Update Terraform azurerm to v4 #2247

renovate · 2024-08-23T07:02:14Z

This PR contains the following updates:

Package	Type	Update	Change
azurerm (source)	required_provider	major	`3.65.0` -> `4.17.0`
azurerm (source)	required_provider	major	`3.113.0` -> `4.17.0`

Release Notes

hashicorp/terraform-provider-azurerm (azurerm)

`v4.17.0`

Compare Source

FEATURES:

New Data Source: azurerm_api_management_subscription (#27824)
New Resource: azurerm_cognitive_account_rai_policy (#28013)
New Resource: azurerm_mssql_job_target_group (#28492)

ENHANCEMENTS:

dependencies: network - update to use 2024-05-01 (#28146)
dependencies: privatedns - update to use 2024-06-01 (#28599)
dependencies: storage - update to use 2023-05-01 (#27760)
Data Source: azure_communication_service - add support for the hostname property (#28620)
azurerm_api_management - capacity now has a max limit of 50 (#28648)
azurerm_backup_protected_vm - add support for feature vm_backup_suspend_protection_and_retain_data_on_destroy (#27950)
azurerm_cognitive_account - support for the bypass property (#28221)
azure_communication_service - add support for the hostname property (#28620)
azurerm_container_app_environment - add support for Azure Monitor as a log destination (#26047)
azurerm_mssql_elasticpool- add support for MOPRMS pool type and update validation for PRMS and Gen5 pool types (#28453)
azurerm_mssql_managed_instance_transparent_data_encryption - support for the managed_hsm_key_id property (#28480)
azurerm_stream_analytics_output_cosmosdb - support for the authentication_mode property (#28372)
azurerm_stream_analytics_stream_input_blob - add support for authentication_mode (#27853)

BUG FIXES:

azurerm_container_app - update the validation regex for the resource's name (#28528)
azurerm_kubernetes_cluster - parse oms_agent.log_analytics_workspace_id insensitively to handle inconsistent casing (#28575)
azurerm_kubernetes_flux_configuration - fix issue where removing post_build from a kustomization resulted in an error from the API (#28590)
azurerm_linux_virtual_machine_scale_set - prevent crash caused by ommited extensions_to_provision_after_vm_creation block (#28549)
azurerm_log_analytics_storage_insights - use subscription from workspace ID when building the resource ID (#28469)
azurerm_orchestrated_virtual_machine_scale_set - prevent crash caused by ommited extensions_to_provision_after_vm_creation block (#28549)
azurerm_virtual_machine - parse os_disk insensitively to handle inconsistent casing (#28592)
azurerm_windows_virtual_machine_scale_set - Prevent crash caused by ommited extensions_to_provision_after_vm_creation block (#28549)

`v4.16.0`

Compare Source

NOTE: This release contains a breaking change reverting redisenterprise API version from 2024-10-01 to 2024-06-01-preview as not all regions are currently supported in the 2024-10-01 version

BREAKING CHANGES:

dependencies - redisenterprise API version reverted from 2024-10-01 to 2024-06-01-preview (#28516)

FEATURES:

New Resource: azurerm_container_registry_credential_set (#27528)
New Resource: azurerm_mssql_job (#28456)
New Resource: azurerm_mssql_job_schedule (#28456)

ENHANCEMENTS:

dependencies - update hashicorp/go-azure-sdk to v0.20250115.1141151 (#28519)
dependencies - costmanagement update to use 2023-08-01 (#27680)
dependencies - postgresql update API version to 2024-08-01 (#28474)
azurerm_container_app – support for the termination_grace_period_seconds property (#28307)
azurerm_cost_anomaly_alert - add support for the notification_email property (#27680)
azurerm_data_protection_backup_vault - support for immutability property (#27859)
azurerm_databricks_workspace - fix ignore_changes support (#28527)
azurerm_kubernetes_cluster_node_pool - add support for the temporary_name_for_rotation property to allow node pool rotation (#27791)
azurerm_linux_function_app - add support for node 22 and java 17 support for JBOSSEAP (#28472)
azurerm_linux_web_app - add support for node 22 and java 17 support for JBOSSEAP (#28472)
azurerm_windows_function_app - add support for node 22 and java 17 support for JBOSSEAP (#28472)

BUG FIXES:

azurerm_logic_app_standard - fix setting public_network_access for conflicting API properties (#28465)
azurerm_redis_cache - data_persistence_authentication_method can now be unset (#27932)
azurerm_mssql_database - fix bug where verifying TDE might fail to return an error on failure (#28505)
azurerm_mssql_database - fix several potential bugs where retry functions could return false negatives for actual errors (#28505)
azurerm_private_endpoint - fix a bug where reading Private DNS could error and exit the Read of the resource early without raising an error (#28505)

`v4.15.0`

Compare Source

FEATURES:

New Data Source: azurerm_kubernetes_fleet_manager (#28278)
New Resource: azurerm_arc_kubernetes_provisioned_cluster (#28216)
New Resource: azurerm_machine_learning_workspace_network_outbound_rule_private_endpoint (#27874)
New Resource azurerm_machine_learning_workspace_network_outbound_rule_service_tag (#27931)
New Resource azurerm_dynatrace_tag_rules (#27985)

ENHANCEMENTS:

dependencies - update tool Go version and bump go-git version to 5.13.0 (#28425)
dependencies - update hashicorp/go-azure-sdk to v0.20241212.1154051 (#28360)
dependencies - frontdoor - partial update to use 2024-02-01 API (#28233)
dependencies - postgresql - update to 2024-08-01 (#28380)
dependencies - redisenterprise - update to 2024-10-01 and support for new skus (#28280)
Data Source: azurerm_healthcare_dicom_service - add support for the data_partitions_enabled, cors, encryption_key_url and storage properties (#27375)
Data Source: azurerm_nginx_deployment - add support for the dataplane_api_endpoint property (#28379)
Data Source: azurerm_static_web_app - add support for the repository_url and repository_branch properties (#27401)
azurerm_billing_account_cost_management_export - add support for the file_format property (#27122)
azurerm_cdn_frontdoor_profile - add support for the identity property (#28281)
azurerm_cognitive_deployment - DataZoneProvisionedManaged and GlobalProvisionedManaged skus are now supported (#28404)
azurerm_databricks_access_connector - SystemAssigned,UserAssigned identity is now supported (#28442)
azurerm_healthcare_dicom_service - add support for the data_partitions_enabled, cors, encryption_key_url and storage properties (#27375)
azurerm_kubernetes_flux_configuration - add support for the post_build and wait properties (#25695)
azurerm_linux_virtual_machine - export the os_disk.0.id attribute (#28352)
azurerm_netapp_volume - make the network_features property Optional/Computed (#28390)
azurerm_nginx_deployment - add support for the dataplane_api_endpoint property (#28379)
azurerm_resource_group_cost_management_export - add support for the file_format property (#27122)
azurerm_site_recovery_replicated_vm - support for the network_interface.recovery_load_balancer_backend_address_pool_ids property (#28398)
azurerm_static_web_app - add support for the repository_url, repository_branch and repository_token properties (#27401)
azurerm_subscription_cost_management_export - add support for the file_format property (#27122)
azurerm_virtual_network - support for the private_endpoint_vnet_policies property (#27830)
azurerm_windows_virtual_machine - export the os_disk.0.id attribute (#28352)
azurerm_mssql_managed_instance - support for new property azure_active_directory_administrator (#24801)

BUG FIXES:

azurerm_api_management - update the capacity property to allow increasing the apim scalability to 31 (#28427)
azurerm_automation_software_update_configuration remove deprecated misspelled attribute error_meesage (#28312)
azurerm_batch_pool - support for new block security_profile (#28069)
azurerm_log_analytics_data_export_rule - now creates successfully without returning 404 (#27876)
azurerm_mongo_cluster - remove CustomizeDiff logic for administrator_password to allow the input to be generated by the random_password resource (#28215)
azurerm_mongo_cluster - valdation updated so the resource now creates successfully when using create_mode GeoReplica (#28269)
azurerm_mssql_managed_instance - allow system and user assigned identities, fix update failure (#28319)
azurerm_storage_account - fix error handling for static_website and queue_properties availability checks (#28279)

`v4.14.0`

Compare Source

BREAKING CHANGES:

nginx - update api version to 2024-09-01-preview, this API no longer supports certain properties which have had to be deprecated in the provider for the upgrade (#27776)
Data Source: azurerm_nginx_configuration - the protected_file.content property will not be populated and has been deprecated (#27776)
Data Source: azurerm_nginx_deployment - the managed_resource_group property will not be populated and has been deprecated (#27776)
azurerm_network_function_collector_policy - the API doesn't preserve the ordering of the ipfx_ingestion.source_resource_ids property causing non-empty plans after apply, this property's type has been changed from a list to a set to prevent Terraform from continually trying to recreate this resource. If this property is being referenced anywhere you will need to update your config to convert it to a list before referencing it (#27915)
azurerm_nginx_deployment - the managed_resource_group property is no longer supported and has been deprecated (#27776)

FEATURES:

New Resource: azurerm_cognitive_account_rai_blocklist (#28043)
New Resource: azurerm_fabric_capacity (#28080)

ENHANCEMENTS:

dependencies - update go-azure-sdk to v0.20241206.1180327 (#28211)
nginx - update api version to 2024-11-01-preview (#28227)
azurerm_linux_function_app - add support for preview value 21 for java_version (#26304)
azurerm_linux_function_app_slot - support 1.3 for site_config.minimum_tls_version and site_config.scm_minimum_tls_version (#28016)
azurerm_linux_web_app - add support for preview value 21 for java_version (#26304)
azurerm_orchestrated_virtual_machine_scale_set - support hot patching for 2025-datacenter-azure-edition-core-smalldisk (#28160)
azurerm_search_service - add support for the network_rule_bypass_option property (#28139)
azurerm_windows_function_app - add support for preview value 21 for java_version (#26304)
azurerm_windows_function_app_slot - support 1.3 for site_config.minimum_tls_version and site_config.scm_minimum_tls_version (#28016)
azurerm_windows_virtual_machine - support hot patching for 2025-datacenter-azure-edition-core-smalldisk (#28160)
azurerm_windows_web_app - add support for preview value 21 for java_version (#26304)

BUG FIXES:

azurerm_management_group - fix regression where subscription ID can't be parsed correctly anymore (#28228)

`v4.13.0`

Compare Source

ENHANCEMENTS:

azurerm_cognitive_deployment - support for the dynamic_throttling_enabled property (#28100)
azurerm_key_vault_managed_hardware_security_module_key - the key_type property now supports oct-HSM (#28171)
azurerm_machine_learning_datastore_datalake_gen2 - can now be used with storage account in a different subscription (#28123)
azurerm_network_watcher_flow_log - target_resource_id supports subnets and network interfaces (#28177)

BUG:

Data Source: azurerm_logic_app_standard - update the identity property to support User Assigned Identities (#28158)
azurerm_cdn_frontdoor_origin_group - update validation of the interval_in_seconds property to match API behaviour (#28143)
azurerm_container_group - retrieve log analytics workspace key from config when updating resource (#28025)
azurerm_mssql_elasticpool - fix sku tier and family validation that prevented the creation of Hyperscale PRMS pools (#28178)
azurerm_search_service - the partition_count property can now be up to 3 when using basic sku (#28105)

`v4.12.0`

Compare Source

FEATURES:

New Data Source: azurerm_mssql_managed_database (#27026)

BUG FIXES:

azurerm_application_insights_api_key - fix condition that nil checks the list of available API keys to prevent an indefinate loop when keys created outside of Terraform are present (#28037)
azurerm_data_factory_linked_service_azure_sql_database - send tenant_id only if it has been specified (#28120)
azurerm_eventgrid_event_subscription - fix crash when flattening advanced_filter (#28110)
azurerm_virtual_network_gateway - fix crash issue when specifying root_certificate or revoked_certificate (#28099)

ENHANCEMENTS:

dependencies - update go-azure-sdk to v0.20241128.1112539 (#28137)
containerapps - update api version to 2024-03-01 (#28074)
Search - update api version to 2024-06-01-preview (#27803)
Data Source: azurerm_logic_app_standard - add support for the public_network_access property (#27913)
Data Source: azurerm_search_service - add support for the customer_managed_key_encryption_compliance_status property (#27478)
azurerm_container_registry_task - add validation on cpu as well as on agent_pool_nameand agent_setting (#28098)
azurerm_databricks_workspace - add support for the enhanced_security_compliance block (#26606)
azurerm_eventhub - deprecate namespace_name and resource_group_name in favour of namespace_id (#28055)
azurerm_logic_app_standard - add support for the public_network_access property (#27913)
azurerm_search_service - add support for the customer_managed_key_encryption_compliance_status property (#27478)
azurerm_cosmosdb_account - add support for value EnableNoSQLFullTextSearch in the capabilities.name property (#28114)

`v4.11.0`

Compare Source

NOTES:

New ephemeral resources azurerm_key_vault_certificate and azurerm_key_vault_secret now support ephemeral values

FEATURES:

New Ephemeral Resource: azurerm_key_vault_certificate (#28083)
New Ephemeral Resource: azurerm_key_vault_secret (#28083)
New Resource: azurerm_eventgrid_namespace (#27682)

ENHANCEMENTS:

dependencies: update hashicorp/go-azure-sdk to v0.20241118.1115603 (#28075)
batch - upgrade api version to 2024-07-01 (#27982)
containerregistry - upgrade api version to 2023-11-01-preview (#27983)
azurerm_application_gateway - 1.1 is now accepted as a valid rule_set_version in the waf_configuration block (#28039)
azurerm_arc_machine - add support for the identity and tags properties (#27987)
azurerm_container_app - secret.name now accepts up to 253 characters and . (#27935)
azurerm_network_manager - scope_accesses now accepts Routing (#28033)
azurerm_network_watcher_flow_log - add support for the target_resource_id property (#26015)
azurerm_role_assignment - condition_version will be defaulted to 2.0 when condition has been set (#27189)
azurerm_subnet - Informatica.DataManagement/organizations is a valid service_delegation (#27993)
azurerm_virtual_network - Informatica.DataManagement/organizations is a valid service_delegation (#27993)
azurerm_web_application_firewall_policy - 1.1 is now accepted as a valid version for Microsoft_BotManagerRuleSet rule types (#28039)

