Skip to content
This repository was archived by the owner on Mar 4, 2022. It is now read-only.

Added log level env variable to app service #23

Open
var-kyle wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Added log level env variable to app service #23

var-kyle wants to merge 8 commits into from

Conversation

@var-kyle
Copy link
Contributor

@var-kyle var-kyle commented Mar 19, 2020
edited
Loading

Description

New environment variable LOG_LEVEL allows us to change the level of logging from the app. It will be configurable in the azure portal.

Added code to add diagnostic settings for Redis and PostgreSQL. Added an Azure log analytics resource that will pool the metrics/logs from those two.

Edited the PostgreSQL connection string so the password is read properly.

Important

This requires cppd/node-app to be at least v1.4.10

@var-kyle var-kyle requested a review from CalvinRodo March 19, 2020 13:39
@github-actions
Copy link

github-actions bot commented Mar 19, 2020

terraform plan Failed

Show Output 
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

random_password.postgres_admin: Refreshing state... [id=none]
random_password.postgres_user: Refreshing state... [id=none]
azurerm_key_vault_secret.pg_admin_user: Refreshing state... [id=https://essccppdkv.vault.azure.net/secrets/psqluser/64af7f7171e84afaaeba3af16facf084]
azurerm_resource_group.resource_group: Refreshing state... [id=/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg]
data.azurerm_client_config.current: Refreshing state...
azurerm_storage_account.file_upload: Refreshing state... [id=/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Storage/storageAccounts/essccppdcppdfileupload]
azurerm_postgresql_server.postgres: Refreshing state... [id=/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.DBforPostgreSQL/servers/essccppdpostgresql]
azurerm_app_service_plan.app_service_plan: Refreshing state... [id=/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Web/serverfarms/EsSCCPPDasp]
azurerm_redis_cache.session_store: Refreshing state... [id=/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Cache/Redis/EsSCCPPDcache]
azurerm_key_vault.key_vault: Refreshing state... [id=/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.KeyVault/vaults/EsSCCPPDkv]
azurerm_postgresql_database.postgres: Refreshing state... [id=/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.DBforPostgreSQL/servers/essccppdpostgresql/databases/medicalreportdb]
azurerm_key_vault_secret.docker_password: Refreshing state... [id=https://essccppdkv.vault.azure.net/secrets/dockerpword/024138315cb84319a2db92d0269c5aa8]
azurerm_key_vault_secret.pg_admin_pass: Refreshing state... [id=https://essccppdkv.vault.azure.net/secrets/psqladmin/b44d5b542e5d4ce28fce8b9a9cd1801d]
azurerm_key_vault_access_policy.tf_identity: Refreshing state... [id=/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.KeyVault/vaults/EsSCCPPDkv/objectId/99af9ca8-1def-43f8-b86a-4a7c0c676762]
azurerm_key_vault_secret.pg_connection_string: Refreshing state... [id=https://essccppdkv.vault.azure.net/secrets/postgresconnection/d1e3f51e72df4354b5d63d18651f90db]
azurerm_key_vault_secret.redis_connection_string: Refreshing state... [id=https://essccppdkv.vault.azure.net/secrets/redisconnection/8630fad89e7248dfa866c2215bbd927d]
azurerm_storage_container.file_upload: Refreshing state... [id=https://essccppdcppdfileupload.blob.core.windows.net/essccppdvhds]
azurerm_key_vault_secret.storage_access_key: Refreshing state... [id=https://essccppdkv.vault.azure.net/secrets/storageAccessKey/d186786deb2c454da1901f826bcd37ce]

Error: Error retrieving Container "essccppdvhds" (Account "essccppdcppdfileupload" / Resource Group "EsSCCPPDrg"): containers.Client#GetProperties: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailure" Message="This request is not authorized to perform this operation.\nRequestId:29c427c8-f01e-0018-0af4-fd1b34000000\nTime:2020-03-19T13:41:05.6830010Z"

Workflow: OpenPolicyAgent Compliance Checks, Action: run

@var-kyle var-kyle changed the title Added log level env variable to app service WIP: Added log level env variable to app service Mar 19, 2020
@github-actions
Copy link

github-actions bot commented Mar 19, 2020

terraform plan Success

Show Output 

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # azurerm_app_service.app_service will be updated in-place
  ~ resource "azurerm_app_service" "app_service" {
        app_service_plan_id            = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Web/serverfarms/EsSCCPPDasp"
      ~ app_settings                   = {
          - "AUTO_MIGRATE_MODE"               = "alter"
          - "AZURE_STORAGE_ACCESS_KEY"        = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/storageAccessKey/d186786deb2c454da1901f826bcd37ce)"
          - "AZURE_STORAGE_ACCOUNT"           = "essccppdcppdfileupload"
          - "AZURE_STORAGE_CONTAINER"         = "essccppdvhds"
          - "DATABASE_URL"                    = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/postgresconnection/d1e3f51e72df4354b5d63d18651f90db)"
          - "DOCKER_ENABLE_CI"                = "true"
          - "DOCKER_REGISTRY_SERVER_PASSWORD" = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/dockerpword/024138315cb84319a2db92d0269c5aa8)"
          - "DOCKER_REGISTRY_SERVER_URL"      = "https://essecppdacr.azurecr.io"
          - "DOCKER_REGISTRY_SERVER_USERNAME" = "EsSECPPDacr"
          - "FEATURE_AZURE_PG_SSL"            = "true"
          - "FEATURE_AZ_STORAGE"              = "true"
          - "FEATURE_REDIS_SSL"               = "true"
          - "LOG_LEVEL"                       = "silly"
          - "SESSION_ADAPTER"                 = "@sailshq/connect-redis"
          - "SESSION_ADAPTER_URL"             = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/redisconnection/8630fad89e7248dfa866c2215bbd927d)"
        } -> (known after apply)
        client_affinity_enabled        = true
        client_cert_enabled            = false
        default_site_hostname          = "essccppdappservice.azurewebsites.net"
        enabled                        = true
        https_only                     = true
        id                             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Web/sites/EsSCCPPDappservice"
        location                       = "canadacentral"
        name                           = "EsSCCPPDappservice"
        outbound_ip_addresses          = "13.71.170.130,13.88.230.232,13.88.229.172,52.228.39.78,13.71.191.27"
        possible_outbound_ip_addresses = "13.71.170.130,13.88.230.232,13.88.229.172,52.228.39.78,13.71.191.27,40.85.254.37,40.85.219.45,40.85.223.56,52.228.42.60,52.228.42.28"
        resource_group_name            = "EsSCCPPDrg"
        site_credential                = [
            {
                password = "XFYTEhyxLxZYodEHstTEMdfJBH99YE6A3NjD8rwLaualKDF1tEAzZrL3FYJx"
                username = "$EsSCCPPDappservice"
            },
        ]
        source_control                 = [
            {
                branch   = "master"
                repo_url = ""
            },
        ]
        tags                           = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }

        auth_settings {
            additional_login_params        = {}
            allowed_external_redirect_urls = []
            enabled                        = false
            token_refresh_extension_hours  = 0
            token_store_enabled            = false
        }

        identity {
            identity_ids = []
            principal_id = "7d044b4f-1ce6-4740-b690-4411dfee3f90"
            tenant_id    = "9ed55846-8a81-4246-acd8-b1a01abfc0d1"
            type         = "SystemAssigned"
        }

        logs {
            application_logs {
            }

            http_logs {

                file_system {
                    retention_in_days = 7
                    retention_in_mb   = 35
                }
            }
        }

      ~ site_config {
            always_on                 = true
            default_documents         = []
            dotnet_framework_version  = "v4.0"
            ftps_state                = "AllAllowed"
            http2_enabled             = true
            ip_restriction            = []
          ~ linux_fx_version          = "DOCKER|essecppdacr.azurecr.io/cppd/node-app:latest" -> (known after apply)
            local_mysql_enabled       = false
            managed_pipeline_mode     = "Integrated"
            min_tls_version           = "1.2"
            remote_debugging_enabled  = false
            remote_debugging_version  = "VS2019"
            scm_type                  = "None"
            use_32_bit_worker_process = false
            websockets_enabled        = false

            cors {
                allowed_origins     = []
                support_credentials = false
            }
        }
    }

  # azurerm_container_registry.container_registry will be created
  + resource "azurerm_container_registry" "container_registry" {
      + admin_enabled       = true
      + admin_password      = (sensitive value)
      + admin_username      = (known after apply)
      + id                  = (known after apply)
      + location            = "canadacentral"
      + login_server        = (known after apply)
      + name                = "EsSCCPPDr"
      + network_rule_set    = (known after apply)
      + resource_group_name = "EsSCCPPDrg"
      + sku                 = "Standard"
      + tags                = {
          + "Branch"         = "IITB"
          + "Classification" = "Unclassified"
          + "CsdId"          = "930"
          + "Directorate"    = "BSIM"
          + "Environment"    = "Sandbox"
          + "Project"        = "DTS"
          + "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
          + "Version"        = "0.0.0"
        }
    }

