From 28b6d0c643747b0a1bdae43d605b8106e0ace046 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sondre=20Sj=C3=B8lyst?= <sonyslyst@gmail.com>
Date: Fri, 22 Dec 2023 12:54:08 +0100
Subject: [PATCH] terraform fixes (#1142)

---
 .../infrastructure/s940/prod/acr/clusters.tf  |   2 +-
 .../infrastructure/s940/prod/acr/variables.tf |   2 +-
 .../s940/prod/keyvaults/main.tf               |   2 +-
 .../s940/prod/keyvaults/variables.tf          |   4 +-
 .../s940/prod/storageaccounts/main.tf         |   6 -
 terraform/infrastructure/s941/dev/acr/acr.tf  |   2 +-
 .../infrastructure/s941/dev/acr/clusters.tf   |   2 +-
 .../infrastructure/s941/dev/acr/variables.tf  |   7 +-
 .../infrastructure/s941/dev/keyvaults/main.tf |   2 +-
 .../s941/dev/keyvaults/variables.tf           |   4 +-
 .../infrastructure/s941/dev/mysql/main.tf     |   2 +-
 .../s941/dev/networkmanager/main.tf           |  64 ++-
 .../s941/dev/networkmanager/variables.tf      |  34 +-
 .../s941/dev/policy/.env.template             |  20 -
 .../infrastructure/s941/dev/policy/README.md  |  26 --
 .../infrastructure/s941/dev/policy/main.tf    |  60 ---
 .../s941/dev/policy/variables.tf              |  44 --
 .../s941/dev/storageaccounts/main.tf          |   6 -
 terraform/infrastructure/s941/dev/test/aks.tf |   2 +-
 .../infrastructure/s941/dev/test/main.tf      |   2 +-
 terraform/oidc/rbac/main.tf                   |   2 +
 terraform/radix-zone/radix_zone_dev.tfvars    |  17 +-
 terraform/radix-zone/radix_zone_dr.tfvars     | 415 ++++++++++++++++++
 terraform/radix-zone/radix_zone_prod.tfvars   |   3 +-
 .../modules/federatedcredential/output.tf     |   4 +-
 .../modules/federatedcredential/variables.tf  |  14 +-
 .../modules/networkmanager/output.tf          |   4 +-
 .../networkmanager_networkgroup/output.tf     |   4 +-
 .../modules/policyassignment/main.tf          |   4 +-
 .../modules/serviceprincipal/output.tf        |   4 +-
 .../modules/serviceprincipal/variables.tf     |   8 +-
 .../modules/userassignedidentity/main.tf      |   6 +-
 .../modules/userassignedidentity/output.tf    |   4 +-
 .../subscriptions/s940/c2/clusters/backend.tf |   2 +-
 .../subscriptions/s940/c2/common/common.tf    |   4 +-
 .../s940/c2/virtualnetwork/input.tf           |   4 +-
 .../subscriptions/s940/globals/global.tf      |   6 +-
 .../s940/prod/clusters/backend.tf             |   2 +-
 .../subscriptions/s940/prod/common/common.tf  |   4 +-
 .../s940/prod/networkmanager/inputs.tf        |   6 +-
 .../s940/prod/virtualnetwork/backend.tf       |   2 +-
 .../s940/prod/virtualnetwork/input.tf         |   4 +-
 .../s941/dev/clusters/backend.tf              |   2 +-
 .../subscriptions/s941/dev/common/backend.tf  |   2 +-
 .../s941/dev/federatedcredential/backend.tf   |   2 +-
 .../s941/dev/userassignedidentity/backend.tf  |   2 +-
 .../s941/dev/virtualnetwork/backend.tf        |   2 +-
 .../s941/playground/clusters/backend.tf       |   2 +-
 .../s941/playground/virtualnetwork/input.tf   |   4 +-
 49 files changed, 581 insertions(+), 251 deletions(-)
 delete mode 100644 terraform/infrastructure/s941/dev/policy/.env.template
 delete mode 100644 terraform/infrastructure/s941/dev/policy/README.md
 delete mode 100644 terraform/infrastructure/s941/dev/policy/main.tf
 delete mode 100644 terraform/infrastructure/s941/dev/policy/variables.tf
 create mode 100644 terraform/radix-zone/radix_zone_dr.tfvars

diff --git a/terraform/infrastructure/s940/prod/acr/clusters.tf b/terraform/infrastructure/s940/prod/acr/clusters.tf
index e3008419c..33c55685a 100644
--- a/terraform/infrastructure/s940/prod/acr/clusters.tf
+++ b/terraform/infrastructure/s940/prod/acr/clusters.tf
@@ -1,5 +1,5 @@
 data "azapi_resource_list" "clusters" {
-  for_each = toset(var.aks_clouster_resource_groups)
+  for_each = toset(var.aks_cluster_resource_groups)
 
   type                   = "Microsoft.ContainerService/managedClusters@2023-09-01"
   parent_id              = "/subscriptions/${var.AZ_SUBSCRIPTION_ID}/resourcegroups/${var.resource_groups[each.value].name}"
diff --git a/terraform/infrastructure/s940/prod/acr/variables.tf b/terraform/infrastructure/s940/prod/acr/variables.tf
index eceeccb98..a079071de 100644
--- a/terraform/infrastructure/s940/prod/acr/variables.tf
+++ b/terraform/infrastructure/s940/prod/acr/variables.tf
@@ -33,7 +33,7 @@ variable "virtual_networks" {
   }
 }
 
-variable "aks_clouster_resource_groups" {
+variable "aks_cluster_resource_groups" {
   type = list(string)
 }
 variable "resource_groups" {
diff --git a/terraform/infrastructure/s940/prod/keyvaults/main.tf b/terraform/infrastructure/s940/prod/keyvaults/main.tf
index f62a90538..d8f9b0810 100644
--- a/terraform/infrastructure/s940/prod/keyvaults/main.tf
+++ b/terraform/infrastructure/s940/prod/keyvaults/main.tf
@@ -9,7 +9,7 @@ provider "azurerm" {
 }
 
 data "azuread_service_principal" "SP_GITHUB_ACTION_CLUSTER" {
-  application_id = var.SP_GITHUB_ACTION_CLUSTER_CLIENT_ID
+  display_name = var.APP_GITHUB_ACTION_CLUSTER_NAME
 }
 
 data "azurerm_key_vault" "KV_RADIX_VAULT" {
diff --git a/terraform/infrastructure/s940/prod/keyvaults/variables.tf b/terraform/infrastructure/s940/prod/keyvaults/variables.tf
index 27074f170..ddb8b68d1 100644
--- a/terraform/infrastructure/s940/prod/keyvaults/variables.tf
+++ b/terraform/infrastructure/s940/prod/keyvaults/variables.tf
@@ -13,8 +13,8 @@ variable "AZ_RESOURCE_GROUP_COMMON" {
   type        = string
 }
 
-variable "SP_GITHUB_ACTION_CLUSTER_CLIENT_ID" {
-  description = "Service principal"
+variable "APP_GITHUB_ACTION_CLUSTER_NAME" {
+  description = "App registration name"
   type        = string
 }
 
diff --git a/terraform/infrastructure/s940/prod/storageaccounts/main.tf b/terraform/infrastructure/s940/prod/storageaccounts/main.tf
index 32fb5b65c..07cd8e71f 100644
--- a/terraform/infrastructure/s940/prod/storageaccounts/main.tf
+++ b/terraform/infrastructure/s940/prod/storageaccounts/main.tf
@@ -13,7 +13,6 @@ data "azurerm_subscription" "AZ_SUBSCRIPTION" {
 }
 
 locals {
-  WHITELIST_IPS = jsondecode(textdecodebase64("${data.azurerm_key_vault_secret.whitelist_ips.value}", "UTF-8"))
   storageaccount_private_subnet = merge([
     for sa_key, sa_value in var.storage_accounts : {
       for privlink_key, privlink_value in var.private_link :
@@ -43,11 +42,6 @@ data "azurerm_key_vault" "keyvault_env" {
   resource_group_name = var.AZ_RESOURCE_GROUP_COMMON
 }
 
