From a295ecaffbc1c31a425a60e29e74e5726b2e3f7a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 17 Sep 2024 12:30:22 +0200 Subject: [PATCH] cli: add `--subscriptionID` flag for `iam create azure` command (#3328) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * deps: update Terraform azurerm to v4 * Set Azure subscription ID when applying Terraform files * Upgrade azurerm to v4.1.0 * Mark subscriptionID flag as not required * deps: tidy all modules --------- Signed-off-by: Daniel Weiße Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Daniel Weiße Co-authored-by: edgelessci --- .../constellation_iam_create/action.yml | 4 ++ .github/actions/e2e_test/action.yml | 4 ++ .github/workflows/e2e-test-daily.yml | 1 + .../workflows/e2e-test-provider-example.yml | 13 ++++++ .github/workflows/e2e-test-release.yml | 1 + .github/workflows/e2e-test-weekly.yml | 1 + .github/workflows/e2e-test.yml | 1 + .github/workflows/e2e-upgrade.yml | 1 + .github/workflows/e2e-windows.yml | 2 +- cli/internal/cloudcmd/iam.go | 2 + cli/internal/cloudcmd/tfvars.go | 2 + cli/internal/cmd/iamcreateazure.go | 14 +++++++ cli/internal/terraform/variables.go | 6 ++- cli/internal/terraform/variables_test.go | 10 +++-- .../vpn/on-prem-terraform/.terraform.lock.hcl | 42 ++++++++----------- dev-docs/howto/vpn/on-prem-terraform/main.tf | 8 +++- .../howto/vpn/on-prem-terraform/variables.tf | 6 +++ .../azure-terraform/.terraform.lock.hcl | 42 ++++++++----------- .../miniconstellation/azure-terraform/main.tf | 5 ++- docs/docs/getting-started/first-steps.md | 2 +- docs/docs/reference/cli.md | 1 + docs/docs/workflows/config.md | 2 +- e2e/miniconstellation/.terraform.lock.hcl | 42 ++++++++----------- e2e/miniconstellation/main.tf | 5 ++- .../examples/full/azure/main.tf | 3 ++ .../infrastructure/azure/.terraform.lock.hcl | 42 ++++++++----------- terraform/infrastructure/azure/main.tf | 10 +++-- .../modules/load_balancer_backend/main.tf | 2 +- .../azure/modules/scale_set/main.tf | 3 +- terraform/infrastructure/azure/variables.tf | 6 +++ .../iam/azure/.terraform.lock.hcl | 42 ++++++++----------- terraform/infrastructure/iam/azure/main.tf | 6 ++- .../infrastructure/iam/azure/variables.tf | 6 +++ 33 files changed, 200 insertions(+), 137 deletions(-) diff --git a/.github/actions/constellation_iam_create/action.yml b/.github/actions/constellation_iam_create/action.yml index eac3d0d76..3bb062dc1 100644 --- a/.github/actions/constellation_iam_create/action.yml +++ b/.github/actions/constellation_iam_create/action.yml @@ -27,6 +27,9 @@ inputs: # # Azure specific inputs # + azureSubscriptionID: + description: "Azure subscription ID to deploy Constellation in." + required: true azureRegion: description: "Azure region to deploy Constellation in." required: false @@ -77,6 +80,7 @@ runs: if: inputs.cloudProvider == 'azure' run: | constellation iam create azure \ + --subscriptionID="${{ inputs.azureSubscriptionID }}" \ --region="${{ inputs.azureRegion }}" \ --resourceGroup="${{ inputs.namePrefix }}-rg" \ --servicePrincipal="${{ inputs.namePrefix }}-sp" \ diff --git a/.github/actions/e2e_test/action.yml b/.github/actions/e2e_test/action.yml index bcd315cbd..c2cca982d 