BUG FIXES:

azurerm_api_management - public_ip_address_id is no longer required when zone has been set (#27976)
azurerm_api_management_diagnostic - raise and error when operation_name_format is used with and identity that is not applicationinsights (#27630)
azurerm_api_management_api_diagnostic - raise and error when operation_name_format is used with and identity that is not applicationinsights (#27630)
azurerm_application_gateway - rewrite_rule_set can be supplied when using Basic sku (#28011)
azurerm_container_registry_token_password - correctly mark as gone if container registry token doesn't exist (#27232)
azurerm_kusto_cluster - allowed_fqdn and allowed_ip_ranges can now be set to empty lists (#27529)
azurerm_linux_function_app_slot - create content settings when using a consumpton plan (#25412)
azurerm_virtual_network_gatway - updating ip_configuration now recreates the resource (#27828)

`v4.10.0`

Compare Source

BREAKING CHANGES:

dependencies - update cognitive to 2024-10-01, due to a behavioural change in this version of the API, the primary_access_key and secondary_access_key can not be retrieved if local_authentication_enabled has been set to false. These properties that may have had values previously will now be empty. This has affected the azurerm_ai_services and azurerm_cognitive_account resources as well as the azurerm_cognitive_account data source (#27851)

FEATURES:

New Data Source: azurerm_key_vault_managed_hardware_security_module_key (#27827)
New Resource: azurerm_netapp_backup_vault (#27188)
New Resource: azurerm_netapp_backup_policy (#27188)

ENHANCEMENTS:

dependencies: update terraform-plugin-framework to version v1.13.0 (#27936)
dependencies: update terraform-plugin-framework-validators to version v0.14.0 (#27936)
dependencies: update terraform-plugin-go to version v0.25.0 (#27936)
dependencies: update terraform-plugin-mux to version v0.17.0 (#27936)
dependencies: update terraform-plugin-sdk/v2 to version v2.35.0 (#27936)
Data Source: azurerm_bastion_host - add support for the zones property (#27909)
azurerm_application_gateway - support more values for the status_code property (#27535)
azurerm_bastion_host - support for the zones property (#27909)
azurerm_communication_service - support for usgov region (#27919)
azurerm_email_communication_service - support for usgov region added (#27919)
azurerm_linux_function_app - support for .NET 9 (#27879)
azurerm_linux_function_app_slot - support for .NET 9 (#27879)
azurerm_linux_web_app - support for .NET 9 (#27879)
azurerm_linux_web_app_slot - support for .NET 9 (#27879)
azurerm_windows_web_app - support for .NET 9 (#27879)
azurerm_windows_web_app_slot - support for .NET 9 (#27879)
azurerm_windows_function_app - support for .NET 9 (#27879)
azurerm_windows_function_app_slot - support for .NET 9 (#27879)

BUG FIXES:

azurerm_log_analytics_workspace_table - use the subscription from workspace ID (#27590)
azurerm_traffic_manager_external_endpoint - the value for priority will be dynamically assigned by the API (#27966)
azurerm_traffic_manager_azure_endpoint - the value for priority will be dynamically assigned by the API (#27966)

`v4.9.0`

Compare Source

FEATURES:

New Resource: azurerm_dynatrace_monitor (#27432)
New Resource: azurerm_dashboard_grafana_managed_private_endpoint (#27781)
New Resource: azurerm_data_protection_backup_instance_mysql_flexible_server (#27464)
New Resource: azurerm_mongo_cluster (#27636)
New Resource: azurerm_stack_hci_network_interface (#26888)

ENHANCEMENTS:

dependencies - update go-azure-sdk to v0.20241104.1140654 (#27896)
dependencies - update go-azure-helpers to v0.71.0 (#27897)
dependencies - update golang-jwt to v4.5.1 (#27938)
storage - allow azurerm_storage_account to be used in Data Plane restrictive environments (#27818)
azurerm_cognitive_deployment - sku.0.name now supports DataZoneStandard (#27926)
azurerm_mssql_managed_database - support for the tags property (#27857)
azurerm_oracle_cloud_vm_cluster - support for the domain, scan_listener_port_tcp, scan_listener_port_tcp_ssl and zone_id properties (#27808)
azurerm_public_ip_prefix - support for the sku_tier property (#27882)
azurerm_public_ip - support for the domain_name_label_scope property (#27748)
azurerm_subnet - default_outbound_access_enabled can now be updated (#27858)
azurerm_storage_container - support for the storage_account_id property (#27733)
azurerm_storage_share - support for the storage_account_id property (#27733)

`v4.8.0`

Compare Source

FEATURES:

New Data Source: azurerm_virtual_network_peering (#27530)
New Resource: azurerm_machine_learning_workspace_network_outbound_rule_fqdn (#27384)
New Resource: azurerm_stack_hci_extension (#26929)
New Resource: azurerm_stack_hci_marketplace_gallery_image (#27532)
New Resource: azurerm_trusted_signing_account (#27720)

ENHANCEMENTS:

mysql - upgrade api version to 2023-12-30 (#27767)
network - upgrade api version to 2024-03-01 (#27746)
azurerm_cosmosdb_account: support for CMK through managed_hsm_key_id property (#26521)
azurerm_cosmosdb_account - support further versions for mongo_server_version (#27763)
azurerm_container_app_environment - changing the log_analytics_workspace_id property no longer creates a new resource (#27794)
azurerm_data_factory_linked_service_azure_sql_database - add support for the credential_name property (#27629)
azurerm_key_vault_key - expiration_date only recreates the resource when it is removed from the config file (#27813)
azurerm_kubernetes_cluster - fix issue wheremaintenance_window_auto_upgrade/maintenance_window_auto_upgrade/maintenance_window_node_os might not be read into state (#26915)
azurerm_kubernetes_cluster - support for the backend_pool_type property (#27596)
azurerm_kubernetes_cluster - support for the daemonset_eviction_for_empty_nodes_enabled, daemonset_eviction_for_occupied_nodes_enabled, and ignore_daemonsets_utilization_enabled properties (#27588)
azurerm_load_test - description can now be updated (#27800)
azurerm_oracle_cloud_vm_cluster - export the ocid property (#27785)
azurerm_orchestrated_virtual_machine_scale_set - add support for sku_profile block (#27599)
azurerm_web_application_firewall_policy - add support for policy_settings.0.file_upload_enforcement (#27774)

BUG FIXES:

azurerm_automation_hybrid_runbook_worker_group - correctly mark resource as gone if it's absent when reading it (#27797)
azurerm_automation_hybrid_runbook_worker - correctly mark resource as gone if it's absent when reading it (#27797)
azurerm_automation_python3_package - correctly mark resource as gone if it's absent when reading it (#27797)
azurerm_data_protection_backup_vault - prevent panic when checking value of cross_region_restore_enabled (#27762)
azurerm_role_management_policy - fix panic when unmarshalling the policy into a specific type (#27731)
azurerm_security_center_subscription_pricing - correctly type assert the additional_extension_properties property when building the payload (#27721)
azurerm_synapse_workspace_aad_admin - will no correctly delete when using azurerm_synapse_workspace_aad_admin with azurerm_synapse_workspace (#27606)
azurerm_windows_function_app_slot - fixed panic in state migration (#27700)

`v4.7.0`

Compare Source

FEATURES:

New Data Source: azurerm_oracle_adbs_character_sets (#27698)
New Data Source: azurerm_oracle_adbs_national_character_sets (#27698)
New Data Source: azurerm_oracle_autonomous_database (#27696)
New Data Source: azurerm_oracle_db_nodes (#27698)
New Data Source: azurerm_oracle_db_system_shapes (#27698)
New Data Source: azurerm_oracle_gi_versions (#27698)
New Resource: azurerm_dev_center_project_pool (#27706)
New Resource: azurerm_oracle_autonomous_database (#27696)
New Resource: azurerm_video_indexer_account (#27632)

ENHANCEMENTS:

dependencies - update go-azure-sdk to v0.20241021.1074254 (#27713)
newrelic - upgrade api version to 2024-03-01 (#27135)
cosmosdb - upgrade api version to 2024-08-15 (#27659)
azurerm_application_gateway - support for the new Basic SKU value (#27440)
azurerm_consumption_budget_management_group - the property notification.threshold_type can now be updated (#27511)
azurerm_consumption_budget_resource_group - the property notification.threshold_type can now be updated (#27511)
azurerm_container_app - add support for the template.container.readiness_probe.initial_delay and template.container.startup_probe.initial_delay properties (#27551)
azurerm_mssql_managed_instance - the storage_account_type property can now be updated (#27737)

BUG FIXES:

azurerm_automation_software_update_configuration - correct validation to not allow 5 and allow -1 (#25574)
azurerm_cosmosdb_sql_container - fix recreation logic for partition_key_version (#27692)
azurerm_mssql_database - updating short term retention policy now works as expected (#27714)
azurerm_network_watcher_flow_log - fix issue where tags were not being updated (#27389)
azurerm_postgresql_flexible_server_virtual_endpoint - retrieve and parse replica_server_id for cross-region scenarios as well as remove custom poller for the delete operation (#27509)

`v4.6.0`

Compare Source

FEATURES:

New Resource: azurerm_dev_center_attached_network (#27638)
New Resource: azurerm_oracle_cloud_vm_cluster (#27678)
New Resource: azurerm_oracle_exadata_infrastructure (#27678)
New Data Source: azurerm_oracle_cloud_vm_cluster (#27678)
New Data Source: azurerm_oracle_db_servers (#27678)
New Data Source: azurerm_oracle_exadata_infrastructure (#27678)

ENHANCEMENTS:

redisenterprise - upgrade api version to 2024-06-01-preview (#27597)
azurerm_app_configuration - support for premium sku (#27674)
azurerm_container_app - support for the max_inactive_revisions property (#27598)
azurerm_kubernetes_cluster - remove lock on subnets (#27583)
azurerm_nginx_deployment - allow updates for sku (#27604)
azurerm_fluid_relay_server - support for the customer_managed_key property (#27581)
azurerm_linux_virtual_machine - support the UBUNTU_PRO value for the license_type property (#27534)

BUGS:

azurerm_api_management_api_diagnostic - do not set OperationNameFormat when the identifier property is azuremonitor (#27456)
azurerm_api_management - prevent a panic (#27649)
azurerm_mssql_database - make short_term_retention_policy.backup_interval_in_hours computed (#27656)

`v4.5.0`

Compare Source

FEATURES:

New Resource: azurerm_stack_hci_virtual_hard_disk (#27474)

ENHANCEMENTS:

azurerm_bastion_host - support for the Premium SKU and session_recording_enabled property (#27278)
azurerm_log_analytics_cluster - the size_gb property now supports all of 100, 200, 300, 400, 500, 1000, 2000, 5000, 10000, 25000, and 50000 (#27616)
azurerm_mssql_elasticpool - allow PRMS for the family property (#27615)

BUG FIXES:

azurerm_mssql_database - now creates successfully when elastic pool is hyperscale (#27505)
azurerm_postgresql_flexible_server_configuration - now locks to prevent conflicts when deploying multiple (#27355)

`v4.4.0`

Compare Source

ENHANCEMENTS:

dependencies - update github.com/hashicorp/go-azure-sdk to v0.20240923.1151247 (#27491)
azurerm_site_recovery_replicated_vm - support for the target_virtual_machine_size property (#27480)

BUG FIXES:

azurerm_app_service_certificate - key_vault_secret_id can now be versionless (#27537)
azurerm_linux_virtual_machine_scale_set - prevent crash when auto_upgrade_minor_version_enabled is nil (#27353)
azurerm_role_assignment - correctly parse ID when it's a root or provider scope (#27237)
azurerm_storage_blob - source_content is now ForceNew (#27508)
azurerm_virtual_network_gateway_connection - revert shared_key to Optional and Computed (#27560)

`v4.3.0`

Compare Source

FEATURES:

New Resource: azurerm_advisor_suppression (#26177)
New Resource: azurerm_data_protection_backup_policy_mysql_flexible_server (#26955)
New Resource: azurerm_key_vault_managed_hardware_security_module_key_rotation_policy (#27306)
New Resource: azurerm_stack_hci_deployment_setting (#25646)
New Resource: azurerm_stack_hci_storage_path (#26509)
New Data Source: azurerm_vpn_server_configuration (#27054)

ENHANCEMENTS:

managementgroups - migrate to hashicorp/go-azure-sdk (#26430)
nginx - upgrade api version to 2024-06-01-preview (#27345)
azurerm_linux[windows]_web[function]_app[app_slot] - upgrade api version from 2023-01-01 to 2023-12-01 (#27196)
azurerm_cosmosdb_account - support for the capability EnableNoSQLVectorSearch (#27357)azurerm_container_app_custom_domain - fix parsing the certificate ID error #25972
azurerm_container_app_custom_domain - support other certificate types (#25972)
azurerm_linux_virtual_machine_scale_set - the zones property can now be updated without creating a new resource (#27288)
azurerm_orchestrated_virtual_machine_scale_set - the zones property can now be updated without creating a new resource (#27288)
azurerm_role_management_policy - support for resource scope (#27205)
azurerm_spring_cloud_gateway - changing the environment_variables and sensitive_environment_variables properties no longer creates a new resource (#27404)
azurerm_static_web_app - support for the public_network_access_enabled property ([#&

Configuration

📅 Schedule: Branch creation - "after 7am and before 11am every weekday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2024-08-23T07:02:57Z

Code Review: Terraform AzureRM Provider Version Upgrade

Overview:
The diff shows a series of updates to the azurerm provider version from 3.113.0 (and in one case from 3.65.0) to 4.0.0. This is a significant version upgrade and implies moving from the 3.x series to the 4.x series of the azurerm provider.

