chore(deps): update terraform azurerm to v4.58.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
azurerm (source)	required_provider	minor	4.51.0 → 4.58.0
azurerm (source)	required_provider	minor	4.9.0 → 4.58.0

---

Release Notes

hashicorp/terraform-provider-azurerm (azurerm)

v4.58.0

Compare Source

FEATURES:

• New Data Source: azurerm_network_security_perimeter (#​31356)
• New Data Source: azurerm_network_security_perimeter_profile (#​31356)
• New Resource: azurerm_network_security_perimeter (#​31356)
• New Resource: azurerm_network_security_perimeter_access_rule (#​31356)
• New Resource: azurerm_network_security_perimeter_association (#​31356)
• New Resource: azurerm_network_security_perimeter_profile (#​31356)
• New List Resource: azurerm_resource_group (#​31270)

ENHANCEMENTS:

• dependencies: go-azure-sdk - update to v0.20251219.1184026 (#​31397)
• azurerm_backup_policy_file_share - add support for backup_tier and snapshot_retention_in_days (#​29243)
• azurerm_cosmosdb_cassandra_cluster - version now supports 4.1 and 5.0 (#​31424)
• azurerm_function_app_flex_consumption - the maximum_instance_count property now allows values from 1 - 1000 (#​31392)
• azurerm_kubernetes_cluster - network_data_plane and network_policy now support updating to cilium (#​30958)
• azurerm_kusto_eventhub_data_connection - add support for retrieval_start_date (#​31445)
• azurerm_kusto_iothub_data_connection - add support for retrieval_start_date (#​31413)
• azurerm_kusto_script - add support for script_level and principal_permissions_action (#​31403)
• azurerm_linux_function_app - add support for 24 to site_config.application_stack.node_version (#​31098)
• azurerm_linux_function_app_slot - add support for 24 to site_config.application_stack.node_version (#​31098)
• azurerm_linux_web_app - add support for 24-lts to site_config.application_stack.node_version (#​31098)
• azurerm_linux_web_app_slot - add support for 24-lts to site_config.application_stack.node_version (#​31098)
• azurerm_mssql_managed_instance - increase storage_size_in_gb maximum to 32768 (#​31387)
• azurerm_netapp_volume_group_oracle - service_level now supports Flexible (#​31508)
• azurerm_netapp_volume_group_sap_hana - service_level now supports Flexible (#​31508)
• azurerm_network_manager_routing_configuration - add support for the route_table_usage_mode property (#​31463)
• azurerm_windows_function_app - add support for ~24 to site_config.application_stack.node_version (#​31248)
• azurerm_windows_function_app_slot - add support for ~24 to site_config.application_stack.node_version (#​31248)
• data.azurerm_container_registry - admin_password is now sensitive (#​31428)

BUG FIXES:

• azurerm_api_management - fix an issue that prevented updates to hostname_configuration.*.key_vault_certificate_id (#​31534)
• azurerm_api_management_custom_domain - fix an issue that prevented updates to [management|portal|developer_portal|scm|gateway].key_vault_certificate_id (#​31534)
• azurerm_container_app_custom_domain - no longer error during read when container app is deleted outside of Terraform (#​31523)
• azurerm_databricks_workspace - removed a legacy workaround that prevented apply operations from succeeding when managed_disk_cmk_rotation_to_latest_version_enabled and tags were updated simultaneously (#​31509)
• azurerm_storage_account - can now update a Storage Standard ZRS account (#​31431)
• clients - fix correlation id across many clients (#​31368)

v4.57.0

Compare Source

NOTE: This release removes the Mobile Network (azurerm_mobile_network*) resources and data sources due to Azure having retired the service

FEATURES:

• New Resource: azurerm_automation_runtime_environment (#​30991)

ENHANCEMENTS:

• azurerm_data_protection_backup_vault_customer_managed_key - the key_vault_key_id property now supports keys from a Managed HSM vault (#​31365)
• azurerm_kubernetes_cluster - support for the node_provisioning_profile block (#​30517)
• azurerm_log_analytics_cluster_customer_managed_key - the key_vault_key_id property now supports keys from a Managed HSM vault (#​31375)
• azurerm_mssql_database - the transparent_data_encryption_key_vault_key_id property now supports keys from a Managed HSM vault (#​31373)

BUG FIXES:

• azurerm_data_factory - fix ID parsing errors when customer_managed_key_identity_id is an empty string (#​28621)
• azurerm_eventhub - partition_count can now be updated for dedicated clusters (#​30993)
• azurerm_linux_function_app - fix panic when deployed without all required permissions (#​31344)

v4.56.0

Compare Source

ENHANCEMENTS:

• dependencies: healthbot - update to API version 2025-05-25 (#​31328)
• dependencies: terraform-plugin-testing - update to v1.14.0 (#​31334)
• Data Source: azurerm_cognitive_account - add support for new attributes (#​30778)
• azurerm_cognitive_account - add support for the kind property to rollback or upgrade from OpenAI to AIServices (#​31063)
• azurerm_databricks_workspace_root_dbfs_customer_managed_key - the key_vault_key_id property now supports keys from Managed HSM Vaults (#​31336)
• azurerm_databricks_workspace_root_dbfs_customer_managed_key - the key_vault_key_id property now supports versionless keys (#​31336)
• azurerm_healthbot - add support for the C1 and PES SKUs (#​31328)
• azurerm_lb fix ignore_changes behaviour in updatable properties (#​31318)
• azurerm_network_manager_network_group - add support for the member_type property [GH-30672
• azurerm_network_manager_static_member - add support for using a subnet as the target resource (#​30672)
• azurerm_virtual_network_gateway - add support for the ErGwScale SKU (#​31082)

BUG FIXES:

• azurerm_container_app_environment_certificate - fix an issue that prevented creating the resource with an empty value for certificate_password (#​31335)
• azurerm_databricks_workspace_root_dbfs_customer_managed_key - fix a panic that occurred when the customer managed key was removed from the workspace outside of Terraform (#​31336)
• azurerm_databricks_workspace_root_dbfs_customer_managed_key - fix the timeout for the delete operation (#​31336)
• azurerm_storage_blob_inventory_policy - fix setting Resource Identity data (#​31313)

v4.55.0

Compare Source

FEATURES:

