aztfmod · arnaudlh · Mar 2, 2021 · Feb 3, 2021 · Feb 8, 2021 · Feb 9, 2021
diff --git a/.github/workflows/master-100-tf14.yaml b/.github/workflows/master-100-tf14.yaml
@@ -1,4 +1,4 @@
-#
+# 
 # Copyright (c) Microsoft Corporation
 # Licensed under the MIT License.
 #
@@ -16,6 +16,7 @@ env:
   ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
   ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
   ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+  ROVER_RUNNER: true
 
 jobs:
   foundations:
@@ -40,7 +41,7 @@ jobs:
         with:
           repository: Azure/caf-terraform-landingzones
           path: public
-          ref: '2012.1.0'
+          ref: '2101.0.0'
 
       - name: Login azure
         run: |
@@ -117,15 +118,18 @@ jobs:
             "networking/domain_name_registrations/100-register-domain-default_domain_registrar_dns",
             "networking/front_door/100-simple-front_door",
             "networking/front_door/101-front_door_waf",
+            "networking/ip_group/100-simple-ip_group",
+            "networking/ip_group/101-firewall-ip_group",
+            "networking/load_balancers/100-simple-load-balancer-basic-sku",
+            "networking/load_balancers/101-load-balancer-with-rules",
+            "networking/load_balancers/102-internal-load-balancer",
             "networking/private_dns/100-private-dns-vnet-links",
             "networking/private_links/endpoints/centralized",
             "networking/virtual_network_gateway/103-vpn-site-to-site-connection",
             "networking/virtual_network/100-subnet-delegation",
             "networking/virtual_network/101-vnet-peering-nsg",
             "networking/virtual_wan/100-vwan-multi-hubs",
             "networking/virtual_wan/101-vwan-multi-hubs-firewalls",
-            "networking/ip_group/100-simple-ip_group",
-            "networking/ip_group/101-firewall-ip_group",
             "postgresql_server/100-simple-postgresql",
             "postgresql_server/101-vnet-rule-postgresql",
             "postgresql_server/102-private-endpoint-postgresql",
@@ -198,7 +202,7 @@ jobs:
         with:
           repository: Azure/caf-terraform-landingzones
           path: public
-          ref: '2012.1.0'
+          ref: '2101.0.0'
 
       - name: Login azure
         run: |

diff --git a/.github/workflows/master-100-tf15.yaml b/.github/workflows/master-100-tf15.yaml
@@ -16,6 +16,7 @@ env:
   ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
   ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
   ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+  ROVER_RUNNER: true
 
 jobs:
   foundations:
@@ -40,7 +41,7 @@ jobs:
         with:
           repository: Azure/caf-terraform-landingzones
           path: public
-          ref: '2012.1.0'
+          ref: '2101.0.0'
 
       - name: Login azure
         run: |
@@ -117,15 +118,18 @@ jobs:
             "networking/domain_name_registrations/100-register-domain-default_domain_registrar_dns",
             "networking/front_door/100-simple-front_door",
             "networking/front_door/101-front_door_waf",
+            "networking/ip_group/100-simple-ip_group",
+            "networking/ip_group/101-firewall-ip_group",
+            "networking/load_balancers/100-simple-load-balancer-basic-sku",
+            "networking/load_balancers/101-load-balancer-with-rules",
+            "networking/load_balancers/102-internal-load-balancer",
             "networking/private_dns/100-private-dns-vnet-links",
             "networking/private_links/endpoints/centralized",
             "networking/virtual_network_gateway/103-vpn-site-to-site-connection",
             "networking/virtual_network/100-subnet-delegation",
             "networking/virtual_network/101-vnet-peering-nsg",
             "networking/virtual_wan/100-vwan-multi-hubs",
             "networking/virtual_wan/101-vwan-multi-hubs-firewalls",
-            "networking/ip_group/100-simple-ip_group",
-            "networking/ip_group/101-firewall-ip_group",
             "postgresql_server/100-simple-postgresql",
             "postgresql_server/101-vnet-rule-postgresql",
             "postgresql_server/102-private-endpoint-postgresql",
@@ -198,7 +202,7 @@ jobs:
         with:
           repository: Azure/caf-terraform-landingzones
           path: public
-          ref: '2012.1.0'
+          ref: '2101.0.0'
 
