From a8358af2a2a2a04d72697aaf38d6a2b9130e7f33 Mon Sep 17 00:00:00 2001 From: Ritika Patil <94649368+riragh@users.noreply.github.com> Date: Fri, 29 Mar 2024 08:39:30 -0500 Subject: [PATCH 1/4] feat: (IAC-1386) EncryptAtHost changes for NIST (#372) --- main.tf | 4 ++++ modules/aks_node_pool/main.tf | 2 ++ modules/aks_node_pool/variables.tf | 6 ++++++ modules/azure_aks/main.tf | 34 ++++++++++++++++-------------- modules/azure_aks/variables.tf | 12 +++++++++++ modules/azurerm_vm/main.tf | 27 +++++++++++++----------- modules/azurerm_vm/variables.tf | 12 +++++++++++ variables.tf | 24 +++++++++++++++++++++ vms.tf | 34 +++++++++++++++++------------- 9 files changed, 112 insertions(+), 43 deletions(-) diff --git a/main.tf b/main.tf index 2edc59e7..e2d9b075 100644 --- a/main.tf +++ b/main.tf @@ -49,6 +49,7 @@ data "azurerm_resource_group" "aks_rg" { count = var.resource_group_name == null ? 0 : 1 name = var.resource_group_name } + resource "azurerm_proximity_placement_group" "proximity" { count = var.node_pools_proximity_placement ? 1 : 0 @@ -143,6 +144,8 @@ module "aks" { aks_cluster_max_pods = var.default_nodepool_max_pods aks_cluster_os_disk_size = var.default_nodepool_os_disk_size aks_cluster_node_vm_size = var.default_nodepool_vm_type + aks_cluster_enable_host_encryption = var.aks_cluster_enable_host_encryption + aks_node_disk_encryption_set_id = var.aks_node_disk_encryption_set_id aks_cluster_node_admin = var.node_vm_admin aks_cluster_ssh_public_key = try(file(var.ssh_public_key), "") aks_cluster_private_dns_zone_id = var.aks_cluster_private_dns_zone_id @@ -206,6 +209,7 @@ module "node_pools" { zones = (var.node_pools_availability_zone == "" || var.node_pools_proximity_placement == true) ? [] : (var.node_pools_availability_zones != null) ? var.node_pools_availability_zones : [var.node_pools_availability_zone] proximity_placement_group_id = element(coalescelist(azurerm_proximity_placement_group.proximity[*].id, [""]), 0) orchestrator_version = var.kubernetes_version + enable_host_encryption = var.aks_cluster_enable_host_encryption tags = var.tags } diff --git a/modules/aks_node_pool/main.tf b/modules/aks_node_pool/main.tf index beae2667..abced417 100755 --- a/modules/aks_node_pool/main.tf +++ b/modules/aks_node_pool/main.tf @@ -10,6 +10,7 @@ resource "azurerm_kubernetes_cluster_node_pool" "autoscale_node_pool" { vnet_subnet_id = var.vnet_subnet_id zones = var.zones fips_enabled = var.fips_enabled + enable_host_encryption = var.enable_host_encryption proximity_placement_group_id = var.proximity_placement_group_id == "" ? null : var.proximity_placement_group_id vm_size = var.machine_type os_disk_size_gb = var.os_disk_size @@ -40,6 +41,7 @@ resource "azurerm_kubernetes_cluster_node_pool" "static_node_pool" { vnet_subnet_id = var.vnet_subnet_id zones = var.zones fips_enabled = var.fips_enabled + enable_host_encryption = var.enable_host_encryption proximity_placement_group_id = var.proximity_placement_group_id == "" ? null : var.proximity_placement_group_id vm_size = var.machine_type os_disk_size_gb = var.os_disk_size diff --git a/modules/aks_node_pool/variables.tf b/modules/aks_node_pool/variables.tf index 1ab640db..a23920ab 100755 --- a/modules/aks_node_pool/variables.tf +++ b/modules/aks_node_pool/variables.tf @@ -23,6 +23,12 @@ variable "fips_enabled" { default = false } +variable "enable_host_encryption" { + description = "Enables host encryption on all the nodes in the Node Pool. Changing this forces a new resource to be created." + type = bool + default = false +} + variable "vnet_subnet_id" { description = "The ID of the Subnet where this Node Pool should exist. Changing this forces a new resource to be created." type = string diff --git a/modules/azure_aks/main.tf b/modules/azure_aks/main.tf index 6efb6954..8cadfe1f 100644 --- a/modules/azure_aks/main.tf +++ b/modules/azure_aks/main.tf @@ -13,6 +13,7 @@ resource "azurerm_kubernetes_cluster" "aks" { support_plan = var.cluster_support_tier role_based_access_control_enabled = true http_application_routing_enabled = false + disk_encryption_set_id = var.aks_node_disk_encryption_set_id # https://docs.microsoft.com/en-us/azure/aks/supported-kubernetes-versions # az aks get-versions --location eastus -o table @@ -52,22 +53,23 @@ resource "azurerm_kubernetes_cluster" "aks" { } default_node_pool { - name = "system" - vm_size = var.aks_cluster_node_vm_size - zones = var.aks_availability_zones - enable_auto_scaling = var.aks_cluster_node_auto_scaling - enable_node_public_ip = false - node_labels = {} - node_taints = [] - fips_enabled = var.fips_enabled - max_pods = var.aks_cluster_max_pods - os_disk_size_gb = var.aks_cluster_os_disk_size - max_count = var.aks_cluster_max_nodes - min_count = var.aks_cluster_min_nodes - node_count = var.aks_cluster_node_count - vnet_subnet_id = var.aks_vnet_subnet_id - tags = var.aks_cluster_tags - orchestrator_version = var.kubernetes_version + name = "system" + vm_size = var.aks_cluster_node_vm_size + zones = var.aks_availability_zones + enable_auto_scaling = var.aks_cluster_node_auto_scaling + enable_node_public_ip = false + node_labels = {} + node_taints = [] + fips_enabled = var.fips_enabled + enable_host_encryption = var.aks_cluster_enable_host_encryption + max_pods = var.aks_cluster_max_pods + os_disk_size_gb = var.aks_cluster_os_disk_size + max_count = var.aks_cluster_max_nodes + min_count = var.aks_cluster_min_nodes + node_count = var.aks_cluster_node_count + vnet_subnet_id = var.aks_vnet_subnet_id + tags = var.aks_cluster_tags + orchestrator_version = var.kubernetes_version } dynamic "service_principal" { diff --git a/modules/azure_aks/variables.tf b/modules/azure_aks/variables.tf index 4d8f0944..d9bcbaaa 100644 --- a/modules/azure_aks/variables.tf +++ b/modules/azure_aks/variables.tf @@ -113,6 +113,18 @@ variable "aks_cluster_max_pods" { default = 110 } +variable "aks_cluster_enable_host_encryption" { + description = "Enables host encryption on all the nodes in the Default Node Pool" + type = bool + default = false +} + +variable "aks_node_disk_encryption_set_id" { + description = "The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. Changing this forces a new resource to be created." + type = string + default = null +} + variable "kubernetes_version" { description = "The AKS cluster K8s version" type = string diff --git a/modules/azurerm_vm/main.tf b/modules/azurerm_vm/main.tf index 97f48504..a7bd1bc0 100644 --- a/modules/azurerm_vm/main.tf +++ b/modules/azurerm_vm/main.tf @@ -36,15 +36,16 @@ resource "azurerm_network_interface_security_group_association" "vm_nic_sg" { # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/managed_disk resource "azurerm_managed_disk" "vm_data_disk" { - count = var.data_disk_count - name = format("%s-disk%02d", var.name, count.index + 1) - location = var.azure_rg_location - resource_group_name = var.azure_rg_name - storage_account_type = var.data_disk_storage_account_type - create_option = "Empty" - disk_size_gb = var.data_disk_size - zone = var.data_disk_zone - tags = var.tags + count = var.data_disk_count + name = format("%s-disk%02d", var.name, count.index + 1) + location = var.azure_rg_location + resource_group_name = var.azure_rg_name + storage_account_type = var.data_disk_storage_account_type + create_option = "Empty" + disk_size_gb = var.data_disk_size + zone = var.data_disk_zone + disk_encryption_set_id = var.disk_encryption_set_id + tags = var.tags } resource "azurerm_virtual_machine_data_disk_attachment" "vm_data_disk_attach" { @@ -64,6 +65,7 @@ resource "azurerm_linux_virtual_machine" "vm" { size = var.machine_type admin_username = var.vm_admin zone = var.vm_zone + encryption_at_host_enabled = var.encryption_at_host_enabled #Cloud Init custom_data = (var.cloud_init != "" ? var.cloud_init : null) @@ -78,9 +80,10 @@ resource "azurerm_linux_virtual_machine" "vm" { } os_disk { - caching = var.os_disk_caching - storage_account_type = var.os_disk_storage_account_type - disk_size_gb = var.os_disk_size + caching = var.os_disk_caching + storage_account_type = var.os_disk_storage_account_type + disk_size_gb = var.os_disk_size + disk_encryption_set_id = var.disk_encryption_set_id } source_image_reference { diff --git a/modules/azurerm_vm/variables.tf b/modules/azurerm_vm/variables.tf index 