-data "azurerm_key_vault_secret" "whitelist_ips" {
-  name         = "acr-whitelist-ips-${var.RADIX_ZONE}"
-  key_vault_id = data.azurerm_key_vault.keyvault_env.id
-}
-
 data "azurerm_subnet" "virtual_subnets" {
   for_each = {
     for key, value in var.resource_groups : key => value if length(regexall("cluster-vnet-hub", key)) > 0
diff --git a/terraform/infrastructure/s941/dev/acr/acr.tf b/terraform/infrastructure/s941/dev/acr/acr.tf
index 562fc80d9..989232a23 100644
--- a/terraform/infrastructure/s941/dev/acr/acr.tf
+++ b/terraform/infrastructure/s941/dev/acr/acr.tf
@@ -1,7 +1,7 @@
 resource "azurerm_container_registry" "app" {
   for_each = var.K8S_ENVIROMENTS
 
-  name                    = "radix${each.key}app"
+  name                    = "radix${each.key}app${var.ACR_SUFFIX}"
   location                = var.resource_groups[each.value.resourceGroup].location # Create ACR in same location as k8s
   sku                     = "Premium"
   resource_group_name     = var.AZ_RESOURCE_GROUP_COMMON
diff --git a/terraform/infrastructure/s941/dev/acr/clusters.tf b/terraform/infrastructure/s941/dev/acr/clusters.tf
index e3008419c..33c55685a 100644
--- a/terraform/infrastructure/s941/dev/acr/clusters.tf
+++ b/terraform/infrastructure/s941/dev/acr/clusters.tf
@@ -1,5 +1,5 @@
 data "azapi_resource_list" "clusters" {
-  for_each = toset(var.aks_clouster_resource_groups)
+  for_each = toset(var.aks_cluster_resource_groups)
 
   type                   = "Microsoft.ContainerService/managedClusters@2023-09-01"
   parent_id              = "/subscriptions/${var.AZ_SUBSCRIPTION_ID}/resourcegroups/${var.resource_groups[each.value].name}"
diff --git a/terraform/infrastructure/s941/dev/acr/variables.tf b/terraform/infrastructure/s941/dev/acr/variables.tf
index eceeccb98..f119809a1 100644
--- a/terraform/infrastructure/s941/dev/acr/variables.tf
+++ b/terraform/infrastructure/s941/dev/acr/variables.tf
@@ -8,6 +8,11 @@ variable "AZ_LOCATION" {
   type        = string
 }
 
+variable "ACR_SUFFIX" {
+  description = "Suffix added to ACR Name"
+  type        = string
+}
+
 variable "AZ_SUBSCRIPTION_ID" {
   type = string
 }
@@ -33,7 +38,7 @@ variable "virtual_networks" {
   }
 }
 
-variable "aks_clouster_resource_groups" {
+variable "aks_cluster_resource_groups" {
   type = list(string)
 }
 variable "resource_groups" {
diff --git a/terraform/infrastructure/s941/dev/keyvaults/main.tf b/terraform/infrastructure/s941/dev/keyvaults/main.tf
index f62a90538..d8f9b0810 100644
--- a/terraform/infrastructure/s941/dev/keyvaults/main.tf
+++ b/terraform/infrastructure/s941/dev/keyvaults/main.tf
@@ -9,7 +9,7 @@ provider "azurerm" {
 }
 
 data "azuread_service_principal" "SP_GITHUB_ACTION_CLUSTER" {
-  application_id = var.SP_GITHUB_ACTION_CLUSTER_CLIENT_ID
+  display_name = var.APP_GITHUB_ACTION_CLUSTER_NAME
 }
 
 data "azurerm_key_vault" "KV_RADIX_VAULT" {
diff --git a/terraform/infrastructure/s941/dev/keyvaults/variables.tf b/terraform/infrastructure/s941/dev/keyvaults/variables.tf
index 27074f170..ddb8b68d1 100644
--- a/terraform/infrastructure/s941/dev/keyvaults/variables.tf
+++ b/terraform/infrastructure/s941/dev/keyvaults/variables.tf
@@ -13,8 +13,8 @@ variable "AZ_RESOURCE_GROUP_COMMON" {
   type        = string
 }
 
-variable "SP_GITHUB_ACTION_CLUSTER_CLIENT_ID" {
-  description = "Service principal"
+variable "APP_GITHUB_ACTION_CLUSTER_NAME" {
+  description = "App registration name"
   type        = string
 }
 
diff --git a/terraform/infrastructure/s941/dev/mysql/main.tf b/terraform/infrastructure/s941/dev/mysql/main.tf
index 9104b655b..bb43e4758 100644
--- a/terraform/infrastructure/s941/dev/mysql/main.tf
+++ b/terraform/infrastructure/s941/dev/mysql/main.tf
@@ -50,10 +50,10 @@ data "azurerm_key_vault" "keyvault" {
 }
 
 data "azurerm_key_vault_secret" "keyvault_secret" {
+  depends_on   = [data.azurerm_key_vault.keyvault]
   for_each     = local.all_sql_servers
   name         = each.value["secret"]
   key_vault_id = data.azurerm_key_vault.keyvault[each.value["vault"]].id
-  depends_on   = [data.azurerm_key_vault.keyvault]
 }
 
 #######################################################################################
diff --git a/terraform/infrastructure/s941/dev/networkmanager/main.tf b/terraform/infrastructure/s941/dev/networkmanager/main.tf
index f020f4dac..f011671ed 100644
--- a/terraform/infrastructure/s941/dev/networkmanager/main.tf
+++ b/terraform/infrastructure/s941/dev/networkmanager/main.tf
@@ -59,22 +59,70 @@ resource "azurerm_network_manager_connectivity_configuration" "config" {
   }
 }
 
+resource "azurerm_policy_definition" "policy" {
+  depends_on   = [azurerm_network_manager.networkmanager]
+  for_each     = var.K8S_ENVIROMENTS
+  name         = "Kubernetes-vnets-in-${each.key}"
+  policy_type  = "Custom"
+  mode         = "Microsoft.Network.Data"
+  display_name = "Kubernetes vnets in ${each.key}"
+
+  metadata = <<METADATA
+    {
+    "category": "Azure Virtual Network Manager"
+    }
+
+METADATA
+
+
+  policy_rule = <<POLICY_RULE
+  {
+    "if": {
+      "allOf": [
+        {
+          "field": "type",
+          "equals": "Microsoft.Network/virtualNetworks"
+        },
+        {
+          "allOf": [
+            {
+              "value": "[resourceGroup().Name]",
+              "contains": "${lookup(var.cluster_rg, "${each.key}", "")}"
+            },
+            {
+              "field": "location",
+              "contains": "${lookup(var.cluster_location, "${each.key}", "")}"
+            },
+            {
+              "field": "Name",
+              "${lookup(var.enviroment_condition, "${each.key}", "")}": "playground"
+            }
+          ]
+        }
+      ]
+    },
+    "then": {
+      "effect": "addToNetworkGroup",
+      "details": {
+        "networkGroupId": "/subscriptions/${var.AZ_SUBSCRIPTION_ID}/resourceGroups/clusters/providers/Microsoft.Network/networkManagers/${var.AZ_SUBSCRIPTION_SHORTNAME}-ANVM/networkGroups/${each.key}"
+      }
+    }
+  }
+  POLICY_RULE
+}
+
 resource "azurerm_subscription_policy_assignment" "assign_vnets_in_zone_policy" {
+  depends_on           = [azurerm_policy_definition.policy]
   for_each             = azurerm_network_manager_network_group.group
-  name                 = data.azurerm_policy_definition.vnets_in_zone_policy[each.key].name
-  policy_definition_id = data.azurerm_policy_definition.vnets_in_zone_policy[each.key].id
+  name                 = azurerm_policy_definition.policy[each.key].name
+  policy_definition_id = azurerm_policy_definition.policy[each.key].id
   subscription_id      = data.azurerm_subscription.current.id
 }
 
