clouddrove · d4kverma · Jan 2, 2025 · Jan 2, 2025
diff --git a/.github/workflows/update-policy.yml b/.github/workflows/update-policy.yml
@@ -1,131 +1,132 @@
 ---
-name: Update Library Templates
-
-# yamllint disable-line rule:truthy
-on:
-  schedule:
-    - cron: "0 8 * * 1-5"
-  workflow_dispatch:
-    inputs:
-      enterprise-scale-repository-branch:
-        description: "The branch to target for the enterprise scale repository"
-        required: false
-        default: "main"
-
-env:
-  remote_repository: "Azure/Enterprise-Scale"
-  remote_repository_branch: ${{ github.event.inputs.enterprise-scale-repository-branch != 'main' && github.event.inputs.enterprise-scale-repository-branch || 'main' }}
-  branch_name: "patch-library-${{ github.run_number }}"
-  pr_title: "Update Library Templates (automated)"
-  pr_body:
-    "This is an automated 'pull_request' containing updates to the library templates stored in 'modules/archetypes/lib'.\n
-    Please review the 'files changed' tab to review changes."
-
-jobs:
-  update-templates:
-    name: Update Library Templates
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-    steps:
-      - name: Local repository checkout
-        uses: actions/checkout@v4
-        with:
-          path: ${{ github.repository }}
-          fetch-depth: 0
-
-      - name: Remote repository checkout
-        uses: actions/checkout@v4
-        with:
-          repository: ${{ env.remote_repository }}
-          path: ${{ env.remote_repository }}
-          ref: ${{ env.remote_repository_branch }}
-
-      - uses: tibdex/github-app-token@v2
-        id: generate-token
-        with:
-          app_id: ${{ secrets.APP_ID }}
-          private_key: ${{ secrets.APP_PRIVATE_KEY }}
-
-      - name: Configure local git
-        run: |
-          git config user.name github-actions
-          git config user.email action@github.com
-        working-directory: ${{ github.repository }}
-
-      - name: Create and checkout branch
-        run: |
-          BRANCH_URL="repos/${{ github.repository }}/branches"
-          JQ_FILTER=".[] | select(.name == \"${{ env.branch_name }}\").name"
-          CHECK_BRANCH_ORIGIN=$(gh api $BRANCH_URL | jq -r "$JQ_FILTER")
-          if [ -z "$CHECK_BRANCH_ORIGIN" ]
-          then
-            echo "Checkout local branch (create new, no origin)..."
-            git checkout -b ${{ env.branch_name }}
-          else
-            echo "Checkout local branch (create new, track from origin)..."
-            git checkout -b ${{ env.branch_name }} --track origin/${{ env.branch_name }}
-          fi
-        working-directory: ${{ github.repository }}
-        env:
-          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
-
-      - name: Update library templates
-        uses: azure/powershell@v2
-        with:
-          inlineScript: |
-            Write-Information "==> Running policy definitions script..." -InformationAction Continue
-            ${{ github.repository }}/.github/scripts/Invoke-LibraryUpdatePolicyDefinitions.ps1 `
-              -AlzToolsPath "${{ github.workspace }}/${{ env.remote_repository }}/src/Alz.Tools/" `
-              -TargetPath "${{ github.workspace }}/${{ github.repository }}" `
-              -SourcePath "${{ github.workspace }}/${{ env.remote_repository }}" `
-              -Reset
-
-            Write-Information "==> Running policy assignments and archetypes script..." -InformationAction Continue
-            ${{ github.repository }}/.github/scripts/Invoke-LibraryUpdatePolicyAssignmentArchetypes.ps1 `
-              -AlzToolsPath "${{ github.workspace }}/${{ env.remote_repository }}/src/Alz.Tools/" `
-              -TargetPath "${{ github.workspace }}/${{ github.repository }}" `
-              -SourcePath "${{ github.workspace }}/${{ env.remote_repository }}"
-          azPSVersion: "latest"
-
-      - name: Check for changes
