Add infrastructure baseline #16

marvinbuss · 2025-10-15T16:50:02Z

Proposed changes:

Add infrastructure baseline

github-actions · 2025-10-15T16:50:17Z

Terraform Lint Results

Terraform Version 📎1.13.3
Working Directory 📂./code/infra
Terraform Format and Style 🖌success

Copilot

Pull Request Overview

Adds an initial Terraform-based infrastructure baseline (Azure resources, networking, identity, monitoring) plus automation workflows and linting tools.

Introduces core infra modules (Key Vault, Container Apps Environment, App Insights, Communication Service, subnets, identities, role assignments)
Adds environment-specific configuration (tfvars + backend), and GitHub Actions workflows for plan/apply/destroy and linting
Adds pre-commit hooks for formatting and code style

Reviewed Changes

Copilot reviewed 20 out of 21 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
config/dev/vars.tfvars	Dev environment variable values for the new Terraform stack
config/dev/azurerm.tfbackend	Backend configuration parameters for remote state
code/infra/variables.tf	Defines all input variables and validations
code/infra/userassignedidentity.tf	Creates user-assigned managed identity via module
code/infra/terraform.tf	Terraform core & providers + backend block
code/infra/roleassignments.tf	Role assignments for Key Vault access
code/infra/providers.tf	Provider configurations (azurerm, azapi)
code/infra/network.tf	Creates delegated and private endpoint subnets via azapi
code/infra/main.tf	Resource group definition
code/infra/locals.tf	Local values for naming and lookups
code/infra/keyvault.tf	Key Vault module instantiation
code/infra/data.tf	Data sources for existing infra & diagnostics
code/infra/containerapps.tf	Container Apps Environment + diagnostics settings
code/infra/communicationservice.tf	Communication Service module instantiation
code/infra/applicationinsights.tf	Application Insights module instantiation
.pre-commit-config.yaml	Adds formatting/lint hooks (Terraform, Python tools)
.github/workflows/terraform.yml	Orchestrates environment pipeline using reusable workflows
.github/workflows/lint.yml	Updates lint workflow versions
.github/workflows/_terraformEnvironmentTemplate.yml	Reusable plan/apply workflow template
.github/workflows/_terraformDestroyTemplate.yml	Reusable destroy workflow template

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

code/infra/variables.tf

code/infra/network.tf

code/infra/providers.tf

code/infra/terraform.tf

github-actions · 2025-10-15T17:30:10Z

Terraform Lint Results

Terraform Version 📎1.13.3
Working Directory 📂./code/infra
Terraform Format and Style 🖌success

github-actions · 2025-10-15T18:03:37Z

Terraform Lint Results

Terraform Version 📎1.13.3
Working Directory 📂./code/infra
Terraform Format and Style 🖌success

github-actions · 2025-10-15T21:37:53Z

Terraform Lint Results

Terraform Version 📎1.13.3
Working Directory 📂./code/infra
Terraform Format and Style 🖌success

github-actions · 2025-10-15T21:43:47Z

Terraform Validation & Plan Results

Terraform Version 📎1.13.3
Working Directory 📂./code/infra
Terraform Initialization ⚙️success
Terraform Validation 🤖success
Terraform Plan 📖success