100644 --- a/.github/actions/e2e_test/action.yml +++ b/.github/actions/e2e_test/action.yml @@ -46,6 +46,9 @@ inputs: description: "AWS OpenSearch User to upload the benchmark results." awsOpenSearchPwd: description: "AWS OpenSearch Password to upload the benchmark results." + azureSubscriptionID: + description: "Azure subscription ID to deploy Constellation in." + required: true azureClusterCreateCredentials: description: "Azure credentials authorized to create a Constellation cluster." required: true @@ -249,6 +252,7 @@ runs: attestationVariant: ${{ inputs.attestationVariant }} namePrefix: ${{ steps.create-prefix.outputs.prefix }} awsZone: ${{ inputs.regionZone || 'us-east-2c' }} + azureSubscriptionID: ${{ inputs.azureSubscriptionID }} azureRegion: ${{ inputs.regionZone || steps.pick-az-region.outputs.region }} gcpProjectID: ${{ inputs.gcpProject }} gcpZone: ${{ inputs.regionZone || 'europe-west3-b' }} diff --git a/.github/workflows/e2e-test-daily.yml b/.github/workflows/e2e-test-daily.yml index 55e9ccb1f..ccac30e5c 100644 --- a/.github/workflows/e2e-test-daily.yml +++ b/.github/workflows/e2e-test-daily.yml @@ -90,6 +90,7 @@ jobs: gcpIAMCreateServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com" kubernetesVersion: ${{ matrix.kubernetesVersion }} test: ${{ matrix.test }} + azureSubscriptionID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }} azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} registry: ghcr.io diff --git a/.github/workflows/e2e-test-provider-example.yml b/.github/workflows/e2e-test-provider-example.yml index 592492f84..6a66c2016 100644 --- a/.github/workflows/e2e-test-provider-example.yml +++ b/.github/workflows/e2e-test-provider-example.yml @@ -306,6 +306,19 @@ jobs: cat >> _override.tf <> _override.tf < ```bash - constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --update-config + constellation iam create azure --subscriptionID 00000000-0000-0000-0000-000000000000 --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --update-config ``` This command creates IAM configuration on the Azure region `westus` creating a new resource group `constellTest` and a new service principal `spTest`. It also updates the configuration file `constellation-conf.yaml` in your current directory with the IAM values filled in. diff --git a/docs/docs/reference/cli.md b/docs/docs/reference/cli.md index 6a911034e..99acef520 100644 --- a/docs/docs/reference/cli.md +++ b/docs/docs/reference/cli.md @@ -655,6 +655,7 @@ constellation iam create azure [flags] --region string region the resources will be created in, e.g., westus (required) --resourceGroup string name prefix of the two resource groups your cluster / IAM resources will be created in (required) --servicePrincipal string name of the service principal that will be created (required) + --subscriptionID string subscription ID of the Azure account. Required if the 'ARM_SUBSCRIPTION_ID' environment variable is not set ``` ### Options inherited from parent commands diff --git a/docs/docs/workflows/config.md b/docs/docs/workflows/config.md index 120bf8ed7..95f791acd 100644 --- a/docs/docs/workflows/config.md +++ b/docs/docs/workflows/config.md @@ -184,7 +184,7 @@ Paste the output into the corresponding fields of the `constellation-conf.yaml` You must be authenticated with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). ```bash -constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest +constellation iam create azure --subscriptionID 00000000-0000-0000-0000-000000000000 --region=westus --resourceGroup=constellTest --servicePrincipal=spTest ``` This command creates IAM configuration on the Azure region `westus` creating a new resource group `constellTest` and a new service principal `spTest`. diff --git a/e2e/miniconstellation/.terraform.lock.hcl b/e2e/miniconstellation/.terraform.lock.hcl index 54208c1ec..842851385 100644 --- a/e2e/miniconstellation/.terraform.lock.hcl +++ b/e2e/miniconstellation/.terraform.lock.hcl @@ -2,31 +2,25 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.111.0" - constraints = "3.111.0" + version = "4.1.0" + constraints = "4.1.0" hashes = [ - "h1:06sKYI5V2anZnr7t3lOpzO3DSd3AVTGO+53a4OauwoI=", - "h1:1gVEyHY/I1EMev2vbb6C6o0fAR+pEZrwGDeqRCDOhvE=", - "h1:6mCR0XyitRMsVfvPVpaTGsyNvc44vGeyr5c1O8kryno=", - "h1:8r1THxkuezf0Hys/wnVlPibEB7BeXd6FBahH+xWnmeI=", - "h1:Q7QmdpMoWo5yQilXPzHjErBe58RVEbGDtM8XB4uGtnw=", - "h1:WkapXDimZe5CzZpq3hIrz3RJ5MqIwF0rbL2i3HcPtGw=", - "h1:ipFQShK0j3mtJeSgSBQDR985KzwC19913+0GkiF8Sfo=", - "h1:oX22BXo+EthR6z90Yuu7EopfeSyG5dxehOrSWbsE+jk=", - "h1:oy2sT6XGlo+axoqFYGd6JceoqJTlWOaVKS0rJB0hRus=", - "h1:uuThLccbeEWYo2wpwDmlZ+TGfm7zCrwaJdw91TA3azg=", - "h1:vgrdy5JWGAK5N44/V75etoHIAMvXKNlMrIHTaWApehA=", - "zh:0db8afb9278993df7e74796bdd125153b07a7045e5ca1756783a8b8cfec564f4", - "zh:22c424fcfda13dc720caa289248c1b71b2ad20e329fd4a52cc6be7e45f795a4a", - "zh:471a2c1d7353bc21ef28963f006d2cf5276e7885b423fc0b73f2d8ce6cde72dd", - "zh:68bf81cb353c755d48792e881b6405919daa041e35de1d510209237d90d6c21f", - "zh:841d8664955bbc77f12095c9b1a4b3923362564a790fd945337759e9bc95d07e", - "zh:86e92f959056c573bf4b2be1d6cfa838dab06d3e5a944f371a1131e4c6477d88", - "zh:95a096ced57616659687970b5d618c2ce3cd54fa0311b7a7569435cacf39f26f", - "zh:c5656a11253ffdaee973e7292dd3c10a1db81f1fc9ee2d3041ae1182f7d25379", - "zh:cd6a1049de69280f339d6f83f30a9006bbe003a840a39eb7b5900990c5aadbb0", - "zh:e7b3d96f0c9ea47261dbd015f1f64fdb43c8ccb196afda862c0865e30d88245c", - "zh:f1ec7da6ab5526845274bff77e023b9faec71c2cf38bd18587274932b2aa2e89", + "h1:K2OLOYxwF/onOegr+Y6Sfu/DjEjDLobQBBrLBF3i9TI=", + "h1:cwtEEnEESVOgcxtXGz0A2wXCiNZIzm3dC2xHmYuxg9M=", + "h1:dKXFrVrjv579ax6iX4wc6lmEAVFsr3iTDjErnPHIjH4=", + "h1:iqN6KxIOGYv0N1p5xfNTgsjvDHpE3bZM8s5vIAEgfnQ=", + "h1:qDmSr5+vMVdWmfBEaIwqSLo5ZLyYk7KYoJo5flny6lk=", + "zh:3f332bca3a8b7dc982e428e09c73862d1afda34c2ad7803e70d8ba7b9e2445fd", + "zh:66b7e4a7a4fd06e0a5a3a22b4f76bda48e50ed3dd26c388738d9cc882b801bce", + "zh:6a271175d6e079241f24129f5026e0b16f04e7a548807f115600003d615e0ec3", + "zh:7a6abc7e2ae8d1041d0446bbe87156e0436639676ee1fad40321e8ee6759a454", + "zh:903f6e7f03e5952347ce6ee589d58c829179f2f22220f25cf52ae4efecd7053c", + "zh:a572b9834cf3b51799c82c5009705c59309d947a6ecdb7e17729868c55e7d0e0", + "zh:a7fca14338f0cfb82b17ce085400c210cbc986a87086702e3a11efcb4e53d6e4", + "zh:af36c7004702b0a273794914a17a77af1eb972caaad64e0068739e55c1488845", + "zh:b36f308db1cdc02dee659e3e518186d7dec970d88b6149be3f6b3f8d544e4282", + "zh:bedf6d13cf4bccc128d8cbb0703a3a8b547629674439ffda5e73563ab775d0f7", + "zh:d1df286a2e5d4a5f6a7f4d29700a25588167ccffa31c686550ef617503df3254", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/e2e/miniconstellation/main.tf