-data "azurerm_policy_definition" "vnets_in_zone_policy" {
-  for_each = var.K8S_ENVIROMENTS
-  name     = "Kubernetes-vnets-in-${each.key}"
-}
-
 resource "azurerm_network_manager_deployment" "connectivity_topology" {
   for_each           = var.K8S_ENVIROMENTS
   network_manager_id = azurerm_network_manager.networkmanager.id
   location           = var.AZ_LOCATION
   scope_access       = "Connectivity"
   configuration_ids  = [azurerm_network_manager_connectivity_configuration.config[each.key].id]
-}
\ No newline at end of file
+}
diff --git a/terraform/infrastructure/s941/dev/networkmanager/variables.tf b/terraform/infrastructure/s941/dev/networkmanager/variables.tf
index a7ed2fbec..f1d2afaec 100644
--- a/terraform/infrastructure/s941/dev/networkmanager/variables.tf
+++ b/terraform/infrastructure/s941/dev/networkmanager/variables.tf
@@ -8,11 +8,6 @@ variable "AZ_SUBSCRIPTION_SHORTNAME" {
   type        = string
 }
 
-variable "AZ_SUBSCRIPTION_ID" {
-  description = "Azure subscription id"
-  type        = string
-}
-
 variable "AZ_LOCATION" {
   description = "Azure location"
   type        = string
@@ -32,4 +27,31 @@ variable "vnet_rg_names" {
     dev        = "cluster-vnet-hub-dev"
     playground = "cluster-vnet-hub-playground"
   }
-}
\ No newline at end of file
+}
+
+variable "cluster_rg" {
+  type = map(any)
+
+  default = {
+    dev        = "clusters"
+    playground = "clusters"
+  }
+}
+
+variable "cluster_location" {
+  type = map(any)
+
+  default = {
+    dev        = "northeurope"
+    playground = "northeurope"
+  }
+}
+
+variable "enviroment_condition" {
+  type = map(any)
+
+  default = {
+    dev        = "notcontains"
+    playground = "contains"
+  }
+}
diff --git a/terraform/infrastructure/s941/dev/policy/.env.template b/terraform/infrastructure/s941/dev/policy/.env.template
deleted file mode 100644
index 2508563c5..000000000
--- a/terraform/infrastructure/s941/dev/policy/.env.template
+++ /dev/null
@@ -1,20 +0,0 @@
-## For local development: copy this file, rename it to `backend_config.env`, and populate accordingly
-
-resource_group_name="s941-tfstate"
-storage_account_name ="s941radixinfra"
-container_name="infrastructure"
-use_azuread_auth=true
-
-# tfstate name
-key="policy/terraform.tfstate" # dev.radixtfexample.terraform.tfstate
-
-# Configure the Microsoft Azure Provider
-
-# service principal client_id
-client_id="f1e6bc52-9aa4-4ca7-a9ac-b7a19d8f0f86" # ar-radix-platform-github-dev-cluster-maintenance
-
-# service principal client_secret
-client_secret="" # ar-radix-platform-github-dev-cluster-maintenance secret
-
-subscription_id="16ede44b-1f74-40a5-b428-46cca9a5741b" # S941-Omnia-Radix-Development
-tenant_id="3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
diff --git a/terraform/infrastructure/s941/dev/policy/README.md b/terraform/infrastructure/s941/dev/policy/README.md
deleted file mode 100644
index c8b8320c1..000000000
--- a/terraform/infrastructure/s941/dev/policy/README.md
+++ /dev/null
@@ -1,26 +0,0 @@
-## How to use (locally)
-
-1. cluster name will be the same as folder name
-2. Copy `.env.template`, rename it to `.env`, and populate accordingly
-
-Run below commands to Initialize terraform in current directory
-
-```sh
-# Initialize terraform
-# This will connect terraform backend to Azure
-terraform init -backend-config=.env
-```
-
-Run below commands to deploy
-
-```sh
-# Will deploy main.tf
-terraform apply --var-file=../../../../radix-zone/radix_zone_dev.tfvars
-```
-
-Run below commands to destroy
-
-```sh
-# Will destroy main.tf
-terraform destroy --var-file=../../../../radix-zone/radix_zone_dev.tfvars
-```
diff --git a/terraform/infrastructure/s941/dev/policy/main.tf b/terraform/infrastructure/s941/dev/policy/main.tf
deleted file mode 100644
index 5d9ecdd7d..000000000
--- a/terraform/infrastructure/s941/dev/policy/main.tf
+++ /dev/null
@@ -1,60 +0,0 @@
-terraform {
-  backend "azurerm" {}
-}
-
-provider "azurerm" {
-  subscription_id = var.AZ_SUBSCRIPTION_ID
-
-  features {}
-}
-
-resource "azurerm_policy_definition" "policy" {
-  for_each     = var.K8S_ENVIROMENTS
-  name         = "Kubernetes-vnets-in-${each.key}"
-  policy_type  = "Custom"
-  mode         = "Microsoft.Network.Data"
-  display_name = "Kubernetes vnets in ${each.key}"
-
-  metadata = <<METADATA
-    {
-    "category": "Azure Virtual Network Manager"
-    }
-
-METADATA
-
-
-  policy_rule = <<POLICY_RULE
-  {
-    "if": {
-      "allOf": [
-        {
-          "field": "type",
-          "equals": "Microsoft.Network/virtualNetworks"
-        },
-        {
-          "allOf": [
-            {
-              "value": "[resourceGroup().Name]",
-              "contains": "${lookup(var.cluster_rg, "${each.key}", "")}"
-            },
-            {
-              "field": "location",
-              "contains": "${lookup(var.cluster_location, "${each.key}", "")}"
-            },
-            {
-              "field": "Name",
-              "${lookup(var.enviroment_condition, "${each.key}", "")}": "playground"
-            }
-          ]
-        }
-      ]
-    },
-    "then": {
-      "effect": "addToNetworkGroup",
-      "details": {
-        "networkGroupId": "/subscriptions/${var.AZ_SUBSCRIPTION_ID}/resourceGroups/clusters/providers/Microsoft.Network/networkManagers/${var.AZ_SUBSCRIPTION_SHORTNAME}-ANVM/networkGroups/${each.key}"
-      }
-    }
-  }
-  POLICY_RULE
-}
diff --git a/terraform/infrastructure/s941/dev/policy/variables.tf b/terraform/infrastructure/s941/dev/policy/variables.tf
deleted file mode 100644
index 12cd30c16..000000000
--- a/terraform/infrastructure/s941/dev/policy/variables.tf
+++ /dev/null
@@ -1,44 +0,0 @@
-variable "AZ_SUBSCRIPTION_ID" {
-  description = "Azure subscription id"
-  type        = string
-}
-
-variable "K8S_ENVIROMENTS" {
-  description = "A map of cluster enviroments and their resource group"
-  type = map(object({
-    name          = string
-    resourceGroup = string
-  }))
-}
-
-variable "AZ_SUBSCRIPTION_SHORTNAME" {
-  description = "Subscription shortname"
-  type        = string
-}
-
-variable "cluster_location" {
-  type = map(any)
-
-  default = {
-    dev        = "northeurope"
-    playground = "northeurope"
-  }
-}
-
-variable "cluster_rg" {
-  type = map(any)
-
-  default = {
-    dev        = "clusters"
-    playground = "clusters"
-  }
-}
-
-variable "enviroment_condition" {
-  type = map(any)
-
-  default = {
-    dev        = "notcontains"
-    playground = "contains"
-  }
-}
diff --git a/terraform/infrastructure/s941/dev/storageaccounts/main.tf b/terraform/infrastructure/s941/dev/storageaccounts/main.tf
index d9e1706e9..185252137 100644
--- a/terraform/infrastructure/s941/dev/storageaccounts/main.tf
+++ b/terraform/infrastructure/s941/dev/storageaccounts/main.tf
@@ -13,7 +13,6 @@ data "azurerm_subscription" "AZ_SUBSCRIPTION" {
 }
 
 locals {
-  WHITELIST_IPS = jsondecode(textdecodebase64("${data.azurerm_key_vault_secret.whitelist_ips.value}", "UTF-8"))
   storageaccount_private_subnet = merge([
     for sa_key, sa_value in var.storage_accounts : {
       for privlink_key, privlink_value in var.private_link :
@@ -43,11 +42,6 @@ data "azurerm_key_vault" "keyvault_env" {
   resource_group_name = var.AZ_RESOURCE_GROUP_COMMON
 }
 