Show Plan


terraform
Acquiring state lock. This may take a few moments...
�[0m�[1mdata.azurerm_log_analytics_workspace.log_analytics_workspace: Reading...�[0m�[0m
�[0m�[1mdata.azurerm_client_config.current: Reading...�[0m�[0m
�[0m�[1mdata.azurerm_route_table.route_table: Reading...�[0m�[0m
�[0m�[1mmodule.key_vault.data.azurerm_client_config.current: Reading...�[0m�[0m
�[0m�[1mdata.azurerm_virtual_network.virtual_network: Reading...�[0m�[0m
�[0m�[1mmodule.communication_service.data.azurerm_client_config.current: Reading...�[0m�[0m
�[0m�[1mdata.azurerm_network_security_group.network_security_group: Reading...�[0m�[0m
�[0m�[1mmodule.key_vault.data.azurerm_client_config.current: Read complete after 0s [id=Y2xpZW50Q29uZmlncy9jbGllbnRJZD1lNWRmNjg0My1lYmRlLTRkNzktOWM3ZS03NDMxYTNjZDQzZDI7b2JqZWN0SWQ9OTczZGYyYWQtNGU1ZS00ZThiLTlkZjYtMTdmNjFlOWVmZDU1O3N1YnNjcmlwdGlvbklkPTFmZGFiMTE4LTE2MzgtNDE5YS04YjEyLTA2Yzk1NDM3MTRhMDt0ZW5hbnRJZD0zNzk2M2RkNC1mNGU2LTQwZjgtYTdkNi0yNGI5NzkxOWU0NTI=]�[0m
�[0m�[1mmodule.communication_service.data.azurerm_client_config.current: Read complete after 0s [id=Y2xpZW50Q29uZmlncy9jbGllbnRJZD1lNWRmNjg0My1lYmRlLTRkNzktOWM3ZS03NDMxYTNjZDQzZDI7b2JqZWN0SWQ9OTczZGYyYWQtNGU1ZS00ZThiLTlkZjYtMTdmNjFlOWVmZDU1O3N1YnNjcmlwdGlvbklkPTFmZGFiMTE4LTE2MzgtNDE5YS04YjEyLTA2Yzk1NDM3MTRhMDt0ZW5hbnRJZD0zNzk2M2RkNC1mNGU2LTQwZjgtYTdkNi0yNGI5NzkxOWU0NTI=]�[0m
�[0m�[1mdata.azurerm_client_config.current: Read complete after 0s [id=Y2xpZW50Q29uZmlncy9jbGllbnRJZD1lNWRmNjg0My1lYmRlLTRkNzktOWM3ZS03NDMxYTNjZDQzZDI7b2JqZWN0SWQ9OTczZGYyYWQtNGU1ZS00ZThiLTlkZjYtMTdmNjFlOWVmZDU1O3N1YnNjcmlwdGlvbklkPTFmZGFiMTE4LTE2MzgtNDE5YS04YjEyLTA2Yzk1NDM3MTRhMDt0ZW5hbnRJZD0zNzk2M2RkNC1mNGU2LTQwZjgtYTdkNi0yNGI5NzkxOWU0NTI=]�[0m
�[0m�[1mdata.azurerm_network_security_group.network_security_group: Read complete after 0s [id=/subscriptions/1fdab118-1638-419a-8b12-06c9543714a0/resourceGroups/ptt-dev-networking-rg/providers/Microsoft.Network/networkSecurityGroups/ptt-dev-default-nsg001]�[0m
�[0m�[1mdata.azurerm_route_table.route_table: Read complete after 0s [id=/subscriptions/1fdab118-1638-419a-8b12-06c9543714a0/resourceGroups/ptt-dev-networking-rg/providers/Microsoft.Network/routeTables/ptt-dev-default-rt001]�[0m
�[0m�[1mdata.azurerm_log_analytics_workspace.log_analytics_workspace: Read complete after 1s [id=/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-logging-rg/providers/Microsoft.OperationalInsights/workspaces/ptt-dev-log001]�[0m
�[0m�[1mdata.azurerm_virtual_network.virtual_network: Read complete after 0s [id=/subscriptions/1fdab118-1638-419a-8b12-06c9543714a0/resourceGroups/ptt-dev-networking-rg/providers/Microsoft.Network/virtualNetworks/spoke-ptt-dev-vnet001]�[0m

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  �[32m+�[0m create�[0m
 �[36m<=�[0m read (data resources)�[0m

Terraform will perform the following actions:

�[1m  # data.azurerm_monitor_diagnostic_categories.diagnostic_categories_container_app_environment�[0m will be read during apply
  # (config refers to values not yet known)
�[0m �[36m<=�[0m�[0m data "azurerm_monitor_diagnostic_categories" "diagnostic_categories_container_app_environment" {
      �[32m+�[0m�[0m id                  = (known after apply)
      �[32m+�[0m�[0m log_category_groups = (known after apply)
      �[32m+�[0m�[0m log_category_types  = (known after apply)
      �[32m+�[0m�[0m metrics             = (known after apply)
      �[32m+�[0m�[0m resource_id         = (known after apply)
    }

