply) + subnet_id = (known after apply) } # module.postgres_server.data.azurerm_client_config.current will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_client_config" "current" { + client_id = (known after apply) + id = (known after apply) + object_id = (known after apply) + subscription_id = (known after apply) + tenant_id = (known after apply) } # module.postgres_server.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at23" + tags = (known after apply) } # module.postgres_server.data.azurerm_role_definition.key_vault_crypto_officer will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_role_definition" "key_vault_crypto_officer" { + assignable_scopes = (known after apply) + description = (known after apply) + id = (known after apply) + name = (known after apply) + permissions = (known after apply) + role_definition_id = "14b46e9e-c2b7-41b4-b07b-48a6ebf60603" + type = (known after apply) } # module.postgres_server.azurerm_key_vault_key.postgres_server will be created + resource "azurerm_key_vault_key" "postgres_server" { + curve = (known after apply) + e = (known after apply) + id = (known after apply) + key_opts = [ + "unwrapKey", + "wrapKey", ] + key_size = 2048 + key_type = "RSA" + key_vault_id = (known after apply) + n = (known after apply) + name = "psqlsrvshared001at23" + public_key_openssh = (known after apply) + public_key_pem = (known after apply) + resource_id = (known after apply) + resource_versionless_id = (known after apply) + version = (known after apply) + versionless_id = (known after apply) + x = (known after apply) + y = (known after apply) } # module.postgres_server.azurerm_postgresql_flexible_server.postgres_server will be created + resource "azurerm_postgresql_flexible_server" "postgres_server" { + administrator_login = (known after apply) + auto_grow_enabled = true + backup_retention_days = (known after apply) + delegated_subnet_id = (known after apply) + fqdn = (known after apply) + geo_redundant_backup_enabled = false + id = (known after apply) + location = (known after apply) + name = "psqlsrvshared001at23" + private_dns_zone_id = (known after apply) + public_network_access_enabled = false + resource_group_name = "rgshared001at23" + sku_name = "GP_Standard_D4s_v3" + storage_mb = 32768 + storage_tier = "P30" + version = "12" + zone = "1" + authentication { + active_directory_auth_enabled = true + password_auth_enabled = false + tenant_id = (known after apply) } + customer_managed_key { + key_vault_key_id = (known after apply) + primary_user_assigned_identity_id = (known after apply) } + identity { + identity_ids = (known after apply) + type = "UserAssigned" } } # module.postgres_server.azurerm_postgresql_flexible_server_active_directory_administrator.admin will be created + resource "azurerm_postgresql_flexible_server_active_directory_administrator" "admin" { + id = (known after apply) + object_id = (known after apply) + principal_name = "mipsqlsrvadminshared001at23" + principal_type = "ServicePrincipal" + resource_group_name = "rgshared001at23" + server_name = "psqlsrvshared001at23" + tenant_id = (known after apply) } # module.postgres_server.azurerm_role_assignment.key_vault_crypto_officer will be created + resource "azurerm_role_assignment" "key_vault_crypto_officer" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = (known after apply) + scope = (known after apply) + skip_service_principal_aad_check = true } # module.postgres_server.azurerm_user_assigned_identity.postgres_server will be created + resource "azurerm_user_assigned_identity" "postgres_server" { + client_id = (known after apply) + id = (known after apply) + location = (known after apply) + name = "mipsqlsrvshared001at23" + principal_id = (known after apply) + resource_group_name = "rgshared001at23" + tenant_id = (known after apply) } # module.postgres_server.azurerm_user_assigned_identity.postgres_server_admin will be created + resource "azurerm_user_assigned_identity" "postgres_server_admin" { + client_id = (known after apply) + id = (known after apply) + location = (known after apply) + name = "mipsqlsrvadminshared001at23" + principal_id = (known after apply) + resource_group_name = "rgshared001at23" + tenant_id = (known after apply) } # module.service_bus.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at23" + tags = (known after apply) } # module.service_bus.data.azurerm_role_definition.key_vault_crypto_officer will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_role_definition" "key_vault_crypto_officer" { + assignable_scopes = (known after apply) + description = (known after apply) + id = (known after apply) + name = (known after apply) + permissions = (known after apply) + role_definition_id = "14b46e9e-c2b7-41b4-b07b-48a6ebf60603" + type = (known after apply) } # module.service_bus.azurerm_key_vault_key.service_bus[0] will be created + resource "azurerm_key_vault_key" "service_bus" { + curve = (known after apply) + e = (known after apply) + id = (known after apply) + key_opts = [ + "unwrapKey", + "wrapKey", ] + key_size = 2048 + key_type = "RSA" + key_vault_id = (known after apply) + n = (known after apply) + name = "sbshared001at23" + public_key_openssh = (known after apply) + public_key_pem = (known