       - name: Login azure
         run: |

diff --git a/.github/workflows/master-100.yaml b/.github/workflows/master-100.yaml
@@ -23,6 +23,7 @@ env:
   ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
   ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
   ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+  ROVER_RUNNER: true
 
 jobs:
   foundations:
@@ -47,7 +48,7 @@ jobs:
         with:
           repository: Azure/caf-terraform-landingzones
           path: public
-          ref: '2012.1.0'
+          ref: '2101.0.0'
 
       - name: Login azure
         run: |
@@ -124,15 +125,18 @@ jobs:
             "networking/domain_name_registrations/100-register-domain-default_domain_registrar_dns",
             "networking/front_door/100-simple-front_door",
             "networking/front_door/101-front_door_waf",
+            "networking/ip_group/100-simple-ip_group",
+            "networking/ip_group/101-firewall-ip_group",
+            "networking/load_balancers/100-simple-load-balancer-basic-sku",
+            "networking/load_balancers/101-load-balancer-with-rules",
+            "networking/load_balancers/102-internal-load-balancer",
             "networking/private_dns/100-private-dns-vnet-links",
             "networking/private_links/endpoints/centralized",
             "networking/virtual_network_gateway/103-vpn-site-to-site-connection",
             "networking/virtual_network/100-subnet-delegation",
             "networking/virtual_network/101-vnet-peering-nsg",
             "networking/virtual_wan/100-vwan-multi-hubs",
             "networking/virtual_wan/101-vwan-multi-hubs-firewalls",
-            "networking/ip_group/100-simple-ip_group",
-            "networking/ip_group/101-firewall-ip_group",
             "postgresql_server/100-simple-postgresql",
             "postgresql_server/101-vnet-rule-postgresql",
             "postgresql_server/102-private-endpoint-postgresql",
@@ -205,7 +209,7 @@ jobs:
         with:
           repository: Azure/caf-terraform-landingzones
           path: public
-          ref: '2012.1.0'
+          ref: '2101.0.0'
 
       - name: Login azure
         run: |

diff --git a/.github/workflows/master-sql-mi-tf14.yaml b/.github/workflows/master-sql-mi-tf14.yaml
@@ -16,6 +16,7 @@ env:
   ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
   ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
   ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+  ROVER_RUNNER: true
 
 jobs:
   foundations:
@@ -40,7 +41,7 @@ jobs:
         with:
           repository: Azure/caf-terraform-landingzones
           path: public
-          ref: '2012.1.0'
+          ref: '2101.0.0'
 
       - name: Login azure
         run: |

diff --git a/.github/workflows/master-sql-mi-tf15.yaml b/.github/workflows/master-sql-mi-tf15.yaml
@@ -16,6 +16,7 @@ env:
   ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
   ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
   ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+  ROVER_RUNNER: true
 
 jobs:
   foundations:
@@ -40,7 +41,7 @@ jobs:
         with:
           repository: Azure/caf-terraform-landingzones
           path: public
-          ref: '2012.1.0'
+          ref: '2101.0.0'
 
       - name: Login azure
         run: |

diff --git a/.github/workflows/master-sql-mi.yaml b/.github/workflows/master-sql-mi.yaml
@@ -22,6 +22,7 @@ env:
   ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
   ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
   ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+  ROVER_RUNNER: true
 
 jobs:
   foundations:
@@ -46,7 +47,7 @@ jobs:
         with:
           repository: Azure/caf-terraform-landingzones
           path: public
-          ref: '2012.1.0'
+          ref: '2101.0.0'
 