�[1m  # azapi_resource.subnet_container_app�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azapi_resource" "subnet_container_app" {
      �[32m+�[0m�[0m body                      = {
          �[32m+�[0m�[0m properties = {
              �[32m+�[0m�[0m addressPrefix                     = "10.3.0.64/26"
              �[32m+�[0m�[0m delegations                       = [
                  �[32m+�[0m�[0m {
                      �[32m+�[0m�[0m name       = "ContainerAppDelegation"
                      �[32m+�[0m�[0m properties = {
                          �[32m+�[0m�[0m serviceName = "Microsoft.App/environments"
                        }
                    },
                ]
              �[32m+�[0m�[0m ipAllocations                     = []
              �[32m+�[0m�[0m networkSecurityGroup              = {
                  �[32m+�[0m�[0m id = "/subscriptions/1fdab118-1638-419a-8b12-06c9543714a0/resourceGroups/ptt-dev-networking-rg/providers/Microsoft.Network/networkSecurityGroups/ptt-dev-default-nsg001"
                }
              �[32m+�[0m�[0m privateEndpointNetworkPolicies    = "Enabled"
              �[32m+�[0m�[0m privateLinkServiceNetworkPolicies = "Enabled"
              �[32m+�[0m�[0m routeTable                        = {
                  �[32m+�[0m�[0m id = "/subscriptions/1fdab118-1638-419a-8b12-06c9543714a0/resourceGroups/ptt-dev-networking-rg/providers/Microsoft.Network/routeTables/ptt-dev-default-rt001"
                }
              �[32m+�[0m�[0m serviceEndpointPolicies           = []
              �[32m+�[0m�[0m serviceEndpoints                  = []
            }
        }
      �[32m+�[0m�[0m id                        = (known after apply)
      �[32m+�[0m�[0m ignore_casing             = false
      �[32m+�[0m�[0m ignore_missing_property   = true
      �[32m+�[0m�[0m name                      = "ConAppEnvironmentSubnet"
      �[32m+�[0m�[0m output                    = (known after apply)
      �[32m+�[0m�[0m parent_id                 = "/subscriptions/1fdab118-1638-419a-8b12-06c9543714a0/resourceGroups/ptt-dev-networking-rg/providers/Microsoft.Network/virtualNetworks/spoke-ptt-dev-vnet001"
      �[32m+�[0m�[0m schema_validation_enabled = true
      �[32m+�[0m�[0m type                      = "Microsoft.Network/virtualNetworks/subnets@2024-01-01"
    }

�[1m  # azapi_resource.subnet_private_endpoints�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azapi_resource" "subnet_private_endpoints" {
      �[32m+�[0m�[0m body                      = {
          �[32m+�[0m�[0m properties = {
              �[32m+�[0m�[0m addressPrefix                     = "10.3.0.128/26"
              �[32m+�[0m�[0m delegations                       = []
              �[32m+�[0m�[0m ipAllocations                     = []
              �[32m+�[0m�[0m networkSecurityGroup              = {
                  �[32m+�[0m�[0m id = "/subscriptions/1fdab118-1638-419a-8b12-06c9543714a0/resourceGroups/ptt-dev-networking-rg/providers/Microsoft.Network/networkSecurityGroups/ptt-dev-default-nsg001"
                }
              �[32m+�[0m�[0m privateEndpointNetworkPolicies    = "Enabled"
              �[32m+�[0m�[0m privateLinkServiceNetworkPolicies = "Enabled"
              �[32m+�[0m�[0m routeTable                        = {
                  �[32m+�[0m�[0m id = "/subscriptions/1fdab118-1638-419a-8b12-06c9543714a0/resourceGroups/ptt-dev-networking-rg/providers/Microsoft.Network/routeTables/ptt-dev-default-rt001"
                }
              �[32m+�[0m�[0m serviceEndpointPolicies           = []
              �[32m+�[0m�[0m serviceEndpoints                  = []
            }
        }
      �[32m+�[0m�[0m id                        = (known after apply)
      �[32m+�[0m�[0m ignore_casing             = false
      �[32m+�[0m�[0m ignore_missing_property   = true
      �[32m+�[0m�[0m name                      = "ConAppPrivateEndpointSubnet"
      �[32m+�[0m�[0m output                    = (known after apply)
      �[32m+�[0m�[0m parent_id                 = "/subscriptions/1fdab118-1638-419a-8b12-06c9543714a0/resourceGroups/ptt-dev-networking-rg/providers/Microsoft.Network/virtualNetworks/spoke-ptt-dev-vnet001"
      �[32m+�[0m�[0m schema_validation_enabled = true
      �[32m+�[0m�[0m type                      = "Microsoft.Network/virtualNetworks/subnets@2024-01-01"
    }

