github-actions[bot]
commented
4 days ago Terraform environment AT24
Format and Style 🖌success
Initialization ⚙️success
Validation 🤖success
Validation Output
``` Success! The configuration is valid. ```Plan 📖success
Show Plan
``` [Lines containing Refreshing state removed] [Maybe further truncated see logs for complete plan output] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create <= read (data resources) Terraform will perform the following actions: # azurerm_resource_group.shared will be created + resource "azurerm_resource_group" "shared" { + id = (known after apply) + location = "norwayeast" + name = "rgshared001at24" } # module.dns.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at24" + tags = (known after apply) } # module.dns.azurerm_private_dns_zone.dns["app_configuration"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.azconfig.io" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at24" } # module.dns.azurerm_private_dns_zone.dns["key_vault"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.vaultcore.azure.net" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at24" } # module.dns.azurerm_private_dns_zone.dns["postgres"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.postgres.database.azure.com" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at24" } # module.dns.azurerm_private_dns_zone.dns["service_bus"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.servicebus.windows.net" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at24" } # module.dns.azurerm_private_dns_zone.dns["storage_account_blob"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.blob.core.windows.net" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at24" } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["app_configuration"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "app_configuration" + private_dns_zone_name = "privatelink.azconfig.io" + registration_enabled = false + resource_group_name = "rgshared001at24" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["key_vault"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "key_vault" + private_dns_zone_name = "privatelink.vaultcore.azure.net" + registration_enabled = false + resource_group_name = "rgshared001at24" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["postgres"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "postgres" + private_dns_zone_name = "privatelink.postgres.database.azure.com" + registration_enabled = false + resource_group_name = "rgshared001at24" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["service_bus"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "service_bus" + private_dns_zone_name = "privatelink.servicebus.windows.net" + registration_enabled = false + resource_group_name = "rgshared001at24" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["storage_account_blob"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "storage_account_blob" + private_dns_zone_name = "privatelink.blob.core.windows.net" + registration_enabled = false + resource_group_name = "rgshared001at24" + virtual_network_id = (known after apply) } # module.key_vault.data.azurerm_client_config.current will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_client_config" "current" { + client_id = (known after apply) + id = (known after apply) + object_id = (known after apply) + subscription_id = (known after apply) + tenant_id = (known after apply) } # module.key_vault.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at24" + tags = (known after apply) } # module.key_vault.data.azurerm_role_definition.key_vault_administrator will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_role_definition" "key_vault_administrator" { + assignable_scopes = (known after apply) + description = (known after apply) + id = (known after apply) + name = (known after apply) + permissions = (known after apply) + role_definition_id = "00482a5a-887f-4fb3-b363-3b7fe8e74483" + type = (known after apply) } # module.key_vault.azurerm_key_vault.key_vault will be created + resource "azurerm_key_vault" "key_vault" { + access_policy = (known after apply) + enable_rbac_authorization = true + id = (known after apply) + location = (known after apply) + name = (known after apply) + public_network_access_enabled = true + purge_protection_enabled = true + resource_group_name = "rgshared001at24" + sku_name = "standard" + soft_delete_retention_days = 30 + tenant_id = (known after apply) + vault_uri = (known after apply) + network_acls { + bypass = "AzureServices" + default_action = "Allow" } } # module.key_vault.azurerm_private_endpoint.key_vault will be created + resource "azurerm_private_endpoint" "key_vault" { + custom_dns_configs = (known after apply) + custom_network_interface_name = (known after apply) + id = (known after apply) + location = (known after apply) + name = (known after apply) + network_interface = (known after apply) + private_dns_zone_configs = (known after apply) + resource_group_name = "rgshared001at24" + subnet_id = (known after apply) + private_dns_zone_group { + id = (known after apply) + name = (known after apply) + private_dns_zone_ids = (known after apply) } + private_service_connection { + is_manual_connection = false + name = (known after apply) + private_connection_resource_id = (known after apply) + private_ip_address = (known after apply) + subresource_names = [ + "vault", ] } } # module.key_vault.azurerm_role_assignment.key_vault_administrator will be created + resource "azurerm_role_assignment" "key_vault_administrator" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = (known after apply) + scope = (known after apply) + skip_service_principal_aad_check = (known after apply) } # module.key_vault.random_string.key_vault_name_prefix will be created + resource "random_string" "key_vault_name_prefix" { + id = (known after apply) + length = 4 + lower = true + min_lower = 0 + min_numeric = 0 + min_special = 0 + min_upper = 0 + number = false + numeric = false + result = (known after apply) + special = false + upper = false } # module.nat.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at24" + tags = (known after apply) } # module.nat.azurerm_nat_gateway.nat_gateway will be created + resource "azurerm_nat_gateway" "nat_gateway" { + id = (known after apply) + idle_timeout_in_minutes = 4 + location = (known after apply) + name = "natgwshared001at24" + resource_group_name = "rgshared001at24" + resource_guid = (known after apply) + sku_name = "Standard" } # module.nat.azurerm_nat_gateway_public_ip_association.nat_gateway will be created + resource "azurerm_nat_gateway_public_ip_association" "nat_gateway" { + id = (known after apply) + nat_gateway_id = (known after apply) + public_ip_address_id = (known after apply) } # module.nat.azurerm_public_ip.nat_gateway will be created + resource "azurerm_public_ip" "nat_gateway" { + allocation_method = "Static" + ddos_protection_mode = "VirtualNetworkInherited" + fqdn = (known after apply) + id = (known after apply) + idle_timeout_in_minutes = 4 + ip_address = (known after apply) + ip_version = "IPv4" + location = (known after apply) + name = "pipegressshared001at24" + resource_group_name = "rgshared001at24" + sku = "Standard" + sku_tier = "Regional" } # module.nat.azurerm_subnet_nat_gateway_association.nat_gateway["default"] will be created + resource "azurerm_subnet_nat_gateway_association" "nat_gateway" { + id = (known after apply) + nat_gateway_id = (known after apply) + subnet_id = (known after apply) } # module.nat.azurerm_subnet_nat_gateway_association.nat_gateway["postgres"] will be created + resource "azurerm_subnet_nat_gateway_association" "nat_gateway" { + id = (known after apply) + nat_gateway_id = (known after apply) + subnet_id = (known after apply) } # module.postgres_server.data.azurerm_client_config.current will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_client_config" "current" { + client_id = (known after apply) + id = (known after apply) + object_id = (known after apply) + subscription_id = (known after apply) + tenant_id = (known after apply) } # module.postgres_server.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at24" + tags = (known after apply) } # module.postgres_server.data.azurerm_role_definition.key_vault_crypto_officer will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_role_definition" "key_vault_crypto_officer" { + assignable_scopes = (known after apply) + description = (known after apply) + id = (known after apply) + name = (known after apply) + permissions = (known after apply) + role_definition_id = "14b46e9e-c2b7-41b4-b07b-48a6ebf60603" + type = (known after apply) } # module.postgres_server.azurerm_key_vault_key.postgres_server will be created + resource "azurerm_key_vault_key" "postgres_server" { + curve = (known after apply) + e = (known after apply) + id = (known after apply) + key_opts = [ + "unwrapKey", + "wrapKey", ] + key_size = 2048 + key_type = "RSA" + key_vault_id = (known after apply) + n = (known after apply) + name = "psqlsrvshared001at24" + public_key_openssh = (known after apply) + public_key_pem = (known after apply) + resource_id = (known after apply) + resource_versionless_id = (known after apply) + version = (known after apply) + versionless_id = (known after apply) + x = (known after apply) + y = (known after apply) } # module.postgres_server.azurerm_postgresql_flexible_server.postgres_server will be created + resource "azurerm_postgresql_flexible_server" "postgres_server" { + administrator_login = (known after apply) + auto_grow_enabled = true + backup_retention_days = (known after apply) + delegated_subnet_id = (known after apply) + fqdn = (known after apply) + geo_redundant_backup_enabled = false + id = (known after apply) + location = (known after