  # azurerm_key_vault_secret.docker_password will be updated in-place
  ~ resource "azurerm_key_vault_secret" "docker_password" {
        id           = "https://essccppdkv.vault.azure.net/secrets/dockerpword/024138315cb84319a2db92d0269c5aa8"
        key_vault_id = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.KeyVault/vaults/EsSCCPPDkv"
        name         = "dockerpword"
        tags         = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }
      ~ value        = (sensitive value)
        version      = "024138315cb84319a2db92d0269c5aa8"
    }

  # azurerm_key_vault_secret.pg_admin_pass will be updated in-place
  ~ resource "azurerm_key_vault_secret" "pg_admin_pass" {
        id           = "https://essccppdkv.vault.azure.net/secrets/psqladmin/b44d5b542e5d4ce28fce8b9a9cd1801d"
        key_vault_id = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.KeyVault/vaults/EsSCCPPDkv"
        name         = "psqladmin"
        tags         = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }
      ~ value        = (sensitive value)
        version      = "b44d5b542e5d4ce28fce8b9a9cd1801d"
    }

  # azurerm_key_vault_secret.pg_admin_user will be destroyed
  - resource "azurerm_key_vault_secret" "pg_admin_user" {
      - id           = "https://essccppdkv.vault.azure.net/secrets/psqluser/64af7f7171e84afaaeba3af16facf084" -> null
      - key_vault_id = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.KeyVault/vaults/EsSCCPPDkv" -> null
      - name         = "psqluser" -> null
      - tags         = {
          - "Branch"         = "IITB"
          - "Classification" = "Unclassified"
          - "CsdId"          = "930"
          - "Directorate"    = "BSIM"
          - "Environment"    = "Sandbox"
          - "Project"        = "DTS"
          - "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
          - "Version"        = "0.0.0"
        } -> null
      - value        = (sensitive value)
      - version      = "64af7f7171e84afaaeba3af16facf084" -> null
    }

  # azurerm_key_vault_secret.pg_connection_string will be updated in-place
  ~ resource "azurerm_key_vault_secret" "pg_connection_string" {
        id           = "https://essccppdkv.vault.azure.net/secrets/postgresconnection/d1e3f51e72df4354b5d63d18651f90db"
        key_vault_id = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.KeyVault/vaults/EsSCCPPDkv"
        name         = "postgresconnection"
        tags         = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }
      ~ value        = (sensitive value)
        version      = "d1e3f51e72df4354b5d63d18651f90db"
    }

  # azurerm_log_analytics_workspace.log_analytics must be replaced
-/+ resource "azurerm_log_analytics_workspace" "log_analytics" {
      ~ id                   = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourcegroups/essccppdrg/providers/microsoft.operationalinsights/workspaces/essccppdloganalytics" -> (known after apply)
        location             = "canadacentral"
      ~ name                 = "essccppdloganalytics" -> "EsSCCPPDloganalytics" # forces replacement
      + portal_url           = (known after apply)
      ~ primary_shared_key   = (sensitive value)
      ~ resource_group_name  = "essccppdrg" -> "EsSCCPPDrg"
      ~ retention_in_days    = 30 -> (known after apply)
      ~ secondary_shared_key = (sensitive value)
      ~ sku                  = "pergb2018" -> "PerGB2018"
        tags                 = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }
      ~ workspace_id         = "f4a28ad3-4102-4e42-97e9-354c89363908" -> (known after apply)
    }

  # azurerm_monitor_diagnostic_setting.cache_diagnostic_settings will be created
  + resource "azurerm_monitor_diagnostic_setting" "cache_diagnostic_settings" {
      + id                             = (known after apply)
      + log_analytics_destination_type = "Dedicated"
      + log_analytics_workspace_id     = (known after apply)
      + name                           = "EsSCCPPDcachediagnostics"
      + target_resource_id             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Cache/Redis/EsSCCPPDcache"

      + metric {
          + category = "AllMetrics"
          + enabled  = true

          + retention_policy {
              + days    = 7
              + enabled = true
            }
        }
    }

  # azurerm_monitor_diagnostic_setting.database_diagnostic_settings will be created
  + resource "azurerm_monitor_diagnostic_setting" "database_diagnostic_settings" {
      + id                             = (known after apply)
      + log_analytics_destination_type = "Dedicated"
      + log_analytics_workspace_id     = (known after apply)
      + name                           = "EsSCCPPDpostgresdiagnostics"
      + target_resource_id             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.DBforPostgreSQL/servers/essccppdpostgresql/databases/medicalreportdb"

      + log {
          + category = "PostgreSQLLogs"
          + enabled  = true

          + retention_policy {
              + days    = 7
              + enabled = true
            }
        }
      + log {
          + category = "QueryStoreRuntimeStatistics"
          + enabled  = true

          + retention_policy {
              + days    = 7
              + enabled = true
            }
        }
      + log {
          + category = "QueryStoreWaitStatistics"
          + enabled  = true

          + retention_policy {
              + days    = 7
              + enabled = true
            }
        }

      + metric {
          + category = "AllMetrics"
          + enabled  = true

          + retention_policy {
              + days    = 7
              + enabled = true
            }
        }
    }

  # azurerm_postgresql_server.postgres will be updated in-place
  ~ resource "azurerm_postgresql_server" "postgres" {
        administrator_login          = "psqladmin"
      ~ administrator_login_password = (sensitive value)
        fqdn                         = "essccppdpostgresql.postgres.database.azure.com"
        id                           = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.DBforPostgreSQL/servers/essccppdpostgresql"
        location                     = "canadacentral"
        name                         = "essccppdpostgresql"
        resource_group_name          = "EsSCCPPDrg"
        sku_name                     = "GP_Gen5_2"
        ssl_enforcement              = "Enabled"
        tags                         = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }
        version                      = "11"

        storage_profile {
            auto_grow             = "Disabled"
            backup_retention_days = 7
            geo_redundant_backup  = "Disabled"
            storage_mb            = 5120
        }
    }

  # random_password.postgres_admin must be replaced
-/+ resource "random_password" "postgres_admin" {
      ~ id               = "none" -> (known after apply)
        length           = 16
        lower            = true
      ~ min_lower        = 1 -> 0 # forces replacement
      ~ min_numeric      = 1 -> 0 # forces replacement
      ~ min_special      = 1 -> 0 # forces replacement
      ~ min_upper        = 1 -> 0 # forces replacement
        number           = true
      ~ override_special = "@_!+" -> "_%@" # forces replacement
      ~ result           = (sensitive value)
        special          = true
        upper            = true
    }

  # random_password.postgres_user will be destroyed
  - resource "random_password" "postgres_user" {
      - id               = "none" -> null
      - length           = 16 -> null
      - lower            = true -> null
      - min_lower        = 1 -> null
      - min_numeric      = 1 -> null
      - min_special      = 1 -> null
      - min_upper        = 1 -> null
      - number           = true -> null
      - override_special = "@_!+" -> null
      - result           = (sensitive value)
      - special          = true -> null
      - upper            = true -> null
    }

Plan: 5 to add, 5 to change, 4 to destroy.

