Preparation for release v3.14.0.0 #680
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Refactor deploy control plane script to remove unnecessary Terraform installation and Azure CLI installation * Refactor deploy control plane script to include sourcing deploy_server.sh and fixing Terraform ownership * Refactor deploy control plane script to include sourcing deploy_server.sh and fixing Terraform ownership * Refactor deploy control plane script to include azurerm_role_assignment for deployer and storage_sapbits_contributor * Refactor deploy control plane script to remove unnecessary Terraform installation and Azure CLI installation * Refactor deploy control plane script to include sourcing deploy_server.sh and fixing Terraform ownership * Refactor deploy control plane script to include dynamic role assignment based on VM count * Refactor deploy scripts to simplify checkIfCloudShell function * Refactor deploy control plane script to include dynamic role assignment based on VM count and use managed service identity (MSI) for authentication * Refactor deploy scripts to include sourcing deploy_server.sh and fixing Terraform ownership * Refactor deploy control plane script to include dynamic role assignment based on VM count and use managed service identity (MSI) for authentication * Refactor deploy control plane script to include dynamic role assignment based on VM count and use managed service identity (MSI) for authentication * handle the realfilepath and the scriptdir variables as they might be replaced with other values in child scripts * Refactor deploy_controlplane.sh to use managed service identity (MSI) for authentication * Refactor deploy_controlplane.sh to remove ARM_USE_MSI variable and use managed service identity (MSI) for authentication * Refactor deploy_utils.sh to remove ARM_USE_MSI variable and use managed service identity (MSI) for authentication * Refactor deploy_controlplane.sh to remove ARM_USE_MSI variable and use managed service identity (MSI) for authentication * Refactor deploy_controlplane.sh to use managed service identity (MSI) for authentication * Refactor installer.sh to include terraform output command * Refactor installer.sh to comment out unnecessary terraform output command * Refactor variables_local.tf to use client_id instead of id for service principal object_id * Refactor deploy_controlplane.sh to use managed service identity (MSI) for authentication and remove unnecessary ARM_USE_MSI variable * Refactor deploy_controlplane.sh to use managed service identity (MSI) for authentication * chore: include OpenSSF Scorecard badge * Refactor variables_local.tf to use client_id instead of id for service principal object_id Refactor installer.sh to comment out unnecessary terraform output command * Refactor pipeline script to use correct variable for workload ARM subscription ID * Refactor pipeline script to use correct variable for workload ARM subscription ID * Refactor pipeline script to include ARM_OBJECT_ID variable * Refactor pipeline script to use correct variable for workload ARM_CLIENT_ID * Refactor pipeline script to use correct variable for workload ARM_CLIENT_ID * check terraform when running in cloudshell * Refactor pipeline script to include missing variable checks * Refactor pipeline script to remove unnecessary variable checks * Refactor pipeline script to use correct variables for workload ARM_CLIENT_ID * Refactor pipeline script to use correct variables for workload ARM_CLIENT_ID * Refactor pipeline script to include missing variable checks * Refactor pipeline script to update echo statements for installation method * Refactor pipeline script to update echo statements for installation method * Refactor pipeline script to use correct variables for workload ARM_CLIENT_ID * Refactor pipeline script to update echo statements for installation method * Refactor pipeline script to update echo statements for installation method * Refactor pipeline script to update echo statements for installation method and use correct variables for workload ARM_CLIENT_ID * Refactor pipeline script to update echo statements for installation method and use correct variables for workload ARM_CLIENT_ID * Refactor pipeline script to update echo statements for installation method and use correct variables for workload ARM_CLIENT_ID * Refactor pipeline script to update echo statements for installation method and use correct variables for workload ARM_CLIENT_ID * Refactor pipeline script to update echo statements for installation method and use correct variables for workload ARM_CLIENT_ID * Refactor pipeline script * Refactor pipeline script to update echo statements for installation method and use correct variables for workload ARM_CLIENT_ID * Refactor pipeline script to update echo statements and export variables for installation method and workload ARM_CLIENT_ID * Refactor pipeline script to update PATH variable in deploy_controlplane.sh * Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information * Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information * Refactor pipeline script to update echo statement for displaying the key vault information * Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information * Refactor pipeline script to update usage of Azure CLI command in installer.sh * Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information * Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information * Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information * Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information * Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information * Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information * Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information * Refactor provider configuration to use Azure Key Vault for subscription ID retrieval * Fixes #1: Added a new line to the installer script * Refactor pipeline script to fix unzip command in deploy control plane stage * Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information * Refactor deploy_controlplane.sh script to save deployer_tfstate_key in config information * remove the deployer provider * Refactor deploy_controlplane.sh script to use the azurerm.deployer provider for retrieving key vault secrets * Refactor tfvar_variables.tf to add "tags" variable for providing tags to all resources * Refactor providers.tf to use local variable for subscription_id in deployer provider * Refactor providers.tf to remove subscription_id from deployer provider * Refactor deploy_controlplane.sh script to use local variables for deployer and library state file keys * Refactor deploy_controlplane.sh script to use local variables for deployer and library state file keys * Refactor azurerm provider versions to 4.6.0 * Refactor deploy_controlplane.sh script to use local variables for deployer and library state file keys * Refactor deploy_controlplane.sh script to use local variables for deployer and library state file keys * Refactor deploy_controlplane.sh script to use local variables for deployer and library state file keys * Refactor az keyvault set-policy command in deploy_controlplane.sh script * Refactor az keyvault set-policy command in deploy_controlplane.sh script * Add SPN to workload zone key vault * Remove the permission setting from the pipeline * Refactor echo statements in script_helpers.sh and installer.sh * Refactor echo statements in script_helpers.sh and installer.sh * Refactor echo statements in script_helpers.sh and installer.sh * Refactor echo statements in script_helpers.sh and installer.sh * Refactor echo statements in script_helpers.sh and installer.sh * Refactor echo statements in script_helpers.sh and installer.sh * Refactor echo statements in script_helpers.sh and installer.sh * Refactor echo statements in deploy_utils.sh for better readability * Refactor echo statement in 03-sap-system-deployment.yaml * Refactor echo statement in 03-sap-system-deployment.yaml for better readability * Refactor echo statement in 03-sap-system-deployment.yaml for better readability * Refactor echo statements for better readability and consistency * Refactor echo statements for better readability and consistency * Refactor echo statements for better readability and consistency * Refactor echo statements for better readability and consistency * Refactor echo statements for better readability and consistency * Refactor echo statements for better readability and consistency * Refactor echo statements for better readability and consistency * Refactor echo statements to use variable for workload TFvars * Refactor echo statements to use variable for workload TFvars * Refactor echo statements to use variable for workload TFvars * Refactor echo statement to use variable for Terraform Storage Account Id * Refactor echo statements to use variables for Terraform details * Refactor echo statements to use variables for Terraform details * Refactor echo statements to use variables for Terraform details * Refactor echo statements to use variables consistently * Refactor echo statements to use variables consistently * Refactor echo statements to use variables consistently and for Terraform details * Refactor echo statements to consistently use variables * Refactor echo statements to consistently use variables and improve Terraform details * Refactor echo statements to consistently use variables and improve Terraform details * Refactor echo statements to consistently use variables and improve Terraform details * Refactor echo statements to consistently use variables and improve Terraform details * Debugging * Refactor echo statements to consistently use variables and improve Terraform details * Refactor echo statements to consistently use variables and improve Terraform details * Refactor echo statements to consistently use variables and improve Terraform details * trimming * Refactor echo statements to consistently use variables and improve Terraform details * Refactor echo statements to consistently use variables and improve Terraform details * Refactor echo statements to consistently use variables and improve Terraform details * Refactor echo statements to consistently use variables and improve Terraform details * Refactor echo statements to consistently use variables and improve Terraform details * Refactor echo statements to consistently use variables and improve Terraform details * Refactor echo statements to consistently use variables and improve Terraform details * Refactor echo statements to consistently use variables and improve formatting * Refactor echo statements to consistently use variables and improve formatting * terraform * Refactor echo statements to consistently use variables and improve Terraform details * Refactor echo statements to consistently use variables and improve formatting * Refactor echo statements to consistently use variables and improve formatting * Refactor echo statements to consistently use variables and improve Terraform details * Refactor