General Advice:

Read the Changelog: Before implementing the version upgrade, ensure the Terraform azurerm provider's changelog for version 4.0.0 has been thoroughly reviewed. Major version upgrades can introduce breaking changes or require adjustments in the Terraform configuration.
Perform Incremental Upgrades: If possible, consider upgrading to any minor versions between your current version and the 4.0.0 version incrementally, especially if upgrading from a significantly older version like 3.65.0. This can help in isolating and handling any deprecations or breaking changes more effectively.
Verify Compatibility: Ensure all resources managed by Terraform in these configurations are compatible with the new provider version. This might require reading through the Terraform documentation for each resource or potentially making adjustments to resource configurations.
Testing: After upgrading, perform extensive testing in a non-production environment. Verify that terraform plan and terraform apply execute as expected without errors and that all resources are in the desired state. This will also help in identifying any deprecated properties or syntax that needs to be updated.
Update Documentation: If there are any project or team-specific documents that reference the specific version of azurerm, those should be updated accordingly.

Specific Suggestions:

Review Deprecations: Version 4.0.0 may deprecate certain resources or attributes. If any deprecated features are used in your configurations, update them to the recommended alternatives.
Feature Flags & Experiments: Version 4.0.0 might introduce new feature flags or experimental features. Review these and decide if any are applicable and beneficial to your use case, ensuring to test them thoroughly if implemented.
Provider Block Configuration: While updating the version in the required_providers block, also review the entire provider configuration for any new arguments or features introduced in 4.0.0 that could benefit your infrastructure management.

Estimated Cost Changes:
Upgrading the provider version itself does not incur a direct cost. However, if changes in the new version result in the creation of new resources, changes to existing resources, or optimizations that reduce resource usage, there could indirectly be an impact on cost. Upgrading to a new major version might encourage or require updates to your infrastructure that could either increase or decrease costs depending on the specific changes made.

Carbon Usage:
Similar to cost changes, the upgrade does not directly affect carbon usage. Indirect effects could occur based on how the infrastructure is modified following the upgrade. For example, optimizing resource usage or consolidating resources could result in lower carbon emissions.

In summary, the upgrade requires careful attention to potential breaking changes, thorough testing, and possible adjustments in Terraform configurations to ensure a smooth transition to azurerm version 4.0.0.

github-actions · 2024-08-24T00:30:29Z

Improvements Overview

The changes show an update to the AzureRM provider from version 3.113.0 to 4.0.1 across multiple Terraform configurations. This is generally a good practice to keep third-party providers up to date for accessing new features, security patches, and performance improvements. However, despite these beneficial changes, there are other considerations and improvements to address:

Review Migration Guides: Major version upgrades (from 3.x to 4.x) often come with breaking changes. Ensure that migration guides provided by HashiCorp for the AzureRM provider are thoroughly reviewed and applied to ensure compatibility. Specific examples would be changes in resource attributes or required configurations that might have changed with the new major version.
Consistency Across Configurations: One of the init.tf files is updated from 3.65.0 to 4.0.1. While updating to the latest version is positive, ensure that all other Terraform configurations are also consistently using the same versions of the provider to avoid unexpected behavior or compatibility issues within the team or CI/CD processes.
Version Constraints: Rather than locking the provider version to an exact version (4.0.1), it might be more flexible to use version constraints to automatically incorporate non-breaking updates. For example, using >= 4.0.1 would allow minor updates to be used, providing access to newer features and bug fixes without manual updates, while still preventing major version jumps that could introduce breaking changes.

hcl
azurerm = {
source = "hashicorp/azurerm"
- version = "4.0.1"
- version = ">= 4.0.1, < 5.0.0"
  }
Testing Environment: Before deploying these changes to a production environment, it is crucial to test them in a development or staging environment. This helps in identifying and mitigating any issues arising from the provider update that could affect your infrastructure.
Update Automation Scripts: If there are any automation scripts or CI/CD pipelines that reference the AzureRM provider version, those should be updated in line with the Terraform configurations to avoid mismatches in environments.
Review Deprecations and New Features: Given the major version upgrade, review the list of deprecated features and any new features or resources that could benefit your configurations. Utilizing new functionalities could improve performance, cost, and security posture.

Cost and Carbon Usage Consideration

Cost: The version update itself does not directly translate into cost changes. However, using new features or optimized resources available in the new version could lead to cost-saving opportunities. Being proactive in identifying and implementing these can reduce overall Azure expenditure.
Carbon Usage: Optimizing resource usage and selecting more efficient services or configurations could result in lower carbon emissions. Consider leveraging features in the new provider version that support sustainability goals, such as selecting regions with higher renewable energy use or optimizing resource sizing.

Final Notes

While this review focuses on the Terraform provider version update, it's important to view this change within the broader context of your infrastructure management practices. Careful planning, testing, and ongoing review of Terraform resources and provider capabilities will yield the best results in terms of maintainability, cost efficiency, and sustainability.

github-actions · 2024-09-06T04:01:32Z

Review Summary

The git diff indicates an update across multiple Terraform configurations, specifically upgrading the azurerm provider version from various older versions to version 4.1.0. This upgrade action itself is commendable for staying up-to-date with the latest features, security patches, and performance improvements that come with the newer version of the provider. However, there are multiple aspects that can further improve these updates:

Version Pinning Strategy

It's crucial to adopt a more flexible version pinning strategy to ensure smoother transitions between versions and to avoid potential conflicts or breaking changes that could affect your infrastructure stability.

Suggestion:
Instead of hardcoding to a specific version like 4.1.0, consider using the pessimistic constraint operator (~>). For instance:
hcl
azurerm = {
source = "hashicorp/azurerm"

version = "4.1.0"

version = "~> 4.1"
}

This approach allows for automatic updates to the latest patch version without upgrading to a new minor version that could introduce breaking changes.

### Reviewing the Changelog

Ensure you have thoroughly reviewed the changelog for the provider upgrade. Each major and minor update can introduce changes that might require adjustments in your code or might introduce deprecations.

**Suggestion:**
Dedicate time for a comprehensive review of the [`azurerm` provider release notes](https://github.com/hashicorp/terraform-provider-azurerm/releases) focusing on versions from your previous version up to `4.1.0`. Identify any deprecations, new features, or breaking changes that may impact your code.

### Testing

Upgrading a provider version should always be accompanied by thorough testing to ensure that the upgrade does not adversely affect your infrastructure.

**Suggestion:**
Implement a robust testing strategy that includes:
- **Unit tests:** Validate individual parts of Terraform code.
- **Integration tests:** Ensure modules work together as expected.
- **Acceptance tests:** Verify the interaction with Azure services.

### Documentation and Communication

Upgrading critical components like a Terraform provider can affect multiple teams. Documentation and communication about the change are essential.

**Suggestion:**
- Update any documentation that references the older provider versions.
- Communicate the pending update to all stakeholders, highlighting the reason for the upgrade and any potential impact.

### Cost, Security, and Carbon Usage Implications

- **Cost:** Upgrading the provider should not directly impact costs unless the new version introduces features or changes that can be leveraged to optimize infrastructure costs. Review new features for cost-saving opportunities.
- **Security:** Staying updated with the latest version helps mitigate known vulnerabilities. Ensure you analyze the security enhancements introduced in the new version.
- **Carbon Usage:** While the provider version itself has a minimal direct impact on carbon usage, leveraging new features for more efficient resource management could indirectly contribute to lower carbon footprints.

---
*Please note, specific GBP cost changes are not provided as the provider version update's direct impact on cost varies based on the use case and leveraged features.*

github-actions · 2024-09-13T06:05:53Z

Review Summary

The diff provided shows updates to the AzureRM provider version for Terraform across multiple components. Upgrading to version 4.2.0 is a significant change and could include new features, bug fixes, and possibly breaking changes which need to be thoroughly tested.

Additional Improvements

Testing and Compatibility Check:

Before proceeding with the provider version upgrade, ensure that you've thoroughly reviewed the release notes and migration guides for azurerm version 4.2.0. This could highlight any breaking changes or deprecated features which might affect your infrastructure. Additionally, running a full plan in a test environment to catch potential incompatibilities or required adjustments in your Terraform configuration would be prudent.

Example: Check for deprecated resources or attributes and adjust your Terraform configurations accordingly.

hcl

Before

resource "azurerm_some_deprecated_resource" "example" {
...
}

After

resource "azurerm_replacement_resource" "example" {
...
}
Version Constraints:

While upgrading, it's beneficial to use version constraints to avoid unexpected updates that could potentially break your configurations. Rather than pinning to a specific version, consider using optimistic version constraints to automatically incorporate non-breaking updates.

Example: Use a version constraint to accept updates within the major version 4.x without automatically upgrading to a potentially breaking 5.x version.
```
required_providers {
  azurerm = {
-    version = \"4.2.0\"
+    version = \"~> 4.2\"
  }
}
```
Continuous Integration/Continuous Deployment (CI/CD):

If not already in place, incorporating a CI/CD pipeline for Terraform deployments can significantly reduce risks associated with infrastructure updates. This would involve steps such as code linting, running terraform plan in a CI environment, and requiring manual approvals for applying changes to production.

Example: Implement GitHub Actions or a similar CI service to automatically run terraform plan on pull requests.
State Locking and Backup:

Ensure that state locking and backup mechanisms are in place to prevent concurrent executions and to safeguard against accidental data loss. When working with updated provider versions, having a robust rollback or recovery process is critical.

Example: Use the terraform backend configuration to enable state locking and ensure state files are backed up securely.
```
terraform {
  backend \"s3\" {
    ...
    lock_table = \"my_tf_state_lock_table\"
    ...
  }
}
```

Cost and Carbon Usage Considerations

Upgrading the provider itself does not directly impact costs or carbon usage. However, new features or resources introduced in the 4.2.0 version might offer more efficient alternatives to existing resources, potentially lowering costs and reducing carbon footprint when managed effectively.

Recommendation

Carry out a thorough review and testing phase to ensure that the upgrade does not introduce any regression or configuration drift. Consider gradual implementation with extensive monitoring to mitigate potential risks.

Should new or optimized resources be available in the upgraded version, assess their impact on costs and carbon usage, aiming for a balance between innovation, stability, and sustainability.

github-actions · 2024-09-20T07:42:49Z

Based on the provided git diff, the changes predominantly focus on updating the azurerm provider version to 4.3.0 across various Terraform configurations. While this is generally good practice to keep dependencies up-to-date for accessing the latest features, improvements, and security patches, there are additional considerations and potential improvements to be made:

Version Constraint Flexibility:
Using a specific version (e.g., version = \"4.3.0\") locks the provider to that version. While this ensures consistency, it also prevents the automatic adoption of patch updates. Consider using version constraints that allow for automatic updates within a given range. For instance:

hcl
version = "~> 4.3"
```
This constraint allows for any non-breaking updates within the `4.x` range, promoting easier maintenance and improved security without manual intervention for minor updates. 
```
Consistency and Documentation:
The update to version = \"4.3.0\" is applied inconsistently across components, with shutter_static_webapp being updated from a significantly older version (3.65.0) compared to the others. Ensure that all components are consistently updated where applicable and document the rationale for significant version jumps to aid in future maintenance and troubleshooting.
Testing and Validation:
Major version changes (e.g., from 3.x to 4.x) can introduce breaking changes. It's not clear from the diff if tests or validation steps have been performed to ensure that existing configurations work as expected with the new provider version. Implement automated testing or a plan for manual validation to confirm that the update does not disrupt existing infrastructure.
Review the Provider's Changelog:
Given the significant version update, especially for the shutter_static_webapp component, reviewing the provider's changelog is essential. This can help identify any deprecated features or necessary changes in your Terraform code to ensure compatibility with the new version. Any identified changes should be implemented alongside the version upgrade to prevent runtime issues.
Cost and Carbon Impact Analysis:
While updating the provider version in itself might not directly impact costs or carbon footprint, the features and improvements in newer versions can enable more efficient infrastructure configurations. Explore the new version's capabilities to see if there are any new services, resource management improvements, or efficiency features that can be leveraged to optimize costs and reduce carbon usage.

As for the exact cost implications in GBP or the specific carbon usage impact, these depend on how the new provider version changes resource utilization or infrastructure configuration. Without concrete changes in the infrastructure code beyond the provider version update, estimating cost or carbon impact would be speculative. It's advisable to monitor your infrastructure's cost and usage closely after applying these updates to gauge their impact.

github-actions · 2024-10-04T07:12:00Z

Review Summary:

The diff provided shows an upgrade of the azurerm Terraform provider across several Terraform configuration files from various versions (3.113.0 and 3.65.0) to version 4.4.0. This sort of version upgrade is essential to ensure compatibility with new Azure features, improvements in the Terraform provider itself, and to patch any security vulnerabilities addressed in the newer versions.

Additional Improvements:

Locking Provider Versions for Consistency: Ensure that all Terraform configuration files in your project use the same version of the azurerm provider to avoid inconsistencies that could arise from using different versions.

Example:
hcl
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 4.4.0" # Ensuring consistency across all Terraform configs
}
}
}
Review Upgrade Guide: Review the upgrade guide provided by HashiCorp for moving from version 3.x to 4.x of the azurerm provider. This is to ensure that any breaking changes are identified and addressed before applying these changes. No code example for this, but it's a crucial step.
Version Constraints: Consider using version constraints to automatically accept non-breaking updates. Example: \"~> 4.4\" instead of a fixed version \"4.4.0\". This allows receiving backward-compatible features and patches automatically.
```
version = \"~> 4.4\"
```
State Backup and Testing: Before applying the upgrade, ensure to take a comprehensive backup of your Terraform state files and test the changes in a non-production environment to prevent any unforeseen issues.
Documenting Changes: Document the reasons for upgrading the provider version in your project's README or in the commit message. This helps in understanding the necessity behind the upgrade for future reference.

No specific code changes for documentation, but ensuring it's done enriches project maintainability.
Performance and Cost Implications: Consider any performance and cost implications due to the provider upgrade. The new version may introduce features or changes that could impact the resource utilization and, as a result, the cost. However, without specific details of the Azure resources being managed, it's challenging to provide concrete examples or estimated price changes.
Environmental Consideration: New versions of providers often include optimizations that can reduce the number of calls to the cloud provider or enhance the efficiency of resource management. While indirect, such improvements can contribute to reduced carbon output by minimizing unnecessary operations and potentially running infrastructure more efficiently. Assessing the carbon usage impact would require detailed analysis post-upgrade.