Workflow: OpenPolicyAgent Compliance Checks, Action: run

@github-actions
Copy link

github-actions bot commented Mar 19, 2020

terraform plan Success

Show Output 

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # azurerm_app_service.app_service will be updated in-place
  ~ resource "azurerm_app_service" "app_service" {
        app_service_plan_id            = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Web/serverfarms/EsSCCPPDasp"
      ~ app_settings                   = {
          - "AUTO_MIGRATE_MODE"               = "alter"
          - "AZURE_STORAGE_ACCESS_KEY"        = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/storageAccessKey/d186786deb2c454da1901f826bcd37ce)"
          - "AZURE_STORAGE_ACCOUNT"           = "essccppdcppdfileupload"
          - "AZURE_STORAGE_CONTAINER"         = "essccppdvhds"
          - "DATABASE_URL"                    = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/postgresconnection/d1e3f51e72df4354b5d63d18651f90db)"
          - "DOCKER_ENABLE_CI"                = "true"
          - "DOCKER_REGISTRY_SERVER_PASSWORD" = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/dockerpword/024138315cb84319a2db92d0269c5aa8)"
          - "DOCKER_REGISTRY_SERVER_URL"      = "https://essecppdacr.azurecr.io"
          - "DOCKER_REGISTRY_SERVER_USERNAME" = "EsSECPPDacr"
          - "FEATURE_AZURE_PG_SSL"            = "true"
          - "FEATURE_AZ_STORAGE"              = "true"
          - "FEATURE_REDIS_SSL"               = "true"
          - "LOG_LEVEL"                       = "silly"
          - "SESSION_ADAPTER"                 = "@sailshq/connect-redis"
          - "SESSION_ADAPTER_URL"             = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/redisconnection/8630fad89e7248dfa866c2215bbd927d)"
        } -> (known after apply)
        client_affinity_enabled        = true
        client_cert_enabled            = false
        default_site_hostname          = "essccppdappservice.azurewebsites.net"
        enabled                        = true
        https_only                     = true
        id                             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Web/sites/EsSCCPPDappservice"
        location                       = "canadacentral"
        name                           = "EsSCCPPDappservice"
        outbound_ip_addresses          = "13.71.170.130,13.88.230.232,13.88.229.172,52.228.39.78,13.71.191.27"
        possible_outbound_ip_addresses = "13.71.170.130,13.88.230.232,13.88.229.172,52.228.39.78,13.71.191.27,40.85.254.37,40.85.219.45,40.85.223.56,52.228.42.60,52.228.42.28"
        resource_group_name            = "EsSCCPPDrg"
        site_credential                = [
            {
                password = "XFYTEhyxLxZYodEHstTEMdfJBH99YE6A3NjD8rwLaualKDF1tEAzZrL3FYJx"
                username = "$EsSCCPPDappservice"
            },
        ]
        source_control                 = [
            {
                branch   = "master"
                repo_url = ""
            },
        ]
        tags                           = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }

        auth_settings {
            additional_login_params        = {}
            allowed_external_redirect_urls = []
            enabled                        = false
            token_refresh_extension_hours  = 0
            token_store_enabled            = false
        }

        identity {
            identity_ids = []
            principal_id = "7d044b4f-1ce6-4740-b690-4411dfee3f90"
            tenant_id    = "9ed55846-8a81-4246-acd8-b1a01abfc0d1"
            type         = "SystemAssigned"
        }

        logs {
            application_logs {
            }

            http_logs {

                file_system {
                    retention_in_days = 7
                    retention_in_mb   = 35
                }
            }
        }

      ~ site_config {
            always_on                 = true
            default_documents         = []
            dotnet_framework_version  = "v4.0"
            ftps_state                = "AllAllowed"
            http2_enabled             = true
            ip_restriction            = []
          ~ linux_fx_version          = "DOCKER|essecppdacr.azurecr.io/cppd/node-app:latest" -> (known after apply)
            local_mysql_enabled       = false
            managed_pipeline_mode     = "Integrated"
            min_tls_version           = "1.2"
            remote_debugging_enabled  = false
            remote_debugging_version  = "VS2019"
            scm_type                  = "None"
            use_32_bit_worker_process = false
            websockets_enabled        = false

            cors {
                allowed_origins     = []
                support_credentials = false
            }
        }
    }

  # azurerm_container_registry.container_registry will be created
  + resource "azurerm_container_registry" "container_registry" {
      + admin_enabled       = true
      + admin_password      = (sensitive value)
      + admin_username      = (known after apply)
      + id                  = (known after apply)
      + location            = "canadacentral"
      + login_server        = (known after apply)
      + name                = "EsSCCPPDr"
      + network_rule_set    = (known after apply)
      + resource_group_name = "EsSCCPPDrg"
      + sku                 = "Standard"
      + tags                = {
          + "Branch"         = "IITB"
          + "Classification" = "Unclassified"
          + "CsdId"          = "930"
          + "Directorate"    = "BSIM"
          + "Environment"    = "Sandbox"
          + "Project"        = "DTS"
          + "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
          + "Version"        = "0.0.0"
        }
    }

  # azurerm_key_vault_secret.docker_password will be updated in-place
  ~ resource "azurerm_key_vault_secret" "docker_password" {
        id           = "https://essccppdkv.vault.azure.net/secrets/dockerpword/024138315cb84319a2db92d0269c5aa8"
        key_vault_id = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.KeyVault/vaults/EsSCCPPDkv"
        name         = "dockerpword"
        tags         = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }
      ~ value        = (sensitive value)
        version      = "024138315cb84319a2db92d0269c5aa8"
    }

  # azurerm_key_vault_secret.pg_admin_pass will be updated in-place
  ~ resource "azurerm_key_vault_secret" "pg_admin_pass" {
        id           = "https://essccppdkv.vault.azure.net/secrets/psqladmin/b44d5b542e5d4ce28fce8b9a9cd1801d"
        key_vault_id = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.KeyVault/vaults/EsSCCPPDkv"
        name         = "psqladmin"
        tags         = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }
      ~ value        = (sensitive value)
        version      = "b44d5b542e5d4ce28fce8b9a9cd1801d"
    }

  # azurerm_key_vault_secret.pg_admin_user will be destroyed
  - resource "azurerm_key_vault_secret" "pg_admin_user" {
      - id           = "https://essccppdkv.vault.azure.net/secrets/psqluser/64af7f7171e84afaaeba3af16facf084" -> null
      - key_vault_id = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.KeyVault/vaults/EsSCCPPDkv" -> null
      - name         = "psqluser" -> null
      - tags         = {
          - "Branch"         = "IITB"
          - "Classification" = "Unclassified"
          - "CsdId"          = "930"
          - "Directorate"    = "BSIM"
          - "Environment"    = "Sandbox"
          - "Project"        = "DTS"
          - "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
          - "Version"        = "0.0.0"
        } -> null
      - value        = (sensitive value)
      - version      = "64af7f7171e84afaaeba3af16facf084" -> null
    }

  # azurerm_key_vault_secret.pg_connection_string will be updated in-place
  ~ resource "azurerm_key_vault_secret" "pg_connection_string" {
        id           = "https://essccppdkv.vault.azure.net/secrets/postgresconnection/d1e3f51e72df4354b5d63d18651f90db"
        key_vault_id = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.KeyVault/vaults/EsSCCPPDkv"
        name         = "postgresconnection"
        tags         = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }
      ~ value        = (sensitive value)
        version      = "d1e3f51e72df4354b5d63d18651f90db"
    }

  # azurerm_log_analytics_workspace.log_analytics must be replaced
-/+ resource "azurerm_log_analytics_workspace" "log_analytics" {
      ~ id                   = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourcegroups/essccppdrg/providers/microsoft.operationalinsights/workspaces/essccppdloganalytics" -> (known after apply)
        location             = "canadacentral"
      ~ name                 = "essccppdloganalytics" -> "EsSCCPPDloganalytics" # forces replacement
      + portal_url           = (known after apply)
      ~ primary_shared_key   = (sensitive value)
      ~ resource_group_name  = "essccppdrg" -> "EsSCCPPDrg"
      ~ retention_in_days    = 30 -> (known after apply)
      ~ secondary_shared_key = (sensitive value)
      ~ sku                  = "pergb2018" -> "PerGB2018"
        tags                 = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }
      ~ workspace_id         = "f4a28ad3-4102-4e42-97e9-354c89363908" -> (known after apply)
    }

  # azurerm_monitor_diagnostic_setting.cache_diagnostic_settings will be created
  + resource "azurerm_monitor_diagnostic_setting" "cache_diagnostic_settings" {
      + id                             = (known after apply)
      + log_analytics_destination_type = "Dedicated"
      + log_analytics_workspace_id     = (known after apply)
      + name                           = "EsSCCPPDcachediagnostics"
      + target_resource_id             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Cache/Redis/EsSCCPPDcache"

      + metric {
          + category = "AllMetrics"
          + enabled  = true

          + retention_policy {
              + days    = 7
              + enabled = true
            }
        }
    }

  # azurerm_monitor_diagnostic_setting.database_diagnostic_settings will be created
  + resource "azurerm_monitor_diagnostic_setting" "database_diagnostic_settings" {
      + id                             = (known after apply)
      + log_analytics_destination_type = "Dedicated"
      + log_analytics_workspace_id     = (known after apply)
      + name                           = "EsSCCPPDpostgresdiagnostics"
      + target_resource_id             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.DBforPostgreSQL/servers/essccppdpostgresql/databases/medicalreportdb"

      + log {
          + category = "PostgreSQLLogs"
          + enabled  = true

          + retention_policy {
              + days    = 7
              + enabled = true
            }
        }
      + log {
          + category = "QueryStoreRuntimeStatistics"
          + enabled  = true

          + retention_policy {
              + days    = 7
              + enabled = true
            }
        }
      + log {
          + category = "QueryStoreWaitStatistics"
          + enabled  = true

          + retention_policy {
              + days    = 7
              + enabled = true
            }
        }

      + metric {
          + category = "AllMetrics"
          + enabled  = true

          + retention_policy {
              + days    = 7
              + enabled = true
            }
        }
    }

