Update Terraform azuread to v3

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
azuread (source)	required_provider	major	2.53.1 -> 3.1.0

---

Release Notes

hashicorp/terraform-provider-azuread (azuread)

v3.1.0

Compare Source

ENHANCEMENTS:

• dependencies - update golang.org/x/crypto to 0.31.0 (#​1585)
• data.azuread_named_location - add support for country_lookup_method (#​1589)
• azuread_conditional_access_policy - add support for the insider_risk_levels property (#​1597)
• azuread_named_location - add support for country_lookup_method (#​1589)

BUG FIXES:

• azuread_access_package_resource_catalog_association - allow origin IDs that contain / (#​1592)
• azuread_application - the password block can now correctly be removed (#​1430)
• azuread_conditional_access_policy - fix potential panic in expanding conditions (#​1619)
• azuread_group - prevent creation retry when caller hasn't been specified as an owner (#​1593)
• azuread_user - add support for employee_hire_date (#​1437)

v3.0.2

Compare Source

BUG FIXES:

• azuread_group - Fix crash and memory leak (#​1518)

v3.0.1

Compare Source

BUG FIXES:

• data.azuread_group - fix ID parsing bugs and some crashes (#​1499)
• azuread_conditional_access_policy - fix a parsing bug for authentication_strength_policy_id (#​1499)
• azuread_service_principal_certificate - fix a parsing bug for service_principal_id (#​1499)
• azuread_service_principal_claims_mapping_policy_assignment - fix a parsing bug for service_principal_id (#​1499)
• azuread_service_principal_password - fix a parsing bug for service_principal_id (#​1499)
• azuread_service_principal_token_signing_certificate - fix a parsing bug for service_principal_id (#​1499)
• azuread_synchronization_job - fix a parsing bug for service_principal_id (#​1499)
• azuread_synchronization_job_provision_on_demand - fix parsing bugs for service_principal_id and synchronization_job_id (#​1499)
• azuread_synchronization_secret - fix a parsing bug for service_principal_id (#​1499)

v3.0.0

Compare Source

NOTES:

• Major Version: Version 3.0 of the AzureAD Provider is a major version. Some behaviors have changed and some deprecated fields/resources have been removed. Please refer to the 3.0 upgrade guide for more information.
• When upgrading to v3.0 of the AzureAD Provider, we recommend upgrading to the latest version of Terraform Core (which can be found here).

---

Configuration

📅 Schedule: Branch creation - "after 7am and before 11am every weekday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[hmcts-jenkins-a-to-c]

Plan Result (aat)

⚠️ Resource Deletion will happen

This plan contains resource delete operation. Please check the plan result very carefully!

Plan: 4 to add, 2 to change, 2 to destroy.

• Create
  • module.dm_store_storage_account.time_rotating.rotate
  • module.storage_account.time_rotating.rotate
• Update
  • module.dm_store_storage_account.azurerm_storage_account.storage_account
  • module.storage_account.azurerm_storage_account.storage_account
• Replace
  • module.dm_store_storage_account.time_static.pim_expiry
  • module.storage_account.time_static.pim_expiry

Change Result (Click me)

  # module.dm_store_storage_account.azurerm_storage_account.storage_account will be updated in-place
  ~ resource "azurerm_storage_account" "storage_account" {
      ~ cross_tenant_replication_enabled  = true -> false
        id                                = "/subscriptions/1c4f0704-a29e-403d-b719-b90c34ef14c9/resourceGroups/ccd-shared-aat/providers/Microsoft.Storage/storageAccounts/dmstoredocaat"
        name                              = "dmstoredocaat"
        tags                              = {
            "Destroy Me"          = "No"
            "Team Contact"        = "#em-dev-chat"
            "application"         = "evidence-management"
            "autoShutdown"        = "true"
            "builtFrom"           = "https://github.com/HMCTS/ccd-shared-infrastructure.git"
            "businessArea"        = "CFT"
            "contactSlackChannel" = "#em-dev-chat"
            "environment"         = "staging"
            "managedBy"           = "Evidence Management"
        }
        # (39 unchanged attributes hidden)

      ~ network_rules {
          ~ ip_rules                   = [
              - "109.159.86.122",
            ]
            # (3 unchanged attributes hidden)
        }

        # (3 unchanged blocks hidden)
    }

  # module.dm_store_storage_account.time_rotating.rotate will be created
  + resource "time_rotating" "rotate" {
      + day              = (known after apply)
      + hour             = (known after apply)
      + id               = (known after apply)
      + minute           = (known after apply)
      + month            = (known after apply)
      + rfc3339          = (known after apply)
      + rotation_days    = 360
      + rotation_rfc3339 = (known after apply)
      + second           = (known after apply)
      + unix             = (known after apply)
      + year             = (known after apply)
    }