providers.tf to use Managed Service Identity (MSI) for authentication * Refactor echo statements to consistently use variables and improve formatting * Refactor echo statement to improve parameter file formatting * Refactor echo statements to improve formatting and use variables consistently * Refactor echo statements to consistently use variables and improve formatting * Refactor deploy control plane pipeline to improve configuration and extension installation * Refactor providers.tf to use remote state for subscription ID * Refactor echo statements to consistently use variables and improve formatting * Refactor echo statements to consistently use variables and improve formatting Refactor providers.tf to use remote state for subscription ID Refactor deploy control plane pipeline to improve configuration and extension installation Fix validation issue in script_helpers.sh Update providers.tf to handle null subscription ID Remove unused variable in variables_local.tf * Refactor echo statement to improve formatting in deploy_controlplane.sh * Refactor echo statements to improve formatting in deploy_controlplane.sh and script_helpers.sh * Refactor deploy_controlplane.sh and script_helpers.sh echo statements for improved formatting * Refactor key vault secrets to include service principal access * Refactor key vault secrets to include service principal access * Refactor key vault secrets to include service principal access * Refactor key vault secrets to include service principal access * Refactor echo statements for improved formatting in deploy_controlplane.sh and script_helpers.sh * Refactor permissions assignment in deploy_controlplane.sh * Refactor echo statements for improved formatting and include deployer subscription * Refactor echo statements for improved formatting and include deployer subscription * Refactor echo statements for improved formatting and include deployer subscription * Change to use ARM CLIENT ID * Refactor echo statement to include deployer subscription in 02-sap-workload-zone.yaml * Refactor echo statements for improved formatting and include deployer subscription in 02-sap-workload-zone.yaml * Refactor echo statements for improved formatting and include deployer subscription in 02-sap-workload-zone.yaml * Refactor echo statements for improved formatting and include deployer subscription in 02-sap-workload-zone.yaml * Refactor echo statements and include deployer subscription in 02-sap-workload-zone.yaml Change to use WL_ARM_CLIENT_ID instead of ARM_CLIENT_ID Update variable group and variable names in New-SDAFDevopsWorkloadZone.ps1 Update echo statements in script_helpers.sh for improved formatting * Refactor echo statements for improved formatting and include deployer subscription in 02-sap-workload-zone.yaml * Refactor echo statements for improved formatting and include deployer subscription in 03-sap-system-deployment.yaml * Refactor echo statements for improved formatting and include deployer subscription in 03-sap-system-deployment.yaml * indentation * Refactor echo statements for improved formatting and include deployer subscription in 03-sap-system-deployment.yaml * Refactor echo statements for improved formatting and include deployer subscription in 03-sap-system-deployment.yaml * Refactor echo statements for improved formatting and include deployer subscription in 03-sap-system-deployment.yaml * Refactor echo statements for improved formatting and fix indentation in 10-remover-terraform.yaml * Refactor echo statement for improved formatting in remover.sh * Refactor echo statements for improved formatting and remove unnecessary output in remover.sh and 10-remover-terraform.yaml * Refactor echo statements for improved formatting and remove unnecessary output in remover.sh and 10-remover-terraform.yaml * Refactor echo statements for improved formatting and remove unnecessary output in remover.sh and 10-remover-terraform.yaml * Refactor echo statements for improved formatting and remove unnecessary output in 01-deploy-control-plane.yaml * Refactor validate_dependencies function to check for the existence of the terraform binary file instead of the terraform directory. * Refactor echo statements for improved formatting and remove unnecessary output in deploy and remove pipelines * Refactor echo statements for improved formatting and remove unnecessary output in deploy and remove pipelines * Refactor echo statements for improved formatting and remove unnecessary output in set_secrets.sh * Refactor azuread_service_principal data source to conditionally include object_id in locals * Update SDAF version to 3.13.1.0 in ansible-input-api.yaml and version.txt * Refactor echo statements for improved formatting and remove unnecessary output in deploy and remove pipelines * Refactor echo statements for improved formatting and remove unnecessary output in deploy and remove pipelines * Refactor key_vault_sap_landscape.tf to conditionally include object_id in azurerm_key_vault_access_policy * Refactor echo statements for improved formatting and remove unnecessary output in deploy and remove pipelines * Refactor key_vault_sap_landscape.tf to conditionally include object_id in azurerm_key_vault_access_policy * Refactor key_vault_sap_landscape.tf to conditionally include object_id in azurerm_key_vault_access_policy * Refactor echo statements for improved formatting and remove unnecessary output in deploy and remove pipelines * Refactor echo statements for improved formatting and remove unnecessary output in