1bd3b989..9507b38a 100644 --- a/modules/azurerm_vm/variables.tf +++ b/modules/azurerm_vm/variables.tf @@ -162,3 +162,15 @@ variable "proximity_placement_group_id" { type = string default = "" } + +variable "encryption_at_host_enabled" { + description = "Enables all of the disks (including the temp disk) attached to this Virtual Machine be encrypted by enabling Encryption at Host. Defaults to false" + type = bool + default = false +} + +variable "disk_encryption_set_id" { + description = "The ID of the Disk Encryption Set which should be used to Encrypt this OS Disk." + type = string + default = null +} diff --git a/variables.tf b/variables.tf index c240d4cd..5e482915 100644 --- a/variables.tf +++ b/variables.tf @@ -165,6 +165,18 @@ variable "default_nodepool_availability_zones" { default = ["1"] } +variable "aks_cluster_enable_host_encryption" { + description = "Enables host encryption on all the nodes in the Node Pool." + type = bool + default = false +} + +variable "aks_node_disk_encryption_set_id" { + description = "The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. Changing this forces a new resource to be created." + type = string + default = null +} + # AKS advanced network config variable "aks_network_plugin" { description = "Network plugin to use for networking. Currently supported values are azure and kubenet. Changing this forces a new resource to be created." @@ -362,6 +374,18 @@ variable "jump_rwx_filestore_path" { default = "/viya-share" } +variable "enable_vm_host_encryption" { + description = "Setting this variable enables all of the disks (including the temp disk) attached to this Virtual Machine be encrypted by enabling Encryption at Host. This setting applies to both Jump and NFS VM. Defaults to false" + type = bool + default = false +} + +variable "vm_disk_encryption_set_id" { + description = "The ID of the Disk Encryption Set which should be used to Encrypt this OS Disk. This setting applies to both Jump and NFS VM." + type = string + default = null +} + variable "storage_type" { description = "Type of Storage. Valid Values: `standard`, `ha` and `none`. `standard` creates NFS server VM, `ha` creates Azure Netapp Files" type = string diff --git a/vms.tf b/vms.tf index e941f8db..97d2048f 100644 --- a/vms.tf +++ b/vms.tf @@ -54,21 +54,23 @@ data "cloudinit_config" "jump" { module "jump" { source = "./modules/azurerm_vm" - count = var.create_jump_vm ? 1 : 0 - name = "${var.prefix}-jump" - azure_rg_name = local.aks_rg.name - azure_rg_location = var.location - vnet_subnet_id = module.vnet.subnets["misc"].id - machine_type = var.jump_vm_machine_type - azure_nsg_id = local.nsg.id - tags = var.tags - vm_admin = var.jump_vm_admin - vm_zone = var.jump_vm_zone - fips_enabled = var.fips_enabled - ssh_public_key = local.ssh_public_key - cloud_init = data.cloudinit_config.jump[0].rendered - create_public_ip = var.create_jump_public_ip - enable_public_static_ip = var.enable_jump_public_static_ip + count = var.create_jump_vm ? 1 : 0 + name = "${var.prefix}-jump" + azure_rg_name = local.aks_rg.name + azure_rg_location = var.location + vnet_subnet_id = module.vnet.subnets["misc"].id + machine_type = var.jump_vm_machine_type + azure_nsg_id = local.nsg.id + tags = var.tags + vm_admin = var.jump_vm_admin + vm_zone = var.jump_vm_zone + fips_enabled = var.fips_enabled + ssh_public_key = local.ssh_public_key + cloud_init = data.cloudinit_config.jump[0].rendered + create_public_ip = var.create_jump_public_ip + enable_public_static_ip = var.enable_jump_public_static_ip + encryption_at_host_enabled = var.enable_vm_host_encryption + disk_encryption_set_id = var.vm_disk_encryption_set_id # Jump VM mounts NFS path hence dependency on 'module.nfs' depends_on = [module.vnet, module.nfs] @@ -109,6 +111,8 @@ module "nfs" { data_disk_size = var.nfs_raid_disk_size data_disk_storage_account_type = var.nfs_raid_disk_type data_disk_zone = var.nfs_raid_disk_zone + encryption_at_host_enabled = var.enable_vm_host_encryption + disk_encryption_set_id = var.vm_disk_encryption_set_id depends_on = [module.vnet] } From 38bdf66ad8e6909d33b9e7539958ffe93af45e12 Mon Sep 17 00:00:00 2001 