  # module.dm_store_storage_account.time_static.pim_expiry must be replaced
-/+ resource "time_static" "pim_expiry" {
      ~ day     = 14 -> (known after apply)
      ~ hour    = 16 -> (known after apply)
      ~ id      = "2024-11-14T16:08:44Z" -> (known after apply)
      ~ minute  = 8 -> (known after apply)
      ~ month   = 11 -> (known after apply)
      ~ rfc3339 = "2024-11-14T16:08:44Z" # forces replacement -> (known after apply) # forces replacement
      ~ second  = 44 -> (known after apply)
      ~ unix    = 1731600524 -> (known after apply)
      ~ year    = 2024 -> (known after apply)
    }

  # module.storage_account.azurerm_storage_account.storage_account will be updated in-place
  ~ resource "azurerm_storage_account" "storage_account" {
      ~ cross_tenant_replication_enabled  = true -> false
        id                                = "/subscriptions/1c4f0704-a29e-403d-b719-b90c34ef14c9/resourceGroups/ccd-shared-aat/providers/Microsoft.Storage/storageAccounts/ccdsharedaat"
        name                              = "ccdsharedaat"
        tags                              = {
            "Destroy Me"          = "No"
            "Team Contact"        = "#ccd-devops"
            "application"         = "core-case-data"
            "autoShutdown"        = "true"
            "builtFrom"           = "https://github.com/HMCTS/ccd-shared-infrastructure.git"
            "businessArea"        = "CFT"
            "contactSlackChannel" = "#ccd-community"
            "environment"         = "staging"
            "managedBy"           = "CCD"
        }
        # (39 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.storage_account.time_rotating.rotate will be created
  + resource "time_rotating" "rotate" {
      + day              = (known after apply)
      + hour             = (known after apply)
      + id               = (known after apply)
      + minute           = (known after apply)
      + month            = (known after apply)
      + rfc3339          = (known after apply)
      + rotation_days    = 360
      + rotation_rfc3339 = (known after apply)
      + second           = (known after apply)
      + unix             = (known after apply)
      + year             = (known after apply)
    }

  # module.storage_account.time_static.pim_expiry must be replaced
-/+ resource "time_static" "pim_expiry" {
      ~ day     = 14 -> (known after apply)
      ~ hour    = 16 -> (known after apply)
      ~ id      = "2024-11-14T16:08:44Z" -> (known after apply)
      ~ minute  = 8 -> (known after apply)
      ~ month   = 11 -> (known after apply)
      ~ rfc3339 = "2024-11-14T16:08:44Z" # forces replacement -> (known after apply) # forces replacement
      ~ second  = 44 -> (known after apply)
      ~ unix    = 1731600524 -> (known after apply)
      ~ year    = 2024 -> (known after apply)
    }

Plan: 4 to add, 2 to change, 2 to destroy.

ℹ️ Objects have changed outside of Terraform

This feature was introduced from Terraform v0.15.4.

Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:

  # module.dm_store_storage_account.time_rotating.rotate has been deleted
  - resource "time_rotating" "rotate" {
        id               = "2023-11-20T16:08:44Z"
      - rotation_rfc3339 = "2024-11-14T16:08:44Z" -> null
        # (9 unchanged attributes hidden)
    }

  # module.storage_account.time_rotating.rotate has been deleted
  - resource "time_rotating" "rotate" {
        id               = "2023-11-20T16:08:44Z"
      - rotation_rfc3339 = "2024-11-14T16:08:44Z" -> null
        # (9 unchanged attributes hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the

[hmcts-jenkins-a-to-c]

Plan Result (prod)

⚠️ Resource Deletion will happen

This plan contains resource delete operation. Please check the plan result very carefully!

Plan: 4 to add, 2 to change, 2 to destroy.

• Create
  • module.dm_store_storage_account.time_rotating.rotate
  • module.storage_account.time_rotating.rotate
• Update
  • module.dm_store_storage_account.azurerm_storage_account.storage_account
  • module.storage_account.azurerm_storage_account.storage_account
• Replace
  • module.dm_store_storage_account.time_static.pim_expiry
  • module.storage_account.time_static.pim_expiry

Change Result (Click me)

  # module.dm_store_storage_account.azurerm_storage_account.storage_account will be updated in-place
  ~ resource "azurerm_storage_account" "storage_account" {
      ~ cross_tenant_replication_enabled  = true -> false
        id                                = "/subscriptions/8999dec3-0104-4a27-94ee-6588559729d1/resourceGroups/ccd-shared-prod/providers/Microsoft.Storage/storageAccounts/dmstoredocprod"
        name                              = "dmstoredocprod"
        tags                              = {
            "Destroy Me"          = "No"
            "Team Contact"        = "#em-dev-chat"
            "application"         = "evidence-management"
            "builtFrom"           = "https://github.com/HMCTS/ccd-shared-infrastructure.git"
            "businessArea"        = "CFT"
            "contactSlackChannel" = "#em-dev-chat"
            "environment"         = "production"
            "managedBy"           = "Evidence Management"
        }
        # (39 unchanged attributes hidden)