Conclusion:

The Terraform provider upgrade is a positive step towards leveraging newer features, improvements, and security patches. However, it's crucial to approach the upgrade with a thorough understanding of potential impacts, including compatibility checks, performance, cost implications, and environmental considerations. Implementing the additional improvements and suggestions outlined above will help ensure a smoother transition and maintain high-quality infrastructure-as-code practices.

github-actions · 2024-10-11T06:37:44Z

Terraform Provider Version Update Review

The provided git diff reflects updates to the Terraform azurerm provider version from 3.113.0 (and 3.65.0 in one instance) to 4.5.0 across several components. While updating to a newer version of a provider is generally a good practice, considering it brings in new features, bug fixes, and potentially better performance, there are additional improvements and considerations that should be addressed:

Review Changelog for Breaking Changes: Before updating the provider version, it's important to thoroughly review the changelog to identify any breaking changes. Version 4.x could introduce changes that are incompatible with your current configurations. Specific examples include syntax changes, deprecated features, or altered behavior of existing resources. Having a comprehensive understanding of these changes is crucial to ensure a smooth transition.
Version Constraints: While directly specifying the new version is a straightforward approach, it's generally advisable to use version constraints to manage provider updates more flexibly. Instead of hardcoding \"version = 4.5.0\", consider using a version constraint like \"version = \"~> 4.5.0\" to automatically include updates that are assumed to be compatible, addressing minor bugs or feature updates without manually updating the version each time.

Example:
hcl
azurerm = {
source = "hashicorp/azurerm"
version = "~> 4.5.0"
}
Testing: After updating the provider version, ensure to perform thorough testing on your Terraform plans and applies. This could be via automated CI/CD pipelines incorporating terraform plan and terraform apply stages in a controlled environment to detect any unexpected changes or issues introduced by the version update. Utilizing Terraform's -target option can be helpful for testing specific resources before a broad application.
Documentation Update: Ensure that all relevant documentation is updated to reflect the new provider version and any changes in your Terraform configurations or deployment practices resulting from the upgrade.
Financial Impact: Updating the provider version itself does not directly incur additional costs. However, new features or resource improvements introduced in the newer version can offer more cost-efficient options or reveal previously unoptimized resources deserving reconsideration. Reviewing Azure's pricing documentation in conjunction with new or improved resources mentioned in the provider's release notes is recommended to identify potential cost optimizations.
Carbon Usage Consideration: While the provider version update does not directly impact carbon usage, the utilization of newly available features or resources could. For example, if the new provider version offers enhanced support for scaling or more efficient resource types, optimizing their use could indirectly contribute to reduced power consumption and carbon footprint.

In summary, while the update itself is a good practice, ensuring readiness through changelog review, implementing version constraints, thorough testing, updating documentation, assessing potential cost implications, and considering carbon usage impacts are critical steps for a successful and beneficial upgrade.

hmcts-platform-operations · 2024-10-11T06:40:09Z

Plan Result (sbox_private_dns - TerraformPlanApply)

No changes. Your infrastructure matches the configuration.

hmcts-platform-operations · 2024-10-11T06:40:16Z

Plan Result (sbox_apim_appgw - TerraformPlanApply)

Plan: 0 to add, 2 to change, 0 to destroy.

Update
- module.app-gw.azurerm_application_gateway.ag[0]
- module.app-gw.azurerm_monitor_diagnostic_setting.diagnostic_settings[0]

Change Result (Click me)

  # module.app-gw.data.azurerm_monitor_diagnostic_categories.diagnostic_categories will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" {
      + id                  = (known after apply)
      + log_category_groups = (known after apply)
      + log_category_types  = (known after apply)
      + metrics             = (known after apply)
      + resource_id         = "/subscriptions/ea3a8c1e-af9d-4108-bc86-a7e2d267f49c/resourceGroups/hmcts-hub-sbox-int/providers/Microsoft.Network/applicationGateways/cft-apim00-sandbox-agw"
    }

  # module.app-gw.azurerm_application_gateway.ag[0] will be updated in-place
  ~ resource "azurerm_application_gateway" "ag" {
        id                                = "/subscriptions/ea3a8c1e-af9d-4108-bc86-a7e2d267f49c/resourceGroups/hmcts-hub-sbox-int/providers/Microsoft.Network/applicationGateways/cft-apim00-sandbox-agw"
        name                              = "cft-apim00-sandbox-agw"
        tags                              = {
            "application"  = "core"
            "builtFrom"    = "hmcts/azure-platform-terraform"
            "businessArea" = "CFT"
            "criticality"  = "Low"
            "environment"  = "sandbox"
            "expiresAfter" = "3000-01-01"
            "startupMode"  = "always"
        }
        # (8 unchanged attributes hidden)

      - probe {
          - host                                      = "cft-api-mgmt-appgw.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/ea3a8c1e-af9d-4108-bc86-a7e2d267f49c/resourceGroups/hmcts-hub-sbox-int/providers/Microsoft.Network/applicationGateways/cft-apim00-sandbox-agw/probes/cft-api-mgmt-appgw-probe" -> null
          - interval                                  = 10 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "cft-api-mgmt-appgw-probe" -> null
          - path                                      = "/status-0123456789abcdef" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      + probe {
          + host                                      = "cft-api-mgmt-appgw.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 10
          + minimum_servers                           = 0
          + name                                      = "cft-api-mgmt-appgw-probe"
          + path                                      = "/status-0123456789abcdef"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }

        # (15 unchanged blocks hidden)
    }

  # module.app-gw.azurerm_monitor_diagnostic_setting.diagnostic_settings[0] will be updated in-place
  ~ resource "azurerm_monitor_diagnostic_setting" "diagnostic_settings" {
        id                             = "/subscriptions/ea3a8c1e-af9d-4108-bc86-a7e2d267f49c/resourceGroups/hmcts-hub-sbox-int/providers/Microsoft.Network/applicationGateways/cft-apim00-sandbox-agw|AppGw"
        name                           = "AppGw"
        # (5 unchanged attributes hidden)

      ~ metric (known after apply)
      - metric {
          - category = "AllMetrics" -> null
          - enabled  = true -> null

          - retention_policy {
              - days    = 0 -> null
              - enabled = true -> null
            }
        }
    }

Plan: 0 to add, 2 to change, 0 to destroy.

hmcts-platform-operations · 2024-10-11T06:40:22Z

Plan Result (sbox_backendappgateway - TerraformPlanApply)

Plan: 0 to add, 2 to change, 0 to destroy.

Update
- module.backendappgateway.azurerm_application_gateway.ag[0]
- module.backendappgateway.azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0]

Change Result (Click me)

  # module.backendappgateway.azurerm_application_gateway.ag[0] will be updated in-place
  ~ resource "azurerm_application_gateway" "ag" {
        id                                = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw"
        name                              = "cft-aks00-sandbox-agw"
        tags                              = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/azure-platform-terraform"
            "businessArea" = "CFT"
            "criticality"  = "Low"
            "environment"  = "sandbox"
            "expiresAfter" = "3000-01-01"
            "startupMode"  = "always"
        }
        # (8 unchanged attributes hidden)

      - probe {
          - host                                      = "bulk-scan-orchestrator-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/bulk-scan-orchestrator" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "bulk-scan-orchestrator" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "bulk-scan-payment-processor-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/bulk-scan-payment-processor" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "bulk-scan-payment-processor" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "bulk-scan-processor-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/bulk-scan-processor" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "bulk-scan-processor" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "bulk-scan-sample-app-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/bulk-scan-sample-app" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "bulk-scan-sample-app" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "div-emca-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/div-emca" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "div-emca" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "docmosis.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/dg-docmosis" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "dg-docmosis" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "draft-store-service-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/draft-store-service" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "draft-store-service" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "fpl-case-service-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/fpl-case-service" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "fpl-case-service" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "ia-bail-case-api-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/ia-bail-case-api" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "ia-bail-case-api" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "ia-case-api-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/ia-case-api" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "ia-case-api" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "ia-case-documents-api-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/ia-case-documents-api" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "ia-case-documents-api" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "ia-case-notifications-api-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/ia-case-notifications-api" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "ia-case-notifications-api" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "ia-hearings-api-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/ia-hearings-api" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "ia-hearings-api" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "idam-api-sprod.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/idam-api-sprod" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "idam-api-sprod" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "idam-api.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/idam-api" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "idam-api" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "idam-hmcts-access.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/idam-hmcts-access" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "idam-hmcts-access" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold  

# ...
# ... The maximum length of GitHub Comment is 65536, so the content is omitted by tfcmt.
# ...

        + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "ia-case-documents-api-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "ia-case-documents-api"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "ia-case-notifications-api-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "ia-case-notifications-api"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "ia-hearings-api-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "ia-hearings-api"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "idam-api-sprod.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "idam-api-sprod"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "idam-api.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "idam-api"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "idam-hmcts-access.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "idam-hmcts-access"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "idam-testing-support-api.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "idam-testing-support-api"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "idam-user-dashboard.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "idam-user-dashboard"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "idam-user-profile-bridge.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "idam-user-profile-bridge"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "idam-web-admin-sprod.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "idam-web-admin-sprod"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "idam-web-admin.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "idam-web-admin"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "labs-apps-njs-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "labs-apps-njs"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "labs-dj-khaled-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "labs-dj-khaled"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "payment-api-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "payment-api"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "plum-frontend-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "plum-frontend"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "probate-business-service-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "probate-business-service"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "probate-orchestrator-service-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "probate-orchestrator-service"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "probate-submit-service-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "probate-submit-service"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "rd-professional-api-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "rd-professional-api"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "rd-profile-sync-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "rd-profile-sync"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "rd-user-profile-api-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "rd-user-profile-api"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "reform-scan-blob-router-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "reform-scan-blob-router"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "reform-scan-notification-service-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "reform-scan-notification-service"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "rpe-send-letter-service-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "rpe-send-letter-service"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "sscs-evidence-share-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "sscs-evidence-share"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "sscs-tribunals-api-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "sscs-tribunals-api"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }

        # (193 unchanged blocks hidden)
    }

  # module.backendappgateway.azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0] will be updated in-place
  ~ resource "azurerm_monitor_diagnostic_setting" "diagnostics_access_logs_sa" {
        id                             = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw|app-gw-storage-account"
        name                           = "app-gw-storage-account"
        # (6 unchanged attributes hidden)

      - metric {
          - category = "AllMetrics" -> null
          - enabled  = false -> null

          - retention_policy {
              - days    = 0 -> null
              - enabled = false -> null
            }
        }

        # (2 unchanged blocks hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.

⚠️ Errors

add a label sbox_backendappgateway - TerraformPlanApply/add-or-update: POST https://api.github.com/repos/hmcts/azure-platform-terraform/issues/2247/labels: 422 Validation Failed [{Resource:Label Field:name Code:invalid Message:}]

hmcts-platform-operations · 2024-10-11T06:40:22Z

Plan Result (sbox_frontendappgateway - TerraformPlanApply)

Plan: 0 to add, 2 to change, 0 to destroy.

Update
- module.frontendappgateway.azurerm_application_gateway.ag[0]
- module.frontendappgateway.azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0]

Change Result (Click me)

  # module.frontendappgateway.azurerm_application_gateway.ag[0] will be updated in-place
  ~ resource "azurerm_application_gateway" "ag" {
        id                                = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks-fe-00-sbox-agw"
        name                              = "cft-aks-fe-00-sbox-agw"
        tags                              = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/azure-platform-terraform"
            "businessArea" = "CFT"
            "criticality"  = "Low"
            "environment"  = "sandbox"
            "expiresAfter" = "3000-01-01"
            "startupMode"  = "always"
        }
        # (8 unchanged attributes hidden)

      - probe {
          - host                                      = "cft-api-mgmt.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks-fe-00-sbox-agw/probes/cft-api-mgmt" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "cft-api-mgmt" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "frontdoor.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks-fe-00-sbox-agw/probes/plumclassic" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "plumclassic" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "hmcts-access.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks-fe-00-sbox-agw/probes/hmcts-access" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "hmcts-access" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "hmi-apim.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks-fe-00-sbox-agw/probes/hmi-apim" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "hmi-apim" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "idam-user-dashboard.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks-fe-00-sbox-agw/probes/idam-user-dashboard" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "idam-user-dashboard" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "idam-web-public.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks-fe-00-sbox-agw/probes/idam-web-public" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "idam-web-public" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "plum.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks-fe-00-sbox-agw/probes/plum" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "plum" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "reformscan.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks-fe-00-sbox-agw/probes/reformscan" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "reformscan" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      + probe {
          + host                                      = "cft-api-mgmt.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "cft-api-mgmt"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "frontdoor.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "plumclassic"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "hmcts-access.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "hmcts-access"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "hmi-apim.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "hmi-apim"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "idam-user-dashboard.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "idam-user-dashboard"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "idam-web-public.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "idam-web-public"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "plum.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "plum"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "reformscan.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "reformscan"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }

        # (40 unchanged blocks hidden)
    }

  # module.frontendappgateway.azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0] will be updated in-place
  ~ resource "azurerm_monitor_diagnostic_setting" "diagnostics_access_logs_sa" {
        id                             = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks-fe-00-sbox-agw|app-gw-storage-account"
        name                           = "app-gw-storage-account"
        # (6 unchanged attributes hidden)

      - metric {
          - category = "AllMetrics" -> null
          - enabled  = false -> null

          - retention_policy {
              - days    = 0 -> null
              - enabled = false -> null
            }
        }

        # (2 unchanged blocks hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.

⚠️ Errors

add a label sbox_frontendappgateway - TerraformPlanApply/add-or-update: POST https://api.github.com/repos/hmcts/azure-platform-terraform/issues/2247/labels: 422 Validation Failed [{Resource:Label Field:name Code:invalid Message:}]

hmcts-platform-operations · 2024-10-11T06:40:27Z

Plan Result (sbox_shutter_webapp - TerraformPlanApply)

No changes. Your infrastructure matches the configuration.

⚠️ Errors

add a label sbox_shutter_webapp - TerraformPlanApply/no-changes: POST https://api.github.com/repos/hmcts/azure-platform-terraform/issues/2247/labels: 422 Validation Failed [{Resource:Label Field:name Code:invalid Message:}]

hmcts-platform-operations · 2024-10-11T06:40:27Z

Plan Result (sbox_global - TerraformPlanApply)

Plan: 0 to add, 3 to change, 0 to destroy.