-data "azurerm_key_vault_secret" "whitelist_ips" {
-  name         = "acr-whitelist-ips-${var.RADIX_ZONE}"
-  key_vault_id = data.azurerm_key_vault.keyvault_env.id
-}
-
 data "azurerm_subnet" "virtual_subnets" {
   for_each = {
     for key, value in var.resource_groups : key => value if length(regexall("cluster-vnet-hub", key)) > 0
diff --git a/terraform/infrastructure/s941/dev/test/aks.tf b/terraform/infrastructure/s941/dev/test/aks.tf
index b966b906c..5e53ffeb2 100644
--- a/terraform/infrastructure/s941/dev/test/aks.tf
+++ b/terraform/infrastructure/s941/dev/test/aks.tf
@@ -1,5 +1,5 @@
 data "azapi_resource_list" "clusters" {
-  for_each = toset(var.aks_clouster_resource_groups)
+  for_each = toset(var.aks_cluster_resource_groups)
 
   type                   = "Microsoft.ContainerService/managedClusters@2023-09-01"
   parent_id              = "/subscriptions/${var.AZ_SUBSCRIPTION_ID}/resourcegroups/${var.resource_groups[each.value].name}"
diff --git a/terraform/infrastructure/s941/dev/test/main.tf b/terraform/infrastructure/s941/dev/test/main.tf
index 3262188a3..c8cb015ca 100644
--- a/terraform/infrastructure/s941/dev/test/main.tf
+++ b/terraform/infrastructure/s941/dev/test/main.tf
@@ -23,7 +23,7 @@ variable "AZ_SUBSCRIPTION_ID" {
   type = string
 }
 
-variable "aks_clouster_resource_groups" {
+variable "aks_cluster_resource_groups" {
   type = list(string)
 }
 variable "resource_groups" {
diff --git a/terraform/oidc/rbac/main.tf b/terraform/oidc/rbac/main.tf
index b58cfceec..a05e19386 100644
--- a/terraform/oidc/rbac/main.tf
+++ b/terraform/oidc/rbac/main.tf
@@ -122,6 +122,7 @@ resource "azurerm_storage_account" "SA_INFRASTRUCTURE" {
 }
 
 resource "azurerm_storage_container" "SA_INFRASTRUCTURE_CONTAINER_CLUSTERS" {
+  depends_on = [azurerm_storage_account.SA_INFRASTRUCTURE]
   for_each = {
     for key, value in var.storage_accounts : key => var.storage_accounts[key] if value["create_with_rbac"]
   }
@@ -130,6 +131,7 @@ resource "azurerm_storage_container" "SA_INFRASTRUCTURE_CONTAINER_CLUSTERS" {
 }
 
 resource "azurerm_storage_container" "SA_INFRASTRUCTURE_CONTAINER_INFRASTRUCTURE" {
+  depends_on = [azurerm_storage_account.SA_INFRASTRUCTURE]
   for_each = {
     for key, value in var.storage_accounts : key => var.storage_accounts[key] if value["create_with_rbac"]
   }
diff --git a/terraform/radix-zone/radix_zone_dev.tfvars b/terraform/radix-zone/radix_zone_dev.tfvars
index 158ae4352..156ae7458 100644
--- a/terraform/radix-zone/radix_zone_dev.tfvars
+++ b/terraform/radix-zone/radix_zone_dev.tfvars
@@ -112,7 +112,7 @@ resource_groups = {
   }
 }
 
-aks_clouster_resource_groups = ["clusters"]
+aks_cluster_resource_groups = ["clusters"]
 
 #######################################################################################
 ### Storage Accounts
@@ -172,11 +172,12 @@ storage_accounts = {
 
 sql_server = {
   "sql-radix-cost-allocation-dev" = {
-    name     = "sql-radix-cost-allocation-dev"
-    rg_name  = "cost-allocation"
-    db_admin = "radix-cost-allocation-db-admin"
-    vault    = "radix-vault-dev"
-    env      = "dev"
+    name                = "sql-radix-cost-allocation-dev"
+    rg_name             = "cost-allocation"
+    db_admin            = "radix-cost-allocation-db-admin"
+    minimum_tls_version = "Disabled"
+    vault               = "radix-vault-dev"
+    env                 = "dev"
     tags = {
       "displayName" = "SqlServer"
     }
@@ -352,8 +353,7 @@ virtual_networks = {
 ### Service principal
 ###
 
-APP_GITHUB_ACTION_CLUSTER_NAME     = "ar-radix-platform-github-dev-cluster-maintenance"
-SP_GITHUB_ACTION_CLUSTER_CLIENT_ID = "f1e6bc52-9aa4-4ca7-a9ac-b7a19d8f0f86"
+APP_GITHUB_ACTION_CLUSTER_NAME = "ar-radix-platform-github-dev-cluster-maintenance"
 
