Feature/106/tf pipelines modularization + multitenant ASE Terraform CICD pipeline

[JinLee794]

Description

As part of the modularization effort, And to help with Terraform testing/development going forward, added changes to the current Terraform CICD pipelines:

• .github/workflows/.template.terraform.yml - reusable workflow that coordinates the Terraform CICD jobs/steps
• .github/actions/templates/tfValidatePlan/action.yml - reusable job steps to do static code analysis and upload plan artifact
• .github/actions/templates/tfApply/action.yml - reusable job steps to deploy tf via pipeline artifact

Also added the terraform.secure-baseline.multi-tenant.yml workflow to support deployments using said modular structure.

Pipeline

Type of Change

Please delete options that are not relevant.

• [x] Bugfix (non-breaking change which fixes an issue)
• [x] New feature (non-breaking change which adds functionality)
• [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
• [ ] Update to documentation

Checklist

• [x] I'm sure there are no other open Pull Requests for the same update/change
• [x] My corresponding pipelines / checks run clean and green without any errors or warnings
• [x] My code follows the style guidelines of this project
• [x] I have commented my code, particularly in hard-to-understand areas
• [ ] I have made corresponding changes to the documentation (readme)
• [x] I did format my code

[github-actions[bot]]

Terraform Format and Style 🖌``

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Validation Output

``` Success! The configuration is valid. ```

Terraform Plan 📖success

Show Plan

``` Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # azurerm_subnet.vnetSpokeSubnet will be updated in-place ~ resource "azurerm_subnet" "vnetSpokeSubnet" { id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/rgtf-networking-sec-baseline-sgl-dev-westus2-001/providers/Microsoft.Network/virtualNetworks/vnet-spoke-sec-baseline-sgl-dev-westus2-001/subnets/snet-ase-sec-baseline-sgl-dev-westus2-001" name = "snet-ase-sec-baseline-sgl-dev-westus2-001" # (7 unchanged attributes hidden) ~ delegation { name = "hostingEnvironment" ~ service_delegation { ~ actions = [ - "Microsoft.Network/virtualNetworks/subnets/action", + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action", ] name = "Microsoft.Web/hostingEnvironments" } } } Plan: 0 to add, 1 to change, 0 to destroy. ```

Pusher: @JinLee794, Action: pull_request, Working Directory: scenarios/secure-baseline-ase/terraform, Workflow: Multi-tenant Secure Baseline: Terraform Deploy

[github-actions[bot]]

Terraform Format and Style 🖌``

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Validation Output

``` Success! The configuration is valid. ```

Terraform Plan 📖success

Show Plan

``` Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # azurerm_subnet.vnetSpokeSubnet will be updated in-place ~ resource "azurerm_subnet" "vnetSpokeSubnet" { id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/rgtf-networking-sec-baseline-sgl-dev-westus2-001/providers/Microsoft.Network/virtualNetworks/vnet-spoke-sec-baseline-sgl-dev-westus2-001/subnets/snet-ase-sec-baseline-sgl-dev-westus2-001" name = "snet-ase-sec-baseline-sgl-dev-westus2-001" # (7 unchanged attributes hidden) ~ delegation { name = "hostingEnvironment" ~ service_delegation { ~ actions = [ - "Microsoft.Network/virtualNetworks/subnets/action", + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action", ] name = "Microsoft.Web/hostingEnvironments" } } } Plan: 0 to add, 1 to change, 0 to destroy. ```

Pusher: @JinLee794, Action: pull_request, Working Directory: scenarios/secure-baseline-ase/terraform, Workflow: Single-tenant ASEv3 Secure Baseline: Terraform Deploy

[github-actions[bot]]

Terraform Plan failed

Plan Error Output

``` Error: Failed to read variables file Given variables file Parameters/uat.tfvars does not exist. ``` *Pusher: @JinLee794, Action: `pull_request`, Working Directory: `scenarios/secure-baseline-multitenant/terraform`, Workflow: `Multi-tenant Secure Baseline: Terraform Deploy`*

[github-actions[bot]]

Terraform Format and Style 🖌``

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Validation Output

