feat: (IAC-403): Update AzureRM Terraform provider version (#257)

* feat: (IAC-403): Update AzureRM Terraform provider version

Author: riragh

README.md

@@ -118,4 +118,4 @@ See the [Troubleshooting](./docs/Troubleshooting.md) page for information about
 ### Terraform Resources
 
 - [Azure Provider](https://www.terraform.io/docs/providers/azurerm/index.html)
-- [Azure AKS](https://www.terraform.io/docs/providers/azurerm/r/kubernetes_cluster.html)
+- [Azure AKS](https://www.terraform.io/docs/providers/azurerm/r/kubernetes_cluster)

docs/CONFIG-VARS.md

@@ -93,23 +93,23 @@ The default values for the `subnets` variable are as follows:
   aks = {
     "prefixes": ["192.168.0.0/23"],
     "service_endpoints": ["Microsoft.Sql"],
-    "enforce_private_link_endpoint_network_policies": false,
-    "enforce_private_link_service_network_policies": false,
+    "private_endpoint_network_policies_enabled": false,
+    "private_link_service_network_policies_enabled": false,
     "service_delegations": {},
   }
   misc = {
     "prefixes": ["192.168.2.0/24"],
     "service_endpoints": ["Microsoft.Sql"],
-    "enforce_private_link_endpoint_network_policies": false,
-    "enforce_private_link_service_network_policies": false,
+    "private_endpoint_network_policies_enabled": false,
+    "private_link_service_network_policies_enabled": false,
     "service_delegations": {},
   }
   ## If using ha storage then the following is also added
   netapp = {
     "prefixes": ["192.168.3.0/24"],
     "service_endpoints": [],
-    "enforce_private_link_endpoint_network_policies": false,
-    "enforce_private_link_service_network_policies": false,
+    "private_endpoint_network_policies_enabled": false,
+    "private_link_service_network_policies_enabled": false,
     "service_delegations": {
       netapp = {
         "name"    : "Microsoft.Netapp/volumes"
@@ -283,7 +283,7 @@ When `storage_type=standard`, a NFS Server VM is created, only when these variab
 | nfs_vm_zone | Zone in which NFS server VM should be created | string | null | |
 | nfs_raid_disk_type | Managed disk types | string | "Standard_LRS" | Supported values: Standard_LRS, Premium_LRS, StandardSSD_LRS or UltraSSD_LRS. When using `UltraSSD_LRS`, `nfs_vm_zone` and `nfs_raid_disk_zones` must be specified. See the [Azure documentation](https://docs.microsoft.com/en-us/azure/virtual-machines/disks-enable-ultra-ssd) for limitations on Availability Zones and VM types. |
 | nfs_raid_disk_size | Size in Gb for each disk of the RAID5 cluster on the NFS server VM | number | 128 | |
-| nfs_raid_disk_zones | A collection containing the availability zones to allocate the Managed Disks for NFS | list of strings | [] | |
+| nfs_raid_disk_zone | The Availability Zone in which the Managed Disk should be located. Changing this property forces a new resource to be created. | string | null | |
 
 ### Azure NetApp Files (only when `storage_type=ha`)
 

examples/sample-input-singlestore.tfvars

@@ -124,23 +124,23 @@ subnets = {
   aks = {
     "prefixes": ["192.168.0.0/21"],
     "service_endpoints": ["Microsoft.Sql"],
-    "enforce_private_link_endpoint_network_policies": false,
-    "enforce_private_link_service_network_policies": false,
+    "private_endpoint_network_policies_enabled": false,
+    "private_link_service_network_policies_enabled": false,
     "service_delegations": {},
   }
   misc = {
     "prefixes": ["192.168.8.0/24"],
     "service_endpoints": ["Microsoft.Sql"],
-    "enforce_private_link_endpoint_network_policies": false,
-    "enforce_private_link_service_network_policies": false,
+    "private_endpoint_network_policies_enabled": false,
+    "private_link_service_network_policies_enabled": false,
     "service_delegations": {},
   }
   ## If using ha storage then the following is also added
   netapp = {
     "prefixes": ["192.168.9.0/24"],
     "service_endpoints": [],
-    "enforce_private_link_endpoint_network_policies": false,
-    "enforce_private_link_service_network_policies": false,
+    "private_endpoint_network_policies_enabled": false,
+    "private_link_service_network_policies_enabled": false,
     "service_delegations": {
       netapp = {
         "name"    : "Microsoft.Netapp/volumes"

