chore: pre-commit

examples/alzreference/README.md

@@ -34,7 +34,7 @@ module "alz_archetype_root" {
   source                             = "../../"
   id                                 = "${random_pet.this.id}-alz-root"
   display_name                       = "${random_pet.this.id}-alz-root"
-  parent_id                          = data.azurerm_client_config.current.tenant_id
+  parent_resource_id                 = "/providers/Microsoft.Management/managementGroups/${data.azurerm_client_config.current.tenant_id}"
   base_archetype                     = "root"
   default_location                   = local.default_location
   default_log_analytics_workspace_id = module.alz_management_resources.log_analytics_workspace.id
@@ -43,25 +43,14 @@ module "alz_archetype_root" {
       create = "0s"
     }
   })
-  policy_assignments_to_modify = {
-    Deny-UnmanagedDisk = {
-      resource_selectors = [{
-        name = "only-uk"
-        selectors = [{
-          kind = "resourceLocation"
-          in   = ["uksouth", "ukwest"]
-        }]
-      }]
-    }
-  }
 }
 
 module "alz_archetype_landing_zones" {
   source                             = "../../"
   id                                 = "${random_pet.this.id}-landing-zones"
   display_name                       = "${random_pet.this.id}-landing-zones"
-  parent_id                          = module.alz_archetype_root.management_group_name
-  base_archetype                     = "landing_zones_override"
+  parent_resource_id                 = module.alz_archetype_root.management_group_resource_id
+  base_archetype                     = "landing_zones"
   default_location                   = local.default_location
   default_log_analytics_workspace_id = module.alz_management_resources.log_analytics_workspace.id
   delays                             = local.default_delays
@@ -71,8 +60,8 @@ module "alz_archetype_platform" {
   source                             = "../../"
   id                                 = "${random_pet.this.id}-platform"
   display_name                       = "${random_pet.this.id}-platform"
-  parent_id                          = module.alz_archetype_root.management_group_name
-  base_archetype                     = "platform_override"
+  parent_resource_id                 = module.alz_archetype_root.management_group_resource_id
+  base_archetype                     = "platform"
   default_location                   = local.default_location
   default_log_analytics_workspace_id = module.alz_management_resources.log_analytics_workspace.id
   delays                             = local.default_delays
@@ -82,7 +71,7 @@ module "alz_archetype_identity" {
   source                             = "../../"
   id                                 = "${random_pet.this.id}-identity"
   display_name                       = "${random_pet.this.id}-identity"
-  parent_id                          = module.alz_archetype_platform.management_group_name
+  parent_resource_id                 = module.alz_archetype_platform.management_group_resource_id
   base_archetype                     = "identity"
   default_location                   = local.default_location
   default_log_analytics_workspace_id = module.alz_management_resources.log_analytics_workspace.id
@@ -93,7 +82,7 @@ module "alz_archetype_connectivity" {
   source                             = "../../"
   id                                 = "${random_pet.this.id}-connectivity"
   display_name                       = "${random_pet.this.id}-connectivity"
-  parent_id                          = module.alz_archetype_platform.management_group_name
+  parent_resource_id                 = module.alz_archetype_platform.management_group_resource_id
   base_archetype                     = "connectivity"
   default_location                   = local.default_location
   default_log_analytics_workspace_id = module.alz_management_resources.log_analytics_workspace.id
@@ -104,7 +93,7 @@ module "alz_archetype_management" {
   source                             = "../../"
   id                                 = "${random_pet.this.id}-management"
   display_name                       = "${random_pet.this.id}-management"
-  parent_id                          = module.alz_archetype_platform.management_group_name
+  parent_resource_id                 = module.alz_archetype_platform.management_group_resource_id
   base_archetype                     = "management"
   default_location                   = local.default_location
   default_log_analytics_workspace_id = module.alz_management_resources.log_analytics_workspace.id
@@ -116,7 +105,7 @@ module "alz_archetype_corp" {
   source                             = "../../"
   id                                 = "${random_pet.this.id}-corp"
   display_name                       = "${random_pet.this.id}-corp"
-  parent_id                          = module.alz_archetype_landing_zones.management_group_name
+  parent_resource_id                 = module.alz_archetype_landing_zones.management_group_resource_id
   base_archetype                     = "corp"
   default_location                   = local.default_location
   default_log_analytics_workspace_id = module.alz_management_resources.log_analytics_workspace.id
@@ -127,7 +116,7 @@ module "alz_archetype_online" {
   source                             = "../../"
   id                                 = "${random_pet.this.id}-online"
   display_name                       = "${random_pet.this.id}-online"
-  parent_id                          = module.alz_archetype_landing_zones.management_group_name
+  parent_resource_id                 = module.alz_archetype_landing_zones.management_group_resource_id
   base_archetype                     = "online"
   default_location                   = local.default_location
   default_log_analytics_workspace_id = module.alz_management_resources.log_analytics_workspace.id
@@ -138,7 +127,7 @@ module "alz_archetype_sandboxes" {
   source                             = "../../"
   id                                 = "${random_pet.this.id}-sandboxes"
   display_name                       = "${random_pet.this.id}-sandboxes"
-  parent_id                          = module.alz_archetype_root.management_group_name
+  parent_resource_id                 = module.alz_archetype_root.management_group_resource_id
   base_archetype                     = "sandboxes"
   default_location                   = local.default_location
   default_log_analytics_workspace_id = module.alz_management_resources.log_analytics_workspace.id

