fix: Storage module -> enable_resource_advanced_threat_protection var…

…iable removed (#293) * feat: Update module version to v8.8.0 * pre-commit fixs * data-indexer: removed enable_resource_advanced_threat_protection variable not used * added docs for removed variables * fix cdn storage * minor fix * pre-commit fixs
pagopa · May 5, 2024 · 118e6eb · 118e6eb
1 parent 46e5ab1
commit 118e6eb
Show file tree

Hide file tree

Showing 54 changed files with 121 additions and 195 deletions.
diff --git a/api_management/README.md b/api_management/README.md
@@ -33,7 +33,7 @@ resource "azurerm_resource_group" "rg_api" {
 
 # APIM subnet
 module "apim_snet" {
-  source               = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v3.11.0"
+  source               = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v8.8.0"
   name                 = "${local.program}-apim-snet"
   resource_group_name  = data.azurerm_resource_group.rg_vnet.name
   virtual_network_name = data.azurerm_virtual_network.vnet.name
@@ -48,7 +48,7 @@ module "apim_snet" {
 ###########################
 
 module "apim" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management?ref=v3.11.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management?ref=v8.8.0"
 
   name = "${local.program}-apim"
 

diff --git a/api_management_api/README.md b/api_management_api/README.md
@@ -30,7 +30,7 @@ locals {
 # }
 
 module "apim_devopslab_webapp_python_alpha_api_v1" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v3.11.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api?ref=v8.8.0"
 
   name                  = local.apim_devopslab_webapp_python_alpha_api.api_name
   api_management_name   = module.apim.name

diff --git a/api_management_product/README.md b/api_management_product/README.md
@@ -10,7 +10,7 @@ This module allow the creation of api management product, and associate to a gro
 
 ```ts
 module "apim_product_devopslab" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product?ref=v3.11.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product?ref=v8.8.0"
 
   product_id   = "devopslab"
   display_name = "DevOpsLab Program"

diff --git a/app_gateway/README.md b/app_gateway/README.md
@@ -42,7 +42,7 @@ resource "azurerm_key_vault_access_policy" "app_gateway_policy" {
 
 # Subnet to host the application gateway
 module "appgateway_snet" {
-  source               = "git::https://github.com/pagopa/azurerm.git//subnet?ref=v2.1.21"
+  source               = "git::https://github.com/pagopa/azurerm.git//subnet?ref=v8.8.0"
 
   name                 = "${local.project}-appgateway-snet"
   address_prefixes     = var.cidr_subnet_appgateway
@@ -86,7 +86,7 @@ module "appgateway_snet" {
 
   # Subnet to host the application gateway
   module "appgateway_snet" {
-    source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v3.11.0"
+    source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v8.8.0"
 
     name                 = "${local.program}-appgateway-snet"
     address_prefixes     = var.cidr_subnet_appgateway
@@ -99,7 +99,7 @@ module "appgateway_snet" {
   module "app_gw" {
     count = var.app_gateway_is_enabled ? 1 : 0
 
-    source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//app_gateway?ref=v3.11.0"
+    source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//app_gateway?ref=v8.8.0"
 
     name                = "${local.program}-app-gw"
     resource_group_name = data.azurerm_resource_group.rg_vnet.name

diff --git a/application_insights_standard_web_test/README.md b/application_insights_standard_web_test/README.md
@@ -6,7 +6,7 @@ This module create an alert for a http(s) webservice
 
 ```hcl
 module "webservice_monitor_01" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//application_insights_standard_web_test?ref=vX.X.X"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//application_insights_standard_web_test?ref=v8.8.0"
   
 
   https_endpoint                         = "https://api.dev.platform.pagopa.it"
@@ -21,4 +21,4 @@ module "webservice_monitor_01" {
   https_probe_body                       = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" ....  </soapenv:Envelope>"
   https_probe_method                     = "POST"
 }
-```
+```
diff --git a/application_insights_web_test_preview/README.md b/application_insights_web_test_preview/README.md
@@ -20,7 +20,7 @@ locals {
 
