fix: remove decrypted argument

clouddrove · Jan 24, 2024 · f990ec5 · f990ec5
1 parent 91dfff6
commit f990ec5
Show file tree

Hide file tree

Showing 12 changed files with 46 additions and 81 deletions.
diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml
@@ -7,7 +7,7 @@ on:
   workflow_dispatch:
 jobs:
   assignee:
-    uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@1.0.10
+    uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@1.2.1
     secrets:
       GITHUB: ${{ secrets.GITHUB }}
     with:

diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
@@ -4,7 +4,7 @@ on:
   pull_request:
 jobs:
   auto-merge:
-    uses: clouddrove/github-shared-workflows/.github/workflows/auto_merge.yml@1.0.10
+    uses: clouddrove/github-shared-workflows/.github/workflows/auto_merge.yml@1.2.1
     secrets:
       GITHUB: ${{ secrets.GITHUB }}
     with:

diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml
@@ -7,7 +7,7 @@ on:
   workflow_dispatch:
 jobs:
   changelog:
-    uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@1.0.10
+    uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@1.2.1
     secrets: inherit
     with:
       branch: 'master'
diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml
@@ -6,16 +6,16 @@ on:
   workflow_dispatch:
 jobs:
   point-to-site-with-ad-example:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.10
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.2.1
     with:
       working_directory: './_example/point-to-site-with-ad/'
 
   point-to-site-with-certificate-example:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.10
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.2.1
     with:
       working_directory: './_example/point-to-site-with-certificate/'
 
   site-to-site-example:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.10
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.2.1
     with:
       working_directory: './_example/site-to-site/'
diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml
@@ -6,6 +6,6 @@ on:
   workflow_dispatch:
 jobs:
   tf-lint:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@1.0.10
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@1.2.1
     secrets:
       GITHUB: ${{ secrets.GITHUB }}
diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml
@@ -5,7 +5,7 @@ on:
   workflow_dispatch:
 jobs:
   tfsec:
-    uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@1.0.10
+    uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@1.2.1
     secrets: inherit
     with:
       working_directory: '.'
diff --git a/_example/point-to-site-with-ad/versions.tf b/_example/point-to-site-with-ad/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">=3.86.0"
+      version = ">=3.87.0"
     }
   }
 }
diff --git a/_example/point-to-site-with-certificate/versions.tf b/_example/point-to-site-with-certificate/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">=3.86.0"
+      version = ">=3.87.0"
     }
   }
 }
diff --git a/_example/site-to-site/versions.tf b/_example/site-to-site/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">=3.86.0"
+      version = ">=3.87.0"
     }
   }
 }
diff --git a/main.tf b/main.tf
@@ -229,33 +229,22 @@ resource "azurerm_monitor_diagnostic_setting" "main" {
   eventhub_authorization_rule_id = var.eventhub_authorization_rule_id
   log_analytics_workspace_id     = var.log_analytics_workspace_id
   log_analytics_destination_type = var.log_analytics_destination_type
-  metric {
-    category = "AllMetrics"
-    enabled  = var.Metric_enable
-    retention_policy {
-      enabled = var.retention_policy_enabled
-      days    = var.days
+
+  dynamic "enabled_log" {
+    for_each = var.pip_logs.enabled ? var.pip_logs.category != null ? var.pip_logs.category : var.pip_logs.category_group : []
+    content {
+      category       = var.pip_logs.category != null ? enabled_log.value : null
+      category_group = var.pip_logs.category == null ? enabled_log.value : null
     }
   }
-  log {
-    category       = var.category
-    category_group = "AllLogs"
-    retention_policy {
-      enabled = var.retention_policy_enabled
-      days    = var.days
+  dynamic "metric" {
+    for_each = var.Metric_enable ? ["AllMetrics"] : []
+    content {
+      category = metric.value
+      enabled  = true
     }
-    enabled = var.log_enabled
   }
 
-  log {
-    category       = var.category
-    category_group = "Audit"
-    retention_policy {
-      enabled = var.retention_policy_enabled
-      days    = var.days
-    }
-    enabled = var.log_enabled
-  }
   lifecycle {
     ignore_changes = [log_analytics_destination_type]
   }
@@ -273,34 +262,22 @@ resource "azurerm_monitor_diagnostic_setting" "pip_gw" {
   eventhub_authorization_rule_id = var.eventhub_authorization_rule_id
   log_analytics_workspace_id     = var.log_analytics_workspace_id
   log_analytics_destination_type = var.log_analytics_destination_type
-  metric {
-    category = "AllMetrics"
-    enabled  = var.Metric_enable
-    retention_policy {
-      enabled = var.retention_policy_enabled
-      days    = var.days
-    }
-  }
 
-  log {
-    category       = var.category
-    category_group = "AllLogs"
-    retention_policy {
-      enabled = var.retention_policy_enabled
-      days    = var.days
+  dynamic "enabled_log" {
+    for_each = var.pip_logs.enabled ? var.pip_logs.category != null ? var.pip_logs.category : var.pip_logs.category_group : []
+    content {
+      category       = var.pip_logs.category != null ? enabled_log.value : null
+      category_group = var.pip_logs.category == null ? enabled_log.value : null
     }
-    enabled = var.log_enabled
   }
-
-  log {
-    category       = var.category
-    category_group = "Audit"
-    retention_policy {
-      enabled = var.retention_policy_enabled
-      days    = var.days
+  dynamic "metric" {
+    for_each = var.Metric_enable ? ["AllMetrics"] : []
+    content {
+      category = metric.value
+      enabled  = true
     }
-    enabled = var.log_enabled
   }
+
   lifecycle {
     ignore_changes = [log_analytics_destination_type]
   }

diff --git a/variables.tf b/variables.tf
@@ -173,18 +173,6 @@ variable "log_analytics_destination_type" {
   description = "Possible values are AzureDiagnostics and Dedicated, default to AzureDiagnostics. When set to Dedicated, logs sent to a Log Analytics workspace will go into resource specific tables, instead of the legacy AzureDiagnostics table."
 }
 
-variable "retention_policy_enabled" {
-  type        = bool
-  default     = false
-  description = "Is this Retention Policy enabled?"
-}
-
-variable "days" {
-  type        = number
-  default     = "90"
-  description = " The number of days for which this Retention Policy should apply."
-}
-
 variable "Metric_enable" {
   type        = bool
   default     = true
@@ -202,18 +190,6 @@ variable "log_analytics_workspace_id" {
   default = null
 }
 
-variable "category" {
-  type        = string
-  default     = null
-  description = " The name of a Diagnostic Log Category Group for this Resource."
-}
-
-variable "log_enabled" {
-  type        = string
-  default     = true
-  description = " Is this Diagnostic Log enabled? Defaults to true."
-}
-
 variable "storage_account_id" {
   type        = string
   default     = null
@@ -321,3 +297,15 @@ variable "connection_mode" {
   default     = "Default"
   description = "Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created."
 }
+
+variable "pip_logs" {
+  type = object({
+    enabled        = bool
+    category       = optional(list(string))
+    category_group = optional(list(string))
+  })
+  default = {
+    enabled        = true
+    category_group = ["AllLogs"]
+  }
+}
diff --git a/versions.tf b/versions.tf
@@ -7,7 +7,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = ">=3.86.0"
+      version = ">=3.87.0"
     }
     random = {
       source  = "hashicorp/random"