 #######################################################################################
 ### Github
@@ -366,3 +366,4 @@ GH_ENVIRONMENT  = "operations"
 # Update this and run terraform in acr to rotate secrets.
 # Remember to restart Operator afterwards to get refreshed tokens
 ACR_TOKEN_EXPIRES_AT = "2024-11-01T12:00:00+00:00"
+ACR_SUFFIX           = "dev"
diff --git a/terraform/radix-zone/radix_zone_dr.tfvars b/terraform/radix-zone/radix_zone_dr.tfvars
new file mode 100644
index 000000000..08d79e98d
--- /dev/null
+++ b/terraform/radix-zone/radix_zone_dr.tfvars
@@ -0,0 +1,415 @@
+#######################################################################################
+### AKS
+###
+
+AKS_KUBERNETES_VERSION    = "1.26.6"
+AKS_NODE_POOL_VM_SIZE     = "Standard_B4ms"
+AKS_SYSTEM_NODE_MAX_COUNT = "2"
+AKS_SYSTEM_NODE_MIN_COUNT = "1"
+AKS_SYSTEM_NODE_POOL_NAME = "systempool"
+AKS_USER_NODE_MAX_COUNT   = "5"
+AKS_USER_NODE_MIN_COUNT   = "2"
+AKS_USER_NODE_POOL_NAME   = "userpool"
+TAGS_AA                   = { "autostartupschedule " = "true", "migrationStrategy" = "aa" }
+TAGS_AT                   = { "autostartupschedule " = "false", "migrationStrategy" = "at" }
+
+aks_cluster_resource_groups = ["clusters"]
+#######################################################################################
+### Zone and cluster settings
+###
+
+AZ_LOCATION                    = "northeurope"
+CLUSTER_TYPE                   = "development"
+RADIX_ZONE                     = "dev"
+RADIX_ENVIRONMENT              = "dev"
+RADIX_WEB_CONSOLE_ENVIRONMENTS = ["qa", "prod"]
+K8S_ENVIROMENTS = {
+  "dev" = { "name" = "dev", "resourceGroup" = "clusters" },
+}
+# K8S_ENVIROMENTS                = ["dev", "playground"]
+
+#######################################################################################
+### Resource groups
+###
+
+AZ_RESOURCE_GROUP_CLUSTERS = "clusters"
+AZ_RESOURCE_GROUP_COMMON   = "common"
+
+#######################################################################################
+### Shared environment, az region and az subscription
+###
+
+AZ_SUBSCRIPTION_ID        = "939950ec-da7e-4349-8b8d-77d9c278af04"
+AZ_TENANT_ID              = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
+AZ_SUBSCRIPTION_SHORTNAME = "s612"
+
+#######################################################################################
+### AAD
+###
+
+AAD_RADIX_GROUP = "radix"
+
+#######################################################################################
+### System users
+###
+
+MI_AKSKUBELET = [{
+  client_id = "117df4c6-ff5b-4921-9c40-5bea2e1c52d8"
+  id        = "/subscriptions/939950ec-da7e-4349-8b8d-77d9c278af04/resourceGroups/common/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id-radix-akskubelet-development-northeurope"
+  object_id = "89541870-e10a-403c-8d4c-d80e92dd5eb7"
+}]
+
+MI_AKS = [{
+  client_id = "1ff97b0f-f824-47d9-a98f-a045b6a759bc"
+  id        = "/subscriptions/939950ec-da7e-4349-8b8d-77d9c278af04/resourceGroups/common/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id-radix-aks-development-northeurope",
+  object_id = "7112e202-51f7-4fd2-b6a1-b944f14f0be3"
+}]
+
+AZ_PRIVATE_DNS_ZONES = [
+  "privatelink.database.windows.net",
+  "privatelink.blob.core.windows.net",
+  "privatelink.table.core.windows.net",
+  "privatelink.queue.core.windows.net",
+  "privatelink.file.core.windows.net",
+  "privatelink.web.core.windows.net",
+  "privatelink.dfs.core.windows.net",
+  "privatelink.documents.azure.com",
+  "privatelink.mongo.cosmos.azure.com",
+  "privatelink.cassandra.cosmos.azure.com",
+  "privatelink.gremlin.cosmos.azure.com",
+  "privatelink.table.cosmos.azure.com",
+  "privatelink.postgres.database.azure.com",
+  "privatelink.mysql.database.azure.com",
+  "privatelink.mariadb.database.azure.com",
+  "privatelink.vaultcore.azure.net",
+  "private.radix.equinor.com"
+]
+
+#To do
+#Alphabetical order
+#######################################################################################
+### Managed Identities
+###
+
+managed_identity = {
+  "id-radix-logicapp-operator-dev" = {
+    name    = "id-radix-logicapp-operator-dev"
+    rg_name = "Logs-Dev"
+  }
+}
+
+#######################################################################################
+### Log Analytics
+###
+
+loganalytics = {
+  "s612-northeurope-diagnostics" = {
+    name             = "s612-northeurope-diagnostics"
+    rg_name          = "Logs-dev"
+    managed_identity = true
+  }
+}
+
+#######################################################################################
+### Logic Apps
+###
+
+logic_app_workflow = {
+  "archive-s612-northeurope-diagnostics" = {
+    name                  = "archive-s612-northeurope-diagnostics"
+    rg_name               = "Logs-Dev"
+    managed_identity_name = "id-radix-logicapp-operator-dev"
+    loganalytics          = "s612-northeurope-diagnostics"
+    storageaccount        = "radixflowlogsplayground"
+    folder                = "playground"
+  }
+}
+
+
+#######################################################################################
+### Resouce Groups
+###
+
+resource_groups = {
+  "backups" = {
+    name = "backups"
+  }
+  "clusters" = {
+    name = "clusters"
+  }
+  "cluster-vnet-hub-dev" = {
+    name = "cluster-vnet-hub-dev"
+  }
+  # "cluster-vnet-hub-playground" = {
+  #   name = "cluster-vnet-hub-playground"
+  # }
+  "common" = {
+    name = "common"
+  }
+  "cost-allocation" = {
+    name = "cost-allocation"
+  }
+  "dashboards" = {
+    name = "dashboards"
+  }
+  "monitoring" = {
+    name = "monitoring"
+  }
+  "s612-log" = {
+    name     = "s612-log"
+    location = "westeurope"
+  }
+  "s612-tfstate" = {
+    name = "s612-tfstate"
+  }
+  "Logs-Dev" = {
+    name = "Logs-Dev"
+  }
+  "vulnerability-scan" = {
+    name = "vulnerability-scan"
+  }
+}
+
+#######################################################################################
+### Storage Accounts
+###
+
+storage_accounts = {
+  "radixflowlogsdevdr" = {
+    name          = "radixflowlogsdevdr"
+    rg_name       = "Logs-Dev"
+    backup_center = true
+  }
+  # "radixflowlogsplayground" = {
+  #   name             = "radixflowlogsplayground"
+  #   rg_name          = "Logs-Dev"
+  #   backup_center    = true
+  #   managed_identity = true
+  # }
+  "s612radixinfra" = {
+    name                            = "s612radixinfra"
+    rg_name                         = "s612-tfstate"
+    backup_center                   = true
+    repl                            = "RAGRS"
+    allow_nested_items_to_be_public = false
+    create_with_rbac                = true
+    firewall                        = false
+  }
+  "s612radixvelerodev" = {
+    name                            = "s612radixvelerodev"
+    rg_name                         = "backups"
+    backup_center                   = true
+    repl                            = "GRS"
+    allow_nested_items_to_be_public = false
+    firewall                        = true
+    private_endpoint                = true
+
+  }
+  "s612sqllogsdev" = {
+    name          = "s612sqllogsdev"
+    rg_name       = "common"
+    backup_center = true
+  }
+  # "s612sqllogsplayground" = {
+  #   name          = "s612sqllogsplayground"
+  #   rg_name       = "common"
+  #   backup_center = true
+  # }
+}
+
+#######################################################################################
+### SQL Server
+###
+
+sql_server = {
+  "sql-radix-cost-allocation-dev-dr" = {
+    name                = "sql-radix-cost-allocation-dev-dr"
+    rg_name             = "cost-allocation"
+    db_admin            = "radix-cost-allocation-db-admin"
+    minimum_tls_version = "Disabled"
+    vault               = "radix-vault-dev-dr2"
+    env                 = "dev"
+    tags = {
+      "displayName" = "SqlServer"
+    }
+  }
+  # "sql-radix-cost-allocation-playground" = {
+  #   name                = "sql-radix-cost-allocation-playground"
+  #   rg_name             = "cost-allocation"
+  #   db_admin            = "radix-cost-allocation-db-admin-playground"
+  #   minimum_tls_version = "Disabled"
+  #   vault               = "radix-vault-dev-dr2"
+  #   tags = {
+  #     "displayName" = "SqlServer"
+  #   }
+  # }
+  "sql-radix-vulnerability-scan-dev-dr" = {
+    name     = "sql-radix-vulnerability-scan-dev-dr"
+    rg_name  = "vulnerability-scan"
+    db_admin = "radix-vulnerability-scan-db-admin"
+    identity = false
+    vault    = "radix-vault-dev-dr2"
+    env      = "dev"
+  }
+  # "sql-radix-vulnerability-scan-playground" = {
+  #   name     = "sql-radix-vulnerability-scan-playground"
+  #   rg_name  = "vulnerability-scan"
+  #   db_admin = "radix-vulnerability-scan-db-admin-playground"
+  #   identity = false
+  #   vault    = "radix-vault-dev-dr2"
+  # }
+}
+
+#######################################################################################
+### SQL Database
+###
+
+sql_database = {
+  "sql-radix-cost-allocation-dev-dr" = {
+    name   = "sqldb-radix-cost-allocation"
+    server = "sql-radix-cost-allocation-dev-dr"
+    tags = {
+      "displayName" = "Database"
+    }
+  }
+  # "sql-radix-cost-allocation-playground" = {
+  #   name   = "sqldb-radix-cost-allocation"
+  #   server = "sql-radix-cost-allocation-playground"
+  #   tags = {
+  #     "displayName" = "Database"
+  #   }
+  # }
+  "sql-radix-vulnerability-scan-dev-dr" = {
+    name   = "radix-vulnerability-scan"
+    server = "sql-radix-vulnerability-scan-dev-dr"
+  }
+  # "sql-radix-vulnerability-scan-playground" = {
+  #   name   = "radix-vulnerability-scan"
+  #   server = "sql-radix-vulnerability-scan-playground"
+  # }
+}
+
+#######################################################################################
+### MYSQL Flexible Server
+###
+
+mysql_flexible_server = {
+  "s612-radix-grafana-dev" = {
+    name   = "s612-radix-grafana-dev"
+    secret = "s612-radix-grafana-dev-mysql-admin-pwd"
+  }
+  # "s612-radix-grafana-playground" = {
+  #   name   = "s612-radix-grafana-playground"
+  #   secret = "s612-radix-grafana-playground-mysql-admin-pwd"
+  # }
+}
+
+#######################################################################################
+### MYSQL Server
+###
+
+mysql_server = {
+  "mysql-radix-grafana-dev" = {
+    name    = "mysql-radix-grafana-dev"
+    fw_rule = true
+    secret  = "mysql-grafana-dev-admin-password"
+  }
+}
+
+#######################################################################################
+### Key Vault
+###
+
+key_vault = {
+  "radix-monitoring-dev-dr" = {
+    name    = "radix-monitoring-dev-dr"
+    rg_name = "monitoring"
+  }
+  "radix-vault-dev-dr2" = {
+    name    = "radix-vault-dev-dr2"
+    rg_name = "common"
+  }
+}
+
+key_vault_by_k8s_environment = {
+  "dev" = {
+    name    = "radix-vault-dev-dr2"
+    rg_name = "common"
+  }
+  "monitoring" = {
+    name    = "radix-monitoring-dev-dr"
+    rg_name = "monitoring"
+  }
+}
+
+firewall_rules = {
+  "equinor-wifi" = {
+    start_ip_address = "143.97.110.1"
+    end_ip_address   = "143.97.110.1"
+  }
+  "equinor_north_europe" = {
+    start_ip_address = "40.85.141.13"
+    end_ip_address   = "40.85.141.13"
+  }
+  "ext-mon-dev" = {
+    start_ip_address = "20.54.47.154"
+    end_ip_address   = "20.54.47.154"
+  }
+  "runnerIp" = {
+    start_ip_address = "20.36.193.46"
+    end_ip_address   = "20.36.193.46"
+  }
+  "weekly-42-b" = {
+    start_ip_address = "20.67.128.243"
+    end_ip_address   = "20.67.128.243"
+  }
+  "Enable-Azure-services" = {
+    start_ip_address = "0.0.0.0"
+    end_ip_address   = "0.0.0.0"
+  }
+}
+
+EQUINOR_WIFI_IP_CIDR = "143.97.110.1/32"
+
+KV_RADIX_VAULT = "radix-vault-dev-dr2"
+
+private_link = {
+  "dev" = {
+    linkname = "/subscriptions/939950ec-da7e-4349-8b8d-77d9c278af04/resourceGroups/cluster-vnet-hub-dev/providers/Microsoft.Network/virtualNetworks/vnet-hub/subnets/private-links"
+  }
+  # "playground" = {
+  #   linkname = "/subscriptions/939950ec-da7e-4349-8b8d-77d9c278af04/resourceGroups/cluster-vnet-hub-playground/providers/Microsoft.Network/virtualNetworks/vnet-hub/subnets/private-links"
+  # }
+}
+
+#######################################################################################
+### Virtual network
+###
+
+virtual_networks = {
+  "dev" = {
+    rg_name = "cluster-vnet-hub-dev"
+  }
+  # "playground" = {
+  #   rg_name = "cluster-vnet-hub-playground"
+  # }
+}
+
+#######################################################################################
+### Service principal
+###
+
+APP_GITHUB_ACTION_CLUSTER_NAME = "ar-radix-platform-github-dev-cluster-maintenance-dr"
+
+#######################################################################################
+### Github
+###
+
+GH_ORGANIZATION = "equinor"
+GH_REPOSITORY   = "radix-platform"
+GH_ENVIRONMENT  = "operations-dr"
+
+# Update this and run terraform in acr to rotate secrets.
+# Remember to restart Operator afterwards to get refreshed tokens
+ACR_TOKEN_EXPIRES_AT = "2024-11-01T12:00:00+00:00"
+ACR_SUFFIX           = "DR"
\ No newline at end of file
diff --git a/terraform/radix-zone/radix_zone_prod.tfvars b/terraform/radix-zone/radix_zone_prod.tfvars
index 21d56db7f..04dc86b56 100644
--- a/terraform/radix-zone/radix_zone_prod.tfvars
+++ b/terraform/radix-zone/radix_zone_prod.tfvars
@@ -163,7 +163,7 @@ resource_groups = {
   }
 }
 