• New Data Source: azurerm_api_management_workspace (#​30241)
• New Resource: azurerm_cognitive_account_project (#​30916)
• New Resource: azurerm_log_analytics_workspace_table_custom_log (#​30800)
• New Resource: azurerm_mongo_cluster_user (#​31205)
• New Resource: azurerm_palo_alto_next_generation_firewall_virtual_hub_strata_cloud_manager (#​30613)
• New Resource: azurerm_palo_alto_next_generation_firewall_virtual_network_strata_cloud_manager (#​30613)
• New List Resource: azurerm_private_dns_zone (#​31157)

ENHANCEMENTS:

• dependencies: containerregistry - update to API version 2025-04-01 (#​30205)
• dependencies: go-azure-helpers - update to v0.75.1 (#​31148)
• dependencies: go-azure-sdk - update to v0.20251202.1181053 (#​31253)
• dependencies: managedidentity - upgrade API version to 2024-11-30 (#​30535)
• dependencies: postgres - update to API version 2025-08-01 (#​31162)
• azurerm_cognitive_account - update validation for customer_managed_key.key_vault_key_id to allow managed HSM keys as input (#​31147)
• azurerm_container_app_environment - extend validation for workload_profile_type for additional supported SKUs (#​30738)
• azurerm_container_app_environment_certificate - add support for the certificate_key_vault block (#​30510)
• azurerm_data_factory - update validation for customer_managed_key_id to allow managed HSM keys as input (#​31146)
• azurerm_mongo_cluster - support for new properties customer_managed_key, data_api_mode_enabled, identity, restore, authentication_methods and storage_type (#​31100)
• azurerm_mysql_flexible_server - add support for MySQL version 8.4 (#​31099)
• azurerm_oracle_autonomous_database - the admin_password property is no longer ForceNew (#​30966)
• azurerm_postgresql_flexible_server - update validation for customer_managed_key.key_vault_key_id and customer_managed_key.geo_backup_key_vault_key_id to allow managed HSM keys as input (#​31148)
• azurerm_postgresql_flexible_server - add support for PostgreSQL version 18 (#​31162)
• azurerm_storage_encryption_scope - update validation for key_vault_key_id to allow managed HSM keys as input (#​31145)

BUG FIXES:

• Data Source: azurerm_ssh_public_key - fix normalisation for public_key to avoid removing a literal EOT from the base64 encoded content (#​31249)
• azurerm_data_protection_backup_vault - poll delete request for completion (#​31202)
• azurerm_function_app_hybrid_connection - remove validation preventing resource import when using an elastic service plan SKU (#​31134)
• azurerm_key_vault_key - not_before_date and expiration_date are now set into state when empty, fixing an issue where drift was not detected (#​31192)
• azurerm_key_vault_secret - not_before_date and expiration_date are now set into state when empty, fixing an issue where drift was not detected (#​31192)
• azurerm_kubernetes_cluster - fix drift on azure_policy_enabled when updating cluster (#​30917)
• azurerm_kubernetes_fleet_update_run - fix a nil pointer dereference to prevent panics (#​31213)
• azurerm_lb_nat_rule - fix an issue that prevented changing floating_ip_enabled and tcp_reset_enabled from true to false (#​31244)
• azurerm_lb_outbound_rule - fix an issue that prevented changing tcp_reset_enabled from true to false (#​31244)
• azurerm_lb_rule - fix an issue that prevented changing floating_ip_enabled and tcp_reset_enabled from true to false (#​31244)
• azurerm_private_endpoint - ensure Resource Identity data is set on create to avoid Missing Resource Identity After Create errors (#​31246)
• azurerm_resource_group - fix poller for the prevent_deletion_if_contains_resources feature, resolving an Azure eventual consistency issue (#​31253)
• azurerm_storage_account - ensure Resource Identity data is set on create to avoid Missing Resource Identity After Create errors (#​31246)
• azurerm_traffic_manager_profile - fix an issue that prevented changing traffic_view_enabled from true to false (#​31066)

v4.54.0

Compare Source

FEATURES:

• New Action: azurerm_cdn_front_door_cache_purge (#​30765)
• New Action: azurerm_data_protection_backup_instance_protect (#​31085)
• New Action: azurerm_managed_redis_databases_flush (#​31132)
• New Action: azurerm_mssql_execute_job (#​31095)
• New List Resource: azurerm_network_interface (#​31012)
• New List Resource: azurerm_network_profile (#​31127)
• New List Resource: azurerm_network_security_group (#​31014)
• New List Resource: azurerm_route_table (#​31015)

ENHANCEMENTS:

• dependencies: go-azure-sdk - update to v0.20251107.1191907 (#​31095)
• Data Source: azurerm_container_app - add support for the template.cooldown_period_in_seconds and template.polling_interval_in_seconds properties (#​29426)
• azurerm_container_app - add support for the template.cooldown_period_in_seconds and template.polling_interval_in_seconds properties (#​29426)
• azurerm_linux_function_app - add support for dotnet_version 10.0 (#​31007)
• azurerm_linux_function_app_slot - add support for dotnet_version 10.0 (#​31007)
• azurerm_linux_web_app - add support for dotnet_version 10.0 (#​31007)
• azurerm_linux_web_app_slot - add support for dotnet_version 10.0 (#​31007)
• azurerm_managed_redis - add support for persistence_append_only_file_backup_frequency and persistence_redis_database_backup_frequency properties (#​30964)
• azurerm_resource_group - refactored from legacy SDK to use go-azure-sdk (#​30616)
• azurerm_service_plan - suppress casing difference on sku_name (#​30907)
• azurerm_storage_share_directory - Deprecate storage_share_id in favour of storage_share_url (#​28457)
• azurerm_storage_share_file - Deprecate storage_share_id in favour of storage_share_url (#​28457)
• azurerm_windows_function_app - add support for dotnet_version v10.0 (#​31007)
• azurerm_windows_function_app_slot - add support for dotnet_version v10.0 (#​31007)
• azurerm_windows_web_app - add support for dotnet_version v10.0 (#​31007)
• azurerm_windows_web_app_slot - add support for dotnet_version v10.0 (#​31007)

BUG FIXES:

• azurerm_orchestrated_virtual_machine_scale_set - Fix issue when using a specialized image (#​30889)
• azurerm_virtual_network - remove RO values from update to avoid issues with API payload size limitation (#​30945)

v4.53.0

Compare Source

FEATURES:

• New Resource: azurerm_api_management_workspace_certificate (#​30628)
• New Resource: azurerm_mongo_cluster_firewall_rule (#​31062)

ENHANCEMENTS:

• dependencies: automation - update to API version 2024-10-23 (#​30890)
• dependencies: go-azure-sdk - update to v0.20251029.1173336 (#​31051)
• dependencies: managedredis - update to API Version 2025-07-01 (#​31051)
• dependencies: mongocluster - update to API version 2025-09-01 (#​30982)
• azurerm_api_management_backend - add support for the circuit_breaker_rule block (#​30471)
• azurerm_dynatrace_monitor - support for the YEARLY value in the billing_cycle property (#​31078)
• azurerm_kubernetes_cluster_node_pool - support for the undrainable_node_behavior and max_unavailable properties (#​30563)
• azurerm_managed_disk - support expanding Ultra Disks and Premium SSD v2 disk without downtime (#​30593)
• azurerm_managed_redis - add support for public_network_access (#​31051)
• azurerm_storage_table_entity - resource is now removed from state if it no longer exists in Azure (#​31064)
• azurerm_synapse_spark_pool - add support for spark_version 3.5 (#​30900)
• data.azurerm_postgresql_flexible_server - add support for zone and high_availability (#​31034)

BUG FIXES:

• azurerm_dynatrace_monitor - the phone_number and country properties are no longer Required (#​31077)
• azurerm_dynatrace_tag_rules - the log_rule.filtering_tag property is no longer required (#​31065)
• azurerm_dynatrace_tag_rules - the metric_rule.filtering_tag property is no longer required (#​31065)
• azurerm_kubernetes_cluster - fix crash in use of azure_active_directory_role_based_access_control (#​31101)
• azurerm_logic_app_workflow - fix inaccurate error messages (#​30963)
• azurerm_virtual_network_gateway - fix validation for policy_group.name and vpn_client_configuration.virtual_network_gateway_client_connection.policy_group_names (#​30454)

v4.52.0

Compare Source

NOTE: This release removes the azurerm_spatial_anchors_account resource and data source due to Azure having retired the service

FEATURES:

• New Resource: azurerm_api_management_workspace_api_version_set (#​30498)

ENHANCEMENTS:

• dependencies: Go updated to v1.25.3 (#​31020)
• Data Source: azurerm_application_gateway - add support for the backend_http_settings.dedicated_backend_connection_enabled property (#​31033)
• azurerm_application_gateway - add support for the backend_http_settings.dedicated_backend_connection_enabled property (#​31033)
• azurerm_machine_learning_datastore_blobstorage - improve validation for storage_container_id (#​31002)
• azurerm_machine_learning_datastore_datalake_gen2 - improve validation for storage_container_id (#​31002)
• azurerm_windows_web_app - add support for the virtual_network_image_pull_enabled property (#​30920)
• azurerm_windows_web_app_slot - add support for the virtual_network_image_pull_enabled property (#​30920)

BUG FIXES:

• azurerm_container_registry_task - prevent a panic by adding a nil check (#​31043)

---

Configuration

📅 Schedule: Branch creation - "after 7am and before 11am every weekday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Code Review Feedback

1. Consistency in Version Pinning

• The provider version has been updated consistently to 4.58.0. This is good for ensuring all modules use the same provider version. However, consider specifying a version range using a caret (^) or tilde (~) to allow for minor patch updates without manual intervention. For example:
  hcl
  version = "~> 4.58"

  
  This will allow updates within the same major version, reducing long-term maintenance while avoiding breaking changes from major version bumps.
  
  

2. Provider Block Validation

• If a configuration_aliases block is present, ensure these configurations are compatible with the updated provider version 4.58.0. Verify via changelogs or documentation, as breaking changes in aliases may exist in a >4 version bump.

3. Gentle Upgrade Path

• When upgrading from 4.9.0 (in some modules) and 4.51.0 (in others), confirm that there have been no breaking changes between versions that affect your infrastructure code. Review the azurerm provider changelog for significant updates that might require code adjustments.

4. Terraform Block Version

• If not already done, ensure the terraform block specifies a required Terraform version:

  terraform {
    required_version = \">= 1.5.0\"
  }

  This ensures compatibility between the Terraform CLI and provider versions.

5. Update Testing Plan

• With provider upgrades, plan to re-run terraform plan on all environments to verify that no unexpected resource changes or deprecations occur. Add a note in the README or documentation to inform future maintainers of testing for such updates.

6. Carbon and Cost Implications

• While the azurerm provider version update itself shouldn't directly affect costs or carbon footprint, updated features or options in newer versions may allow configurations that optimize pricing or efficiency. Consider investigating if version 4.58.0 introduces such functionalities.

7. Lock Provider Versions

• Ensure that a provider.tf.lock.hcl file exists and is up-to-date. This ensures reproducibility by "locking" the provider version. To update this, run:

  terraform providers lock
  

By addressing these points, you’ll improve maintainability, reduce risks associated with version upgrades, and ensure alignment with Terraform best practices.

[hmcts-platform-operations]

Plan Result (766: Genesis_sbox - Genesis)

Plan: 0 to add, 1 to change, 0 to destroy.

• Update
  • module.genesis.azurerm_resource_group.genesis_resource_group

Change Result (Click me)

  # module.genesis.azurerm_resource_group.genesis_resource_group will be updated in-place
  ~ resource "azurerm_resource_group" "genesis_resource_group" {
        id         = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/genesis-rg"
        name       = "genesis-rg"
      ~ tags       = {
          + "application"  = "core"
          + "builtFrom"    = "hmcts/aks-cft-deploy"
          + "businessArea" = "CFT"
          + "criticality"  = "Low"
          + "environment"  = "sandbox"
          + "expiresAfter" = "3000-01-01"
        }
        # (2 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

[hmcts-platform-operations]

Plan Result (766: Network_sbox - NetworkRg)

No changes. Your infrastructure matches the configuration.