after apply) + resource_id = (known after apply) + resource_versionless_id = (known after apply) + version = (known after apply) + versionless_id = (known after apply) + x = (known after apply) + y = (known after apply) } # module.service_bus.azurerm_private_endpoint.service_bus_private_endpoint[0] will be created + resource "azurerm_private_endpoint" "service_bus_private_endpoint" { + custom_dns_configs = (known after apply) + custom_network_interface_name = "nicsbshared001at23" + id = (known after apply) + location = (known after apply) + name = "pesbshared001at23" + network_interface = (known after apply) + private_dns_zone_configs = (known after apply) + resource_group_name = "rgshared001at23" + subnet_id = (known after apply) + private_dns_zone_group { + id = (known after apply) + name = "sbshared001at23" + private_dns_zone_ids = (known after apply) } + private_service_connection { + is_manual_connection = false + name = "sbshared001at23" + private_connection_resource_id = (known after apply) + private_ip_address = (known after apply) + subresource_names = [ + "namespace", ] } } # module.service_bus.azurerm_role_assignment.key_vault_crypto_officer will be created + resource "azurerm_role_assignment" "key_vault_crypto_officer" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = (known after apply) + scope = (known after apply) + skip_service_principal_aad_check = true } # module.service_bus.azurerm_role_definition.service_bus_masstransit will be created + resource "azurerm_role_definition" "service_bus_masstransit" { + assignable_scopes = (known after apply) + description = "Allow C# Applications use MassTransit with Azure Service Bus" + id = (known after apply) + name = "Azure Service Bus Mass Transit" + role_definition_id = (known after apply) + role_definition_resource_id = (known after apply) + scope = (known after apply) + permissions { + actions = [ + "Microsoft.ServiceBus/namespaces/read", + "Microsoft.ServiceBus/namespaces/queues/*", + "Microsoft.ServiceBus/namespaces/topics/*", ] } } # module.service_bus.azurerm_servicebus_namespace.service_bus will be created + resource "azurerm_servicebus_namespace" "service_bus" { + capacity = 1 + default_primary_connection_string = (sensitive value) + default_primary_key = (sensitive value) + default_secondary_connection_string = (sensitive value) + default_secondary_key = (sensitive value) + endpoint = (known after apply) + id = (known after apply) + local_auth_enabled = false + location = (known after apply) + minimum_tls_version = "1.2" + name = "sbshared001at23" + premium_messaging_partitions = 1 + public_network_access_enabled = true + resource_group_name = "rgshared001at23" + sku = "Premium" + customer_managed_key { + identity_id = (known after apply) + infrastructure_encryption_enabled = true + key_vault_key_id = (known after apply) } + identity { + identity_ids = (known after apply) + principal_id = (known after apply) + tenant_id = (known after apply) + type = "UserAssigned" } + network_rule_set { + default_action = "Deny" + ip_rules = (sensitive value) + public_network_access_enabled = false + trusted_services_allowed = true } } # module.service_bus.azurerm_user_assigned_identity.service_bus will be created + resource "azurerm_user_assigned_identity" "service_bus" { + client_id = (known after apply) + id = (known after apply) + location = (known after apply) + name = "misbshared001at23" + principal_id = (known after apply) + resource_group_name = "rgshared001at23" + tenant_id = (known after apply) } # module.vnet.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at23" + tags = (known after apply) } # module.vnet.azurerm_subnet.vnet["default"] will be created + resource "azurerm_subnet" "vnet" { + address_prefixes = [ + "10.202.0.0/23", ] + default_outbound_access_enabled = true + id = (known after apply) + name = "default" + private_endpoint_network_policies = "Disabled" + private_link_service_network_policies_enabled = true + resource_group_name = "rgshared001at23" + virtual_network_name = "vnetshared001at23" } # module.vnet.azurerm_subnet.vnet["postgres"] will be created + resource "azurerm_subnet" "vnet" { + address_prefixes = [ + "10.202.2.0/28", ] + default_outbound_access_enabled = true + id = (known after apply) + name = "postgres" + private_endpoint_network_policies = "Disabled" + private_link_service_network_policies_enabled = true + resource_group_name = "rgshared001at23" + virtual_network_name = "vnetshared001at23" + delegation { + name = "fs" + service_delegation { + actions = [ + "Microsoft.Network/virtualNetworks/subnets/join/action", ] + name = "Microsoft.DBforPostgreSQL/flexibleServers" } } } # module.vnet.azurerm_virtual_network.vnet will be created + resource "azurerm_virtual_network" "vnet" { + address_space = [ + "10.202.0.0/22", ] + dns_servers = (known after apply) + guid = (known after apply) + id = (known after apply) + location = (known after apply) + name = "vnetshared001at23" + resource_group_name = "rgshared001at23" + subnet = (known after apply) } Plan: 35 to add, 0 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: tfplan.out To perform exactly these actions, run the following command to apply: terraform apply "tfplan.out" ```

