Upgrade to azurerm provider version 4

README.md

@@ -31,7 +31,7 @@ The following requirements are needed by this module:
 
 - <a name="requirement_azapi"></a> [azapi](#requirement\_azapi) (>=2.0, < 3.0)
 
-- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 3.86.0, <4.0)
+- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 4, <5)
 
 - <a name="requirement_modtm"></a> [modtm](#requirement\_modtm) (>= 0.3, < 1.0)
 
@@ -225,8 +225,7 @@ map(object({
   mode                 = (Optional) Should this Node Pool be used for System or User resources? Possible values are `System` and `User`. Defaults to `User`.  
   os\_disk\_size\_gb      = (Optional) The Agent Operating System disk size in GB. Changing this forces a new resource to be created.  
   tags                 = (Optional) A mapping of tags to assign to the resource. At this time there's a bug in the AKS API where Tags for a Node Pool are not stored in the correct case - you [may wish to use Terraform's `ignore_changes` functionality to ignore changes to the casing](https://www.terraform.io/language/meta-arguments/lifecycle#ignore_changess) until this is fixed in the AKS API.  
-  labels               = (Optional) A map of Kubernetes labels which should be applied to nodes in this Node Pool.  
-  node\_taints               = (Optional) A list of the taints added to new nodes during node pool create and scale.
+  labels               = (Optional) A map of Kubernetes labels which should be applied to nodes in this Node Pool.
 }))
 
