issues
search
dimaserbenyuk
/
devops-course
devops-course
MIT License
1
stars
0
forks
source link
Publish Terraform Plan
#20
Closed
dimaserbenyuk
closed
5 months ago
github-actions[bot]
commented
5 months ago
Terraform Plan Output
Click to expand
```terraform Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # azuread_application.this will be created + resource "azuread_application" "this" { + app_role_ids = (known after apply) + application_id = (known after apply) + client_id = (known after apply) + disabled_by_microsoft = (known after apply) + display_name = "tf-oidc-test-sample" + id = (known after apply) + logo_url = (known after apply) + oauth2_permission_scope_ids = (known after apply) + object_id = (known after apply) + owners = [ + "371fcda5-d60f-427b-8e13-5ee7742566c7", + "e42e416c-221f-44e6-88db-44fd1601b9d7", ] + prevent_duplicate_names = false + publisher_domain = (known after apply) + sign_in_audience = "AzureADMyOrg" + tags = (known after apply) + template_id = (known after apply) + required_resource_access { + resource_app_id = "00000003-0000-0000-c000-000000000000" + resource_access { + id = "18a4783c-866b-4cc7-a460-3d5e5662c884" + type = "Role" } + resource_access { + id = "df021288-bdef-4463-88db-98f22de89214" + type = "Role" } } + web { + implicit_grant { + access_token_issuance_enabled = true } } } # azuread_application_federated_identity_credential.env-dev will be created + resource "azuread_application_federated_identity_credential" "env-dev" { + application_id = (known after apply) + application_object_id = (known after apply) + audiences = [ + "api://AzureADTokenExchange", ] + credential_id = (known after apply) + description = "deployments for repository cloud-cicd-exploration" + display_name = "az-oidc-env-dev" + id = (known after apply) + issuer = "https://token.actions.githubusercontent.com" + subject = "repo:dimaserbenyuk/devops-course:environment:dev" } # azuread_application_federated_identity_credential.env-prod will be created + resource "azuread_application_federated_identity_credential" "env-prod" { + application_id = (known after apply) + application_object_id = (known after apply) + audiences = [ + "api://AzureADTokenExchange", ] + credential_id = (known after apply) + description = "deployments for repository cloud-cicd-exploration" + display_name = "az-oidc-env-prod" + id = (known after apply) + issuer = "https://token.actions.githubusercontent.com" + subject = "repo:dimaserbenyuk/devops-course:environment:prod" } # azuread_application_federated_identity_credential.main will be created + resource "azuread_application_federated_identity_credential" "main" { + application_id = (known after apply) + application_object_id = (known after apply) + audiences = [ + "api://AzureADTokenExchange", ] + credential_id = (known after apply) + description = "deployments for repository cloud-cicd-exploration" + display_name = "az-oidc-branch-main" + id = (known after apply) + issuer = "https://token.actions.githubusercontent.com" + subject = "repo:dimaserbenyuk/devops-course:ref:refs/heads/main" } # azuread_application_federated_identity_credential.pr will be created + resource "azuread_application_federated_identity_credential" "pr" { + application_id = (known after apply) + application_object_id = (known after apply) + audiences = [ + "api://AzureADTokenExchange", ] + credential_id = (known after apply) + description = "deployments for repository cloud-cicd-exploration" + display_name = "az-oidc-pr" + id = (known after apply) + issuer = "https://token.actions.githubusercontent.com" + subject = "repo:dimaserbenyuk/devops-course:pull_request" } # azuread_application_password.this will be created + resource "azuread_application_password" "this" { + application_id = (known after apply) + application_object_id = (known after apply) + display_name = "tf-credentials" + end_date = "2099-01-01T01:02:03Z" + id = (known after apply) + key_id = (known after apply) + start_date = (known after apply) + value = (sensitive value) } # azuread_service_principal.this will be created + resource "azuread_service_principal" "this" { + account_enabled = true + app_role_assignment_required = false + app_role_ids = (known after apply) + app_roles = (known after apply) + application_id = (known after apply) + application_tenant_id = (known after apply) + client_id = (known after apply) + display_name = (known after apply) + homepage_url = (known after apply) + id = (known after apply) + logout_url = (known after apply) + oauth2_permission_scope_ids = (known after apply) + oauth2_permission_scopes = (known after apply) + object_id = (known after apply) + redirect_uris = (known after apply) + saml_metadata_url = (known after apply) + service_principal_names = (known after apply) + sign_in_audience = (known after apply) + tags = (known after apply) + type = (known after apply) } # azurerm_key_vault.vault will be created + resource "azurerm_key_vault" "vault" { + access_policy = [ + { + certificate_permissions = [ + "Backup", + "Create", + "Delete", + "DeleteIssuers", + "Get", + "GetIssuers", + "Import", + "List", + "ListIssuers", + "ManageContacts", + "ManageIssuers", + "Purge", + "Recover", + "Restore", + "SetIssuers", + "Update", ] + key_permissions = [ + "Backup", + "Create", + "Decrypt", + "Delete", + "Encrypt", + "Get", + "Import", + "List", + "Purge", + "Recover", + "Restore", + "Sign", + "UnwrapKey", + "Update", + "Verify", + "WrapKey", ] + object_id = "e42e416c-221f-44e6-88db-44fd1601b9d7" + secret_permissions = [ + "Backup", + "Delete", + "Get", + "List", + "Purge", + "Recover", + "Restore", + "Set", ] + storage_permissions = [ + "Backup", + "Delete", + "DeleteSAS", + "Get", + "GetSAS", + "List", + "ListSAS", + "Purge", + "Recover", + "RegenerateKey", + "Restore", + "Set", + "SetSAS", + "Update", ] + tenant_id = "1d31fb92-1bb7-4152-bc61-24f6b51841d1" }, ] + enabled_for_disk_encryption = true + id = (known after apply) + location = "westeurope" + name = "serbeniuk-vault" + public_network_access_enabled = true + resource_group_name = "serbeniuk" + sku_name = "standard" + soft_delete_retention_days = 90 + tenant_id = "1d31fb92-1bb7-4152-bc61-24f6b51841d1" + vault_uri = (known after apply) } # azurerm_key_vault_secret.ssh_private_key will be created + resource "azurerm_key_vault_secret" "ssh_private_key" { + content_type = "text/plain" + id = (known after apply) + key_vault_id = (known after apply) + name = "ssh-private-key" + resource_id = (known after apply) + resource_versionless_id = (known after apply) + value = (sensitive value) + version = (known after apply) + versionless_id = (known after apply) } # azurerm_key_vault_secret.ssh_public_key will be created + resource "azurerm_key_vault_secret" "ssh_public_key" { + content_type = "text/plain" + id = (known after apply) + key_vault_id = (known after apply) + name = "ssh-public-key" + resource_id = (known after apply) + resource_versionless_id = (known after apply) + value = (sensitive value) + version = (known after apply) + versionless_id = (known after apply) } # azurerm_linux_virtual_machine.serbeniuk will be created + resource "azurerm_linux_virtual_machine" "serbeniuk" { + admin_username = "adminuser" + allow_extension_operations = true + bypass_platform_safety_checks_on_user_schedule_enabled = false + computer_name = "publicvm" + disable_password_authentication = true + disk_controller_type = (known after apply) + extensions_time_budget = "PT1H30M" + id = (known after apply) + location = "westeurope" + max_bid_price = -1 + name = "public-vm" + network_interface_ids = (known after apply) + patch_assessment_mode = "ImageDefault" + patch_mode = "ImageDefault" + platform_fault_domain = -1 + priority = "Regular" + private_ip_address = (known after apply) + private_ip_addresses = (known after apply) + provision_vm_agent = true + public_ip_address = (known after apply) + public_ip_addresses = (known after apply) + resource_group_name = "serbeniuk" + size = "Standard_D1_v2" + tags = { + "environment" = "Production" } + virtual_machine_id = (known after apply) + vm_agent_platform_updates_enabled = false + admin_ssh_key { + public_key = (known after apply) + username = "adminuser" } + os_disk { + caching = "ReadWrite" + disk_size_gb = (known after apply) + name = (known after apply) + storage_account_type = "StandardSSD_LRS" + write_accelerator_enabled = false } + source_image_reference { + offer = "0001-com-ubuntu-server-jammy" + publisher = "Canonical" + sku = "22_04-lts" + version = "latest" } } # azurerm_nat_gateway.nat_gateway will be created + resource "azurerm_nat_gateway" "nat_gateway" { + id = (known after apply) + idle_timeout_in_minutes = 4 + location = "westeurope" + name = "natGateway" + resource_group_name = "serbeniuk" + resource_guid = (known after apply) + sku_name = "Standard" } # azurerm_network_interface.private will be created + resource "azurerm_network_interface" "private" { + applied_dns_servers = (known after apply) + dns_servers = (known after apply) + enable_accelerated_networking = false + enable_ip_forwarding = false + id = (known after apply) + internal_dns_name_label = (known after apply) + internal_domain_name_suffix = (known after apply) + location = "westeurope" + mac_address = (known after apply) + name = "private-nic" + private_ip_address = (known after apply) + private_ip_addresses = (known after apply) + resource_group_name = "serbeniuk" + virtual_machine_id = (known after apply) + ip_configuration { + gateway_load_balancer_frontend_ip_configuration_id = (known after apply) + name = "internal" + primary = (known after apply) + private_ip_address = (known after apply) + private_ip_address_allocation = "Dynamic" + private_ip_address_version = "IPv4" + public_ip_address_id = (known after apply) + subnet_id = (known after apply) } } # azurerm_network_interface_security_group_association.my-nsg-assoc will be created + resource "azurerm_network_interface_security_group_association" "my-nsg-assoc" { + id = (known after apply) + network_interface_id = (known after apply) + network_security_group_id = (known after apply) } # azurerm_network_security_group.private will be created + resource "azurerm_network_security_group" "private" { + id = (known after apply) + location = "westeurope" + name = "private-nsg" + resource_group_name = "serbeniuk" + security_rule = [ + { + access = "Allow" + destination_address_prefix = "*" + destination_address_prefixes = [] + destination_application_security_group_ids = [] + destination_port_range = "22" + destination_port_ranges = [] + direction = "Inbound" + name = "allow_ssh" + priority = 1001 + protocol = "Tcp" + source_address_prefix = "*" + source_address_prefixes = [] + source_application_security_group_ids = [] + source_port_range = "*" + source_port_ranges = [] # (1 unchanged attribute hidden) }, + { + access = "Allow" + destination_address_prefix = "*" + destination_address_prefixes = [] + destination_application_security_group_ids = [] + destination_port_range = "443" + destination_port_ranges = [] + direction = "Inbound" + name = "allow_https" + priority = 1003 + protocol = "Tcp" + source_address_prefix = "*" + source_address_prefixes = [] + source_application_security_group_ids = [] + source_port_range = "*" + source_port_ranges = [] # (1 unchanged attribute hidden) }, + { + access = "Allow" + destination_address_prefix = "*" + destination_address_prefixes = [] + destination_application_security_group_ids = [] + destination_port_range = "80" + destination_port_ranges = [] + direction = "Inbound" + name = "allow_http" + priority = 1002 + protocol = "Tcp" + source_address_prefix = "*" + source_address_prefixes = [] + source_application_security_group_ids = [] + source_port_range = "*" + source_port_ranges = [] # (1 unchanged attribute hidden) }, ] } # azurerm_public_ip.nat_gateway_ip will be created + resource "azurerm_public_ip" "nat_gateway_ip" { + allocation_method = "Static" + ddos_protection_mode = "VirtualNetworkInherited" + fqdn = (known after apply) + id = (known after apply) + idle_timeout_in_minutes = 4 + ip_address = (known after apply) + ip_version = "IPv4" + location = "westeurope" + name = "natGatewayIP" + resource_group_name = "serbeniuk" + sku = "Standard" + sku_tier = "Regional" } # azurerm_resource_group.rg will be created + resource "azurerm_resource_group" "rg" { + id = (known after apply) + location = "westeurope" + name = "serbeniuk" } # azurerm_role_assignment.sub-contributor will be created + resource "azurerm_role_assignment" "sub-contributor" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = "Contributor" + scope = "/subscriptions/e135f274-9024-40cf-87e9-a8afb4a1a687" + skip_service_principal_aad_check = true } # azurerm_subnet_nat_gateway_association.subnet1_nat_gateway_assoc will be created + resource "azurerm_subnet_nat_gateway_association" "subnet1_nat_gateway_assoc" { + id = (known after apply) + nat_gateway_id = (known after apply) + subnet_id = (known after apply) } # azurerm_subnet_nat_gateway_association.subnet2_nat_gateway_assoc will be created + resource "azurerm_subnet_nat_gateway_association" "subnet2_nat_gateway_assoc" { + id = (known after apply) + nat_gateway_id = (known after apply) + subnet_id = (known after apply) } # azurerm_virtual_network.vpc will be created + resource "azurerm_virtual_network" "vpc" { + address_space = [ + "10.0.0.0/16", ] + dns_servers = [ + "10.0.0.4", + "10.0.0.5", ] + guid = (known after apply) + id = (known after apply) + location = "westeurope" + name = "my-network" + resource_group_name = "serbeniuk" + subnet = [ + { + address_prefix = "10.0.1.0/24" + id = (known after apply) + name = "subnet1" + security_group = (known after apply) }, + { + address_prefix = "10.0.2.0/24" + id = (known after apply) + name = "subnet2" + security_group = (known after apply) }, ] + tags = { + "environment" = "Production" } } # tls_private_key.vm_ssh_key will be created + resource "tls_private_key" "vm_ssh_key" { + algorithm = "RSA" + ecdsa_curve = "P224" + id = (known after apply) + private_key_openssh = (sensitive value) + private_key_pem = (sensitive value) + private_key_pem_pkcs8 = (sensitive value) + public_key_fingerprint_md5 = (known after apply) + public_key_fingerprint_sha256 = (known after apply) + public_key_openssh = (known after apply) + public_key_pem = (known after apply) + rsa_bits = 4096 } Plan: 22 to add, 0 to change, 0 to destroy. Changes to Outputs: + credential_id = (known after apply) + sp_application_name = "tf-oidc-test-sample" + sp_client_id = (known after apply) + sp_object_id = (known after apply) + sp_password = (sensitive value) + tls_private_key = (sensitive value) ```
Terraform Plan Output
Click to expand
```terraform Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # azuread_application.this will be created + resource "azuread_application" "this" { + app_role_ids = (known after apply) + application_id = (known after apply) + client_id = (known after apply) + disabled_by_microsoft = (known after apply) + display_name = "tf-oidc-test-sample" + id = (known after apply) + logo_url = (known after apply) + oauth2_permission_scope_ids = (known after apply) + object_id = (known after apply) + owners = [ + "371fcda5-d60f-427b-8e13-5ee7742566c7", + "e42e416c-221f-44e6-88db-44fd1601b9d7", ] + prevent_duplicate_names = false + publisher_domain = (known after apply) + sign_in_audience = "AzureADMyOrg" + tags = (known after apply) + template_id = (known after apply) + required_resource_access { + resource_app_id = "00000003-0000-0000-c000-000000000000" + resource_access { + id = "18a4783c-866b-4cc7-a460-3d5e5662c884" + type = "Role" } + resource_access { + id = "df021288-bdef-4463-88db-98f22de89214" + type = "Role" } } + web { + implicit_grant { + access_token_issuance_enabled = true } } } # azuread_application_federated_identity_credential.env-dev will be created + resource "azuread_application_federated_identity_credential" "env-dev" { + application_id = (known after apply) + application_object_id = (known after apply) + audiences = [ + "api://AzureADTokenExchange", ] + credential_id = (known after apply) + description = "deployments for repository cloud-cicd-exploration" + display_name = "az-oidc-env-dev" + id = (known after apply) + issuer = "https://token.actions.githubusercontent.com" + subject = "repo:dimaserbenyuk/devops-course:environment:dev" } # azuread_application_federated_identity_credential.env-prod will be created + resource "azuread_application_federated_identity_credential" "env-prod" { + application_id = (known after apply) + application_object_id = (known after apply) + audiences = [ + "api://AzureADTokenExchange", ] + credential_id = (known after apply) + description = "deployments