feat: Update TF provider version in Audit environments (#963)

* Update TF version in Audit

* Add sandbox yaml for comparison run

* Add sandbox yaml for comparison run

Author: rfk-nc

.azuredevops/pipelines/cd-infrastructure-dev-audit.yaml

@@ -13,7 +13,7 @@ resources:
     - repository: dtos-devops-templates
       type: github
       name: NHSDigital/dtos-devops-templates
-      ref: 2f8731f9c7d6b9d53b7044979e381377b2c85bcd
+      ref: c00889236a258a52a2f3131272427ce81d4da951
       endpoint: NHSDigital
 
 variables:
@@ -22,7 +22,7 @@ variables:
   - name: TF_DIRECTORY
     value: $(System.DefaultWorkingDirectory)/$(System.TeamProject)/infrastructure/tf-audit
   - name: TF_VERSION
-    value: 1.9.2
+    value: 1.11.4
   - name: TF_PLAN_ARTIFACT
     value: tf_plan_audit_DEV
   - name: ENVIRONMENT

.azuredevops/pipelines/cd-infrastructure-devtest-audit.yaml

@@ -13,7 +13,7 @@ resources:
     - repository: dtos-devops-templates
       type: github
       name: NHSDigital/dtos-devops-templates
-      ref: 2f8731f9c7d6b9d53b7044979e381377b2c85bcd
+      ref: c00889236a258a52a2f3131272427ce81d4da951
       endpoint: NHSDigital
 
 variables:
@@ -22,7 +22,7 @@ variables:
   - name: TF_DIRECTORY
     value: $(System.DefaultWorkingDirectory)/$(System.TeamProject)/infrastructure/tf-audit
   - name: TF_VERSION
-    value: 1.9.2
+    value: 1.11.4
   - name: TF_PLAN_ARTIFACT
     value: tf_plan_audit_DEVTEST
   - name: ENVIRONMENT

.azuredevops/pipelines/cd-infrastructure-int-audit.yaml

@@ -13,7 +13,7 @@ resources:
     - repository: dtos-devops-templates
       type: github
       name: NHSDigital/dtos-devops-templates
-      ref: 2f8731f9c7d6b9d53b7044979e381377b2c85bcd
+      ref: c00889236a258a52a2f3131272427ce81d4da951
       endpoint: NHSDigital
 
 variables:
@@ -22,7 +22,7 @@ variables:
   - name: TF_DIRECTORY
     value: $(System.DefaultWorkingDirectory)/$(System.TeamProject)/infrastructure/tf-audit
   - name: TF_VERSION
-    value: 1.9.2
+    value: 1.11.4
   - name: TF_PLAN_ARTIFACT
     value: tf_plan_audit_INT
   - name: ENVIRONMENT

.azuredevops/pipelines/cd-infrastructure-nft-audit.yaml

@@ -13,7 +13,7 @@ resources:
     - repository: dtos-devops-templates
       type: github
       name: NHSDigital/dtos-devops-templates
-      ref: 2f8731f9c7d6b9d53b7044979e381377b2c85bcd
+      ref: c00889236a258a52a2f3131272427ce81d4da951
       endpoint: NHSDigital
 
 variables:
@@ -22,7 +22,7 @@ variables:
   - name: TF_DIRECTORY
     value: $(System.DefaultWorkingDirectory)/$(System.TeamProject)/infrastructure/tf-audit
   - name: TF_VERSION
-    value: 1.9.2
+    value: 1.11.4
   - name: TF_PLAN_ARTIFACT
     value: tf_plan_audit_NFT
   - name: ENVIRONMENT

.azuredevops/pipelines/cd-infrastructure-preprod-audit.yaml

@@ -13,7 +13,7 @@ resources:
     - repository: dtos-devops-templates
       type: github
       name: NHSDigital/dtos-devops-templates
-      ref: 2f8731f9c7d6b9d53b7044979e381377b2c85bcd
+      ref: c00889236a258a52a2f3131272427ce81d4da951
       endpoint: NHSDigital
 
 variables:
@@ -22,7 +22,7 @@ variables:
   - name: TF_DIRECTORY
     value: $(System.DefaultWorkingDirectory)/$(System.TeamProject)/infrastructure/tf-audit
   - name: TF_VERSION
-    value: 1.9.2
+    value: 1.11.4
   - name: TF_PLAN_ARTIFACT
     value: tf_plan_audit_PRE
   - name: ENVIRONMENT