 module "web_test_availability_alert_rules_for_api" {
   for_each = { for v in local.test_urls : v.host => v if v != null }
-  source   = "git::https://github.com/pagopa/terraform-azurerm-v3.git//application_insights_web_test_preview?ref=v3.15.0"
+  source   = "git::https://github.com/pagopa/terraform-azurerm-v3.git//application_insights_web_test_preview?ref=v8.8.0"
 
   subscription_id                   = data.azurerm_subscription.current.subscription_id
   name                              = "${each.value.host}-test-avail"

diff --git a/azure_devops_agent/README.md b/azure_devops_agent/README.md
@@ -17,7 +17,7 @@ resource "azurerm_resource_group" "azdo_rg" {
 
 # with custom image (previously built. check the module `azure_devops_agent_custom_image` for more details)
 module "module "azdoa_vmss_li" {" {
-  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent?ref=<version>"
+  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent?ref=v8.8.0"
   count               = var.enable_azdoa ? 1 : 0
   name                = "${local.azuredevops_agent_vm_name}"
   resource_group_name = azurerm_resource_group.azdo_rg[0].name
@@ -33,7 +33,7 @@ module "module "azdoa_vmss_li" {" {
 
 # with default image
 module "module "azdoa_vmss_li" {" {
-  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent?ref=<version>"
+  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent?ref=v8.8.0"
   count               = var.enable_azdoa ? 1 : 0
   name                = "${local.azuredevops_agent_vm_name}"
   resource_group_name = azurerm_resource_group.azdo_rg[0].name
@@ -47,7 +47,7 @@ module "module "azdoa_vmss_li" {" {
 
 # with standard image
 module "module "azdoa_vmss_li" {" {
-  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent?ref=<version>"
+  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent?ref=v8.8.0"
   count               = var.enable_azdoa ? 1 : 0
   name                = "${local.azuredevops_agent_vm_name}"
   resource_group_name = azurerm_resource_group.azdo_rg[0].name

diff --git a/azure_devops_agent_custom_image/README.md b/azure_devops_agent_custom_image/README.md
@@ -29,7 +29,7 @@ data "azurerm_resource_group" "resource_group" {
 }
 
 module "azdoa_custom_image" {
-  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent_custom_image?ref=<version>"
+  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent_custom_image?ref=v8.8.0"
   resource_group_name = data.azurerm_resource_group.resource_group.name
   location            = var.location
   image_name          = "my_image_name"

diff --git a/cdn/README.md b/cdn/README.md
@@ -6,6 +6,10 @@ This module allow the creation of a CDN endpoint and CDN profile
 
 ![This is an image](./docs/module-arch.drawio.png)
 