main.tf

@@ -100,14 +100,14 @@ resource "azurerm_container_registry" "acr" {
   # Moving from deprecated argument, georeplication_locations, but keeping container_registry_geo_replica_locs
   # for backwards compatability.
   #
-  georeplications = (local.container_registry_sku == "Premium" && var.container_registry_geo_replica_locs != null) ? [
-    for location_item in var.container_registry_geo_replica_locs:
-      {
-        location = location_item
-        tags     = var.tags
-      }
-  ] : local.container_registry_sku == "Premium" ? [] : null
-
+  dynamic "georeplications" {
+    for_each = (local.container_registry_sku == "Premium" && var.container_registry_geo_replica_locs != null) ? toset(
+      var.container_registry_geo_replica_locs) : []
+    content {
+      location                = georeplications.key
+      tags                    = var.tags
+    }
+  }
   tags                     = var.tags
 }
 
@@ -200,7 +200,7 @@ module "node_pools" {
   max_pods                     = each.value.max_pods == null ? 110 : each.value.max_pods
   node_taints                  = each.value.node_taints
   node_labels                  = each.value.node_labels
-  availability_zones           = (var.node_pools_availability_zone == "" || var.node_pools_proximity_placement == true) ? [] : [var.node_pools_availability_zone]
+  zones                        = (var.node_pools_availability_zone == "" || var.node_pools_proximity_placement == true) ? [] : [var.node_pools_availability_zone]
   proximity_placement_group_id = element(coalescelist(azurerm_proximity_placement_group.proximity.*.id, [""]), 0)
   orchestrator_version         = var.kubernetes_version
   tags                         = var.tags

modules/aks_node_pool/main.tf

@@ -5,7 +5,7 @@ resource "azurerm_kubernetes_cluster_node_pool" "autoscale_node_pool" {
   name                         = var.node_pool_name
   kubernetes_cluster_id        = var.aks_cluster_id
   vnet_subnet_id               = var.vnet_subnet_id
-  availability_zones           = var.availability_zones
+  zones                        = var.zones
   proximity_placement_group_id = var.proximity_placement_group_id == "" ? null : var.proximity_placement_group_id
   vm_size                      = var.machine_type
   os_disk_size_gb              = var.os_disk_size
@@ -34,7 +34,7 @@ resource "azurerm_kubernetes_cluster_node_pool" "static_node_pool" {
   name                         = var.node_pool_name
   kubernetes_cluster_id        = var.aks_cluster_id
   vnet_subnet_id               = var.vnet_subnet_id
-  availability_zones           = var.availability_zones
+  zones                        = var.zones
   proximity_placement_group_id = var.proximity_placement_group_id == "" ? null : var.proximity_placement_group_id
   vm_size                      = var.machine_type
   os_disk_size_gb              = var.os_disk_size

modules/aks_node_pool/variables.tf

@@ -8,7 +8,7 @@ variable "aks_cluster_id" {
   type = string
 }
 
-variable "availability_zones" {
+variable "zones" {
   type    = list(string)
   default = []
 }

modules/azure_aks/main.tf

@@ -1,16 +1,18 @@
 # Reference: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster
 resource "azurerm_kubernetes_cluster" "aks" {
-  name                = var.aks_cluster_name
-  location            = var.aks_cluster_location
-  resource_group_name = var.aks_cluster_rg
-  dns_prefix          = var.aks_cluster_dns_prefix
+  name                               = var.aks_cluster_name
+  location                           = var.aks_cluster_location
+  resource_group_name                = var.aks_cluster_rg
+  dns_prefix                         = var.aks_cluster_dns_prefix
+  role_based_access_control_enabled  = true
+  http_application_routing_enabled   = false
 
   # https://docs.microsoft.com/en-us/azure/aks/supported-kubernetes-versions
   # az aks get-versions --location eastus -o table
-  kubernetes_version              = var.kubernetes_version
-  api_server_authorized_ip_ranges = var.aks_cluster_endpoint_public_access_cidrs
-  private_cluster_enabled         = var.aks_private_cluster
-  private_dns_zone_id             = var.aks_private_cluster ? "System" : null
+  kubernetes_version                 = var.kubernetes_version
+  api_server_authorized_ip_ranges    = var.aks_cluster_endpoint_public_access_cidrs
+  private_cluster_enabled            = var.aks_private_cluster
+  private_dns_zone_id                = var.aks_private_cluster ? "System" : null
 
   network_profile {
     network_plugin = var.aks_network_plugin
@@ -28,11 +30,7 @@ resource "azurerm_kubernetes_cluster" "aks" {
     pod_cidr           = var.aks_network_plugin == "kubenet" ? "10.244.0.0/16" : null
     docker_bridge_cidr = var.aks_network_plugin == "kubenet" ? "172.17.0.1/16" : var.aks_docker_bridge_cidr
     outbound_type      = var.cluster_egress_type
-    load_balancer_sku  = "Standard"
-  }
-
-  role_based_access_control {
-    enabled = true
+    load_balancer_sku  = "standard"
   }
 
   dynamic "linux_profile" {
@@ -48,7 +46,7 @@ resource "azurerm_kubernetes_cluster" "aks" {
   default_node_pool {
     name                  = "system"
     vm_size               = var.aks_cluster_node_vm_size
-    availability_zones    = var.aks_availability_zones
+    zones                 = var.aks_availability_zones
     enable_auto_scaling   = var.aks_cluster_node_auto_scaling
     enable_node_public_ip = false
     node_labels           = {}
@@ -75,19 +73,13 @@ resource "azurerm_kubernetes_cluster" "aks" {
     for_each = var.aks_uai_id == null ? [] : [1]
     content {
       type = "UserAssigned"
-      user_assigned_identity_id = var.aks_uai_id
+      identity_ids = [var.aks_uai_id]
     }
   }
 
-  addon_profile {
-    http_application_routing {
-      enabled = false
-    }
-    kube_dashboard {
-      enabled = false
-    }
-    oms_agent {
-      enabled                    = var.aks_oms_enabled
+  dynamic "oms_agent" {
+    for_each = var.aks_oms_enabled ? ["oms_agent"] : []
+    content {
       log_analytics_workspace_id = var.aks_log_analytics_workspace_id
     }
   }

modules/azurerm_vm/main.tf

@@ -41,7 +41,7 @@ resource "azurerm_managed_disk" "vm_data_disk" {
   storage_account_type = var.data_disk_storage_account_type
   create_option        = "Empty"
   disk_size_gb         = var.data_disk_size
-  zones                = var.data_disk_zones
+  zone                 = var.data_disk_zone
   tags                 = var.tags
 }
 

modules/azurerm_vm/variables.tf

@@ -75,9 +75,9 @@ variable data_disk_storage_account_type {
   description = "The type of storage to use for the managed disk. Possible values are Standard_LRS, Premium_LRS, StandardSSD_LRS or UltraSSD_LRS."
 }
 
-variable "data_disk_zones" {
-  description = "A collection containing the availability zone to allocate the Managed Disk in."
-  default     = []
+variable "data_disk_zone" {
+  description = "Specifies the Availability Zone in which this Managed Disk should be located. Changing this property forces a new resource to be created."
+  default     = null
 }
 
 variable os_disk_size {

modules/azurerm_vnet/main.tf

@@ -38,8 +38,8 @@ resource "azurerm_subnet" "subnet" {
   virtual_network_name                           = local.vnet_name
   address_prefixes                               = each.value.prefixes
   service_endpoints                              = each.value.service_endpoints
-  enforce_private_link_endpoint_network_policies = each.value.enforce_private_link_endpoint_network_policies
-  enforce_private_link_service_network_policies  = each.value.enforce_private_link_service_network_policies
+  private_endpoint_network_policies_enabled      = each.value.private_endpoint_network_policies_enabled
+  private_link_service_network_policies_enabled  = each.value.private_link_service_network_policies_enabled
   dynamic "delegation" {
     for_each = each.value.service_delegations
     content {