  # azurerm_postgresql_configuration.db_congif_log_level will be created
  + resource "azurerm_postgresql_configuration" "db_congif_log_level" {
      + id                  = (known after apply)
      + name                = "client_min_messages"
      + resource_group_name = "EsSCCPPDrg"
      + server_name         = "essccppdpostgresql"
      + value               = "LOG"
    }

  # azurerm_postgresql_configuration.db_congif_log_statement will be created
  + resource "azurerm_postgresql_configuration" "db_congif_log_statement" {
      + id                  = (known after apply)
      + name                = "log_statement"
      + resource_group_name = "EsSCCPPDrg"
      + server_name         = "essccppdpostgresql"
      + value               = "ALL"
    }

  # azurerm_postgresql_configuration.db_congif_retention will be created
  + resource "azurerm_postgresql_configuration" "db_congif_retention" {
      + id                  = (known after apply)
      + name                = "log_retention_days"
      + resource_group_name = "EsSCCPPDrg"
      + server_name         = "essccppdpostgresql"
      + value               = "7"
    }

  # azurerm_postgresql_server.postgres will be updated in-place
  ~ resource "azurerm_postgresql_server" "postgres" {
        administrator_login          = "psqladmin"
      ~ administrator_login_password = (sensitive value)
        fqdn                         = "essccppdpostgresql.postgres.database.azure.com"
        id                           = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.DBforPostgreSQL/servers/essccppdpostgresql"
        location                     = "canadacentral"
        name                         = "essccppdpostgresql"
        resource_group_name          = "EsSCCPPDrg"
        sku_name                     = "GP_Gen5_2"
        ssl_enforcement              = "Enabled"
        tags                         = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }
        version                      = "11"

        storage_profile {
            auto_grow             = "Disabled"
            backup_retention_days = 7
            geo_redundant_backup  = "Disabled"
            storage_mb            = 5120
        }
    }

  # random_password.postgres_admin must be replaced
-/+ resource "random_password" "postgres_admin" {
      ~ id               = "none" -> (known after apply)
        length           = 16
        lower            = true
      ~ min_lower        = 1 -> 0 # forces replacement
      ~ min_numeric      = 1 -> 0 # forces replacement
      ~ min_special      = 1 -> 0 # forces replacement
      ~ min_upper        = 1 -> 0 # forces replacement
        number           = true
      ~ override_special = "@_!+" -> "_%@" # forces replacement
      ~ result           = (sensitive value)
        special          = true
        upper            = true
    }

  # random_password.postgres_user will be destroyed
  - resource "random_password" "postgres_user" {
      - id               = "none" -> null
      - length           = 16 -> null
      - lower            = true -> null
      - min_lower        = 1 -> null
      - min_numeric      = 1 -> null
      - min_special      = 1 -> null
      - min_upper        = 1 -> null
      - number           = true -> null
      - override_special = "@_!+" -> null
      - result           = (sensitive value)
      - special          = true -> null
      - upper            = true -> null
    }

Plan: 8 to add, 5 to change, 4 to destroy.

Workflow: OpenPolicyAgent Compliance Checks, Action: run

@github-actions
Copy link

github-actions bot commented Mar 19, 2020

terraform plan Success

Show Output 

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # azurerm_app_service.app_service will be updated in-place
  ~ resource "azurerm_app_service" "app_service" {
        app_service_plan_id            = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Web/serverfarms/EsSCCPPDasp"
      ~ app_settings                   = {
          - "AUTO_MIGRATE_MODE"               = "alter"
          - "AZURE_STORAGE_ACCESS_KEY"        = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/storageAccessKey/d186786deb2c454da1901f826bcd37ce)"
          - "AZURE_STORAGE_ACCOUNT"           = "essccppdcppdfileupload"
          - "AZURE_STORAGE_CONTAINER"         = "essccppdvhds"
          - "DATABASE_URL"                    = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/postgresconnection/d1e3f51e72df4354b5d63d18651f90db)"
          - "DOCKER_ENABLE_CI"                = "true"
          - "DOCKER_REGISTRY_SERVER_PASSWORD" = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/dockerpword/024138315cb84319a2db92d0269c5aa8)"
          - "DOCKER_REGISTRY_SERVER_URL"      = "https://essecppdacr.azurecr.io"
          - "DOCKER_REGISTRY_SERVER_USERNAME" = "EsSECPPDacr"
          - "FEATURE_AZURE_PG_SSL"            = "true"
          - "FEATURE_AZ_STORAGE"              = "true"
          - "FEATURE_REDIS_SSL"               = "true"
          - "LOG_LEVEL"                       = "silly"
          - "SESSION_ADAPTER"                 = "@sailshq/connect-redis"
          - "SESSION_ADAPTER_URL"             = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/redisconnection/8630fad89e7248dfa866c2215bbd927d)"
        } -> (known after apply)
        client_affinity_enabled        = true
        client_cert_enabled            = false
        default_site_hostname          = "essccppdappservice.azurewebsites.net"
        enabled                        = true
        https_only                     = true
        id                             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Web/sites/EsSCCPPDappservice"
        location                       = "canadacentral"
        name                           = "EsSCCPPDappservice"
        outbound_ip_addresses          = "13.71.170.130,13.88.230.232,13.88.229.172,52.228.39.78,13.71.191.27"
        possible_outbound_ip_addresses = "13.71.170.130,13.88.230.232,13.88.229.172,52.228.39.78,13.71.191.27,40.85.254.37,40.85.219.45,40.85.223.56,52.228.42.60,52.228.42.28"
        resource_group_name            = "EsSCCPPDrg"
        site_credential                = [
            {
                password = "XFYTEhyxLxZYodEHstTEMdfJBH99YE6A3NjD8rwLaualKDF1tEAzZrL3FYJx"
                username = "$EsSCCPPDappservice"
            },
        ]
        source_control                 = [
            {
                branch   = "master"
                repo_url = ""
            },
        ]
        tags                           = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }

        auth_settings {
            additional_login_params        = {}
            allowed_external_redirect_urls = []
            enabled                        = false
            token_refresh_extension_hours  = 0
            token_store_enabled            = false
        }

        identity {
            identity_ids = []
            principal_id = "7d044b4f-1ce6-4740-b690-4411dfee3f90"
            tenant_id    = "9ed55846-8a81-4246-acd8-b1a01abfc0d1"
            type         = "SystemAssigned"
        }

        logs {
            application_logs {
            }

            http_logs {

                file_system {
                    retention_in_days = 7
                    retention_in_mb   = 35
                }
            }
        }

      ~ site_config {
            always_on                 = true
            default_documents         = []
            dotnet_framework_version  = "v4.0"
            ftps_state                = "AllAllowed"
            http2_enabled             = true
            ip_restriction            = []
          ~ linux_fx_version          = "DOCKER|essecppdacr.azurecr.io/cppd/node-app:latest" -> (known after apply)
            local_mysql_enabled       = false
            managed_pipeline_mode     = "Integrated"
            min_tls_version           = "1.2"
            remote_debugging_enabled  = false
            remote_debugging_version  = "VS2019"
            scm_type                  = "None"
            use_32_bit_worker_process = false
            websockets_enabled        = false

            cors {
                allowed_origins     = []
                support_credentials = false
            }
        }
    }

  # azurerm_container_registry.container_registry will be created
  + resource "azurerm_container_registry" "container_registry" {
      + admin_enabled       = true
      + admin_password      = (sensitive value)
      + admin_username      = (known after apply)
      + id                  = (known after apply)
      + location            = "canadacentral"
      + login_server        = (known after apply)
      + name                = "EsSCCPPDr"
      + network_rule_set    = (known after apply)
      + resource_group_name = "EsSCCPPDrg"
      + sku                 = "Standard"
      + tags                = {
          + "Branch"         = "IITB"
          + "Classification" = "Unclassified"
          + "CsdId"          = "930"
          + "Directorate"    = "BSIM"
          + "Environment"    = "Sandbox"
          + "Project"        = "DTS"
          + "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
          + "Version"        = "0.0.0"
        }
    }

  # azurerm_key_vault_secret.docker_password will be updated in-place
  ~ resource "azurerm_key_vault_secret" "docker_password" {
        id           = "https://essccppdkv.vault.azure.net/secrets/dockerpword/024138315cb84319a2db92d0269c5aa8"
        key_vault_id = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.KeyVault/vaults/EsSCCPPDkv"
        name         = "dockerpword"
        tags         = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }
      ~ value        = (sensitive value)
        version      = "024138315cb84319a2db92d0269c5aa8"
    }