Update
- azurerm_storage_account.diagnostics
- module.premium_front_door.azurerm_cdn_frontdoor_profile.front_door
- module.premium_front_door.azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0]

Change Result (Click me)

  # azurerm_storage_account.diagnostics will be updated in-place
  ~ resource "azurerm_storage_account" "diagnostics" {
      ~ cross_tenant_replication_enabled   = true -> false
        id                                 = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Storage/storageAccounts/hmctscftdiagsbox"
        name                               = "hmctscftdiagsbox"
        tags                               = {
            "application"  = "core"
            "builtFrom"    = "hmcts/azure-platform-terraform"
            "businessArea" = "CFT"
            "criticality"  = "Low"
            "environment"  = "sandbox"
            "expiresAfter" = "3000-01-01"
            "startupMode"  = "always"
        }
        # (95 unchanged attributes hidden)

        # (3 unchanged blocks hidden)
    }

  # module.premium_front_door.azurerm_cdn_frontdoor_profile.front_door will be updated in-place
  ~ resource "azurerm_cdn_frontdoor_profile" "front_door" {
        id                       = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Cdn/profiles/hmcts-sbox"
        name                     = "hmcts-sbox"
        tags                     = {
            "application"  = "core"
            "builtFrom"    = "hmcts/azure-platform-terraform"
            "businessArea" = "CFT"
            "criticality"  = "Low"
            "environment"  = "sandbox"
            "expiresAfter" = "3000-01-01"
            "startupMode"  = "always"
        }
        # (4 unchanged attributes hidden)

      - identity {
          - identity_ids = [] -> null
          - principal_id = "8523e6b9-8461-46fd-abb9-1b2491384367" -> null
          - tenant_id    = "531ff96d-0ae9-462a-8d2d-bec7c0b42082" -> null
          - type         = "SystemAssigned" -> null
        }
    }

  # module.premium_front_door.azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0] will be updated in-place
  ~ resource "azurerm_monitor_diagnostic_setting" "diagnostics_access_logs_sa" {
        id                             = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Cdn/profiles/hmcts-sbox|fd-log-analytics-logs-sa"
        name                           = "fd-log-analytics-logs-sa"
        # (6 unchanged attributes hidden)

      - metric {
          - category = "AllMetrics" -> null
          - enabled  = false -> null

          - retention_policy {
              - days    = 0 -> null
              - enabled = false -> null
            }
        }

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 3 to change, 0 to destroy.

hmcts-platform-operations · 2024-10-11T06:41:20Z

Plan Result (stg_private_dns - TerraformPlanApply)

No changes. Your infrastructure matches the configuration.

hmcts-platform-operations · 2024-10-11T06:41:22Z

Plan Result (prod_private_dns - TerraformPlanApply)

No changes. Your infrastructure matches the configuration.

hmcts-platform-operations · 2024-10-11T06:41:24Z

Plan Result (demo_private_dns - TerraformPlanApply)

No changes. Your infrastructure matches the configuration.

github-actions · 2024-10-25T07:26:09Z

General Improvements

Update Consistency Across Components: Although the update to version "4.7.0" of the azurerm provider is consistent across most components, it's essential to ensure that all components requiring the azurerm provider are updated to ensure compatibility and leverage new features or bug fixes uniformly.
Version Constraint Flexibility: Instead of hardcoding a specific provider version, consider using version constraints that allow for more flexibility and easier maintenance. For example:
hcl
azurerm = {
source = "hashicorp/azurerm"
version = "~> 4.7"
}
```
This allows for automatic updates to newer versions within the \"4.x\" range that are backward compatible, reducing the maintenance burden and ensuring that the latest features and fixes are used.
```
Review and Test for Deprecated Features: Since version "4.7.0" could introduce changes or deprecate features present in "3.x" versions, it's crucial to review the release notes of the azurerm provider and test the infrastructure changes to ensure that no deprecated features are being used and to adapt to any breaking changes.
Infrastructure as Code (IaC) Linting and Validation: Integrate IaC linting and validation tools like tflint or terraform validate into the development workflow to catch common errors and enforce best practices early in the development cycle.
Security Review: Ensure that updating the provider does not introduce any security vulnerabilities by reviewing the access controls and permissions required by the new version. Use tools like tfsec to automatically scan Terraform code for potential security issues.
Performance Considerations: Evaluate the performance implications of the new provider version on your infrastructure. New features or changes might impact the cost or performance. Although specific to each deployment, a review should include an evaluation of the resources being managed by Terraform to identify any potential cost increases or performance impacts.

Cost and Carbon Usage Considerations

Cost Impact: The direct cost impact of updating the azurerm provider version is minimal; however, indirect costs might arise from new features, changes in resource management, or performance enhancements that could either increase efficiency (reducing cost and carbon footprint) or introduce more resource-intensive operations. An exact cost change estimate requires specific usage details but encourage a proactive evaluation of resource utilization post-update.
Carbon Usage: While the provider version update itself is not directly tied to carbon usage, optimizations and efficiency improvements in newer versions can help reduce the carbon footprint by managing Azure resources more effectively. Review the managed resources for opportunities to scale down or use more efficient options that might have become available in the newer version.

Conclusion

The upgrade to version "4.7.0" of the azurerm provider across various components is a positive step towards leveraging the latest features and improvements. However, ensuring that all aspects of the update are evaluated—including version constraint flexibility, deprecated features, security, performance, cost, and carbon usage—is critical for maintaining a secure, efficient, and cost-effective infrastructure.

github-actions · 2024-11-01T07:22:08Z

Code Review on Terraform Updates

General Observations:

The git diff shows a series of updates to the azurerm provider across various Terraform configurations, upgrading from versions 3.113.0 and 3.65.0 to 4.8.0. This is a positive move, likely aimed at leveraging new features, performance improvements, and bug fixes available in the latest version of the provider.

Additional Improvements:

Version Constraints:
- It's beneficial to define a version range instead of pinning to a specific version, ensuring some level of flexibility. Using the pessimistic constraint operator can automatically allow patch updates, which are usually safe. For example:
  hcl
  azurerm = {
  source = "hashicorp/azurerm"
  - version = "4.8.0"
  - version = "~> 4.8"
    }
- This still pins the provider version to 4.x but allows automatic updates within this range, helping with bug fixes and minor feature improvements without manual changes.
Consistency in Terraform Configuration:
- Ensure all Terraform configurations within your project follow the same conventions and practices regarding provider versions and other configurations. This seems to be the case here, but it's an ongoing concern.
Security and Maintenance:
- Regularly review and update the providers to catch up with the latest security patches and functionalities. Automated tools or CI/CD pipelines can help identify outdated dependencies.
Validation of New Version:
- Before committing to the version upgrade across all modules, validate the new provider version in a development or testing environment. Ensure that the new version does not introduce breaking changes that could affect your infrastructure.
Documentation and Change Log:
- Update the project's documentation to reflect the change in the provider version, especially if there are specific reasons behind the upgrade (e.g., needed features, security patches).
- Review the change log for hashicorp/azurerm to understand the implications of the upgrade and communicate any necessary actions to your team.
Cost Impact:
- While provider updates themselves do not directly incur costs, new features or resources introduced might optimize or increase your infrastructure's cost depending on their usage. It's advisable to review any new cost-optimization features or resources that could be leveraged as part of this upgrade.
- No direct cost (in GBP) can be associated with this update without specific context on the resources managed by Terraform. However, optimizing resource usage or taking advantage of new pricing features can indirectly impact costs.
Carbon Usage:
- Similar to costs, the update itself doesn't directly impact carbon usage. However, leveraging new efficiencies or more sustainable resource types available in the newer azurerm version could contribute to reduced carbon output. This aligns well with best practices around sustainability in cloud resource management.

Conclusion:

This upgrade to the azurerm provider version is a step in the right direction for maintaining a secure and up-to-date infrastructure codebase. Following the additional recommendations will ensure that this update, and future updates, align with best practices for security, cost optimization, and environmental impact.

github-actions · 2024-11-08T07:24:24Z

Terraform AzureRM Provider Version Update Review

The updates shown in the diff primarily involve updating the AzureRM provider version for various Terraform components from 3.113.0 and 3.65.0 to 4.9.0. Below are additional recommendations to enhance the quality, security, and further align with best practices. The cost and carbon usage analysis for these updates are generally minimal on their own but could have indirect effects based on the usage of new features or more efficient resource management available in the newer provider versions.

Review Changelog for Breaking Changes:
Ensure you review the AzureRM provider's changelog for versions between 3.113.0 and 4.9.0 to identify any breaking changes that could affect your infrastructure deployment. Adjust your Terraform configurations accordingly.
Validating Configuration Files:
After updating the provider version, use the command terraform validate in each component's directory to ensure that your configurations are syntactically valid and internally consistent.
Plan and Review:
Before applying any changes, execute terraform plan to review the actions Terraform will perform. This helps in identifying any unintended changes or potential disruptions.
Version Constraints:
Instead of hardcoding to a specific version, consider using version constraints to allow for automatic updates within a defined range. For example:
hcl
azurerm = {
source = "hashicorp/azurerm"
version = "~> 4.9"
}
```
This approach helps in receiving backward-compatible provider updates, which might include important security patches and minor features without manually updating the version each time.
```
Use of Terraform Workspaces for Environment Management:
If not already in use, consider Terraform workspaces for managing multiple environments (such as development, staging, and production). It helps in reducing duplication of code across environments and ensures cleaner state management.
Security Practices:
- Ensure your Azure credentials are securely managed and not hardcoded in your Terraform configurations.
- Regularly rotate secrets and credentials.
- Utilize Terraform's sensitive data handling to prevent sensitive data from being exposed in the plan or state files.
Review and Utilize New Features:
Newer versions of providers often come with new features or enhancements that could optimize your configurations or introduce new Azure services that could be beneficial. Review the updated documentation for potential optimizations.
Cost Management:
Monitor the costs associated with deploying and managing the updated resources. Utilize Azure cost management tools to analyze any impact. The change in provider versions itself doesn't incur costs, but new features or resources utilized as a result might.
Infrastructure as Code (IaC) Security Scanning:
Integrate IaC security scanning tools like Checkov, Terrascan, or tfsec in your CI/CD pipeline to automatically detect security vulnerabilities and compliance issues in your Terraform configurations.

In summary, while the provider version update is a crucial aspect, ensure comprehensive testing and review to leverage newer features safely and efficiently. These actions not only maintain the health and security of your infrastructure but also optimize costs and carbon footprint over time.

Estimated Price Changes: Direct cost changes due to provider version updates are not applicable. Indirect costs will depend on optimizations and new resources utilized as a result of new features available in version 4.9.0.

github-actions · 2024-11-15T07:11:21Z

Code Review

Terraform Provider Version Update

The diff indicates that the Terraform azurerm provider has been updated to version 4.10.0 across various components. This is a positive step, assuming the update doesn't introduce compatibility issues with your infrastructure code. Version 4.x typically includes new features, improvements, and bug fixes over 3.x.

Specific Suggestions:

Review Changelog: Ensure you've reviewed the provider's changelog for any breaking changes, new features, or deprecated functionalities between 3.113.0 (and 3.65.0 for the shutter_static_webapp component) and 4.10.0. This will help you anticipate and manage any necessary changes to your Terraform configurations.
Testing: Given the provider version jump, extensive testing is crucial. Ensure to test the changes in a non-production environment first. Consider implementing a more granular version of infrastructure testing (unit, integration, and acceptance tests if possible), to mitigate the risks of unforeseen issues.
Version Constraints: Using a specific version (e.g., version = \"4.10.0\") is good for consistency and reliability. However, consider using version constraints to allow for automatic updates within a safe range. For example, using version = \"~> 4.10\" would allow automatic updates to any non-breaking 4.x versions, while preventing updates to a new major version that could include breaking changes. This balance ensures security patches and minor updates are applied while safeguarding against breaking changes.
Provider Locking for State Stability: When upgrading providers, ensure that the state file is safely updated especially in team environments. Provider version locking prevents accidental updates that could lead to state inconsistency. While the explicit version does this, combined with a proper version control system for your .tf files, it further ensures stability.
Consider Impact on Costs and Carbon Usage: Upgrading the provider version in itself might not directly affect costs or carbon usage. However, new features available in the updated version could allow for more efficient resource management, potentially lowering both costs and carbon footprint. For example, if the update includes new features for more efficient scaling, you may be able to optimize resource usage, thus reducing both.
Documentation Update: Ensure that all documentation is updated to reflect the new provider version. This includes internal documentation that might list out the versions of tools and providers being used.

Cost & Carbon Usage Consideration:

Direct cost or carbon usage impact from upgrading the Terraform provider version is negligible. However, leveraging new features for efficiency could have downstream benefits in reducing both costs and carbon footprint. Although quantifying these savings depends heavily on your specific deployments, adopting more efficient patterns enabled by the provider upgrade could lead to reduced compute, storage, or networking resources, translating into cost savings and potentially lower carbon emissions associated with decreased power consumption.

github-actions · 2024-11-22T10:26:57Z

The git diff indicates that the version of the azurerm provider has been updated from 3.x to 4.11.0 across multiple Terraform components. Here are additional improvements that could be made, focusing on security, best practices, and potential cost and carbon footprint implications:

Code Quality & Best Practices

Pin to Specific Minor Versions: While updating the provider version is a good practice to leverage new features and fixes, it's often best to pin to a specific minor version to avoid unexpected changes. The update to 4.11.0 is specific, but ensure that for future updates, you consider the stability of pinning to a specific version. Example:
hcl
version = "~> 4.11.0"
```
This approach minimizes the impact of breaking changes introduced in new versions.
```
Review Changelog for Deprecated Features: Ensure that the upgrade does not use any deprecated features from the azurerm provider. Review the Terraform Provider Changelog for 4.x to adjust any deprecated resources or attributes.
Utilize New Features for Security & Performance: Version 4.x of the azurerm provider likely introduces new features and resources that can enhance security and performance. Ensure to audit your infrastructure to leverage these improvements, such as advanced threat protection settings or newer networking configurations.