-        id: git_status
-        run: |
-          mapfile -t "CHECK_GIT_STATUS" < <(git status -s)
-          printf "%s\n" "${CHECK_GIT_STATUS[@]}"
-          echo "changes=${#CHECK_GIT_STATUS[@]}" >> "$GITHUB_OUTPUT"
-        working-directory: ${{ github.repository }}
-
-      # - name: Add files, commit and push
-      #   if: steps.git_status.outputs.changes > 0
-      #   run: |
-      #     echo "Pushing changes to origin..."
-      #     git add modules/archetypes/lib
-      #     git commit -m '${{ env.pr_title }}'
-      #     git push origin ${{ env.branch_name }}
-      #   working-directory: ${{ github.repository }}
-
-      # - name: Create pull request
-      #   if: steps.git_status.outputs.changes > 0
-      #   run: |
-      #     HEAD_LABEL="${{ github.repository_owner }}:${{ env.branch_name }}"
-      #     BASE_LABEL="${{ github.repository_owner }}:$(echo '${{ github.ref }}' | sed 's:refs/heads/::')"
-      #     PULL_REQUEST_URL="repos/${{ github.repository }}/pulls"
-      #     JQ_FILTER=".[] | select(.head.label == \"$HEAD_LABEL\") | select(.base.label == \"$BASE_LABEL\") | .url"
-      #     CHECK_PULL_REQUEST_URL=$(gh api $PULL_REQUEST_URL | jq -r "$JQ_FILTER")
-      #     if [ -z "$CHECK_PULL_REQUEST_URL" ]
-      #     then
-      #       CHECK_PULL_REQUEST_URL=$(gh pr create \
-      #       --title "${{ env.pr_title }}" \
-      #       --body "${{ env.pr_body }}" \
-      #       --base "${{ github.ref }}" \
-      #       --head "${{ env.branch_name }}" \
-      #       --draft)
-      #       echo "Created new PR: $CHECK_PULL_REQUEST_URL"
-      #     else
-      #       echo "Existing PR found: $CHECK_PULL_REQUEST_URL"
-      #     fi
-      #   working-directory: ${{ github.repository }}
-      #   env:
-      #     GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
+  name: Update Library Templates
+
+  # yamllint disable-line rule:truthy
+  on:
+    schedule:
+      - cron: "0 8 * * 1-5"
+    workflow_dispatch:
+      inputs:
+        enterprise-scale-repository-branch:
+          description: "The branch to target for the enterprise scale repository"
+          required: false
+          default: "main"
+
+  env:
+    remote_repository: "Azure/Enterprise-Scale"
+    remote_repository_branch: ${{ github.event.inputs.enterprise-scale-repository-branch != 'main' && github.event.inputs.enterprise-scale-repository-branch || 'main' }}
+    branch_name: "patch-library-${{ github.run_number }}"
+    pr_title: "Update Library Templates (automated)"
+    pr_body:
+      "This is an automated 'pull_request' containing updates to the library templates stored in 'modules/archetypes/lib'.\n
+      Please review the 'files changed' tab to review changes."
+
+  jobs:
+    update-templates:
+      name: Update Library Templates
+      runs-on: ubuntu-latest
+      permissions:
+        contents: write
+        pull-requests: write
+      steps:
+        - name: Local repository checkout
+          uses: actions/checkout@v4
+          with:
+            path: ${{ github.repository }}
+            fetch-depth: 0
+
+        - name: Remote repository checkout
+          uses: actions/checkout@v4
+          with:
+            repository: ${{ env.remote_repository }}
+            path: ${{ env.remote_repository }}
+            ref: ${{ env.remote_repository_branch }}
+
+        - uses: tibdex/github-app-token@v2
+          id: generate-token
+          with:
+            app_id: ${{ secrets.APP_ID }}
+            private_key: ${{ secrets.APP_PRIVATE_KEY }}
+
+        - name: Configure local git
+          run: |
+            git config user.name github-actions
+            git config user.email action@github.com
+          working-directory: ${{ github.repository }}
+
+        - name: Create and checkout branch
+          run: |
+            BRANCH_URL="repos/${{ github.repository }}/branches"