apply) + name = "psqlsrvshared001at24" + private_dns_zone_id = (known after apply) + public_network_access_enabled = false + resource_group_name = "rgshared001at24" + sku_name = "GP_Standard_D4s_v3" + storage_mb = 32768 + storage_tier = "P30" + version = "12" + zone = "1" + authentication { + active_directory_auth_enabled = true + password_auth_enabled = false + tenant_id = (known after apply) } + customer_managed_key { + key_vault_key_id = (known after apply) + primary_user_assigned_identity_id = (known after apply) } + identity { + identity_ids = (known after apply) + type = "UserAssigned" } } # module.postgres_server.azurerm_postgresql_flexible_server_active_directory_administrator.admin will be created + resource "azurerm_postgresql_flexible_server_active_directory_administrator" "admin" { + id = (known after apply) + object_id = (known after apply) + principal_name = "mipsqlsrvadminshared001at24" + principal_type = "ServicePrincipal" + resource_group_name = "rgshared001at24" + server_name = "psqlsrvshared001at24" + tenant_id = (known after apply) } # module.postgres_server.azurerm_role_assignment.key_vault_crypto_officer will be created + resource "azurerm_role_assignment" "key_vault_crypto_officer" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = (known after apply) + scope = (known after apply) + skip_service_principal_aad_check = true } # module.postgres_server.azurerm_user_assigned_identity.postgres_server will be created + resource "azurerm_user_assigned_identity" "postgres_server" { + client_id = (known after apply) + id = (known after apply) + location = (known after apply) + name = "mipsqlsrvshared001at24" + principal_id = (known after apply) + resource_group_name = "rgshared001at24" + tenant_id = (known after apply) } # module.postgres_server.azurerm_user_assigned_identity.postgres_server_admin will be created + resource "azurerm_user_assigned_identity" "postgres_server_admin" { + client_id = (known after apply) + id = (known after apply) + location = (known after apply) + name = "mipsqlsrvadminshared001at24" + principal_id = (known after apply) + resource_group_name = "rgshared001at24" + tenant_id = (known after apply) } # module.service_bus.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at24" + tags = (known after apply) } # module.service_bus.data.azurerm_role_definition.key_vault_crypto_officer will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_role_definition" "key_vault_crypto_officer" { + assignable_scopes = (known after apply) + description = (known after apply) + id = (known after apply) + name = (known after apply) + permissions = (known after apply) + role_definition_id = "14b46e9e-c2b7-41b4-b07b-48a6ebf60603" + type = (known after apply) } # module.service_bus.azurerm_key_vault_key.service_bus[0] will be created + resource "azurerm_key_vault_key" "service_bus" { + curve = (known after apply) + e = (known after apply) + id = (known after apply) + key_opts = [ + "unwrapKey", + "wrapKey", ] + key_size = 2048 + key_type = "RSA" + key_vault_id = (known after apply) + n = (known after apply) + name = "sbshared001at24" + public_key_openssh = (known after apply) + public_key_pem = (known after apply) + resource_id = (known after apply) + resource_versionless_id = (known after apply) + version = (known after apply) + versionless_id = (known after apply) + x = (known after apply) + y = (known after apply) } # module.service_bus.azurerm_private_endpoint.service_bus_private_endpoint[0] will be created + resource "azurerm_private_endpoint" "service_bus_private_endpoint" { + custom_dns_configs = (known after apply) + custom_network_interface_name = "nicsbshared001at24" + id = (known after apply) + location = (known after apply) + name = "pesbshared001at24" + network_interface = (known after apply) + private_dns_zone_configs = (known after apply) + resource_group_name = "rgshared001at24" + subnet_id = (known after apply) + private_dns_zone_group { + id = (known after apply) + name = "sbshared001at24" + private_dns_zone_ids = (known after apply) } + private_service_connection { + is_manual_connection = false + name = "sbshared001at24" + private_connection_resource_id = (known after apply) + private_ip_address = (known after apply) + subresource_names = [ + "namespace", ] } } # module.service_bus.azurerm_role_assignment.key_vault_crypto_officer will be created + resource "azurerm_role_assignment" "key_vault_crypto_officer" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = (known after apply) + scope = (known after apply) + skip_service_principal_aad_check = true } # module.service_bus.azurerm_role_definition.service_bus_masstransit will be created + resource "azurerm_role_definition" "service_bus_masstransit" { + assignable_scopes = (known after apply) + description = "Allow C# Applications use MassTransit with Azure Service Bus" + id = (known after apply) + name = "Azure Service Bus Mass Transit" + role_definition_id = (known after apply) + role_definition_resource_id = (known after apply) + scope = (known after apply) + permissions { + actions = [ + "Microsoft.ServiceBus/namespaces/read", + "Microsoft.ServiceBus/namespaces/queues/*", + "Microsoft.ServiceBus/namespaces/topics/*", ] } } # module.service_bus.azurerm_servicebus_namespace.service_bus will be created + resource "azurerm_servicebus_namespace" "service_bus" { + capacity = 1 + default_primary_connection_string = (sensitive value) + default_primary_key = (sensitive value) + default_secondary_connection_string = (sensitive value) + default_secondary_key = (sensitive value) + endpoint = (known after apply) + id = (known after apply) + local_auth_enabled = false + location = (known after apply) + minimum_tls_version = "1.2" + name = "sbshared001at24" + premium_messaging_partitions = 1 + public_network_access_enabled = true + resource_group_name = "rgshared001at24" + sku = "Premium" + customer_managed_key { + identity_id = (known after apply) + infrastructure_encryption_enabled = true + key_vault_key_id = (known after apply) } + identity { + identity_ids = (known after apply) + principal_id = (known after apply) + tenant_id = (known after apply) + type = "UserAssigned" } + network_rule_set { + default_action = "Deny" + ip_rules = (sensitive value) + public_network_access_enabled = false + trusted_services_allowed = true } } # module.service_bus.azurerm_user_assigned_identity.service_bus will be created + resource "azurerm_user_assigned_identity" "service_bus" { + client_id = (known after apply) + id = (known after apply) + location = (known after apply) + name = "misbshared001at24" + principal_id = (known after apply) + resource_group_name = "rgshared001at24" + tenant_id = (known after apply) } # module.vnet.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at24" + tags = (known after apply) } # module.vnet.azurerm_subnet.vnet["default"] will be created + resource "azurerm_subnet" "vnet" { + address_prefixes = [ + "10.202.0.0/23", ] + default_outbound_access_enabled = true + id = (known after apply) + name = "default" + private_endpoint_network_policies = "Disabled" + private_link_service_network_policies_enabled = true + resource_group_name = "rgshared001at24" + virtual_network_name = "vnetshared001at24" } # module.vnet.azurerm_subnet.vnet["postgres"] will be created + resource "azurerm_subnet" "vnet" { + address_prefixes = [ + "10.202.2.0/28", ] + default_outbound_access_enabled = true + id = (known after apply) + name = "postgres" + private_endpoint_network_policies = "Disabled" + private_link_service_network_policies_enabled = true + resource_group_name = "rgshared001at24" + virtual_network_name = "vnetshared001at24" + delegation { + name = "fs" + service_delegation { + actions = [ + "Microsoft.Network/virtualNetworks/subnets/join/action", ] + name = "Microsoft.DBforPostgreSQL/flexibleServers" } } } # module.vnet.azurerm_virtual_network.vnet will be created + resource "azurerm_virtual_network" "vnet" { + address_space = [ + "10.202.0.0/22", ] + dns_servers = (known after apply) + guid = (known after apply) + id = (known after apply) + location = (known after apply) + name = "vnetshared001at24" + resource_group_name = "rgshared001at24" + subnet = (known after apply) } Plan: 35 to add, 0 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: tfplan.out To perform exactly these actions, run the following command to apply: terraform apply "tfplan.out" ```| Context | Values |
|---|---|
| Pusher | @dependabot[bot] |
| Action | push |
| Working Directory | ./infrastructure/shared |
| State File | github.com/altinn/altinn-authorization/environments/at24/infrastructure.tfstate |
| Plan File | github.com_altinn_altinn-authorization_environments_at24_infrastructure.tfstate.tfplan |
Bumps Altinn.Authorization.ABAC, Altinn.Common.PEP and System.Text.Json. These dependencies needed to be updated together. Updates
Altinn.Authorization.ABACfrom 0.0.8 to 0.0.8Commits
Updates
Altinn.Common.PEPfrom 4.0.0 to 4.1.0Commits
Updates
System.Text.Jsonfrom 8.0.5 to 8.0.2Commits
1381d5eMerge in 'release/8.0' changesc987e4f[release/8.0] Fix Options Source Gen RangeAttribute Thread Safety (#97110)441c91dMerge in 'release/8.0' changesc93800eMerge pull request #97065 from carlossanlop/release/8.0-stagingc2d2bb3Merge branch 'release/8.0' into release/8.0-staging6d35e39[release/8.0-staging] UInt64.CreateSaturating<Int128> truncates instead of sa...96b0a55[release/8.0-staging] macOS: Set certificate as a dependency of private key h...85c2772[release/8.0] Fix server-side OCSP stapling on Linux (#96838)683da71[release/8.0-staging] Gen0 segment should always be reported as Gen0 for DacH...f9d0a7b[release/8.0-staging] Fix Crossgen2 PDB generation (again) (#96566)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show