+## Logical breaking changes
+
+* `resource_advanced_threat_protection_enabled` was removed -> use `advanced_threat_protection_enabled`
+
 ## How to use it
 
 ```ts
@@ -20,7 +24,7 @@ resource "azurerm_resource_group" "devopslab_cdn_rg" {
 ### Frontend resources
 #tfsec:ignore:azure-storage-queue-services-logging-enabled:exp:2022-05-01 # already ignored, maybe a bug in tfsec
 module "devopslab_cdn" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cdn?ref=v3.15.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cdn?ref=v8.8.0"
 
   name                  = "diego"
   prefix                = local.product
@@ -99,7 +103,7 @@ During the apply there will be 1 changed and 1 destroy related to storage see [s
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_cdn_storage_account"></a> [cdn\_storage\_account](#module\_cdn\_storage\_account) | github.com/pagopa/terraform-azurerm-v3.git//storage_account | v7.76.0 |
+| <a name="module_cdn_storage_account"></a> [cdn\_storage\_account](#module\_cdn\_storage\_account) | github.com/pagopa/terraform-azurerm-v3.git//storage_account | v8.8.0 |
 
 ## Resources
 
@@ -145,7 +149,6 @@ During the apply there will be 1 changed and 1 destroy related to storage see [s
 | <a name="input_name"></a> [name](#input\_name) | n/a | `string` | n/a | yes |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | n/a | `string` | n/a | yes |
 | <a name="input_querystring_caching_behaviour"></a> [querystring\_caching\_behaviour](#input\_querystring\_caching\_behaviour) | n/a | `string` | `"IgnoreQueryString"` | no |
-| <a name="input_resource_advanced_threat_protection_enabled"></a> [resource\_advanced\_threat\_protection\_enabled](#input\_resource\_advanced\_threat\_protection\_enabled) | Enabled azurerm\_advanced\_threat\_protection resource | `bool` | `true` | no |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | n/a | `string` | n/a | yes |
 | <a name="input_storage_access_tier"></a> [storage\_access\_tier](#input\_storage\_access\_tier) | n/a | `string` | `"Hot"` | no |
 | <a name="input_storage_account_kind"></a> [storage\_account\_kind](#input\_storage\_account\_kind) | n/a | `string` | `"StorageV2"` | no |

diff --git a/cdn/main.tf b/cdn/main.tf
@@ -7,7 +7,7 @@ locals {
  **/
 module "cdn_storage_account" {
 
-  source = "github.com/pagopa/terraform-azurerm-v3.git//storage_account?ref=v7.76.0"
+  source = "github.com/pagopa/terraform-azurerm-v3.git//storage_account?ref=v8.8.0"
 
   name = replace("${var.prefix}-${var.name}-sa", "-", "")
 
@@ -21,8 +21,7 @@ module "cdn_storage_account" {
   allow_nested_items_to_be_public = var.storage_account_nested_items_public
   public_network_access_enabled   = true
 
-  advanced_threat_protection                 = var.advanced_threat_protection_enabled
-  enable_resource_advanced_threat_protection = var.resource_advanced_threat_protection_enabled
+  advanced_threat_protection = var.advanced_threat_protection_enabled
 
   index_document     = var.index_document
   error_404_document = var.error_404_document

diff --git a/cdn/tests/resources.tf b/cdn/tests/resources.tf
@@ -32,6 +32,9 @@ resource "azurerm_key_vault" "this" {
   tags = var.tags
 }
 
+#
+# CDN
+#
 module "cdn" {
   source = "../../cdn"
 

diff --git a/cdn/variables.tf b/cdn/variables.tf
@@ -362,12 +362,6 @@ variable "advanced_threat_protection_enabled" {
   default = false
 }
 
-variable "resource_advanced_threat_protection_enabled" {
-  type        = bool
-  description = "Enabled azurerm_advanced_threat_protection resource"
-  default     = true
-}
-
 variable "storage_account_nested_items_public" {
   type        = bool
   default     = true

diff --git a/cert_mounter/README.md b/cert_mounter/README.md
@@ -7,7 +7,7 @@ This module deploys the cert mounter blueprint in the target namespace, creating
 ```hcl
 
 module "cert_mounter" {
-  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cert_mounter?ref=<version>"
+  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cert_mounter?ref=v8.8.0"
   namespace           = var.domain
   certificate_name    = "${var.aks_cluster_domain_name}-${var.domain}-internal-${var.env}-cstar-pagopa-it" #name of the certificate stored in the given kv
   kv_name             = data.azurerm_key_vault.kv.name

diff --git a/cosmosdb_account/README.md b/cosmosdb_account/README.md
@@ -12,7 +12,7 @@ This module allow the setup of a cosmos db account
 
 ```ts
 module "cosmos_mongo" {
-  source   = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account?ref=v3.15.0"
+  source   = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account?ref=v8.8.0"
   name     = "${local.project}-cosmos-mongo"
   location = var.location
   domain   = var.domain
@@ -69,7 +69,7 @@ module "cosmos_mongo" {
 