From: Ritika Patil <94649368+riragh@users.noreply.github.com> Date: Thu, 4 Apr 2024 10:11:35 -0500 Subject: [PATCH 2/4] feat: (IAC-1377) Add Support for K8s 1.29 (#374) --- Dockerfile | 2 +- README.md | 2 +- docs/CONFIG-VARS.md | 2 +- examples/sample-input-byo.tfvars | 2 +- examples/sample-input-connect.tfvars | 2 +- examples/sample-input-ha.tfvars | 2 +- examples/sample-input-minimal.tfvars | 2 +- examples/sample-input-postgres.tfvars | 2 +- examples/sample-input-ppg.tfvars | 2 +- examples/sample-input-singlestore.tfvars | 2 +- examples/sample-input.tfvars | 2 +- modules/azure_aks/variables.tf | 2 +- variables.tf | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index bce76da5..3543e261 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ ARG AZURECLI_VERSION=2.57.0 FROM hashicorp/terraform:$TERRAFORM_VERSION as terraform FROM mcr.microsoft.com/azure-cli:$AZURECLI_VERSION -ARG KUBECTL_VERSION=1.27.9 +ARG KUBECTL_VERSION=1.28.7 WORKDIR /viya4-iac-azure diff --git a/README.md b/README.md index 85a09e22..c4e7fe53 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ Access to an **Azure Subscription** and an [**Identity**](./docs/user/TerraformA #### Terraform Requirements: - [Terraform](https://www.terraform.io/downloads.html) - v1.7.3 -- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl) - v1.27.9 +- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl) - v1.28.7 - [jq](https://stedolan.github.io/jq/) - v1.6 - [Azure CLI](https://docs.microsoft.com/en-us/cli/azure) - (optional - useful as an alternative to the Azure Portal) - v2.57.0 diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md index 17162f62..0347f1db 100644 --- a/docs/CONFIG-VARS.md +++ b/docs/CONFIG-VARS.md @@ -182,7 +182,7 @@ Ubuntu 20.04 LTS is the operating system used on the Jump/NFS servers. Ubuntu cr | :--- | ---: | ---: | ---: | ---: | | partner_id | A GUID that is registered with Microsoft to facilitate partner resource usage attribution | string | "5d27f3ae-e49c-4dea-9aa3-b44e4750cd8c" | Defaults to SAS partner GUID. When you deploy this Terraform configuration, Microsoft can identify the installation of SAS software with the deployed Azure resources. Microsoft can then correlate the resources that are used to support the software. Microsoft collects this information to provide the best experiences with their products and to operate their business. The data is collected and governed by Microsoft's privacy policies, located at https://www.microsoft.com/trustcenter. | | create_static_kubeconfig | Allows the user to create a provider / service account-based kubeconfig file | bool | true | A value of `false` will default to using the cloud provider's mechanism for generating the kubeconfig file. A value of `true` will create a static kubeconfig that uses a `Service Account` and `Cluster Role Binding` to provide credentials. | -| kubernetes_version | The AKS cluster Kubernetes version | string | "1.27" |Use of specific versions is still supported. If you need exact kubernetes version please use format `x.y.z`, where `x` is the major version, `y` is the minor version, and `z` is the patch version | +| kubernetes_version | The AKS cluster Kubernetes version | string | "1.28" |Use of specific versions is still supported. If you need exact kubernetes version please use format `x.y.z`, where `x` is the major version, `y` is the minor version, and `z` is the patch version | | create_jump_vm | Create bastion host | bool | true | | | create_jump_public_ip | Add public IP address to the jump VM | bool | true | | | enable_jump_public_static_ip | Enables `Static` allocation method for the public IP address of Jump Server. Setting false will enable `Dynamic` allocation method. | bool | true | Only used with `create_jump_public_ip=true` | diff --git a/examples/sample-input-byo.tfvars b/examples/sample-input-byo.tfvars index 6744614b..7ac90991 100644 --- a/examples/sample-input-byo.tfvars +++ b/examples/sample-input-byo.tfvars @@ -45,7 +45,7 @@ container_registry_sku = "Standard" container_registry_admin_enabled = false # AKS config -kubernetes_version = "1.27" +kubernetes_version = "1.28" default_nodepool_min_nodes = 2 default_nodepool_vm_type = "Standard_D8s_v4" diff --git a/examples/sample-input-connect.tfvars b/examples/sample-input-connect.tfvars index 48799803..d744cef8 100644 --- a/examples/sample-input-connect.tfvars +++ b/examples/sample-input-connect.tfvars @@ -34,7 +34,7 @@ container_registry_sku = "Standard" container_registry_admin_enabled = false # AKS config -kubernetes_version = "1.27" +kubernetes_version = "1.28" default_nodepool_min_nodes = 2 default_nodepool_vm_type = "Standard_D8s_v4" diff --git a/examples/sample-input-ha.tfvars b/examples/sample-input-ha.tfvars index 561f0bbe..51e441ec 100644 --- a/examples/sample-input-ha.tfvars +++ b/examples/sample-input-ha.tfvars @@ -32,7 +32,7 @@ container_registry_sku = "Standard" container_registry_admin_enabled = false # AKS config -kubernetes_version = "1.27" +kubernetes_version = "1.28" default_nodepool_min_nodes = 2 default_nodepool_vm_type = "Standard_D8s_v4" diff --git a/examples/sample-input-minimal.tfvars b/examples/sample-input-minimal.tfvars index a91dfb6d..badf61ca 100644 --- a/examples/sample-input-minimal.tfvars +++ b/examples/sample-input-minimal.tfvars @@ -32,7 +32,7 @@ container_registry_sku = "Standard" container_registry_admin_enabled = false # AKS config -kubernetes_version = "1.27" +kubernetes_version = "1.28" default_nodepool_min_nodes = 2 default_nodepool_vm_type = "Standard_D4_v3" #v3 still has local temp storage diff --git a/examples/sample-input-postgres.tfvars b/examples/sample-input-postgres.tfvars index 9c4c40b1..74369924 100644 --- a/examples/sample-input-postgres.tfvars +++ b/examples/sample-input-postgres.tfvars @@ -86,7 +86,7 @@ container_registry_sku = "Standard" container_registry_admin_enabled = false # AKS config -kubernetes_version = "1.27" +kubernetes_version = "1.28" default_nodepool_min_nodes = 2 default_nodepool_vm_type = "Standard_D8s_v4" diff --git a/examples/sample-input-ppg.tfvars b/examples/sample-input-ppg.tfvars index 2df3be14..c3d85751 100644 --- a/examples/sample-input-ppg.tfvars +++ b/examples/sample-input-ppg.tfvars @@ -33,7 +33,7 @@ container_registry_sku = "Standard" container_registry_admin_enabled = false # AKS config -kubernetes_version = "1.27" +kubernetes_version = "1.28" default_nodepool_min_nodes = 2 default_nodepool_vm_type = "Standard_D8s_v4" diff --git a/examples/sample-input-singlestore.tfvars b/examples/sample-input-singlestore.tfvars index d6e76fb3..7508f8c6 100644 --- a/examples/sample-input-singlestore.tfvars +++ b/examples/sample-input-singlestore.tfvars @@ -34,7 +34,7 @@ container_registry_sku = "Standard" container_registry_admin_enabled = false # AKS config -kubernetes_version = "1.27" +kubernetes_version = "1.28" default_nodepool_min_nodes = 2 default_nodepool_vm_type = "Standard_D8s_v4" diff --git a/examples/sample-input.tfvars b/examples/sample-input.tfvars index 0d5f5e4c..2b9063ff 100644 --- a/examples/sample-input.tfvars +++ b/examples/sample-input.tfvars @@ -34,7 +34,7 @@ container_registry_sku = "Standard" container_registry_admin_enabled = false # AKS config -kubernetes_version = "1.27" +kubernetes_version = "1.28" default_nodepool_min_nodes = 2 default_nodepool_vm_type = "Standard_D8s_v4" diff --git a/modules/azure_aks/variables.tf b/modules/azure_aks/variables.tf index d9bcbaaa..1b764d99 100644 --- a/modules/azure_aks/variables.tf +++ b/modules/azure_aks/variables.tf @@ -128,7 +128,7 @@ variable "aks_node_disk_encryption_set_id" { variable "kubernetes_version" { description = "The AKS cluster K8s version" type = string - default = "1.27" + default = "1.28" } variable "aks_cluster_endpoint_public_access_cidrs" { diff --git a/variables.tf b/variables.tf index 5e482915..29e8caa9 100644 --- a/variables.tf +++ b/variables.tf @@ -132,7 +132,7 @@ variable "default_nodepool_vm_type" { variable "kubernetes_version" { description = "The AKS cluster K8s version" type = string - default = "1.27" + default = "1.28" } variable "default_nodepool_max_nodes" { From ca4ba01a15d70f3e14fffdac8cfe65be97b5309c Mon Sep 17 00:00:00 2001 From: Ritika Patil <94649368+riragh@users.noreply.github.com> Date: Mon, 8 Apr 2024 08:29:18 -0500 Subject: [PATCH 3/4] docs: Updated copyright to 2024 (#375) --- container-structure-test.yaml | 2 +- docker-entrypoint.sh | 2 +- files/tools/iac_git_info.sh | 2 +- files/tools/iac_tooling_version.sh | 2 +- files/tools/terraform_env_variable_helper.sh | 2 +- iam.tf | 2 +- locals.tf | 2 +- main.tf | 2 +- modules/aks_node_pool/main.tf | 2 +- modules/aks_node_pool/variables.tf | 2 +- modules/azure_aks/main.tf | 2 +- modules/azure_aks/outputs.tf | 2 +- modules/azure_aks/variables.tf | 2 +- modules/azurerm_message_broker/main.tf | 2 +- modules/azurerm_message_broker/outputs.tf | 2 +- modules/azurerm_message_broker/variables.tf | 2 +- modules/azurerm_netapp/main.tf | 2 +- modules/azurerm_netapp/outputs.tf | 2 +- modules/azurerm_netapp/variables.tf | 2 +- modules/azurerm_postgresql_flex/main.tf | 2 +- modules/azurerm_postgresql_flex/outputs.tf | 2 +- modules/azurerm_postgresql_flex/variables.tf | 2 +- modules/azurerm_vm/main.tf | 2 +- modules/azurerm_vm/outputs.tf | 2 +- modules/azurerm_vm/variables.tf | 2 +- modules/azurerm_vnet/main.tf | 2 +- modules/azurerm_vnet/outputs.tf | 2 +- modules/azurerm_vnet/variables.tf | 2 +- modules/kubeconfig/main.tf | 2 +- modules/kubeconfig/output.tf | 2 +- modules/kubeconfig/variables.tf | 2 +- monitor.tf | 2 +- outputs.tf | 2 +- variables.tf | 2 +- versions.tf | 2 +- vms.tf | 2 +- 36 files changed, 36 insertions(+), 36 deletions(-) diff --git a/container-structure-test.yaml b/container-structure-test.yaml index 23b02380..9152b4e8 100644 --- a/container-structure-test.yaml +++ b/container-structure-test.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 schemaVersion: "2.0.0" diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index f6263659..1e8907a8 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 set -e diff --git a/files/tools/iac_git_info.sh b/files/tools/iac_git_info.sh index 777b55fd..4b7b9da8 100755 --- a/files/tools/iac_git_info.sh +++ b/files/tools/iac_git_info.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 # We need to return an error if things don't work diff --git a/files/tools/iac_tooling_version.sh b/files/tools/iac_tooling_version.sh index 474a431a..875bc4ba 100755 --- a/files/tools/iac_tooling_version.sh +++ b/files/tools/iac_tooling_version.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 # We need to return an error if things don't work diff --git a/files/tools/terraform_env_variable_helper.sh b/files/tools/terraform_env_variable_helper.sh index b42ffdb2..6e8aadf9 100644 --- a/files/tools/terraform_env_variable_helper.sh +++ b/files/tools/terraform_env_variable_helper.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 echo -e "\nUsage: You must have an active az cli login 'az login' before this script will work" diff --git a/iam.tf b/iam.tf index 27981fc5..6ade78fc 100644 --- a/iam.tf +++ b/iam.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 data "azurerm_user_assigned_identity" "uai" { diff --git a/locals.tf b/locals.tf index 47e1d436..84006293 100644 --- a/locals.tf +++ b/locals.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 locals { diff --git a/main.tf b/main.tf index e2d9b075..37825c4c 100644 --- a/main.tf +++ b/main.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 ## Azure-AKS diff --git a/modules/aks_node_pool/main.tf b/modules/aks_node_pool/main.tf index abced417..500cd98e 100755 --- a/modules/aks_node_pool/main.tf +++ b/modules/aks_node_pool/main.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 # Reference: https://www.terraform.io/docs/providers/azurerm/r/kubernetes_cluster_node_pool.html diff --git a/modules/aks_node_pool/variables.tf b/modules/aks_node_pool/variables.tf index a23920ab..e3981b8c 100755 --- a/modules/aks_node_pool/variables.tf +++ b/modules/aks_node_pool/variables.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 variable "node_pool_name" { diff --git a/modules/azure_aks/main.tf b/modules/azure_aks/main.tf index 8cadfe1f..dd6cbef8 100644 --- a/modules/azure_aks/main.tf +++ b/modules/azure_aks/main.