thotheod commented 8 months ago

Added AI module to multitenant spoke
OpenAI module added to multitenant scenario with private networking config.
fixing bug with repeat go_version definition on appsvc_options
fix: variable hub_settings We have that in the documentation we need it for tfvars, to connect to existing hub
fixed something that didn't work for me

Description

Thank you for your contribution !

Please include a summary of the change and which issue is fixed. Please also include the context. List any dependencies that are required for this change.

Pipeline references

For module/pipeline changes, please create and attach the status badge of your successful run.

Pipeline

Type of Change

Please delete options that are not relevant.

[ ] Bugfix (non-breaking change which fixes an issue)
[ ] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
[ ] Update to documentation

Checklist

[ ] I'm sure there are no other open Pull Requests for the same update/change
[ ] My corresponding pipelines / checks run clean and green without any errors or warnings
[ ] My code follows the style guidelines of this project
[ ] I have commented my code, particularly in hard-to-understand areas
[ ] I have made corresponding changes to the documentation (readme)
[ ] I did format my code

github-actions[bot] commented 8 months ago

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Validation Output

``` Success! The configuration is valid. ```

Terraform Plan 📖`success`

Show Plan

``` [command]/home/runner/work/_temp/ccbd24eb-6671-4c79-8514-cdb60299c932/terraform-bin show -no-color tfplan No changes. Your infrastructure matches the configuration. Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed. ::debug::Terraform exited with code 0. ::debug::stdout: %0ANo changes. Your infrastructure matches the configuration.%0A%0ATerraform has compared your real infrastructure against your configuration%0Aand found no differences, so no changes are needed.%0A ::debug::stderr: ::debug::exitcode: 0 ```

Pusher: @thotheod, Action: pull_request, Working Directory: scenarios/secure-baseline-multitenant/terraform/hub, Workflow: Scenario 1: Terraform HUB Multi-tenant Secure Baseline

github-actions[bot] commented 8 months ago

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Validation Output

``` Success! The configuration is valid. ```

Terraform Plan 📖`success`

Show Plan