[hmcts-platform-operations]

Plan Result (766: Aks_sbox - DeployInfrastructure)

Plan: 2 to add, 4 to change, 0 to destroy.

• Create
  • azurerm_resource_group.disks_resource_group
  • azurerm_role_assignment.disk
• Update
  • module.kubernetes["00"].azurerm_kubernetes_cluster.kubernetes_cluster
  • module.kubernetes["00"].azurerm_kubernetes_cluster_node_pool.additional_node_pools["cronjob"]
  • module.kubernetes["00"].azurerm_kubernetes_cluster_node_pool.additional_node_pools["linux"]
  • module.kubernetes["01"].azurerm_kubernetes_cluster.kubernetes_cluster

Change Result (Click me)

  # azurerm_resource_group.disks_resource_group will be created
  + resource "azurerm_resource_group" "disks_resource_group" {
      + id       = (known after apply)
      + location = "uksouth"
      + name     = "disks-sbox-rg"
      + tags     = {
          + "application"  = "core"
          + "autoShutdown" = "true"
          + "builtFrom"    = "hmcts/aks-cft-deploy"
          + "businessArea" = "CFT"
          + "criticality"  = "Low"
          + "environment"  = "sandbox"
          + "expiresAfter" = "3000-01-01"
        }
    }

  # azurerm_role_assignment.disk will be created
  + resource "azurerm_role_assignment" "disk" {
      + condition_version                = (known after apply)
      + id                               = (known after apply)
      + name                             = (known after apply)
      + principal_id                     = "ff47ab8f-e4d9-48f2-ad31-af5933824849"
      + principal_type                   = (known after apply)
      + role_definition_id               = (known after apply)
      + role_definition_name             = "Virtual Machine Contributor"
      + scope                            = (known after apply)
      + skip_service_principal_aad_check = (known after apply)
    }

  # module.kubernetes["00"].azurerm_kubernetes_cluster.kubernetes_cluster will be updated in-place
  ~ resource "azurerm_kubernetes_cluster" "kubernetes_cluster" {
        id                                  = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-00-rg/providers/Microsoft.ContainerService/managedClusters/cft-sbox-00-aks"
      ~ image_cleaner_enabled               = true -> false
      - image_cleaner_interval_hours        = 24 -> null
      ~ kubernetes_version                  = "1.33.3" -> "1.32"
        name                                = "cft-sbox-00-aks"
      ~ run_command_enabled                 = false -> true
        tags                                = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/aks-cft-deploy"
            "businessArea" = "CFT"
            "criticality"  = "Low"
            "environment"  = "sandbox"
            "expiresAfter" = "3000-01-01"
        }
        # (35 unchanged attributes hidden)

      ~ default_node_pool {
            name                          = "system"
          ~ orchestrator_version          = "1.33.3" -> "1.32"
            tags                          = {
                "application"  = "core"
                "autoShutdown" = "true"
                "builtFrom"    = "hmcts/aks-cft-deploy"
                "businessArea" = "CFT"
                "criticality"  = "Low"
                "environment"  = "sandbox"
                "expiresAfter" = "3000-01-01"
            }
            # (30 unchanged attributes hidden)

            # (1 unchanged block hidden)
        }

      - upgrade_override {
          - effective_until       = "2025-10-23T23:59:59Z" -> null
          - force_upgrade_enabled = true -> null
        }

        # (10 unchanged blocks hidden)
    }

  # module.kubernetes["00"].azurerm_kubernetes_cluster_node_pool.additional_node_pools["cronjob"] will be updated in-place
  ~ resource "azurerm_kubernetes_cluster_node_pool" "additional_node_pools" {
        id                            = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-00-rg/providers/Microsoft.ContainerService/managedClusters/cft-sbox-00-aks/agentPools/cronjob"
        name                          = "cronjob"
      ~ orchestrator_version          = "1.33.3" -> "1.32"
        tags                          = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/aks-cft-deploy"
            "businessArea" = "CFT"
            "criticality"  = "Low"
            "environment"  = "sandbox"
            "expiresAfter" = "3000-01-01"
        }
        # (30 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # module.kubernetes["00"].azurerm_kubernetes_cluster_node_pool.additional_node_pools["linux"] will be updated in-place
  ~ resource "azurerm_kubernetes_cluster_node_pool" "additional_node_pools" {
        id                            = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-00-rg/providers/Microsoft.ContainerService/managedClusters/cft-sbox-00-aks/agentPools/linux"
        name                          = "linux"
      ~ orchestrator_version          = "1.33.3" -> "1.32"
        tags                          = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/aks-cft-deploy"
            "businessArea" = "CFT"
            "criticality"  = "Low"
            "environment"  = "sandbox"
            "expiresAfter" = "3000-01-01"
        }
        # (30 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # module.kubernetes["01"].azurerm_kubernetes_cluster.kubernetes_cluster will be updated in-place
  ~ resource "azurerm_kubernetes_cluster" "kubernetes_cluster" {
        id                                  = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-01-rg/providers/Microsoft.ContainerService/managedClusters/cft-sbox-01-aks"
        name                                = "cft-sbox-01-aks"
        tags                                = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/aks-cft-deploy"
            "businessArea" = "CFT"
            "criticality"  = "Low"
            "environment"  = "sandbox"
            "expiresAfter" = "3000-01-01"
        }
        # (39 unchanged attributes hidden)

      - upgrade_override {
          - force_upgrade_enabled = false -> null
            # (1 unchanged attribute hidden)
        }

        # (11 unchanged blocks hidden)
    }

Plan: 2 to add, 4 to change, 0 to destroy.

ℹ️ Objects have changed outside of Terraform

This feature was introduced from Terraform v0.15.4.

Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:

  # azurerm_resource_group.disks_resource_group has been deleted
  - resource "azurerm_resource_group" "disks_resource_group" {
      - id         = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/disks-sbox-rg" -> null
        name       = "disks-sbox-rg"
        tags       = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/aks-cft-deploy"
            "businessArea" = "CFT"
            "criticality"  = "Low"
            "environment"  = "sandbox"
            "expiresAfter" = "3000-01-01"
        }
        # (2 unchanged attributes hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the

[hmcts-platform-operations]

Plan Result (766: Aks_sbox - DeployInfrastructuremis)

No changes. Your infrastructure matches the configuration.

[hmcts-platform-operations]

Plan Result (766: Aks_ithc - DeployInfrastructure)

Plan: 2 to add, 1 to change, 0 to destroy.

• Create
  • azurerm_resource_group.disks_resource_group
  • azurerm_role_assignment.disk
• Update
  • module.kubernetes["00"].azurerm_kubernetes_cluster.kubernetes_cluster

Change Result (Click me)

  # azurerm_resource_group.disks_resource_group will be created
  + resource "azurerm_resource_group" "disks_resource_group" {
      + id       = (known after apply)
      + location = "uksouth"
      + name     = "disks-ithc-rg"
      + tags     = {
          + "application"  = "core"
          + "autoShutdown" = "true"
          + "builtFrom"    = "hmcts/aks-cft-deploy"
          + "businessArea" = "CFT"
          + "criticality"  = "Medium"
          + "environment"  = "ithc"
        }
    }

  # azurerm_role_assignment.disk will be created
  + resource "azurerm_role_assignment" "disk" {
      + condition_version                = (known after apply)
      + id                               = (known after apply)
      + name                             = (known after apply)
      + principal_id                     = "fcf1fd52-1e62-4827-b8f7-7088bc9dd488"
      + principal_type                   = (known after apply)
      + role_definition_id               = (known after apply)
      + role_definition_name             = "Virtual Machine Contributor"
      + scope                            = (known after apply)
      + skip_service_principal_aad_check = (known after apply)
    }

  # module.kubernetes["00"].azurerm_kubernetes_cluster.kubernetes_cluster will be updated in-place
  ~ resource "azurerm_kubernetes_cluster" "kubernetes_cluster" {
        id                                  = "/subscriptions/62864d44-5da9-4ae9-89e7-0cf33942fa09/resourceGroups/cft-ithc-00-rg/providers/Microsoft.ContainerService/managedClusters/cft-ithc-00-aks"
        name                                = "cft-ithc-00-aks"
        tags                                = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/aks-cft-deploy"
            "businessArea" = "CFT"
            "criticality"  = "Medium"
            "environment"  = "ithc"
        }
        # (39 unchanged attributes hidden)

      - upgrade_override {
          - force_upgrade_enabled = false -> null
            # (1 unchanged attribute hidden)
        }

        # (11 unchanged blocks hidden)
    }

Plan: 2 to add, 1 to change, 0 to destroy.

ℹ️ Objects have changed outside of Terraform

This feature was introduced from Terraform v0.15.4.

Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:

  # azurerm_resource_group.disks_resource_group has been deleted
  - resource "azurerm_resource_group" "disks_resource_group" {
      - id         = "/subscriptions/62864d44-5da9-4ae9-89e7-0cf33942fa09/resourceGroups/disks-ithc-rg" -> null
        name       = "disks-ithc-rg"
        tags       = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/aks-cft-deploy"
            "businessArea" = "CFT"
            "criticality"  = "Medium"
            "environment"  = "ithc"
        }
        # (2 unchanged attributes hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the

[hmcts-platform-operations]

Plan Result (766: Aks_ptlsbox - DeployInfrastructure)

Plan: 0 to add, 1 to change, 0 to destroy.

• Update
  • module.kubernetes["00"].azurerm_kubernetes_cluster.kubernetes_cluster

Change Result (Click me)

  # module.kubernetes["00"].azurerm_kubernetes_cluster.kubernetes_cluster will be updated in-place
  ~ resource "azurerm_kubernetes_cluster" "kubernetes_cluster" {
        id                                  = "/subscriptions/1497c3d7-ab6d-4bb7-8a10-b51d03189ee3/resourceGroups/cft-ptlsbox-00-rg/providers/Microsoft.ContainerService/managedClusters/cft-ptlsbox-00-aks"
        name                                = "cft-ptlsbox-00-aks"
        tags                                = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/aks-cft-deploy"
            "businessArea" = "CFT"
            "criticality"  = "Low"
            "environment"  = "sandbox"
            "expiresAfter" = "3000-01-01"
        }
        # (39 unchanged attributes hidden)

      - upgrade_override {
          - force_upgrade_enabled = false -> null
            # (1 unchanged attribute hidden)
        }

        # (11 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

⚠️ Errors

• failed to add a label 766: Aks_ptlsbox - DeployInfrastructure/add-or-update: label name is too long (max: 50)

[hmcts-platform-operations]

Plan Result (766: Aks_demo - DeployInfrastructure)

Plan: 2 to add, 2 to change, 0 to destroy.

• Create
  • azurerm_resource_group.disks_resource_group
  • azurerm_role_assignment.disk
• Update
  • module.kubernetes["00"].azurerm_kubernetes_cluster.kubernetes_cluster
  • module.kubernetes["01"].azurerm_kubernetes_cluster.kubernetes_cluster

Change Result (Click me)

  # azurerm_resource_group.disks_resource_group will be created
  + resource "azurerm_resource_group" "disks_resource_group" {
      + id       = (known after apply)
      + location = "uksouth"
      + name     = "disks-demo-rg"
      + tags     = {
          + "application"  = "core"
          + "autoShutdown" = "true"
          + "builtFrom"    = "hmcts/aks-cft-deploy"
          + "businessArea" = "CFT"
          + "criticality"  = "Medium"
          + "environment"  = "demo"
        }
    }

