arnaudlh · arnaudlh · Jun 11, 2024 · Jun 11, 2024 · Jun 11, 2024 · Jun 11, 2024
diff --git a/.github/workflows/pr_fmt.yaml b/.github/workflows/pr_fmt.yaml
@@ -0,0 +1,54 @@
+#
+# Copyright (c) Microsoft Corporation
+# Licensed under the MIT License.
+#
+
+name: PR Fmt
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+env:
+  TF_VERSION: "1.8.4"
+
+jobs:
+  fmt_check:
+    name: Terraform formatting Checks
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: latest
+
+      - name: Check Terraform formatting
+        id: fmt
+        run: |
+          FMT_OUTPUT=$(terraform fmt -check -recursive)
+          echo "fmt_output=${FMT_OUTPUT}" >> $GITHUB_OUTPUT
+          if [ -n "$FMT_OUTPUT" ]; then
+            echo "Formatting issues found in the following files:"
+            echo "$FMT_OUTPUT"
+            exit 1
+          else
+            echo "No formatting issues found."
+          fi
+
+      - name: Post PR comment on FMT failure
+        if: failure() && steps.fmt.outcome == 'failure'
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          script: |
+            const fmtOutput = "${{ steps.fmt.outputs.fmt_output }}";
+            const body = `Please run \`terraform fmt\` to format your Terraform files.`;
+            github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              body: body,
+            });
diff --git a/.github/workflows/pr_lint.yaml b/.github/workflows/pr_lint.yaml
@@ -16,7 +16,7 @@ env:
 
 jobs:
   linting:
-    name: Format and Lint Checks
+    name: Terraform Lint Checks
     runs-on: ubuntu-latest
     steps:
       - name: Checkout

diff --git a/compute_virtual_machines.tf b/compute_virtual_machines.tf
@@ -14,7 +14,7 @@ module "virtual_machines" {
     module.storage_account_blobs,
     time_sleep.azurerm_role_assignment_for[0]
   ]
-  
+
   for_each = local.compute.virtual_machines
 
   application_security_groups = local.combined_objects_application_security_groups

diff --git a/compute_virtual_machines_scale_sets.tf b/compute_virtual_machines_scale_sets.tf
@@ -15,7 +15,7 @@ module "virtual_machine_scale_sets" {
     module.proximity_placement_groups,
     time_sleep.azurerm_role_assignment_for[0]
   ]
-  
+
   for_each = local.compute.virtual_machine_scale_sets
 
   availability_sets           = local.combined_objects_availability_sets

diff --git a/databricks_access_connectors.tf b/databricks_access_connectors.tf
@@ -2,12 +2,12 @@ module "databricks_access_connectors" {
   source   = "./modules/analytics/databricks_access_connector"
   for_each = local.database.databricks_access_connectors
 
-  client_config     = local.client_config
-  global_settings   = local.global_settings
-  name              = each.value.name
-  settings          = each.value
-  resource_groups   = local.combined_objects_resource_groups
-  base_tags         = local.global_settings.inherit_tags
+  client_config   = local.client_config
+  global_settings = local.global_settings
+  name            = each.value.name
+  settings        = each.value
+  resource_groups = local.combined_objects_resource_groups
+  base_tags       = local.global_settings.inherit_tags
   remote_objects = {
     managed_identities = local.combined_objects_managed_identities
   }

diff --git a/modules/analytics/databricks_access_connector/main.tf b/modules/analytics/databricks_access_connector/main.tf
@@ -5,8 +5,8 @@ locals {
     try(var.settings.tags, null)
   ) : try(var.settings.tags, null)
 
-  
-  resource_group  = var.resource_groups[try(var.settings.lz_key, var.settings.resource_group.lz_key, var.client_config.landingzone_key)][try(var.settings.resource_group.key, var.settings.resource_group_key)]
+
+  resource_group = var.resource_groups[try(var.settings.lz_key, var.settings.resource_group.lz_key, var.client_config.landingzone_key)][try(var.settings.resource_group.key, var.settings.resource_group_key)]
 }
 
 terraform {

diff --git a/modules/analytics/databricks_access_connector/module.tf b/modules/analytics/databricks_access_connector/module.tf
@@ -11,5 +11,5 @@ resource "azurerm_databricks_access_connector" "databricks_access_connector" {
       identity_ids = concat(local.managed_identities, try(identity.value.identity_ids, []))
     }
   }
-  
+
 }
diff --git a/modules/apim/api_management/module.tf b/modules/apim/api_management/module.tf
@@ -17,7 +17,7 @@ resource "azurerm_api_management" "apim" {
   publisher_email     = var.settings.publisher_email
   sku_name            = var.settings.sku_name
 
