IAC version updates in core, devops, common templates #4799
Conversation
tamirkamara
changed the title
tamirkamara
force-pushed
the
tamirkamara/core-iac-version-updates
branch
from
de914d5 to
4cb04b5
Compare
|
/test-extended |
|
🤖 pr-bot 🤖 🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/20715114450 (with refid (in response to this comment from @tamirkamara) |
Unit Test Results0 tests 0 ✅ 0s ⏱️ Results for commit fe09dd8. ♻️ This comment has been updated with latest results. |
tamirkamara
force-pushed
the
tamirkamara/core-iac-version-updates
branch
from
4cb04b5 to
a4d5254
Compare
|
/test-extended |
|
🤖 pr-bot 🤖 🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/20719239891 (with refid (in response to this comment from @tamirkamara) |
tamirkamara
changed the title
templates iad version updates
|
/test-extended |
|
🤖 pr-bot 🤖 🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/20719947187 (with refid (in response to this comment from @tamirkamara) |
|
/test-destroy-env |
|
Destroying branch test environment (RG: rg-tre2bc8a82e)... (run: https://github.com/microsoft/AzureTRE/actions/runs/20720661518) |
|
Branch test environment destroy complete (RG: rg-tre2bc8a82e) |
|
Destroying PR test environment (RG: rg-treb1defb47)... (run: https://github.com/microsoft/AzureTRE/actions/runs/20720661518) |
1 similar comment
|
Destroying PR test environment (RG: rg-treb1defb47)... (run: https://github.com/microsoft/AzureTRE/actions/runs/20720661518) |
|
/test-extended |
|
🤖 pr-bot 🤖 🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/20757337607 (with refid (in response to this comment from @tamirkamara) |
|
/test-destroy-env |
|
Destroying PR test environment (RG: rg-treb1defb47)... (run: https://github.com/microsoft/AzureTRE/actions/runs/20774236226) |
|
Destroying branch test environment (RG: rg-tre2bc8a82e)... (run: https://github.com/microsoft/AzureTRE/actions/runs/20774236226) |
|
Branch test environment destroy complete (RG: rg-tre2bc8a82e) |
|
PR test environment destroy complete (RG: rg-treb1defb47) |
|
/test |
|
🤖 pr-bot 🤖 🏃 Running tests: https://github.com/microsoft/AzureTRE/actions/runs/20774888114 (with refid (in response to this comment from @tamirkamara) |
|
/test-extended |
|
🤖 pr-bot 🤖 🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/20776350980 (with refid (in response to this comment from @tamirkamara) |
|
/test |
|
🤖 pr-bot 🤖 🏃 Running tests: https://github.com/microsoft/AzureTRE/actions/runs/20810588788 (with refid (in response to this comment from @tamirkamara) |
|
/test-force-approve |
|
🤖 pr-bot 🤖 ✅ Marking tests as complete (for commit a824e00) (in response to this comment from @tamirkamara) |
This reverts commit 655ad9c.
There was a problem hiding this comment.
Pull request overview
This PR updates infrastructure-as-code components across the Azure TRE solution, including Terraform (1.9.8 -> 1.14.3), Azure CLI (2.67.0 -> 2.81.0), Porter (v1.2.1 -> v1.4.0), and various Terraform providers. The updates also migrate from the deprecated hashicorp/template provider to the hashicorp/cloudinit provider and the built-in templatefile function.