+            JQ_FILTER=".[] | select(.name == \"${{ env.branch_name }}\").name"
+            CHECK_BRANCH_ORIGIN=$(gh api $BRANCH_URL | jq -r "$JQ_FILTER")
+            if [ -z "$CHECK_BRANCH_ORIGIN" ]
+            then
+              echo "Checkout local branch (create new, no origin)..."
+              git checkout -b ${{ env.branch_name }}
+            else
+              echo "Checkout local branch (create new, track from origin)..."
+              git checkout -b ${{ env.branch_name }} --track origin/${{ env.branch_name }}
+            fi
+          working-directory: ${{ github.repository }}
+          env:
+            GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
+
+        - name: Update library templates
+          uses: azure/powershell@v2
+          with:
+            inlineScript: |
+              Write-Information "==> Running policy definitions script..." -InformationAction Continue
+              ${{ github.repository }}/.github/scripts/Invoke-LibraryUpdatePolicyDefinitions.ps1 `
+                -AlzToolsPath "${{ github.workspace }}/${{ env.remote_repository }}/src/Alz.Tools/" `
+                -TargetPath "${{ github.workspace }}/${{ github.repository }}" `
+                -SourcePath "${{ github.workspace }}/${{ env.remote_repository }}" `
+                -Reset
+
+              Write-Information "==> Running policy assignments and archetypes script..." -InformationAction Continue
+              ${{ github.repository }}/.github/scripts/Invoke-LibraryUpdatePolicyAssignmentArchetypes.ps1 `
+                -AlzToolsPath "${{ github.workspace }}/${{ env.remote_repository }}/src/Alz.Tools/" `
+                -TargetPath "${{ github.workspace }}/${{ github.repository }}" `
+                -SourcePath "${{ github.workspace }}/${{ env.remote_repository }}"
+            azPSVersion: "latest"
+
+        - name: Check for changes
+          id: git_status
+          run: |
+            mapfile -t "CHECK_GIT_STATUS" < <(git status -s)
+            printf "%s\n" "${CHECK_GIT_STATUS[@]}"
+            echo "changes=${#CHECK_GIT_STATUS[@]}" >> "$GITHUB_OUTPUT"
+          working-directory: ${{ github.repository }}
+
+        # - name: Add files, commit and push
+        #   if: steps.git_status.outputs.changes > 0
+        #   run: |
+        #     echo "Pushing changes to origin..."
+        #     git add modules/archetypes/lib
+        #     git commit -m '${{ env.pr_title }}'
+        #     git push origin ${{ env.branch_name }}
+        #   working-directory: ${{ github.repository }}
+
+        # - name: Create pull request
+        #   if: steps.git_status.outputs.changes > 0
+        #   run: |
+        #     HEAD_LABEL="${{ github.repository_owner }}:${{ env.branch_name }}"
+        #     BASE_LABEL="${{ github.repository_owner }}:$(echo '${{ github.ref }}' | sed 's:refs/heads/::')"
+        #     PULL_REQUEST_URL="repos/${{ github.repository }}/pulls"
+        #     JQ_FILTER=".[] | select(.head.label == \"$HEAD_LABEL\") | select(.base.label == \"$BASE_LABEL\") | .url"
+        #     CHECK_PULL_REQUEST_URL=$(gh api $PULL_REQUEST_URL | jq -r "$JQ_FILTER")
+        #     if [ -z "$CHECK_PULL_REQUEST_URL" ]
+        #     then
+        #       CHECK_PULL_REQUEST_URL=$(gh pr create \
+        #       --title "${{ env.pr_title }}" \
+        #       --body "${{ env.pr_body }}" \
+        #       --base "${{ github.ref }}" \
+        #       --head "${{ env.branch_name }}" \
+        #       --draft)
+        #       echo "Created new PR: $CHECK_PULL_REQUEST_URL"
+        #     else
+        #       echo "Existing PR found: $CHECK_PULL_REQUEST_URL"
+        #     fi
+        #   working-directory: ${{ github.repository }}
+        #   env:
+        #     GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
+
diff --git a/.terraform-docs.yml b/.terraform-docs.yml
@@ -4,7 +4,7 @@
 