 Example input:
@@ -268,20 +267,11 @@ map(object({
     os_disk_size_gb = optional(number, null)
     tags            = optional(map(string), {})
     labels          = optional(map(string), {})
-    node_taints     = optional(list(string), null)
   }))
 ```
 
 Default: `{}`
 
-### <a name="input_node_taints"></a> [node\_taints](#input\_node\_taints)
-
-Description: (Optional) A list of the taints added to new nodes during node pool create and scale. Changing this forces a new resource to be created.
-
-Type: `list(string)`
-
-Default: `null`
-
 ### <a name="input_orchestrator_version"></a> [orchestrator\_version](#input\_orchestrator\_version)
 
 Description: Specify which Kubernetes release to use. Specify only minor version, such as '1.28'.
@@ -364,9 +354,9 @@ The following Modules are called:
 
 ### <a name="module_avm_res_containerregistry_registry"></a> [avm\_res\_containerregistry\_registry](#module\_avm\_res\_containerregistry\_registry)
 
-Source: Azure/avm-res-containerregistry-registry/azurerm
+Source: github.com/Azure/terraform-azurerm-avm-res-containerregistry-registry
 
-Version: 0.3.1
+Version:
 
 <!-- markdownlint-disable-next-line MD041 -->
 ## Data Collection

examples/default/README.md

@@ -9,7 +9,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.7.0, < 4.0.0"
+      version = ">= 4, <5"
     }
     random = {
       source  = "hashicorp/random"
@@ -53,6 +53,9 @@ resource "azurerm_resource_group" "this" {
   name     = module.naming.resource_group.name_unique
 }
 
+# Datasource of current tenant ID
+data "azurerm_client_config" "current" {}
+
 # This is the module call
 # Do not specify location here due to the randomization above.
 # Leaving location as `null` will cause the module to use the resource group location
@@ -66,6 +69,7 @@ module "test" {
   location                    = azurerm_resource_group.this.location
   private_dns_zone_id         = azurerm_private_dns_zone.mydomain.id
   private_dns_zone_id_enabled = true
+  rbac_aad_tenant_id          = data.azurerm_client_config.current.tenant_id
   network = {
     name                = module.avm_res_network_virtualnetwork.name
     resource_group_name = azurerm_resource_group.this.name
@@ -117,7 +121,7 @@ The following requirements are needed by this module:
 
 - <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) (>= 1.3.0)
 
-- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 3.7.0, < 4.0.0)
+- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 4, <5)
 
 - <a name="requirement_random"></a> [random](#requirement\_random) (>= 3.5.0, < 4.0.0)
 
@@ -129,6 +133,7 @@ The following resources are used by this module:
 - [azurerm_private_dns_zone.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) (resource)
 - [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) (resource)
 - [random_integer.region_index](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) (resource)
+- [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) (data source)
 
 <!-- markdownlint-disable MD013 -->
 ## Required Inputs

examples/default/main.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.7.0, < 4.0.0"
+      version = ">= 4, <5"
     }
     random = {
       source  = "hashicorp/random"
@@ -47,6 +47,9 @@ resource "azurerm_resource_group" "this" {
   name     = module.naming.resource_group.name_unique
 }
 
+# Datasource of current tenant ID
+data "azurerm_client_config" "current" {}
+
 # This is the module call
 # Do not specify location here due to the randomization above.
 # Leaving location as `null` will cause the module to use the resource group location
@@ -60,6 +63,7 @@ module "test" {
   location                    = azurerm_resource_group.this.location
   private_dns_zone_id         = azurerm_private_dns_zone.mydomain.id
   private_dns_zone_id_enabled = true
+  rbac_aad_tenant_id          = data.azurerm_client_config.current.tenant_id
   network = {
     name                = module.avm_res_network_virtualnetwork.name
     resource_group_name = azurerm_resource_group.this.name

examples/with_availability_zone/README.md

@@ -9,7 +9,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.7.0, < 4.0.0"
+      version = ">= 4, <5"
     }
   }
 }
@@ -41,6 +41,9 @@ resource "azurerm_user_assigned_identity" "this" {
   resource_group_name = azurerm_resource_group.this.name
 }
 
+# Datasource of current tenant ID
+data "azurerm_client_config" "current" {}
+
 # This is the module call
 # Do not specify location here due to the randomization above.
 # Leaving location as `null` will cause the module to use the resource group location
@@ -67,6 +70,7 @@ module "test" {
       azurerm_user_assigned_identity.this.id
     ]
   }
+  rbac_aad_tenant_id = data.azurerm_client_config.current.tenant_id
 
   location = "East US 2" # Hardcoded because we have to test in a region with availability zones
   node_pools = {
@@ -127,7 +131,7 @@ The following requirements are needed by this module:
 
 - <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) (>= 1.3.0)
 
-- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 3.7.0, < 4.0.0)
+- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 4, <5)
 
 ## Resources
 
@@ -136,6 +140,7 @@ The following resources are used by this module:
 - [azurerm_private_dns_zone.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) (resource)
 - [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) (resource)
 - [azurerm_user_assigned_identity.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) (resource)
+- [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) (data source)
 
 <!-- markdownlint-disable MD013 -->
 ## Required Inputs

examples/with_availability_zone/main.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.7.0, < 4.0.0"
+      version = ">= 4, <5"
     }
   }
 }
@@ -35,6 +35,9 @@ resource "azurerm_user_assigned_identity" "this" {
   resource_group_name = azurerm_resource_group.this.name
 }
 
+# Datasource of current tenant ID
+data "azurerm_client_config" "current" {}
+
 # This is the module call
 # Do not specify location here due to the randomization above.
 # Leaving location as `null` will cause the module to use the resource group location
@@ -61,6 +64,7 @@ module "test" {
       azurerm_user_assigned_identity.this.id
     ]
   }
+  rbac_aad_tenant_id = data.azurerm_client_config.current.tenant_id
 
   location = "East US 2" # Hardcoded because we have to test in a region with availability zones
   node_pools = {

examples/without_availability_zone/README.md

@@ -9,7 +9,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.7.0, < 4.0.0"
+      version = ">= 4, <5"
     }
   }
 }
@@ -40,6 +40,9 @@ resource "azurerm_user_assigned_identity" "this" {
   resource_group_name = azurerm_resource_group.this.name
 }
 
+# Datasource of current tenant ID
+data "azurerm_client_config" "current" {}
+
 # This is the module call
 # Do not specify location here due to the randomization above.
 # Leaving location as `null` will cause the module to use the resource group location
@@ -67,6 +70,8 @@ module "test" {
     ]
   }
 
+  rbac_aad_tenant_id = data.azurerm_client_config.current.tenant_id
+
   location = "West US" # Hardcoded because we have to test in a region without availability zones
   node_pools = {
     workload = {
@@ -123,7 +128,7 @@ The following requirements are needed by this module:
 
 - <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) (>= 1.3.0)
 
-- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 3.7.0, < 4.0.0)
+- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 4, <5)
 
 ## Resources
 
@@ -132,6 +137,7 @@ The following resources are used by this module:
 - [azurerm_private_dns_zone.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) (resource)
 - [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) (resource)
 - [azurerm_user_assigned_identity.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) (resource)
+- [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) (data source)
 
 <!-- markdownlint-disable MD013 -->
 ## Required Inputs

examples/without_availability_zone/main.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.7.0, < 4.0.0"
+      version = ">= 4, <5"
     }
   }
 }
@@ -34,6 +34,9 @@ resource "azurerm_user_assigned_identity" "this" {
   resource_group_name = azurerm_resource_group.this.name
 }
 
+# Datasource of current tenant ID
+data "azurerm_client_config" "current" {}
+
 # This is the module call
 # Do not specify location here due to the randomization above.
 # Leaving location as `null` will cause the module to use the resource group location
@@ -61,6 +64,8 @@ module "test" {
     ]
   }
 
+  rbac_aad_tenant_id = data.azurerm_client_config.current.tenant_id
+
   location = "West US" # Hardcoded because we have to test in a region without availability zones
   node_pools = {
     workload = {

locals.tf

@@ -49,7 +49,6 @@ locals {
         max_count            = pool.max_count
         min_count            = pool.min_count
         labels               = pool.labels
-        node_taints          = pool.node_taints
         os_sku               = pool.os_sku
         mode                 = pool.mode
         os_disk_size_gb      = pool.os_disk_size_gb

main.tf

@@ -1,7 +1,8 @@
 module "avm_res_containerregistry_registry" {
-  for_each                      = toset(var.acr == null ? [] : ["acr"])
-  source                        = "Azure/avm-res-containerregistry-registry/azurerm"
-  version                       = "0.3.1"
+  for_each = toset(var.acr == null ? [] : ["acr"])
+  source   = "github.com/Azure/terraform-azurerm-avm-res-containerregistry-registry"
+  #source                        = "Azure/avm-res-containerregistry-registry/azurerm"
+  #version                       = "0.4.0"
   name                          = var.acr.name
   location                      = var.location
   resource_group_name           = var.resource_group_name
@@ -60,12 +61,12 @@ resource "azurerm_kubernetes_cluster" "this" {
   location                          = var.location
   name                              = "aks-${var.name}"
   resource_group_name               = var.resource_group_name
-  automatic_channel_upgrade         = "patch"
+  automatic_upgrade_channel         = "patch"
   azure_policy_enabled              = true
   dns_prefix                        = var.name
   kubernetes_version                = var.kubernetes_version
   local_account_disabled            = true
-  node_os_channel_upgrade           = "NodeImage"
+  node_os_upgrade_channel           = "NodeImage"
   oidc_issuer_enabled               = true
   private_cluster_enabled           = true
   private_dns_zone_id               = var.private_dns_zone_id
@@ -75,20 +76,19 @@ resource "azurerm_kubernetes_cluster" "this" {
   workload_identity_enabled         = true
 
   default_node_pool {
-    name                   = "agentpool"
-    vm_size                = "Standard_D4d_v5"
-    enable_auto_scaling    = true
-    enable_host_encryption = true
-    max_count              = 9
-    max_pods               = 110
-    min_count              = 3
-    node_labels            = var.node_labels
-    node_taints            = var.node_taints
-    orchestrator_version   = var.orchestrator_version
-    os_sku                 = var.os_sku
-    tags                   = merge(var.tags, var.agents_tags)
-    vnet_subnet_id         = var.network.node_subnet_id
-    zones                  = local.default_node_pool_available_zones
+    name                    = "agentpool"
+    vm_size                 = "Standard_D4d_v5"
+    auto_scaling_enabled    = true
+    host_encryption_enabled = true
+    max_count               = 9
+    max_pods                = 110
+    min_count               = 3
+    node_labels             = var.node_labels
+    orchestrator_version    = var.orchestrator_version
+    os_sku                  = var.os_sku
+    tags                    = merge(var.tags, var.agents_tags)
+    vnet_subnet_id          = var.network.node_subnet_id
+    zones                   = local.default_node_pool_available_zones
 
     upgrade_settings {
       max_surge = "10%"
@@ -100,7 +100,6 @@ resource "azurerm_kubernetes_cluster" "this" {
   azure_active_directory_role_based_access_control {
     admin_group_object_ids = var.rbac_aad_admin_group_object_ids
     azure_rbac_enabled     = var.rbac_aad_azure_rbac_enabled
-    managed                = true
     tenant_id              = var.rbac_aad_tenant_id
   }
   ## Resources that only support UserAssigned
@@ -272,11 +271,10 @@ resource "azurerm_kubernetes_cluster_node_pool" "this" {
   kubernetes_cluster_id = azurerm_kubernetes_cluster.this.id
   name                  = each.value.name
   vm_size               = each.value.vm_size
-  enable_auto_scaling   = true
+  auto_scaling_enabled  = true
   max_count             = each.value.max_count
   min_count             = each.value.min_count
   node_labels           = each.value.labels
-  node_taints           = each.value.node_taints
   orchestrator_version  = each.value.orchestrator_version
   os_disk_size_gb       = each.value.os_disk_size_gb
   os_sku                = each.value.os_sku

terraform.tf

@@ -7,7 +7,7 @@ terraform {
     }
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">= 3.86.0, <4.0"
+      version = ">= 4, <5"
     }
     modtm = {
       source  = "Azure/modtm"

variables.tf

@@ -133,7 +133,6 @@ variable "node_pools" {
     os_disk_size_gb = optional(number, null)
     tags            = optional(map(string), {})
     labels          = optional(map(string), {})
-    node_taints     = optional(list(string), null)
   }))
   default     = {}
   description = <<-EOT
@@ -149,7 +148,6 @@ map(object({
   os_disk_size_gb      = (Optional) The Agent Operating System disk size in GB. Changing this forces a new resource to be created.
   tags                 = (Optional) A mapping of tags to assign to the resource. At this time there's a bug in the AKS API where Tags for a Node Pool are not stored in the correct case - you [may wish to use Terraform's `ignore_changes` functionality to ignore changes to the casing](https://www.terraform.io/language/meta-arguments/lifecycle#ignore_changess) until this is fixed in the AKS API.
   labels               = (Optional) A map of Kubernetes labels which should be applied to nodes in this Node Pool.
-  node_taints               = (Optional) A list of the taints added to new nodes during node pool create and scale.
 }))
 
 Example input:
@@ -184,12 +182,6 @@ EOT
   }
 }
 
-variable "node_taints" {
-  type        = list(string)
-  default     = null
-  description = "(Optional) A list of the taints added to new nodes during node pool create and scale. Changing this forces a new resource to be created."
-}
-
 variable "orchestrator_version" {
   type        = string
   default     = null