  # azurerm_key_vault_secret.pg_admin_pass will be updated in-place
  ~ resource "azurerm_key_vault_secret" "pg_admin_pass" {
        id           = "https://essccppdkv.vault.azure.net/secrets/psqladmin/b44d5b542e5d4ce28fce8b9a9cd1801d"
        key_vault_id = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.KeyVault/vaults/EsSCCPPDkv"
        name         = "psqladmin"
        tags         = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }
      ~ value        = (sensitive value)
        version      = "b44d5b542e5d4ce28fce8b9a9cd1801d"
    }

  # azurerm_key_vault_secret.pg_admin_user will be destroyed
  - resource "azurerm_key_vault_secret" "pg_admin_user" {
      - id           = "https://essccppdkv.vault.azure.net/secrets/psqluser/64af7f7171e84afaaeba3af16facf084" -> null
      - key_vault_id = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.KeyVault/vaults/EsSCCPPDkv" -> null
      - name         = "psqluser" -> null
      - tags         = {
          - "Branch"         = "IITB"
          - "Classification" = "Unclassified"
          - "CsdId"          = "930"
          - "Directorate"    = "BSIM"
          - "Environment"    = "Sandbox"
          - "Project"        = "DTS"
          - "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
          - "Version"        = "0.0.0"
        } -> null
      - value        = (sensitive value)
      - version      = "64af7f7171e84afaaeba3af16facf084" -> null
    }

  # azurerm_key_vault_secret.pg_connection_string will be updated in-place
  ~ resource "azurerm_key_vault_secret" "pg_connection_string" {
        id           = "https://essccppdkv.vault.azure.net/secrets/postgresconnection/d1e3f51e72df4354b5d63d18651f90db"
        key_vault_id = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.KeyVault/vaults/EsSCCPPDkv"
        name         = "postgresconnection"
        tags         = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }
      ~ value        = (sensitive value)
        version      = "d1e3f51e72df4354b5d63d18651f90db"
    }

  # azurerm_log_analytics_workspace.log_analytics must be replaced
-/+ resource "azurerm_log_analytics_workspace" "log_analytics" {
      ~ id                   = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourcegroups/essccppdrg/providers/microsoft.operationalinsights/workspaces/essccppdloganalytics" -> (known after apply)
        location             = "canadacentral"
      ~ name                 = "essccppdloganalytics" -> "EsSCCPPDloganalytics" # forces replacement
      + portal_url           = (known after apply)
      ~ primary_shared_key   = (sensitive value)
      ~ resource_group_name  = "essccppdrg" -> "EsSCCPPDrg"
      ~ retention_in_days    = 30 -> (known after apply)
      ~ secondary_shared_key = (sensitive value)
      ~ sku                  = "pergb2018" -> "PerGB2018"
        tags                 = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }
      ~ workspace_id         = "f4a28ad3-4102-4e42-97e9-354c89363908" -> (known after apply)
    }

  # azurerm_monitor_diagnostic_setting.cache_diagnostic_settings will be created
  + resource "azurerm_monitor_diagnostic_setting" "cache_diagnostic_settings" {
      + id                             = (known after apply)
      + log_analytics_destination_type = "Dedicated"
      + log_analytics_workspace_id     = (known after apply)
      + name                           = "EsSCCPPDcachediagnostics"
      + target_resource_id             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Cache/Redis/EsSCCPPDcache"

      + metric {
          + category = "AllMetrics"
          + enabled  = true

          + retention_policy {
              + days    = 7
              + enabled = true
            }
        }
    }

  # azurerm_monitor_diagnostic_setting.database_diagnostic_settings will be created
  + resource "azurerm_monitor_diagnostic_setting" "database_diagnostic_settings" {
      + id                             = (known after apply)
      + log_analytics_destination_type = "Dedicated"
      + log_analytics_workspace_id     = (known after apply)
      + name                           = "EsSCCPPDpostgresdiagnostics"
      + target_resource_id             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.DBforPostgreSQL/servers/essccppdpostgresql/databases/medicalreportdb"

      + log {
          + category = "PostgreSQLLogs"
          + enabled  = true

          + retention_policy {
              + days    = 7
              + enabled = true
            }
        }
      + log {
          + category = "QueryStoreRuntimeStatistics"
          + enabled  = true

          + retention_policy {
              + days    = 7
              + enabled = true
            }
        }
      + log {
          + category = "QueryStoreWaitStatistics"
          + enabled  = true

          + retention_policy {
              + days    = 7
              + enabled = true
            }
        }

      + metric {
          + category = "AllMetrics"
          + enabled  = true

          + retention_policy {
              + days    = 7
              + enabled = true
            }
        }
    }

  # azurerm_postgresql_configuration.db_congif_log_level will be created
  + resource "azurerm_postgresql_configuration" "db_congif_log_level" {
      + id                  = (known after apply)
      + name                = "client_min_messages"
      + resource_group_name = "EsSCCPPDrg"
      + server_name         = "essccppdpostgresql"
      + value               = "LOG"
    }

  # azurerm_postgresql_configuration.db_congif_log_statement will be created
  + resource "azurerm_postgresql_configuration" "db_congif_log_statement" {
      + id                  = (known after apply)
      + name                = "log_statement"
      + resource_group_name = "EsSCCPPDrg"
      + server_name         = "essccppdpostgresql"
      + value               = "ALL"
    }

  # azurerm_postgresql_configuration.db_congif_retention will be created
  + resource "azurerm_postgresql_configuration" "db_congif_retention" {
      + id                  = (known after apply)
      + name                = "log_retention_days"
      + resource_group_name = "EsSCCPPDrg"
      + server_name         = "essccppdpostgresql"
      + value               = "7"
    }

  # azurerm_postgresql_server.postgres will be updated in-place
  ~ resource "azurerm_postgresql_server" "postgres" {
        administrator_login          = "psqladmin"
      ~ administrator_login_password = (sensitive value)
        fqdn                         = "essccppdpostgresql.postgres.database.azure.com"
        id                           = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.DBforPostgreSQL/servers/essccppdpostgresql"
        location                     = "canadacentral"
        name                         = "essccppdpostgresql"
        resource_group_name          = "EsSCCPPDrg"
        sku_name                     = "GP_Gen5_2"
        ssl_enforcement              = "Enabled"
        tags                         = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }
        version                      = "11"

        storage_profile {
            auto_grow             = "Disabled"
            backup_retention_days = 7
            geo_redundant_backup  = "Disabled"
            storage_mb            = 5120
        }
    }

  # random_password.postgres_admin must be replaced
-/+ resource "random_password" "postgres_admin" {
      ~ id               = "none" -> (known after apply)
        length           = 16
        lower            = true
      ~ min_lower        = 1 -> 0 # forces replacement
      ~ min_numeric      = 1 -> 0 # forces replacement
      ~ min_special      = 1 -> 0 # forces replacement
      ~ min_upper        = 1 -> 0 # forces replacement
        number           = true
      ~ override_special = "@_!+" -> "_%@" # forces replacement
      ~ result           = (sensitive value)
        special          = true
        upper            = true
    }

  # random_password.postgres_user will be destroyed
  - resource "random_password" "postgres_user" {
      - id               = "none" -> null
      - length           = 16 -> null
      - lower            = true -> null
      - min_lower        = 1 -> null
      - min_numeric      = 1 -> null
      - min_special      = 1 -> null
      - min_upper        = 1 -> null
      - number           = true -> null
      - override_special = "@_!+" -> null
      - result           = (sensitive value)
      - special          = true -> null
      - upper            = true -> null
    }

Plan: 8 to add, 5 to change, 4 to destroy.