-  public_ip_address_id  = can(var.settings.public_ip_address_id) ? var.settings.public_ip_address_id : can(var.settings.public_ip_address.key) ? var.public_ip_addresses[try(var.settings.public_ip_address.lz_key, var.client_config.landingzone_key)][var.settings.public_ip_address.key].id : null
+  public_ip_address_id = can(var.settings.public_ip_address_id) ? var.settings.public_ip_address_id : can(var.settings.public_ip_address.key) ? var.public_ip_addresses[try(var.settings.public_ip_address.lz_key, var.client_config.landingzone_key)][var.settings.public_ip_address.key].id : null
 
   dynamic "additional_location" {
     for_each = try(var.settings.additional_location, null) != null ? [var.settings.additional_location] : []

diff --git a/modules/compute/container_app_dapr_component/container_app_dapr_component.tf b/modules/compute/container_app_dapr_component/container_app_dapr_component.tf
@@ -9,20 +9,20 @@ resource "azurerm_container_app_environment_dapr_component" "cadc" {
 
   dynamic "metadata" {
     for_each = try(var.settings.metadata, {})
-    
+
     content {
-      name                     = metadata.value.name
-      secret_name              = try(metadata.value.secret_name, null)
-      value                    = try(metadata.value.value, null)
+      name        = metadata.value.name
+      secret_name = try(metadata.value.secret_name, null)
+      value       = try(metadata.value.value, null)
     }
   }
 
   dynamic "secret" {
     for_each = try(var.settings.secret, {})
 
     content {
-      name                     = secret.value.name
-      value                    = secret.value.value
+      name  = secret.value.name
+      value = secret.value.value
     }
   }
 }
diff --git a/modules/compute/virtual_machine/dynamic_custom_data.tf b/modules/compute/virtual_machine/dynamic_custom_data.tf
@@ -1,14 +1,14 @@
 
 data "azurerm_key_vault_secret" "custom_data" {
-  for_each = local.os_type == "linux" ? try({for k,v in local.dynamic_custom_data_to_process["keyvaults"]: k => v }, {}) : {}
+  for_each = local.os_type == "linux" ? try({ for k, v in local.dynamic_custom_data_to_process["keyvaults"] : k => v }, {}) : {}
 
   key_vault_id = var.keyvaults[try(each.value.lz_key, var.client_config.landingzone_key)][each.value.keyvault_key].id
   name         = each.value.name
   version      = try(each.value.version, null)
 }
 
 data "azurerm_key_vault_key" "custom_data" {
-  for_each = local.os_type == "linux" ? try({for k,v in local.dynamic_custom_data_to_process["keyvault_keys"]: k =>v }, {}) : {}
+  for_each = local.os_type == "linux" ? try({ for k, v in local.dynamic_custom_data_to_process["keyvault_keys"] : k => v }, {}) : {}
 
   key_vault_id = var.keyvaults[try(each.value.lz_key, var.client_config.landingzone_key)][each.value.keyvault_key].id
   name         = each.value.name
@@ -17,30 +17,30 @@ data "azurerm_key_vault_key" "custom_data" {
 }
 
 data "azurerm_key_vault_certificate" "custom_data" {
-  for_each = local.os_type == "linux" ? try({for k,v in local.dynamic_custom_data_to_process["keyvault_certificates"]: k => v }, {}) : {}
+  for_each = local.os_type == "linux" ? try({ for k, v in local.dynamic_custom_data_to_process["keyvault_certificates"] : k => v }, {}) : {}
 
   key_vault_id = var.keyvaults[try(each.value.lz_key, var.client_config.landingzone_key)][each.value.keyvault_key].id
   name         = each.value.name
   version      = try(each.value.version, null)
 }
 