Context	Values
Pusher	@lovoll
Action	push
Working Directory	./infrastructure/shared
State File	github.com/altinn/altinn-authorization/environments/at23/infrastructure.tfstate
Plan File	github.com_altinn_altinn-authorization_environments_at23_infrastructure.tfstate.tfplan

[github-actions[bot]]

Terraform environment AT21

Format and Style 🖌success

Initialization ⚙️success

Validation 🤖success

Validation Output

``` Success! The configuration is valid. ```

Plan 📖success

Show Plan

``` [Lines containing Refreshing state removed] [Maybe further truncated see logs for complete plan output] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create <= read (data resources) Terraform will perform the following actions: # azurerm_resource_group.shared will be created + resource "azurerm_resource_group" "shared" { + id = (known after apply) + location = "norwayeast" + name = "rgshared001at21" } # module.dns.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at21" + tags = (known after apply) } # module.dns.azurerm_private_dns_zone.dns["app_configuration"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.azconfig.io" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at21" } # module.dns.azurerm_private_dns_zone.dns["key_vault"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.vaultcore.azure.net" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at21" } # module.dns.azurerm_private_dns_zone.dns["postgres"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.postgres.database.azure.com" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at21" } # module.dns.azurerm_private_dns_zone.dns["service_bus"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.servicebus.windows.net" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at21" } # module.dns.azurerm_private_dns_zone.dns["storage_account_blob"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.blob.core.windows.net" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at21" } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["app_configuration"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "app_configuration" + private_dns_zone_name = "privatelink.azconfig.io" + registration_enabled = false + resource_group_name = "rgshared001at21" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["key_vault"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "key_vault" + private_dns_zone_name = "privatelink.vaultcore.azure.net" + registration_enabled = false + resource_group_name = "rgshared001at21" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["postgres"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "postgres" + private_dns_zone_name = "privatelink.postgres.database.azure.com" + registration_enabled = false + resource_group_name = "rgshared001at21" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["service_bus"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "service_bus" + private_dns_zone_name = "privatelink.servicebus.windows.net" + registration_enabled = false + resource_group_name = "rgshared001at21" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["storage_account_blob"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "storage_account_blob" + private_dns_zone_name = "privatelink.blob.core.windows.net" + registration_enabled = false + resource_group_name = "rgshared001at21" + virtual_network_id = (known after apply) } # module.key_vault.data.azurerm_client_config.current will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_client_config" "current" { + client_id = (known after apply) + id = (known after apply) + object_id = (known after apply) + subscription_id = (known after apply) + tenant_id = (known after apply) } # module.key_vault.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at21" + tags = (known after apply) } # module.key_vault.data.azurerm_role_definition.key_vault_administrator will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_role_definition" "key_vault_administrator" { + assignable_scopes = (known after apply) + description = (known after apply) + id = (known after apply) + name = (known after apply) + permissions = (known after apply) + role_definition_id = "00482a5a-887f-4fb3-b363-3b7fe8e74483" + type = (known after apply) } # module.key_vault.azurerm_key_vault.key_vault will be created + resource "azurerm_key_vault" "key_vault" { + access_policy = (known after apply) + enable_rbac_authorization = true + id = (known after apply) + location = (known after apply) + name = (known after apply) + public_network_access_enabled = true + purge_protection_enabled = true + resource_group_name = "rgshared001at21" + sku_name = "standard" + soft_delete_retention_days = 30 + tenant_id = (known after apply) + vault_uri = (known after apply) + network_acls { + bypass = "AzureServices" + default_action = "Allow" } } # module.key_vault.azurerm_private_endpoint.key_vault will be created + resource "azurerm_private_endpoint" "key_vault" { + custom_dns_configs = (known after apply) + custom_network_interface_name = (known after apply) + id = (known after apply) + location = (known after apply) + name = (known after apply) + network_interface = (known after apply) + private_dns_zone_configs = (known after apply) + resource_group_name = "rgshared001at21" + subnet_id = (known after apply) + private_dns_zone_group { + id = (known after apply) + name = (known after apply) + private_dns_zone_ids = (known after apply) } + private_service_connection { + is_manual_connection = false + name = (known after apply) + private_connection_resource_id = (known after apply) + private_ip_address = (known after apply) + subresource_names = [ + "vault", ] } } # module.key_vault.azurerm_role_assignment.key_vault_administrator will be created + resource "azurerm_role_assignment" "key_vault_administrator" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = (known after apply) + scope = (known after apply) + skip_service_principal_aad_check = (known after apply) } # module.key_vault.random_string.key_vault_name_prefix will be created + resource "random_string" "key_vault_name_prefix" { + id = (known after apply) + length = 4 + lower = true + min_lower = 0 + min_numeric = 0 + min_special = 0 + min_upper = 0 + number = false + numeric = false + result = (known after apply) + special = false + upper = false } # module.nat.