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 # Reference: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster diff --git a/modules/azure_aks/outputs.tf b/modules/azure_aks/outputs.tf index fafb924c..a067abf9 100644 --- a/modules/azure_aks/outputs.tf +++ b/modules/azure_aks/outputs.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 output "client_key" { diff --git a/modules/azure_aks/variables.tf b/modules/azure_aks/variables.tf index 1b764d99..60882508 100644 --- a/modules/azure_aks/variables.tf +++ b/modules/azure_aks/variables.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 variable "aks_cluster_name" { diff --git a/modules/azurerm_message_broker/main.tf b/modules/azurerm_message_broker/main.tf index 4824bd80..5a931eea 100644 --- a/modules/azurerm_message_broker/main.tf +++ b/modules/azurerm_message_broker/main.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 # Azure Service Bus diff --git a/modules/azurerm_message_broker/outputs.tf b/modules/azurerm_message_broker/outputs.tf index eab5ce3c..fdc175d2 100644 --- a/modules/azurerm_message_broker/outputs.tf +++ b/modules/azurerm_message_broker/outputs.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 output "message_broker_hostname" { diff --git a/modules/azurerm_message_broker/variables.tf b/modules/azurerm_message_broker/variables.tf index adb4ffe1..5610b28b 100644 --- a/modules/azurerm_message_broker/variables.tf +++ b/modules/azurerm_message_broker/variables.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 variable "prefix" { diff --git a/modules/azurerm_netapp/main.tf b/modules/azurerm_netapp/main.tf index 9a60ae72..781f45dc 100644 --- a/modules/azurerm_netapp/main.tf +++ b/modules/azurerm_netapp/main.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 # Terraform docs - https://www.terraform.io/docs/providers/azurerm/r/netapp_volume.html diff --git a/modules/azurerm_netapp/outputs.tf b/modules/azurerm_netapp/outputs.tf index 75b68b3f..3b7fb97f 100644 --- a/modules/azurerm_netapp/outputs.tf +++ b/modules/azurerm_netapp/outputs.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 output "netapp_account_id" { diff --git a/modules/azurerm_netapp/variables.tf b/modules/azurerm_netapp/variables.tf index c52fc787..ab3e59db 100644 --- a/modules/azurerm_netapp/variables.tf +++ b/modules/azurerm_netapp/variables.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 variable "prefix" { diff --git a/modules/azurerm_postgresql_flex/main.tf b/modules/azurerm_postgresql_flex/main.tf index e2e12523..e2523d06 100644 --- a/modules/azurerm_postgresql_flex/main.tf +++ b/modules/azurerm_postgresql_flex/main.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 ################################################### diff --git a/modules/azurerm_postgresql_flex/outputs.tf b/modules/azurerm_postgresql_flex/outputs.tf index 232589d5..610ee039 100644 --- a/modules/azurerm_postgresql_flex/outputs.tf +++ b/modules/azurerm_postgresql_flex/outputs.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 output "server_name" { diff --git a/modules/azurerm_postgresql_flex/variables.tf b/modules/azurerm_postgresql_flex/variables.tf index 6b958703..deb2e937 100644 --- a/modules/azurerm_postgresql_flex/variables.tf +++ b/modules/azurerm_postgresql_flex/variables.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 variable "resource_group_name" { diff --git a/modules/azurerm_vm/main.tf b/modules/azurerm_vm/main.tf index a7bd1bc0..e7a98e20 100644 --- a/modules/azurerm_vm/main.tf +++ b/modules/azurerm_vm/main.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 # https://docs.microsoft.com/en-us/azure/virtual-network/public-ip-addresses diff --git a/modules/azurerm_vm/outputs.tf b/modules/azurerm_vm/outputs.tf index f1f96546..c403a12f 100644 --- a/modules/azurerm_vm/outputs.tf +++ b/modules/azurerm_vm/outputs.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 output "private_ip_address" { diff --git a/modules/azurerm_vm/variables.tf b/modules/azurerm_vm/variables.tf index 9507b38a..3019aa77 100644 --- a/modules/azurerm_vm/variables.tf +++ b/modules/azurerm_vm/variables.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 variable "azure_rg_name" { diff --git a/modules/azurerm_vnet/main.tf b/modules/azurerm_vnet/main.tf index f27a7a28..7c1000a3 100644 --- a/modules/azurerm_vnet/main.tf +++ b/modules/azurerm_vnet/main.