-aks_clouster_resource_groups = ["clusters-westeurope", "clusters"]
+aks_cluster_resource_groups = ["clusters-westeurope", "clusters"]
 
 #######################################################################################
 ### Storage Accounts
@@ -419,7 +419,6 @@ virtual_networks = {
 ###
 
 APP_GITHUB_ACTION_CLUSTER_NAME     = "OP-Terraform-Github Action"
-SP_GITHUB_ACTION_CLUSTER_CLIENT_ID = "043e5510-738f-4c30-8b9d-ee32578c7fe8"
 
 #######################################################################################
 ### Github
diff --git a/terraform/subscriptions/modules/federatedcredential/output.tf b/terraform/subscriptions/modules/federatedcredential/output.tf
index 163f35fe4..10cdf539b 100644
--- a/terraform/subscriptions/modules/federatedcredential/output.tf
+++ b/terraform/subscriptions/modules/federatedcredential/output.tf
@@ -1,4 +1,4 @@
 output "data" {
   description = "federatedcredential"
-  value = azurerm_federated_identity_credential.federatedcredential
-}
\ No newline at end of file
+  value       = azurerm_federated_identity_credential.federatedcredential
+}
diff --git a/terraform/subscriptions/modules/federatedcredential/variables.tf b/terraform/subscriptions/modules/federatedcredential/variables.tf
index cde261df4..195604d15 100644
--- a/terraform/subscriptions/modules/federatedcredential/variables.tf
+++ b/terraform/subscriptions/modules/federatedcredential/variables.tf
@@ -1,24 +1,24 @@
 variable "parent_id" {
   description = "Specifies parent ID of User Assigned Identity for this Federated Identity Credential."
-  type = string
+  type        = string
 }
 variable "name" {
   description = "Specifies the name of this Federated Identity Credential."
-  type = string
+  type        = string
 }
 variable "audiences" {
   description = "Specifies the audience for this Federated Identity Credential."
-  type = list(string)
+  type        = list(string)
 }
 variable "issuer" {
   description = "Specifies the issuer of this Federated Identity Credential."
-  type = string
+  type        = string
 }
 variable "subject" {
   description = "Specifies the subject for this Federated Identity Credential."
-  type = string
+  type        = string
 }
 variable "resource_group_name" {
   description = "Specifies the name of the Resource Group within which this Federated Identity Credential should exist."
-  type = string
-}
\ No newline at end of file
+  type        = string
+}
diff --git a/terraform/subscriptions/modules/networkmanager/output.tf b/terraform/subscriptions/modules/networkmanager/output.tf
index cb7e8b6da..732d7f160 100644
--- a/terraform/subscriptions/modules/networkmanager/output.tf
+++ b/terraform/subscriptions/modules/networkmanager/output.tf
@@ -1,4 +1,4 @@
 output "data" {
   description = "Network mananger"
-  value = azurerm_network_manager.networkmanager
-}
\ No newline at end of file
+  value       = azurerm_network_manager.networkmanager
+}
diff --git a/terraform/subscriptions/modules/networkmanager_networkgroup/output.tf b/terraform/subscriptions/modules/networkmanager_networkgroup/output.tf
index 9a6fa20a6..4137296f2 100644
--- a/terraform/subscriptions/modules/networkmanager_networkgroup/output.tf
+++ b/terraform/subscriptions/modules/networkmanager_networkgroup/output.tf
@@ -1,4 +1,4 @@
 output "data" {
   description = "Network mananger - Networkgroup"
-  value = azurerm_network_manager_network_group.group
-}
\ No newline at end of file
+  value       = azurerm_network_manager_network_group.group
+}
diff --git a/terraform/subscriptions/modules/policyassignment/main.tf b/terraform/subscriptions/modules/policyassignment/main.tf
index f7e134ab7..2fc2ef3bf 100644
--- a/terraform/subscriptions/modules/policyassignment/main.tf
+++ b/terraform/subscriptions/modules/policyassignment/main.tf
@@ -1,7 +1,7 @@
 resource "azurerm_subscription_policy_assignment" "assignment" {
   display_name         = "Kubernetes-vnets-in-${var.enviroment}"
   name                 = "Kubernetes-vnets-in-${var.enviroment}"
-  location             = "${var.location}"
+  location             = var.location
   policy_definition_id = var.policy_id
   subscription_id      = var.subscription
   parameters           = jsonencode({})
@@ -10,4 +10,4 @@ resource "azurerm_subscription_policy_assignment" "assignment" {
     type         = "SystemAssigned"
   }
 