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at21" + tags = (known after apply) } # module.nat.azurerm_nat_gateway.nat_gateway will be created + resource "azurerm_nat_gateway" "nat_gateway" { + id = (known after apply) + idle_timeout_in_minutes = 4 + location = (known after apply) + name = "natgwshared001at21" + resource_group_name = "rgshared001at21" + resource_guid = (known after apply) + sku_name = "Standard" } # module.nat.azurerm_nat_gateway_public_ip_association.nat_gateway will be created + resource "azurerm_nat_gateway_public_ip_association" "nat_gateway" { + id = (known after apply) + nat_gateway_id = (known after apply) + public_ip_address_id = (known after apply) } # module.nat.azurerm_public_ip.nat_gateway will be created + resource "azurerm_public_ip" "nat_gateway" { + allocation_method = "Static" + ddos_protection_mode = "VirtualNetworkInherited" + fqdn = (known after apply) + id = (known after apply) + idle_timeout_in_minutes = 4 + ip_address = (known after apply) + ip_version = "IPv4" + location = (known after apply) + name = "pipegressshared001at21" + resource_group_name = "rgshared001at21" + sku = "Standard" + sku_tier = "Regional" } # module.nat.azurerm_subnet_nat_gateway_association.nat_gateway["default"] will be created + resource "azurerm_subnet_nat_gateway_association" "nat_gateway" { + id = (known after apply) + nat_gateway_id = (known after apply) + subnet_id = (known after apply) } # module.nat.azurerm_subnet_nat_gateway_association.nat_gateway["postgres"] will be created + resource "azurerm_subnet_nat_gateway_association" "nat_gateway" { + id = (known after apply) + nat_gateway_id = (known after apply) + subnet_id = (known after apply) } # module.postgres_server.data.azurerm_client_config.current will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_client_config" "current" { + client_id = (known after apply) + id = (known after apply) + object_id = (known after apply) + subscription_id = (known after apply) + tenant_id = (known after apply) } # module.postgres_server.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at21" + tags = (known after apply) } # module.postgres_server.data.azurerm_role_definition.key_vault_crypto_officer will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_role_definition" "key_vault_crypto_officer" { + assignable_scopes = (known after apply) + description = (known after apply) + id = (known after apply) + name = (known after apply) + permissions = (known after apply) + role_definition_id = "14b46e9e-c2b7-41b4-b07b-48a6ebf60603" + type = (known after apply) } # module.postgres_server.azurerm_key_vault_key.postgres_server will be created + resource "azurerm_key_vault_key" "postgres_server" { + curve = (known after apply) + e = (known after apply) + id = (known after apply) + key_opts = [ + "unwrapKey", + "wrapKey", ] + key_size = 2048 + key_type = "RSA" + key_vault_id = (known after apply) + n = (known after apply) + name = "psqlsrvshared001at21" + public_key_openssh = (known after apply) + public_key_pem = (known after apply) + resource_id = (known after apply) + resource_versionless_id = (known after apply) + version = (known after apply) + versionless_id = (known after apply) + x = (known after apply) + y = (known after apply) } # module.postgres_server.azurerm_postgresql_flexible_server.postgres_server will be created + resource "azurerm_postgresql_flexible_server" "postgres_server" { + administrator_login = (known after apply) + auto_grow_enabled = true + backup_retention_days = (known after apply) + delegated_subnet_id = (known after apply) + fqdn = (known after apply) + geo_redundant_backup_enabled = false + id = (known after apply) + location = (known after apply) + name = "psqlsrvshared001at21" + private_dns_zone_id = (known after apply) + public_network_access_enabled = false + resource_group_name = "rgshared001at21" + sku_name = "GP_Standard_D4s_v3" + storage_mb = 32768 + storage_tier = "P30" + version = "12" + zone = "1" + authentication { + active_directory_auth_enabled = true + password_auth_enabled = false + tenant_id = (known after apply) } + customer_managed_key { + key_vault_key_id = (known after apply) + primary_user_assigned_identity_id = (known after apply) } + identity { + identity_ids = (known after apply) + type = "UserAssigned" } } # module.postgres_server.azurerm_postgresql_flexible_server_active_directory_administrator.admin will be created + resource "azurerm_postgresql_flexible_server_active_directory_administrator" "admin" { + id = (known after apply) + object_id = (known after apply) + principal_name = "mipsqlsrvadminshared001at21" + principal_type = "ServicePrincipal" + resource_group_name = "rgshared001at21" + server_name = "psqlsrvshared001at21" + tenant_id = (known after apply) } # module.postgres_server.azurerm_role_assignment.key_vault_crypto_officer will be created + resource "azurerm_role_assignment" "key_vault_crypto_officer" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = (known after apply) + scope = (known after apply) + skip_service_principal_aad_check = true } # module.postgres_server.azurerm_user_assigned_identity.postgres_server will be created + resource "azurerm_user_assigned_identity" "postgres_server" { + client_id = (known after apply) + id = (known after apply) + location = (known after apply) + name = "mipsqlsrvshared001at21" + principal_id = (known after apply) + resource_group_name = "rgshared001at21" + tenant_id = (known after apply) } # module.postgres_server.azurerm_user_assigned_identity.postgres_server_admin will be created + resource "azurerm_user_assigned_identity" "postgres_server_admin" { + client_id = (known after apply) + id = (known after apply) + location = (known after apply) + name = "mipsqlsrvadminshared001at21" + principal_id = (known after apply) + resource_group_name = "rgshared001at21" + tenant_id = (known after apply) } # module.service_bus.