From 3b8445159957f524d93e7f0c0b3ac97fd15d746b Mon Sep 17 00:00:00 2001
From: Marvin Buss <marvin.buss@gmail.com>
Date: Thu, 26 Sep 2024 09:34:21 +0200
Subject: [PATCH 01/10] Update azurerm to v4.3.0

---
 code/infra/applicationinsights.tf   | 14 +++++
 code/infra/containerapps.tf         | 14 ++---
 code/infra/keyvault.tf              | 89 ++++++-----------------------
 code/infra/locals.tf                | 16 +++++-
 code/infra/logging.tf               | 44 --------------
 code/infra/network.tf               |  6 +-
 code/infra/roleassignments.tf       |  6 +-
 code/infra/terraform.tf             |  2 +-
 code/infra/userassignedidentity.tf  | 16 ++++--
 code/infra/variables.tf             | 33 +++++++----
 config/PerfectThymeTech/vars.tfvars |  4 +-
 11 files changed, 93 insertions(+), 151 deletions(-)
 create mode 100644 code/infra/applicationinsights.tf
 delete mode 100644 code/infra/logging.tf

diff --git a/code/infra/applicationinsights.tf b/code/infra/applicationinsights.tf
new file mode 100644
index 0000000..5a525bf
--- /dev/null
+++ b/code/infra/applicationinsights.tf
@@ -0,0 +1,14 @@
+module "application_insights" {
+  source = "github.com/PerfectThymeTech/terraform-azurerm-modules//modules/applicationinsights?ref=main"
+  providers = {
+    azurerm = azurerm
+  }
+
+  location                                        = var.location
+  resource_group_name                             = azurerm_resource_group.resource_group_container_app.name
+  tags                                            = var.tags
+  application_insights_name                       = "${local.prefix}-appi001"
+  application_insights_application_type           = "web"
+  application_insights_log_analytics_workspace_id = var.log_analytics_workspace_id
+  diagnostics_configurations                      = local.diagnostics_configurations
+}
diff --git a/code/infra/containerapps.tf b/code/infra/containerapps.tf
index ca24b0b..1c4259e 100644
--- a/code/infra/containerapps.tf
+++ b/code/infra/containerapps.tf
@@ -1,5 +1,5 @@
 resource "azapi_resource" "container_apps_environment" {
-  type      = "Microsoft.App/managedEnvironments@2023-08-01-preview"
+  type      = "Microsoft.App/managedEnvironments@2024-03-01"
   parent_id = azurerm_resource_group.resource_group_container_app.id
   name      = "${local.prefix}-cae001"
   location  = var.location
@@ -8,7 +8,7 @@ resource "azapi_resource" "container_apps_environment" {
   body = jsonencode({
     properties = {
       # appInsightsConfiguration = { # Can only be set when DaprAIConnectionString is set to null
-      #   connectionString = azurerm_application_insights.application_insights.connection_string
+      #   connectionString = module.application_insights.application_insights_connection_string
       # }
       appLogsConfiguration = {
         destination = "log-analytics"
@@ -17,8 +17,8 @@ resource "azapi_resource" "container_apps_environment" {
           sharedKey  = data.azurerm_log_analytics_workspace.log_analytics_workspace.primary_shared_key
         }
       }
-      daprAIConnectionString      = azurerm_application_insights.application_insights.connection_string
-      daprAIInstrumentationKey    = azurerm_application_insights.application_insights.instrumentation_key
+      daprAIConnectionString      = module.application_insights.application_insights_connection_string
+      daprAIInstrumentationKey    = module.application_insights.application_insights_instrumentation_key
       daprConfiguration           = {}
       infrastructureResourceGroup = "${local.prefix}-cae001-rg"
       kedaConfiguration           = {}
@@ -38,7 +38,7 @@ resource "azapi_resource" "container_apps_environment" {
 }
 
 resource "azapi_resource" "container_apps_job" {
-  type      = "Microsoft.App/jobs@2023-05-02-preview"
+  type      = "Microsoft.App/jobs@2024-03-01"
   parent_id = azurerm_resource_group.resource_group_container_app.id
   name      = "${local.prefix}-caj001"
   location  = var.location
@@ -46,7 +46,7 @@ resource "azapi_resource" "container_apps_job" {
   identity {
     type = "UserAssigned"
     identity_ids = [
-      azurerm_user_assigned_identity.user_assigned_identity.id
+      module.user_assigned_identity.user_assigned_identity_id
     ]
   }
 