 ```ts
 module "cosmos_core" {
-  source   = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account?ref=v3.15.0"
+  source   = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account?ref=v8.8.0"
   name     = "${local.project}-cosmos-core"
   location = var.location
   domain   = var.domain

diff --git a/cosmosdb_mongodb_collection/README.md b/cosmosdb_mongodb_collection/README.md
@@ -10,7 +10,7 @@ This module allow the creation of a collection inside a MongoDB database
 
 ```ts
 module "mongdb_collection_name" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_mongodb_collection?ref=v3.15.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_mongodb_collection?ref=v8.8.0"
 
   name                = "collectionName"
   resource_group_name = azurerm_resource_group.cosmos_mongo_rg[0].name

diff --git a/cosmosdb_sql_container/README.md b/cosmosdb_sql_container/README.md
@@ -32,7 +32,7 @@ locals {
 
 
 module "core_cosmosdb_containers" {
-  source   = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_sql_container?ref=v3.15.0"
+  source   = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_sql_container?ref=v8.8.0"
   for_each = { for c in local.core_cosmosdb_containers : c.name => c }
 
   name                = each.value.name

diff --git a/cosmosdb_sql_database/README.md b/cosmosdb_sql_database/README.md
@@ -38,7 +38,7 @@ resource "azurerm_cosmosdb_mongo_database" "mongo_db" {
 ```ts
 ## Database
 module "core_cosmos_db" {
-  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_sql_database?ref=v3.15.0"
+  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_sql_database?ref=v8.8.0"
   name                = "db"
   resource_group_name = azurerm_resource_group.cosmos_rg[0].name
   account_name        = module.cosmos_core.name

diff --git a/data_indexer/README.md b/data_indexer/README.md
@@ -19,7 +19,7 @@ Use the example Terraform template, saved in `./tests`, to test this module and
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_internal_storage_account"></a> [internal\_storage\_account](#module\_internal\_storage\_account) | github.com/pagopa/terraform-azurerm-v3.git//storage_account | v7.76.0 |
+| <a name="module_internal_storage_account"></a> [internal\_storage\_account](#module\_internal\_storage\_account) | github.com/pagopa/terraform-azurerm-v3.git//storage_account | v8.8.0 |
 
 ## Resources
 

diff --git a/data_indexer/storage.tf b/data_indexer/storage.tf
@@ -1,29 +1,28 @@
 
 module "internal_storage_account" {
-  source = "github.com/pagopa/terraform-azurerm-v3.git//storage_account?ref=v7.76.0"
+  source = "github.com/pagopa/terraform-azurerm-v3.git//storage_account?ref=v8.8.0"
 
-  name                                       = "${replace(var.name, "-", "")}dist"
-  account_kind                               = var.internal_storage.account_kind
-  account_tier                               = var.internal_storage.account_tier
-  account_replication_type                   = var.internal_storage.account_replication_type
-  access_tier                                = var.internal_storage.access_tier
-  resource_group_name                        = azurerm_resource_group.this.name
-  location                                   = var.location
-  enable_resource_advanced_threat_protection = false
-  advanced_threat_protection                 = false
-  public_network_access_enabled              = false
+  name                          = "${replace(var.name, "-", "")}dist"
+  account_kind                  = var.internal_storage.account_kind
+  account_tier                  = var.internal_storage.account_tier
+  account_replication_type      = var.internal_storage.account_replication_type
+  access_tier                   = var.internal_storage.access_tier
+  resource_group_name           = azurerm_resource_group.this.name
+  location                      = var.location
+  advanced_threat_protection    = false
+  public_network_access_enabled = false
 
   tags = var.tags
 }
 
 resource "azurerm_private_endpoint" "blob" {
-  name                = format("%s-blob-endpoint", module.internal_storage_account.name)
+  name                = "${module.internal_storage_account.name}-blob-endpoint"
   location            = var.location
   resource_group_name = azurerm_resource_group.this.name
   subnet_id           = var.internal_storage.private_endpoint_subnet_id
 
   private_service_connection {
-    name                           = format("%s-blob", module.internal_storage_account.name)
+    name                           = "${module.internal_storage_account.name}-blob"
     private_connection_resource_id = module.internal_storage_account.id
     is_manual_connection           = false
     subresource_names              = ["blob"]
@@ -38,13 +37,13 @@ resource "azurerm_private_endpoint" "blob" {
 }
 
 resource "azurerm_private_endpoint" "queue" {
-  name                = format("%s-queue-endpoint", module.internal_storage_account.name)
+  name                = "${module.internal_storage_account.name}-queue-endpoint"
   location            = var.location
   resource_group_name = azurerm_resource_group.this.name
   subnet_id           = var.internal_storage.private_endpoint_subnet_id
 