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at21" + tags = (known after apply) } # module.service_bus.data.azurerm_role_definition.key_vault_crypto_officer will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_role_definition" "key_vault_crypto_officer" { + assignable_scopes = (known after apply) + description = (known after apply) + id = (known after apply) + name = (known after apply) + permissions = (known after apply) + role_definition_id = "14b46e9e-c2b7-41b4-b07b-48a6ebf60603" + type = (known after apply) } # module.service_bus.azurerm_key_vault_key.service_bus[0] will be created + resource "azurerm_key_vault_key" "service_bus" { + curve = (known after apply) + e = (known after apply) + id = (known after apply) + key_opts = [ + "unwrapKey", + "wrapKey", ] + key_size = 2048 + key_type = "RSA" + key_vault_id = (known after apply) + n = (known after apply) + name = "sbshared001at21" + public_key_openssh = (known after apply) + public_key_pem = (known after apply) + resource_id = (known after apply) + resource_versionless_id = (known after apply) + version = (known after apply) + versionless_id = (known after apply) + x = (known after apply) + y = (known after apply) } # module.service_bus.azurerm_private_endpoint.service_bus_private_endpoint[0] will be created + resource "azurerm_private_endpoint" "service_bus_private_endpoint" { + custom_dns_configs = (known after apply) + custom_network_interface_name = "nicsbshared001at21" + id = (known after apply) + location = (known after apply) + name = "pesbshared001at21" + network_interface = (known after apply) + private_dns_zone_configs = (known after apply) + resource_group_name = "rgshared001at21" + subnet_id = (known after apply) + private_dns_zone_group { + id = (known after apply) + name = "sbshared001at21" + private_dns_zone_ids = (known after apply) } + private_service_connection { + is_manual_connection = false + name = "sbshared001at21" + private_connection_resource_id = (known after apply) + private_ip_address = (known after apply) + subresource_names = [ + "namespace", ] } } # module.service_bus.azurerm_role_assignment.key_vault_crypto_officer will be created + resource "azurerm_role_assignment" "key_vault_crypto_officer" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = (known after apply) + scope = (known after apply) + skip_service_principal_aad_check = true } # module.service_bus.azurerm_role_definition.service_bus_masstransit will be created + resource "azurerm_role_definition" "service_bus_masstransit" { + assignable_scopes = (known after apply) + description = "Allow C# Applications use MassTransit with Azure Service Bus" + id = (known after apply) + name = "Azure Service Bus Mass Transit" + role_definition_id = (known after apply) + role_definition_resource_id = (known after apply) + scope = (known after apply) + permissions { + actions = [ + "Microsoft.ServiceBus/namespaces/read", + "Microsoft.ServiceBus/namespaces/queues/*", + "Microsoft.ServiceBus/namespaces/topics/*", ] } } # module.service_bus.azurerm_servicebus_namespace.service_bus will be created + resource "azurerm_servicebus_namespace" "service_bus" { + capacity = 1 + default_primary_connection_string = (sensitive value) + default_primary_key = (sensitive value) + default_secondary_connection_string = (sensitive value) + default_secondary_key = (sensitive value) + endpoint = (known after apply) + id = (known after apply) + local_auth_enabled = false + location = (known after apply) + minimum_tls_version = "1.2" + name = "sbshared001at21" + premium_messaging_partitions = 1 + public_network_access_enabled = true + resource_group_name = "rgshared001at21" + sku = "Premium" + customer_managed_key { + identity_id = (known after apply) + infrastructure_encryption_enabled = true + key_vault_key_id = (known after apply) } + identity { + identity_ids = (known after apply) + principal_id = (known after apply) + tenant_id = (known after apply) + type = "UserAssigned" } + network_rule_set { + default_action = "Deny" + ip_rules = (sensitive value) + public_network_access_enabled = false + trusted_services_allowed = true } } # module.service_bus.azurerm_user_assigned_identity.service_bus will be created + resource "azurerm_user_assigned_identity" "service_bus" { + client_id = (known after apply) + id = (known after apply) + location = (known after apply) + name = "misbshared001at21" + principal_id = (known after apply) + resource_group_name = "rgshared001at21" + tenant_id = (known after apply) } # module.vnet.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at21" + tags = (known after apply) } # module.vnet.azurerm_subnet.vnet["default"] will be created + resource "azurerm_subnet" "vnet" { + address_prefixes = [ + "10.202.0.0/23", ] + default_outbound_access_enabled = true + id = (known after apply) + name = "default" + private_endpoint_network_policies = "Disabled" + private_link_service_network_policies_enabled = true + resource_group_name = "rgshared001at21" + virtual_network_name = "vnetshared001at21" } # module.vnet.azurerm_subnet.vnet["postgres"] will be created + resource "azurerm_subnet" "vnet" { + address_prefixes = [ + "10.202.2.0/28", ] + default_outbound_access_enabled = true + id = (known after apply) + name = "postgres" + private_endpoint_network_policies = "Disabled" + private_link_service_network_policies_enabled = true + resource_group_name = "rgshared001at21" + virtual_network_name = "vnetshared001at21" + delegation { + name = "fs" + service_delegation { + actions = [ + "Microsoft.Network/virtualNetworks/subnets/join/action", ] + name = "Microsoft.DBforPostgreSQL/flexibleServers" } } } # module.vnet.azurerm_virtual_network.vnet will be created + resource "azurerm_virtual_network" "vnet" { + address_space = [ + "10.202.0.0/22", ] + dns_servers = (known after apply) + guid = (known after apply) + id = (known after apply) + location = (known after apply) + name = "vnetshared001at21" + resource_group_name = "rgshared001at21" + subnet = (known after apply) } Plan: 35 to add, 0 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: tfplan.out To perform exactly these actions, run the following command to apply: terraform apply "tfplan.out" ```