@@ -86,7 +86,7 @@ resource "azapi_resource" "container_apps_job" {
         }
         secrets = [
           {
-            identity    = azurerm_user_assigned_identity.user_assigned_identity.id
+            identity    = module.user_assigned_identity.user_assigned_identity_id
             keyVaultUrl = azurerm_key_vault_secret.key_vault_secret_github_pat.versionless_id
             name        = "personal-access-token"
             value       = var.github_personal_access_token
diff --git a/code/infra/keyvault.tf b/code/infra/keyvault.tf
index 0518ed2..17a6356 100644
--- a/code/infra/keyvault.tf
+++ b/code/infra/keyvault.tf
@@ -1,57 +1,25 @@
-resource "azurerm_key_vault" "key_vault" {
-  name                = "${local.prefix}-kv001"
-  location            = var.location
-  resource_group_name = azurerm_resource_group.resource_group_container_app.name
-  tags                = var.tags
-
-  access_policy                   = []
-  enable_rbac_authorization       = true
-  enabled_for_deployment          = false
-  enabled_for_disk_encryption     = false
-  enabled_for_template_deployment = false
-  network_acls {
-    bypass                     = "AzureServices"
-    default_action             = "Deny"
-    ip_rules                   = []
-    virtual_network_subnet_ids = []
+module "key_vault" {
+  source = "github.com/PerfectThymeTech/terraform-azurerm-modules//modules/keyvault?ref=main"
+  providers = {
+    azurerm = azurerm
+    time    = time
   }
-  public_network_access_enabled = false
-  purge_protection_enabled      = true
-  sku_name                      = "premium"
-  soft_delete_retention_days    = 7
-  tenant_id                     = data.azurerm_client_config.current.tenant_id
-}
 
-data "azurerm_monitor_diagnostic_categories" "diagnostic_categories_key_vault" {
-  resource_id = azurerm_key_vault.key_vault.id
-}
-
-resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting_key_vault" {
-  name                       = "logAnalytics"
-  target_resource_id         = azurerm_key_vault.key_vault.id
-  log_analytics_workspace_id = var.log_analytics_workspace_id
-
-  dynamic "enabled_log" {
-    iterator = entry
-    for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories_key_vault.log_category_groups
-    content {
-      category_group = entry.value
-    }
-  }
-
-  dynamic "metric" {
-    iterator = entry
-    for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories_key_vault.metrics
-    content {
-      category = entry.value
-      enabled  = true
-    }
-  }
+  location                             = var.location
+  resource_group_name                  = azurerm_resource_group.resource_group_container_app.name
+  tags                                 = var.tags
+  key_vault_name                       = "${local.prefix}-kv001"
+  key_vault_sku_name                   = "standard"
+  key_vault_soft_delete_retention_days = 7
+  diagnostics_configurations           = local.diagnostics_configurations
+  subnet_id                            = azapi_resource.subnet_private_endpoints.id
+  connectivity_delay_in_seconds        = var.connectivity_delay_in_seconds
+  private_dns_zone_id_vault            = var.private_dns_zone_id_vault
 }
 
 resource "azurerm_key_vault_secret" "key_vault_secret_github_pat" {
   name         = "github-pat"
-  key_vault_id = azurerm_key_vault.key_vault.id
+  key_vault_id = module.key_vault.key_vault_id
 