deploy and remove pipelines * Refactor echo statements for improved formatting and remove unnecessary output in deploy and remove pipelines * Refactor echo statements for improved formatting in installer.sh * Refactor echo statements for improved formatting and remove unnecessary output in installer.sh * Refactor echo statements for improved formatting and remove unnecessary output in set_secrets.sh * Refactor echo statements for improved formatting and remove unnecessary output in installer.sh and providers.tf * Refactor echo statements for improved formatting and remove unnecessary output in installer.sh * Refactor installer.sh to fix path issue and pass parameters correctly * Refactor deploy_controlplane.sh to include state subscription parameter in installer.sh call * Refactor deploy_controlplane.sh to include correct subscription parameter in installer.sh call * Refactor deploy_controlplane.sh to include deployer subscription parameter and persist parameters * Refactor deploy_controlplane.sh to include state subscription parameter in installer.sh call * Refactor deploy_controlplane.sh to include state subscription parameter in installer.sh call * Refactor deploy_controlplane.sh to include correct subscription parameter in installer.sh call * Refactor deploy_controlplane.sh to include correct subscription parameter in installer.sh call and handle storage account authentication * Refactor deploy_controlplane.sh to remove unnecessary echo statement * Refactor deploy_controlplane.sh to remove unnecessary echo statements and improve parameter handling * Refactor deploy_controlplane.sh to improve parameter handling * Refactor deploy_controlplane.sh to improve storage account authentication handling * Refactor deploy_controlplane.sh to improve parameter handling and remove unnecessary echo statements * Refactor deploy_utils.sh to fix variable value retrieval from config file * Refactor parameter handling in script_helpers.sh and install_workloadzone.sh * Refactor install_workloadzone.sh to handle unknown region codes * Refactor install_workloadzone.sh to handle unknown region codes * Refactor install_workloadzone.sh to handle unknown region codes and improve parameter handling * Refactor install_workloadzone.sh to handle unknown region codes and improve parameter handling * Refactor region code handling in deploy_utils.sh and script_helpers.sh * Refactor install_workloadzone.sh to handle unknown region codes and improve parameter handling * Refactor install_workloadzone.sh to handle unknown region codes and improve parameter handling * Refactor install_workloadzone.sh to handle unknown region codes and improve parameter handling * Refactor install_workloadzone.sh to handle unknown region codes and improve parameter handling * Refactor install_workloadzone.sh to improve parameter handling and region code handling in deploy_utils.sh and script_helpers.sh * Refactor install_workloadzone.sh to improve parameter handling and region code handling * Refactor install_workloadzone.sh to improve parameter handling and region code handling * Refactor install_workloadzone.sh to improve parameter handling and region code handling * Refactor install_workloadzone.sh to improve parameter handling and region code handling * Refactor install_workloadzone.sh to improve parameter handling and region code handling * Refactor install_workloadzone.sh to remove unnecessary code * Refactor echo statements to improve readability and consistency * Refactor installer.sh to improve parameter handling and region code handling * Refactor installer.sh to improve parameter handling and region code handling * Refactor installer.sh to remove unnecessary echo statements * Refactor installer.sh to improve parameter handling and region code handling * Refactor storage_accounts.tf to include var.use_private_endpoint in the count condition * Refactor storage_accounts.tf to include var.use_private_endpoint in the count condition * Keyvault network rules * Refactor key_vault_sap_landscape.tf to include var.enable_firewall_for_keyvaults_and_storage in the default_action condition * Refactor installer.sh to handle empty SPN secret in set_executing_user_environment_variables * Refactor installer.sh to handle empty SPN secret in set_executing_user_environment_variables * Refactor module.tf to include enable_firewall_for_keyvaults_and_storage variable * Refactor installer.sh to handle empty SPN secret in set_executing_user_environment_variables and remove error file * Add Terraform output detaisl * Refactor Terraform plugin cache directory handling * Refactor Terraform destroy command in remover.sh * Refactor Terraform destroy command in remover.sh * Refactor echo statement in deploy pipeline to include return code from deployment * Refactor echo statement in deploy pipeline to include return code from deployment --------- Co-authored-by: Kimmo Forss <[email protected]> Co-authored-by: hdamecharla <[email protected]>