Context	Values
Pusher	@lovoll
Action	push
Working Directory	./infrastructure/shared
State File	github.com/altinn/altinn-authorization/environments/at21/infrastructure.tfstate
Plan File	github.com_altinn_altinn-authorization_environments_at21_infrastructure.tfstate.tfplan

[github-actions[bot]]

Terraform environment AT22

Format and Style 🖌success

Initialization ⚙️success

Validation 🤖success

Validation Output

``` Success! The configuration is valid. ```

Plan 📖success

Show Plan

``` [Lines containing Refreshing state removed] [Maybe further truncated see logs for complete plan output] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create <= read (data resources) Terraform will perform the following actions: # azurerm_resource_group.shared will be created + resource "azurerm_resource_group" "shared" { + id = (known after apply) + location = "norwayeast" + name = "rgshared001at22" } # module.dns.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at22" + tags = (known after apply) } # module.dns.azurerm_private_dns_zone.dns["app_configuration"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.azconfig.io" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at22" } # module.dns.azurerm_private_dns_zone.dns["key_vault"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.vaultcore.azure.net" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at22" } # module.dns.azurerm_private_dns_zone.dns["postgres"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.postgres.database.azure.com" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at22" } # module.dns.azurerm_private_dns_zone.dns["service_bus"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.servicebus.windows.net" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at22" } # module.dns.azurerm_private_dns_zone.dns["storage_account_blob"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.blob.core.windows.net" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at22" } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["app_configuration"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "app_configuration" + private_dns_zone_name = "privatelink.azconfig.io" + registration_enabled = false + resource_group_name = "rgshared001at22" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["key_vault"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "key_vault" + private_dns_zone_name = "privatelink.vaultcore.azure.net" + registration_enabled = false + resource_group_name = "rgshared001at22" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["postgres"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "postgres" + private_dns_zone_name = "privatelink.postgres.database.azure.com" + registration_enabled = false + resource_group_name = "rgshared001at22" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["service_bus"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "service_bus" + private_dns_zone_name = "privatelink.servicebus.windows.net" + registration_enabled = false + resource_group_name = "rgshared001at22" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["storage_account_blob"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "storage_account_blob" + private_dns_zone_name = "privatelink.blob.core.windows.net" + registration_enabled = false + resource_group_name = "rgshared001at22" + virtual_network_id = (known after apply) } # module.key_vault.data.azurerm_client_config.current will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_client_config" "current" { + client_id = (known after apply) + id = (known after apply) + object_id = (known after apply) + subscription_id = (known after apply) + tenant_id = (known after apply) } # module.key_vault.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at22" + tags = (known after apply) } # module.key_vault.data.azurerm_role_definition.key_vault_administrator will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_role_definition" "key_vault_administrator" { + assignable_scopes = (known after apply) + description = (known after apply) + id = (known after apply) + name = (known after apply) + permissions = (known after apply) + role_definition_id = "00482a5a-887f-4fb3-b363-3b7fe8e74483" + type = (known after apply) } # module.key_vault.azurerm_key_vault.key_vault will be created + resource "azurerm_key_vault" "key_vault" { + access_policy = (known after apply) + enable_rbac_authorization = true + id = (known after apply) + location = (known after apply) + name = (known after apply) + public_network_access_enabled = true + purge_protection_enabled = true + resource_group_name = "rgshared001at22" + sku_name = "standard" + soft_delete_retention_days = 30 + tenant_id = (known after apply) + vault_uri = (known after apply) + network_acls { + bypass = "AzureServices" + default_action = "Allow" } } # module.key_vault.azurerm_private_endpoint.key_vault will be created + resource "azurerm_private_endpoint" "key_vault" { + custom_dns_configs = (known after apply) + custom_network_interface_name = (known after apply) + id = (known after apply) + location = (known after apply) + name = (known after apply) + network_interface = (known after apply) + private_dns_zone_configs = (known after apply) + resource_group_name = "rgshared001at22" + subnet_id = (known after apply) + private_dns_zone_group { + id = (known after apply) + name = (known after apply) + private_dns_zone_ids = (known after apply) } + private_service_connection { + is_manual_connection = false + name = (known after apply) + private_connection_resource_id = (known after apply) + private_ip_address = (known after apply) + subresource_names = [ + "vault", ] } } # module.key_vault.azurerm_role_assignment.key_vault_administrator will be created + resource "azurerm_role_assignment" "key_vault_administrator" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = (known after apply) + scope = (known after apply) + skip_service_principal_aad_check = (known after apply) } # module.key_vault.random_string.key_vault_name_prefix will be created + resource "random_string" "key_vault_name_prefix" { + id = (known after apply) + length = 4 + lower = true + min_lower = 0 + min_numeric = 0 + min_special = 0 + min_upper = 0 + number = false + numeric = false + result = (known after apply) + special = false + upper = false } # module.nat.