 formatter: "markdown document" # this is required
 
-version: "0.17.0"
+version: "~> 0.18"
 
 header-from: "_README_header.md"
 footer-from: "_README_footer.md"
@@ -13,13 +13,6 @@ recursive:
   enabled: true
   path: modules
 
-sections:
-  hide: []
-  show: []
-
-  hide-all: false # deprecated in v0.13.0, removed in v0.15.0
-  show-all: true # deprecated in v0.13.0, removed in v0.15.0
-
 content: |-
   {{ .Header }}
 

diff --git a/README.md b/README.md
@@ -52,7 +52,7 @@ This allows customers to address concerns around managing large state files, or
 
 ## Terraform versions
 
-This module has been tested using Terraform `1.7.0` and AzureRM Provider `3.107.0` as a baseline, and various versions to up the latest at time of release.
+This module has been tested using Terraform `1.7.0` and AzureRM Provider `3.108.0` as a baseline, and various versions to up the latest at time of release.
 In some cases, individual versions of the AzureRM provider may cause errors.
 If this happens, we advise upgrading to the latest version and checking our [troubleshooting](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/Troubleshooting) guide before [raising an issue](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/issues).
 
@@ -186,7 +186,7 @@ The following requirements are needed by this module:
 
 - <a name="requirement_azapi"></a> [azapi](#requirement\_azapi) (~> 1.13, != 1.13.0)
 
-- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (~> 3.107)
+- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (~> 3.108)
 
 - <a name="requirement_random"></a> [random](#requirement\_random) (~> 3.6)
 
@@ -654,6 +654,7 @@ object({
       log_analytics = optional(object({
         enabled = optional(bool, true)
         config = optional(object({
+          daily_quota_gb                         = optional(number, -1)
           retention_in_days                      = optional(number, 30)
           enable_monitoring_for_vm               = optional(bool, true)
           enable_monitoring_for_vmss             = optional(bool, true)
@@ -1108,6 +1109,7 @@ The following resources are used by this module:
 - [azurerm_resource_group.virtual_wan](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) (resource)
 - [azurerm_role_assignment.ama_managed_identity_operator](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
 - [azurerm_role_assignment.ama_reader](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
+- [azurerm_role_assignment.deploy_azsqldb_auditing_connectivity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
 - [azurerm_role_assignment.enterprise_scale](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
 - [azurerm_role_assignment.policy_assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
 - [azurerm_role_assignment.private_dns_zone_contributor_connectivity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
@@ -1141,6 +1143,10 @@ The following resources are used by this module:
 
 The following outputs are exported:
 
+### <a name="output_ama_user_assigned_identity"></a> [ama\_user\_assigned\_identity](#output\_ama\_user\_assigned\_identity)
+
+Description: The user assigned identity for Azure Monitor Agent that is created by this module.
+
 ### <a name="output_azurerm_automation_account"></a> [azurerm\_automation\_account](#output\_azurerm\_automation\_account)
 
 Description: Returns the configuration data for all Automation Accounts created by this module.
@@ -1257,6 +1263,10 @@ Description: Returns the configuration data for all Virtual WANs created by this
 
 Description: Returns the configuration data for all (Virtual WAN) VPN Gateways created by this module.
 