  # azurerm_role_assignment.disk will be created
  + resource "azurerm_role_assignment" "disk" {
      + condition_version                = (known after apply)
      + id                               = (known after apply)
      + name                             = (known after apply)
      + principal_id                     = "a16e4c77-50e4-467f-9a3f-6b5f809b271d"
      + principal_type                   = (known after apply)
      + role_definition_id               = (known after apply)
      + role_definition_name             = "Virtual Machine Contributor"
      + scope                            = (known after apply)
      + skip_service_principal_aad_check = (known after apply)
    }

  # module.kubernetes["00"].azurerm_kubernetes_cluster.kubernetes_cluster will be updated in-place
  ~ resource "azurerm_kubernetes_cluster" "kubernetes_cluster" {
        id                                  = "/subscriptions/d025fece-ce99-4df2-b7a9-b649d3ff2060/resourceGroups/cft-demo-00-rg/providers/Microsoft.ContainerService/managedClusters/cft-demo-00-aks"
        name                                = "cft-demo-00-aks"
        tags                                = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/aks-cft-deploy"
            "businessArea" = "CFT"
            "criticality"  = "Medium"
            "environment"  = "demo"
        }
        # (39 unchanged attributes hidden)

      - upgrade_override {
          - force_upgrade_enabled = false -> null
            # (1 unchanged attribute hidden)
        }

        # (11 unchanged blocks hidden)
    }

  # module.kubernetes["01"].azurerm_kubernetes_cluster.kubernetes_cluster will be updated in-place
  ~ resource "azurerm_kubernetes_cluster" "kubernetes_cluster" {
        id                                  = "/subscriptions/d025fece-ce99-4df2-b7a9-b649d3ff2060/resourceGroups/cft-demo-01-rg/providers/Microsoft.ContainerService/managedClusters/cft-demo-01-aks"
        name                                = "cft-demo-01-aks"
        tags                                = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/aks-cft-deploy"
            "businessArea" = "CFT"
            "criticality"  = "Medium"
            "environment"  = "demo"
        }
        # (39 unchanged attributes hidden)

      - upgrade_override {
          - force_upgrade_enabled = false -> null
            # (1 unchanged attribute hidden)
        }

        # (11 unchanged blocks hidden)
    }

Plan: 2 to add, 2 to change, 0 to destroy.

ℹ️ Objects have changed outside of Terraform

This feature was introduced from Terraform v0.15.4.

Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:

  # azurerm_resource_group.disks_resource_group has been deleted
  - resource "azurerm_resource_group" "disks_resource_group" {
      - id         = "/subscriptions/d025fece-ce99-4df2-b7a9-b649d3ff2060/resourceGroups/disks-demo-rg" -> null
        name       = "disks-demo-rg"
        tags       = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/aks-cft-deploy"
            "businessArea" = "CFT"
            "criticality"  = "Medium"
            "environment"  = "demo"
        }
        # (2 unchanged attributes hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the

[hmcts-platform-operations]

Plan Result (766: Aks_perftest - DeployInfrastructure)

Plan: 2 to add, 2 to change, 0 to destroy.

• Create
  • azurerm_resource_group.disks_resource_group
  • azurerm_role_assignment.disk
• Update
  • module.kubernetes["00"].azurerm_kubernetes_cluster.kubernetes_cluster
  • module.kubernetes["01"].azurerm_kubernetes_cluster.kubernetes_cluster

Change Result (Click me)

  # azurerm_resource_group.disks_resource_group will be created
  + resource "azurerm_resource_group" "disks_resource_group" {
      + id       = (known after apply)
      + location = "uksouth"
      + name     = "disks-perftest-rg"
      + tags     = {
          + "application"  = "core"
          + "autoShutdown" = "true"
          + "builtFrom"    = "hmcts/aks-cft-deploy"
          + "businessArea" = "CFT"
          + "criticality"  = "Medium"
          + "environment"  = "testing"
        }
    }

  # azurerm_role_assignment.disk will be created
  + resource "azurerm_role_assignment" "disk" {
      + condition_version                = (known after apply)
      + id                               = (known after apply)
      + name                             = (known after apply)
      + principal_id                     = "396e0bf7-3416-4f89-b2f3-a2dfc9c53fa2"
      + principal_type                   = (known after apply)
      + role_definition_id               = (known after apply)
      + role_definition_name             = "Virtual Machine Contributor"
      + scope                            = (known after apply)
      + skip_service_principal_aad_check = (known after apply)
    }

  # module.kubernetes["00"].azurerm_kubernetes_cluster.kubernetes_cluster will be updated in-place
  ~ resource "azurerm_kubernetes_cluster" "kubernetes_cluster" {
        id                                  = "/subscriptions/8a07fdcd-6abd-48b3-ad88-ff737a4b9e3c/resourceGroups/cft-perftest-00-rg/providers/Microsoft.ContainerService/managedClusters/cft-perftest-00-aks"
        name                                = "cft-perftest-00-aks"
        tags                                = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/aks-cft-deploy"
            "businessArea" = "CFT"
            "criticality"  = "Medium"
            "environment"  = "testing"
        }
        # (39 unchanged attributes hidden)

      - upgrade_override {
          - force_upgrade_enabled = false -> null
            # (1 unchanged attribute hidden)
        }

        # (12 unchanged blocks hidden)
    }

  # module.kubernetes["01"].azurerm_kubernetes_cluster.kubernetes_cluster will be updated in-place
  ~ resource "azurerm_kubernetes_cluster" "kubernetes_cluster" {
        id                                  = "/subscriptions/8a07fdcd-6abd-48b3-ad88-ff737a4b9e3c/resourceGroups/cft-perftest-01-rg/providers/Microsoft.ContainerService/managedClusters/cft-perftest-01-aks"
        name                                = "cft-perftest-01-aks"
        tags                                = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/aks-cft-deploy"
            "businessArea" = "CFT"
            "criticality"  = "Medium"
            "environment"  = "testing"
        }
        # (39 unchanged attributes hidden)

      - upgrade_override {
          - force_upgrade_enabled = false -> null
            # (1 unchanged attribute hidden)
        }

        # (12 unchanged blocks hidden)
    }

Plan: 2 to add, 2 to change, 0 to destroy.

ℹ️ Objects have changed outside of Terraform

This feature was introduced from Terraform v0.15.4.

Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:

  # azurerm_resource_group.disks_resource_group has been deleted
  - resource "azurerm_resource_group" "disks_resource_group" {
      - id         = "/subscriptions/8a07fdcd-6abd-48b3-ad88-ff737a4b9e3c/resourceGroups/disks-perftest-rg" -> null
        name       = "disks-perftest-rg"
        tags       = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/aks-cft-deploy"
            "businessArea" = "CFT"
            "criticality"  = "Medium"
            "environment"  = "testing"
        }
        # (2 unchanged attributes hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the

⚠️ Errors

• failed to add a label 766: Aks_perftest - DeployInfrastructure/add-or-update: label name is too long (max: 50)

[hmcts-platform-operations]

Plan Result (766: Aks_aat - DeployInfrastructure)

Plan: 0 to add, 2 to change, 0 to destroy.

• Update
  • module.kubernetes["00"].azurerm_kubernetes_cluster.kubernetes_cluster
  • module.kubernetes["01"].azurerm_kubernetes_cluster.kubernetes_cluster

Change Result (Click me)

  # module.kubernetes["00"].azurerm_kubernetes_cluster.kubernetes_cluster will be updated in-place
  ~ resource "azurerm_kubernetes_cluster" "kubernetes_cluster" {
        id                                  = "/subscriptions/96c274ce-846d-4e48-89a7-d528432298a7/resourceGroups/cft-aat-00-rg/providers/Microsoft.ContainerService/managedClusters/cft-aat-00-aks"
        name                                = "cft-aat-00-aks"
        tags                                = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/aks-cft-deploy"
            "businessArea" = "CFT"
            "criticality"  = "High"
            "environment"  = "staging"
        }
        # (39 unchanged attributes hidden)

      - upgrade_override {
          - force_upgrade_enabled = false -> null
            # (1 unchanged attribute hidden)
        }

        # (11 unchanged blocks hidden)
    }

  # module.kubernetes["01"].azurerm_kubernetes_cluster.kubernetes_cluster will be updated in-place
  ~ resource "azurerm_kubernetes_cluster" "kubernetes_cluster" {
        id                                  = "/subscriptions/96c274ce-846d-4e48-89a7-d528432298a7/resourceGroups/cft-aat-01-rg/providers/Microsoft.ContainerService/managedClusters/cft-aat-01-aks"
        name                                = "cft-aat-01-aks"
        tags                                = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/aks-cft-deploy"
            "businessArea" = "CFT"
            "criticality"  = "High"
            "environment"  = "staging"
        }
        # (39 unchanged attributes hidden)

      - upgrade_override {
          - force_upgrade_enabled = false -> null
            # (1 unchanged attribute hidden)
        }

        # (11 unchanged blocks hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.

[hmcts-platform-operations]

Plan Result (766: Aks_preview - DeployInfrastructure)

Plan: 2 to add, 1 to change, 0 to destroy.

• Create
  • azurerm_resource_group.disks_resource_group
  • azurerm_role_assignment.disk
• Update
  • module.kubernetes["01"].azurerm_kubernetes_cluster.kubernetes_cluster

Change Result (Click me)

  # azurerm_resource_group.disks_resource_group will be created
  + resource "azurerm_resource_group" "disks_resource_group" {
      + id       = (known after apply)
      + location = "uksouth"
      + name     = "disks-preview-rg"
      + tags     = {
          + "application"  = "core"
          + "autoShutdown" = "true"
          + "builtFrom"    = "hmcts/aks-cft-deploy"
          + "businessArea" = "CFT"
          + "criticality"  = "Low"
          + "environment"  = "development"
        }
    }

  # azurerm_role_assignment.disk will be created
  + resource "azurerm_role_assignment" "disk" {
      + condition_version                = (known after apply)
      + id                               = (known after apply)
      + name                             = (known after apply)
      + principal_id                     = "916381c3-3565-4fa9-80bc-1e7754942106"
      + principal_type                   = (known after apply)
      + role_definition_id               = (known after apply)
      + role_definition_name             = "Virtual Machine Contributor"
      + scope                            = (known after apply)
      + skip_service_principal_aad_check = (known after apply)
    }

  # module.kubernetes["01"].azurerm_kubernetes_cluster.kubernetes_cluster will be updated in-place
  ~ resource "azurerm_kubernetes_cluster" "kubernetes_cluster" {
        id                                  = "/subscriptions/8b6ea922-0862-443e-af15-6056e1c9b9a4/resourceGroups/cft-preview-01-rg/providers/Microsoft.ContainerService/managedClusters/cft-preview-01-aks"
        name                                = "cft-preview-01-aks"
        tags                                = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/aks-cft-deploy"
            "businessArea" = "CFT"
            "criticality"  = "Low"
            "environment"  = "development"
        }
        # (39 unchanged attributes hidden)

      - upgrade_override {
          - force_upgrade_enabled = false -> null
            # (1 unchanged attribute hidden)
        }

        # (11 unchanged blocks hidden)
    }

Plan: 2 to add, 1 to change, 0 to destroy.

ℹ️ Objects have changed outside of Terraform

This feature was introduced from Terraform v0.15.4.

Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:

  # azurerm_resource_group.disks_resource_group has been deleted
  - resource "azurerm_resource_group" "disks_resource_group" {
      - id         = "/subscriptions/8b6ea922-0862-443e-af15-6056e1c9b9a4/resourceGroups/disks-preview-rg" -> null
        name       = "disks-preview-rg"
        tags       = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/aks-cft-deploy"
            "businessArea" = "CFT"
            "criticality"  = "Low"
            "environment"  = "development"
        }
        # (2 unchanged attributes hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the

⚠️ Errors

• failed to add a label 766: Aks_preview - DeployInfrastructure/add-or-update: label name is too long (max: 50)

[hmcts-platform-operations]

Plan Result (766: Aks_ithc - DeployInfrastructuremis)

No changes. Your infrastructure matches the configuration.

[hmcts-platform-operations]

Plan Result (766: Aks_demo - DeployInfrastructuremis)

No changes. Your infrastructure matches the configuration.

