Azure · segraef · Sep 11, 2024
@@ -17,13 +17,6 @@ configuration:
         then:
           - addLabel:
               label: "Needs: Triage :mag:"
-          - addReply:
-              reply: |
-                > [!IMPORTANT]
-                > **The "Needs: Triage :mag:" label must be removed once the triage process is complete!**
-
-                > [!TIP]
-                > For additional guidance on how to triage this issue/PR, see the [TF Issue Triage](https://azure.github.io/Azure-Verified-Modules/help-support/issue-triage/tf-issue-triage/) documentation.
 
       - description: 'ITA09 - When #RR is used in an issue, add the "Needs: Author Feedback :ear:" label'
         if:
@@ -96,8 +89,6 @@ configuration:
                   label: "Type: New Module Proposal :bulb:"
               - hasLabel:
                   label: "Type: Question/Feedback :raising_hand:"
-              - hasLabel:
-                  label: "Type: Security Bug :lock:"
           - isAssignedToSomeone
         then:
           - removeLabel:
@@ -137,23 +128,6 @@ configuration:
           - addLabel:
               label: "Type: Bug :bug:"
 
-      - description: 'ITA22 - If the type is security bug, add the "Type: Security Bug :lock:" label on the issue'
-        if:
-          - payloadType: Issues
-          - isAction:
-              action: Opened
-          - bodyContains:
-              pattern: |
-                ### Issue Type?
-
-                Security Bug
-          - not:
-              hasLabel:
-                label: "Type: Security Bug :lock:"
-        then:
-          - addLabel:
-              label: "Type: Security Bug :lock:"
-
       - description: 'ITA23 - Remove the "Status: In PR" label from an issue when it''s closed.'
         if:
           - payloadType: Issues

@@ -198,12 +198,6 @@ configuration:
                 > [!IMPORTANT]
                 > @${issueAuthor}, this issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for **4 days**. It will be closed if no further activity occurs **within 3 days of this comment**.
 
-                > [!TIP]
-                > To prevent further actions to take effect, one of the following conditions must be met:
-                >   - The author must respond in a comment within 3 days of this comment.
-                >   - The "Status: No Recent Activity :zzz:" label must be removed.
-                >   - If applicable, the "Status: Long Term :hourglass_flowing_sand:" or the "Needs: Module Owner :mega:" label must be added.
-
       - description: 'ITA05A - Close issues that have been marked as requiring author feedback but have not had any activity for 3 days, unless it''s been marked with the "Status long term" label.'
         frequencies:
           - hourly:
@@ -224,9 +218,6 @@ configuration:
               reply: |
                 > [!WARNING]
                 > @${issueAuthor}, this issue will now be closed, as it has been marked as requiring author feedback but has not had any activity for **7 days**.
-
-                > [!TIP]
-                > In case this issue needs to be reopened (e.g., the author responds after the issue was closed), the "Status: No Recent Activity :zzz:" label must be removed.
           - closeIssue
 
       - description: 'ITA05B - Close issues that have been marked as requiring author feedback but have not had any activity for 3 days, unless it''s been marked with the "Status long term" label.'
@@ -249,7 +240,4 @@ configuration:
               reply: |
                 > [!WARNING]
                 > @${issueAuthor}, this issue will now be closed, as it has been marked as requiring author feedback but has not had any activity for **7 days**.
-
-                > [!TIP]
-                > In case this issue needs to be reopened (e.g., the author responds after the issue was closed), the "Status: No Recent Activity :zzz:" label must be removed.
           - closeIssue
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
@@ -42,6 +42,9 @@ jobs:
 