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at22" + tags = (known after apply) } # module.nat.azurerm_nat_gateway.nat_gateway will be created + resource "azurerm_nat_gateway" "nat_gateway" { + id = (known after apply) + idle_timeout_in_minutes = 4 + location = (known after apply) + name = "natgwshared001at22" + resource_group_name = "rgshared001at22" + resource_guid = (known after apply) + sku_name = "Standard" } # module.nat.azurerm_nat_gateway_public_ip_association.nat_gateway will be created + resource "azurerm_nat_gateway_public_ip_association" "nat_gateway" { + id = (known after apply) + nat_gateway_id = (known after apply) + public_ip_address_id = (known after apply) } # module.nat.azurerm_public_ip.nat_gateway will be created + resource "azurerm_public_ip" "nat_gateway" { + allocation_method = "Static" + ddos_protection_mode = "VirtualNetworkInherited" + fqdn = (known after apply) + id = (known after apply) + idle_timeout_in_minutes = 4 + ip_address = (known after apply) + ip_version = "IPv4" + location = (known after apply) + name = "pipegressshared001at22" + resource_group_name = "rgshared001at22" + sku = "Standard" + sku_tier = "Regional" } # module.nat.azurerm_subnet_nat_gateway_association.nat_gateway["default"] will be created + resource "azurerm_subnet_nat_gateway_association" "nat_gateway" { + id = (known after apply) + nat_gateway_id = (known after apply) + subnet_id = (known after apply) } # module.nat.azurerm_subnet_nat_gateway_association.nat_gateway["postgres"] will be created + resource "azurerm_subnet_nat_gateway_association" "nat_gateway" { + id = (known after apply) + nat_gateway_id = (known after apply) + subnet_id = (known after apply) } # module.postgres_server.data.azurerm_client_config.current will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_client_config" "current" { + client_id = (known after apply) + id = (known after apply) + object_id = (known after apply) + subscription_id = (known after apply) + tenant_id = (known after apply) } # module.postgres_server.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at22" + tags = (known after apply) } # module.postgres_server.data.azurerm_role_definition.key_vault_crypto_officer will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_role_definition" "key_vault_crypto_officer" { + assignable_scopes = (known after apply) + description = (known after apply) + id = (known after apply) + name = (known after apply) + permissions = (known after apply) + role_definition_id = "14b46e9e-c2b7-41b4-b07b-48a6ebf60603" + type = (known after apply) } # module.postgres_server.azurerm_key_vault_key.postgres_server will be created + resource "azurerm_key_vault_key" "postgres_server" { + curve = (known after apply) + e = (known after apply) + id = (known after apply) + key_opts = [ + "unwrapKey", + "wrapKey", ] + key_size = 2048 + key_type = "RSA" + key_vault_id = (known after apply) + n = (known after apply) + name = "psqlsrvshared001at22" + public_key_openssh = (known after apply) + public_key_pem = (known after apply) + resource_id = (known after apply) + resource_versionless_id = (known after apply) + version = (known after apply) + versionless_id = (known after apply) + x = (known after apply) + y = (known after apply) } # module.postgres_server.azurerm_postgresql_flexible_server.postgres_server will be created + resource "azurerm_postgresql_flexible_server" "postgres_server" { + administrator_login = (known after apply) + auto_grow_enabled = true + backup_retention_days = (known after apply) + delegated_subnet_id = (known after apply) + fqdn = (known after apply) + geo_redundant_backup_enabled = false + id = (known after apply) + location = (known after apply) + name = "psqlsrvshared001at22" + private_dns_zone_id = (known after apply) + public_network_access_enabled = false + resource_group_name = "rgshared001at22" + sku_name = "GP_Standard_D4s_v3" + storage_mb = 32768 + storage_tier = "P30" + version = "12" + zone = "1" + authentication { + active_directory_auth_enabled = true + password_auth_enabled = false + tenant_id = (known after apply) } + customer_managed_key { + key_vault_key_id = (known after apply) + primary_user_assigned_identity_id = (known after apply) } + identity { + identity_ids = (known after apply) + type = "UserAssigned" } } # module.postgres_server.azurerm_postgresql_flexible_server_active_directory_administrator.admin will be created + resource "azurerm_postgresql_flexible_server_active_directory_administrator" "admin" { + id = (known after apply) + object_id = (known after apply) + principal_name = "mipsqlsrvadminshared001at22" + principal_type = "ServicePrincipal" + resource_group_name = "rgshared001at22" + server_name = "psqlsrvshared001at22" + tenant_id = (known after apply) } # module.postgres_server.azurerm_role_assignment.key_vault_crypto_officer will be created + resource "azurerm_role_assignment" "key_vault_crypto_officer" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = (known after apply) + scope = (known after apply) + skip_service_principal_aad_check = true } # module.postgres_server.azurerm_user_assigned_identity.postgres_server will be created + resource "azurerm_user_assigned_identity" "postgres_server" { + client_id = (known after apply) + id = (known after apply) + location = (known after apply) + name = "mipsqlsrvshared001at22" + principal_id = (known after apply) + resource_group_name = "rgshared001at22" + tenant_id = (known after apply) } # module.postgres_server.azurerm_user_assigned_identity.postgres_server_admin will be created + resource "azurerm_user_assigned_identity" "postgres_server_admin" { + client_id = (known after apply) + id = (known after apply) + location = (known after apply) + name = "mipsqlsrvadminshared001at22" + principal_id = (known after apply) + resource_group_name = "rgshared001at22" + tenant_id = (known after apply) } # module.service_bus.