      ~ network_rules {
          ~ ip_rules                   = [
              - "109.159.86.122",
              - "149.50.162.254",
              - "149.50.163.165",
              - "188.74.124.208",
              - "188.74.98.111",
              - "80.192.199.67",
              - "82.11.28.229",
              - "90.197.165.203",
            ]
            # (3 unchanged attributes hidden)
        }

        # (3 unchanged blocks hidden)
    }

  # module.dm_store_storage_account.time_rotating.rotate will be created
  + resource "time_rotating" "rotate" {
      + day              = (known after apply)
      + hour             = (known after apply)
      + id               = (known after apply)
      + minute           = (known after apply)
      + month            = (known after apply)
      + rfc3339          = (known after apply)
      + rotation_days    = 360
      + rotation_rfc3339 = (known after apply)
      + second           = (known after apply)
      + unix             = (known after apply)
      + year             = (known after apply)
    }

  # module.dm_store_storage_account.time_static.pim_expiry must be replaced
-/+ resource "time_static" "pim_expiry" {
      ~ day     = 15 -> (known after apply)
      ~ hour    = 14 -> (known after apply)
      ~ id      = "2024-11-15T14:05:33Z" -> (known after apply)
      ~ minute  = 5 -> (known after apply)
      ~ month   = 11 -> (known after apply)
      ~ rfc3339 = "2024-11-15T14:05:33Z" # forces replacement -> (known after apply) # forces replacement
      ~ second  = 33 -> (known after apply)
      ~ unix    = 1731679533 -> (known after apply)
      ~ year    = 2024 -> (known after apply)
    }

  # module.storage_account.azurerm_storage_account.storage_account will be updated in-place
  ~ resource "azurerm_storage_account" "storage_account" {
      ~ cross_tenant_replication_enabled  = true -> false
        id                                = "/subscriptions/8999dec3-0104-4a27-94ee-6588559729d1/resourceGroups/ccd-shared-prod/providers/Microsoft.Storage/storageAccounts/ccdsharedprod"
        name                              = "ccdsharedprod"
        tags                              = {
            "Destroy Me"          = "No"
            "Team Contact"        = "#ccd-devops"
            "application"         = "core-case-data"
            "builtFrom"           = "https://github.com/HMCTS/ccd-shared-infrastructure.git"
            "businessArea"        = "CFT"
            "contactSlackChannel" = "#ccd-community"
            "environment"         = "production"
            "managedBy"           = "CCD"
        }
        # (39 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.storage_account.time_rotating.rotate will be created
  + resource "time_rotating" "rotate" {
      + day              = (known after apply)
      + hour             = (known after apply)
      + id               = (known after apply)
      + minute           = (known after apply)
      + month            = (known after apply)
      + rfc3339          = (known after apply)
      + rotation_days    = 360
      + rotation_rfc3339 = (known after apply)
      + second           = (known after apply)
      + unix             = (known after apply)
      + year             = (known after apply)
    }

  # module.storage_account.time_static.pim_expiry must be replaced
-/+ resource "time_static" "pim_expiry" {
      ~ day     = 15 -> (known after apply)
      ~ hour    = 14 -> (known after apply)
      ~ id      = "2024-11-15T14:05:33Z" -> (known after apply)
      ~ minute  = 5 -> (known after apply)
      ~ month   = 11 -> (known after apply)
      ~ rfc3339 = "2024-11-15T14:05:33Z" # forces replacement -> (known after apply) # forces replacement
      ~ second  = 33 -> (known after apply)
      ~ unix    = 1731679533 -> (known after apply)
      ~ year    = 2024 -> (known after apply)
    }

Plan: 4 to add, 2 to change, 2 to destroy.

ℹ️ Objects have changed outside of Terraform

This feature was introduced from Terraform v0.15.4.

Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:

  # module.dm_store_storage_account.time_rotating.rotate has been deleted
  - resource "time_rotating" "rotate" {
        id               = "2023-11-21T14:05:33Z"
      - rotation_rfc3339 = "2024-11-15T14:05:33Z" -> null
        # (9 unchanged attributes hidden)
    }

  # module.storage_account.time_rotating.rotate has been deleted
  - resource "time_rotating" "rotate" {
        id               = "2023-11-21T14:05:33Z"
      - rotation_rfc3339 = "2024-11-15T14:05:33Z" -> null
        # (9 unchanged attributes hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the