�[1m  # azurerm_container_app_environment.container_app_environment�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_container_app_environment" "container_app_environment" {
      �[32m+�[0m�[0m custom_domain_verification_id               = (known after apply)
      �[32m+�[0m�[0m dapr_application_insights_connection_string = (sensitive value)
      �[32m+�[0m�[0m default_domain                              = (known after apply)
      �[32m+�[0m�[0m docker_bridge_cidr                          = (known after apply)
      �[32m+�[0m�[0m id                                          = (known after apply)
      �[32m+�[0m�[0m infrastructure_resource_group_name          = "voi-aig-dev-cae001-rg"
      �[32m+�[0m�[0m infrastructure_subnet_id                    = (known after apply)
      �[32m+�[0m�[0m internal_load_balancer_enabled              = true
      �[32m+�[0m�[0m location                                    = "northeurope"
      �[32m+�[0m�[0m logs_destination                            = "azure-monitor"
      �[32m+�[0m�[0m mutual_tls_enabled                          = false
      �[32m+�[0m�[0m name                                        = "voi-aig-dev-cae001"
      �[32m+�[0m�[0m platform_reserved_cidr                      = (known after apply)
      �[32m+�[0m�[0m platform_reserved_dns_ip_address            = (known after apply)
      �[32m+�[0m�[0m resource_group_name                         = "voi-aig-dev-container-rg"
      �[32m+�[0m�[0m static_ip_address                           = (known after apply)
      �[32m+�[0m�[0m tags                                        = {
          �[32m+�[0m�[0m "workload" = "voice-agent"
        }
      �[32m+�[0m�[0m zone_redundancy_enabled                     = false

      �[32m+�[0m�[0m workload_profile {
          �[32m+�[0m�[0m name                  = "Consumption"
          �[32m+�[0m�[0m workload_profile_type = "Consumption"
        }
    }

�[1m  # azurerm_monitor_diagnostic_setting.diagnostic_setting_container_app_environment["0"]�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting_container_app_environment" {
      �[32m+�[0m�[0m id                             = (known after apply)
      �[32m+�[0m�[0m log_analytics_destination_type = (known after apply)
      �[32m+�[0m�[0m log_analytics_workspace_id     = "/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-logging-rg/providers/Microsoft.OperationalInsights/workspaces/ptt-dev-log001"
      �[32m+�[0m�[0m name                           = "applicationLogs-0"
      �[32m+�[0m�[0m target_resource_id             = (known after apply)

      �[32m+�[0m�[0m enabled_log (known after apply)

      �[32m+�[0m�[0m metric (known after apply)
    }

�[1m  # azurerm_resource_group.resource_group_container_app�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_resource_group" "resource_group_container_app" {
      �[32m+�[0m�[0m id       = (known after apply)
      �[32m+�[0m�[0m location = "northeurope"
      �[32m+�[0m�[0m name     = "voi-aig-dev-container-rg"
      �[32m+�[0m�[0m tags     = {
          �[32m+�[0m�[0m "workload" = "voice-agent"
        }
    }

�[1m  # azurerm_role_assignment.current_role_assignment_key_vault_secrets_officer�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_role_assignment" "current_role_assignment_key_vault_secrets_officer" {
      �[32m+�[0m�[0m condition_version                = (known after apply)
      �[32m+�[0m�[0m id                               = (known after apply)
      �[32m+�[0m�[0m name                             = (known after apply)
      �[32m+�[0m�[0m principal_id                     = "973df2ad-4e5e-4e8b-9df6-17f61e9efd55"
      �[32m+�[0m�[0m principal_type                   = (known after apply)
      �[32m+�[0m�[0m role_definition_id               = (known after apply)
      �[32m+�[0m�[0m role_definition_name             = "Key Vault Secrets Officer"
      �[32m+�[0m�[0m scope                            = (known after apply)
      �[32m+�[0m�[0m skip_service_principal_aad_check = (known after apply)
    }

�[1m  # azurerm_role_assignment.uai_role_assignment_key_vault_secrets_user�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_role_assignment" "uai_role_assignment_key_vault_secrets_user" {
      �[32m+�[0m�[0m condition_version                = (known after apply)
      �[32m+�[0m�[0m id                               = (known after apply)
      �[32m+�[0m�[0m name                             = (known after apply)
      �[32m+�[0m�[0m principal_id                     = (known after apply)
      �[32m+�[0m�[0m principal_type                   = (known after apply)
      �[32m+�[0m�[0m role_definition_id               = (known after apply)
      �[32m+�[0m�[0m role_definition_name             = "Key Vault Secrets User"
      �[32m+�[0m�[0m scope                            = (known after apply)
      �[32m+�[0m�[0m skip_service_principal_aad_check = (known after apply)
    }