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at22" + tags = (known after apply) } # module.service_bus.data.azurerm_role_definition.key_vault_crypto_officer will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_role_definition" "key_vault_crypto_officer" { + assignable_scopes = (known after apply) + description = (known after apply) + id = (known after apply) + name = (known after apply) + permissions = (known after apply) + role_definition_id = "14b46e9e-c2b7-41b4-b07b-48a6ebf60603" + type = (known after apply) } # module.service_bus.azurerm_key_vault_key.service_bus[0] will be created + resource "azurerm_key_vault_key" "service_bus" { + curve = (known after apply) + e = (known after apply) + id = (known after apply) + key_opts = [ + "unwrapKey", + "wrapKey", ] + key_size = 2048 + key_type = "RSA" + key_vault_id = (known after apply) + n = (known after apply) + name = "sbshared001at22" + public_key_openssh = (known after apply) + public_key_pem = (known after apply) + resource_id = (known after apply) + resource_versionless_id = (known after apply) + version = (known after apply) + versionless_id = (known after apply) + x = (known after apply) + y = (known after apply) } # module.service_bus.azurerm_private_endpoint.service_bus_private_endpoint[0] will be created + resource "azurerm_private_endpoint" "service_bus_private_endpoint" { + custom_dns_configs = (known after apply) + custom_network_interface_name = "nicsbshared001at22" + id = (known after apply) + location = (known after apply) + name = "pesbshared001at22" + network_interface = (known after apply) + private_dns_zone_configs = (known after apply) + resource_group_name = "rgshared001at22" + subnet_id = (known after apply) + private_dns_zone_group { + id = (known after apply) + name = "sbshared001at22" + private_dns_zone_ids = (known after apply) } + private_service_connection { + is_manual_connection = false + name = "sbshared001at22" + private_connection_resource_id = (known after apply) + private_ip_address = (known after apply) + subresource_names = [ + "namespace", ] } } # module.service_bus.azurerm_role_assignment.key_vault_crypto_officer will be created + resource "azurerm_role_assignment" "key_vault_crypto_officer" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = (known after apply) + scope = (known after apply) + skip_service_principal_aad_check = true } # module.service_bus.azurerm_role_definition.service_bus_masstransit will be created + resource "azurerm_role_definition" "service_bus_masstransit" { + assignable_scopes = (known after apply) + description = "Allow C# Applications use MassTransit with Azure Service Bus" + id = (known after apply) + name = "Azure Service Bus Mass Transit" + role_definition_id = (known after apply) + role_definition_resource_id = (known after apply) + scope = (known after apply) + permissions { + actions = [ + "Microsoft.ServiceBus/namespaces/read", + "Microsoft.ServiceBus/namespaces/queues/*", + "Microsoft.ServiceBus/namespaces/topics/*", ] } } # module.service_bus.azurerm_servicebus_namespace.service_bus will be created + resource "azurerm_servicebus_namespace" "service_bus" { + capacity = 1 + default_primary_connection_string = (sensitive value) + default_primary_key = (sensitive value) + default_secondary_connection_string = (sensitive value) + default_secondary_key = (sensitive value) + endpoint = (known after apply) + id = (known after apply) + local_auth_enabled = false + location = (known after apply) + minimum_tls_version = "1.2" + name = "sbshared001at22" + premium_messaging_partitions = 1 + public_network_access_enabled = true + resource_group_name = "rgshared001at22" + sku = "Premium" + customer_managed_key { + identity_id = (known after apply) + infrastructure_encryption_enabled = true + key_vault_key_id = (known after apply) } + identity { + identity_ids = (known after apply) + principal_id = (known after apply) + tenant_id = (known after apply) + type = "UserAssigned" } + network_rule_set { + default_action = "Deny" + ip_rules = (sensitive value) + public_network_access_enabled = false + trusted_services_allowed = true } } # module.service_bus.azurerm_user_assigned_identity.service_bus will be created + resource "azurerm_user_assigned_identity" "service_bus" { + client_id = (known after apply) + id = (known after apply) + location = (known after apply) + name = "misbshared001at22" + principal_id = (known after apply) + resource_group_name = "rgshared001at22" + tenant_id = (known after apply) } # module.vnet.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at22" + tags = (known after apply) } # module.vnet.azurerm_subnet.vnet["default"] will be created + resource "azurerm_subnet" "vnet" { + address_prefixes = [ + "10.202.0.0/23", ] + default_outbound_access_enabled = true + id = (known after apply) + name = "default" + private_endpoint_network_policies = "Disabled" + private_link_service_network_policies_enabled = true + resource_group_name = "rgshared001at22" + virtual_network_name = "vnetshared001at22" } # module.vnet.azurerm_subnet.vnet["postgres"] will be created + resource "azurerm_subnet" "vnet" { + address_prefixes = [ + "10.202.2.0/28", ] + default_outbound_access_enabled = true + id = (known after apply) + name = "postgres" + private_endpoint_network_policies = "Disabled" + private_link_service_network_policies_enabled = true + resource_group_name = "rgshared001at22" + virtual_network_name = "vnetshared001at22" + delegation { + name = "fs" + service_delegation { + actions = [ + "Microsoft.Network/virtualNetworks/subnets/join/action", ] + name = "Microsoft.DBforPostgreSQL/flexibleServers" } } } # module.vnet.azurerm_virtual_network.vnet will be created + resource "azurerm_virtual_network" "vnet" { + address_space = [ + "10.202.0.0/22", ] + dns_servers = (known after apply) + guid = (known after apply) + id = (known after apply) + location = (known after apply) + name = "vnetshared001at22" + resource_group_name = "rgshared001at22" + subnet = (known after apply) } Plan: 35 to add, 0 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: tfplan.out To perform exactly these actions, run the following command to apply: terraform apply "tfplan.out" ```

Context	Values
Pusher	@lovoll
Action	push
Working Directory	./infrastructure/shared
State File	github.com/altinn/altinn-authorization/environments/at22/infrastructure.tfstate
Plan File	github.com_altinn_altinn-authorization_environments_at22_infrastructure.tfstate.tfplan