   content_type = "text/plain"
   value        = var.github_personal_access_token
@@ -60,28 +28,3 @@ resource "azurerm_key_vault_secret" "key_vault_secret_github_pat" {
     azurerm_role_assignment.current_role_assignment_key_vault_secrets_officer
   ]
 }
-
-resource "azurerm_private_endpoint" "key_vault_private_endpoint" {
-  name                = "${azurerm_key_vault.key_vault.name}-pe"
-  location            = var.location
-  resource_group_name = azurerm_key_vault.key_vault.resource_group_name
-  tags                = var.tags
-
-  custom_network_interface_name = "${azurerm_key_vault.key_vault.name}-nic"
-  private_service_connection {
-    name                           = "${azurerm_key_vault.key_vault.name}-pe"
-    is_manual_connection           = false
-    private_connection_resource_id = azurerm_key_vault.key_vault.id
-    subresource_names              = ["vault"]
-  }
-  subnet_id = azapi_resource.subnet_private_endpoints.id
-  dynamic "private_dns_zone_group" {
-    for_each = var.private_dns_zone_id_key_vault == "" ? [] : [1]
-    content {
-      name = "${azurerm_key_vault.key_vault.name}-arecord"
-      private_dns_zone_ids = [
-        var.private_dns_zone_id_key_vault
-      ]
-    }
-  }
-}
diff --git a/code/infra/locals.tf b/code/infra/locals.tf
index 269ee20..ba39b9b 100644
--- a/code/infra/locals.tf
+++ b/code/infra/locals.tf
@@ -1,24 +1,34 @@
 locals {
+  # General locals
   prefix        = "${lower(var.prefix)}-${var.environment}"
   github_labels = "aca"
 
+  # Resource locals
   virtual_network = {
     resource_group_name = split("/", var.vnet_id)[4]
     name                = split("/", var.vnet_id)[8]
   }
-
   network_security_group = {
     resource_group_name = split("/", var.nsg_id)[4]
     name                = split("/", var.nsg_id)[8]
   }
-
   route_table = {
     resource_group_name = split("/", var.route_table_id)[4]
     name                = split("/", var.route_table_id)[8]
   }
-
   log_analytics_workspace = {
     resource_group_name = split("/", var.log_analytics_workspace_id)[4]
     name                = split("/", var.log_analytics_workspace_id)[8]
   }
+
+  # Logging locals
+  diagnostics_configurations = [
+    {
+      log_analytics_workspace_id = var.log_analytics_workspace_id
+      storage_account_id         = ""
+    }
+  ]
+
+  # CMK locals
+  customer_managed_key = null
 }
diff --git a/code/infra/logging.tf b/code/infra/logging.tf
deleted file mode 100644
index 526c6e9..0000000
--- a/code/infra/logging.tf
+++ /dev/null
@@ -1,44 +0,0 @@
-resource "azurerm_application_insights" "application_insights" {
-  name                = "${local.prefix}-appi001"
-  location            = var.location
-  resource_group_name = azurerm_resource_group.resource_group_container_app.name
-  tags                = var.tags
-
-  application_type                      = "other"
-  daily_data_cap_notifications_disabled = false
-  disable_ip_masking                    = false
-  force_customer_storage_for_profiler   = false
-  internet_ingestion_enabled            = true
-  internet_query_enabled                = true
-  local_authentication_disabled         = false
-  retention_in_days                     = 90
-  sampling_percentage                   = 100
-  workspace_id                          = var.log_analytics_workspace_id
-}
-
-data "azurerm_monitor_diagnostic_categories" "diagnostic_categories_application_insights" {
-  resource_id = azurerm_application_insights.application_insights.id
-}
-
-resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting_application_insights" {
-  name                       = "logAnalytics"
-  target_resource_id         = azurerm_application_insights.application_insights.id
-  log_analytics_workspace_id = var.log_analytics_workspace_id
-
-  dynamic "enabled_log" {
-    iterator = entry
-    for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories_application_insights.log_category_groups
-    content {
-      category_group = entry.value
-    }
-  }
-
-  dynamic "metric" {
-    iterator = entry
-    for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories_application_insights.metrics
-    content {
-      category = entry.value
-      enabled  = true
-    }
-  }
-}
diff --git a/code/infra/network.tf b/code/infra/network.tf
index c8d8e92..e2d84af 100644
--- a/code/infra/network.tf
+++ b/code/infra/network.tf
@@ -1,5 +1,5 @@
 resource "azapi_resource" "subnet_container_app" {
-  type      = "Microsoft.Network/virtualNetworks/subnets@2022-07-01"
+  type      = "Microsoft.Network/virtualNetworks/subnets@2024-01-01"
   name      = "ContainerAppSubnet"
   parent_id = data.azurerm_virtual_network.virtual_network.id
 