       - name: Login azure
         run: |

diff --git a/.github/workflows/master-standalone-tf14.yaml b/.github/workflows/master-standalone-tf14.yaml
@@ -16,6 +16,7 @@ env:
   ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
   ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
   ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+  ROVER_RUNNER: true
 
 jobs:
   examples:

diff --git a/.github/workflows/master-standalone-tf15.yaml b/.github/workflows/master-standalone-tf15.yaml
@@ -16,6 +16,7 @@ env:
   ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
   ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
   ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+  ROVER_RUNNER: true
 
 jobs:
   examples:

diff --git a/.github/workflows/master-standalone.yaml b/.github/workflows/master-standalone.yaml
@@ -6,7 +6,6 @@
 name: standalone-scenario
 
 on:
-
   pull_request:
     paths-ignore:
       - .github/workflows/master-100.yaml
@@ -24,6 +23,7 @@ env:
   ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
   ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
   ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+  ROVER_RUNNER: true
 
 jobs:
   examples:
@@ -76,6 +76,8 @@ jobs:
             "networking/firewall/100-simple-firewall-with-routes",
             "networking/front_door/100-simple-front_door",
             "networking/front_door/101-front_door_waf",
+            "networking/load_balancers/100-simple-load-balancer-basic-sku",
+            "networking/load_balancers/101-load-balancer-with-rules",
             "networking/private_dns/100-private-dns-vnet-links",
             "networking/private_links/endpoints/centralized",
             "networking/virtual_network_gateway/101-vpn-site-to-site",
@@ -102,6 +104,8 @@ jobs:
             "webapps/appservice/102-appservice-slots",
             "webapps/appservice/103-appservice-extend",
             "webapps/appservice/104-appservice-appinsight",
+            "networking/load_balancers/100-simple-load-balancer-basic-sku",
+            "networking/load_balancers/101-load-balancer-with-rules",
             "webapps/appservice/105-appservice-backup"
             # "mssql_mi/200-mi",
           ]

diff --git a/application_gateways.tf b/application_gateways.tf
@@ -3,23 +3,23 @@ module "application_gateways" {
   source     = "./modules/networking/application_gateway"
   for_each   = local.networking.application_gateways
 
-  global_settings       = local.global_settings
-  client_config         = local.client_config
-  diagnostics           = local.combined_diagnostics
-  resource_group_name   = module.resource_groups[each.value.resource_group_key].name
-  location              = lookup(each.value, "region", null) == null ? module.resource_groups[each.value.resource_group_key].location : local.global_settings.regions[each.value.region]
-  settings              = each.value
-  sku_name              = each.value.sku_name
-  sku_tier              = each.value.sku_tier
-  vnets                 = local.combined_objects_networking
-  base_tags             = try(local.global_settings.inherit_tags, false) ? module.resource_groups[each.value.resource_group_key].tags : {}
-  private_dns           = lookup(each.value, "private_dns_records", null) == null ? {} : local.combined_objects_private_dns
-  public_ip_addresses   = local.combined_objects_public_ip_addresses
-  app_services          = local.combined_objects_app_services
-  managed_identities    = local.combined_objects_managed_identities
-  keyvaults             = local.combined_objects_keyvaults
-  dns_zones             = local.combined_objects_dns_zones
-  keyvault_certificates = module.keyvault_certificates
+  global_settings               = local.global_settings
+  client_config                 = local.client_config
+  diagnostics                   = local.combined_diagnostics
+  resource_group_name           = module.resource_groups[each.value.resource_group_key].name
+  location                      = lookup(each.value, "region", null) == null ? module.resource_groups[each.value.resource_group_key].location : local.global_settings.regions[each.value.region]
+  settings                      = each.value
+  sku_name                      = each.value.sku_name
+  sku_tier                      = each.value.sku_tier
+  vnets                         = local.combined_objects_networking
+  base_tags                     = try(local.global_settings.inherit_tags, false) ? module.resource_groups[each.value.resource_group_key].tags : {}
+  private_dns                   = lookup(each.value, "private_dns_records", null) == null ? {} : local.combined_objects_private_dns
+  public_ip_addresses           = local.combined_objects_public_ip_addresses
+  app_services                  = local.combined_objects_app_services
+  managed_identities            = local.combined_objects_managed_identities
+  keyvaults                     = local.combined_objects_keyvaults
+  dns_zones                     = local.combined_objects_dns_zones
+  keyvault_certificates         = module.keyvault_certificates
   keyvault_certificate_requests = module.keyvault_certificate_requests
   application_gateway_applications = {
     for key, value in local.networking.application_gateway_applications : key => value

diff --git a/bastion_service.tf b/bastion_service.tf
@@ -18,8 +18,8 @@ resource "azurecaf_name" "host" {
 resource "azurerm_bastion_host" "host" {
   for_each = try(local.compute.bastion_hosts, {})
 
