Module roadmap elements (Upgrade rover to version 1.3x at minimum)

[arnaudlh]

:white_check_mark: 5.6.10+

Terraform min version 1.2.x Move to azurerm 2.99 Minor internal refactoring will be needed (see upgrade.md) Extensions refactoring and speed optimization. Terraform min version 1.3.5 (for backend azurerm in MSAL) Sustained engineering will be done in int-5.6.x and version tags will be on this branch.

:white_check_mark: 5.7.x

Move to microsoft graph with azuread provider 2.x Move to azurerm 3.57.0 Move to azuread 2.39.0 Full scenarios for MSAL support Deprecate legacy load_balancers in favor of lb Terraform min version 1.4.x This will live in branch main and version tags will be on this branch.

5.8.x

Deprecate legacy azurerm_integration_service_environment azurerm 3.58+ auread 2.40+ Terraform min version 1.5.x This will live in branch int-5.8.0 and version tags will be on this branch.

6.0.0

All names using data sources and no resources No ARM templates deployments embedded or CLI, replaced by AZAPI, or whatever fits best. Import for existing infrastructure

[langecode]

Stumbled into a problem trying to do "credential federation" with Azure AD and discovered the azuread provider 1.4.0 is over 2 years old! Would be really nice to have that upgraded.

[nusrath432]

Related: https://github.com/Azure/caf-terraform-landingzones/issues/425

[MarcelHeek]

@arnaudlh When will 5.7.x release become available as we are desperately awaiting the AzureRM 3.x support in the CAF supermodule? We cannot stay on v2.99 any longer and keep waiting. We are on the brink of moving away completely from using this module for building our level3/4 landing zones. Can you give us something of a timeline?

And yes, I know we could help and contribute, but time and adequate knowledge is blocking for now.

[LaurentLesle]

You can test the pre-release with the landingzone tag int-5.7.0. So far the upgrade tests are working (with some modifications required in the configuration file for azure ad applications /sp and groups) The goal is to get a module release next week

[MarcelHeek]

@LaurentLesle We are consuming the CAF supermodule using a local fork which we regularly sync with the public module (main branch). In our local fork we created our "own" branch where we maintain small changes for non AzureRM 3.x related things that are not supported in the module (yet) and update that branch with every module release. So just consuming the pre-release branch is not as easy as it seems.

You mention the goal is to release a module version bump next week. Will that be with AzureRM 3.x (a 5.7.x release) or an updated release for AzureRM 2.99 (a 5.6.10) release? If it is the first, my co-workers and I would be very happy.

[LaurentLesle]

5.7.0 is using latest azurerm (3.56.0) and azuread (2.39.0) There is an azure branch pointing to the pre-release (int-5.7.0)

[MarcelHeek]

@LaurentLesle @arnaudlh As I expected the new release is 5.6.10, not 5.7.0 yet. Is there a estimation or targetdate for the 5.7.0 version release you guys are aiming for? I can understand that answering this might be difficult, but it is crucial for us to know what to expect so we can adjust our plans accordingly.

[mgibson85]

Hi guys, any further news on the 5.7.0 release? Like many others, we are waiting on azuread provider 2.x with graph.

Thanks for all the hard work :)