b/e2e/miniconstellation/main.tf index c2e1bc2a5..e4aa02b3f 100644 --- a/e2e/miniconstellation/main.tf +++ b/e2e/miniconstellation/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.111.0" + version = "4.1.0" } random = { source = "hashicorp/random" @@ -22,6 +22,9 @@ terraform { provider "azurerm" { use_oidc = true features {} + # This enables all resource providers. + # In the future, we might want to use `resource_providers_to_register` to registers just the ones we need. + resource_provider_registrations = "all" } provider "tls" {} diff --git a/terraform-provider-constellation/examples/full/azure/main.tf b/terraform-provider-constellation/examples/full/azure/main.tf index 0a2afd44c..f1f567940 100644 --- a/terraform-provider-constellation/examples/full/azure/main.tf +++ b/terraform-provider-constellation/examples/full/azure/main.tf @@ -22,6 +22,7 @@ locals { control_plane_count = 3 worker_count = 2 instance_type = "Standard_DC4as_v5" + subscription_id = "00000000-0000-0000-0000-000000000000" master_secret = random_bytes.master_secret.hex master_secret_salt = random_bytes.master_secret_salt.hex @@ -43,6 +44,7 @@ resource "random_bytes" "measurement_salt" { module "azure_iam" { // replace $VERSION with the Constellation version you want to use, e.g., v2.14.0 source = "https://github.com/edgelesssys/constellation/releases/download/$VERSION/terraform-module.zip//terraform-module/iam/azure" + subscription_id = local.subscription_id location = local.location service_principal_name = "${local.name}-sp" resource_group_name = "${local.name}-rg" @@ -51,6 +53,7 @@ module "azure_iam" { module "azure_infrastructure" { // replace $VERSION with the Constellation version you want to use, e.g., v2.14.0 source = "https://github.com/edgelesssys/constellation/releases/download/$VERSION/terraform-module.zip//terraform-module/azure" + subscription_id = local.subscription_id name = local.name user_assigned_identity = module.azure_iam.uami_id node_groups = { diff --git a/terraform/infrastructure/azure/.terraform.lock.hcl b/terraform/infrastructure/azure/.terraform.lock.hcl index 8ceeadbf5..78936e6a3 100644 --- a/terraform/infrastructure/azure/.terraform.lock.hcl +++ b/terraform/infrastructure/azure/.terraform.lock.hcl @@ -2,31 +2,25 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.111.0" - constraints = "3.111.0" + version = "4.1.0" + constraints = "4.1.0" hashes = [ - "h1:06sKYI5V2anZnr7t3lOpzO3DSd3AVTGO+53a4OauwoI=", - "h1:1gVEyHY/I1EMev2vbb6C6o0fAR+pEZrwGDeqRCDOhvE=", - "h1:6mCR0XyitRMsVfvPVpaTGsyNvc44vGeyr5c1O8kryno=", - "h1:8r1THxkuezf0Hys/wnVlPibEB7BeXd6FBahH+xWnmeI=", - "h1:Q7QmdpMoWo5yQilXPzHjErBe58RVEbGDtM8XB4uGtnw=", - "h1:WkapXDimZe5CzZpq3hIrz3RJ5MqIwF0rbL2i3HcPtGw=", - "h1:ipFQShK0j3mtJeSgSBQDR985KzwC19913+0GkiF8Sfo=", - "h1:oX22BXo+EthR6z90Yuu7EopfeSyG5dxehOrSWbsE+jk=", - "h1:oy2sT6XGlo+axoqFYGd6JceoqJTlWOaVKS0rJB0hRus=", - "h1:uuThLccbeEWYo2wpwDmlZ+TGfm7zCrwaJdw91TA3azg=", - "h1:vgrdy5JWGAK5N44/V75etoHIAMvXKNlMrIHTaWApehA=", - "zh:0db8afb9278993df7e74796bdd125153b07a7045e5ca1756783a8b8cfec564f4", - "zh:22c424fcfda13dc720caa289248c1b71b2ad20e329fd4a52cc6be7e45f795a4a", - "zh:471a2c1d7353bc21ef28963f006d2cf5276e7885b423fc0b73f2d8ce6cde72dd", - "zh:68bf81cb353c755d48792e881b6405919daa041e35de1d510209237d90d6c21f", - "zh:841d8664955bbc77f12095c9b1a4b3923362564a790fd945337759e9bc95d07e", - "zh:86e92f959056c573bf4b2be1d6cfa838dab06d3e5a944f371a1131e4c6477d88", - "zh:95a096ced57616659687970b5d618c2ce3cd54fa0311b7a7569435cacf39f26f", - "zh:c5656a11253ffdaee973e7292dd3c10a1db81f1fc9ee2d3041ae1182f7d25379", - "zh:cd6a1049de69280f339d6f83f30a9006bbe003a840a39eb7b5900990c5aadbb0", - "zh:e7b3d96f0c9ea47261dbd015f1f64fdb43c8ccb196afda862c0865e30d88245c", - "zh:f1ec7da6ab5526845274bff77e023b9faec71c2cf38bd18587274932b2aa2e89", + "h1:K2OLOYxwF/onOegr+Y6Sfu/DjEjDLobQBBrLBF3i9TI=", + "h1:cwtEEnEESVOgcxtXGz0A2wXCiNZIzm3dC2xHmYuxg9M=", + "h1:dKXFrVrjv579ax6iX4wc6lmEAVFsr3iTDjErnPHIjH4=", + "h1:iqN6KxIOGYv0N1p5xfNTgsjvDHpE3bZM8s5vIAEgfnQ=", + "h1:qDmSr5+vMVdWmfBEaIwqSLo5ZLyYk7KYoJo5flny6lk=", + "zh:3f332bca3a8b7dc982e428e09c73862d1afda34c2ad7803e70d8ba7b9e2445fd", + "zh:66b7e4a7a4fd06e0a5a3a22b4f76bda48e50ed3dd26c388738d9cc882b801bce", + "zh:6a271175d6e079241f24129f5026e0b16f04e7a548807f115600003d615e0ec3", + "zh:7a6abc7e2ae8d1041d0446bbe87156e0436639676ee1fad40321e8ee6759a454", + "zh:903f6e7f03e5952347ce6ee589d58c829179f2f22220f25cf52ae4efecd7053c", + "zh:a572b9834cf3b51799c82c5009705c59309d947a6ecdb7e17729868c55e7d0e0", + "zh:a7fca14338f0cfb82b17ce085400c210cbc986a87086702e3a11efcb4e53d6e4", + "zh:af36c7004702b0a273794914a17a77af1eb972caaad64e0068739e55c1488845", + "zh:b36f308db1cdc02dee659e3e518186d7dec970d88b6149be3f6b3f8d544e4282", + "zh:bedf6d13cf4bccc128d8cbb0703a3a8b547629674439ffda5e73563ab775d0f7", + "zh:d1df286a2e5d4a5f6a7f4d29700a25588167ccffa31c686550ef617503df3254", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/terraform/infrastructure/azure/main.tf b/terraform/infrastructure/azure/main.tf index e93da4745..7f8214540 100644 --- a/terraform/infrastructure/azure/main.tf +++ b/terraform/infrastructure/azure/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.111.0" + version = "4.1.0" } random = { source = "hashicorp/random" @@ -17,6 +17,10 @@ provider "azurerm" { prevent_deletion_if_contains_resources = false } } + subscription_id = var.subscription_id + # This enables all resource providers. + # In the future, we might want to use `resource_providers_to_register` to registers just the ones we need. + resource_provider_registrations = "all" } locals { @@ -266,8 +270,8 @@ module "scale_set_group" { marketplace_image = var.marketplace_image # We still depend on the backends, since we are not sure if the VMs inside the VMSS have been - # "updated" to the new version (note: this is the update in Azure which "refreshes" the NICs and not - # our Constellation update). + # "updated" to the new version (note: this is the update in Azure which "refreshes" the NICs and not + # our Constellation update). # TODO(@3u13r): Remove this dependency after v2.18.0 has been released. depends_on = [module.loadbalancer_backend_worker, azurerm_lb_backend_address_pool.all] } diff --git a/terraform/infrastructure/azure/modules/load_balancer_backend/main.tf b/terraform/infrastructure/azure/modules/load_balancer_backend/main.tf index bd2d05ac7..31ffa3781 100644 --- a/terraform/infrastructure/azure/modules/load_balancer_backend/main.tf +++ b/terraform/infrastructure/azure/modules/load_balancer_backend/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.111.0" + version = "4.1.0" } } } diff --git a/terraform/infrastructure/azure/modules/scale_set/main.tf b/terraform/infrastructure/azure/modules/scale_set/main.tf index 9bd3d6cb9..86e95b0ff 100644 --- a/terraform/infrastructure/azure/modules/scale_set/main.tf +++ b/terraform/infrastructure/azure/modules/scale_set/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.111.0" + version = "4.1.0" } random = { source = "hashicorp/random" @@ -45,6 +45,7 @@ resource "azurerm_linux_virtual_machine_scale_set" "scale_set" { provision_vm_agent = false vtpm_enabled = true disable_password_authentication = false + extension_operations_enabled = false upgrade_mode = "Manual" secure_boot_enabled = var.secure_boot # specify the image id only if a non-marketplace image is used diff --git a/terraform/infrastructure/azure/variables.tf b/terraform/infrastructure/azure/variables.tf index 577cdd4f0..a3ab1fd0b 100644 --- a/terraform/infrastructure/azure/variables.tf +++ b/terraform/infrastructure/azure/variables.tf @@ -46,6 +46,12 @@ variable "internal_load_balancer" { # Azure-specific variables +variable "subscription_id" { + type = string + description = "Azure subscription ID. This can also be sourced from the ARM_SUBSCRIPTION_ID environment variable: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs#subscription_id" + default = "" +} + variable "location" { type = string description = "Azure location to deploy the cluster in." diff --git a/terraform/infrastructure/iam/azure/.terraform.lock.hcl b/terraform/infrastructure/iam/azure/.terraform.lock.hcl index ed0aff224..db90d94e1 100644 --- a/terraform/infrastructure/iam/azure/.terraform.lock.hcl +++ b/terraform/infrastructure/iam/azure/.terraform.lock.hcl @@ -32,31 +32,25 @@ provider "registry.terraform.io/hashicorp/azuread" { } provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.111.0" - constraints = "3.111.0" + version = "4.1.0" + constraints = "4.1.0" hashes = [ - "h1:06sKYI5V2anZnr7t3lOpzO3DSd3AVTGO+53a4OauwoI=", - "h1:1gVEyHY/I1EMev2vbb6C6o0fAR+pEZrwGDeqRCDOhvE=", - "h1:6mCR0XyitRMsVfvPVpaTGsyNvc44vGeyr5c1O8kryno=", - "h1:8r1THxkuezf0Hys/wnVlPibEB7BeXd6FBahH+xWnmeI=", - "h1:Q7QmdpMoWo5yQilXPzHjErBe58RVEbGDtM8XB4uGtnw=", - "h1:WkapXDimZe5CzZpq3hIrz3RJ5MqIwF0rbL2i3HcPtGw=", - "h1:ipFQShK0j3mtJeSgSBQDR985KzwC19913+0GkiF8Sfo=", - "h1:oX22BXo+EthR6z90Yuu7EopfeSyG5dxehOrSWbsE+jk=", - "h1:oy2sT6XGlo+axoqFYGd6JceoqJTlWOaVKS0rJB0hRus=", - "h1:uuThLccbeEWYo2wpwDmlZ+TGfm7zCrwaJdw91TA3azg=", - "h1:vgrdy5JWGAK5N44/V75etoHIAMvXKNlMrIHTaWApehA=", - "zh:0db8afb9278993df7e74796bdd125153b07a7045e5ca1756783a8b8cfec564f4", - "zh:22c424fcfda13dc720caa289248