Workflow: OpenPolicyAgent Compliance Checks, Action: run

@github-actions
Copy link

github-actions bot commented Mar 19, 2020

terraform plan Success

Show Output 

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # azurerm_app_service.app_service will be updated in-place
  ~ resource "azurerm_app_service" "app_service" {
        app_service_plan_id            = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Web/serverfarms/EsSCCPPDasp"
      ~ app_settings                   = {
          - "AUTO_MIGRATE_MODE"               = "alter"
          - "AZURE_STORAGE_ACCESS_KEY"        = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/storageAccessKey/d186786deb2c454da1901f826bcd37ce)"
          - "AZURE_STORAGE_ACCOUNT"           = "essccppdcppdfileupload"
          - "AZURE_STORAGE_CONTAINER"         = "essccppdvhds"
          - "DATABASE_URL"                    = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/postgresconnection/d1e3f51e72df4354b5d63d18651f90db)"
          - "DOCKER_ENABLE_CI"                = "true"
          - "DOCKER_REGISTRY_SERVER_PASSWORD" = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/dockerpword/024138315cb84319a2db92d0269c5aa8)"
          - "DOCKER_REGISTRY_SERVER_URL"      = "https://essecppdacr.azurecr.io"
          - "DOCKER_REGISTRY_SERVER_USERNAME" = "EsSECPPDacr"
          - "FEATURE_AZURE_PG_SSL"            = "true"
          - "FEATURE_AZ_STORAGE"              = "true"
          - "FEATURE_REDIS_SSL"               = "true"
          - "LOG_LEVEL"                       = "silly"
          - "SESSION_ADAPTER"                 = "@sailshq/connect-redis"
          - "SESSION_ADAPTER_URL"             = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/redisconnection/8630fad89e7248dfa866c2215bbd927d)"
        } -> (known after apply)
        client_affinity_enabled        = true
        client_cert_enabled            = false
        default_site_hostname          = "essccppdappservice.azurewebsites.net"
        enabled                        = true
        https_only                     = true
        id                             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Web/sites/EsSCCPPDappservice"
        location                       = "canadacentral"
        name                           = "EsSCCPPDappservice"
        outbound_ip_addresses          = "13.71.170.130,13.88.230.232,13.88.229.172,52.228.39.78,13.71.191.27"
        possible_outbound_ip_addresses = "13.71.170.130,13.88.230.232,13.88.229.172,52.228.39.78,13.71.191.27,40.85.254.37,40.85.219.45,40.85.223.56,52.228.42.60,52.228.42.28"
        resource_group_name            = "EsSCCPPDrg"
        site_credential                = [
            {
                password = "XFYTEhyxLxZYodEHstTEMdfJBH99YE6A3NjD8rwLaualKDF1tEAzZrL3FYJx"
                username = "$EsSCCPPDappservice"
            },
        ]
        source_control                 = [
            {
                branch   = "master"
                repo_url = ""
            },
        ]
        tags                           = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }

        auth_settings {
            additional_login_params        = {}
            allowed_external_redirect_urls = []
            enabled                        = false
            token_refresh_extension_hours  = 0
            token_store_enabled            = false
        }

        identity {
            identity_ids = []
            principal_id = "7d044b4f-1ce6-4740-b690-4411dfee3f90"
            tenant_id    = "9ed55846-8a81-4246-acd8-b1a01abfc0d1"
            type         = "SystemAssigned"
        }

        logs {
            application_logs {
            }

            http_logs {

                file_system {
                    retention_in_days = 7
                    retention_in_mb   = 35
                }
            }
        }

      ~ site_config {
            always_on                 = true
            default_documents         = []
            dotnet_framework_version  = "v4.0"
            ftps_state                = "AllAllowed"
            http2_enabled             = true
            ip_restriction            = []
          ~ linux_fx_version          = "DOCKER|essecppdacr.azurecr.io/cppd/node-app:latest" -> (known after apply)
            local_mysql_enabled       = false
            managed_pipeline_mode     = "Integrated"
            min_tls_version           = "1.2"
            remote_debugging_enabled  = false
            remote_debugging_version  = "VS2019"
            scm_type                  = "None"
            use_32_bit_worker_process = false
            websockets_enabled        = false

            cors {
                allowed_origins     = []
                support_credentials = false
            }
        }
    }

  # azurerm_container_registry.container_registry will be created
  + resource "azurerm_container_registry" "container_registry" {
      + admin_enabled       = true
      + admin_password      = (sensitive value)
      + admin_username      = (known after apply)
      + id                  = (known after apply)
      + location            = "canadacentral"
      + login_server        = (known after apply)
      + name                = "EsSCCPPDr"
      + network_rule_set    = (known after apply)
      + resource_group_name = "EsSCCPPDrg"
      + sku                 = "Standard"
      + tags                = {
          + "Branch"         = "IITB"
          + "Classification" = "Unclassified"
          + "CsdId"          = "930"
          + "Directorate"    = "BSIM"
          + "Environment"    = "Sandbox"
          + "Project"        = "DTS"
          + "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
          + "Version"        = "0.0.0"
        }
    }

  # azurerm_key_vault_secret.docker_password will be updated in-place
  ~ resource "azurerm_key_vault_secret" "docker_password" {
        id           = "https://essccppdkv.vault.azure.net/secrets/dockerpword/024138315cb84319a2db92d0269c5aa8"
        key_vault_id = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.KeyVault/vaults/EsSCCPPDkv"
        name         = "dockerpword"
        tags         = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }
      ~ value        = (sensitive value)
        version      = "024138315cb84319a2db92d0269c5aa8"
    }

  # azurerm_key_vault_secret.pg_admin_pass will be updated in-place
  ~ resource "azurerm_key_vault_secret" "pg_admin_pass" {
        id           = "https://essccppdkv.vault.azure.net/secrets/psqladmin/b44d5b542e5d4ce28fce8b9a9cd1801d"
        key_vault_id = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.KeyVault/vaults/EsSCCPPDkv"
        name         = "psqladmin"
        tags         = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }
      ~ value        = (sensitive value)
        version      = "b44d5b542e5d4ce28fce8b9a9cd1801d"
    }

  # azurerm_key_vault_secret.pg_admin_user will be destroyed
  - resource "azurerm_key_vault_secret" "pg_admin_user" {
      - id           = "https://essccppdkv.vault.azure.net/secrets/psqluser/64af7f7171e84afaaeba3af16facf084" -> null
      - key_vault_id = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.KeyVault/vaults/EsSCCPPDkv" -> null
      - name         = "psqluser" -> null
      - tags         = {
          - "Branch"         = "IITB"
          - "Classification" = "Unclassified"
          - "CsdId"          = "930"
          - "Directorate"    = "BSIM"
          - "Environment"    = "Sandbox"
          - "Project"        = "DTS"
          - "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
          - "Version"        = "0.0.0"
        } -> null
      - value        = (sensitive value)
      - version      = "64af7f7171e84afaaeba3af16facf084" -> null
    }

  # azurerm_key_vault_secret.pg_connection_string will be updated in-place
  ~ resource "azurerm_key_vault_secret" "pg_connection_string" {
        id           = "https://essccppdkv.vault.azure.net/secrets/postgresconnection/d1e3f51e72df4354b5d63d18651f90db"
        key_vault_id = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.KeyVault/vaults/EsSCCPPDkv"
        name         = "postgresconnection"
        tags         = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }
      ~ value        = (sensitive value)
        version      = "d1e3f51e72df4354b5d63d18651f90db"
    }

  # azurerm_log_analytics_workspace.log_analytics must be replaced
-/+ resource "azurerm_log_analytics_workspace" "log_analytics" {
      ~ id                   = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourcegroups/essccppdrg/providers/microsoft.operationalinsights/workspaces/essccppdloganalytics" -> (known after apply)
        location             = "canadacentral"
      ~ name                 = "essccppdloganalytics" -> "EsSCCPPDloganalytics" # forces replacement
      + portal_url           = (known after apply)
      ~ primary_shared_key   = (sensitive value)
      ~ resource_group_name  = "essccppdrg" -> "EsSCCPPDrg"
      ~ retention_in_days    = 30 -> (known after apply)
      ~ secondary_shared_key = (sensitive value)
      ~ sku                  = "pergb2018" -> "PerGB2018"
        tags                 = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }
      ~ workspace_id         = "f4a28ad3-4102-4e42-97e9-354c89363908" -> (known after apply)
    }

  # azurerm_monitor_diagnostic_setting.cache_diagnostic_settings will be created
  + resource "azurerm_monitor_diagnostic_setting" "cache_diagnostic_settings" {
      + id                             = (known after apply)
      + log_analytics_destination_type = "Dedicated"
      + log_analytics_workspace_id     = (known after apply)
      + name                           = "EsSCCPPDcachediagnostics"
      + target_resource_id             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Cache/Redis/EsSCCPPDcache"

      + metric {
          + category = "AllMetrics"
          + enabled  = true

          + retention_policy {
              + days    = 7
              + enabled = true
            }
        }
    }

  # azurerm_monitor_diagnostic_setting.database_diagnostic_settings will be created
  + resource "azurerm_monitor_diagnostic_setting" "database_diagnostic_settings" {
      + id                             = (known after apply)
      + log_analytics_destination_type = "Dedicated"
      + log_analytics_workspace_id     = (known after apply)
      + name                           = "EsSCCPPDpostgresdiagnostics"
      + target_resource_id             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.DBforPostgreSQL/servers/essccppdpostgresql/databases/medicalreportdb"

      + log {
          + category = "PostgreSQLLogs"
          + enabled  = true

          + retention_policy {
              + days    = 7
              + enabled = true
            }
        }
      + log {
          + category = "QueryStoreRuntimeStatistics"
          + enabled  = true

          + retention_policy {
              + days    = 7
              + enabled = true
            }
        }
      + log {
          + category = "QueryStoreWaitStatistics"
          + enabled  = true

          + retention_policy {
              + days    = 7
              + enabled = true
            }
        }