Security Enhancements

Encrypt State Files: If not already implemented, ensure that the Terraform state files stored in remote backends are encrypted at rest. Most cloud providers offer this feature. If using Azure Blob Storage as a backend, enable server-side encryption.
Use Azure Private Endpoints: For enhanced security, consider using Azure Private Endpoints for accessing Azure Services from your virtual network, minimizing exposure to the public internet.

Cost & Carbon Usage Considerations

Cost Management: Monitor the impact of upgraded resources on costs. Utilizing new features or enhanced configurations might increase the cost. Tools like Azure Cost Management can help identify and manage cloud costs effectively.
Efficient Resource Sizing: After the provider upgrade, review and adjust resource sizing based on utilization metrics to avoid over-provisioning. Azure offers various tools for monitoring and recommendations, such as Azure Advisor, which can help optimize resources for cost and performance.
Sustainability: Azure has been making strides towards sustainability. Opt for regions that have a higher mix of renewable energy and consider using services that are marked as sustainable by Azure. This not only helps in reducing carbon footprint but might align with organization-wide sustainability goals.

Since pricing for Azure services varies based on region, resource types, and usage, it's challenging to provide a specific cost estimation without detailed infrastructure usage patterns. However, adopting best practices for efficiency and monitoring can lead to cost savings over time.

github-actions · 2024-11-29T07:35:44Z

Terraform Provider Upgrade Analysis

The primary change in the diff is the upgrade of the azurerm provider version from 3.113.0 and 3.65.0 to 4.12.0 across multiple Terraform configuration files. Below are additional improvements and considerations related to this change:

1. Review Change Log for Breaking Changes:

Given the major version bump (from 3.x to 4.x), there could be breaking changes that might affect existing resources or their configuration.

Improvement: Review the AzureRM provider's release notes for versions 4.0.0 through 4.12.0 to identify any breaking changes and ensure your codebase and resource configurations are updated accordingly.

2. Assess Deprecations and New Features:

Major version upgrades typically introduce new features and deprecate old ones.

Improvement: Assess and leverage new functionalities that could simplify your configurations or introduce optimizations. Ensure that no deprecated attributes or resources are being used, replacing them as required.

3. Version Constraints:

The current version is pinned to 4.12.0, which could potentially limit the adoption of newer versions and their improvements or patches.

Improvement: Consider using version constraints to allow for flexibility and automatic adoption of newer, non-breaking versions. For example, \"~> 4.12\" would allow all versions 4.12.x.

4. Testing and Validation:

With the provider update, thorough testing is crucial to ensure that existing resources are not inadvertently affected.

Improvement: Implement or enhance your CI/CD pipeline to include steps for plan validation (terraform plan) and, if possible, add stages for automated testing in a controlled environment before applying changes to production.

5. Cost and Carbon Usage Consideration:

Upgrading a provider does not directly impact cost or carbon usage. However, new features or optimizations introduced by the upgrade could enable more efficient resource usage, potentially leading to cost and carbon savings.

Improvement: After familiarizing yourself with the new features or changes, review your infrastructure with an eye towards optimization. Look for opportunities to downsize resources, leverage managed services for efficiency, and improve the overall architecture for both cost and environmental impact.

Pricing Estimation:

Direct cost changes due to a provider upgrade are not typically applicable. However, indirect cost changes can occur if this enables deploying newer, potentially more cost-efficient Azure services or features.
It's advisable to use price estimation tools or services (such as Azure Pricing Calculator) post-upgrade to reassess your resources.

Conclusion

Upgrading the azurerm provider version is a significant step that requires careful planning, validation, and testing to ensure compatibility and leverage new capabilities. Follow best practices for version management and thorough review processes for an efficient and safe upgrade.

github-actions · 2024-12-06T06:32:01Z

Additional Improvements for Terraform Configuration

Consistency in Provider Configuration

Best Practice: It's commendable to update the provider version across different components for consistency and to leverage new features or bug fixes. However, ensure all components are tested thoroughly with the new provider version to prevent unexpected behaviors or compatibility issues. For example, if one component relies on a feature that behaves differently in the new version, it could potentially break your infrastructure deployment.

Locking Provider Versions

Best Practice: While upgrading provider versions is a good practice, locking the provider version using >= can potentially introduce breaking changes unintentionally when a new major version is released. To avoid this:
hcl
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 4.13.0"
}
}
}
```
Here, using `~>` allows patch and minor updates that are supposed to be backward compatible but prevents automatic major version upgrades.
```

Leverage State Locking

Security & Best Practice: If not already in place, consider implementing state locking to prevent conflicts during concurrent state operations, which could potentially corrupt your state file.
- Adding a state backend that supports locking (such as Azure Blob Storage with state locking enabled) ensures only one operation can modify the state at a time.

Security by Principle of Least Privilege

Security: Ensure the Terraform process using these configurations adheres to the Principle of Least Privilege (PoLP). For instance, the IAM role or the service principal used by Terraform should have only the necessary permissions to perform the required tasks in these components.

Continuous Integration/Continuous Deployment (CI/CD) Pipeline

Best Practice & Cost-Effectiveness: Implementing a CI/CD pipeline for running Terraform plans can improve the security and efficiency of deploying infrastructure changes. Automated pipelines can:
- Perform terraform plan on pull requests to show the impact of changes.
- Apply terraform apply in a controlled and audited environment, reducing the chance of manual errors.

Review Costs of Upgraded Resources

Cost: Upgrading the provider version may unlock new features or change the default configuration of resources, which could impact cost. Review the Azure pricing page for any changes in the pricing structures of resources you’re using in your Terraform configurations and adjust accordingly to manage costs.

Environment-specific Configurations

Best Practice: It is not visible from the diff whether environment-specific configurations (e.g., development, staging, production) are managed effectively. Utilize Terraform workspaces or module parameters to customize resources per environment to avoid accidentally applying development settings to production environments.

Version Control and Documentation

Best Practice: Maintain thorough documentation both within the code (using comments) and in external documentation to explain why certain versions are required and the impact of these upgrades. This aids in knowledge sharing among team members and future debugging efforts.

Conclusion

Performing a provider version upgrade in Terraform is a significant step towards utilizing better features and ensuring security through bug fixes. However, it comes with the responsibility to conduct thorough testing, review the impact on existing resources, and ensure best practices around security and infrastructure management are followed.

github-actions · 2024-12-13T08:44:29Z

Code Review Assessment

The git diff presented shows updates to the azurerm provider version across multiple Terraform configurations. Upgrading to a more recent provider version is generally a good practice, as it ensures access to the latest features, improvements, and bug fixes. However, additional considerations and improvements should be taken into account:

Version Consistency

All the changes consistently update the provider to version 4.14.0. This consistency is good as it helps avoid compatibility issues across different Terraform modules or components that may rely on the same version of a provider.

Version Pinning Best Practices

Upgrading the provider version is important, but it is equally important to ensure that the upgrade doesn't introduce breaking changes that could affect your infrastructure. It is a good practice to:

Test the new version in a controlled environment before applying it to your production infrastructure.
Review the provider's release notes for the new version to understand the changes, especially breaking changes.
Consider using version constraints rather than pinning to a specific version. For instance, using >= 4.14, < 5.0 instead of hard coding 4.14.0 ensures you get patches and minor updates without automatically upgrading to a potentially breaking major version. Example change:

diff
azurerm = {
- version = "4.14.0"
- version = ">= 4.14, < 5.0"
  }

Additional Suggestions

Review Dependencies: Ensure that other dependencies or modules used in your Terraform configuration are also compatible with the updated azurerm provider version. Compatibility issues could lead to unexpected behavior or deployment failures.
Infrastructure as Code (IaC) Linting and Static Analysis: Consider integrating tools like tflint or checkov to automatically scan your Terraform configurations for common issues and best practices. This can help identify potential security and compliance issues early in the development cycle.
Automated Testing: Depending on the complexity of your infrastructure, it might be beneficial to set up automated testing (e.g., using Terratest) to verify that infrastructure changes perform as expected without manual intervention.
Documentation: Ensure that any documentation related to these Terraform components is updated to reflect the provider version change, especially if there are specific setup instructions or prerequisites tied to the provider version.

Cost, Security, Best Practice

Cost: The provider version update in itself doesn't directly impact costs. However, newer features enabled by the update may influence cost optimization strategies.
Security: Always staying updated with the latest versions can mitigate security vulnerabilities. It's critical to review the release notes for any security fixes.
Best Practice: Regularly updating providers and testing these updates in isolation or staging environments before production is a best practice. It ensures stability and access to the latest features without compromising security or functionality.

Carbon Usage

Directly, updating a Terraform provider version does not impact carbon usage. Indirect implications might arise from the adoption of new, more efficient resources or services facilitated by the update that could improve the overall energy efficiency of managed infrastructure.

In conclusion, while the version update is a positive step, it's critical to incorporate best practices around version pinning, thorough testing, and consideration of compatibility and documentation to ensure smooth and secure operations.

github-actions · 2025-01-09T17:01:31Z

The given git diff suggests an update to the AzureRM provider for Terraform across various components from either version 3.113.0 or 3.65.0 straight to 4.14.0. The updates appear uniformly across different Terraform configurations. Here are some additional improvements and considerations:

1. Review Upgrade Guides

Upgrading major versions (from 3.x to 4.x) often includes breaking changes. Ensure that you have reviewed the AzureRM Provider upgrade guide from 3.x to 4.x to understand changes that might affect your configurations. For example:

Check if any resources or attributes have been deprecated or changed significantly.
Verify if any new mandatory fields are introduced in the resources you are using.

2. Version Constraints

Instead of pinning to a specific version \"4.14.0\", you might want to use version constraints to allow for automatic updates within a safe range. This would facilitate easier patch and minor updates for improvements and security fixes. Example:

hcl
azurerm = {
source = "hashicorp/azurerm"

version = "4.14.0"

version = "~> 4.14" # This allows minor updates.
}


### 3. **Testing the Upgrade**

Before applying this upgrade in a production environment, ensure to test:
- **Plan and apply** these changes in a development or staging environment.
- Utilize Terraform’s `plan` command to see what would be changed or destroyed with these updates.
- Testing will help catch any deprecations or changes in behavior before it affects your production infrastructure.

### 4. **Documentation & Commenting**

Given the major version upgrade, it would be beneficial to:
- Document the reason for this upgrade in your project documentation or next to the version line in your Terraform configurations, especially if it enables the use of new features or addresses specific bugs or security issues.

### 5. **Cost and Carbon Usage Implications**

Switching to a new version doesn't directly influence cost or carbon usage on its own. However, it might enable the use of newer AzureRM features that could be more efficient or cost-effective. Examples include:
- Enhanced resource types which are optimized for performance and cost.
- Improved configuration options that might reduce unnecessary provisioning or offer more granular scaling options.

**Estimated Cost Changes**: No direct cost change from the upgrade itself. Indirect changes could occur if this upgrade leads to the adoption of newer Azure features or resources that affect pricing.

**Carbon Usage**: Similar to cost changes, the version update doesn't directly affect carbon usage. However, optimizing resource usage and selecting more efficient services as enabled by the new provider version could reduce carbon footprint. 

Ensure your transition plan includes evaluating these aspects based on the specific Azure resources you are utilizing in your Terraform configurations.

hmcts-platform-operations · 2025-01-09T17:07:24Z

Plan Result (demo_pubsubappgateway - TerraformPlanApply)

Plan: 0 to add, 3 to change, 0 to destroy.

Update
- module.pubsubappgateway[0].azurerm_application_gateway.ag[0]
- module.pubsubappgateway[0].azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0]
- module.pubsubappgateway[0].azurerm_web_application_firewall_policy.waf_policy[0]

Change Result (Click me)

  # module.pubsubappgateway[0].azurerm_application_gateway.ag[0] will be updated in-place
  ~ resource "azurerm_application_gateway" "ag" {
        id                                = "/subscriptions/d025fece-ce99-4df2-b7a9-b649d3ff2060/resourceGroups/cft-demo-network-rg/providers/Microsoft.Network/applicationGateways/cft-pubsub00-demo-agw"
        name                              = "cft-pubsub00-demo-agw"
        tags                              = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/azure-platform-terraform"
            "businessArea" = "CFT"
            "criticality"  = "Medium"
            "environment"  = "demo"
            "startupMode"  = "always"
        }
        # (8 unchanged attributes hidden)

      - probe {
          - host                                      = "em-icp-webpubsub.demo.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/d025fece-ce99-4df2-b7a9-b649d3ff2060/resourceGroups/cft-demo-network-rg/providers/Microsoft.Network/applicationGateways/cft-pubsub00-demo-agw/probes/em-icp-webpubsub" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "em-icp-webpubsub" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      + probe {
          + host                                      = "em-icp-webpubsub.demo.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "em-icp-webpubsub"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }

        # (12 unchanged blocks hidden)
    }

  # module.pubsubappgateway[0].azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0] will be updated in-place
  ~ resource "azurerm_monitor_diagnostic_setting" "diagnostics_access_logs_sa" {
        id                             = "/subscriptions/d025fece-ce99-4df2-b7a9-b649d3ff2060/resourceGroups/cft-demo-network-rg/providers/Microsoft.Network/applicationGateways/cft-pubsub00-demo-agw|app-gw-storage-account"
        name                           = "app-gw-storage-account"
        # (6 unchanged attributes hidden)

      - metric {
          - category = "AllMetrics" -> null
          - enabled  = false -> null

          - retention_policy {
              - days    = 0 -> null
              - enabled = false -> null
            }
        }

        # (2 unchanged blocks hidden)
    }

  # module.pubsubappgateway[0].azurerm_web_application_firewall_policy.waf_policy[0] will be updated in-place
  ~ resource "azurerm_web_application_firewall_policy" "waf_policy" {
        id                  = "/subscriptions/d025fece-ce99-4df2-b7a9-b649d3ff2060/resourceGroups/cft-demo-network-rg/providers/Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/cft-pubsub-waf-policy-demo"
        name                = "cft-pubsub-waf-policy-demo"
        tags                = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/azure-platform-terraform"
            "businessArea" = "CFT"
            "criticality"  = "Medium"
            "environment"  = "demo"
            "startupMode"  = "always"
        }
        # (4 unchanged attributes hidden)

      ~ policy_settings {
          ~ js_challenge_cookie_expiration_in_minutes = 0 -> 30
            # (8 unchanged attributes hidden)
        }

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 3 to change, 0 to destroy.