for repository cloud-cicd-exploration" + display_name = "az-oidc-env-prod" + id = (known after apply) + issuer = "https://token.actions.githubusercontent.com" + subject = "repo:dimaserbenyuk/devops-course:environment:prod" } # azuread_application_federated_identity_credential.main will be created + resource "azuread_application_federated_identity_credential" "main" { + application_id = (known after apply) + application_object_id = (known after apply) + audiences = [ + "api://AzureADTokenExchange", ] + credential_id = (known after apply) + description = "deployments for repository cloud-cicd-exploration" + display_name = "az-oidc-branch-main" + id = (known after apply) + issuer = "https://token.actions.githubusercontent.com" + subject = "repo:dimaserbenyuk/devops-course:ref:refs/heads/main" } # azuread_application_federated_identity_credential.pr will be created + resource "azuread_application_federated_identity_credential" "pr" { + application_id = (known after apply) + application_object_id = (known after apply) + audiences = [ + "api://AzureADTokenExchange", ] + credential_id = (known after apply) + description = "deployments for repository cloud-cicd-exploration" + display_name = "az-oidc-pr" + id = (known after apply) + issuer = "https://token.actions.githubusercontent.com" + subject = "repo:dimaserbenyuk/devops-course:pull_request" } # azuread_application_password.this will be created + resource "azuread_application_password" "this" { + application_id = (known after apply) + application_object_id = (known after apply) + display_name = "tf-credentials" + end_date = "2099-01-01T01:02:03Z" + id = (known after apply) + key_id = (known after apply) + start_date = (known after apply) + value = (sensitive value) } # azuread_service_principal.this will be created + resource "azuread_service_principal" "this" { + account_enabled = true + app_role_assignment_required = false + app_role_ids = (known after apply) + app_roles = (known after apply) + application_id = (known after apply) + application_tenant_id = (known after apply) + client_id = (known after apply) + display_name = (known after apply) + homepage_url = (known after apply) + id = (known after apply) + logout_url = (known after apply) + oauth2_permission_scope_ids = (known after apply) + oauth2_permission_scopes = (known after apply) + object_id = (known after apply) + redirect_uris = (known after apply) + saml_metadata_url = (known after apply) + service_principal_names = (known after apply) + sign_in_audience = (known after apply) + tags = (known after apply) + type = (known after apply) } # azurerm_key_vault.vault will be created + resource "azurerm_key_vault" "vault" { + access_policy = [ + { + certificate_permissions = [ + "Backup", + "Create", + "Delete", + "DeleteIssuers", + "Get", + "GetIssuers", + "Import", + "List", + "ListIssuers", + "ManageContacts", + "ManageIssuers", + "Purge", + "Recover", + "Restore", + "SetIssuers", + "Update", ] + key_permissions = [ + "Backup", + "Create", + "Decrypt", + "Delete", + "Encrypt", + "Get", + "Import", + "List", + "Purge", + "Recover", + "Restore", + "Sign", + "UnwrapKey", + "Update", + "Verify", + "WrapKey", ] + object_id = "e42e416c-221f-44e6-88db-44fd1601b9d7" + secret_permissions = [ + "Backup", + "Delete", + "Get", + "List", + "Purge", + "Recover", + "Restore", + "Set", ] + storage_permissions = [ + "Backup", + "Delete", + "DeleteSAS", + "Get", + "GetSAS", + "List", + "ListSAS", + "Purge", + "Recover", + "RegenerateKey", + "Restore", + "Set", + "SetSAS", + "Update", ] + tenant_id = "1d31fb92-1bb7-4152-bc61-24f6b51841d1" }, ] + enabled_for_disk_encryption = true + id = (known after apply) + location = "westeurope" + name = "serbeniuk-vault" + public_network_access_enabled = true + resource_group_name = "serbeniuk" + sku_name = "standard" + soft_delete_retention_days = 90 + tenant_id = "1d31fb92-1bb7-4152-bc61-24f6b51841d1" + vault_uri = (known after apply) } # azurerm_key_vault_secret.ssh_private_key will be created + resource "azurerm_key_vault_secret" "ssh_private_key" { + content_type = "text/plain" + id = (known after apply) + key_vault_id = (known after apply) + name = "ssh-private-key" + resource_id = (known after apply) + resource_versionless_id = (known after apply) + value = (sensitive value) + version = (known after apply) + versionless_id = (known after apply) } # azurerm_key_vault_secret.ssh_public_key will be created + resource "azurerm_key_vault_secret" "ssh_public_key" { + content_type = "text/plain" + id = (known after apply) + key_vault_id = (known after apply) + name = "ssh-public-key" + resource_id = (known after apply) + resource_versionless_id = (known after apply) + value = (sensitive value) + version = (known after apply) + versionless_id = (known after apply) } # azurerm_linux_virtual_machine.serbeniuk will be created + resource "azurerm_linux_virtual_machine" "serbeniuk" { + admin_username = "adminuser" + allow_extension_operations = true + bypass_platform_safety_checks_on_user_schedule_enabled = false + computer_name = "publicvm" + disable_password_authentication = true + disk_controller_type = (known after apply) + extensions_time_budget = "PT1H30M" + id = (known after apply) + location = "westeurope" + max_bid_price = -1 + name = "public-vm" + network_interface_ids = (known after apply) + patch_assessment_mode = "ImageDefault" + patch_mode = "ImageDefault" + platform_fault_domain = -1 + priority = "Regular" + private_ip_address = (known after apply) + private_ip_addresses = (known after apply) + provision_vm_agent = true + public_ip_address = (known after apply) + public_ip_addresses = (known after apply) + resource_group_name = "serbeniuk" + size = "Standard_D1_v2" + tags = { + "environment" = "Production" } + virtual_machine_id = (known after apply) + vm_agent_platform_updates_enabled = false + admin_ssh_key { + public_key = (known after apply) + username = "adminuser" } + os_disk { + caching = "ReadWrite" + disk_size_gb = (known after apply) + name = (known after apply) + storage_account_type = "StandardSSD_LRS" + write_accelerator_enabled = false } + source_image_reference { + offer = "0001-com-ubuntu-server-jammy" + publisher = "Canonical" + sku = "22_04-lts" + version = "latest" } } # azurerm_nat_gateway.nat_gateway will be created + resource "azurerm_nat_gateway" "nat_gateway" { + id = (known after apply) + idle_timeout_in_minutes = 4 + location = "westeurope" + name = "natGateway" + resource_group_name = "serbeniuk" + resource_guid = (known after apply) + sku_name = "Standard" } # azurerm_network_interface.private will be created + resource "azurerm_network_interface" "private" { + applied_dns_servers = (known after apply) + dns_servers = (known after apply) + enable_accelerated_networking = false + enable_ip_forwarding = false + id = (known after apply) + internal_dns_name_label = (known after apply) + internal_domain_name_suffix = (known after apply) + location = "westeurope" + mac_address = (known after apply) + name = "private-nic" + private_ip_address = (known after apply) + private_ip_addresses = (known after apply) + resource_group_name = "serbeniuk" + virtual_machine_id = (known after apply) + ip_configuration { + gateway_load_balancer_frontend_ip_configuration_id = (known after apply) + name = "internal" + primary = (known after apply) + private_ip_address = (known after apply) + private_ip_address_allocation = "Dynamic" + private_ip_address_version = "IPv4" + public_ip_address_id = (known after apply) + subnet_id = (known after apply) } } # azurerm_network_interface_security_group_association.my-nsg-assoc will be created + resource "azurerm_network_interface_security_group_association" "my-nsg-assoc" { + id = (known after apply) + network_interface_id = (known after apply) + network_security_group_id = (known after apply) } # azurerm_network_security_group.private will be created + resource "azurerm_network_security_group" "private" { + id = (known after apply) + location = "westeurope" + name = "private-nsg" + resource_group_name = "serbeniuk" + security_rule = [ + { + access = "Allow" + destination_address_prefix = "*" + destination_address_prefixes = [] + destination_application_security_group_ids = [] + destination_port_range = "22" + destination_port_ranges = [] + direction = "Inbound" + name = "allow_ssh" + priority = 1001 + protocol = "Tcp" + source_address_prefix = "*" + source_address_prefixes = [] + source_application_security_group_ids = [] + source_port_range = "*" + source_port_ranges = [] # (1 unchanged attribute hidden) }, + { + access = "Allow" + destination_address_prefix = "*" + destination_address_prefixes = [] + destination_application_security_group_ids = [] + destination_port_range = "443" + destination_port_ranges = [] + direction = "Inbound" + name = "allow_https" + priority = 1003 + protocol = "Tcp" + source_address_prefix = "*" + source_address_prefixes = [] + source_application_security_group_ids = [] + source_port_range = "*" + source_port_ranges = [] # (1 unchanged attribute hidden) }, + { + access = "Allow" + destination_address_prefix = "*" + destination_address_prefixes = [] + destination_application_security_group_ids = [] + destination_port_range = "80" + destination_port_ranges = [] + direction = "Inbound" + name = "allow_http" + priority = 1002 + protocol = "Tcp" + source_address_prefix = "*" + source_address_prefixes = [] + source_application_security_group_ids = [] + source_port_range = "*" + source_port_ranges = [] # (1 unchanged attribute hidden) }, ] } # azurerm_public_ip.nat_gateway_ip will be created + resource "azurerm_public_ip" "nat_gateway_ip" { + allocation_method = "Static" + ddos_protection_mode = "VirtualNetworkInherited" + fqdn = (known after apply) + id = (known after apply) + idle_timeout_in_minutes = 4 + ip_address = (known after apply) + ip_version = "IPv4" + location = "westeurope" + name = "natGatewayIP" + resource_group_name = "serbeniuk" + sku = "Standard" + sku_tier = "Regional" } # azurerm_resource_group.rg will be created + resource "azurerm_resource_group" "rg" { + id = (known after apply) + location = "westeurope" + name = "serbeniuk" } # azurerm_role_assignment.sub-contributor will be created + resource "azurerm_role_assignment" "sub-contributor" { + id = (known after apply) + name = (known after apply) + principal_id = (known after apply) + principal_type = (known after apply) + role_definition_id = (known after apply) + role_definition_name = "Contributor" + scope = "/subscriptions/e135f274-9024-40cf-87e9-a8afb4a1a687" + skip_service_principal_aad_check = true } # azurerm_subnet_nat_gateway_association.subnet1_nat_gateway_assoc will be created + resource "azurerm_subnet_nat_gateway_association" "subnet1_nat_gateway_assoc" { + id = (known after apply) + nat_gateway_id = (known after apply) + subnet_id = (known after apply) } # azurerm_subnet_nat_gateway_association.subnet2_nat_gateway_assoc will be created + resource "azurerm_subnet_nat_gateway_association" "subnet2_nat_gateway_assoc" { + id = (known after apply) + nat_gateway_id = (known after apply) + subnet_id = (known after apply) } # azurerm_virtual_network.vpc will be created + resource "azurerm_virtual_network" "vpc" { + address_space = [ + "10.0.0.0/16", ] + dns_servers = [ + "10.0.0.4", + "10.0.0.5", ] + guid = (known after apply) + id = (known after apply) + location = "westeurope" + name = "my-network" + resource_group_name = "serbeniuk" + subnet = [ + { + address_prefix = "10.0.1.0/24" + id = (known after apply) + name = "subnet1" + security_group = (known after apply) }, + { + address_prefix = "10.0.2.0/24" + id = (known after apply) + name = "subnet2" + security_group = (known after apply) }, ] + tags = { + "environment" = "Production" } } # tls_private_key.vm_ssh_key will be created + resource "tls_private_key" "vm_ssh_key" { + algorithm = "RSA" + ecdsa_curve = "P224" + id = (known after apply) + private_key_openssh = (sensitive value) + private_key_pem = (sensitive value) + private_key_pem_pkcs8 = (sensitive value) + public_key_fingerprint_md5 = (known after apply) + public_key_fingerprint_sha256 = (known after apply) + public_key_openssh = (known after apply) + public_key_pem = (known after apply) + rsa_bits = 4096 } Plan: 22 to add, 0 to change, 0 to destroy. Changes to Outputs: + credential_id = (known after apply) + sp_application_name = "tf-oidc-test-sample" + sp_client_id = (known after apply) + sp_object_id = (known after apply) + sp_password = (sensitive value) + tls_private_key = (sensitive value) ```