   private_service_connection {
-    name                           = format("%s-queue", module.internal_storage_account.name)
+    name                           = "${module.internal_storage_account.name}-queue"
     private_connection_resource_id = module.internal_storage_account.id
     is_manual_connection           = false
     subresource_names              = ["queue"]
@@ -59,13 +58,13 @@ resource "azurerm_private_endpoint" "queue" {
 }
 
 resource "azurerm_private_endpoint" "table" {
-  name                = format("%s-table-endpoint", module.internal_storage_account.name)
+  name                = "${module.internal_storage_account.name}-table-endpoint"
   location            = var.location
   resource_group_name = azurerm_resource_group.this.name
   subnet_id           = var.internal_storage.private_endpoint_subnet_id
 
   private_service_connection {
-    name                           = format("%s-table", module.internal_storage_account.name)
+    name                           = "${module.internal_storage_account.name}-table"
     private_connection_resource_id = module.internal_storage_account.id
     is_manual_connection           = false
     subresource_names              = ["table"]

diff --git a/dns_forwarder/README.md b/dns_forwarder/README.md
@@ -21,7 +21,7 @@ resource "azurerm_resource_group" "dns_forwarder" {
 module "dns_forwarder_snet" {
   count = var.dns_forwarder_enabled ? 1 : 0
 
-  source                                    = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v3.15.0"
+  source                                    = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v8.8.0"
   name                                      = "${local.project}-dnsforwarder-snet"
   address_prefixes                          = var.cidr_subnet_dnsforwarder
   resource_group_name                       = azurerm_resource_group.rg_vnet.name
@@ -38,7 +38,7 @@ module "dns_forwarder_snet" {
 }
 
 module "dns_forwarder" {
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder?ref=v3.15.0"
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder?ref=v8.8.0"
 
   name                = "${local.project}-dns-forwarder"
   location            = var.location

diff --git a/dns_forwarder_lb_vmss/README.md b/dns_forwarder_lb_vmss/README.md
@@ -13,7 +13,7 @@ To secure the scale set, a Network Security Group has been added, allowing inbou
 
 module "dns_forwarder" {
 
-  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder_lb_vmss?ref=7.48.0"
+  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder_lb_vmss?ref=v8.8.0"
 
   name                 = var.prefix
   virtual_network_name = azurerm_virtual_network.vnet.name
@@ -43,10 +43,10 @@ module "dns_forwarder" {
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_load_balancer"></a> [load\_balancer](#module\_load\_balancer) | git::https://github.com/pagopa/terraform-azurerm-v3.git//load_balancer | v7.76.0 |
-| <a name="module_subnet_load_balancer"></a> [subnet\_load\_balancer](#module\_subnet\_load\_balancer) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.76.0 |
-| <a name="module_subnet_vmss"></a> [subnet\_vmss](#module\_subnet\_vmss) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.76.0 |
-| <a name="module_vmss"></a> [vmss](#module\_vmss) | git::https://github.com/pagopa/terraform-azurerm-v3.git//vm_scale_set | v7.76.0 |
+| <a name="module_load_balancer"></a> [load\_balancer](#module\_load\_balancer) | git::https://github.com/pagopa/terraform-azurerm-v3.git//load_balancer | v8.8.0 |
+| <a name="module_subnet_load_balancer"></a> [subnet\_load\_balancer](#module\_subnet\_load\_balancer) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v8.8.0 |
+| <a name="module_subnet_vmss"></a> [subnet\_vmss](#module\_subnet\_vmss) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v8.8.0 |
+| <a name="module_vmss"></a> [vmss](#module\_vmss) | git::https://github.com/pagopa/terraform-azurerm-v3.git//vm_scale_set | v8.8.0 |
 
 ## Resources
-Original file line number
+Diff line change
@@ Expand Up / @@ -32,6 +32,9 @@ resource "azurerm_key_vault" "this" { @@
       tags = var.tags
     }
+    #
+    # CDN
+    #
     module "cdn" {
       source = "../../cdn"
@@ Expand Down @@