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 # Sourced and modified from https://github.com/Azure/terraform-azurerm-vnet diff --git a/modules/azurerm_vnet/outputs.tf b/modules/azurerm_vnet/outputs.tf index 2c2bba2a..7f0fcb9b 100644 --- a/modules/azurerm_vnet/outputs.tf +++ b/modules/azurerm_vnet/outputs.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 output "id" { diff --git a/modules/azurerm_vnet/variables.tf b/modules/azurerm_vnet/variables.tf index 01d3f4b4..94f97116 100644 --- a/modules/azurerm_vnet/variables.tf +++ b/modules/azurerm_vnet/variables.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 variable "name" { diff --git a/modules/kubeconfig/main.tf b/modules/kubeconfig/main.tf index 88d40a9e..58d31351 100644 --- a/modules/kubeconfig/main.tf +++ b/modules/kubeconfig/main.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 locals { diff --git a/modules/kubeconfig/output.tf b/modules/kubeconfig/output.tf index a7a3877d..f487a7bc 100644 --- a/modules/kubeconfig/output.tf +++ b/modules/kubeconfig/output.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 output "kube_config" { diff --git a/modules/kubeconfig/variables.tf b/modules/kubeconfig/variables.tf index f53e58d6..96abef01 100644 --- a/modules/kubeconfig/variables.tf +++ b/modules/kubeconfig/variables.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 variable "prefix" { diff --git a/monitor.tf b/monitor.tf index c94f2127..ce80f65b 100755 --- a/monitor.tf +++ b/monitor.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 # Azure Monitor - https://azure.microsoft.com/en-gb/services/monitor/ diff --git a/outputs.tf b/outputs.tf index d8e52904..9fdb6b94 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 # aks diff --git a/variables.tf b/variables.tf index 29e8caa9..dfbc8e17 100644 --- a/variables.tf +++ b/variables.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 ## Global diff --git a/versions.tf b/versions.tf index cf34f195..3e1f5097 100644 --- a/versions.tf +++ b/versions.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 terraform { diff --git a/vms.tf b/vms.tf index 97d2048f..2d4a8e6f 100644 --- a/vms.tf +++ b/vms.tf @@ -1,4 +1,4 @@ -# Copyright © 2020-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. +# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 locals { From e99988d3de9f04fe982ee6d054020833391c5454 Mon Sep 17 00:00:00 2001 From: Ritika Patil <94649368+riragh@users.noreply.github.com> Date: Tue, 9 Apr 2024 12:20:37 -0500 Subject: [PATCH 4/4] feat: (IAC-1401) Updated az CLI version to remediate the security vuln (#376) --- Dockerfile | 2 +- README.md | 2 +- container-structure-test.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3543e261..5131a64e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ ARG TERRAFORM_VERSION=1.7.3 -ARG AZURECLI_VERSION=2.57.0 +ARG AZURECLI_VERSION=2.59.0 FROM hashicorp/terraform:$TERRAFORM_VERSION as terraform FROM mcr.microsoft.com/azure-cli:$AZURECLI_VERSION diff --git a/README.md b/README.md index c4e7fe53..578668fc 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,7 @@ Access to an **Azure Subscription** and an [**Identity**](./docs/user/TerraformA - [Terraform](https://www.terraform.io/downloads.html) - v1.7.3 - [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl) - v1.28.7 - [jq](https://stedolan.github.io/jq/) - v1.6 -- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure) - (optional - useful as an alternative to the Azure Portal) - v2.57.0 +- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure) - (optional - useful as an alternative to the Azure Portal) - v2.59.0 #### Docker Requirements: - [Docker](https://docs.docker.com/get-docker/) diff --git a/container-structure-test.yaml b/container-structure-test.yaml index 9152b4e8..0ad03445 100644 --- a/container-structure-test.yaml +++ b/container-structure-test.yaml @@ -29,7 +29,7 @@ commandTests: - -c - | az version -o tsv - expectedOutput: ["2.57.0\t2.57.0\t1.1.0"] + expectedOutput: ["2.59.0\t2.59.0\t1.1.0"] metadataTest: workdir: "/viya4-iac-azure"