      + metric {
          + category = "AllMetrics"
          + enabled  = true

          + retention_policy {
              + days    = 7
              + enabled = true
            }
        }
    }

  # azurerm_postgresql_configuration.db_congif_log_level will be created
  + resource "azurerm_postgresql_configuration" "db_congif_log_level" {
      + id                  = (known after apply)
      + name                = "client_min_messages"
      + resource_group_name = "EsSCCPPDrg"
      + server_name         = "essccppdpostgresql"
      + value               = "LOG"
    }

  # azurerm_postgresql_configuration.db_congif_log_statement will be created
  + resource "azurerm_postgresql_configuration" "db_congif_log_statement" {
      + id                  = (known after apply)
      + name                = "log_statement"
      + resource_group_name = "EsSCCPPDrg"
      + server_name         = "essccppdpostgresql"
      + value               = "ALL"
    }

  # azurerm_postgresql_configuration.db_congif_retention will be created
  + resource "azurerm_postgresql_configuration" "db_congif_retention" {
      + id                  = (known after apply)
      + name                = "log_retention_days"
      + resource_group_name = "EsSCCPPDrg"
      + server_name         = "essccppdpostgresql"
      + value               = "7"
    }

  # azurerm_postgresql_server.postgres will be updated in-place
  ~ resource "azurerm_postgresql_server" "postgres" {
        administrator_login          = "psqladmin"
      ~ administrator_login_password = (sensitive value)
        fqdn                         = "essccppdpostgresql.postgres.database.azure.com"
        id                           = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.DBforPostgreSQL/servers/essccppdpostgresql"
        location                     = "canadacentral"
        name                         = "essccppdpostgresql"
        resource_group_name          = "EsSCCPPDrg"
        sku_name                     = "GP_Gen5_2"
        ssl_enforcement              = "Enabled"
        tags                         = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }
        version                      = "11"

        storage_profile {
            auto_grow             = "Disabled"
            backup_retention_days = 7
            geo_redundant_backup  = "Disabled"
            storage_mb            = 5120
        }
    }

  # random_password.postgres_admin must be replaced
-/+ resource "random_password" "postgres_admin" {
      ~ id               = "none" -> (known after apply)
        length           = 16
        lower            = true
      ~ min_lower        = 1 -> 0 # forces replacement
      ~ min_numeric      = 1 -> 0 # forces replacement
      ~ min_special      = 1 -> 0 # forces replacement
      ~ min_upper        = 1 -> 0 # forces replacement
        number           = true
      ~ override_special = "@_!+" -> "_%@" # forces replacement
      ~ result           = (sensitive value)
        special          = true
        upper            = true
    }

  # random_password.postgres_user will be destroyed
  - resource "random_password" "postgres_user" {
      - id               = "none" -> null
      - length           = 16 -> null
      - lower            = true -> null
      - min_lower        = 1 -> null
      - min_numeric      = 1 -> null
      - min_special      = 1 -> null
      - min_upper        = 1 -> null
      - number           = true -> null
      - override_special = "@_!+" -> null
      - result           = (sensitive value)
      - special          = true -> null
      - upper            = true -> null
    }

Plan: 8 to add, 5 to change, 4 to destroy.

Workflow: OpenPolicyAgent Compliance Checks, Action: run

@github-actions
Copy link

github-actions bot commented Mar 20, 2020

terraform plan Success

Show Output 

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # azurerm_app_service.app_service will be updated in-place
  ~ resource "azurerm_app_service" "app_service" {
        app_service_plan_id            = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Web/serverfarms/EsSCCPPDasp"
      ~ app_settings                   = {
            "AUTO_MIGRATE_MODE"               = "alter"
            "AZURE_STORAGE_ACCESS_KEY"        = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/storageAccessKey/a67d2321a3c44dcdb214fe562f11f8b4)"
            "AZURE_STORAGE_ACCOUNT"           = "essccppdcppdfileupload"
            "AZURE_STORAGE_CONTAINER"         = "essccppdvhds"
            "DATABASE_URL"                    = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/postgresconnection/cbe539a3b5314aaaab0b1dee763ef758)"
            "DOCKER_ENABLE_CI"                = "true"
          ~ "DOCKER_REGISTRY_SERVER_PASSWORD" = "0YLmbpIxTQ+sXCQDImhMsOSOBNx3dbpl" -> "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/dockerpword/844af5be09f14031aa226d95ba958941)"
          ~ "DOCKER_REGISTRY_SERVER_URL"      = "https://essecppdacr.azurecr.io" -> "https://essccppdr.azurecr.io"
          ~ "DOCKER_REGISTRY_SERVER_USERNAME" = "EsSECPPDacr" -> "EsSCCPPDr"
            "FEATURE_AZURE_PG_SSL"            = "true"
            "FEATURE_AZ_STORAGE"              = "true"
            "FEATURE_REDIS_SSL"               = "true"
            "LOG_LEVEL"                       = "verbose"
            "SESSION_ADAPTER"                 = "@sailshq/connect-redis"
            "SESSION_ADAPTER_URL"             = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/redisconnection/42c5dde53b3b4c4c909b2ed58abb068c)"
        }
        client_affinity_enabled        = true
        client_cert_enabled            = false
        default_site_hostname          = "essccppdappservice.azurewebsites.net"
        enabled                        = true
        https_only                     = true
        id                             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Web/sites/EsSCCPPDappservice"
        location                       = "canadacentral"
        name                           = "EsSCCPPDappservice"
        outbound_ip_addresses          = "52.237.22.139,52.237.24.27,52.237.22.229,52.237.29.228,52.237.19.55"
        possible_outbound_ip_addresses = "52.237.22.139,52.237.24.27,52.237.22.229,52.237.29.228,52.237.19.55,52.233.60.58,52.233.59.239"
        resource_group_name            = "EsSCCPPDrg"
        site_credential                = [
            {
                password = "CSf1bLB1fjwZm6fJn9ASxqMdnX6snWME9f602m9stjckR9oF2AmnGCxoYjtz"
                username = "$EsSCCPPDappservice"
            },
        ]
        source_control                 = [
            {
                branch   = "master"
                repo_url = ""
            },
        ]
        tags                           = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }

        auth_settings {
            additional_login_params        = {}
            allowed_external_redirect_urls = []
            enabled                        = false
            token_refresh_extension_hours  = 0
            token_store_enabled            = false
        }

        identity {
            identity_ids = []
            principal_id = "a7e2138e-3554-4d09-b99c-8353c06c868d"
            tenant_id    = "9ed55846-8a81-4246-acd8-b1a01abfc0d1"
            type         = "SystemAssigned"
        }

        logs {
            application_logs {
            }

            http_logs {

                file_system {
                    retention_in_days = 7
                    retention_in_mb   = 100
                }
            }
        }

      ~ site_config {
            always_on                 = true
            default_documents         = []
            dotnet_framework_version  = "v4.0"
            ftps_state                = "AllAllowed"
            http2_enabled             = true
            ip_restriction            = []
          ~ linux_fx_version          = "DOCKER|essecppdacr.azurecr.io/cppd/node-app:latest" -> "DOCKER|essccppdr.azurecr.io/cppd/node-app:latest"
            local_mysql_enabled       = false
            managed_pipeline_mode     = "Integrated"
            min_tls_version           = "1.2"
            remote_debugging_enabled  = false
            remote_debugging_version  = "VS2019"
            scm_type                  = "None"
            use_32_bit_worker_process = false
            websockets_enabled        = false

            cors {
                allowed_origins     = []
                support_credentials = false
            }
        }
    }

  # azurerm_monitor_diagnostic_setting.cache_diagnostic_settings will be updated in-place
  ~ resource "azurerm_monitor_diagnostic_setting" "cache_diagnostic_settings" {
        id                             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Cache/Redis/EsSCCPPDcache|EsSCCPPDcachediagnostics"
      + log_analytics_destination_type = "Dedicated"
        log_analytics_workspace_id     = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourcegroups/essccppdrg/providers/microsoft.operationalinsights/workspaces/essccppdloganalytics"
        name                           = "EsSCCPPDcachediagnostics"
        target_resource_id             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Cache/Redis/EsSCCPPDcache"

        metric {
            category = "AllMetrics"
            enabled  = true

            retention_policy {
                days    = 7
                enabled = true
            }
        }
    }

  # azurerm_monitor_diagnostic_setting.database_diagnostic_settings will be updated in-place
  ~ resource "azurerm_monitor_diagnostic_setting" "database_diagnostic_settings" {
        id                             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.DBforPostgreSQL/servers/essccppdpostgresql|EsSCCPPDpostgresdiagnostics"
      + log_analytics_destination_type = "Dedicated"
        log_analytics_workspace_id     = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourcegroups/essccppdrg/providers/microsoft.operationalinsights/workspaces/essccppdloganalytics"
        name                           = "EsSCCPPDpostgresdiagnostics"
        target_resource_id             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.DBforPostgreSQL/servers/essccppdpostgresql"

        log {
            category = "PostgreSQLLogs"
            enabled  = true

            retention_policy {
                days    = 7
                enabled = true
            }
        }
        log {
            category = "QueryStoreRuntimeStatistics"
            enabled  = true

            retention_policy {
                days    = 7
                enabled = true
            }
        }
        log {
            category = "QueryStoreWaitStatistics"
            enabled  = true

            retention_policy {
                days    = 7
                enabled = true
            }
        }

        metric {
            category = "AllMetrics"
            enabled  = true

            retention_policy {
                days    = 7
                enabled = true
            }
        }
    }

Plan: 0 to add, 3 to change, 0 to destroy.

