diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 58086ee..7724649 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -1,99 +1,29 @@ --- -name: e2e test - -on: - pull_request: - types: ['opened', 'reopened', 'synchronize'] - merge_group: - workflow_dispatch: - -permissions: - contents: read - id-token: write - -jobs: - getexamples: - if: github.event.repository.name != 'terraform-azurerm-avm-template' - runs-on: ubuntu-latest - outputs: - examples: ${{ steps.getexamples.outputs.examples }} - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 - - name: get examples - id: getexamples - uses: Azure/terraform-azurerm-avm-template/.github/actions/e2e-getexamples@main - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - - testexamples: - if: github.event.repository.name != 'terraform-azurerm-avm-template' - runs-on: [ self-hosted, 1ES.Pool=terraform-azurerm-avm-res-keyvault-vault ] - needs: getexamples - environment: test - env: - TF_IN_AUTOMATION: 1 - TF_VAR_enable_telemetry: false - strategy: - matrix: - example: ${{ fromJson(needs.getexamples.outputs.examples) }} - fail-fast: false - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 - - - name: Test example - shell: bash - env: - SECRETS_CONTEXT: ${{ toJson(secrets) }} - VARS_CONTEXT: ${{ toJson(vars) }} - run: | - set -e - MAX_RETRIES=10 - RETRY_COUNT=0 - until [ $RETRY_COUNT -ge $MAX_RETRIES ] - do - az login --identity --username $MSI_ID > /dev/null && break - RETRY_COUNT=$[$RETRY_COUNT+1] - sleep 10 - done - if [ $RETRY_COUNT -eq $MAX_RETRIES ]; then - echo "Failed to login after $MAX_RETRIES attempts." - exit 1 - fi - - declare -A secrets - eval "$(echo $SECRETS_CONTEXT | jq -r 'to_entries[] | @sh "secrets[\(.key|tostring)]=\(.value|tostring)"')" - - declare -A variables - eval "$(echo $VARS_CONTEXT | jq -r 'to_entries[] | @sh "variables[\(.key|tostring)]=\(.value|tostring)"')" - - for key in "${!secrets[@]}"; do - if [[ $key = \TF_VAR_* ]]; then - lowerKey=$(echo "$key" | tr '[:upper:]' '[:lower:]') - finalKey=${lowerKey/tf_var_/TF_VAR_} - export "$finalKey"="${secrets[$key]}" - fi - done - - for key in "${!variables[@]}"; do - if [[ $key = \TF_VAR_* ]]; then - lowerKey=$(echo "$key" | tr '[:upper:]' '[:lower:]') - finalKey=${lowerKey/tf_var_/TF_VAR_} - export "$finalKey"="${variables[$key]}" - fi - done - - echo -e "Custom environment variables:\n$(env | grep TF_VAR_ | grep -v ' "TF_VAR_')" - - export ARM_SUBSCRIPTION_ID=$(az login --identity --username $MSI_ID | jq -r '.[0] | .id') - export ARM_TENANT_ID=$(az login --identity --username $MSI_ID | jq -r '.[0] | .tenantId') - export ARM_CLIENT_ID=$(az identity list | jq -r --arg MSI_ID "$MSI_ID" '.[] | select(.principalId == $MSI_ID) | .clientId') - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src -w /src --network=host -e TF_IN_AUTOMATION -e TF_VAR_enable_telemetry -e AVM_MOD_PATH=/src -e AVM_EXAMPLE=${{ matrix.example }} -e MSI_ID -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_USE_MSI=true --env-file <(env | grep TF_VAR_ | grep -v ' "TF_VAR_') mcr.microsoft.com/azterraform:latest make test-example - - # This job is only run when all the previous jobs are successful. - # We can use it for PR validation to ensure all examples have completed. - testexamplescomplete: - if: github.event.repository.name != 'terraform-azurerm-avm-template' - runs-on: ubuntu-latest - needs: testexamples - steps: - - run: echo "All tests passed" + name: test examples + on: + pull_request: + types: ['opened', 'reopened', 'synchronize'] + merge_group: + workflow_dispatch: + + jobs: + check: + runs-on: ubuntu-latest + steps: + - name: Checking for Fork + shell: pwsh + run: | + $isFork = "${{ github.event.pull_request.head.repo.fork }}" + if($isFork -eq "true") { + echo "### WARNING: This workflow is disabled for forked repositories. Please follow the [release branch process](https://azure.github.io/Azure-Verified-Modules/contributing/terraform/terraform-contribution-flow/#5-create-a-pull-request-to-the-upstream-repository) if end to end tests are required." >> $env:GITHUB_STEP_SUMMARY + } + + run-e2e-tests: + if: github.event.repository.name != 'terraform-azurerm-avm-template' && github.event.pull_request.head.repo.fork == false + uses: Azure/terraform-azurerm-avm-template/.github/workflows/test-examples-template.yml@main + name: end to end + secrets: inherit + permissions: + id-token: write + contents: read + \ No newline at end of file diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 254164d..864db46 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: check docs uses: Azure/terraform-azurerm-avm-template/.github/actions/docs-check@main @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: lint terraform uses: Azure/terraform-azurerm-avm-template/.github/actions/linting@main @@ -45,7 +45,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: avmfix uses: Azure/terraform-azurerm-avm-template/.github/actions/avmfix@main diff --git a/.github/workflows/version-check.yml b/.github/workflows/version-check.yml index c117502..8719641 100644 --- a/.github/workflows/version-check.yml +++ b/.github/workflows/version-check.yml @@ -16,7 +16,7 @@ jobs: if: github.event.repository.name != 'terraform-azurerm-avm-template' runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Check version uses: Azure/terraform-azurerm-avm-template/.github/actions/version-check@main with: diff --git a/avm b/avm index 9716dfb..1c6b0d2 100755 --- a/avm +++ b/avm @@ -27,7 +27,7 @@ fi # Check if we are running in a container # If we are then just run make directly if [ -z "$AVM_IN_CONTAINER" ]; then - $CONTAINER_RUNTIME run --pull always --user "$(id -u):$(id -g)" --rm $AZURE_VOLUME -v /etc/passwd:/etc/passwd -v /etc/group:/etc/group -v "$(pwd)":/src -w /src -e GITHUB_REPOSITORY -e ARM_SUBSCRIPTION_ID -e GITHUB_REPOSITORY_OWNER mcr.microsoft.com/azterraform make "$1" + $CONTAINER_RUNTIME run --pull always --user "$(id -u):$(id -g)" --rm $AZURE_VOLUME -v "$(pwd)":/src -w /src -e GITHUB_REPOSITORY -e ARM_SUBSCRIPTION_ID -e GITHUB_REPOSITORY_OWNER mcr.microsoft.com/azterraform make "$1" else make "$1" fi diff --git a/avm.bat b/avm.bat index 2eea22f..6b177be 100644 --- a/avm.bat +++ b/avm.bat @@ -18,6 +18,6 @@ IF "%~1"=="" ( ) REM Run the make target with CONTAINER_RUNTIME -%CONTAINER_RUNTIME% run --pull always --rm -v "%cd%":/src -w /src --user "1000:1000" -r ARM_SUBSCRIPTION_ID -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER mcr.microsoft.com/azterraform make %1 +%CONTAINER_RUNTIME% run --pull always --rm -v "%cd%":/src -w /src --user "1000:1000" -e ARM_SUBSCRIPTION_ID -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER mcr.microsoft.com/azterraform make %1 ENDLOCAL diff --git a/main.tf b/main.tf index 36a2e33..586e999 100644 --- a/main.tf +++ b/main.tf @@ -17,6 +17,7 @@ resource "azurerm_key_vault" "this" { # Create it if the variable is not null. dynamic "network_acls" { for_each = var.network_acls != null ? { this = var.network_acls } : {} + content { bypass = network_acls.value.bypass default_action = network_acls.value.default_action @@ -62,18 +63,21 @@ resource "azurerm_monitor_diagnostic_setting" "this" { dynamic "enabled_log" { for_each = each.value.log_categories + content { category = enabled_log.value } } dynamic "enabled_log" { for_each = each.value.log_groups + content { category_group = enabled_log.value } } dynamic "metric" { for_each = each.value.metric_categories + content { category = metric.value } @@ -87,6 +91,7 @@ resource "azurerm_key_vault_certificate_contacts" "this" { dynamic "contact" { for_each = var.contacts + content { email = contact.value.email name = contact.value.name diff --git a/modules/key/README.md b/modules/key/README.md index 9eaf1c3..654e63d 100644 --- a/modules/key/README.md +++ b/modules/key/README.md @@ -17,6 +17,7 @@ resource "azurerm_key_vault_key" "this" { dynamic "rotation_policy" { for_each = var.rotation_policy != null ? [var.rotation_policy] : [] + content { expire_after = rotation_policy.value.expire_after notify_before_expiry = rotation_policy.value.notify_before_expiry diff --git a/modules/key/main.tf b/modules/key/main.tf index ebf8080..b968116 100644 --- a/modules/key/main.tf +++ b/modules/key/main.tf @@ -11,6 +11,7 @@ resource "azurerm_key_vault_key" "this" { dynamic "rotation_policy" { for_each = var.rotation_policy != null ? [var.rotation_policy] : [] + content { expire_after = rotation_policy.value.expire_after notify_before_expiry = rotation_policy.value.notify_before_expiry