github-actions[bot]
commented
4 days ago Terraform environment AT21
Format and Style šsuccess
Initialization āļøsuccess
Validation š¤success
Validation Output
``` Success! The configuration is valid. ```Plan šsuccess
Show Plan
``` [Lines containing Refreshing state removed] [Maybe further truncated see logs for complete plan output] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create <= read (data resources) Terraform will perform the following actions: # azurerm_resource_group.shared will be created + resource "azurerm_resource_group" "shared" { + id = (known after apply) + location = "norwayeast" + name = "rgshared001at21" } # module.dns.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at21" + tags = (known after apply) } # module.dns.azurerm_private_dns_zone.dns["app_configuration"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.azconfig.io" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at21" } # module.dns.azurerm_private_dns_zone.dns["key_vault"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.vaultcore.azure.net" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at21" } # module.dns.azurerm_private_dns_zone.dns["postgres"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.postgres.database.azure.com" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at21" } # module.dns.azurerm_private_dns_zone.dns["service_bus"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.servicebus.windows.net" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at21" } # module.dns.azurerm_private_dns_zone.dns["storage_account_blob"] will be created + resource "azurerm_private_dns_zone" "dns" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.blob.core.windows.net" + number_of_record_sets = (known after apply) + resource_group_name = "rgshared001at21" } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["app_configuration"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "app_configuration" + private_dns_zone_name = "privatelink.azconfig.io" + registration_enabled = false + resource_group_name = "rgshared001at21" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["key_vault"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "key_vault" + private_dns_zone_name = "privatelink.vaultcore.azure.net" + registration_enabled = false + resource_group_name = "rgshared001at21" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["postgres"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "postgres" + private_dns_zone_name = "privatelink.postgres.database.azure.com" + registration_enabled = false + resource_group_name = "rgshared001at21" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["service_bus"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "service_bus" + private_dns_zone_name = "privatelink.servicebus.windows.net" + registration_enabled = false + resource_group_name = "rgshared001at21" + virtual_network_id = (known after apply) } # module.dns.azurerm_private_dns_zone_virtual_network_link.dns["storage_account_blob"] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "dns" { + id = (known after apply) + name = "storage_account_blob" + private_dns_zone_name = "privatelink.blob.core.windows.net" + registration_enabled = false + resource_group_name = "rgshared001at21" + virtual_network_id = (known after apply) } # module.key_vault.data.azurerm_client_config.current will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_client_config" "current" { + client_id = (known after apply) + id = (known after apply) + object_id = (known after apply) + subscription_id = (known after apply) + tenant_id = (known after apply) } # module.key_vault.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at21" + tags = (known after apply) } # module.key_vault.data.azurerm_role_definition.key_vault_administrator will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_role_definition" "key_vault_administrator" { + assignable_scopes = (known after apply) + description = (known after apply) + id = (known after apply) + name = (known after apply) + permissions = (known after apply) + role_definition_id = "00482a5a-887f-4fb3-b363-3b7fe8e74483" + type = (known after apply) } # module.key_vault.azurerm_key_vault.key_vault will be created + resource "azurerm_key_vault" "key_vault" { + access_policy = (known after apply) + enable_rbac_authorization = true + id = (known after apply) + location = (known after apply) + name = (known after apply) + public_network_access_enabled = true + purge_protection_enabled = true + resource_group_name = "rgshared001at21" + sku_name = "standard" + soft_delete_retention_days = 30 + tenant_id = (known after apply) + vault_uri = (known after apply) + network_acls { + bypass = "AzureServices" + default_action = "Allow" } } # module.key_vault.azurerm_private_endpoint.key_vault will be created + resource "azurerm_private_endpoint" "key_vault" { + custom_dns_configs = (known after apply) + custom_network_interface_name = (known after apply) + id = (known after apply) + location = (known after apply) + name = (known after apply) + network_interface = (known after apply) + private_dns_zone_configs = (known after apply) + resource_group_name = "rgshared001at21" + subnet_id = (known after apply) + private_dns_zone_group { + id = (known after apply) + name = (known after apply) + private_dns_zone_ids = (known after apply) } + private_service_connection { + is_manual_connection = false + name = (known after apply) + private_connection_resource_id = (known after apply) + private_ip_address = (known after apply) + subresource_names = [ + "vault", ] } } # module.key_vault.azurerm_role_assignment.key_vault_administrator will be created + resource "azurerm_role_assignment" "key_vault_administrator" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = (known after apply) + scope = (known after apply) + skip_service_principal_aad_check = (known after apply) } # module.key_vault.random_string.key_vault_name_prefix will be created + resource "random_string" "key_vault_name_prefix" { + id = (known after apply) + length = 4 + lower = true + min_lower = 0 + min_numeric = 0 + min_special = 0 + min_upper = 0 + number = false + numeric = false + result = (known after apply) + special = false + upper = false } # module.nat.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at21" + tags = (known after apply) } # module.nat.azurerm_nat_gateway.nat_gateway will be created + resource "azurerm_nat_gateway" "nat_gateway" { + id = (known after apply) + idle_timeout_in_minutes = 4 + location = (known after apply) + name = "natgwshared001at21" + resource_group_name = "rgshared001at21" + resource_guid = (known after apply) + sku_name = "Standard" } # module.nat.azurerm_nat_gateway_public_ip_association.nat_gateway will be created + resource "azurerm_nat_gateway_public_ip_association" "nat_gateway" { + id = (known after apply) + nat_gateway_id = (known after apply) + public_ip_address_id = (known after apply) } # module.nat.azurerm_public_ip.nat_gateway will be created + resource "azurerm_public_ip" "nat_gateway" { + allocation_method = "Static" + ddos_protection_mode = "VirtualNetworkInherited" + fqdn = (known after apply) + id = (known after apply) + idle_timeout_in_minutes = 4 + ip_address = (known after apply) + ip_version = "IPv4" + location = (known after apply) + name = "pipegressshared001at21" + resource_group_name = "rgshared001at21" + sku = "Standard" + sku_tier = "Regional" } # module.nat.azurerm_subnet_nat_gateway_association.nat_gateway["default"] will be created + resource "azurerm_subnet_nat_gateway_association" "nat_gateway" { + id = (known after apply) + nat_gateway_id = (known after apply) + subnet_id = (known after apply) } # module.nat.azurerm_subnet_nat_gateway_association.nat_gateway["postgres"] will be created + resource "azurerm_subnet_nat_gateway_association" "nat_gateway" { + id = (known after apply) + nat_gateway_id = (known after apply) + subnet_id = (known after apply) } # module.postgres_server.data.azurerm_client_config.current will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_client_config" "current" { + client_id = (known after apply) + id = (known after apply) + object_id = (known after apply) + subscription_id = (known after apply) + tenant_id = (known after apply) } # module.postgres_server.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at21" + tags = (known after apply) } # module.postgres_server.data.azurerm_role_definition.key_vault_crypto_officer will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_role_definition" "key_vault_crypto_officer" { + assignable_scopes = (known after apply) + description = (known after apply) + id = (known after apply) + name = (known after apply) + permissions = (known after apply) + role_definition_id = "14b46e9e-c2b7-41b4-b07b-48a6ebf60603" + type = (known after apply) } # module.postgres_server.azurerm_key_vault_key.postgres_server will be created + resource "azurerm_key_vault_key" "postgres_server" { + curve = (known after apply) + e = (known after apply) + id = (known after apply) + key_opts = [ + "unwrapKey", + "wrapKey", ] + key_size = 2048 + key_type = "RSA" + key_vault_id = (known after apply) + n = (known after apply) + name = "psqlsrvshared001at21" + public_key_openssh = (known after apply) + public_key_pem = (known after apply) + resource_id = (known after apply) + resource_versionless_id = (known after apply) + version = (known after apply) + versionless_id = (known after apply) + x = (known after apply) + y = (known after apply) } # module.postgres_server.azurerm_postgresql_flexible_server.postgres_server will be created + resource "azurerm_postgresql_flexible_server" "postgres_server" { + administrator_login = (known after apply) + auto_grow_enabled = true + backup_retention_days = (known after apply) + delegated_subnet_id = (known after apply) + fqdn = (known after apply) + geo_redundant_backup_enabled = false + id = (known after apply) + location = (known after apply) + name = "psqlsrvshared001at21" + private_dns_zone_id = (known after apply) + public_network_access_enabled = false + resource_group_name = "rgshared001at21" + sku_name = "GP_Standard_D4s_v3" + storage_mb = 32768 + storage_tier = "P30" + version = "12" + zone = "1" + authentication { + active_directory_auth_enabled = true + password_auth_enabled = false + tenant_id = (known after apply) } + customer_managed_key { + key_vault_key_id = (known after apply) + primary_user_assigned_identity_id = (known after apply) } + identity { + identity_ids = (known after apply) + type = "UserAssigned" } } # module.postgres_server.azurerm_postgresql_flexible_server_active_directory_administrator.admin will be created + resource "azurerm_postgresql_flexible_server_active_directory_administrator" "admin" { + id = (known after apply) + object_id = (known after apply) + principal_name = "mipsqlsrvadminshared001at21" + principal_type = "ServicePrincipal" + resource_group_name = "rgshared001at21" + server_name = "psqlsrvshared001at21" + tenant_id = (known after apply) } # module.postgres_server.azurerm_role_assignment.key_vault_crypto_officer will be created + resource "azurerm_role_assignment" "key_vault_crypto_officer" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = (known after apply) + scope = (known after apply) + skip_service_principal_aad_check = true } # module.postgres_server.azurerm_user_assigned_identity.postgres_server will be created + resource "azurerm_user_assigned_identity" "postgres_server" { + client_id = (known after apply) + id = (known after apply) + location = (known after apply) + name = "mipsqlsrvshared001at21" + principal_id = (known after apply) + resource_group_name = "rgshared001at21" + tenant_id = (known after apply) } # module.postgres_server.azurerm_user_assigned_identity.postgres_server_admin will be created + resource "azurerm_user_assigned_identity" "postgres_server_admin" { + client_id = (known after apply) + id = (known after apply) + location = (known after apply) + name = "mipsqlsrvadminshared001at21" + principal_id = (known after apply) + resource_group_name = "rgshared001at21" + tenant_id = (known after apply) } # module.service_bus.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at21" + tags = (known after apply) } # module.service_bus.data.azurerm_role_definition.key_vault_crypto_officer will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_role_definition" "key_vault_crypto_officer" { + assignable_scopes = (known after apply) + description = (known after apply) + id = (known after apply) + name = (known after apply) + permissions = (known after apply) + role_definition_id = "14b46e9e-c2b7-41b4-b07b-48a6ebf60603" + type = (known after apply) } # module.service_bus.azurerm_key_vault_key.service_bus[0] will be created + resource "azurerm_key_vault_key" "service_bus" { + curve = (known after apply) + e = (known after apply) + id = (known after apply) + key_opts = [ + "unwrapKey", + "wrapKey", ] + key_size = 2048 + key_type = "RSA" + key_vault_id = (known after apply) + n = (known after apply) + name = "sbshared001at21" + public_key_openssh = (known after apply) + public_key_pem = (known after apply) + resource_id = (known after apply) + resource_versionless_id = (known after apply) + version = (known after apply) + versionless_id = (known after apply) + x = (known after apply) + y = (known after apply) } # module.service_bus.azurerm_private_endpoint.service_bus_private_endpoint[0] will be created + resource "azurerm_private_endpoint" "service_bus_private_endpoint" { + custom_dns_configs = (known after apply) + custom_network_interface_name = "nicsbshared001at21" + id = (known after apply) + location = (known after apply) + name = "pesbshared001at21" + network_interface = (known after apply) + private_dns_zone_configs = (known after apply) + resource_group_name = "rgshared001at21" + subnet_id = (known after apply) + private_dns_zone_group { + id = (known after apply) + name = "sbshared001at21" + private_dns_zone_ids = (known after apply) } + private_service_connection { + is_manual_connection = false + name = "sbshared001at21" + private_connection_resource_id = (known after apply) + private_ip_address = (known after apply) + subresource_names = [ + "namespace", ] } } # module.service_bus.azurerm_role_assignment.key_vault_crypto_officer will be created + resource "azurerm_role_assignment" "key_vault_crypto_officer" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = (known after apply) + scope = (known after apply) + skip_service_principal_aad_check = true } # module.service_bus.azurerm_role_definition.service_bus_masstransit will be created + resource "azurerm_role_definition" "service_bus_masstransit" { + assignable_scopes = (known after apply) + description = "Allow C# Applications use MassTransit with Azure Service Bus" + id = (known after apply) + name = "Azure Service Bus Mass Transit" + role_definition_id = (known after apply) + role_definition_resource_id = (known after apply) + scope = (known after apply) + permissions { + actions = [ + "Microsoft.ServiceBus/namespaces/read", + "Microsoft.ServiceBus/namespaces/queues/*", + "Microsoft.ServiceBus/namespaces/topics/*", ] } } # module.service_bus.azurerm_servicebus_namespace.service_bus will be created + resource "azurerm_servicebus_namespace" "service_bus" { + capacity = 1 + default_primary_connection_string = (sensitive value) + default_primary_key = (sensitive value) + default_secondary_connection_string = (sensitive