       - name: Test example
         shell: bash
+        env:
+          SECRETS_CONTEXT: ${{ toJson(secrets) }}
+          VARS_CONTEXT: ${{ toJson(vars) }}
         run: |
           set -e
            MAX_RETRIES=10
@@ -56,10 +59,35 @@ jobs:
             echo "Failed to login after $MAX_RETRIES attempts."
             exit 1
           fi
+
+          declare -A secrets
+          eval "$(echo $SECRETS_CONTEXT | jq -r 'to_entries[] | @sh "secrets[\(.key|tostring)]=\(.value|tostring)"')"
+
+          declare -A variables
+          eval "$(echo $VARS_CONTEXT | jq -r 'to_entries[] | @sh "variables[\(.key|tostring)]=\(.value|tostring)"')"
+
+          for key in "${!secrets[@]}"; do
+            if [[ $key = \TF_VAR_* ]]; then
+              lowerKey=$(echo "$key" | tr '[:upper:]' '[:lower:]')
+              finalKey=${lowerKey/tf_var_/TF_VAR_}
+              export "$finalKey"="${secrets[$key]}"
+            fi
+          done
+
+          for key in "${!variables[@]}"; do
+            if [[ $key = \TF_VAR_* ]]; then
+              lowerKey=$(echo "$key" | tr '[:upper:]' '[:lower:]')
+              finalKey=${lowerKey/tf_var_/TF_VAR_}
+              export "$finalKey"="${variables[$key]}"
+            fi
+          done
+
+          echo -e "Custom environment variables:\n$(env | grep TF_VAR_ | grep -v ' "TF_VAR_')"
+
           export ARM_SUBSCRIPTION_ID=$(az login --identity --username $MSI_ID | jq -r '.[0] | .id')
           export ARM_TENANT_ID=$(az login --identity --username $MSI_ID | jq -r '.[0] | .tenantId')
           export ARM_CLIENT_ID=$(az identity list | jq -r --arg MSI_ID "$MSI_ID" '.[] | select(.principalId == $MSI_ID) | .clientId')
-          docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src -w /src --network=host -e TF_IN_AUTOMATION -e TF_VAR_enable_telemetry -e AVM_MOD_PATH=/src -e AVM_EXAMPLE=${{ matrix.example }} -e MSI_ID -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_USE_MSI=true mcr.microsoft.com/azterraform:latest make test-example
+          docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src -w /src --network=host -e TF_IN_AUTOMATION -e TF_VAR_enable_telemetry -e AVM_MOD_PATH=/src -e AVM_EXAMPLE=${{ matrix.example }} -e MSI_ID -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_USE_MSI=true --env-file <(env | grep TF_VAR_ | grep -v ' "TF_VAR_') mcr.microsoft.com/azterraform:latest make test-example
 
   # This job is only run when all the previous jobs are successful.
   # We can use it for PR validation to ensure all examples have completed.

diff --git a/.terraform-docs.yml b/.terraform-docs.yml
@@ -4,7 +4,7 @@
 
 formatter: "markdown document" # this is required
 
-version: "~> 0.17.0"
+version: "~> 0.18"
 
 header-from: "_header.md"
 footer-from: "_footer.md"
@@ -23,8 +23,6 @@ content: |-
   <!-- markdownlint-disable MD033 -->
   {{ .Requirements }}
 
-  {{ .Providers }}
-
   {{ .Resources }}
 
   <!-- markdownlint-disable MD013 -->

diff --git a/README.md b/README.md
@@ -18,16 +18,6 @@ The following requirements are needed by this module:
 
 - <a name="requirement_random"></a> [random](#requirement\_random) (~> 3.5)
 
-## Providers
-
-The following providers are used by this module:
-
-- <a name="provider_azapi"></a> [azapi](#provider\_azapi) (~> 1.13)
-
-- <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) (~> 3.71)
-
-- <a name="provider_random"></a> [random](#provider\_random) (~> 3.5)
-
 ## Resources
 
 The following resources are used by this module:
@@ -37,10 +27,12 @@ The following resources are used by this module:
 - [azapi_resource.this_environment](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/resource) (resource)
 - [azurerm_management_lock.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_lock) (resource)
 - [azurerm_monitor_diagnostic_setting.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting) (resource)
-- [azurerm_resource_group_template_deployment.telemetry](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group_template_deployment) (resource)
 - [azurerm_role_assignment.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
-- [random_id.telem](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) (resource)
+- [modtm_telemetry.telemetry](https://registry.terraform.io/providers/hashicorp/modtm/latest/docs/resources/telemetry) (resource)
+- [random_uuid.telemetry](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) (resource)
+- [azurerm_client_config.telemetry](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) (data source)
 - [azurerm_resource_group.parent](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) (data source)
+- [modtm_module_source.telemetry](https://registry.terraform.io/providers/hashicorp/modtm/latest/docs/data-sources/module_source) (data source)
 
 <!-- markdownlint-disable MD013 -->
 ## Required Inputs

diff --git a/avm b/avm
@@ -18,10 +18,16 @@ if [ -z "$1" ]; then
     exit 1
 fi
 
+# Mount .azure directory if it exists
+AZURE_VOLUME=""
+if [ -d "$HOME/.azure" ]; then
+  AZURE_VOLUME="-v $HOME/.azure:/home/runtimeuser/.azure"
+fi
+
 # Check if we are running in a container
 # If we are then just run make directly
 if [ -z "$AVM_IN_CONTAINER" ]; then
-  $CONTAINER_RUNTIME run --pull always --user "$(id -u):$(id -g)" --rm -v /etc/passwd:/etc/passwd -v /etc/group:/etc/group -v "$(pwd)":/src -w /src -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER mcr.microsoft.com/azterraform make "$1"
+  $CONTAINER_RUNTIME run --pull always --user "$(id -u):$(id -g)" --rm $AZURE_VOLUME -v /etc/passwd:/etc/passwd -v /etc/group:/etc/group -v "$(pwd)":/src -w /src -e GITHUB_REPOSITORY -e ARM_SUBSCRIPTION_ID -e GITHUB_REPOSITORY_OWNER mcr.microsoft.com/azterraform make "$1"
 else
   make "$1"
 fi
diff --git a/avm.bat b/avm.bat
@@ -18,6 +18,6 @@ IF "%~1"=="" (
 )
 