�[1m  # module.application_insights.data.azurerm_monitor_diagnostic_categories.diagnostic_categories_application_insights�[0m will be read during apply
  # (config refers to values not yet known)
�[0m �[36m<=�[0m�[0m data "azurerm_monitor_diagnostic_categories" "diagnostic_categories_application_insights" {
      �[32m+�[0m�[0m id                  = (known after apply)
      �[32m+�[0m�[0m log_category_groups = (known after apply)
      �[32m+�[0m�[0m log_category_types  = (known after apply)
      �[32m+�[0m�[0m metrics             = (known after apply)
      �[32m+�[0m�[0m resource_id         = (known after apply)
    }

�[1m  # module.application_insights.azurerm_application_insights.application_insights�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_application_insights" "application_insights" {
      �[32m+�[0m�[0m app_id                                = (known after apply)
      �[32m+�[0m�[0m application_type                      = "web"
      �[32m+�[0m�[0m connection_string                     = (sensitive value)
      �[32m+�[0m�[0m daily_data_cap_in_gb                  = 100
      �[32m+�[0m�[0m daily_data_cap_notifications_disabled = false
      �[32m+�[0m�[0m disable_ip_masking                    = false
      �[32m+�[0m�[0m force_customer_storage_for_profiler   = false
      �[32m+�[0m�[0m id                                    = (known after apply)
      �[32m+�[0m�[0m instrumentation_key                   = (sensitive value)
      �[32m+�[0m�[0m internet_ingestion_enabled            = true
      �[32m+�[0m�[0m internet_query_enabled                = true
      �[32m+�[0m�[0m local_authentication_disabled         = false
      �[32m+�[0m�[0m location                              = "northeurope"
      �[32m+�[0m�[0m name                                  = "voi-aig-dev-appi001"
      �[32m+�[0m�[0m resource_group_name                   = "voi-aig-dev-container-rg"
      �[32m+�[0m�[0m retention_in_days                     = 90
      �[32m+�[0m�[0m sampling_percentage                   = 100
      �[32m+�[0m�[0m tags                                  = {
          �[32m+�[0m�[0m "workload" = "voice-agent"
        }
      �[32m+�[0m�[0m workspace_id                          = "/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-logging-rg/providers/Microsoft.OperationalInsights/workspaces/ptt-dev-log001"
    }

�[1m  # module.application_insights.azurerm_monitor_diagnostic_setting.diagnostic_setting_application_insights["0"]�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting_application_insights" {
      �[32m+�[0m�[0m id                             = (known after apply)
      �[32m+�[0m�[0m log_analytics_destination_type = (known after apply)
      �[32m+�[0m�[0m log_analytics_workspace_id     = "/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-logging-rg/providers/Microsoft.OperationalInsights/workspaces/ptt-dev-log001"
      �[32m+�[0m�[0m name                           = "applicationLogs-0"
      �[32m+�[0m�[0m target_resource_id             = (known after apply)

      �[32m+�[0m�[0m enabled_log (known after apply)

      �[32m+�[0m�[0m metric (known after apply)
    }

�[1m  # module.communication_service.data.azurerm_monitor_diagnostic_categories.diagnostic_categories_communication_service�[0m will be read during apply
  # (config refers to values not yet known)
�[0m �[36m<=�[0m�[0m data "azurerm_monitor_diagnostic_categories" "diagnostic_categories_communication_service" {
      �[32m+�[0m�[0m id                  = (known after apply)
      �[32m+�[0m�[0m log_category_groups = (known after apply)
      �[32m+�[0m�[0m log_category_types  = (known after apply)
      �[32m+�[0m�[0m metrics             = (known after apply)
      �[32m+�[0m�[0m resource_id         = (known after apply)
    }

�[1m  # module.communication_service.azurerm_communication_service.communication_service�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_communication_service" "communication_service" {
      �[32m+�[0m�[0m data_location               = "Europe"
      �[32m+�[0m�[0m hostname                    = (known after apply)
      �[32m+�[0m�[0m id                          = (known after apply)
      �[32m+�[0m�[0m name                        = "voi-aig-dev-acs001"
      �[32m+�[0m�[0m primary_connection_string   = (sensitive value)
      �[32m+�[0m�[0m primary_key                 = (sensitive value)
      �[32m+�[0m�[0m resource_group_name         = "voi-aig-dev-container-rg"
      �[32m+�[0m�[0m secondary_connection_string = (sensitive value)
      �[32m+�[0m�[0m secondary_key               = (sensitive value)
      �[32m+�[0m�[0m tags                        = {
          �[32m+�[0m�[0m "workload" = "voice-agent"
        }
    }