+### <a name="output_data_collection_rules"></a> [data\_collection\_rules](#output\_data\_collection\_rules)
+
+Description: A map of the data collection rules created by this module.
+
 <!-- markdownlint-enable -->
 <!-- markdownlint-disable MD041 -->
 ## Telemetry

diff --git a/_README_header.md b/_README_header.md
@@ -51,7 +51,7 @@ This allows customers to address concerns around managing large state files, or
 
 ## Terraform versions
 
-This module has been tested using Terraform `1.7.0` and AzureRM Provider `3.107.0` as a baseline, and various versions to up the latest at time of release.
+This module has been tested using Terraform `1.7.0` and AzureRM Provider `3.108.0` as a baseline, and various versions to up the latest at time of release.
 In some cases, individual versions of the AzureRM provider may cause errors.
 If this happens, we advise upgrading to the latest version and checking our [troubleshooting](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/Troubleshooting) guide before [raising an issue](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/issues).
 

diff --git a/docs/wiki/Examples.md b/docs/wiki/Examples.md
@@ -42,7 +42,7 @@ Use the links below to explore these examples in more detail.
 [wiki_assign_a_built_in_policy]:                                     %5BExamples%5D-Assign-a-Built-in-Policy "Wiki - Assign a built-in policy"
 [wiki_create_and_assign_custom_rbac_roles]:                          %5BExamples%5D-Create-and-Assign-Custom-RBAC-Roles "Wiki - Create and assign custom RBAC roles"
 [wiki_create_custom_policies_policy_sets_and_assignments]:           %5BExamples%5D-Create-Custom-Policies-Policy-Sets-and-Assignments "Wiki - Create custom policies, policy sets and assignments"
-[wiki_deploy_connectivity_resources_custom]:                         %5BExamples%5D-Deploy-Connectivity-Resources-With-Custom-Settings "Wiki - Deploy connectivity resources with custom settings (Hub and Spoke)"
+[wiki_deploy_connectivity_resources_custom]:                         %5BExamples%5D-Deploy-Multi-Region-Networking-With-Custom-Settings "Wiki - Deploy multi region networking with custom settings (Hub and Spoke)"
 [wiki_deploy_connectivity_resources]:                                %5BExamples%5D-Deploy-Connectivity-Resources "Wiki - Deploy connectivity resources (Hub and Spoke)"
 [wiki_deploy_custom_landing_zone_archetypes]:                        %5BExamples%5D-Deploy-Custom-Landing-Zone-Archetypes "Wiki - Deploy custom landing zone archetypes"
 [wiki_deploy_default_configuration]:                                 %5BExamples%5D-Deploy-Default-Configuration "Wiki - Deploy default configuration"
@@ -54,7 +54,7 @@ Use the links below to explore these examples in more detail.
 [wiki_deploy_using_module_nesting]:                                  %5BExamples%5D-Deploy-Using-Module-Nesting "Wiki - Deploy using module nesting"
 [wiki_deploy_using_multiple_module_declarations_with_orchestration]: %5BExamples%5D-Deploy-using-multiple-module-declarations-with-orchestration "Wiki - Deploy using multiple module declarations with orchestration"
 [wiki_deploy_using_multiple_module_declarations_with_remote_state]:  %5BExamples%5D-Deploy-using-multiple-module-declarations-with-remote-state "Wiki - Deploy using multiple module declarations with remote state"
-[wiki_deploy_virtual_wan_resources_custom]:                          %5BExamples%5D-Deploy-Virtual-WAN-Resources-With-Custom-Settings "Wiki - Deploy connectivity resources with custom settings (Virtual WAN)"
+[wiki_deploy_virtual_wan_resources_custom]:                          %5BExamples%5D-Deploy-Virtual-WAN-Multi-Region-With-Custom-Settings "Wiki - Deploy multi region networking with custom settings (Virtual WAN)"
 [wiki_deploy_virtual_wan_resources]:                                 %5BExamples%5D-Deploy-Virtual-WAN-Resources "Wiki - Deploy connectivity resources (Virtual WAN)"
 [wiki_expand_built_in_archetype_definitions]:                        %5BExamples%5D-Expand-Built-in-Archetype-Definitions "Wiki - Expand built-in archetype definitions"
 [wiki_override_module_role_assignments]:                             %5BExamples%5D-Override-Module-Role-Assignments "Wiki - Override module role assignments"