* Refactor echo statements in deploy control plane pipeline * Refactor install_workloadzone.sh script to reset return_value variable * Refactor install_workloadzone.sh script to improve error handling * feng shui * Refactor variables_local.tf to improve readability and error handling * Refactor deploy control plane pipeline to include deployer_tfstate_key parameter * Refactor deploy control plane pipeline to include deployer_tfstate_key and landscape_tfstate_key parameters * Refactor echo statement in deploy control plane pipeline * Refactor remover script in deploy control plane pipeline * Refactor deploy control plane pipeline to remove unnecessary use_msi flag * Refactor deploy control plane pipeline to update default value for spn_keyvault_id * Refactor deploy control plane pipeline to update default value for spn_key_vault_arm_id * Refactor deploy control plane pipeline to trim deployer_tfstate_key in imports.tf * Refactor deploy control plane pipeline to include provider for azurerm.workload in imports.tf * Refactor deploy control plane pipeline to update storage account authentication and export TF_VAR_tfstate_resource_id * Refactor deploy control plane pipeline to update deployer and landscape state file paths * Refactor deploy control plane pipeline to remove unnecessary code in remover.sh * Refactor install_workloadzone.sh to export SPN key vault ID if keyvault is provided * Refactor tfvar_variables.tf to set default value of short_named_endpoints_nics to true * Refactor remover.sh to consolidate terraform destroy command * Refactor echo statements in remover.sh and remove-control-plane.yaml * Refactor echo statements in deploy/pipelines/01-deploy-control-plane.yaml * Refactor providers.tf to conditionally set use_msi based on var.use_spn * Refactor echo statements in deploy/pipelines/01-deploy-control-plane.yaml to improve clarity of deployment credentials * Refactor install_workloadzone.sh to improve argument parsing and readability * Refactor code for improved argument parsing and readability in install_workloadzone.sh * Refactor LandscapeModel.cs, LandscapeDetails.json, and LandscapeTemplate.txt to add prevent_deletion_if_contains_resources property * Refactor package dependencies in os-packages.yaml * Refactor ansible role to remove unused variable and update passlib dependency * Refactor echo statement in install_workloadzone.sh for improved clarity --------- Co-authored-by: Kimmo Forss <[email protected]>
Configure HANA for logreplay_readaccess and set-up pacemaker with secondary virtual IP address resource for an active/read-enabled setup. https://learn.microsoft.com/en-us/azure/sap/workloads/sap-hana-high-availability-rhel?tabs=lb-portal#configure-hana-activeread-enabled-system-replication
sapadm user wasn't created anymore by SDAF. Updated the when statement and aligned user properties with sapinst. Shell: /bin/false Description: SAP System Administrator
#663) - Add the option to specify *_flow_timeout_in_minutes for management and workload zone VNETs, defaults to null. - Add the option to specify network_enable_route_propagation for subnet route tables, defaults to true.
…ons (#664) * feature: Enhance SAP HANA SR terraform configuration with new variable for SAPHanaSr-angi hook usage and output support * feature: Add support for SLES 15.6 and introduce SAP HANA-SR ANGI configuration options. Some formatting and additional packages.
Like with HANA and SCS/ERS we implement resource priority and set a fence delay of 15s on Db2 systems, to prevent both nodes from being fenced.
* Script updates to handle move to storage accounts without data plane access * Pipeline updates to ease debugging. Instead of using inline scripts the scripts are now in the file system * Terraform updates to support the control plane access and to facilitate better importability of resources. * Remove debug logging from control plane deployment script --------- Co-authored-by: Kimmo Forss <[email protected]>
* Refactor namespaces from AutomationForm to SDAFWebApp across models and views, remove the use_spn flag from the templates * Add agent_network_id variable and update related configurations in SAP modules, bring in the updates related to active active deployments * Enhance deployment scripts: add Azure account display, adjust directory creation permissions, and improve debug handling * Refactor SAP installation pipeline: replace inline bash script with external script and adjust configuration path * Refactor SAP installation media tasks: update allowSharedKeyAccess logic, improve debug output, and enhance command queries * Enhance GitHub workflows: add Harden Runner step, update action versions, and introduce Dependabot configuration * Update SDAF-General variable group: upgrade Terraform and Ansible core versions * Update .gitignore to include user-specific and Visual Studio build files; modify RestHelper to use UTF-8 encoding for JSON content --------- Co-authored-by: Kimmo Forss <[email protected]> Co-authored-by: hdamecharla <[email protected]>
…n preparation script
…ION_ID in installation preparation script
…n preparation script Fix: Update variable name from ARM_SUBSCRIPTION_ID to AZURE_SUBSCRIPTION_ID in installation preparation script Fix: Improve error handling in installation preparation scripts
…into development
…ion in installation preparation script
…ipeline and PowerShell script
…tion preparation script
…lation and Ansible templates
…remove unused CONTROL_PLANE_SUBSCRIPTION_ID parameter
…in Ansible YAML template
* ### Fix: - Update `keepalive` parameter to uppercase. - Set the priority to primary `IPaddr2` and `azure-lb` resource if `priority-fencing-delay` is configured. - Perform `crm resource clear` to reset failcounts on resources. - Clean up unused validation tasks. * Refactor: Improve task definitions and add resource cleanup steps for 1.17 Generic Pacemaker * Enhance BOM processing: Gather dependencies before processing and improve loop variable handling * Update Ansible configuration: Switch stdout callback from JSON to YAML
This reverts commit ec3768d.