``` [command]/home/runner/work/_temp/cce6bf06-5087-4506-a965-fd70ac3ffb22/terraform-bin show -no-color tfplan Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create ~ update in-place -/+ destroy and then create replacement Terraform will perform the following actions: # module.frontdoor.azurerm_monitor_diagnostic_setting.this[0] will be updated in-place ~ resource "azurerm_monitor_diagnostic_setting" "this" { id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Cdn/profiles/sec-baseline-1-spoke-westus3-fd-eslz2-prod|sec-baseline-1-spoke-westus3-fd-eslz2-prod-diagnostic-settings}" + log_analytics_destination_type = "AzureDiagnostics" name = "sec-baseline-1-spoke-westus3-fd-eslz2-prod-diagnostic-settings}" # (2 unchanged attributes hidden) # (4 unchanged blocks hidden) } # module.openai[0].azurecaf_name.caf_name_oai will be created + resource "azurecaf_name" "caf_name_oai" { + clean_input = true + id = (known after apply) + passthrough = false + prefixes = [ + "sec-baseline-1-spoke", + "westus3", ] + random_length = 0 + resource_type = "azurerm_cognitive_account" + result = (known after apply) + results = (known after apply) + separator = "-" + suffixes = [ + "prod", ] + use_slug = true } # module.openai[0].azurecaf_name.priv_endpoint will be created + resource "azurecaf_name" "priv_endpoint" { + clean_input = true + id = (known after apply) + passthrough = false + random_length = 0 + resource_type = "azurerm_private_endpoint" + result = (known after apply) + results = (known after apply) + separator = "-" + use_slug = true } # module.openai[0].azurerm_cognitive_account.this will be created + resource "azurerm_cognitive_account" "this" { + custom_subdomain_name = (known after apply) + endpoint = (known after apply) + id = (known after apply) + kind = "OpenAI" + local_auth_enabled = true + location = "westus3" + name = (known after apply) + outbound_network_access_restricted = false + primary_access_key = (sensitive value) + public_network_access_enabled = false + resource_group_name = "spoke-sec-baseline-1-spoke-westus3-rg-eslz2" + secondary_access_key = (sensitive value) + sku_name = "S0" + tags = { + "Environment" = "prod" + "Owner" = "cloudops@contoso.com" + "Project" = "[Scenario 1: SPOKE] App Service Landing Zone Accelerator" + "Terraform" = "true" + "module" = "openai" } + identity { + principal_id = (known after apply) + tenant_id = (known after apply) + type = "SystemAssigned" } + network_acls { + default_action = "Deny" + virtual_network_rules { + ignore_missing_vnet_service_endpoint = true + subnet_id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-spoke-westus3-vnet-eslz2-prod/subnets/devops" } + virtual_network_rules { + ignore_missing_vnet_service_endpoint = true + subnet_id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-spoke-westus3-vnet-eslz2-prod/subnets/ingress" } + virtual_network_rules { + ignore_missing_vnet_service_endpoint = true + subnet_id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-spoke-westus3-vnet-eslz2-prod/subnets/privateLink" } + virtual_network_rules { + ignore_missing_vnet_service_endpoint = true + subnet_id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-spoke-westus3-vnet-eslz2-prod/subnets/serverFarm" } } } # module.openai[0].azurerm_cognitive_deployment.this["gpt-35-turbo"] will be created + resource "azurerm_cognitive_deployment" "this" { + cognitive_account_id = (known after apply) + id = (known after apply) + name = "gpt-35-turbo" + model { + format = "OpenAI" + name = "gpt-35-turbo" + version = "0613" } + scale { + capacity = 1 + type = "Standard" } } # module.openai[0].azurerm_cognitive_deployment.this["text-embedding-ada-002"] will be created + resource "azurerm_cognitive_deployment" "this" { + cognitive_account_id = (known after apply) + id = (known after apply) + name = "text-embedding-ada-002" + model { + format = "OpenAI" + name = "text-embedding-ada-002" + version = "2" } + scale { + capacity = 1 + type = "Standard" } } # module.private_dns_zones[1].azurerm_private_dns_zone.this must be replaced -/+ resource "azurerm_private_dns_zone" "this" { ~ id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.database.windows.net" -> (known after apply) ~ max_number_of_record_sets = 25000 -> (known after apply) ~ max_number_of_virtual_network_links = 1000 -> (known after apply) ~ max_number_of_virtual_network_links_with_registration = 100 -> (known after apply) ~ name = "privatelink.database.windows.net" -> "privatelink.vaultcore.azure.net" # forces replacement ~ number_of_record_sets = 2 -> (known after apply) tags = { "Environment" = "prod" "Owner" = "cloudops@contoso.com" "Project" = "[Scenario 1: SPOKE] App Service Landing Zone Accelerator" "Terraform" = "true" "module" = "private-dns-zone" } # (1 unchanged attribute hidden) - soa_record { - email = "azureprivatedns-host.microsoft.com" -> null - expire_time = 2419200 -> null - fqdn = "privatelink.database.windows.net." -> null - host_name = "azureprivatedns.net" -> null - minimum_ttl = 10 -> null - refresh_time = 3600 -> null - retry_time = 300 -> null - serial_number = 1 -> null - tags = {} -> null - ttl = 3600 -> null } } # module.private_dns_zones[1].azurerm_private_dns_zone_virtual_network_link.this[0] must be replaced -/+ resource "azurerm_private_dns_zone_virtual_network_link" "this" { ~ id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.database.windows.net/virtualNetworkLinks/sec-baseline-1-hub-wus2-vnet-eslz2-prod" -> (known after apply) name = "sec-baseline-1-hub-wus2-vnet-eslz2-prod" ~ private_dns_zone_name = "privatelink.database.windows.net" -> "privatelink.vaultcore.azure.net" # forces replacement - tags = {} -> null # (3 unchanged attributes hidden) } # module.private_dns_zones[2].azurerm_private_dns_zone.this must be replaced -/+ resource "azurerm_private_dns_zone" "this" { ~ id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" -> (known after apply) ~ max_number_of_record_sets = 25000 -> (known after apply) ~ max_number_of_virtual_network_links = 1000 -> (known after apply) ~ max_number_of_virtual_network_links_with_registration = 100 -> (known after apply) ~ name = "privatelink.azconfig.io" -> "privatelink.database.windows.net" # forces replacement ~ number_of_record_sets = 2 -> (known after apply) tags = { "Environment" = "prod" "Owner" = "cloudops@contoso.com" "Project" = "[Scenario 1: SPOKE] App Service Landing Zone Accelerator" "Terraform" = "true" "module" = "private-dns-zone" } # (1 unchanged attribute hidden) - soa_record { - email = "azureprivatedns-host.microsoft.com" -> null - expire_time = 2419200 -> null - fqdn = "privatelink.azconfig.io." -> null - host_name = "azureprivatedns.net" -> null - minimum_ttl = 10 -> null - refresh_time = 3600 -> null - retry_time = 300 -> null - serial_number = 1 -> null - tags = {} -> null - ttl = 3600 -> null } } # module.private_dns_zones[2].azurerm_private_dns_zone_virtual_network_link.this[0] must be replaced -/+ resource "azurerm_private_dns_zone_virtual_network_link" "this" { ~ id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io/virtualNetworkLinks/sec-baseline-1-hub-wus2-vnet-eslz2-prod" -> (known after apply) name = "sec-baseline-1-hub-wus2-vnet-eslz2-prod" ~ private_dns_zone_name = "privatelink.azconfig.io" -> "privatelink.database.windows.net" # forces replacement - tags = {} -> null # (3 unchanged attributes hidden) } # module.private_dns_zones[3].azurerm_private_dns_zone.this must be replaced -/+ resource "azurerm_private_dns_zone" "this" { ~ id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net" -> (known after apply) ~ max_number_of_record_sets = 25000 -> (known after apply) ~ max_number_of_virtual_network_links = 1000 -> (known after apply) ~ max_number_of_virtual_network_links_with_registration = 100 -> (known after apply) ~ name = "privatelink.vaultcore.azure.net" -> "privatelink.azconfig.io" # forces replacement ~ number_of_record_sets = 2 -> (known after apply) tags = { "Environment" = "prod" "Owner" = "cloudops@contoso.com" "Project" = "[Scenario 1: SPOKE] App Service Landing Zone Accelerator" "Terraform" = "true" "module" = "private-dns-zone" } # (1 unchanged attribute hidden) - soa_record { - email = "azureprivatedns-host.microsoft.com" -> null - expire_time = 2419200 -> null - fqdn = "privatelink.vaultcore.azure.net." -> null - host_name = "azureprivatedns.net" -> null - minimum_ttl = 10 -> null - refresh_time = 3600 -> null - retry_time = 300 -> null - serial_number = 1 -> null - tags = {} -> null - ttl = 3600 -> null } } # module.private_dns_zones[3].azurerm_private_dns_zone_virtual_network_link.this[0] must be replaced -/+ resource "azurerm_private_dns_zone_virtual_network_link" "this" { ~ id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net/virtualNetworkLinks/sec-baseline-1-hub-wus2-vnet-eslz2-prod" -> (known after apply) name = "sec-baseline-1-hub-wus2-vnet-eslz2-prod" ~ private_dns_zone_name = "privatelink.vaultcore.azure.net" -> "privatelink.azconfig.io" # forces replacement - tags = {} -> null # (3 unchanged attributes hidden) } # module.private_dns_zones[5].azurerm_private_dns_zone.this will be created + resource "azurerm_private_dns_zone" "this" { + id = (known after apply) + max_number_of_record_sets = (known after apply) + max_number_of_virtual_network_links = (known after apply) + max_number_of_virtual_network_links_with_registration = (known after apply) + name = "privatelink.openai.azure.com" + number_of_record_sets = (known after apply) + resource_group_name = "sec-baseline-1-hub-wus2-rg-eslz2" + tags = { + "Environment" = "prod" + "Owner" = "cloudops@contoso.com" + "Project" = "[Scenario 1: SPOKE] App Service Landing Zone Accelerator" + "Terraform" = "true" + "module" = "private-dns-zone" } } # module.private_dns_zones[5].azurerm_private_dns_zone_virtual_network_link.this[0] will be created + resource "azurerm_private_dns_zone_virtual_network_link" "this" { + id = (known after apply) + name = "sec-baseline-1-hub-wus2-vnet-eslz2-prod" + private_dns_zone_name = "privatelink.openai.azure.com" + registration_enabled = false + resource_group_name = "sec-baseline-1-hub-wus2-rg-eslz2" + virtual_network_id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-hub-wus2-vnet-eslz2-prod" } # module.openai[0].module.private_endpoint.azurerm_private_endpoint.this will be created + resource "azurerm_private_endpoint" "this" { + custom_dns_configs = (known after apply) + id = (known after apply) + location = "westus3" + name = (known after apply) + network_interface = (known after apply) + private_dns_zone_configs = (known after apply) + resource_group_name = "spoke-sec-baseline-1-spoke-westus3-rg-eslz2" + subnet_id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-spoke-westus3-vnet-eslz2-prod/subnets/privateLink" + tags = { + "module" = "private-endpoint" } + private_service_connection { + is_manual_connection = false + name = (known after apply) + private_connection_resource_id = (known after apply) + private_ip_address = (known after apply) + subresource_names = [ + "account", ] } } # module.app_service.module.windows_web_app[0].module.private_endpoint.azurerm_private_dns_a_record.this[0] will be updated in-place ~ resource "azurerm_private_dns_a_record" "this" { id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/A/eslz2" name = "eslz2" ~ tags = { + "module" = "private-endpoint" } # (5 unchanged attributes hidden) } # module.app_service.module.windows_web_app[0].module.private_endpoint.azurerm_private_dns_a_record.this[1] will be updated in-place ~ resource "azurerm_private_dns_a_record" "this" { id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/A/eslz2.scm" name = "eslz2.scm" ~ tags = { + "module" = "private-endpoint" } # (5 unchanged attributes hidden) } # module.app_service.module.windows_web_app[0].module.private_endpoint.azurerm_private_endpoint.this will be updated in-place ~ resource "azurerm_private_endpoint" "this" { id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/privateEndpoints/pe-eslz2" name = "pe-eslz2" ~ tags = { + "module" = "private-endpoint" } # (6 unchanged attributes hidden) # (1 unchanged block hidden) } # module.app_service.module.windows_web_app[0].module.private_endpoint_slot.azurerm_private_dns_a_record.this[0] will be updated in-place ~ resource "azurerm_private_dns_a_record" "this" { id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/A/eslz2-staging" name = "eslz2-staging" ~ tags = { + "module" = "private-endpoint" } # (5 unchanged attributes hidden) } # module.app_service.module.windows_web_app[0].module.private_endpoint_slot.azurerm_private_dns_a_record.this[1] will be updated in-place ~ resource "azurerm_private_dns_a_record" "this" { id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/A/eslz2-staging.scm" name = "eslz2-staging.scm" ~ tags = { + "module" = "private-endpoint" } # (5 unchanged attributes hidden) } # module.app_service.module.windows_web_app[0].module.private_endpoint_slot.azurerm_private_endpoint.this will be updated in-place ~ resource "azurerm_private_endpoint" "this" { id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/privateEndpoints/pe-eslz2-staging" name = "pe-eslz2-staging" ~ tags = { + "module" = "private-endpoint" } # (6 unchanged attributes hidden) # (1 unchanged block hidden) } Plan: 14 to add, 7 to change, 6 to destroy. ::debug::Terraform exited with code 0. ::debug::stdout: %0ATerraform used the selected providers to generate the following execution%0Aplan. Resource actions are indicated with the following symbols:%0A + create%0A ~ update in-place%0A-/+ destroy and then create replacement%0A%0ATerraform will perform the following actions:%0A%0A # module.frontdoor.azurerm_monitor_diagnostic_setting.this[0] will be updated in-place%0A ~ resource "azurerm_monitor_diagnostic_setting" "this" {%0A id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Cdn/profiles/sec-baseline-1-spoke-westus3-fd-eslz2-prod|sec-baseline-1-spoke-westus3-fd-eslz2-prod-diagnostic-settings}"%0A + log_analytics_destination_type = "AzureDiagnostics"%0A name = "sec-baseline-1-spoke-westus3-fd-eslz2-prod-diagnostic-settings}"%0A # (2 unchanged attributes hidden)%0A%0A # (4 unchanged blocks hidden)%0A }%0A%0A # module.openai[0].azurecaf_name.caf_name_oai will be created%0A + resource "azurecaf_name" "caf_name_oai" {%0A + clean_input = true%0A + id = (known after apply)%0A + passthrough = false%0A + prefixes = [%0A + "sec-baseline-1-spoke",%0A + "westus3",%0A ]%0A + random_length = 0%0A + resource_type = "azurerm_cognitive_account"%0A + result = (known after apply)%0A + results = (known after apply)%0A + separator = "-"%0A + suffixes = [%0A + "prod",%0A ]%0A + use_slug = true%0A }%0A%0A # module.openai[0].azurecaf_name.priv_endpoint will be created%0A + resource "azurecaf_name" "priv_endpoint" {%0A + clean_input = true%0A + id = (known after apply)%0A + passthrough = false%0A + random_length = 0%0A + resource_type = "azurerm_private_endpoint"%0A + result = (known after apply)%0A + results = (known after apply)%0A + separator = "-"%0A + use_slug = true%0A }%0A%0A # module.openai[0].azurerm_cognitive_account.this will be created%0A + resource "azurerm_cognitive_account" "this" {%0A + custom_subdomain_name = (known after apply)%0A + endpoint = (known after apply)%0A + id = (known after apply)%0A + kind = "OpenAI"%0A + local_auth_enabled = true%0A + location = "westus3"%0A + name = (known after apply)%0A + outbound_network_access_restricted = false%0A + primary_access_key = (sensitive value)%0A + public_network_access_enabled = false%0A + resource_group_name = "spoke-sec-baseline-1-spoke-westus3-rg-eslz2"%0A + secondary_access_key = (sensitive value)%0A + sku_name = "S0"%0A + tags = {%0A + "Environment" = "prod"%0A + "Owner" = "cloudops@contoso.com"%0A + "Project" = "[Scenario 1: SPOKE] App Service Landing Zone Accelerator"%0A + "Terraform" = "true"%0A + "module" = "openai"%0A }%0A%0A + identity {%0A + principal_id = (known after apply)%0A + tenant_id = (known after apply)%0A + type = "SystemAssigned"%0A }%0A%0A + network_acls {%0A + default_action = "Deny"%0A%0A + virtual_network_rules {%0A + ignore_missing_vnet_service_endpoint = true%0A + subnet_id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-spoke-westus3-vnet-eslz2-prod/subnets/devops"%0A }%0A + virtual_network_rules {%0A + ignore_missing_vnet_service_endpoint = true%0A + subnet_id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-spoke-westus3-vnet-eslz2-prod/subnets/ingress"%0A }%0A + virtual_network_rules {%0A + ignore_missing_vnet_service_endpoint = true%0A + subnet_id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-spoke-westus3-vnet-eslz2-prod/subnets/privateLink"%0A }%0A + virtual_network_rules {%0A + ignore_missing_vnet_service_endpoint = true%0A + subnet_id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-spoke-westus3-vnet-eslz2-prod/subnets/serverFarm"%0A }%0A }%0A }%0A%0A # module.openai[0].azurerm_cognitive_deployment.this["gpt-35-turbo"] will be created%0A + resource "azurerm_cognitive_deployment" "this" {%0A + cognitive_account_id = (known after apply)%0A + id = (known after apply)%0A + name = "gpt-35-turbo"%0A%0A + model {%0A + format = "OpenAI"%0A + name = "gpt-35-turbo"%0A + version = "0613"%0A }%0A%0A + scale {%0A + capacity = 1%0A + type = "Standard"%0A }%0A }%0A%0A # module.openai[0].azurerm_cognitive_deployment.this["text-embedding-ada-002"] will be created%0A + resource "azurerm_cognitive_deployment" "this" {%0A + cognitive_account_id = (known after apply)%0A + id = (known after apply)%0A + name = "text-embedding-ada-002"%0A%0A + model {%0A + format = "OpenAI"%0A + name = "text-embedding-ada-002"%0A + version = "2"%0A }%0A%0A + scale {%0A + capacity = 1%0A + type = "Standard"%0A }%0A }%0A%0A # module.private_dns_zones[1].azurerm_private_dns_zone.this must be replaced%0A-/+ resource "azurerm_private_dns_zone" "this" {%0A ~ id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.database.windows.net" -> (known after apply)%0A ~ max_number_of_record_sets = 25000 -> (known after apply)%0A ~ max_number_of_virtual_network_links = 1000 -> (known after apply)%0A ~ max_number_of_virtual_network_links_with_registration = 100 -> (known after apply)%0A ~ name = "privatelink.database.windows.net" -> "privatelink.vaultcore.azure.net" # forces replacement%0A ~ number_of_record_sets = 2 -> (known after apply)%0A tags = {%0A "Environment" = "prod"%0A "Owner" = "cloudops@contoso.com"%0A "Project" = "[Scenario 1: SPOKE] App Service Landing Zone Accelerator"%0A "Terraform" = "true"%0A "module" = "private-dns-zone"%0A }%0A # (1 unchanged attribute hidden)%0A%0A - soa_record {%0A - email = "azureprivatedns-host.microsoft.com" -> null%0A - expire_time = 2419200 -> null%0A - fqdn = "privatelink.database.windows.net." -> null%0A - host_name = "azureprivatedns.net" -> null%0A - minimum_ttl = 10 -> null%0A - refresh_time = 3600 -> null%0A - retry_time = 300 -> null%0A - serial_number = 1 -> null%0A - tags = {} -> null%0A - ttl = 3600 -> null%0A }%0A }%0A%0A # module.private_dns_zones[1].azurerm_private_dns_zone_virtual_network_link.this[0] must be replaced%0A-/+ resource "azurerm_private_dns_zone_virtual_network_link" "this" {%0A ~ id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.database.windows.net/virtualNetworkLinks/sec-baseline-1-hub-wus2-vnet-eslz2-prod" -> (known after apply)%0A name = "sec-baseline-1-hub-wus2-vnet-eslz2-prod"%0A ~ private_dns_zone_name = "privatelink.database.windows.net" -> "privatelink.vaultcore.azure.net" # forces replacement%0A - tags = {} -> null%0A # (3 unchanged attributes hidden)%0A }%0A%0A # module.private_dns_zones[2].azurerm_private_dns_zone.this must be replaced%0A-/+ resource "azurerm_private_dns_zone" "this" {%0A ~ id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" -> (known after apply)%0A ~ max_number_of_record_sets = 25000 -> (known after apply)%0A ~ max_number_of_virtual_network_links = 1000 -> (known after apply)%0A ~ max_number_of_virtual_network_links_with_registration = 100 -> (known after apply)%0A ~ name = "privatelink.azconfig.io" -> "privatelink.database.windows.net" # forces replacement%0A ~ number_of_record_sets = 2 -> (known after apply)%0A tags = {%0A "Environment" = "prod"%0A "Owner" = "cloudops@contoso.com"%0A "Project" = "[Scenario 1: SPOKE] App Service Landing Zone Accelerator"%0A "Terraform" = "true"%0A "module" = "private-dns-zone"%0A }%0A # (1 unchanged attribute hidden)%0A%0A - soa_record {%0A - email = "azureprivatedns-host.microsoft.com" -> null%0A - expire_time = 2419200 -> null%0A - fqdn = "privatelink.azconfig.io." -> null%0A - host_name = "azureprivatedns.net" -> null%0A - minimum_ttl = 10 -> null%0A - refresh_time = 3600 -> null%0A - retry_time = 300 -> null%0A - serial_number = 1 -> null%0A - tags = {} -> null%0A - ttl = 3600 -> null%0A }%0A }%0A%0A # module.private_dns_zones[2].azurerm_private_dns_zone_virtual_network_link.this[0] must be replaced%0A-/+ resource "azurerm_private_dns_zone_virtual_network_link" "this" {%0A ~ id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io/virtualNetworkLinks/sec-baseline-1-hub-wus2-vnet-eslz2-prod" -> (known after apply)%0A name = "sec-baseline-1-hub-wus2-vnet-eslz2-prod"%0A ~ private_dns_zone_name = "privatelink.azconfig.io" -> "privatelink.database.windows.net" # forces replacement%0A - tags = {} -> null%0A # (3 unchanged attributes hidden)%0A }%0A%0A # module.private_dns_zones[3].azurerm_private_dns_zone.this must be replaced%0A-/+ resource "azurerm_private_dns_zone" "this" {%0A ~ id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net" -> (known after apply)%0A ~ max_number_of_record_sets = 25000 -> (known after apply)%0A ~ max_number_of_virtual_network_links = 1000 -> (known after apply)%0A ~ max_number_of_virtual_network_links_with_registration = 100 -> (known after apply)%0A ~ name = "privatelink.vaultcore.azure.net" -> "privatelink.azconfig.io" # forces replacement%0A ~ number_of_record_sets = 2 -> (known after apply)%0A tags = {%0A "Environment" = "prod"%0A "Owner" = "cloudops@contoso.com"%0A "Project" = "[Scenario 1: SPOKE] App Service Landing Zone Accelerator"%0A "Terraform" = "true"%0A "module" = "private-dns-zone"%0A }%0A # (1 unchanged attribute hidden)%0A%0A - soa_record {%0A - email = "azureprivatedns-host.microsoft.com" -> null%0A - expire_time = 2419200 -> null%0A - fqdn = "privatelink.vaultcore.azure.net." -> null%0A - host_name = "azureprivatedns.net" -> null%0A - minimum_ttl = 10 -> null%0A - refresh_time = 3600 -> null%0A - retry_time = 300 -> null%0A - serial_number = 1 -> null%0A - tags = {} -> null%0A - ttl = 3600 -> null%0A }%0A }%0A%0A # module.private_dns_zones[3].azurerm_private_dns_zone_virtual_network_link.this[0] must be replaced%0A-/+ resource "azurerm_private_dns_zone_virtual_network_link" "this" {%0A ~ id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net/virtualNetworkLinks/sec-baseline-1-hub-wus2-vnet-eslz2-prod" -> (known after apply)%0A name = "sec-baseline-1-hub-wus2-vnet-eslz2-prod"%0A ~ private_dns_zone_name = "privatelink.vaultcore.azure.net" -> "privatelink.azconfig.io" # forces replacement%0A - tags = {} -> null%0A # (3 unchanged attributes hidden)%0A }%0A%0A # module.private_dns_zones[5].azurerm_private_dns_zone.this will be created%0A + resource "azurerm_private_dns_zone" "this" {%0A + id = (known after apply)%0A + max_number_of_record_sets = (known after apply)%0A + max_number_of_virtual_network_links = (known after apply)%0A + max_number_of_virtual_network_links_with_registration = (known after apply)%0A + name = "privatelink.openai.azure.com"%0A + number_of_record_sets = (known after apply)%0A + resource_group_name = "sec-baseline-1-hub-wus2-rg-eslz2"%0A + tags = {%0A + "Environment" = "prod"%0A + "Owner" = "cloudops@contoso.com"%0A + "Project" = "[Scenario 1: SPOKE] App Service Landing Zone Accelerator"%0A + "Terraform" = "true"%0A + "module" = "private-dns-zone"%0A }%0A }%0A%0A # module.private_dns_zones[5].azurerm_private_dns_zone_virtual_network_link.this[0] will be created%0A + resource "azurerm_private_dns_zone_virtual_network_link" "this" {%0A + id = (known after apply)%0A + name = "sec-baseline-1-hub-wus2-vnet-eslz2-prod"%0A + private_dns_zone_name = "privatelink.openai.azure.com"%0A + registration_enabled = false%0A + resource_group_name = "sec-baseline-1-hub-wus2-rg-eslz2"%0A + virtual_network_id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-hub-wus2-vnet-eslz2-prod"%0A }%0A%0A # module.openai[0].module.private_endpoint.azurerm_private_endpoint.this will be created%0A + resource "azurerm_private_endpoint" "this" {%0A + custom_dns_configs = (known after apply)%0A + id = (known after apply)%0A + location = "westus3"%0A + name = (known after apply)%0A + network_interface = (known after apply)%0A + private_dns_zone_configs = (known after apply)%0A + resource_group_name = "spoke-sec-baseline-1-spoke-westus3-rg-eslz2"%0A + subnet_id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/virtualNetworks/sec-baseline-1-spoke-westus3-vnet-eslz2-prod/subnets/privateLink"%0A + tags = {%0A + "module" = "private-endpoint"%0A }%0A%0A + private_service_connection {%0A + is_manual_connection = false%0A + name = (known after apply)%0A + private_connection_resource_id = (known after apply)%0A + private_ip_address = (known after apply)%0A + subresource_names = [%0A + "account",%0A ]%0A }%0A }%0A%0A # module.app_service.module.windows_web_app[0].module.private_endpoint.azurerm_private_dns_a_record.this[0] will be updated in-place%0A ~ resource "azurerm_private_dns_a_record" "this" {%0A id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/A/eslz2"%0A name = "eslz2"%0A ~ tags = {%0A + "module" = "private-endpoint"%0A }%0A # (5 unchanged attributes hidden)%0A }%0A%0A # module.app_service.module.windows_web_app[0].module.private_endpoint.azurerm_private_dns_a_record.this[1] will be updated in-place%0A ~ resource "azurerm_private_dns_a_record" "this" {%0A id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/A/eslz2.scm"%0A name = "eslz2.scm"%0A ~ tags = {%0A + "module" = "private-endpoint"%0A }%0A # (5 unchanged attributes hidden)%0A }%0A%0A # module.app_service.module.windows_web_app[0].module.private_endpoint.azurerm_private_endpoint.this will be updated in-place%0A ~ resource "azurerm_private_endpoint" "this" {%0A id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/privateEndpoints/pe-eslz2"%0A name = "pe-eslz2"%0A ~ tags = {%0A + "module" = "private-endpoint"%0A }%0A # (6 unchanged attributes hidden)%0A%0A # (1 unchanged block hidden)%0A }%0A%0A # module.app_service.module.windows_web_app[0].module.private_endpoint_slot.azurerm_private_dns_a_record.this[0] will be updated in-place%0A ~ resource "azurerm_private_dns_a_record" "this" {%0A id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/A/eslz2-staging"%0A name = "eslz2-staging"%0A ~ tags = {%0A + "module" = "private-endpoint"%0A }%0A # (5 unchanged attributes hidden)%0A }%0A%0A # module.app_service.module.windows_web_app[0].module.private_endpoint_slot.azurerm_private_dns_a_record.this[1] will be updated in-place%0A ~ resource "azurerm_private_dns_a_record" "this" {%0A id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/sec-baseline-1-hub-wus2-rg-eslz2/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net/A/eslz2-staging.scm"%0A name = "eslz2-staging.scm"%0A ~ tags = {%0A + "module" = "private-endpoint"%0A }%0A # (5 unchanged attributes hidden)%0A }%0A%0A # module.app_service.module.windows_web_app[0].module.private_endpoint_slot.azurerm_private_endpoint.this will be updated in-place%0A ~ resource "azurerm_private_endpoint" "this" {%0A id = "/subscriptions/864eb9d0-e9c4-4d6b-bf11-bd4cfde05e81/resourceGroups/spoke-sec-baseline-1-spoke-westus3-rg-eslz2/providers/Microsoft.Network/privateEndpoints/pe-eslz2-staging"%0A name = "pe-eslz2-staging"%0A ~ tags = {%0A + "module" = "private-endpoint"%0A }%0A # (6 unchanged attributes hidden)%0A%0A # (1 unchanged block hidden)%0A }%0A%0APlan: 14 to add, 7 to change, 6 to destroy.%0A ::debug::stderr: ::debug::exitcode: 0 ```

Pusher: @thotheod, Action: pull_request, Working Directory: scenarios/secure-baseline-multitenant/terraform/spoke, Workflow: Scenario 1: Terraform SPOKE Multi-tenant Secure Baseline

Azure / appservice-landing-zone-accelerator

Get Latest from Main #195

Description

Pipeline references

Type of Change

Checklist

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Terraform Format and Style 🖌``

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Azure / appservice-landing-zone-accelerator

Get Latest from Main #195

Description

Pipeline references

Type of Change

Checklist

Terraform Format and Style 🖌``

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Terraform Plan 📖success

Terraform Format and Style 🖌``

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Terraform Plan 📖success

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`