-}
\ No newline at end of file
+}
diff --git a/terraform/subscriptions/modules/serviceprincipal/output.tf b/terraform/subscriptions/modules/serviceprincipal/output.tf
index 6a04c352d..1f96da96e 100644
--- a/terraform/subscriptions/modules/serviceprincipal/output.tf
+++ b/terraform/subscriptions/modules/serviceprincipal/output.tf
@@ -1,4 +1,4 @@
 output "data" {
   description = "serviceprincipal"
-  value = azuread_service_principal.serviceprincipal
-}
\ No newline at end of file
+  value       = azuread_service_principal.serviceprincipal
+}
diff --git a/terraform/subscriptions/modules/serviceprincipal/variables.tf b/terraform/subscriptions/modules/serviceprincipal/variables.tf
index 8cb183674..203af8a26 100644
--- a/terraform/subscriptions/modules/serviceprincipal/variables.tf
+++ b/terraform/subscriptions/modules/serviceprincipal/variables.tf
@@ -1,13 +1,13 @@
 variable "client_id" {
   description = "The client ID of the application for which to create a service principal."
-  type = string
+  type        = string
 }
 variable "app_role_assignment_required" {
   description = "Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application."
-  type = string
+  type        = string
 }
 
 variable "owners" {
   description = "A set of object IDs of principals that will be granted ownership of the service principal."
-  type = set(string)
-}
\ No newline at end of file
+  type        = set(string)
+}
diff --git a/terraform/subscriptions/modules/userassignedidentity/main.tf b/terraform/subscriptions/modules/userassignedidentity/main.tf
index 826747670..e6fb32080 100644
--- a/terraform/subscriptions/modules/userassignedidentity/main.tf
+++ b/terraform/subscriptions/modules/userassignedidentity/main.tf
@@ -1,5 +1,5 @@
 resource "azurerm_user_assigned_identity" "userassignedidentity" {
-  name = var.name
-  location = var.location
+  name                = var.name
+  location            = var.location
   resource_group_name = var.resource_group_name
-}
\ No newline at end of file
+}
diff --git a/terraform/subscriptions/modules/userassignedidentity/output.tf b/terraform/subscriptions/modules/userassignedidentity/output.tf
index f5edfcdaa..7ce404307 100644
--- a/terraform/subscriptions/modules/userassignedidentity/output.tf
+++ b/terraform/subscriptions/modules/userassignedidentity/output.tf
@@ -1,4 +1,4 @@
 output "data" {
   description = "userassignedidentity"
-  value = azurerm_user_assigned_identity.userassignedidentity
-}
\ No newline at end of file
+  value       = azurerm_user_assigned_identity.userassignedidentity
+}
diff --git a/terraform/subscriptions/s940/c2/clusters/backend.tf b/terraform/subscriptions/s940/c2/clusters/backend.tf
index c46887e85..9332edde9 100644
--- a/terraform/subscriptions/s940/c2/clusters/backend.tf
+++ b/terraform/subscriptions/s940/c2/clusters/backend.tf
@@ -5,7 +5,7 @@ terraform {
       version = "<=3.69.0"
     }
   }
-  
+
   backend "azurerm" {
     tenant_id            = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
     subscription_id      = "ded7ca41-37c8-4085-862f-b11d21ab341a"
diff --git a/terraform/subscriptions/s940/c2/common/common.tf b/terraform/subscriptions/s940/c2/common/common.tf
index 11d6d1791..3299570e0 100644
--- a/terraform/subscriptions/s940/c2/common/common.tf
+++ b/terraform/subscriptions/s940/c2/common/common.tf
@@ -1,6 +1,6 @@
 locals {
   outputs = {
-    location                  = "westeurope"
-    resource_group            = "common-westeurope"
+    location       = "westeurope"
+    resource_group = "common-westeurope"
   }
 }
diff --git a/terraform/subscriptions/s940/c2/virtualnetwork/input.tf b/terraform/subscriptions/s940/c2/virtualnetwork/input.tf
index 8ddbdc9ad..f400c60d1 100644
--- a/terraform/subscriptions/s940/c2/virtualnetwork/input.tf
+++ b/terraform/subscriptions/s940/c2/virtualnetwork/input.tf
@@ -1,7 +1,7 @@
 locals {
   external_outputs = {
     global   = data.terraform_remote_state.global.outputs
-    common = data.terraform_remote_state.common.outputs
+    common   = data.terraform_remote_state.common.outputs
     clusters = data.terraform_remote_state.clusters.outputs
   }
 
@@ -33,4 +33,4 @@ data "terraform_remote_state" "global" {
   config = merge(
     local.backend,
   { key = "prod/globals/terraform.tfstate" })
-}
\ No newline at end of file
+}
diff --git a/terraform/subscriptions/s940/globals/global.tf b/terraform/subscriptions/s940/globals/global.tf
index 2bfb0ad3f..012d14273 100644
--- a/terraform/subscriptions/s940/globals/global.tf
+++ b/terraform/subscriptions/s940/globals/global.tf
@@ -1,8 +1,8 @@
 locals {
   outputs = {
-    tenant_id            = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
-    subscription_id      = "ded7ca41-37c8-4085-862f-b11d21ab341a"
-    client_id            = "043e5510-738f-4c30-8b9d-ee32578c7fe8"
+    tenant_id              = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
+    subscription_id        = "ded7ca41-37c8-4085-862f-b11d21ab341a"
+    client_id              = "043e5510-738f-4c30-8b9d-ee32578c7fe8"
     subscription_shortname = "s940"
     aad_radix_group        = "radix"
     github_repos = {
diff --git a/terraform/subscriptions/s940/prod/clusters/backend.tf b/terraform/subscriptions/s940/prod/clusters/backend.tf
index e73944330..8446c0410 100644
--- a/terraform/subscriptions/s940/prod/clusters/backend.tf
+++ b/terraform/subscriptions/s940/prod/clusters/backend.tf
@@ -5,7 +5,7 @@ terraform {
       version = "<=3.69.0"
     }
   }
-  
+
   backend "azurerm" {
     tenant_id            = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
     subscription_id      = "ded7ca41-37c8-4085-862f-b11d21ab341a"
diff --git a/terraform/subscriptions/s940/prod/common/common.tf b/terraform/subscriptions/s940/prod/common/common.tf
index 0906455ab..3a9f059f0 100644
--- a/terraform/subscriptions/s940/prod/common/common.tf
+++ b/terraform/subscriptions/s940/prod/common/common.tf
@@ -1,6 +1,6 @@
 locals {
   outputs = {
-    location                  = "northeurope"
-    resource_group            = "common"
+    location       = "northeurope"
+    resource_group = "common"
   }
 }
diff --git a/terraform/subscriptions/s940/prod/networkmanager/inputs.tf b/terraform/subscriptions/s940/prod/networkmanager/inputs.tf
index 10bcff570..a822e1631 100644
--- a/terraform/subscriptions/s940/prod/networkmanager/inputs.tf
+++ b/terraform/subscriptions/s940/prod/networkmanager/inputs.tf
@@ -2,8 +2,8 @@ locals {
   policy_notcontains_name = "c2"
 