* Fix: Update ANSIBLE_COLLECTIONS_PATH variable and adjust reboot timings in playbooks * Fix: Update key vault commands to use lowercase vault names and remove VC++ 2013 component * Fix: Adjust retry logic and delays in Ansible playbooks for improved reliability * Refactor: Rename agent_network_id to additional_network_id and update related references, add IPTags support, provide ability to specify the random the characters that will be appended to the resource names * Fix: Update echo statements for clarity, correct ANSIBLE_COLLECTIONS_PATH variable, and improve error messages in deployment scripts * Fix: Update ANSIBLE_COLLECTIONS_PATH variable in multiple YAML files for consistency * Refactor: Adjust indentation and formatting in multiple model classes for improved readability * Fix: Validate filename in FileController and update subscription_id references in site.js for consistency --------- Co-authored-by: Kimmo Forss <[email protected]>
#676) * Add copyright notices and licensing information to scripts and configuration files * Enhance: - Network rules for storage accounts and keyvaults by adding bypass options for Metrics, Logging, and AzureServices - content type for keyvault secrets --------- Co-authored-by: hdamecharla <[email protected]>
- Parameter and Logging Enhancements: Added FORCE_RESET parameter and enhanced debug logging in control plane deployment pipeline. Also, added warning logs for forced re-install in control plane preparation script. - Script Improvements: Refactored various scripts for consistency, readability, and error handling. This includes adding shebangs, fixing typos, and improving output formatting. - Key Vault and Terraform Updates: Updated Key Vault configurations, enhanced logging for remote Terraform state management, and added dependencies for proper sequencing and resource creation. - Resource Management: Removed unnecessary dependencies and variables, such as DEPLOYER_RANDOM_ID and LIBRARY_RANDOM_ID, and improved handling of custom random IDs. - Error Handling and Output Management: Improved error handling and output management across multiple scripts, ensuring proper return value assignments and clear messaging for Terraform commands. --------- Co-authored-by: Kimmo Forss <[email protected]>
KimForss
approved these changes
Dec 31, 2024
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+217
to
+238
| resource "azurerm_key_vault_secret" "subscription" { | ||
| count = !var.key_vault.kv_exists ? (1) : (0) | ||
|
|
||
| depends_on = [ | ||
| azurerm_key_vault_access_policy.kv_user_pre_deployer[0], | ||
| azurerm_key_vault_access_policy.kv_user_msi, | ||
| azurerm_key_vault_access_policy.kv_user_systemidentity, | ||
| azurerm_key_vault_access_policy.kv_user_additional_users | ||
| ] | ||
|
|
||
| name = format("%s-subscription-id", upper(var.infrastructure.environment)) | ||
| value = data.azurerm_client_config.deployer.subscription_id | ||
| key_vault_id = var.key_vault.kv_exists ? ( | ||
| var.key_vault.kv_user_id) : ( | ||
| azurerm_key_vault.kv_user[0].id | ||
| ) | ||
|
|
||
| expiration_date = var.set_secret_expiry ? ( | ||
| time_offset.secret_expiry_date.rfc3339) : ( | ||
| null | ||
| ) | ||
| } |
Check notice
Code scanning / Trivy
Key vault Secret should have a content type set Low
Comment on lines
+217
to
+238
| resource "azurerm_key_vault_secret" "subscription" { | ||
| count = !var.key_vault.kv_exists ? (1) : (0) | ||
|
|
||
| depends_on = [ | ||
| azurerm_key_vault_access_policy.kv_user_pre_deployer[0], | ||
| azurerm_key_vault_access_policy.kv_user_msi, | ||
| azurerm_key_vault_access_policy.kv_user_systemidentity, | ||
| azurerm_key_vault_access_policy.kv_user_additional_users | ||
| ] | ||
|
|
||
| name = format("%s-subscription-id", upper(var.infrastructure.environment)) | ||
| value = data.azurerm_client_config.deployer.subscription_id | ||