Workflow: OpenPolicyAgent Compliance Checks, Action: run

@github-actions
Copy link

github-actions bot commented Mar 20, 2020

terraform plan Success

Show Output 

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # azurerm_app_service.app_service will be updated in-place
  ~ resource "azurerm_app_service" "app_service" {
        app_service_plan_id            = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Web/serverfarms/EsSCCPPDasp"
      ~ app_settings                   = {
            "AUTO_MIGRATE_MODE"               = "alter"
            "AZURE_STORAGE_ACCESS_KEY"        = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/storageAccessKey/a67d2321a3c44dcdb214fe562f11f8b4)"
            "AZURE_STORAGE_ACCOUNT"           = "essccppdcppdfileupload"
            "AZURE_STORAGE_CONTAINER"         = "essccppdvhds"
            "DATABASE_URL"                    = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/postgresconnection/cbe539a3b5314aaaab0b1dee763ef758)"
            "DOCKER_ENABLE_CI"                = "true"
          ~ "DOCKER_REGISTRY_SERVER_PASSWORD" = "0YLmbpIxTQ+sXCQDImhMsOSOBNx3dbpl" -> "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/dockerpword/844af5be09f14031aa226d95ba958941)"
          ~ "DOCKER_REGISTRY_SERVER_URL"      = "https://essecppdacr.azurecr.io" -> "https://essccppdr.azurecr.io"
          ~ "DOCKER_REGISTRY_SERVER_USERNAME" = "EsSECPPDacr" -> "EsSCCPPDr"
            "FEATURE_AZURE_PG_SSL"            = "true"
            "FEATURE_AZ_STORAGE"              = "true"
            "FEATURE_REDIS_SSL"               = "true"
            "LOG_LEVEL"                       = "verbose"
            "SESSION_ADAPTER"                 = "@sailshq/connect-redis"
            "SESSION_ADAPTER_URL"             = "@Microsoft.KeyVault(SecretUri=https://essccppdkv.vault.azure.net/secrets/redisconnection/42c5dde53b3b4c4c909b2ed58abb068c)"
        }
        client_affinity_enabled        = true
        client_cert_enabled            = false
        default_site_hostname          = "essccppdappservice.azurewebsites.net"
        enabled                        = true
        https_only                     = true
        id                             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Web/sites/EsSCCPPDappservice"
        location                       = "canadacentral"
        name                           = "EsSCCPPDappservice"
        outbound_ip_addresses          = "52.237.22.139,52.237.24.27,52.237.22.229,52.237.29.228,52.237.19.55"
        possible_outbound_ip_addresses = "52.237.22.139,52.237.24.27,52.237.22.229,52.237.29.228,52.237.19.55,52.233.60.58,52.233.59.239"
        resource_group_name            = "EsSCCPPDrg"
        site_credential                = [
            {
                password = "CSf1bLB1fjwZm6fJn9ASxqMdnX6snWME9f602m9stjckR9oF2AmnGCxoYjtz"
                username = "$EsSCCPPDappservice"
            },
        ]
        source_control                 = [
            {
                branch   = "master"
                repo_url = ""
            },
        ]
        tags                           = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }

        auth_settings {
            additional_login_params        = {}
            allowed_external_redirect_urls = []
            enabled                        = false
            token_refresh_extension_hours  = 0
            token_store_enabled            = false
        }

        identity {
            identity_ids = []
            principal_id = "a7e2138e-3554-4d09-b99c-8353c06c868d"
            tenant_id    = "9ed55846-8a81-4246-acd8-b1a01abfc0d1"
            type         = "SystemAssigned"
        }

        logs {
            application_logs {
            }

            http_logs {

                file_system {
                    retention_in_days = 7
                    retention_in_mb   = 100
                }
            }
        }

      ~ site_config {
            always_on                 = true
            default_documents         = []
            dotnet_framework_version  = "v4.0"
            ftps_state                = "AllAllowed"
            http2_enabled             = true
            ip_restriction            = []
          ~ linux_fx_version          = "DOCKER|essecppdacr.azurecr.io/cppd/node-app:latest" -> "DOCKER|essccppdr.azurecr.io/cppd/node-app:latest"
            local_mysql_enabled       = false
            managed_pipeline_mode     = "Integrated"
            min_tls_version           = "1.2"
            remote_debugging_enabled  = false
            remote_debugging_version  = "VS2019"
            scm_type                  = "None"
            use_32_bit_worker_process = false
            websockets_enabled        = false

            cors {
                allowed_origins     = []
                support_credentials = false
            }
        }
    }

  # azurerm_key_vault_secret.pg_connection_string will be updated in-place
  ~ resource "azurerm_key_vault_secret" "pg_connection_string" {
        id           = "https://essccppdkv.vault.azure.net/secrets/postgresconnection/cbe539a3b5314aaaab0b1dee763ef758"
        key_vault_id = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.KeyVault/vaults/EsSCCPPDkv"
        name         = "postgresconnection"
        tags         = {
            "Branch"         = "IITB"
            "Classification" = "Unclassified"
            "CsdId"          = "930"
            "Directorate"    = "BSIM"
            "Environment"    = "Sandbox"
            "Project"        = "DTS"
            "ServiceOwner"   = "calvin.rodo@014gc.microsoftonline.com"
            "Version"        = "0.0.0"
        }
      ~ value        = (sensitive value)
        version      = "cbe539a3b5314aaaab0b1dee763ef758"
    }

  # azurerm_monitor_diagnostic_setting.cache_diagnostic_settings will be updated in-place
  ~ resource "azurerm_monitor_diagnostic_setting" "cache_diagnostic_settings" {
        id                             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Cache/Redis/EsSCCPPDcache|EsSCCPPDcachediagnostics"
      + log_analytics_destination_type = "Dedicated"
        log_analytics_workspace_id     = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourcegroups/essccppdrg/providers/microsoft.operationalinsights/workspaces/essccppdloganalytics"
        name                           = "EsSCCPPDcachediagnostics"
        target_resource_id             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.Cache/Redis/EsSCCPPDcache"

        metric {
            category = "AllMetrics"
            enabled  = true

            retention_policy {
                days    = 7
                enabled = true
            }
        }
    }

  # azurerm_monitor_diagnostic_setting.database_diagnostic_settings will be updated in-place
  ~ resource "azurerm_monitor_diagnostic_setting" "database_diagnostic_settings" {
        id                             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.DBforPostgreSQL/servers/essccppdpostgresql|EsSCCPPDpostgresdiagnostics"
      + log_analytics_destination_type = "Dedicated"
        log_analytics_workspace_id     = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourcegroups/essccppdrg/providers/microsoft.operationalinsights/workspaces/essccppdloganalytics"
        name                           = "EsSCCPPDpostgresdiagnostics"
        target_resource_id             = "/subscriptions/07f55ef5-e27b-42ca-9771-f2705b08acd1/resourceGroups/EsSCCPPDrg/providers/Microsoft.DBforPostgreSQL/servers/essccppdpostgresql"

        log {
            category = "PostgreSQLLogs"
            enabled  = true

            retention_policy {
                days    = 7
                enabled = true
            }
        }
        log {
            category = "QueryStoreRuntimeStatistics"
            enabled  = true

            retention_policy {
                days    = 7
                enabled = true
            }
        }
        log {
            category = "QueryStoreWaitStatistics"
            enabled  = true

            retention_policy {
                days    = 7
                enabled = true
            }
        }

        metric {
            category = "AllMetrics"
            enabled  = true

            retention_policy {
                days    = 7
                enabled = true
            }
        }
    }

Plan: 0 to add, 4 to change, 0 to destroy.

Workflow: OpenPolicyAgent Compliance Checks, Action: run

@var-kyle var-kyle changed the title WIP: Added log level env variable to app service Added log level env variable to app service Mar 20, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@CalvinRodo CalvinRodo Awaiting requested review from CalvinRodo

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@var-kyle