-  name     = azurecaf_name.host[each.key].result
-  location = lookup(each.value, "region", null) == null ? module.resource_groups[each.value.resource_group_key].location : local.global_settings.regions[each.value.region]
+  name                = azurecaf_name.host[each.key].result
+  location            = lookup(each.value, "region", null) == null ? module.resource_groups[each.value.resource_group_key].location : local.global_settings.regions[each.value.region]
   resource_group_name = module.resource_groups[each.value.resource_group_key].name
   tags                = try(local.global_settings.inherit_tags, false) ? merge(module.resource_groups[each.value.resource_group_key].tags, try(each.value.tags, null)) : try(each.value.tags, null)
 

diff --git a/examples/azure_ad/201-groups-and-roles/configuration.tfvars b/examples/azure_ad/201-groups-and-roles/configuration.tfvars
@@ -34,7 +34,7 @@ azuread_apps = {
     application_name             = "app1"
     app_role_assignment_required = true
     keyvaults = {
-      test_client = {
+      test_kv= {
         secret_prefix = "app1"
       }
     }
@@ -44,7 +44,7 @@ azuread_apps = {
     application_name             = "app2"
     app_role_assignment_required = true
     keyvaults = {
-      test_client = {
+      test_kv = {
         secret_prefix = "app2"
       }
     }

diff --git a/examples/azure_ad/201-groups-and-roles/standalone/module.tf b/examples/azure_ad/201-groups-and-roles/standalone/module.tf
@@ -1,5 +1,5 @@
 module "caf" {
-  source                                = "../../../../../caf"
+  source                                = "../../../../"
   global_settings                       = var.global_settings
   tags                                  = var.tags
   resource_groups                       = var.resource_groups

diff --git a/examples/module.tf b/examples/module.tf
@@ -66,8 +66,8 @@ module "caf" {
     azurerm_firewall_network_rule_collection_definition     = var.azurerm_firewall_network_rule_collection_definition
     azurerm_firewall_application_rule_collection_definition = var.azurerm_firewall_application_rule_collection_definition
     azurerm_firewall_nat_rule_collection_definition         = var.azurerm_firewall_nat_rule_collection_definition
+    load_balancers                                          = var.load_balancers
     ip_groups                                               = var.ip_groups
-
   }
   database = {
     azurerm_redis_caches               = var.azurerm_redis_caches

diff --git a/...ll_nat_rule_collection_definition.tfvars → ...all_nat_rule_collection_definition.tfvars b/...ll_nat_rule_collection_definition.tfvars → ...all_nat_rule_collection_definition.tfvars
diff --git a/examples/networking/load_balancers/100-simple-load-balancer-basic-sku/configuration.tfvars b/examples/networking/load_balancers/100-simple-load-balancer-basic-sku/configuration.tfvars
@@ -0,0 +1,44 @@
+global_settings = {
+  default_region = "region1"
+  regions = {
+    region1 = "southeastasia"
+  }
+}
+
+resource_groups = {
+  lb = {
+    name = "example-lb"
+  }
+}
+
+
+public_ip_addresses = {
+  lb_pip = {
+    name               = "lb_pip1"
+    resource_group_key = "lb"
+    sku                = "Basic"
+    # Note: For UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be sku "Basic" not "Standard"
+    allocation_method = "Dynamic"
+    # allocation method needs to be Dynamic
+    ip_version              = "IPv4"
+    idle_timeout_in_minutes = "4"
+  }
+}
+
+# Public Load Balancer will be created. For Internal/Private Load Balancer config, please refer 102-internal-load-balancer example.
+
+load_balancers = {
+  lb1 = {
+    name                      = "lb-test"
+    sku                       = "basic"
+    resource_group_key        = "lb"
+    backend_address_pool_name = "web-app"
+    frontend_ip_configurations = {
+      config1 = {
+        name                  = "config1"
+        public_ip_address_key = "lb_pip"
+      }
+    }
+  }
+}
+