| key_vault_id = var.key_vault.kv_exists ? ( | ||
| var.key_vault.kv_user_id) : ( | ||
| azurerm_key_vault.kv_user[0].id | ||
| ) | ||
|
|
||
| expiration_date = var.set_secret_expiry ? ( | ||
| time_offset.secret_expiry_date.rfc3339) : ( | ||
| null | ||
| ) | ||
| } |
Check notice
Code scanning / Trivy
Key vault Secret should have a content type set Low
Comment on lines
+234
to
+237
| expiration_date = var.set_secret_expiry ? ( | ||
| time_offset.secret_expiry_date.rfc3339) : ( | ||
| null | ||
| ) |
Check notice
Code scanning / Trivy
Key Vault Secret should have an expiration date set Low
Comment on lines
+234
to
+237
| expiration_date = var.set_secret_expiry ? ( | ||
| time_offset.secret_expiry_date.rfc3339) : ( | ||
| null | ||
| ) |
Check notice
Code scanning / Trivy
Key Vault Secret should have an expiration date set Low
Comment on lines
+321
to
+324
| expiration_date = var.set_secret_expiry ? ( | ||
| time_offset.secret_expiry_date.rfc3339) : ( | ||
| null | ||
| ) |
Check notice
Code scanning / Trivy
Key Vault Secret should have an expiration date set Low
Comment on lines
+342
to
+345
| expiration_date = var.set_secret_expiry ? ( | ||
| time_offset.secret_expiry_date.rfc3339) : ( | ||
| null | ||
| ) |
Check notice
Code scanning / Trivy
Key Vault Secret should have an expiration date set Low
Comment on lines
+370
to
+373
| expiration_date = var.set_secret_expiry ? ( | ||
| time_offset.secret_expiry_date.rfc3339) : ( | ||
| null | ||
| ) |
Check notice
Code scanning / Trivy
Key Vault Secret should have an expiration date set Low
Comment on lines
+370
to
+373
| expiration_date = var.set_secret_expiry ? ( | ||
| time_offset.secret_expiry_date.rfc3339) : ( | ||
| null | ||
| ) |
Check notice
Code scanning / Trivy
Key Vault Secret should have an expiration date set Low
Comment on lines
+399
to
+402
| expiration_date = var.set_secret_expiry ? ( | ||
| time_offset.secret_expiry_date.rfc3339) : ( | ||
| null | ||
| ) |
Check notice
Code scanning / Trivy
Key Vault Secret should have an expiration date set Low
Comment on lines
+399
to
+402
| expiration_date = var.set_secret_expiry ? ( | ||
| time_offset.secret_expiry_date.rfc3339) : ( | ||
| null | ||
| ) |
Check notice
Code scanning / Trivy
Key Vault Secret should have an expiration date set Low
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
This pull request includes multiple changes across various configuration and workflow files, primarily focusing on adding new workflows, updating dependencies, and improving code consistency.
New changes
logreplay_readaccessand pacemaker is configured with an additional resourceg_secip_.SAPHanaSR-angiresource agent. Terraform tfvars variablesuse_sles_saphanasr_angiand ansible variableuse_hanasr_angiare added to enable the resource agent.*_flow_timeout_in_minutesfor management and workload zone VNETs, defaults tonull.network_enable_route_propagationfor subnet route tables, defaults totrue.data_plane_available, controls how the storage account is accessed. When set tofalse, the storage account is accessed using the control plane.keepaliveparameter to uppercase, setting the priority for primaryIPaddr2andazure-lbresources whenpriority-fencing-delayis configured, and resetting failcounts on resources usingcrm resource clear, immediately after configuring the resources.custom_random_idtfvars variable.New GitHub Actions Workflows
dependabot.ymlconfiguration to automate dependency updates for GitHub Actions, NuGet, and npm.codeql.ymlworkflow for CodeQL analysis to detect vulnerabilities in C#, JavaScript, and Python code.dependency-review.ymlworkflow to scan dependency manifest files for known vulnerabilities in pull requests.ossf-scorecard.ymlworkflow to include theharden-runnerstep and updated several action versions.trivy.ymlworkflow for running Trivy vulnerability scans on pull requests.Updates to Existing Workflows
Other Changes