value) + default_secondary_key = (sensitive value) + endpoint = (known after apply) + id = (known after apply) + local_auth_enabled = false + location = (known after apply) + minimum_tls_version = "1.2" + name = "sbshared001at21" + premium_messaging_partitions = 1 + public_network_access_enabled = true + resource_group_name = "rgshared001at21" + sku = "Premium" + customer_managed_key { + identity_id = (known after apply) + infrastructure_encryption_enabled = true + key_vault_key_id = (known after apply) } + identity { + identity_ids = (known after apply) + principal_id = (known after apply) + tenant_id = (known after apply) + type = "UserAssigned" } + network_rule_set { + default_action = "Deny" + ip_rules = (sensitive value) + public_network_access_enabled = false + trusted_services_allowed = true } } # module.service_bus.azurerm_user_assigned_identity.service_bus will be created + resource "azurerm_user_assigned_identity" "service_bus" { + client_id = (known after apply) + id = (known after apply) + location = (known after apply) + name = "misbshared001at21" + principal_id = (known after apply) + resource_group_name = "rgshared001at21" + tenant_id = (known after apply) } # module.vnet.data.azurerm_resource_group.rg will be read during apply # (depends on a resource or a module with changes pending) <= data "azurerm_resource_group" "rg" { + id = (known after apply) + location = (known after apply) + managed_by = (known after apply) + name = "rgshared001at21" + tags = (known after apply) } # module.vnet.azurerm_subnet.vnet["default"] will be created + resource "azurerm_subnet" "vnet" { + address_prefixes = [ + "10.202.0.0/23", ] + default_outbound_access_enabled = true + id = (known after apply) + name = "default" + private_endpoint_network_policies = "Disabled" + private_link_service_network_policies_enabled = true + resource_group_name = "rgshared001at21" + virtual_network_name = "vnetshared001at21" } # module.vnet.azurerm_subnet.vnet["postgres"] will be created + resource "azurerm_subnet" "vnet" { + address_prefixes = [ + "10.202.2.0/28", ] + default_outbound_access_enabled = true + id = (known after apply) + name = "postgres" + private_endpoint_network_policies = "Disabled" + private_link_service_network_policies_enabled = true + resource_group_name = "rgshared001at21" + virtual_network_name = "vnetshared001at21" + delegation { + name = "fs" + service_delegation { + actions = [ + "Microsoft.Network/virtualNetworks/subnets/join/action", ] + name = "Microsoft.DBforPostgreSQL/flexibleServers" } } } # module.vnet.azurerm_virtual_network.vnet will be created + resource "azurerm_virtual_network" "vnet" { + address_space = [ + "10.202.0.0/22", ] + dns_servers = (known after apply) + guid = (known after apply) + id = (known after apply) + location = (known after apply) + name = "vnetshared001at21" + resource_group_name = "rgshared001at21" + subnet = (known after apply) } Plan: 35 to add, 0 to change, 0 to destroy. āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā Saved the plan to: tfplan.out To perform exactly these actions, run the following command to apply: terraform apply "tfplan.out" ```| Context | Values |
|---|---|
| Pusher | @dependabot[bot] |
| Action | push |
| Working Directory | ./infrastructure/shared |
| State File | github.com/altinn/altinn-authorization/environments/at21/infrastructure.tfstate |
| Plan File | github.com_altinn_altinn-authorization_environments_at21_infrastructure.tfstate.tfplan |
Bumps Azure.Storage.Queues and System.Text.Json. These dependencies needed to be updated together. Updates
Azure.Storage.Queuesfrom 12.20.1 to 12.21.0Release notes
Sourced from Azure.Storage.Queues's releases.
Commits
94018d3Increment package version after release of Azure.ResourceManager.AppService (...e8fb89fSTG 96 GA release (#47126)4f49116Update AutoRest C# version to 3.0.0-beta.20241112.1 (#47120)2a85f03chore(playwrighttesting): populate NumberOfTestWorkers from runsettings and r...e666aabUpdate AutoRest C# version to 3.0.0-beta.20241111.1 (#47074)118bceb[Service Bus] Changelog updates (#47009)d566cc3[CODEOWNERS] Remove invalid owner (#47067)797963bRerecord Directory Copy Blob to Files vice versa tests (#47068)9eee27eUpdate docindex.yml to use Python 3.11 (#47051)bdd48fdIncrement package version after release of Azure.ResourceManager.DataFactory ...Updates
System.Text.Jsonfrom 8.0.5 to 6.0.10Commits
5a400c2Update dependencies from https://github.com/dotnet/emsdk build 20220914.2 (#7...af64246Add RID for alpine-3.17 + alpine-{x86,s390x} (backports #75396) (#75530)996dec0Update dependencies from https://github.com/dotnet/arcade build 20220913.7 (#...ed9b14c[release/6.0] Add signing infrastructure for diagnostic binaries (#74330)38e60d8Fix build for musl 1.2.3 (backports #67772) (#75529)ed73907Pass resource items for VS generated authoring (#75454)388cc78Add armv8l virtualized 32-bit ARM core detection (backports #66477) (#75528)8770e0eAdd CMAKE ASM workaround for newer clang (backport of #74696) (#75526)5247c8fMerge in 'release/6.0' changes7e31494Add reference assembly for System.Private.CoreLib.dll (#75311)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show