�[1m  # module.communication_service.azurerm_monitor_diagnostic_setting.diagnostic_setting_communication_service["0"]�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting_communication_service" {
      �[32m+�[0m�[0m id                             = (known after apply)
      �[32m+�[0m�[0m log_analytics_destination_type = (known after apply)
      �[32m+�[0m�[0m log_analytics_workspace_id     = "/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-logging-rg/providers/Microsoft.OperationalInsights/workspaces/ptt-dev-log001"
      �[32m+�[0m�[0m name                           = "applicationLogs-0"
      �[32m+�[0m�[0m target_resource_id             = (known after apply)

      �[32m+�[0m�[0m enabled_log (known after apply)

      �[32m+�[0m�[0m metric (known after apply)
    }

�[1m  # module.key_vault.data.azurerm_monitor_diagnostic_categories.diagnostic_categories_key_vault�[0m will be read during apply
  # (config refers to values not yet known)
�[0m �[36m<=�[0m�[0m data "azurerm_monitor_diagnostic_categories" "diagnostic_categories_key_vault" {
      �[32m+�[0m�[0m id                  = (known after apply)
      �[32m+�[0m�[0m log_category_groups = (known after apply)
      �[32m+�[0m�[0m log_category_types  = (known after apply)
      �[32m+�[0m�[0m metrics             = (known after apply)
      �[32m+�[0m�[0m resource_id         = (known after apply)
    }

�[1m  # module.key_vault.azurerm_key_vault.key_vault�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_key_vault" "key_vault" {
      �[32m+�[0m�[0m access_policy                   = []
      �[32m+�[0m�[0m enable_rbac_authorization       = true
      �[32m+�[0m�[0m enabled_for_deployment          = false
      �[32m+�[0m�[0m enabled_for_disk_encryption     = false
      �[32m+�[0m�[0m enabled_for_template_deployment = false
      �[32m+�[0m�[0m id                              = (known after apply)
      �[32m+�[0m�[0m location                        = "northeurope"
      �[32m+�[0m�[0m name                            = "voi-aig-dev-kv001"
      �[32m+�[0m�[0m public_network_access_enabled   = false
      �[32m+�[0m�[0m purge_protection_enabled        = true
      �[32m+�[0m�[0m resource_group_name             = "voi-aig-dev-container-rg"
      �[32m+�[0m�[0m sku_name                        = "standard"
      �[32m+�[0m�[0m soft_delete_retention_days      = 7
      �[32m+�[0m�[0m tags                            = {
          �[32m+�[0m�[0m "workload" = "voice-agent"
        }
      �[32m+�[0m�[0m tenant_id                       = "37963dd4-f4e6-40f8-a7d6-24b97919e452"
      �[32m+�[0m�[0m vault_uri                       = (known after apply)

      �[32m+�[0m�[0m contact (known after apply)

      �[32m+�[0m�[0m network_acls {
          �[32m+�[0m�[0m bypass         = "AzureServices"
          �[32m+�[0m�[0m default_action = "Deny"
        }
    }

�[1m  # module.key_vault.azurerm_monitor_diagnostic_setting.diagnostic_setting_key_vault["0"]�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting_key_vault" {
      �[32m+�[0m�[0m id                             = (known after apply)
      �[32m+�[0m�[0m log_analytics_destination_type = (known after apply)
      �[32m+�[0m�[0m log_analytics_workspace_id     = "/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-logging-rg/providers/Microsoft.OperationalInsights/workspaces/ptt-dev-log001"
      �[32m+�[0m�[0m name                           = "applicationLogs-0"
      �[32m+�[0m�[0m target_resource_id             = (known after apply)

      �[32m+�[0m�[0m enabled_log (known after apply)