@@ -30,8 +30,8 @@ resource "azapi_resource" "subnet_container_app" {
 }
 
 resource "azapi_resource" "subnet_private_endpoints" {
-  type      = "Microsoft.Network/virtualNetworks/subnets@2022-07-01"
-  name      = "CAPrivateEndpointSubnet"
+  type      = "Microsoft.Network/virtualNetworks/subnets@2024-01-01"
+  name      = "CaPrivateEndpointSubnet"
   parent_id = data.azurerm_virtual_network.virtual_network.id
 
   body = jsonencode({
diff --git a/code/infra/roleassignments.tf b/code/infra/roleassignments.tf
index c9cb916..9fe8f7b 100644
--- a/code/infra/roleassignments.tf
+++ b/code/infra/roleassignments.tf
@@ -1,12 +1,12 @@
 resource "azurerm_role_assignment" "current_role_assignment_key_vault_secrets_officer" {
-  scope                = azurerm_key_vault.key_vault.id
+  scope                = module.key_vault.key_vault_id
   role_definition_name = "Key Vault Secrets Officer"
   principal_id         = data.azurerm_client_config.current.object_id
 }
 
 # User Assigned Identity
 resource "azurerm_role_assignment" "uai_role_assignment_key_vault_secrets_user" {
-  scope                = azurerm_key_vault.key_vault.id
+  scope                = module.key_vault.key_vault_id
   role_definition_name = "Key Vault Secrets User"
-  principal_id         = azurerm_user_assigned_identity.user_assigned_identity.principal_id
+  principal_id         = module.user_assigned_identity.user_assigned_identity_principal_id
 }
diff --git a/code/infra/terraform.tf b/code/infra/terraform.tf
index 011ef47..4ee6012 100644
--- a/code/infra/terraform.tf
+++ b/code/infra/terraform.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "3.116.0"
+      version = "4.3.0"
     }
     azapi = {
       source  = "azure/azapi"
diff --git a/code/infra/userassignedidentity.tf b/code/infra/userassignedidentity.tf
index 631b4cf..f28123a 100644
--- a/code/infra/userassignedidentity.tf
+++ b/code/infra/userassignedidentity.tf
@@ -1,6 +1,12 @@
-resource "azurerm_user_assigned_identity" "user_assigned_identity" {
-  name                = "${local.prefix}-uai001"
-  location            = var.location
-  resource_group_name = azurerm_resource_group.resource_group_container_app.name
-  tags                = var.tags
+module "user_assigned_identity" {
+  source = "github.com/PerfectThymeTech/terraform-azurerm-modules//modules/userassignedidentity?ref=main"
+  providers = {
+    azurerm = azurerm
+  }
+
+  location                                              = var.location
+  resource_group_name                                   = azurerm_resource_group.resource_group.name
+  tags                                                  = var.tags
+  user_assigned_identity_name                           = "${local.prefix}-uai001"
+  user_assigned_identity_federated_identity_credentials = {}
 }
diff --git a/code/infra/variables.tf b/code/infra/variables.tf
index 36b500d..fbcc7a8 100644
--- a/code/infra/variables.tf
+++ b/code/infra/variables.tf
@@ -33,16 +33,6 @@ variable "tags" {
   default     = {}
 }
 