⚠️ Errors

add a label demo_pubsubappgateway - TerraformPlanApply/add-or-update: POST https://api.github.com/repos/hmcts/azure-platform-terraform/issues/2247/labels: 422 Validation Failed [{Resource:Label Field:name Code:invalid Message:}]

github-actions · 2025-01-10T11:56:57Z

General Improvement Across All Components

Upgrade to Use Latest Features or Fixes
- Justification: Upgrading the azurerm provider to 4.15.0 across various components is a good practice as it may include new features, bug fixes, and improvements over the previous versions. It ensures that your infrastructure is utilizing the latest enhancements offered by the provider.
- Example: After upgrading to azurerm 4.15.0, review the release notes for any new features or improvements that could be beneficial for your components. For instance, if there are new networking features available, explore how they can be integrated to optimize network performance or reduce costs.
Consistency
- Justification: Consistency across all Terraform configurations is essential for maintainability and understanding. This upgrade has been applied uniformly across different components, which is excellent. Ensure that this consistency is maintained in future upgrades as well.
- Example: If a new version of the azurerm provider is released in the future, plan to upgrade all components simultaneously where possible, after testing for compatibility. This avoids scenarios where different parts of your infrastructure are using different versions of the provider, which can lead to inconsistencies and make troubleshooting more difficult.
Testing and Validation
- Justification: Major version upgrades can introduce breaking changes or require adjustments in your Terraform code. Make sure thorough testing is conducted in a development or staging environment to ensure that the upgrade does not break your existing infrastructure deployment and configurations.
- Example: Use Terraform's plan command to see the potential changes the upgrade will make to your infrastructure. Review the plan to ensure no unexpected changes will occur. Additionally, if possible, automate these stage deployments and tests to quickly adapt to provider updates in the future.
Documentation and Change Management
- Justification: Updating documentation and change management records when upgrading critical components like a Terraform provider helps in maintaining an accurate history of your infrastructure's evolution. This is invaluable for troubleshooting, auditing, and onboarding new team members.
- Example: Maintain an internal changelog or wiki noting the upgrade of the azurerm provider to 4.15.0, including the rationale (e.g., to utilize new features or for security patches) and any notable impacts or required changes to your Terraform configuration. This practice also helps in planning future upgrades.
Cost, Security, and Carbon Usage Considerations
It's also worth noting that the changes in the provider version themselves do not directly incur costs, introduce security implications, or affect carbon usage. However, the new features and improvements enabled by the upgrade might offer opportunities to optimize in these areas. Regularly review Azure's best practices and recommendations to fully leverage the benefits of the azurerm provider update.
- Cost: Leverage any new cost-saving features or enhancements introduced in the update.
- Security: Implement improved security controls or policies that may be available in the new version.
- Carbon Usage: If the update includes more efficient resource management or other sustainability-focused features, apply them to minimize your carbon footprint.

Remember, while keeping your provider version current is good practice, it is equally important to manage these upgrades thoughtfully and systematically to ensure they align with your operational and business objectives.

github-actions · 2025-01-16T22:56:21Z

Terraform Provider Version Upgrade Review

The pull request updates the AzureRM provider version from "3.113.0" and "3.65.0" to "4.16.0" across multiple Terraform configurations. This is an important step in keeping infrastructure code up-to-date with the latest provider features and bug fixes. However, several additional improvements and considerations should be made:

Review Changelog for Breaking Changes: Upgrading the azurerm provider across major versions (from 3.x to 4.x) could introduce breaking changes. Ensure the changelog has been reviewed to identify any breaking changes that might affect your configurations. Implement adjustments where necessary.

Example: If a resource's argument was renamed or removed in version 4.x, ensure your configuration reflects these changes.
Validate Configuration Compatibility: Before merging this upgrade, it's crucial to validate the configurations with the new provider version. Use terraform plan to ensure no unexpected changes will be applied.
Provider Version Constraints: Consider specifying a more flexible version constraint to automatically incorporate provider patches. This can improve ease of maintenance and security posture without manual updates.
```
- version = \"4.16.0\"
+ version = \"~> 4.16\"
```
This change allows the use of the latest patch releases within the 4.16.x range, aiding in automatically incorporating important fixes.
Provider Block Uniformity: Ensure all Terraform configurations use the same provider versions where applicable. This creates a uniform development environment and prevents compatibility issues. Your modifications indicate this has been addressed across multiple components; ensure no component is left behind.
Cost and Carbon Usage Implications: Upgrading providers does not directly incur costs or significantly affect carbon usage. However, new features enabled or performance improvements in the latest provider version can indirectly influence both by optimizing resource management or enabling more efficient services. After updating, monitor your infrastructure costs and performance to identify any such impacts.
Update Documentation: If your project documentation includes specific references to provider versions or instructions tied to certain versions, update these to reflect the new version. This ensures contributors are aware of the current setup.
Automate Future Updates: Consider using tools like Dependabot or Renovate for automated dependency updates, including Terraform providers. This can help maintain your infrastructure code more efficiently and securely by promptly adapting to new versions.

In conclusion, while updating the AzureRM provider to "4.16.0" is a positive step, attention to potential breaking changes, testing for compatibility, and adopting flexible version constraints are important to ensure a smooth transition and maintain optimal infrastructure code health.

github-actions · 2025-01-31T14:26:15Z

Code Review Feedback

Terraform Provider Version Update

The proposed changes involve updating the azurerm provider version across multiple Terraform configurations from various versions (version 3.113.0 and 3.65.0) to version 4.17.0. This is generally a good practice to stay up-to-date with the latest features and bug fixes. However, several factors need to be considered:

Ensure Compatibility: Before merging this change, ensure that your Terraform configurations are fully compatible with the new version of the provider. Review the release notes of azurerm for any breaking changes or deprecations. Implement necessary adjustments to your configurations to maintain or enhance functionality.
Testing: Rigorously test your Terraform plans in a controlled environment (staging or development) to catch any unexpected behavior before applying them in production. This helps in mitigating risks associated with the provider upgrade.
Version Pinning Strategy: It's generally a good practice to pin to a specific version of a provider to ensure consistency and predictability across deployments. However, consider using version constraints to automatically adopt new patch versions that typically include bug fixes and security patches, e.g. ~> 4.17.0 instead of a strict 4.17.0. This allows for some flexibility while maintaining control over major and minor version upgrades.
Documentation: Update any internal documentation that references the azurerm provider version, especially if there are specific version-dependent instructions or notes.

Version Consistency Across Components

It's positive to see the provider version being updated consistently across multiple components. This aids in maintaining uniformity and reducing potential compatibility issues between different parts of your infrastructure managed by Terraform.

Cost, Security, and Carbon Usage Considerations

Cost: Upgrading the provider itself doesn't directly incur costs, but new features or changes in resource management introduced in the newer versions could potentially lead to cost optimizations or increases, depending on how they are used.
Security: Keeping the provider up-to-date enhances security by ensuring that the latest security fixes and improvements are applied. Always assess new versions for any security advisories.
Carbon Usage: This change does not directly impact carbon usage. However, taking advantage of new efficiency features or more sustainable resource types introduced in the newer provider versions can contribute to reduced carbon footprint.

Specific Example for Improvement

hcl
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"

```
version = \"4.17.0\"
```

```
version = \"~> 4.17.0\"
```
}
}
}


By using the `~>` operator, you automatically accept patch-level changes without manual updates, promoting a balance between stability and staying up-to-date with important fixes.

hmcts-platform-operations · 2025-01-31T14:30:17Z

Plan Result (perftest_pubsubappgateway - TerraformPlanApply)

Plan: 0 to add, 3 to change, 0 to destroy.

Update
- module.pubsubappgateway[0].azurerm_application_gateway.ag[0]
- module.pubsubappgateway[0].azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0]
- module.pubsubappgateway[0].azurerm_web_application_firewall_policy.waf_policy[0]

Change Result (Click me)

  # module.pubsubappgateway[0].azurerm_application_gateway.ag[0] will be updated in-place
  ~ resource "azurerm_application_gateway" "ag" {
        id                                = "/subscriptions/8a07fdcd-6abd-48b3-ad88-ff737a4b9e3c/resourceGroups/cft-perftest-network-rg/providers/Microsoft.Network/applicationGateways/cft-pubsub00-perftest-agw"
        name                              = "cft-pubsub00-perftest-agw"
        tags                              = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/azure-platform-terraform"
            "businessArea" = "CFT"
            "criticality"  = "Medium"
            "environment"  = "testing"
            "startupMode"  = "always"
        }
        # (8 unchanged attributes hidden)

      - probe {
          - host                                      = "em-icp-webpubsub.perftest.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/8a07fdcd-6abd-48b3-ad88-ff737a4b9e3c/resourceGroups/cft-perftest-network-rg/providers/Microsoft.Network/applicationGateways/cft-pubsub00-perftest-agw/probes/em-icp-webpubsub" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "em-icp-webpubsub" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      + probe {
          + host                                      = "em-icp-webpubsub.perftest.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "em-icp-webpubsub"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }

        # (12 unchanged blocks hidden)
    }

  # module.pubsubappgateway[0].azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0] will be updated in-place
  ~ resource "azurerm_monitor_diagnostic_setting" "diagnostics_access_logs_sa" {
        id                             = "/subscriptions/8a07fdcd-6abd-48b3-ad88-ff737a4b9e3c/resourceGroups/cft-perftest-network-rg/providers/Microsoft.Network/applicationGateways/cft-pubsub00-perftest-agw|app-gw-storage-account"
        name                           = "app-gw-storage-account"
        # (6 unchanged attributes hidden)

      - metric {
          - category = "AllMetrics" -> null
          - enabled  = false -> null

          - retention_policy {
              - days    = 0 -> null
              - enabled = false -> null
            }
        }

        # (2 unchanged blocks hidden)
    }

  # module.pubsubappgateway[0].azurerm_web_application_firewall_policy.waf_policy[0] will be updated in-place
  ~ resource "azurerm_web_application_firewall_policy" "waf_policy" {
        id                  = "/subscriptions/8a07fdcd-6abd-48b3-ad88-ff737a4b9e3c/resourceGroups/cft-perftest-network-rg/providers/Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/cft-pubsub-waf-policy-perftest"
        name                = "cft-pubsub-waf-policy-perftest"
        tags                = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/azure-platform-terraform"
            "businessArea" = "CFT"
            "criticality"  = "Medium"
            "environment"  = "testing"
            "startupMode"  = "always"
        }
        # (4 unchanged attributes hidden)

      ~ policy_settings {
          ~ js_challenge_cookie_expiration_in_minutes = 0 -> 30
            # (8 unchanged attributes hidden)
        }

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 3 to change, 0 to destroy.

⚠️ Errors

add a label perftest_pubsubappgateway - TerraformPlanApply/add-or-update: POST https://api.github.com/repos/hmcts/azure-platform-terraform/issues/2247/labels: 422 Validation Failed [{Resource:Label Field:name Code:invalid Message:}]

hmcts-platform-operations · 2025-01-31T14:30:21Z

Plan Result (aat_pubsubappgateway - TerraformPlanApply)

Plan: 0 to add, 3 to change, 0 to destroy.

Update
- module.pubsubappgateway[0].azurerm_application_gateway.ag[0]
- module.pubsubappgateway[0].azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0]
- module.pubsubappgateway[0].azurerm_web_application_firewall_policy.waf_policy[0]

Change Result (Click me)

  # module.pubsubappgateway[0].azurerm_application_gateway.ag[0] will be updated in-place
  ~ resource "azurerm_application_gateway" "ag" {
        id                                = "/subscriptions/96c274ce-846d-4e48-89a7-d528432298a7/resourceGroups/cft-aat-network-rg/providers/Microsoft.Network/applicationGateways/cft-pubsub00-aat-agw"
        name                              = "cft-pubsub00-aat-agw"
        tags                              = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/azure-platform-terraform"
            "businessArea" = "CFT"
            "criticality"  = "High"
            "environment"  = "staging"
            "startupMode"  = "always"
        }
        # (8 unchanged attributes hidden)

      - probe {
          - host                                      = "em-icp-webpubsub.aat.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/96c274ce-846d-4e48-89a7-d528432298a7/resourceGroups/cft-aat-network-rg/providers/Microsoft.Network/applicationGateways/cft-pubsub00-aat-agw/probes/em-icp-webpubsub" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "em-icp-webpubsub" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      + probe {
          + host                                      = "em-icp-webpubsub.aat.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "em-icp-webpubsub"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }

        # (12 unchanged blocks hidden)
    }

  # module.pubsubappgateway[0].azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0] will be updated in-place
  ~ resource "azurerm_monitor_diagnostic_setting" "diagnostics_access_logs_sa" {
        id                             = "/subscriptions/96c274ce-846d-4e48-89a7-d528432298a7/resourceGroups/cft-aat-network-rg/providers/Microsoft.Network/applicationGateways/cft-pubsub00-aat-agw|app-gw-storage-account"
        name                           = "app-gw-storage-account"
        # (6 unchanged attributes hidden)

      - metric {
          - category = "AllMetrics" -> null
          - enabled  = false -> null

          - retention_policy {
              - days    = 0 -> null
              - enabled = false -> null
            }
        }

        # (2 unchanged blocks hidden)
    }

  # module.pubsubappgateway[0].azurerm_web_application_firewall_policy.waf_policy[0] will be updated in-place
  ~ resource "azurerm_web_application_firewall_policy" "waf_policy" {
        id                  = "/subscriptions/96c274ce-846d-4e48-89a7-d528432298a7/resourceGroups/cft-aat-network-rg/providers/Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/cft-pubsub-waf-policy-aat"
        name                = "cft-pubsub-waf-policy-aat"
        tags                = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/azure-platform-terraform"
            "businessArea" = "CFT"
            "criticality"  = "High"
            "environment"  = "staging"
            "startupMode"  = "always"
        }
        # (4 unchanged attributes hidden)

      ~ policy_settings {
          ~ js_challenge_cookie_expiration_in_minutes = 0 -> 30
            # (8 unchanged attributes hidden)
        }

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 3 to change, 0 to destroy.