 locals {
-  
+
   palo_alto_connection_string = {
     for item in var.settings.virtual_machine_settings :
     item.name => base64encode("storage-account=${var.storage_accounts[var.client_config.landingzone_key][item.palo_alto_connection_string.storage_account].name}, access-key=${var.storage_accounts[var.client_config.landingzone_key][item.palo_alto_connection_string.storage_account].primary_access_key}, file-share=${var.storage_accounts[var.client_config.landingzone_key][item.palo_alto_connection_string.storage_account].file_share[item.palo_alto_connection_string.file_share].name}, share-directory=${var.storage_accounts[var.client_config.landingzone_key][item.palo_alto_connection_string.storage_account].file_share[item.palo_alto_connection_string.file_share].file_share_directories[item.palo_alto_connection_string.file_share_directory].name}")
     if try(item.palo_alto_connection_string, null) != null
   }
 
   combined_objects = {
-    storage_accounts           = var.storage_accounts
-    keyvaults                  = var.keyvaults
-    keyvault_keys              = try(data.azurerm_key_vault_key.custom_data,{})
-    keyvault_secrets           = try(data.azurerm_key_vault_secret.custom_data,{})
-    keyvault_certificates      = try(data.azurerm_key_vault_certificate.custom_data,{})
-    vnets                      = var.vnets 
+    storage_accounts      = var.storage_accounts
+    keyvaults             = var.keyvaults
+    keyvault_keys         = try(data.azurerm_key_vault_key.custom_data, {})
+    keyvault_secrets      = try(data.azurerm_key_vault_secret.custom_data, {})
+    keyvault_certificates = try(data.azurerm_key_vault_certificate.custom_data, {})
+    vnets                 = var.vnets
   }
-  
+
   dynamic_custom_data_to_process = {
     for setting in
     flatten([
@@ -55,10 +55,10 @@ locals {
     ]) : setting.key => setting.value
   }
 
-  dynamic_custom_data_combined_objects ={
-    for key, value in local.dynamic_custom_data_to_process: key =>
+  dynamic_custom_data_combined_objects = {
+    for key, value in local.dynamic_custom_data_to_process : key =>
     {
-      for k,v in value: k => try(local.combined_objects[key][try(v.lz_key, var.client_config.landingzone_key)][k], local.combined_objects[key][k])
+      for k, v in value : k => try(local.combined_objects[key][try(v.lz_key, var.client_config.landingzone_key)][k], local.combined_objects[key][k])
     }
   }
 

diff --git a/modules/compute/virtual_machine/vm_disk.tf b/modules/compute/virtual_machine/vm_disk.tf
@@ -10,7 +10,7 @@ data "azurecaf_name" "disk" {
   use_slug      = var.global_settings.use_slug
 }
 
-resource "azurerm_managed_disk" "disk" { 
+resource "azurerm_managed_disk" "disk" {
   for_each = lookup(var.settings, "data_disks", {})
 
   name                   = data.azurecaf_name.disk[each.key].result

diff --git a/modules/compute/virtual_machine/vm_linux.tf b/modules/compute/virtual_machine/vm_linux.tf
@@ -46,45 +46,45 @@ data "azurecaf_name" "os_disk_linux" {
   use_slug      = var.global_settings.use_slug
 }
 resource "local_sensitive_file" "custom_data" {
-  for_each = local.os_type == "linux" ? try({for k,v in var.settings.virtual_machine_settings : k => v if can(v.custom_data.templatefile)} , {}) : {}
+  for_each = local.os_type == "linux" ? try({ for k, v in var.settings.virtual_machine_settings : k => v if can(v.custom_data.templatefile) }, {}) : {}
   content  = templatefile(try(format("%s/%s", path.cwd, each.value.custom_data.templatefile), each.value.custom_data.templatefile), merge(each.value.custom_data, local.dynamic_custom_data))
   filename = try(format("%s/%s.out", path.cwd, each.value.custom_data.templatefile), each.value.custom_data.templatefile)
 }
 
 resource "azurerm_linux_virtual_machine" "vm" {
   for_each = local.os_type == "linux" ? var.settings.virtual_machine_settings : {}
 