-variable "log_analytics_workspace_id" {
-  description = "Specifies the resource ID of the log analytics workspace used for collecting logs."
-  type        = string
-  sensitive   = false
-  validation {
-    condition     = length(split("/", var.log_analytics_workspace_id)) == 9
-    error_message = "Please specify a valid resource ID."
-  }
-}
-
 # Github variables
 variable "github_org_name" {
   description = "Specifies the name of the GitHub org."
@@ -75,7 +65,30 @@ variable "container_image_reference" {
   }
 }
 
+# Logging variables
+variable "log_analytics_workspace_id" {
+  description = "Specifies the resource ID of the log analytics workspace used for collecting logs."
+  type        = string
+  sensitive   = false
+  validation {
+    condition     = length(split("/", var.log_analytics_workspace_id)) == 9
+    error_message = "Please specify a valid resource ID."
+  }
+}
+
 # Network variables
+variable "connectivity_delay_in_seconds" {
+  description = "Specifies the delay in seconds after the private endpoint deployment (required for the DNS automation via Policies)."
+  type        = number
+  sensitive   = false
+  nullable    = false
+  default     = 120
+  validation {
+    condition     = var.connectivity_delay_in_seconds >= 0
+    error_message = "Please specify a valid non-negative number."
+  }
+}
+
 variable "vnet_id" {
   description = "Specifies the resource ID of the Vnet used for the Azure Function."
   type        = string
diff --git a/config/PerfectThymeTech/vars.tfvars b/config/PerfectThymeTech/vars.tfvars
index 8b9c0d4..f1c16e8 100644
--- a/config/PerfectThymeTech/vars.tfvars
+++ b/config/PerfectThymeTech/vars.tfvars
@@ -1,9 +1,9 @@
 # General variables
 location    = "northeurope"
 environment = "prd"
-prefix      = "ghr"
+prefix      = "ghar"
 tags = {
-  "workload" = "github-runners"
+  "workload" = "github-action-runners"
 }
 log_analytics_workspace_id = "/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-logging-rg/providers/Microsoft.OperationalInsights/workspaces/ptt-dev-log001"
 

From db6243971b52d4295619ab8d68e80182ca92ff39 Mon Sep 17 00:00:00 2001
From: Marvin Buss <marvin.buss@gmail.com>
Date: Thu, 26 Sep 2024 09:34:43 +0200
Subject: [PATCH 02/10] Tets deployment

---
 .github/workflows/_terraformEnvironmentTemplate.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/_terraformEnvironmentTemplate.yml b/.github/workflows/_terraformEnvironmentTemplate.yml
index ad7499d..9f15f7b 100644
--- a/.github/workflows/_terraformEnvironmentTemplate.yml
+++ b/.github/workflows/_terraformEnvironmentTemplate.yml
@@ -193,7 +193,7 @@ jobs:
     runs-on: [self-hosted]
     continue-on-error: false
     environment: ${{ inputs.environment }}
-    if: github.event_name == 'push' || github.event_name == 'release'
+    # if: github.event_name == 'push' || github.event_name == 'release'
     needs: [plan]
 
     env:

From c21c088bafb20d660405cc650d233b1ba5a419e9 Mon Sep 17 00:00:00 2001
From: Marvin Buss <marvin.buss@gmail.com>
Date: Thu, 26 Sep 2024 09:38:43 +0200
Subject: [PATCH 03/10] Update provider config

---
 code/infra/locals.tf    |  9 +++++++++
 code/infra/providers.tf | 11 ++++++-----
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/code/infra/locals.tf b/code/infra/locals.tf
index ba39b9b..a1342be 100644
--- a/code/infra/locals.tf
+++ b/code/infra/locals.tf
@@ -2,6 +2,15 @@ locals {
   # General locals
   prefix        = "${lower(var.prefix)}-${var.environment}"
   github_labels = "aca"
+  resource_providers_to_register = [
+    "Microsoft.Authorization",
+    "Microsoft.App",
+    "Microsoft.Insights",
+    "Microsoft.KeyVault",
+    "Microsoft.ManagedIdentity",
+    "Microsoft.Network",
+    "Microsoft.Resources",
+  ]
 