Key changes include:
- Terraform provider updates (azurerm 4.27.0 -> 4.57.0, azapi 2.3.0 -> 2.8.0, azuread 3.3.0 -> 3.7.0)
- Breaking API changes adapted (property renames, diagnostic setting changes)
- Docker version updates (27.4.1 -> 29.1.3, containerd 1.7.24 -> 2.2.1)
- Migration from deprecated
templateprovider tocloudinitprovider - Azure CLI command syntax updates (
-u->--client-id)
Reviewed changes
Copilot reviewed 48 out of 58 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| templates/workspaces/base/terraform/providers.tf | Updated azurerm to 4.57.0 and azapi to 2.8.0 |
| templates/workspaces/base/terraform/keyvault.tf | Renamed enable_rbac_authorization to rbac_authorization_enabled; updated diagnostic setting metric block |
| templates/workspaces/base/terraform/.terraform.lock.hcl | Updated provider lock hashes for new versions |
| templates/workspaces/base/porter.yaml | Bumped version to 2.8.1; updated Terraform to 1.14.3 and Azure CLI to 2.81.0 |
| templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/terraform/main.tf | Updated azurerm and azuread provider versions |
| templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/porter.yaml | Updated VM SKU to win11-25h2-pro; made shutdown_time optional |
| templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/main.tf | Replaced template provider with cloudinit provider |
| templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/locals.tf | Moved template rendering to local values using templatefile function |
| templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/linuxvm.tf | Updated data source from template_cloudinit_config to cloudinit_config |
| templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/data.tf | Removed deprecated template_file data sources |
| templates/workspace_services/guacamole/terraform/web_app.tf | Added vnet_image_pull_enabled property; removed azapi workarounds |
| templates/workspace_services/guacamole/terraform/providers.tf | Updated providers and removed azapi dependency |
| templates/shared_services/sonatype-nexus-vm/terraform/vm.tf | Migrated from template provider to cloudinit provider |
| templates/shared_services/sonatype-nexus-vm/terraform/main.tf | Replaced template with cloudinit provider; updated azurerm to 4.57.0 |
| templates/shared_services/firewall/terraform/providers.tf | Updated azurerm to 4.57.0 |
| templates/shared_services/certs/terraform/main.tf | Updated azurerm to 4.57.0 |
| resource_processor/vmss_porter/Dockerfile | Updated Azure CLI, Porter, and Docker versions |
| resource_processor/tests_rp/test_commands.py | Fixed test to use --client-id instead of -u flag |
| resource_processor/helpers/commands.py | Updated az login command syntax |
| resource_processor/_version.py | Bumped version to 0.13.1 |
| devops/version.txt | Bumped version to 0.6.3 |
| devops/terraform/terraform.tf | Updated azurerm to 4.57.0 |
| devops/terraform/main.tf | Fixed enable_rbac_authorization to rbac_authorization_enabled |
| core/version.txt | Bumped version to 0.16.12 |
| core/terraform/resource_processor/vmss_porter/main.tf | Replaced template with cloudinit provider |
| core/terraform/resource_processor/vmss_porter/locals.tf | Added cloudconfig_content using templatefile |
| core/terraform/resource_processor/vmss_porter/data.tf | Removed template_file; updated to cloudinit_config |
| core/terraform/resource_processor/vmss_porter/cloud-config.yaml | Updated package versions |
| core/terraform/main.tf | Updated providers and added cloudinit |
| core/terraform/keyvault.tf | Property and diagnostic setting updates |
| core/terraform/servicebus.tf | Updated metric to enabled_metric |
| core/terraform/network/network.tf | Added commented subnet delegation block |
| core/terraform/firewall/firewall.tf | Updated diagnostic setting metric block |
| core/terraform/dns-policy.tf | Updated diagnostic setting metric block |
| core/terraform/deploy.sh | Added --parallelism=25 flag |
| core/terraform/api-webapp.tf | Added vnet_image_pull_enabled; removed azapi workarounds |
| core/terraform/appgateway/appgateway.tf | Updated diagnostic setting metric block |
| core/terraform/airlock/eventgrid_topics.tf | Renamed source_arm_resource_id to source_resource_id; updated metric blocks |
| core/terraform/airlock/airlock_processor.tf | Updated diagnostic setting metric block |
| CHANGELOG.md | Added entry for infrastructure updates |
| .devcontainer/devcontainer.json | Updated debug configuration types |
| .devcontainer/Dockerfile | Updated Terraform, Porter, Docker, and Azure CLI versions |
Files not reviewed (10)
- core/terraform/.terraform.lock.hcl: Language not supported
- devops/terraform/.terraform.lock.hcl: Language not supported
- templates/shared_services/certs/terraform/.terraform.lock.hcl: Language not supported
- templates/shared_services/firewall/terraform/.terraform.lock.hcl: Language not supported
- templates/shared_services/sonatype-nexus-vm/terraform/.terraform.lock.hcl: Language not supported
- templates/workspace_services/guacamole/terraform/.terraform.lock.hcl: Language not supported
- templates/workspace_services/guacamole/user_resources/guacamole-azure-export-reviewvm/terraform/.terraform.lock.hcl: Language not supported
- templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/.terraform.lock.hcl: Language not supported
- templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/terraform/.terraform.lock.hcl: Language not supported
- templates/workspaces/base/terraform/.terraform.lock.hcl: Language not supported
templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/porter.yaml
Show resolved
Hide resolved
templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/porter.yaml
Show resolved
Hide resolved
templates/workspace_services/guacamole/user_resources/guacamole-azure-windowsvm/porter.yaml
Show resolved
Hide resolved
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
/test-force-approve |
|
🤖 pr-bot 🤖 ✅ Marking tests as complete (for commit fe09dd8) (in response to this comment from @tamirkamara) |
What is being addressed
Various IAC components are too old and should be updated: