AVM-Review-PR (#8)

* feat: initial version of sql MI

* fix: add support for child modules & initial example

* fix: reference to parent id

* fix: optional for sub resources

* chroe: reverse logic on count

* chore: try another way for optional components

* fix: add missing zone redundancy param & docs

* fix: e2e workflow to run outside of MS

* fix: use vuln. assessment var as the count param

* fix: set id via azapi due to bug in azurerm provider

* fix: add azapi provider

* fix: missing vars and wrong ref

* fix: list required to provide an index

* feat: fetch identity

* fix: api version

* fix: try with azapi for security policy

* fix: name

* fix: vuln. assessments to azapi

* fix: azapi

* fix: object properties

* fix: object params

* fix: wrong var name

* fix: type of object

* fix: another way of specifying an object

* fix: use azapi resource action for security & vulnerability policies

* fix: azapi resource IDs

* fix: state parameter

* chore: comments to explain mi requirements

* feat: add storage account ID, RA, and linting fixes

* feat: add failover group

* fix: block as optional

* fix: switch failover group to be a map

* chore: linting & docs

* feat: support for ATP, and readme update

* pre commit pr check grept apply

* Update main.tf

* pre commit

* update

* update

* Update

* update

* Update main.tf

* Update

* update

* update

* update

* update

---------

Co-authored-by: kewalaka <[email protected]>

.github/CODEOWNERS

@@ -1,3 +1,3 @@
 # AVM core team owns key files
-.github/policies/ @Azure/avm-core-team-technical
-.github/CODEOWNERS @Azure/avm-core-team-technical
+.github/policies/ @Azure/avm-core-team-technical-terraform
+.github/CODEOWNERS @Azure/avm-core-team-technical-terraform

.github/ISSUE_TEMPLATE/avm_module_issue.yml

@@ -27,7 +27,6 @@ body:
         - ""
         - "Feature Request"
         - "Bug"
-        - "Security Bug"
         - "I'm not sure"
     validations:
       required: true

.github/PULL_REQUEST_TEMPLATE.md

@@ -16,11 +16,11 @@ Closes #456
 
 - [ ] Non-module change (e.g. CI/CD, documentation, etc.)
 - [ ] Azure Verified Module updates:
-  - [ ] Bugfix containing backwards compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `locals.version.tf.json`:
+  - [ ] Bugfix containing backwards compatible bug fixes
     - [ ] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description.
     - [ ] The bug was found by the module author, and no one has opened an issue to report it yet.
-  - [ ] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `locals.version.tf.json`.
-  - [ ] Breaking changes and I have bumped the MAJOR version in `locals.version.tf.json`.
+  - [ ] Feature update backwards compatible feature updates.
+  - [ ] Breaking changes.
   - [ ] Update to documentation
 
 # Checklist

.github/policies/eventResponder.yml

@@ -17,18 +17,6 @@ configuration:
         then:
           - addLabel:
               label: "Needs: Triage :mag:"
-          - addReply:
-              reply: |
-                > [!IMPORTANT]
-                > **The "Needs: Triage :mag:" label must be removed once the triage process is complete!**
-
-                <!--
-                > [!TIP]
-                > For additional guidance on how to triage this issue/PR, see the [TF Issue Triage](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/tf-issue-triage/) documentation.
-                -->
-
-                > [!NOTE]
-                > This label was added as per [ITA06](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita06).
 
       - description: 'ITA09 - When #RR is used in an issue, add the "Needs: Author Feedback :ear:" label'
         if:
@@ -43,10 +31,6 @@ configuration:
         then:
           - addLabel:
               label: "Needs: Author Feedback :ear:"
-          - addReply:
-              reply: |
-                > [!NOTE]
-                > The "Needs: Author Feedback :ear:" label was added as per [ITA09](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita09).
 
       - description: 'ITA10 - When #wontfix is used in an issue, mark it by using the label of "Status: Won''t Fix :broken_heart:"'
         if:
@@ -62,10 +46,6 @@ configuration:
           - addLabel:
               label: "Status: Won't Fix :broken_heart:"
           - closeIssue
-          - addReply:
-              reply: |
-                > [!NOTE]
-                > The "Status: Won't Fix :broken_heart:" label was added and the issue was closed as per [ITA10](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita10).
 
       - description: 'ITA11 - When a reply from anyone to an issue occurs, remove the "Needs: Author Feedback :ear:" label and label with "Needs: Attention :wave:"'
         if:
@@ -82,10 +62,6 @@ configuration:
               label: "Needs: Author Feedback :ear:"
           - addLabel:
               label: "Needs: Attention :wave:"
-          - addReply:
-              reply: |
-                > [!NOTE]
-                > The "Needs: Author Feedback :ear:" label was removed and the "Needs: Attention :wave:" label was added as per [ITA11](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita11).
 
       - description: "ITA12 - Clean email replies on every comment"
         if:
@@ -113,16 +89,10 @@ configuration:
                   label: "Type: New Module Proposal :bulb:"
               - hasLabel:
                   label: "Type: Question/Feedback :raising_hand:"
-              - hasLabel:
-                  label: "Type: Security Bug :lock:"
           - isAssignedToSomeone
         then:
           - removeLabel:
               label: "Needs: Triage :mag:"
-          - addReply:
-              reply: |
-                > [!NOTE]
-                > The "Needs: Triage :mag:" label was removed as per [ITA15](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita15).
 
       - description: 'ITA20 - If the type is feature request, add the "Type: Feature Request :heavy_plus_sign:" label on the issue'
         if:
@@ -140,10 +110,6 @@ configuration:
         then:
           - addLabel:
               label: "Type: Feature Request :heavy_plus_sign:"
-          - addReply:
-              reply: |
-                > [!NOTE]
-                > The "Type: Feature Request :heavy_plus_sign:" label was added as per [ITA20](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita20).
 
       - description: 'ITA21 - If the type is bug, add the "Type: Bug :bug:" label on the issue'
         if:
@@ -161,32 +127,6 @@ configuration:
         then:
           - addLabel:
               label: "Type: Bug :bug:"
-          - addReply:
-              reply: |
-                > [!NOTE]
-                > The "Type: Bug :bug:" label was added as per [ITA21](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita21).
-
-      - description: 'ITA22 - If the type is security bug, add the "Type: Security Bug :lock:" label on the issue'
-        if:
-          - payloadType: Issues
-          - isAction:
-              action: Opened
-          - bodyContains:
-              pattern: |
-                ### Issue Type?
-
-                Security Bug
-          - not:
-              hasLabel:
-                label: "Type: Security Bug :lock:"
-        then:
-          - addLabel:
-              label: "Type: Security Bug :lock:"
-          - addReply:
-              reply: |
-                > [!NOTE]
-                > The "Type: Security Bug :lock:" label was added as per [ITA22](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita22).
-
 
       - description: 'ITA23 - Remove the "Status: In PR" label from an issue when it''s closed.'
         if:
@@ -198,7 +138,3 @@ configuration:
         then:
           - removeLabel:
               label: "Status: In PR :point_right:"
-          - addReply:
-              reply: |
-                > [!NOTE]
-                > The "Status: In PR :point_right:" label was removed as per [ITA23](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita23).

.github/policies/scheduledSearches.yml

@@ -36,9 +36,6 @@ configuration:
                 > [!TIP]
                 > - To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
                 > - To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!
-
-                > [!NOTE]
-                > This message was posted as per [ITA01TF](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita01tf1-2).
           - addLabel:
               label: "Status: Response Overdue :triangular_flag_on_post:"
 
@@ -68,9 +65,6 @@ configuration:
                 > [!TIP]
                 > - To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
                 > - To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!
-
-                > [!NOTE]
-                > This message was posted as per [ITA01TF](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita01tf1-2).
           - addLabel:
               label: "Status: Response Overdue :triangular_flag_on_post:"
           - assignTo:
@@ -105,9 +99,6 @@ configuration:
                 > [!TIP]
                 > - To avoid this rule being (re)triggered, the "Needs: Triage :mag:" and "Status: Response Overdue :triangular_flag_on_post:" labels must be removed when the issue is first responded to!
                 > - Remove the "Needs: Immediate Attention :bangbang:" label once the issue has been responded to.
-
-                > [!NOTE]
-                > This message was posted as per [ITA02TF](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita02tf1-2).
           - addLabel:
               label: "Needs: Immediate Attention :bangbang:"
 
@@ -137,9 +128,6 @@ configuration:
                 > [!TIP]
                 > - To avoid this rule being (re)triggered, the "Needs: Triage :mag:" and "Status: Response Overdue :triangular_flag_on_post:" labels must be removed when the issue is first responded to!
                 > - Remove the "Needs: Immediate Attention :bangbang:" label once the issue has been responded to.
-
-                > [!NOTE]
-                > This message was posted as per [ITA02TF](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita02tf1-2).
           - addLabel:
               label: "Needs: Immediate Attention :bangbang:"
 
@@ -182,9 +170,6 @@ configuration:
                 > [!TIP]
                 > - To avoid this rule being (re)triggered, the "Needs: Triage :mag:" and "Status: Response Overdue :triangular_flag_on_post:" labels must be removed when the issue is first responded to!
                 > - Remove the "Needs: Immediate Attention :bangbang:" label once the issue has been responded to.
-
-                > [!NOTE]
-                > This message was posted as per [ITA03TF](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita03tf).
           - addLabel:
               label: "Needs: Immediate Attention :bangbang:"
           - assignTo:
@@ -213,15 +198,6 @@ configuration:
                 > [!IMPORTANT]
                 > @${issueAuthor}, this issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for **4 days**. It will be closed if no further activity occurs **within 3 days of this comment**.
 
-                > [!TIP]
-                > To prevent further actions to take effect, one of the following conditions must be met:
-                >   - The author must respond in a comment within 3 days of this comment.
-                >   - The "Status: No Recent Activity :zzz:" label must be removed.
-                >   - If applicable, the "Status: Long Term :hourglass_flowing_sand:" or the "Needs: Module Owner :mega:" label must be added.
-
-                > [!NOTE]
-                > This message was posted as per [ITA04](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita04).
-
       - description: 'ITA05A - Close issues that have been marked as requiring author feedback but have not had any activity for 3 days, unless it''s been marked with the "Status long term" label.'
         frequencies:
           - hourly:
@@ -242,12 +218,6 @@ configuration:
               reply: |
                 > [!WARNING]
                 > @${issueAuthor}, this issue will now be closed, as it has been marked as requiring author feedback but has not had any activity for **7 days**.
-
-                > [!TIP]
-                > In case this issue needs to be reopened (e.g., the author responds after the issue was closed), the "Status: No Recent Activity :zzz:" label must be removed.
-
-                > [!NOTE]
-                > This message was posted as per [ITA05](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita05).
           - closeIssue
 
       - description: 'ITA05B - Close issues that have been marked as requiring author feedback but have not had any activity for 3 days, unless it''s been marked with the "Status long term" label.'
@@ -270,10 +240,4 @@ configuration:
               reply: |
                 > [!WARNING]
                 > @${issueAuthor}, this issue will now be closed, as it has been marked as requiring author feedback but has not had any activity for **7 days**.
-
-                > [!TIP]
-                > In case this issue needs to be reopened (e.g., the author responds after the issue was closed), the "Status: No Recent Activity :zzz:" label must be removed.
-
-                > [!NOTE]
-                > This message was posted as per [ITA05](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/issue-triage-automation/#ita05).
           - closeIssue

.github/workflows/e2e.yml

@@ -27,7 +27,7 @@ jobs:
 
   testexamples:
     if: github.event.repository.name != 'terraform-azurerm-avm-template'
-    runs-on: [ self-hosted, 1ES.Pool=terraform-azurerm-avm-template ]
+    runs-on: [ self-hosted, 1ES.Pool=4e2ea4bf66957bb6f1e7d358cc4e00d88841e3b0 ]
     needs: getexamples
     environment: test
     env:
@@ -42,6 +42,9 @@ jobs:
 
       - name: Test example
         shell: bash
+        env:
+          SECRETS_CONTEXT: ${{ toJson(secrets) }}
+          VARS_CONTEXT: ${{ toJson(vars) }}
         run: |
           set -e
            MAX_RETRIES=10
@@ -56,10 +59,35 @@ jobs:
             echo "Failed to login after $MAX_RETRIES attempts."
             exit 1
           fi
+
+          declare -A secrets
+          eval "$(echo $SECRETS_CONTEXT | jq -r 'to_entries[] | @sh "secrets[\(.key|tostring)]=\(.value|tostring)"')"
+
+          declare -A variables
+          eval "$(echo $VARS_CONTEXT | jq -r 'to_entries[] | @sh "variables[\(.key|tostring)]=\(.value|tostring)"')"
+
+          for key in "${!secrets[@]}"; do
+            if [[ $key = \TF_VAR_* ]]; then
+              lowerKey=$(echo "$key" | tr '[:upper:]' '[:lower:]')
+              finalKey=${lowerKey/tf_var_/TF_VAR_}
+              export "$finalKey"="${secrets[$key]}"
+            fi
+          done
+
+          for key in "${!variables[@]}"; do
+            if [[ $key = \TF_VAR_* ]]; then
+              lowerKey=$(echo "$key" | tr '[:upper:]' '[:lower:]')
+              finalKey=${lowerKey/tf_var_/TF_VAR_}
+              export "$finalKey"="${variables[$key]}"
+            fi
+          done
+
+          echo -e "Custom environment variables:\n$(env | grep TF_VAR_ | grep -v ' "TF_VAR_')"
+
           export ARM_SUBSCRIPTION_ID=$(az login --identity --username $MSI_ID | jq -r '.[0] | .id')
           export ARM_TENANT_ID=$(az login --identity --username $MSI_ID | jq -r '.[0] | .tenantId')
           export ARM_CLIENT_ID=$(az identity list | jq -r --arg MSI_ID "$MSI_ID" '.[] | select(.principalId == $MSI_ID) | .clientId')
-          docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src -w /src --network=host -e TF_IN_AUTOMATION -e TF_VAR_enable_telemetry -e AVM_MOD_PATH=/src -e AVM_EXAMPLE=${{ matrix.example }} -e MSI_ID -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_USE_MSI=true mcr.microsoft.com/azterraform:latest make test-example
+          docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src -w /src --network=host -e TF_IN_AUTOMATION -e TF_VAR_enable_telemetry -e AVM_MOD_PATH=/src -e AVM_EXAMPLE=${{ matrix.example }} -e MSI_ID -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_USE_MSI=true --env-file <(env | grep TF_VAR_ | grep -v ' "TF_VAR_') mcr.microsoft.com/azterraform:latest make test-example
 
   # This job is only run when all the previous jobs are successful.
   # We can use it for PR validation to ensure all examples have completed.

.gitignore

@@ -45,3 +45,5 @@ avm.tflint_example.merged.hcl
 *.md.tmp
 # MacOS
 .DS_Store
+avm.tflint_module.hcl
+avm.tflint_module.merged.hcl

.terraform-docs.yml

@@ -4,7 +4,7 @@
 
 formatter: "markdown document" # this is required
 
-version: "~> 0.17.0"
+version: "~> 0.18"
 
 header-from: "_header.md"
 footer-from: "_footer.md"
@@ -23,8 +23,6 @@ content: |-
   <!-- markdownlint-disable MD033 -->
   {{ .Requirements }}
 
-  {{ .Providers }}
-
   {{ .Resources }}
 
   <!-- markdownlint-disable MD013 -->