 REM Run the make target with CONTAINER_RUNTIME
-%CONTAINER_RUNTIME% run --pull always --rm -v "%cd%":/src -w /src -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER mcr.microsoft.com/azterraform make %1
+%CONTAINER_RUNTIME% run --pull always --rm -v "%cd%":/src -w /src --user "1000:1000" -e ARM_SUBSCRIPTION_ID -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER mcr.microsoft.com/azterraform make %1
 
 ENDLOCAL
diff --git a/examples/.terraform-docs.yml b/examples/.terraform-docs.yml
@@ -4,7 +4,7 @@
 
 formatter: "markdown document" # this is required
 
-version: "~> 0.17.0"
+version: "~> 0.18"
 
 header-from: "_header.md"
 footer-from: "_footer.md"
@@ -27,8 +27,6 @@ content: |-
   <!-- markdownlint-disable MD033 -->
   {{ .Requirements }}
 
-  {{ .Providers }}
-
   {{ .Resources }}
 
   <!-- markdownlint-disable MD013 -->

diff --git a/examples/dapr_component/README.md b/examples/dapr_component/README.md
@@ -73,12 +73,6 @@ The following requirements are needed by this module:
 
 - <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 3.7.0, < 4.0.0)
 
-## Providers
-
-The following providers are used by this module:
-
-- <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) (>= 3.7.0, < 4.0.0)
-
 ## Resources
 
 The following resources are used by this module:

diff --git a/examples/default/README.md b/examples/default/README.md
@@ -66,12 +66,6 @@ The following requirements are needed by this module:
 
 - <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 3.7.0, < 4.0.0)
 
-## Providers
-
-The following providers are used by this module:
-
-- <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) (>= 3.7.0, < 4.0.0)
-
 ## Resources
 
 The following resources are used by this module:

diff --git a/examples/storage_share/README.md b/examples/storage_share/README.md
@@ -89,12 +89,6 @@ The following requirements are needed by this module:
 
 - <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 3.7.0, < 4.0.0)
 
-## Providers
-
-The following providers are used by this module:
-
-- <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) (>= 3.7.0, < 4.0.0)
-
 ## Resources
 
 The following resources are used by this module:

diff --git a/examples/workload_profile/README.md b/examples/workload_profile/README.md
@@ -89,12 +89,6 @@ The following requirements are needed by this module:
 
 - <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 3.7.0, < 4.0.0)
 
-## Providers
-
-The following providers are used by this module:
-
-- <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) (>= 3.7.0, < 4.0.0)
-
 ## Resources
 
 The following resources are used by this module:

diff --git a/examples/workload_profile_internal/README.md b/examples/workload_profile_internal/README.md
@@ -87,12 +87,6 @@ The following requirements are needed by this module:
 
 - <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 3.7.0, < 4.0.0)
 
-## Providers
-
-The following providers are used by this module:
-
-- <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) (>= 3.7.0, < 4.0.0)
-
 ## Resources
 
 The following resources are used by this module:

diff --git a/main.dapr_component.tf b/main.dapr_component.tf
@@ -35,6 +35,7 @@ resource "azapi_resource" "dapr_components" {
 
   dynamic "timeouts" {
     for_each = each.value.timeouts == null ? [] : [each.value.timeouts]
+
     content {
       create = timeouts.value.create
       delete = timeouts.value.delete

diff --git a/main.storage.tf b/main.storage.tf
@@ -18,6 +18,7 @@ resource "azapi_resource" "storages" {
 
   dynamic "timeouts" {
     for_each = each.value.timeouts == null ? [] : [each.value.timeouts]
+
     content {
       create = timeouts.value.create
       delete = timeouts.value.delete

diff --git a/main.telemetry.tf b/main.telemetry.tf
@@ -3,7 +3,8 @@ data "azurerm_client_config" "telemetry" {
 }
 
 data "modtm_module_source" "telemetry" {
-  count       = var.enable_telemetry ? 1 : 0
+  count = var.enable_telemetry ? 1 : 0
+
   module_path = path.module
 }
 

diff --git a/main.tf b/main.tf
@@ -56,6 +56,7 @@ resource "azapi_resource" "this_environment" {
 
   dynamic "timeouts" {
     for_each = var.timeouts == null ? [] : [var.timeouts]
+
     content {
       create = timeouts.value.create
       delete = timeouts.value.delete
@@ -100,18 +101,21 @@ resource "azurerm_monitor_diagnostic_setting" "this" {
 
   dynamic "enabled_log" {
     for_each = each.value.log_categories
+
     content {
       category = enabled_log.value
     }
   }
   dynamic "enabled_log" {
     for_each = each.value.log_groups
+
     content {
       category_group = enabled_log.value
     }
   }
   dynamic "metric" {
     for_each = each.value.metric_categories
+
     content {
       category = metric.value
     }