examples/default/README.md

@@ -1,7 +1,7 @@
 <!-- BEGIN_TF_DOCS -->
 # Default
 
-TBC
+Left deliberately empty for now.
 
 ```hcl
 terraform {

examples/dynamic-input/README.md

@@ -35,7 +35,7 @@ module "management_groups_layer_1" {
   for_each                           = local.management_groups_layer_1
   id                                 = "${each.value.id}-${random_pet.this.id}"
   display_name                       = try(each.value.display_name, each.value.id)
-  parent_id                          = data.azurerm_client_config.current.tenant_id
+  parent_resource_id                 = "/providers/Microsoft.Management/managementGroups/${data.azurerm_client_config.current.tenant_id}"
   base_archetype                     = each.value.base_archetype
   default_location                   = local.location
   default_log_analytics_workspace_id = module.alz_management_resources.log_analytics_workspace.id
@@ -52,7 +52,7 @@ module "management_groups_layer_2" {
   for_each                           = local.management_groups_layer_2
   id                                 = "${each.value.id}-${random_pet.this.id}"
   display_name                       = try(each.value.display_name, each.value.id)
-  parent_id                          = module.management_groups_layer_1[each.value.parent].management_group_name
+  parent_resource_id                 = module.management_groups_layer_1[each.value.parent].management_group_resource_id
   base_archetype                     = each.value.base_archetype
   default_location                   = local.location
   default_log_analytics_workspace_id = module.alz_management_resources.log_analytics_workspace.id
@@ -65,7 +65,7 @@ module "management_groups_layer_3" {
   for_each                           = local.management_groups_layer_3
   id                                 = "${each.value.id}-${random_pet.this.id}"
   display_name                       = try(each.value.display_name, each.value.id)
-  parent_id                          = module.management_groups_layer_2[each.value.parent].management_group_name
+  parent_resource_id                 = module.management_groups_layer_2[each.value.parent].management_group_resource_id
   base_archetype                     = each.value.base_archetype
   default_location                   = local.location
   default_log_analytics_workspace_id = module.alz_management_resources.log_analytics_workspace.id
@@ -78,7 +78,7 @@ module "management_groups_layer_4" {
   for_each                           = local.management_groups_layer_4
   id                                 = "${each.value.id}-${random_pet.this.id}"
   display_name                       = try(each.value.display_name, each.value.id)
-  parent_id                          = module.management_groups_layer_3[each.value.parent].management_group_name
+  parent_resource_id                 = module.management_groups_layer_3[each.value.parent].management_group_resource_id
   base_archetype                     = each.value.base_archetype
   default_location                   = local.location
   default_log_analytics_workspace_id = module.alz_management_resources.log_analytics_workspace.id
@@ -91,7 +91,7 @@ module "management_groups_layer_5" {
   for_each                           = local.management_groups_layer_5
   id                                 = "${each.value.id}-${random_pet.this.id}"
   display_name                       = try(each.value.display_name, each.value.id)
-  parent_id                          = module.management_groups_layer_4[each.value.parent].management_group_name
+  parent_resource_id                 = module.management_groups_layer_4[each.value.parent].management_group_resource_id
   base_archetype                     = each.value.base_archetype
   default_location                   = local.location
   default_log_analytics_workspace_id = module.alz_management_resources.log_analytics_workspace.id