``` Success! The configuration is valid. ```

Terraform Plan 📖success

Show Plan

``` Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # azurerm_subnet.vnetSpokeSubnet will be updated in-place ~ resource "azurerm_subnet" "vnetSpokeSubnet" { id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/rgtf-networking-sec-baseline-sgl-dev-westus2-001/providers/Microsoft.Network/virtualNetworks/vnet-spoke-sec-baseline-sgl-dev-westus2-001/subnets/snet-ase-sec-baseline-sgl-dev-westus2-001" name = "snet-ase-sec-baseline-sgl-dev-westus2-001" # (7 unchanged attributes hidden) ~ delegation { name = "hostingEnvironment" ~ service_delegation { ~ actions = [ - "Microsoft.Network/virtualNetworks/subnets/action", + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action", ] name = "Microsoft.Web/hostingEnvironments" } } } Plan: 0 to add, 1 to change, 0 to destroy. ```

Pusher: @JinLee794, Action: pull_request, Working Directory: scenarios/secure-baseline-ase/terraform, Workflow: Single-tenant ASEv3 Secure Baseline: Terraform Deploy

[github-actions[bot]]

Terraform Plan failed

Plan Error Output

``` Error: Failed to read variables file Given variables file Parameters/uat.tfvars does not exist. ``` *Pusher: @JinLee794, Action: `pull_request`, Working Directory: `scenarios/secure-baseline-multitenant/terraform`, Workflow: `Multi-tenant Secure Baseline: Terraform Deploy`*

[github-actions[bot]]

Terraform Format and Style 🖌``

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Validation Output

``` Success! The configuration is valid. ```

Terraform Plan 📖success

Show Plan

``` Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # azurerm_subnet.vnetSpokeSubnet will be updated in-place ~ resource "azurerm_subnet" "vnetSpokeSubnet" { id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/rgtf-networking-sec-baseline-sgl-dev-westus2-001/providers/Microsoft.Network/virtualNetworks/vnet-spoke-sec-baseline-sgl-dev-westus2-001/subnets/snet-ase-sec-baseline-sgl-dev-westus2-001" name = "snet-ase-sec-baseline-sgl-dev-westus2-001" # (7 unchanged attributes hidden) ~ delegation { name = "hostingEnvironment" ~ service_delegation { ~ actions = [ - "Microsoft.Network/virtualNetworks/subnets/action", + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action", ] name = "Microsoft.Web/hostingEnvironments" } } } Plan: 0 to add, 1 to change, 0 to destroy. ```

Pusher: @JinLee794, Action: pull_request, Working Directory: scenarios/secure-baseline-ase/terraform, Workflow: Single-tenant ASEv3 Secure Baseline: Terraform Deploy

[github-actions[bot]]

Terraform Plan failed

Plan Error Output

``` Error: No value for required variable on variables.tf line 19: 19: variable "tenant_id" { The root module input variable "tenant_id" is not set, and has no default value. Use a -var or -var-file command line argument to provide a value for this variable. Error: No value for required variable on variables.tf line 24: 24: variable "aad_admin_group_object_id" { The root module input variable "aad_admin_group_object_id" is not set, and has no default value. Use a -var or -var-file command line argument to provide a value for this variable. Error: No value for required variable on variables.tf line 29: 29: variable "aad_admin_group_name" { The root module input variable "aad_admin_group_name" is not set, and has no default value. Use a -var or -var-file command line argument to provide a value for this variable. Error: No value for required variable on variables.tf line 94: 94: variable "vm_aad_admin_username" { The root module input variable "vm_aad_admin_username" is not set, and has no default value. Use a -var or -var-file command line argument to provide a value for this variable. ``` *Pusher: @JinLee794, Action: `pull_request`, Working Directory: `scenarios/secure-baseline-multitenant/terraform`, Workflow: `Multi-tenant Secure Baseline: Terraform Deploy`*

[github-actions[bot]]

Terraform Format and Style 🖌``

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Validation Output

``` Success! The configuration is valid. ```

Terraform Plan 📖success

Show Plan

``` Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # azurerm_subnet.vnetSpokeSubnet will be updated in-place ~ resource "azurerm_subnet" "vnetSpokeSubnet" { id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/rgtf-networking-sec-baseline-sgl-dev-westus2-001/providers/Microsoft.Network/virtualNetworks/vnet-spoke-sec-baseline-sgl-dev-westus2-001/subnets/snet-ase-sec-baseline-sgl-dev-westus2-001" name = "snet-ase-sec-baseline-sgl-dev-westus2-001" # (7 unchanged attributes hidden) ~ delegation { name = "hostingEnvironment" ~ service_delegation { ~ actions = [ - "Microsoft.Network/virtualNetworks/subnets/action", + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action", ] name = "Microsoft.Web/hostingEnvironments" } } } Plan: 0 to add, 1 to change, 0 to destroy. ```

Pusher: @JinLee794, Action: pull_request, Working Directory: scenarios/secure-baseline-ase/terraform, Workflow: Single-tenant ASEv3 Secure Baseline: Terraform Deploy