⚠️ Errors

add a label aat_pubsubappgateway - TerraformPlanApply/add-or-update: POST https://api.github.com/repos/hmcts/azure-platform-terraform/issues/2247/labels: 422 Validation Failed [{Resource:Label Field:name Code:invalid Message:}]

hmcts-platform-operations · 2025-01-31T14:31:02Z

Plan Result (ithc_pubsubappgateway - TerraformPlanApply)

Plan: 0 to add, 3 to change, 0 to destroy.

Update
- module.pubsubappgateway[0].azurerm_application_gateway.ag[0]
- module.pubsubappgateway[0].azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0]
- module.pubsubappgateway[0].azurerm_web_application_firewall_policy.waf_policy[0]

Change Result (Click me)

  # module.pubsubappgateway[0].azurerm_application_gateway.ag[0] will be updated in-place
  ~ resource "azurerm_application_gateway" "ag" {
        id                                = "/subscriptions/62864d44-5da9-4ae9-89e7-0cf33942fa09/resourceGroups/cft-ithc-network-rg/providers/Microsoft.Network/applicationGateways/cft-pubsub00-ithc-agw"
        name                              = "cft-pubsub00-ithc-agw"
        tags                              = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/azure-platform-terraform"
            "businessArea" = "CFT"
            "criticality"  = "Medium"
            "environment"  = "ithc"
            "startupMode"  = "always"
        }
        # (8 unchanged attributes hidden)

      - probe {
          - host                                      = "em-icp-webpubsub.ithc.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/62864d44-5da9-4ae9-89e7-0cf33942fa09/resourceGroups/cft-ithc-network-rg/providers/Microsoft.Network/applicationGateways/cft-pubsub00-ithc-agw/probes/em-icp-webpubsub" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "em-icp-webpubsub" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      + probe {
          + host                                      = "em-icp-webpubsub.ithc.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "em-icp-webpubsub"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }

        # (12 unchanged blocks hidden)
    }

  # module.pubsubappgateway[0].azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0] will be updated in-place
  ~ resource "azurerm_monitor_diagnostic_setting" "diagnostics_access_logs_sa" {
        id                             = "/subscriptions/62864d44-5da9-4ae9-89e7-0cf33942fa09/resourceGroups/cft-ithc-network-rg/providers/Microsoft.Network/applicationGateways/cft-pubsub00-ithc-agw|app-gw-storage-account"
        name                           = "app-gw-storage-account"
        # (6 unchanged attributes hidden)

      - metric {
          - category = "AllMetrics" -> null
          - enabled  = false -> null

          - retention_policy {
              - days    = 0 -> null
              - enabled = false -> null
            }
        }

        # (2 unchanged blocks hidden)
    }

  # module.pubsubappgateway[0].azurerm_web_application_firewall_policy.waf_policy[0] will be updated in-place
  ~ resource "azurerm_web_application_firewall_policy" "waf_policy" {
        id                  = "/subscriptions/62864d44-5da9-4ae9-89e7-0cf33942fa09/resourceGroups/cft-ithc-network-rg/providers/Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/cft-pubsub-waf-policy-ithc"
        name                = "cft-pubsub-waf-policy-ithc"
        tags                = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/azure-platform-terraform"
            "businessArea" = "CFT"
            "criticality"  = "Medium"
            "environment"  = "ithc"
            "startupMode"  = "always"
        }
        # (4 unchanged attributes hidden)

      ~ policy_settings {
          ~ js_challenge_cookie_expiration_in_minutes = 0 -> 30
            # (8 unchanged attributes hidden)
        }

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 3 to change, 0 to destroy.

⚠️ Errors

add a label ithc_pubsubappgateway - TerraformPlanApply/add-or-update: POST https://api.github.com/repos/hmcts/azure-platform-terraform/issues/2247/labels: 422 Validation Failed [{Resource:Label Field:name Code:invalid Message:}]

hmcts-platform-operations · 2025-01-31T14:31:13Z

Plan Result (prod_pubsubappgateway - TerraformPlanApply)

Plan: 0 to add, 3 to change, 0 to destroy.

Update
- module.pubsubappgateway[0].azurerm_application_gateway.ag[0]
- module.pubsubappgateway[0].azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0]
- module.pubsubappgateway[0].azurerm_web_application_firewall_policy.waf_policy[0]

Change Result (Click me)

  # module.pubsubappgateway[0].azurerm_application_gateway.ag[0] will be updated in-place
  ~ resource "azurerm_application_gateway" "ag" {
        id                                = "/subscriptions/8cbc6f36-7c56-4963-9d36-739db5d00b27/resourceGroups/cft-prod-network-rg/providers/Microsoft.Network/applicationGateways/cft-pubsub00-prod-agw"
        name                              = "cft-pubsub00-prod-agw"
        tags                              = {
            "application"  = "core"
            "builtFrom"    = "hmcts/azure-platform-terraform"
            "businessArea" = "CFT"
            "criticality"  = "High"
            "environment"  = "production"
            "startupMode"  = "always"
        }
        # (8 unchanged attributes hidden)

      - probe {
          - host                                      = "em-icp-webpubsub.prod.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/8cbc6f36-7c56-4963-9d36-739db5d00b27/resourceGroups/cft-prod-network-rg/providers/Microsoft.Network/applicationGateways/cft-pubsub00-prod-agw/probes/em-icp-webpubsub" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "em-icp-webpubsub" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      + probe {
          + host                                      = "em-icp-webpubsub.prod.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "em-icp-webpubsub"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }

        # (12 unchanged blocks hidden)
    }

  # module.pubsubappgateway[0].azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0] will be updated in-place
  ~ resource "azurerm_monitor_diagnostic_setting" "diagnostics_access_logs_sa" {
        id                             = "/subscriptions/8cbc6f36-7c56-4963-9d36-739db5d00b27/resourceGroups/cft-prod-network-rg/providers/Microsoft.Network/applicationGateways/cft-pubsub00-prod-agw|app-gw-storage-account"
        name                           = "app-gw-storage-account"
        # (6 unchanged attributes hidden)

      - metric {
          - category = "AllMetrics" -> null
          - enabled  = false -> null

          - retention_policy {
              - days    = 0 -> null
              - enabled = false -> null
            }
        }

        # (2 unchanged blocks hidden)
    }

  # module.pubsubappgateway[0].azurerm_web_application_firewall_policy.waf_policy[0] will be updated in-place
  ~ resource "azurerm_web_application_firewall_policy" "waf_policy" {
        id                  = "/subscriptions/8cbc6f36-7c56-4963-9d36-739db5d00b27/resourceGroups/cft-prod-network-rg/providers/Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/cft-pubsub-waf-policy-prod"
        name                = "cft-pubsub-waf-policy-prod"
        tags                = {
            "application"  = "core"
            "builtFrom"    = "hmcts/azure-platform-terraform"
            "businessArea" = "CFT"
            "criticality"  = "High"
            "environment"  = "production"
            "startupMode"  = "always"
        }
        # (4 unchanged attributes hidden)

      ~ policy_settings {
          ~ js_challenge_cookie_expiration_in_minutes = 0 -> 30
            # (8 unchanged attributes hidden)
        }

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 3 to change, 0 to destroy.

⚠️ Errors

add a label prod_pubsubappgateway - TerraformPlanApply/add-or-update: POST https://api.github.com/repos/hmcts/azure-platform-terraform/issues/2247/labels: 422 Validation Failed [{Resource:Label Field:name Code:invalid Message:}]

renovate bot added the dependencies Pull requests that update a dependency file label Aug 23, 2024

renovate bot force-pushed the renovate/azurerm-4.x branch from 4c2f65a to 8b92be2 Compare August 24, 2024 00:29

renovate bot force-pushed the renovate/azurerm-4.x branch from 8b92be2 to 2f400ab Compare September 6, 2024 04:00

renovate bot force-pushed the renovate/azurerm-4.x branch from 2f400ab to 60c6425 Compare September 13, 2024 06:04

renovate bot force-pushed the renovate/azurerm-4.x branch from 60c6425 to f1d85bf Compare September 20, 2024 07:42

renovate bot force-pushed the renovate/azurerm-4.x branch from f1d85bf to db5a82f Compare October 4, 2024 07:11

renovate bot force-pushed the renovate/azurerm-4.x branch from db5a82f to b387976 Compare October 11, 2024 06:37

hmcts-platform-operations added the sbox_private_dns - TerraformPlanApply/no-changes label Oct 11, 2024

hmcts-platform-operations added the sbox_apim_appgw - TerraformPlanApply/add-or-update label Oct 11, 2024

hmcts-platform-operations added the sbox_global - TerraformPlanApply/add-or-update label Oct 11, 2024

hmcts-platform-operations added the stg_private_dns - TerraformPlanApply/no-changes label Oct 11, 2024

hmcts-platform-operations added the prod_private_dns - TerraformPlanApply/no-changes label Oct 11, 2024

hmcts-platform-operations added the demo_private_dns - TerraformPlanApply/no-changes label Oct 11, 2024

hmcts-platform-operations added the ithc_private_dns - TerraformPlanApply/no-changes label Oct 11, 2024

renovate bot force-pushed the renovate/azurerm-4.x branch from c8d9c88 to 5ed3c41 Compare October 25, 2024 07:25

renovate bot force-pushed the renovate/azurerm-4.x branch from 5ed3c41 to 97abe87 Compare November 1, 2024 07:21

renovate bot force-pushed the renovate/azurerm-4.x branch from 97abe87 to 3c368ba Compare November 8, 2024 07:23

renovate bot force-pushed the renovate/azurerm-4.x branch from 3c368ba to 52aec71 Compare November 15, 2024 07:10

renovate bot force-pushed the renovate/azurerm-4.x branch from 52aec71 to 0db7c24 Compare November 22, 2024 10:26

renovate bot force-pushed the renovate/azurerm-4.x branch from 0db7c24 to 78870a3 Compare November 29, 2024 07:35

renovate bot force-pushed the renovate/azurerm-4.x branch from 78870a3 to 27cb959 Compare December 6, 2024 06:31

renovate bot force-pushed the renovate/azurerm-4.x branch from 27cb959 to 3212595 Compare December 13, 2024 08:43

renovate bot force-pushed the renovate/azurerm-4.x branch from 3212595 to f6c36f7 Compare January 9, 2025 17:00

renovate bot force-pushed the renovate/azurerm-4.x branch from f6c36f7 to f946490 Compare January 10, 2025 11:55

renovate bot force-pushed the renovate/azurerm-4.x branch from f946490 to 4038e13 Compare January 16, 2025 22:55

Update Terraform azurerm to v4

5a1679e

renovate bot force-pushed the renovate/azurerm-4.x branch from 4038e13 to 5a1679e Compare January 31, 2025 14:25

Update Terraform azurerm to v4 #2247

Are you sure you want to change the base?

Update Terraform azurerm to v4 #2247

Conversation

renovate bot commented Aug 23, 2024 • edited Loading

Release Notes

Configuration

github-actions bot commented Aug 23, 2024

Code Review: Terraform AzureRM Provider Version Upgrade

github-actions bot commented Aug 24, 2024

Improvements Overview

Cost and Carbon Usage Consideration

Final Notes

github-actions bot commented Sep 6, 2024

Review Summary

Version Pinning Strategy

github-actions bot commented Sep 13, 2024

Review Summary

Additional Improvements

Before

After

Cost and Carbon Usage Considerations

Recommendation

github-actions bot commented Sep 20, 2024

github-actions bot commented Oct 4, 2024

Review Summary:

Additional Improvements:

Conclusion:

github-actions bot commented Oct 11, 2024

Terraform Provider Version Update Review

hmcts-platform-operations commented Oct 11, 2024

Plan Result (sbox_private_dns - TerraformPlanApply)

hmcts-platform-operations commented Oct 11, 2024

Plan Result (sbox_apim_appgw - TerraformPlanApply)

hmcts-platform-operations commented Oct 11, 2024

Plan Result (sbox_backendappgateway - TerraformPlanApply)

⚠️ Errors

hmcts-platform-operations commented Oct 11, 2024 • edited Loading

Plan Result (sbox_frontendappgateway - TerraformPlanApply)

⚠️ Errors

hmcts-platform-operations commented Oct 11, 2024 • edited Loading

Plan Result (sbox_shutter_webapp - TerraformPlanApply)

⚠️ Errors

hmcts-platform-operations commented Oct 11, 2024 • edited Loading

Plan Result (sbox_global - TerraformPlanApply)

hmcts-platform-operations commented Oct 11, 2024

Plan Result (stg_private_dns - TerraformPlanApply)

hmcts-platform-operations commented Oct 11, 2024

Plan Result (prod_private_dns - TerraformPlanApply)

hmcts-platform-operations commented Oct 11, 2024

Plan Result (demo_private_dns - TerraformPlanApply)

github-actions bot commented Oct 25, 2024

General Improvements

Cost and Carbon Usage Considerations

Conclusion

github-actions bot commented Nov 1, 2024

Code Review on Terraform Updates

General Observations:

Additional Improvements:

Conclusion:

github-actions bot commented Nov 8, 2024

Terraform AzureRM Provider Version Update Review

github-actions bot commented Nov 15, 2024

Code Review

Terraform Provider Version Update

Specific Suggestions:

Cost & Carbon Usage Consideration:

github-actions bot commented Nov 22, 2024

Code Quality & Best Practices

Security Enhancements

Cost & Carbon Usage Considerations

github-actions bot commented Nov 29, 2024

Terraform Provider Upgrade Analysis

1. Review Change Log for Breaking Changes:

2. Assess Deprecations and New Features:

3. Version Constraints:

4. Testing and Validation:

5. Cost and Carbon Usage Consideration:

Pricing Estimation:

Conclusion

renovate bot commented Aug 23, 2024 •

edited

Loading

hmcts-platform-operations commented Oct 11, 2024 •

edited

Loading

hmcts-platform-operations commented Oct 11, 2024 •

edited

Loading

hmcts-platform-operations commented Oct 11, 2024 •

edited

Loading

hmcts-platform-operations commented Jan 9, 2025 •

edited

Loading