@@ -104,7 +104,7 @@ module "management_groups_layer_6" {
   for_each                           = local.management_groups_layer_6
   id                                 = "${each.value.id}-${random_pet.this.id}"
   display_name                       = try(each.value.display_name, each.value.id)
-  parent_id                          = module.management_groups_layer_5[each.value.parent].management_group_name
+  parent_resource_id                 = module.management_groups_layer_5[each.value.parent].management_group_resource_id
   base_archetype                     = each.value.base_archetype
   default_location                   = local.location
   default_log_analytics_workspace_id = module.alz_management_resources.log_analytics_workspace.id

examples/dynamic-input/locals.tf

@@ -1,13 +1,4 @@
 locals {
-  location                = "uksouth"
-  management_group_config = yamldecode(file("${path.root}/managementgroups.yaml"))
-
-  management_groups_layer_1 = { for k, v in local.management_group_config : k => v if v.parent == "base" }
-  management_groups_layer_2 = { for k, v in local.management_group_config : k => v if contains(keys(local.management_groups_layer_1), v.parent) }
-  management_groups_layer_3 = { for k, v in local.management_group_config : k => v if contains(keys(local.management_groups_layer_2), v.parent) }
-  management_groups_layer_4 = { for k, v in local.management_group_config : k => v if contains(keys(local.management_groups_layer_3), v.parent) }
-  management_groups_layer_5 = { for k, v in local.management_group_config : k => v if contains(keys(local.management_groups_layer_4), v.parent) }
-  management_groups_layer_6 = { for k, v in local.management_group_config : k => v if contains(keys(local.management_groups_layer_5), v.parent) }
   default_delays = {
     before_management_group_creation = {
       create = "30s"
@@ -21,4 +12,12 @@ locals {
       destroy = "60s"
     }
   }
+  location                  = "uksouth"
+  management_group_config   = yamldecode(file("${path.root}/managementgroups.yaml"))
+  management_groups_layer_1 = { for k, v in local.management_group_config : k => v if v.parent == "base" }
+  management_groups_layer_2 = { for k, v in local.management_group_config : k => v if contains(keys(local.management_groups_layer_1), v.parent) }
+  management_groups_layer_3 = { for k, v in local.management_group_config : k => v if contains(keys(local.management_groups_layer_2), v.parent) }
+  management_groups_layer_4 = { for k, v in local.management_group_config : k => v if contains(keys(local.management_groups_layer_3), v.parent) }
+  management_groups_layer_5 = { for k, v in local.management_group_config : k => v if contains(keys(local.management_groups_layer_4), v.parent) }
+  management_groups_layer_6 = { for k, v in local.management_group_config : k => v if contains(keys(local.management_groups_layer_5), v.parent) }
 }

examples/dynamic-input/outputs.tf

@@ -1,4 +1,5 @@
 output "test" {
+  description = "An object containing the management groups for each layer."
   value = {
     management_groups_layer_1 = local.management_groups_layer_1
     management_groups_layer_2 = local.management_groups_layer_2
@@ -7,5 +8,4 @@ output "test" {
     management_groups_layer_5 = local.management_groups_layer_5
     management_groups_layer_6 = local.management_groups_layer_6
   }
-  description = "An object containing the management groups for each layer."
 }

examples/policy-assignment-modification-with-custom-lib/README.md

@@ -7,7 +7,7 @@ This example demonstrates some common patterns:
 - The use of a custom library, with an archetype override and additional policy assignment
 - Modification of a policy assignment to supply new parameters to an assigned policy
 
-Thanks to [@phx-tim-butters](https://github.com/phx-tim-butters) for this example
+Thanks to [@phx-tim-butters](https://github.com/phx-tim-butters) for this example!
 