   # Resource locals
   virtual_network = {
diff --git a/code/infra/providers.tf b/code/infra/providers.tf
index 5c860cb..fb6bbc9 100644
--- a/code/infra/providers.tf
+++ b/code/infra/providers.tf
@@ -1,9 +1,10 @@
 provider "azurerm" {
-  disable_correlation_request_id = false
-  environment                    = "public"
-  skip_provider_registration     = false
-  storage_use_azuread            = true
-  # use_oidc                       = true
+  disable_correlation_request_id  = false
+  environment                     = "public"
+  resource_provider_registrations = "none"
+  resource_providers_to_register  = local.resource_providers_to_register
+  storage_use_azuread             = true
+#   use_oidc                        = true
 
   features {
     key_vault {

From 98bdf91a5ca1bfb42d5f6a3ab48278265bd1eb0d Mon Sep 17 00:00:00 2001
From: Marvin Buss <marvin.buss@gmail.com>
Date: Thu, 26 Sep 2024 09:40:36 +0200
Subject: [PATCH 04/10] Add missing provider reference and dependency

---
 code/infra/keyvault.tf  | 3 ++-
 code/infra/terraform.tf | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/code/infra/keyvault.tf b/code/infra/keyvault.tf
index 17a6356..612c92d 100644
--- a/code/infra/keyvault.tf
+++ b/code/infra/keyvault.tf
@@ -25,6 +25,7 @@ resource "azurerm_key_vault_secret" "key_vault_secret_github_pat" {
   value        = var.github_personal_access_token
 
   depends_on = [
-    azurerm_role_assignment.current_role_assignment_key_vault_secrets_officer
+    azurerm_role_assignment.current_role_assignment_key_vault_secrets_officer,
+    module.key_vault.key_vault_setup_completed,
   ]
 }
diff --git a/code/infra/terraform.tf b/code/infra/terraform.tf
index 4ee6012..62f8b6c 100644
--- a/code/infra/terraform.tf
+++ b/code/infra/terraform.tf
@@ -10,6 +10,10 @@ terraform {
       source  = "azure/azapi"
       version = "1.15.0"
     }
+    time = {
+      source  = "hashicorp/time"
+      version = "0.12.1"
+    }
   }
 
   backend "azurerm" {

From 7bd41aa21bd2c6158b42957d7c5a8e9b817d172b Mon Sep 17 00:00:00 2001
From: Marvin Buss <marvin.buss@gmail.com>
Date: Thu, 26 Sep 2024 09:41:12 +0200
Subject: [PATCH 05/10] lint

---
 code/infra/providers.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/code/infra/providers.tf b/code/infra/providers.tf
index fb6bbc9..62fbbed 100644
--- a/code/infra/providers.tf
+++ b/code/infra/providers.tf
@@ -4,7 +4,7 @@ provider "azurerm" {
   resource_provider_registrations = "none"
   resource_providers_to_register  = local.resource_providers_to_register
   storage_use_azuread             = true
-#   use_oidc                        = true
+  #   use_oidc                        = true
 
   features {
     key_vault {

From ad5833a4c1373f0d812616d09be2ef5d0290b660 Mon Sep 17 00:00:00 2001
From: Marvin Buss <marvin.buss@gmail.com>
Date: Thu, 26 Sep 2024 09:42:06 +0200
Subject: [PATCH 06/10] Add concurrency feature to workflow