[github-actions]

Code Review Suggestions:

1. Lock Provider Version Ranges:

   • Instead of pinning the azurerm provider to a single version (4.46.0), consider using a version range to ensure compatibility with patch updates while maintaining stability.
     hcl
     version = ">= 4.46.0, < 5.0.0"

     This approach improves future maintainability while reducing the risk of breaking changes. 
     
     

2. Version Consistency Validation:

   • Ensure that all modules have been thoroughly tested against the azurerm 4.46.0 provider to avoid runtime surprises when upgrading from earlier versions (3.x to 4.x). Breaking changes may exist between major versions. Make a note for the team to check the provider changelog.

3. Provider Aliases:

   • For components like aks-mis and aks, you are using configuration_aliases. Check this is intentional and correctly applied across all components where required. If unused, they can be removed to declutter these files.

4. Carbon Cost Estimation:

   • With Azure provisioning, note that newer Terraform versions might leverage improved API optimizations with potential energy savings. Ensure to factor in resource efficiencies where applicable.

5. Resource Cost Awareness:

   • Upgrading Terraform providers often unlocks new features or deprecates existing ones. Validate whether the chosen version (4.46.0) impacts the cost estimation of managed Azure resources. A preliminary review suggests no immediate cost impact. However, closer testing is advisable for sensitive workloads.

6. Documentation Update:

   • Ensure documentation or a changelog entry clearly describes the reasoning behind this version bump. It is important for transparency in team collaboration and reduces ambiguity for future maintainers.

Summary Table:

Aspect	Status	Suggestion
Code Quality	Good	Use version ranges instead of pinning.
Security	N/A	Ensure no deprecated security configurations are introduced by the provider upgrade.
Best Practices	Needs Improvement	Validate reasoning for configuration_aliases.
Carbon Usage	Indeterminate	Test for API optimizations in the newer provider version for efficiency gains.
Cost Implications	Low Impact Likely	Verify that resource pricing remains consistent with azurerm 4.46.0 updates.

[github-actions]

Feedback and Improvement Suggestions

1. Provider Version Management

   • Consider using a consistent source of truth for provider versions to reduce redundancy and the risk of inconsistencies. For example, define the azurerm provider version in a centralized or shared file/module (e.g., versions.tf) and reference it across all components. This will streamline upgrades in the future.

   Proposed Centralized Version Example:
   hcl

   versions.tf

   terraform {
   required_providers {
   azurerm = {
   source = "hashicorp/azurerm"
   version = "4.47.0"
   }
   }
   }

   
   Components can then use:
   ```hcl
   terraform {
     required_providers {
       azurerm = {
         source = \"hashicorp/azurerm\"
       }
     }
   }
   

2. Version Pinning Best Practices

   • Instead of pinning the provider version to 4.47.0, consider specifying a range (~> 4.47) to allow for patch-level updates (e.g., 4.47.1) without needing future code changes. This ensures compatibility with bug fixes in minor updates.

   Proposed Change:

   version = \"~> 4.47\"

3. Carbon and Cost Discussions

   • Upgrading the azurerm provider could enable newer features and optimizations for Azure resources, potentially reducing costs or carbon usage. However, assess explicitly whether upgrading the provider version introduces breaking changes to existing resources, which could incur re-creation costs or service downtime.

4. Provider Configuration Aliases

   • While some components use configuration_aliases = [azurerm.hmcts-control], ensure this aliasing is necessary and consistent project-wide. If aliases are not required, consider removing this block to simplify the configuration.

5. Module Testing

   • After upgrading the provider version, validate all Terraform modules in an isolated environment to ensure compatibility and avoid unforeseen deployment issues. For example, run terraform plan and terraform apply in a staging/test environment.

6. Future Automation

   • Consider setting up a tool like Dependabot or Renovate to automate provider version upgrade detection and testing. This would notify or handle provider upgrades more effectively over time.

7. Security Checks

   • After upgrading, recheck the configuration against Terraform's security best practices, especially if new security-related features were introduced in azurerm between 3.x and 4.47.0.

By centralizing version management, adopting a version range, and ensuring thorough testing, this upgrade can be made more efficient and maintainable over time.

[github-actions]

Observations and Suggestions for Improvement

1. Provider Versioning:

   • While upgrading the azurerm provider version, it is best practice to pin the exact version in production environments to prevent breaking changes caused by automatic updates.
   • Example Improvement:
     hcl
     version = "= 4.48.0"

2. Changelog Review:

   • Ensure to review the changelog for the azurerm provider between the current version and 4.48.0. There may be deprecations, breaking changes, or new required configurations. Validate the Terraform configurations accordingly.

3. Centralized Version Management:

   • If multiple components use the same provider, consider managing the provider version centrally (e.g., use a Terraform root module or share .tf files) to reduce duplication and maintain consistency.
   • Example Improvement:
     Consolidate into a providers.tf file:

     terraform {
       required_providers {
         azurerm = {
           source  = \"hashicorp/azurerm\"
           version = \"= 4.48.0\"
         }
       }
     }

4. Compatibility Testing:

   • Perform thorough testing of infrastructure changes with the updated provider version to ensure compatibility and avoid runtime issues.

5. Cost and Carbon Usage:

   • Provider upgrades can potentially unlock new features or optimizations. Cross-check if using new features (e.g., storage tiering, newer resource types) could reduce costs or improve energy efficiency.
     • Estimated price impact: Neutral unless new optimizations are implemented.
     • Estimated carbon impact: Neutral unless improved performance configurations are adopted.

6. Documentation Updates:

   • Update related documentation and team knowledge bases to reflect the new provider version. Highlight any necessary changes in workflows or resources.

7. Automation Considerations:

   • If a CI/CD pipeline manages Terraform deployments, update any version constraints or validations in the automation scripts (e.g., pre-commit hooks, version checks).

8. Lock File Update:

   • Regenerate the .terraform.lock.hcl file (terraform init -upgrade) to lock dependencies explicitly to the updated provider version. Ensure this file is committed to version control.

By addressing these improvements, the implementation will be more robust, maintainable, and aligned with best practices.