   external_outputs = {
-    global   = data.terraform_remote_state.global.outputs
-    common = data.terraform_remote_state.common.outputs
+    global         = data.terraform_remote_state.global.outputs
+    common         = data.terraform_remote_state.common.outputs
     networkmanager = data.terraform_remote_state.networkmanager.outputs
     virtualnetwork = data.terraform_remote_state.virtualnetwork.outputs
     clusters       = data.terraform_remote_state.clusters.outputs
@@ -53,4 +53,4 @@ data "terraform_remote_state" "global" {
   config = merge(
     local.backend,
   { key = "prod/globals/terraform.tfstate" })
-}
\ No newline at end of file
+}
diff --git a/terraform/subscriptions/s940/prod/virtualnetwork/backend.tf b/terraform/subscriptions/s940/prod/virtualnetwork/backend.tf
index 36429aefc..4698cbba3 100644
--- a/terraform/subscriptions/s940/prod/virtualnetwork/backend.tf
+++ b/terraform/subscriptions/s940/prod/virtualnetwork/backend.tf
@@ -5,7 +5,7 @@ terraform {
       version = "<=3.69.0"
     }
   }
-  
+
   backend "azurerm" {
     tenant_id            = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
     subscription_id      = "ded7ca41-37c8-4085-862f-b11d21ab341a"
diff --git a/terraform/subscriptions/s940/prod/virtualnetwork/input.tf b/terraform/subscriptions/s940/prod/virtualnetwork/input.tf
index d191116e1..bd6c3d151 100644
--- a/terraform/subscriptions/s940/prod/virtualnetwork/input.tf
+++ b/terraform/subscriptions/s940/prod/virtualnetwork/input.tf
@@ -1,7 +1,7 @@
 locals {
   external_outputs = {
     global   = data.terraform_remote_state.global.outputs
-    common = data.terraform_remote_state.common.outputs
+    common   = data.terraform_remote_state.common.outputs
     clusters = data.terraform_remote_state.clusters.outputs
   }
 
@@ -33,4 +33,4 @@ data "terraform_remote_state" "global" {
   config = merge(
     local.backend,
   { key = "prod/globals/terraform.tfstate" })
-}
\ No newline at end of file
+}
diff --git a/terraform/subscriptions/s941/dev/clusters/backend.tf b/terraform/subscriptions/s941/dev/clusters/backend.tf
index 8bee43335..2487f6b23 100644
--- a/terraform/subscriptions/s941/dev/clusters/backend.tf
+++ b/terraform/subscriptions/s941/dev/clusters/backend.tf
@@ -5,7 +5,7 @@ terraform {
       version = "<=3.69.0"
     }
   }
-  
+
   backend "azurerm" {
     tenant_id            = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
     subscription_id      = "16ede44b-1f74-40a5-b428-46cca9a5741b"
diff --git a/terraform/subscriptions/s941/dev/common/backend.tf b/terraform/subscriptions/s941/dev/common/backend.tf
index ce52cf9c7..a392ba492 100644
--- a/terraform/subscriptions/s941/dev/common/backend.tf
+++ b/terraform/subscriptions/s941/dev/common/backend.tf
@@ -5,7 +5,7 @@ terraform {
       version = "<=3.69.0"
     }
   }
-  
+
   backend "azurerm" {
     tenant_id            = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
     subscription_id      = "16ede44b-1f74-40a5-b428-46cca9a5741b"
diff --git a/terraform/subscriptions/s941/dev/federatedcredential/backend.tf b/terraform/subscriptions/s941/dev/federatedcredential/backend.tf
index 50876cc7e..e1fc14d28 100644
--- a/terraform/subscriptions/s941/dev/federatedcredential/backend.tf
+++ b/terraform/subscriptions/s941/dev/federatedcredential/backend.tf
@@ -5,7 +5,7 @@ terraform {
       version = "<=3.69.0"
     }
   }
-  
+
   backend "azurerm" {
     tenant_id            = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
     subscription_id      = "16ede44b-1f74-40a5-b428-46cca9a5741b"
diff --git a/terraform/subscriptions/s941/dev/userassignedidentity/backend.tf b/terraform/subscriptions/s941/dev/userassignedidentity/backend.tf
index 5618f5992..0dd796c82 100644
--- a/terraform/subscriptions/s941/dev/userassignedidentity/backend.tf
+++ b/terraform/subscriptions/s941/dev/userassignedidentity/backend.tf
@@ -5,7 +5,7 @@ terraform {
       version = "<=3.69.0"
     }
   }
-  
+
   backend "azurerm" {
     tenant_id            = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
     subscription_id      = "16ede44b-1f74-40a5-b428-46cca9a5741b"
diff --git a/terraform/subscriptions/s941/dev/virtualnetwork/backend.tf b/terraform/subscriptions/s941/dev/virtualnetwork/backend.tf
index 1629f5a23..2d941deeb 100644
--- a/terraform/subscriptions/s941/dev/virtualnetwork/backend.tf
+++ b/terraform/subscriptions/s941/dev/virtualnetwork/backend.tf
@@ -5,7 +5,7 @@ terraform {
       version = "<=3.69.0"
     }
   }
-  
+
   backend "azurerm" {
     tenant_id            = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
     subscription_id      = "16ede44b-1f74-40a5-b428-46cca9a5741b"
diff --git a/terraform/subscriptions/s941/playground/clusters/backend.tf b/terraform/subscriptions/s941/playground/clusters/backend.tf
index fd7f25238..ab92e14a2 100644
--- a/terraform/subscriptions/s941/playground/clusters/backend.tf
+++ b/terraform/subscriptions/s941/playground/clusters/backend.tf
@@ -5,7 +5,7 @@ terraform {
       version = "<=3.69.0"
     }
   }
-  
+
   backend "azurerm" {
     tenant_id            = "3aa4a235-b6e2-48d5-9195-7fcf05b459b0"
     subscription_id      = "16ede44b-1f74-40a5-b428-46cca9a5741b"
diff --git a/terraform/subscriptions/s941/playground/virtualnetwork/input.tf b/terraform/subscriptions/s941/playground/virtualnetwork/input.tf
index a71b276b4..53c683764 100644
--- a/terraform/subscriptions/s941/playground/virtualnetwork/input.tf
+++ b/terraform/subscriptions/s941/playground/virtualnetwork/input.tf
@@ -1,7 +1,7 @@
 locals {
   external_outputs = {
     global   = data.terraform_remote_state.global.outputs
-    common = data.terraform_remote_state.common.outputs
+    common   = data.terraform_remote_state.common.outputs
     clusters = data.terraform_remote_state.clusters.outputs
   }
 
@@ -33,4 +33,4 @@ data "terraform_remote_state" "global" {
   config = merge(
     local.backend,
   { key = "dev/globals/terraform.tfstate" })
-}
\ No newline at end of file
+}