-  admin_password                  = each.value.disable_password_authentication == false ? each.value.admin_password : null
-  admin_username                  = each.value.admin_username
-  allow_extension_operations      = try(each.value.allow_extension_operations, null)
-  availability_set_id             = can(each.value.availability_set_key) || can(each.value.availability_set.key) ? var.availability_sets[try(var.client_config.landingzone_key, each.value.availability_set.lz_key)][try(each.value.availability_set_key, each.value.availability_set.key)].id : try(each.value.availability_set.id, each.value.availability_set_id, null)
-  computer_name                   = data.azurecaf_name.linux_computer_name[each.key].result
-  disable_password_authentication = try(each.value.disable_password_authentication, true)
-  encryption_at_host_enabled      = try(each.value.encryption_at_host_enabled, null)
-  eviction_policy                 = try(each.value.eviction_policy, null)
-  license_type                    = try(each.value.license_type, null)
-  location                        = local.location
-  max_bid_price                   = try(each.value.max_bid_price, null)
-  name                            = data.azurecaf_name.linux[each.key].result
-  network_interface_ids           = local.nic_ids
+  admin_password                                         = each.value.disable_password_authentication == false ? each.value.admin_password : null
+  admin_username                                         = each.value.admin_username
+  allow_extension_operations                             = try(each.value.allow_extension_operations, null)
+  availability_set_id                                    = can(each.value.availability_set_key) || can(each.value.availability_set.key) ? var.availability_sets[try(var.client_config.landingzone_key, each.value.availability_set.lz_key)][try(each.value.availability_set_key, each.value.availability_set.key)].id : try(each.value.availability_set.id, each.value.availability_set_id, null)
+  computer_name                                          = data.azurecaf_name.linux_computer_name[each.key].result
+  disable_password_authentication                        = try(each.value.disable_password_authentication, true)
+  encryption_at_host_enabled                             = try(each.value.encryption_at_host_enabled, null)
+  eviction_policy                                        = try(each.value.eviction_policy, null)
+  license_type                                           = try(each.value.license_type, null)
+  location                                               = local.location
+  max_bid_price                                          = try(each.value.max_bid_price, null)
+  name                                                   = data.azurecaf_name.linux[each.key].result
+  network_interface_ids                                  = local.nic_ids
   bypass_platform_safety_checks_on_user_schedule_enabled = try(each.value.bypass_platform_safety_checks_on_user_schedule_enabled, null)
   # (Optional) Specifies the mode of in-guest patching to this Linux Virtual Machine. Possible values are AutomaticByPlatform and ImageDefault. Defaults to ImageDefault. For more information on patch modes please see the product documentation.
-  patch_mode                      = try(each.value.patch_mode, "ImageDefault")
-  priority                        = try(each.value.priority, null)
-  provision_vm_agent              = try(each.value.provision_vm_agent, true)
-  proximity_placement_group_id    = can(each.value.proximity_placement_group_key) || can(each.value.proximity_placement_group.key) ? var.proximity_placement_groups[try(var.client_config.landingzone_key, var.client_config.landingzone_key)][try(each.value.proximity_placement_group_key, each.value.proximity_placement_group.key)].id : try(each.value.proximity_placement_group_id, each.value.proximity_placement_group.id, null)
-  resource_group_name             = local.resource_group_name
-  size                            = each.value.size
-  tags                            = merge(local.tags, try(each.value.tags, null))
-  zone                            = try(each.value.zone, null)
-  secure_boot_enabled             = try(each.value.secure_boot_enabled, null)
-  vtpm_enabled                    = try(each.value.vtpm_enabled, null)
+  patch_mode                   = try(each.value.patch_mode, "ImageDefault")
+  priority                     = try(each.value.priority, null)
+  provision_vm_agent           = try(each.value.provision_vm_agent, true)
+  proximity_placement_group_id = can(each.value.proximity_placement_group_key) || can(each.value.proximity_placement_group.key) ? var.proximity_placement_groups[try(var.client_config.landingzone_key, var.client_config.landingzone_key)][try(each.value.proximity_placement_group_key, each.value.proximity_placement_group.key)].id : try(each.value.proximity_placement_group_id, each.value.proximity_placement_group.id, null)
+  resource_group_name          = local.resource_group_name
+  size                         = each.value.size
+  tags                         = merge(local.tags, try(each.value.tags, null))
+  zone                         = try(each.value.zone, null)
+  secure_boot_enabled          = try(each.value.secure_boot_enabled, null)
+  vtpm_enabled                 = try(each.value.vtpm_enabled, null)
 
 
   custom_data = try(
     try(
       try(local_sensitive_file.custom_data[each.key].content_base64, local.dynamic_custom_data[each.value.custom_data][each.value.name]),
-      try(filebase64(format("%s/%s", path.cwd, each.value.custom_data)), base64encode(each.value.custom_data))),
+    try(filebase64(format("%s/%s", path.cwd, each.value.custom_data)), base64encode(each.value.custom_data))),
   null)
 
