From 1387429591de1becc88bcb21ed1ef71cccf882dd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 3 Nov 2023 14:54:15 +0000 Subject: [PATCH 1/3] Update Terraform github.com/DFE-Digital/terraform-azurerm-container-apps-hosting to v1.3.1 --- terraform/container-apps-hosting.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/container-apps-hosting.tf b/terraform/container-apps-hosting.tf index 890d9a10b..57b9b2809 100644 --- a/terraform/container-apps-hosting.tf +++ b/terraform/container-apps-hosting.tf @@ -1,5 +1,5 @@ module "azure_container_apps_hosting" { - source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.1.0" + source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.3.1" environment = local.environment project_name = local.project_name From 858faf13463cee16ab811f32ccc0f83c404d0739 Mon Sep 17 00:00:00 2001 From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com> Date: Fri, 3 Nov 2023 14:57:03 +0000 Subject: [PATCH 2/3] Updated Readme --- terraform/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/README.md b/terraform/README.md index caa981959..2e8721179 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -136,7 +136,7 @@ No providers. | Name | Source | Version | |------|--------|---------| -| <a name="module_azure_container_apps_hosting"></a> [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.1.0 | +| <a name="module_azure_container_apps_hosting"></a> [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.3.1 | | <a name="module_azurerm_key_vault"></a> [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.2.2 | | <a name="module_statuscake-tls-monitor"></a> [statuscake-tls-monitor](#module\_statuscake-tls-monitor) | github.com/dfe-digital/terraform-statuscake-tls-monitor | v0.1.2 | From 704e47d440b6a317db83a59621d51743134400f0 Mon Sep 17 00:00:00 2001 From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com> Date: Fri, 3 Nov 2023 15:16:12 +0000 Subject: [PATCH 3/3] Renamed vars to match updated version --- terraform/.terraform.lock.hcl | 15 +++++ terraform/README.md | 4 +- terraform/container-apps-hosting.tf | 6 +- terraform/locals.tf | 92 ++++++++++++++--------------- terraform/variables.tf | 4 +- 5 files changed, 68 insertions(+), 53 deletions(-) diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl index d5e7ed094..d777a99fa 100644 --- a/terraform/.terraform.lock.hcl +++ b/terraform/.terraform.lock.hcl @@ -97,5 +97,20 @@ provider "registry.terraform.io/statuscakedev/statuscake" { "h1:phIY76XC5ij8dZUSHJqU4Aj/vq17wq3rQFZ9guLtVF4=", "h1:v9W0xSeWF2bz3b3txV0s43el5DCxCZGZO13hiVBkz9c=", "h1:wFoZJfmNvG6XTf65NLai67geSHqYV1Tilx7OITrHilE=", + "zh:0916313344c579d6e05d70f88129a10fe48f7dabe0e61cad17874d6c496f288d", + "zh:0d491ff72c2eda6482855033ca2146c5ace1663d07cb3da7253b59ed2e2ec6f4", + "zh:11fffbce18eb3d3c283e877242f477e0c561342c19090240b60af7d948bd84ac", + "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", + "zh:1c6116092c59bc0010e147dc7832ae981d528f235cef563e5ae05a93ef8bac5c", + "zh:1f13a543b1d32cc1f1e3d2ed5ca83445f088787c335690fe20dee1203488a8bc", + "zh:23f55fd0714696c3863f892646a79a780cea1923c0c4d2b1064df735ba4156f5", + "zh:288fbb4431ac12014aa5aab10ee7166dfe71fd1158464e06e8a527aa4919e64e", + "zh:2a0746d3c8cdc7d0875df0f4605d81130e6da0ce6196d0f5f8661fe9191bc2ab", + "zh:31d660756abc53d252906fe1239fad58ecb6c1d0dbb087408a8af266be1f9ae4", + "zh:6765281d1b7efb41085c5375660b6c6b271babc5d09b2c030bec7176f7a7bfb6", + "zh:6d7204eadb667c1f2cab762a7a97234cf47452f0ecad680f5106c8fd02524c87", + "zh:b70a97b0eba471d683e23ce8744a5c67ef9952086e2d6f5825b72f32b6caff89", + "zh:df89ee4aaba88faea33d33384a36ea52588b5514644d335f724378a682d8d9da", + "zh:ffe2e1e7224ea5f4dd65b9eef45464e3124cfc824473b04e7af429f9177f2375", ] } diff --git a/terraform/README.md b/terraform/README.md index 2e8721179..b46bcd99d 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -157,8 +157,6 @@ No resources. | <a name="input_cdn_frontdoor_origin_fqdn_override"></a> [cdn\_frontdoor\_origin\_fqdn\_override](#input\_cdn\_frontdoor\_origin\_fqdn\_override) | Manually specify the hostname that the CDN Front Door should target. Defaults to the Container App FQDN | `string` | `""` | no | | <a name="input_cdn_frontdoor_origin_host_header_override"></a> [cdn\_frontdoor\_origin\_host\_header\_override](#input\_cdn\_frontdoor\_origin\_host\_header\_override) | Manually specify the host header that the CDN sends to the target. Defaults to the recieved host header. Set to null to set it to the host\_name (`cdn_frontdoor_origin_fqdn_override`) | `string` | `""` | no | | <a name="input_cdn_frontdoor_rate_limiting_threshold"></a> [cdn\_frontdoor\_rate\_limiting\_threshold](#input\_cdn\_frontdoor\_rate\_limiting\_threshold) | Maximum number of concurrent requests per minute threshold before rate limiting is applied | `number` | n/a | yes | -| <a name="input_container_app_blob_storage_ipv4_allow_list"></a> [container\_app\_blob\_storage\_ipv4\_allow\_list](#input\_container\_app\_blob\_storage\_ipv4\_allow\_list) | A list of public IPv4 address to grant access to the Blob Storage Account | `list(string)` | n/a | yes | -| <a name="input_container_app_blob_storage_public_access_enabled"></a> [container\_app\_blob\_storage\_public\_access\_enabled](#input\_container\_app\_blob\_storage\_public\_access\_enabled) | Should the Azure Storage Account have Public visibility? | `bool` | n/a | yes | | <a name="input_container_apps_allow_ips_inbound"></a> [container\_apps\_allow\_ips\_inbound](#input\_container\_apps\_allow\_ips\_inbound) | Restricts access to the Container Apps by creating a network security group rule that only allow inbound traffic from the provided list of IPs | `list(string)` | `[]` | no | | <a name="input_container_command"></a> [container\_command](#input\_container\_command) | Container command | `list(any)` | n/a | yes | | <a name="input_container_max_replicas"></a> [container\_max\_replicas](#input\_container\_max\_replicas) | Container max replicas | `number` | `2` | no | @@ -192,6 +190,8 @@ No resources. | <a name="input_statuscake_contact_group_integrations"></a> [statuscake\_contact\_group\_integrations](#input\_statuscake\_contact\_group\_integrations) | List of Integration IDs to connect to your Contact Group | `list(string)` | `[]` | no | | <a name="input_statuscake_contact_group_name"></a> [statuscake\_contact\_group\_name](#input\_statuscake\_contact\_group\_name) | Name of the contact group in StatusCake | `string` | `""` | no | | <a name="input_statuscake_monitored_resource_addresses"></a> [statuscake\_monitored\_resource\_addresses](#input\_statuscake\_monitored\_resource\_addresses) | The URLs to perform TLS checks on | `list(string)` | `[]` | no | +| <a name="input_storage_account_ipv4_allow_list"></a> [storage\_account\_ipv4\_allow\_list](#input\_storage\_account\_ipv4\_allow\_list) | A list of public IPv4 address to grant access to the Blob Storage Account | `list(string)` | n/a | yes | +| <a name="input_storage_account_public_access_enabled"></a> [storage\_account\_public\_access\_enabled](#input\_storage\_account\_public\_access\_enabled) | Should the Azure Storage Account have Public visibility? | `bool` | n/a | yes | | <a name="input_tags"></a> [tags](#input\_tags) | Tags to be applied to all resources | `map(string)` | n/a | yes | | <a name="input_tfvars_filename"></a> [tfvars\_filename](#input\_tfvars\_filename) | tfvars filename. This ensures that tfvars are kept up to date in Key Vault. | `string` | n/a | yes | | <a name="input_virtual_network_address_space"></a> [virtual\_network\_address\_space](#input\_virtual\_network\_address\_space) | Virtual network address space CIDR | `string` | n/a | yes | diff --git a/terraform/container-apps-hosting.tf b/terraform/container-apps-hosting.tf index 57b9b2809..0be7a5950 100644 --- a/terraform/container-apps-hosting.tf +++ b/terraform/container-apps-hosting.tf @@ -44,9 +44,9 @@ module "azure_container_apps_hosting" { existing_logic_app_workflow = local.existing_logic_app_workflow enable_container_health_probe = local.enable_container_health_probe - enable_container_app_blob_storage = local.enable_container_app_blob_storage - container_app_blob_storage_ipv4_allow_list = local.container_app_blob_storage_ipv4_allow_list - container_app_blob_storage_public_access_enabled = local.container_app_blob_storage_public_access_enabled + enable_container_app_blob_storage = local.enable_container_app_blob_storage + storage_account_ipv4_allow_list = local.storage_account_ipv4_allow_list + storage_account_public_access_enabled = local.storage_account_public_access_enabled existing_network_watcher_name = local.existing_network_watcher_name existing_network_watcher_resource_group_name = local.existing_network_watcher_resource_group_name diff --git a/terraform/locals.tf b/terraform/locals.tf index 34e6590ed..2fac624db 100644 --- a/terraform/locals.tf +++ b/terraform/locals.tf @@ -1,48 +1,48 @@ locals { - environment = var.environment - project_name = var.project_name - azure_location = var.azure_location - tags = var.tags - virtual_network_address_space = var.virtual_network_address_space - enable_container_registry = var.enable_container_registry - image_name = var.image_name - container_command = var.container_command - container_secret_environment_variables = var.container_secret_environment_variables - container_max_replicas = var.container_max_replicas - enable_cdn_frontdoor = var.enable_cdn_frontdoor - enable_event_hub = var.enable_event_hub - enable_logstash_consumer = var.enable_logstash_consumer - eventhub_export_log_analytics_table_names = var.eventhub_export_log_analytics_table_names - enable_dns_zone = var.enable_dns_zone - dns_zone_domain_name = var.dns_zone_domain_name - dns_ns_records = var.dns_ns_records - dns_txt_records = var.dns_txt_records - dns_a_records = var.dns_a_records - restrict_container_apps_to_cdn_inbound_only = var.restrict_container_apps_to_cdn_inbound_only - container_apps_allow_ips_inbound = var.container_apps_allow_ips_inbound - cdn_frontdoor_enable_rate_limiting = var.cdn_frontdoor_enable_rate_limiting - cdn_frontdoor_rate_limiting_threshold = var.cdn_frontdoor_rate_limiting_threshold - cdn_frontdoor_host_add_response_headers = var.cdn_frontdoor_host_add_response_headers - cdn_frontdoor_custom_domains = var.cdn_frontdoor_custom_domains - cdn_frontdoor_host_redirects = var.cdn_frontdoor_host_redirects - cdn_frontdoor_origin_fqdn_override = var.cdn_frontdoor_origin_fqdn_override - cdn_frontdoor_origin_host_header_override = var.cdn_frontdoor_origin_host_header_override - cdn_frontdoor_forwarding_protocol = var.cdn_frontdoor_forwarding_protocol - key_vault_access_users = toset(var.key_vault_access_users) - key_vault_access_ipv4 = var.key_vault_access_ipv4 - tfvars_filename = var.tfvars_filename - enable_monitoring = var.enable_monitoring - enable_container_health_probe = var.enable_container_health_probe - monitor_email_receivers = var.monitor_email_receivers - existing_logic_app_workflow = var.existing_logic_app_workflow - enable_container_app_blob_storage = var.enable_container_app_blob_storage - container_app_blob_storage_ipv4_allow_list = var.container_app_blob_storage_ipv4_allow_list - container_app_blob_storage_public_access_enabled = var.container_app_blob_storage_public_access_enabled - existing_network_watcher_name = var.existing_network_watcher_name - existing_network_watcher_resource_group_name = var.existing_network_watcher_resource_group_name - enable_redis_cache = var.enable_redis_cache - statuscake_monitored_resource_addresses = var.statuscake_monitored_resource_addresses - statuscake_contact_group_name = var.statuscake_contact_group_name - statuscake_contact_group_integrations = var.statuscake_contact_group_integrations - statuscake_contact_group_email_addresses = var.statuscake_contact_group_email_addresses + environment = var.environment + project_name = var.project_name + azure_location = var.azure_location + tags = var.tags + virtual_network_address_space = var.virtual_network_address_space + enable_container_registry = var.enable_container_registry + image_name = var.image_name + container_command = var.container_command + container_secret_environment_variables = var.container_secret_environment_variables + container_max_replicas = var.container_max_replicas + enable_cdn_frontdoor = var.enable_cdn_frontdoor + enable_event_hub = var.enable_event_hub + enable_logstash_consumer = var.enable_logstash_consumer + eventhub_export_log_analytics_table_names = var.eventhub_export_log_analytics_table_names + enable_dns_zone = var.enable_dns_zone + dns_zone_domain_name = var.dns_zone_domain_name + dns_ns_records = var.dns_ns_records + dns_txt_records = var.dns_txt_records + dns_a_records = var.dns_a_records + restrict_container_apps_to_cdn_inbound_only = var.restrict_container_apps_to_cdn_inbound_only + container_apps_allow_ips_inbound = var.container_apps_allow_ips_inbound + cdn_frontdoor_enable_rate_limiting = var.cdn_frontdoor_enable_rate_limiting + cdn_frontdoor_rate_limiting_threshold = var.cdn_frontdoor_rate_limiting_threshold + cdn_frontdoor_host_add_response_headers = var.cdn_frontdoor_host_add_response_headers + cdn_frontdoor_custom_domains = var.cdn_frontdoor_custom_domains + cdn_frontdoor_host_redirects = var.cdn_frontdoor_host_redirects + cdn_frontdoor_origin_fqdn_override = var.cdn_frontdoor_origin_fqdn_override + cdn_frontdoor_origin_host_header_override = var.cdn_frontdoor_origin_host_header_override + cdn_frontdoor_forwarding_protocol = var.cdn_frontdoor_forwarding_protocol + key_vault_access_users = toset(var.key_vault_access_users) + key_vault_access_ipv4 = var.key_vault_access_ipv4 + tfvars_filename = var.tfvars_filename + enable_monitoring = var.enable_monitoring + enable_container_health_probe = var.enable_container_health_probe + monitor_email_receivers = var.monitor_email_receivers + existing_logic_app_workflow = var.existing_logic_app_workflow + enable_container_app_blob_storage = var.enable_container_app_blob_storage + storage_account_ipv4_allow_list = var.storage_account_ipv4_allow_list + storage_account_public_access_enabled = var.storage_account_public_access_enabled + existing_network_watcher_name = var.existing_network_watcher_name + existing_network_watcher_resource_group_name = var.existing_network_watcher_resource_group_name + enable_redis_cache = var.enable_redis_cache + statuscake_monitored_resource_addresses = var.statuscake_monitored_resource_addresses + statuscake_contact_group_name = var.statuscake_contact_group_name + statuscake_contact_group_integrations = var.statuscake_contact_group_integrations + statuscake_contact_group_email_addresses = var.statuscake_contact_group_email_addresses } diff --git a/terraform/variables.tf b/terraform/variables.tf index 3edd7562a..c82d894d0 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -211,12 +211,12 @@ variable "enable_container_app_blob_storage" { type = bool } -variable "container_app_blob_storage_ipv4_allow_list" { +variable "storage_account_ipv4_allow_list" { description = "A list of public IPv4 address to grant access to the Blob Storage Account" type = list(string) } -variable "container_app_blob_storage_public_access_enabled" { +variable "storage_account_public_access_enabled" { description = "Should the Azure Storage Account have Public visibility?" type = bool }