.azuredevops/pipelines/cd-infrastructure-sandbox-audit.yaml

@@ -0,0 +1,86 @@
+---
+
+name: $(Build.SourceBranchName)-$(Date:yyyyMMdd)_$(Rev:r)
+trigger: none
+pr: none
+
+pool:
+  #vmImage: ubuntu-latest
+  name: private-pool-dev-uks
+
+resources:
+  repositories:
+    - repository: dtos-devops-templates
+      type: github
+      name: NHSDigital/dtos-devops-templates
+      ref: c00889236a258a52a2f3131272427ce81d4da951
+      endpoint: NHSDigital
+
+parameters:
+  - name: pipelineAction
+    displayName: 'Pipeline Action'
+    type: string
+    values:
+      - 'PlanOnly'
+      - 'Apply'
+      - 'Destroy'
+    default: 'Apply'
+
+variables:
+  - group: SBX_audit_backend
+  - group: DEV_hub_backend_remote_state
+  - name: TF_DIRECTORY
+    value: $(System.DefaultWorkingDirectory)/$(System.TeamProject)/infrastructure/tf-audit
+  - name: TF_VERSION
+    value: 1.11.4
+  - name: TF_PLAN_ARTIFACT
+    value: tf_plan_audit_SANDBOX
+  - name: ENVIRONMENT
+    value: sandbox
+
+stages:
+  - stage: terraform_plan
+    displayName: Terraform Plan
+    condition: and(in('${{ parameters.pipelineAction }}', 'Apply', 'PlanOnly'), eq(variables['Build.Reason'], 'Manual'))
+    variables:
+      tfVarsFile: environments/$(ENVIRONMENT).tfvars
+    jobs:
+      - job: init_and_plan
+        displayName: Init, plan, store artifact
+        steps:
+          - checkout: self
+          - checkout: dtos-devops-templates
+          - template: .azuredevops/templates/steps/tf_plan.yaml@dtos-devops-templates
+
+  - stage: terraform_apply
+    displayName: Terraform Apply
+    dependsOn: [terraform_plan]
+    condition: and(eq('${{ parameters.pipelineAction }}', 'Apply'), eq(dependencies.terraform_plan.outputs['init_and_plan.TerraformPlan.changesPresent'], 'true'), eq(variables['Build.Reason'], 'Manual'))
+    jobs:
+      - deployment: terraform_apply
+        displayName: Init, get plan artifact, apply
+        environment: $(ENVIRONMENT)
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - checkout: self
+                - checkout: dtos-devops-templates
+                - template: .azuredevops/templates/steps/tf_apply.yaml@dtos-devops-templates
+
+  - stage: terraform_destroy
+    displayName: Terraform Destroy
+    condition: and(eq('${{ parameters.pipelineAction }}', 'Destroy'), eq(variables['Build.Reason'], 'Manual'))
+    variables:
+      tfVarsFile: environments/$(ENVIRONMENT).tfvars
+    jobs:
+      - deployment: terraform_destroy
+        displayName: Terraform Destroy
+        environment: $(ENVIRONMENT)
+        strategy:
+          runOnce:
+            deploy:
+              steps:
+                - checkout: self
+                - checkout: dtos-devops-templates
+                - template: .azuredevops/templates/steps/tf_destroy.yaml@dtos-devops-templates

infrastructure/tf-audit/environments/sandbox.tfvars

@@ -0,0 +1,57 @@
+application           = "cohman"
+application_full_name = "cohort-manager"
+environment           = "SBX"
+
+features = {
+  private_endpoints_enabled              = true
+  private_service_connection_is_manual   = false
+  public_network_access_enabled          = false
+  log_analytics_data_export_rule_enabled = false
+}
+
+tags = {
+  Project = "Cohort-Manager"
+}
+
+regions = {
+  uksouth = {
+    is_primary_region = true
+    address_space     = "10.127.0.0/16"
+    connect_peering   = true
+    subnets = {
+      pep = {
+        cidr_newbits = 8
+        cidr_offset  = 1
+      }
+    }
+  }
+}
+
+app_insights = {
+  appinsights_type = "web"
+}
+
+law = {
+  law_sku            = "PerGB2018"
+  retention_days     = 30
+  export_enabled     = false
+  export_table_names = ["Alert"]
+}
+
+storage_accounts = {
+  sqllogs = {
+    name_suffix                             = "sqllogs"
+    account_tier                            = "Standard"
+    replication_type                        = "LRS"
+    public_network_access_enabled           = false
+    blob_properties_delete_retention_policy = 7
+    blob_properties_versioning_enabled      = true
+    containers = {
+      vulnerability-assessment = {
+        container_name        = "vulnerability-assessment"
+        container_access_type = "private"
+      }
+    }
+
+  }
+}

infrastructure/tf-audit/outputs.tf

@@ -1,3 +1,11 @@
+
+output "application_insights" {
+  value = {
+    name                = module.app_insights_audit[local.primary_region].name
+    resource_group_name = module.app_insights_audit[local.primary_region].resource_group_name
+  }
+}
+
 output "log_analytics_workspace_id" {
   value = { for k, v in module.log_analytics_workspace_audit : k => v.id }
 }

infrastructure/tf-audit/providers.tf

@@ -3,9 +3,8 @@ terraform {
   required_version = ">= 1.9.2"
   required_providers {
     azurerm = {
-      source = "hashicorp/azurerm"
-      # version = ">= 4.2.0"
-      version = "= 3.112.0"
+      source  = "hashicorp/azurerm"
+      version = "4.26"
     }
     azuread = {
       source  = "hashicorp/azuread"