c1b71b2ad20e329fd4a52cc6be7e45f795a4a", - "zh:471a2c1d7353bc21ef28963f006d2cf5276e7885b423fc0b73f2d8ce6cde72dd", - "zh:68bf81cb353c755d48792e881b6405919daa041e35de1d510209237d90d6c21f", - "zh:841d8664955bbc77f12095c9b1a4b3923362564a790fd945337759e9bc95d07e", - "zh:86e92f959056c573bf4b2be1d6cfa838dab06d3e5a944f371a1131e4c6477d88", - "zh:95a096ced57616659687970b5d618c2ce3cd54fa0311b7a7569435cacf39f26f", - "zh:c5656a11253ffdaee973e7292dd3c10a1db81f1fc9ee2d3041ae1182f7d25379", - "zh:cd6a1049de69280f339d6f83f30a9006bbe003a840a39eb7b5900990c5aadbb0", - "zh:e7b3d96f0c9ea47261dbd015f1f64fdb43c8ccb196afda862c0865e30d88245c", - "zh:f1ec7da6ab5526845274bff77e023b9faec71c2cf38bd18587274932b2aa2e89", + "h1:K2OLOYxwF/onOegr+Y6Sfu/DjEjDLobQBBrLBF3i9TI=", + "h1:cwtEEnEESVOgcxtXGz0A2wXCiNZIzm3dC2xHmYuxg9M=", + "h1:dKXFrVrjv579ax6iX4wc6lmEAVFsr3iTDjErnPHIjH4=", + "h1:iqN6KxIOGYv0N1p5xfNTgsjvDHpE3bZM8s5vIAEgfnQ=", + "h1:qDmSr5+vMVdWmfBEaIwqSLo5ZLyYk7KYoJo5flny6lk=", + "zh:3f332bca3a8b7dc982e428e09c73862d1afda34c2ad7803e70d8ba7b9e2445fd", + "zh:66b7e4a7a4fd06e0a5a3a22b4f76bda48e50ed3dd26c388738d9cc882b801bce", + "zh:6a271175d6e079241f24129f5026e0b16f04e7a548807f115600003d615e0ec3", + "zh:7a6abc7e2ae8d1041d0446bbe87156e0436639676ee1fad40321e8ee6759a454", + "zh:903f6e7f03e5952347ce6ee589d58c829179f2f22220f25cf52ae4efecd7053c", + "zh:a572b9834cf3b51799c82c5009705c59309d947a6ecdb7e17729868c55e7d0e0", + "zh:a7fca14338f0cfb82b17ce085400c210cbc986a87086702e3a11efcb4e53d6e4", + "zh:af36c7004702b0a273794914a17a77af1eb972caaad64e0068739e55c1488845", + "zh:b36f308db1cdc02dee659e3e518186d7dec970d88b6149be3f6b3f8d544e4282", + "zh:bedf6d13cf4bccc128d8cbb0703a3a8b547629674439ffda5e73563ab775d0f7", + "zh:d1df286a2e5d4a5f6a7f4d29700a25588167ccffa31c686550ef617503df3254", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/terraform/infrastructure/iam/azure/main.tf b/terraform/infrastructure/iam/azure/main.tf index c6e380dd5..d8e6dac2d 100644 --- a/terraform/infrastructure/iam/azure/main.tf +++ b/terraform/infrastructure/iam/azure/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.111.0" + version = "4.1.0" } azuread = { source = "hashicorp/azuread" @@ -18,6 +18,10 @@ provider "azurerm" { prevent_deletion_if_contains_resources = false } } + subscription_id = var.subscription_id + # This enables all resource providers. + # In the future, we might want to use `resource_providers_to_register` to registers just the ones we need. + resource_provider_registrations = "all" } # Configure Azure active directory provider diff --git a/terraform/infrastructure/iam/azure/variables.tf b/terraform/infrastructure/iam/azure/variables.tf index 4a63ba609..28c75e840 100644 --- a/terraform/infrastructure/iam/azure/variables.tf +++ b/terraform/infrastructure/iam/azure/variables.tf @@ -1,3 +1,9 @@ +variable "subscription_id" { + type = string + description = "Azure subscription ID. This can also be sourced from the ARM_SUBSCRIPTION_ID environment variable: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs#subscription_id" + default = "" +} + variable "resource_group_name" { type = string description = "Name for the resource group the cluster should reside in."