---
 .github/workflows/_terraformEnvironmentTemplate.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/_terraformEnvironmentTemplate.yml b/.github/workflows/_terraformEnvironmentTemplate.yml
index 9f15f7b..2098427 100644
--- a/.github/workflows/_terraformEnvironmentTemplate.yml
+++ b/.github/workflows/_terraformEnvironmentTemplate.yml
@@ -100,6 +100,9 @@ jobs:
     continue-on-error: false
     environment: ${{ inputs.environment }}
     needs: [lint]
+    concurrency:
+      group: terraform-${{ inputs.config }}-${{ inputs.environment }}
+      cancel-in-progress: false
 
     env:
       ARM_TENANT_ID: ${{ inputs.tenant_id }}
@@ -195,6 +198,9 @@ jobs:
     environment: ${{ inputs.environment }}
     # if: github.event_name == 'push' || github.event_name == 'release'
     needs: [plan]
+    concurrency:
+      group: terraform-${{ inputs.config }}-${{ inputs.environment }}
+      cancel-in-progress: false
 
     env:
       ARM_TENANT_ID: ${{ inputs.tenant_id }}

From c77eb82950efc2a5eb8f87526e05cd39a21957ba Mon Sep 17 00:00:00 2001
From: Marvin Buss <marvin.buss@gmail.com>
Date: Thu, 26 Sep 2024 09:45:29 +0200
Subject: [PATCH 07/10] Fix minor bugs

---
 code/infra/variables.tf             | 4 ++--
 config/PerfectThymeTech/vars.tfvars | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/code/infra/variables.tf b/code/infra/variables.tf
index fbcc7a8..bc3fc2f 100644
--- a/code/infra/variables.tf
+++ b/code/infra/variables.tf
@@ -139,13 +139,13 @@ variable "subnet_cidr_private_endpoints" {
   }
 }
 
-variable "private_dns_zone_id_key_vault" {
+variable "private_dns_zone_id_vault" {
   description = "Specifies the resource ID of the private DNS zone for Azure Key Vault. Not required if DNS A-records get created via Azure Policy."
   type        = string
   sensitive   = false
   default     = ""
   validation {
-    condition     = var.private_dns_zone_id_key_vault == "" || (length(split("/", var.private_dns_zone_id_key_vault)) == 9 && endswith(var.private_dns_zone_id_key_vault, "privatelink.vaultcore.azure.net"))
+    condition     = var.private_dns_zone_id_vault == "" || (length(split("/", var.private_dns_zone_id_vault)) == 9 && endswith(var.private_dns_zone_id_vault, "privatelink.vaultcore.azure.net"))
     error_message = "Please specify a valid resource ID for the private DNS Zone."
   }
 }
diff --git a/config/PerfectThymeTech/vars.tfvars b/config/PerfectThymeTech/vars.tfvars
index f1c16e8..09d84d0 100644
--- a/config/PerfectThymeTech/vars.tfvars
+++ b/config/PerfectThymeTech/vars.tfvars
@@ -19,4 +19,4 @@ nsg_id                        = "/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e13
 route_table_id                = "/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-hub-northeurope-rg/providers/Microsoft.Network/routeTables/ptt-dev-default-rt001"
 subnet_cidr_container_app     = "10.0.1.192/26"
 subnet_cidr_private_endpoints = "10.0.2.0/26"
-private_dns_zone_id_key_vault = "/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-privatedns-rg/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
+private_dns_zone_id_vault     = "/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-privatedns-rg/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"

From cb9b414f5a7fd30a96128cd9b77ad94b48f692af Mon Sep 17 00:00:00 2001
From: Marvin Buss <marvin.buss@gmail.com>
Date: Thu, 26 Sep 2024 10:12:32 +0200
Subject: [PATCH 08/10] Fix reference in module

---
 code/infra/userassignedidentity.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/code/infra/userassignedidentity.tf b/code/infra/userassignedidentity.tf
index f28123a..1914968 100644
--- a/code/infra/userassignedidentity.tf
+++ b/code/infra/userassignedidentity.tf
@@ -5,7 +5,7 @@ module "user_assigned_identity" {
   }
 
   location                                              = var.location
-  resource_group_name                                   = azurerm_resource_group.resource_group.name
+  resource_group_name                                   = azurerm_resource_group.resource_group_container_app.name
   tags                                                  = var.tags
   user_assigned_identity_name                           = "${local.prefix}-uai001"
   user_assigned_identity_federated_identity_credentials = {}