 ```hcl
 terraform {
@@ -36,28 +36,28 @@ provider "alz" {
 data "azurerm_client_config" "current" {}
 
 resource "azurerm_resource_group" "update_manager" {
-  name     = "rg_test"
   location = "uksouth"
+  name     = "rg_test"
 }
 
 resource "azurerm_maintenance_configuration" "this" {
+  location            = azurerm_resource_group.update_manager.location
   name                = "ring1"
   resource_group_name = azurerm_resource_group.update_manager.name
-  location            = azurerm_resource_group.update_manager.location
   scope               = "InGuestPatch"
 
-  window {
-    start_date_time = "2024-01-03 00:00"
-    duration        = "03:55"
-    time_zone       = "GMT Standard Time"
-    recur_every     = "Week"
-  }
-
   install_patches {
+    reboot = "IfRequired"
+
     windows {
       classifications_to_include = ["Critical", "Security", "Definition"]
     }
-    reboot = "IfRequired"
+  }
+  window {
+    start_date_time = "2024-01-03 00:00"
+    time_zone       = "GMT Standard Time"
+    duration        = "03:55"
+    recur_every     = "Week"
   }
 }
 

examples/policy-assignment-modification-with-custom-lib/main.tf

@@ -24,28 +24,28 @@ provider "alz" {
 data "azurerm_client_config" "current" {}
 
 resource "azurerm_resource_group" "update_manager" {
-  name     = "rg_test"
   location = "uksouth"
+  name     = "rg_test"
 }
 
 resource "azurerm_maintenance_configuration" "this" {
+  location            = azurerm_resource_group.update_manager.location
   name                = "ring1"
   resource_group_name = azurerm_resource_group.update_manager.name
-  location            = azurerm_resource_group.update_manager.location
   scope               = "InGuestPatch"
 
-  window {
-    start_date_time = "2024-01-03 00:00"
-    duration        = "03:55"
-    time_zone       = "GMT Standard Time"
-    recur_every     = "Week"
-  }
-
   install_patches {
+    reboot = "IfRequired"
+
     windows {
       classifications_to_include = ["Critical", "Security", "Definition"]
     }
-    reboot = "IfRequired"
+  }
+  window {
+    start_date_time = "2024-01-03 00:00"
+    time_zone       = "GMT Standard Time"
+    duration        = "03:55"
+    recur_every     = "Week"
   }
 }
 

locals.telemetry.tf

@@ -31,7 +31,6 @@ locals {
       }
     }
   })
-
   # This is the unique id AVM Terraform modules that is supplied by the AVM team.
   # See https://azure.github.io/Azure-Verified-Modules/specs/shared/#id-sfr3---category-telemetry---deploymentusage-telemetry
   telem_puid = "46d3xgtf"

main.telemetry.tf

@@ -9,9 +9,9 @@ resource "random_id" "telem" {
 resource "azurerm_management_group_template_deployment" "telemetry" {
   count = var.enable_telemetry ? 1 : 0
 
-  name                = local.telem_arm_deployment_name
-  management_group_id = azurerm_management_group.this.id
   location            = var.default_location
-  template_content    = local.telem_arm_template_content
+  management_group_id = azurerm_management_group.this.id
+  name                = local.telem_arm_deployment_name
   tags                = null
+  template_content    = local.telem_arm_template_content
 }

main.tf

@@ -24,7 +24,8 @@ resource "azurerm_management_group" "this" {
 }
 
 data "azurerm_subscription" "this" {
-  for_each        = var.subscription_ids
+  for_each = var.subscription_ids
+
   subscription_id = each.key
 }
 

variables.tf

@@ -33,6 +33,7 @@ variable "parent_resource_id" {
 The resource id of the parent management group. Use the tenant id to create a child of the tenant root group.
 The `azurerm_client_config` data source from the AzureRM provider is useful to get the tenant id.
 DESCRIPTION
+
   validation {
     error_message = "Value must be a valid management group resource id."
     condition     = can(regex("^/providers/Microsoft.Management/managementGroups/[^/]+$", var.parent_resource_id))
@@ -136,7 +137,6 @@ The value is a map of the properties of the policy assignment.
 DESCRIPTION
 }
 
-
 variable "role_assignments" {
   type = map(object({
     role_definition_id   = optional(string, "")