 

diff --git a/modules/maintenance/assignment_virtual_machine/main.tf b/modules/maintenance/assignment_virtual_machine/main.tf
@@ -10,6 +10,6 @@ locals {
   module_tag = {
     "module" = basename(abspath(path.module))
   }
-  tags                = merge(var.base_tags, local.module_tag, try(var.tags, null))
-  location            = var.location
+  tags     = merge(var.base_tags, local.module_tag, try(var.tags, null))
+  location = var.location
 }
diff --git a/modules/maintenance/assignment_virtual_machine/module.tf b/modules/maintenance/assignment_virtual_machine/module.tf
@@ -1,4 +1,4 @@
-resource "azurerm_maintenance_assignment_virtual_machine" "maintenance_assignment_virtual_machine" {  
+resource "azurerm_maintenance_assignment_virtual_machine" "maintenance_assignment_virtual_machine" {
   location                     = var.location
   maintenance_configuration_id = var.maintenance_configuration_id
   virtual_machine_id           = var.virtual_machine_id

diff --git a/modules/maintenance/configuration/module.tf b/modules/maintenance/configuration/module.tf
@@ -14,10 +14,10 @@ resource "azurerm_maintenance_configuration" "maintenance_configuration" {
   location                 = var.location
   scope                    = var.scope
   visibility               = try(var.visibility, null)
-  properties               = try(var.properties, {})  
+  properties               = try(var.properties, {})
   in_guest_user_patch_mode = var.settings.scope == "InGuestPatch" ? var.in_guest_user_patch_mode : try(var.in_guest_user_patch_mode, null)
 
-  
+
   dynamic "window" {
     for_each = try(var.settings.window, null) != null ? [var.settings.window] : []
     content {
@@ -52,7 +52,7 @@ resource "azurerm_maintenance_configuration" "maintenance_configuration" {
         }
       }
 
-      reboot = try(var.settings.install_patches.reboot, "IfRequired" )
+      reboot = try(var.settings.install_patches.reboot, "IfRequired")
     }
   }
 

diff --git a/modules/maintenance/configuration/outputs.tf b/modules/maintenance/configuration/outputs.tf
@@ -5,10 +5,10 @@ output "id" {
 
 output "maintenance_configuration_name" {
   description = "The name of the maintenance configuration."
-  value = azurerm_maintenance_configuration.maintenance_configuration.name
+  value       = azurerm_maintenance_configuration.maintenance_configuration.name
 }
 
 output "maintenance_configuration_location" {
   description = "The location where the resource exists"
-  value = azurerm_maintenance_configuration.maintenance_configuration.location
+  value       = azurerm_maintenance_configuration.maintenance_configuration.location
 }
diff --git a/modules/messaging/servicebus/namespace/private_endpoints.tf b/modules/messaging/servicebus/namespace/private_endpoints.tf
@@ -1,5 +1,5 @@
 module "private_endpoint" {
-  source   = "../../../networking/private_endpoint"
+  source = "../../../networking/private_endpoint"
   #for_each = try(var.settings.private_endpoints, {})
   for_each = lookup(var.settings, "private_endpoints", {})
 

diff --git a/modules/networking/private_endpoint/private_endpoint.tf b/modules/networking/private_endpoint/private_endpoint.tf
@@ -56,10 +56,10 @@ resource "azurerm_private_endpoint" "pep" {
 }
 
 resource "time_sleep" "delay" {
-  count = can(lookup(var.settings,var.settings.delay_time_after_creation,false)) ? 1: 0
-  depends_on = [azurerm_private_endpoint.pep]
+  count           = can(lookup(var.settings, var.settings.delay_time_after_creation, false)) ? 1 : 0
+  depends_on      = [azurerm_private_endpoint.pep]
   create_duration = var.settings.delay_time_after_creation
   lifecycle {
-    replace_triggered_by = [ azurerm_private_endpoint.pep ]
+    replace_triggered_by = [azurerm_private_endpoint.pep]
   }
 }
diff --git a/modules/networking/virtual_wan/virtual_wan.tf b/modules/networking/virtual_wan/virtual_wan.tf
@@ -34,6 +34,6 @@ module "hubs" {
   tags                = merge(try(each.value.tags, null), local.tags)
   virtual_hub_config  = each.value
   virtual_networks    = var.virtual_networks
-  keyvaults = var.keyvaults
+  keyvaults           = var.keyvaults
   vwan_id             = azurerm_virtual_wan.vwan.id
 }