From 755c796a406111276d55813886cb2b84c4bbad3b Mon Sep 17 00:00:00 2001
From: Marvin Buss <marvin.buss@gmail.com>
Date: Thu, 26 Sep 2024 10:21:55 +0200
Subject: [PATCH 09/10] Update network settings

---
 code/infra/network.tf               | 4 ++--
 config/PerfectThymeTech/vars.tfvars | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/code/infra/network.tf b/code/infra/network.tf
index e2d84af..323134c 100644
--- a/code/infra/network.tf
+++ b/code/infra/network.tf
@@ -1,6 +1,6 @@
 resource "azapi_resource" "subnet_container_app" {
   type      = "Microsoft.Network/virtualNetworks/subnets@2024-01-01"
-  name      = "ContainerAppSubnet"
+  name      = "ConAppEnvironmentSubnet"
   parent_id = data.azurerm_virtual_network.virtual_network.id
 
   body = jsonencode({
@@ -31,7 +31,7 @@ resource "azapi_resource" "subnet_container_app" {
 
 resource "azapi_resource" "subnet_private_endpoints" {
   type      = "Microsoft.Network/virtualNetworks/subnets@2024-01-01"
-  name      = "CaPrivateEndpointSubnet"
+  name      = "ConAppPrivateEndpointSubnet"
   parent_id = data.azurerm_virtual_network.virtual_network.id
 
   body = jsonencode({
diff --git a/config/PerfectThymeTech/vars.tfvars b/config/PerfectThymeTech/vars.tfvars
index 09d84d0..b9c5c9a 100644
--- a/config/PerfectThymeTech/vars.tfvars
+++ b/config/PerfectThymeTech/vars.tfvars
@@ -17,6 +17,6 @@ container_image_reference = "ghcr.io/perfectthymetech/githubagentazure:main"
 vnet_id                       = "/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-hub-northeurope-rg/providers/Microsoft.Network/virtualNetworks/ptt-dev-vnet001"
 nsg_id                        = "/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-hub-northeurope-rg/providers/Microsoft.Network/networkSecurityGroups/ptt-dev-default-nsg001"
 route_table_id                = "/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-hub-northeurope-rg/providers/Microsoft.Network/routeTables/ptt-dev-default-rt001"
-subnet_cidr_container_app     = "10.0.1.192/26"
-subnet_cidr_private_endpoints = "10.0.2.0/26"
+subnet_cidr_container_app     = "10.0.2.64/26"
+subnet_cidr_private_endpoints = "10.0.2.128/26"
 private_dns_zone_id_vault     = "/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-privatedns-rg/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"

From 3659a2f00e89071b498bfa59f7926041a6201569 Mon Sep 17 00:00:00 2001
From: Marvin Buss <marvin.buss@gmail.com>
Date: Thu, 26 Sep 2024 12:19:05 +0200
Subject: [PATCH 10/10] Disable apply on PR

---
 .github/workflows/_terraformEnvironmentTemplate.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/_terraformEnvironmentTemplate.yml b/.github/workflows/_terraformEnvironmentTemplate.yml
index 2098427..3545ae1 100644
--- a/.github/workflows/_terraformEnvironmentTemplate.yml
+++ b/.github/workflows/_terraformEnvironmentTemplate.yml
@@ -196,7 +196,7 @@ jobs:
     runs-on: [self-hosted]
     continue-on-error: false
     environment: ${{ inputs.environment }}
-    # if: github.event_name == 'push' || github.event_name == 'release'
+    if: github.event_name == 'push' || github.event_name == 'release'
     needs: [plan]
     concurrency:
       group: terraform-${{ inputs.config }}-${{ inputs.environment }}