      �[32m+�[0m�[0m metric (known after apply)
    }

�[1m  # module.key_vault.azurerm_private_endpoint.private_endpoint_cognitive_account_vault�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_private_endpoint" "private_endpoint_cognitive_account_vault" {
      �[32m+�[0m�[0m custom_dns_configs            = (known after apply)
      �[32m+�[0m�[0m custom_network_interface_name = "voi-aig-dev-kv001-vault-nic"
      �[32m+�[0m�[0m id                            = (known after apply)
      �[32m+�[0m�[0m location                      = "northeurope"
      �[32m+�[0m�[0m name                          = "voi-aig-dev-kv001-vault-pe"
      �[32m+�[0m�[0m network_interface             = (known after apply)
      �[32m+�[0m�[0m private_dns_zone_configs      = (known after apply)
      �[32m+�[0m�[0m resource_group_name           = "voi-aig-dev-container-rg"
      �[32m+�[0m�[0m subnet_id                     = (known after apply)
      �[32m+�[0m�[0m tags                          = {
          �[32m+�[0m�[0m "workload" = "voice-agent"
        }

      �[32m+�[0m�[0m private_dns_zone_group {
          �[32m+�[0m�[0m id                   = (known after apply)
          �[32m+�[0m�[0m name                 = "voi-aig-dev-kv001-arecord"
          �[32m+�[0m�[0m private_dns_zone_ids = [
              �[32m+�[0m�[0m "/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-privatedns-rg/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net",
            ]
        }

      �[32m+�[0m�[0m private_service_connection {
          �[32m+�[0m�[0m is_manual_connection           = false
          �[32m+�[0m�[0m name                           = "voi-aig-dev-kv001-vault-svc"
          �[32m+�[0m�[0m private_connection_resource_id = (known after apply)
          �[32m+�[0m�[0m private_ip_address             = (known after apply)
          �[32m+�[0m�[0m subresource_names              = [
              �[32m+�[0m�[0m "vault",
            ]
        }
    }

�[1m  # module.key_vault.azurerm_role_assignment.current_roleassignment_key_vault�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_role_assignment" "current_roleassignment_key_vault" {
      �[32m+�[0m�[0m condition_version                = (known after apply)
      �[32m+�[0m�[0m id                               = (known after apply)
      �[32m+�[0m�[0m name                             = (known after apply)
      �[32m+�[0m�[0m principal_id                     = "973df2ad-4e5e-4e8b-9df6-17f61e9efd55"
      �[32m+�[0m�[0m principal_type                   = (known after apply)
      �[32m+�[0m�[0m role_definition_id               = (known after apply)
      �[32m+�[0m�[0m role_definition_name             = "Key Vault Administrator"
      �[32m+�[0m�[0m scope                            = (known after apply)
      �[32m+�[0m�[0m skip_service_principal_aad_check = (known after apply)
    }

�[1m  # module.key_vault.time_sleep.sleep_connectivity�[0m will be created
�[0m  �[32m+�[0m�[0m resource "time_sleep" "sleep_connectivity" {
      �[32m+�[0m�[0m create_duration = "120s"
      �[32m+�[0m�[0m id              = (known after apply)
    }

�[1m  # module.user_assigned_identity.azurerm_user_assigned_identity.user_assigned_identity�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_user_assigned_identity" "user_assigned_identity" {
      �[32m+�[0m�[0m client_id           = (known after apply)
      �[32m+�[0m�[0m id                  = (known after apply)
      �[32m+�[0m�[0m location            = "northeurope"
      �[32m+�[0m�[0m name                = "voi-aig-dev-uai001"
      �[32m+�[0m�[0m principal_id        = (known after apply)
      �[32m+�[0m�[0m resource_group_name = "voi-aig-dev-container-rg"
      �[32m+�[0m�[0m tags                = {
          �[32m+�[0m�[0m "workload" = "voice-agent"
        }
      �[32m+�[0m�[0m tenant_id           = (known after apply)
    }

�[1mPlan:�[0m 17 to add, 0 to change, 0 to destroy.
�[0m�[90m
─────────────────────────────────────────────────────────────────────────────�[0m

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Releasing state lock. This may take a few moments...

…agent into marvinbuss/infra_baseline

github-actions · 2025-10-16T10:59:17Z

Terraform Lint Results

Terraform Version 📎1.13.3
Working Directory 📂./code/infra
Terraform Format and Style 🖌success

github-actions · 2025-10-16T23:49:16Z

Terraform Validation & Plan Results

Terraform Version 📎1.13.3
Working Directory 📂./code/infra
Terraform Initialization ⚙️success
Terraform Validation 🤖success
Terraform Plan 📖success

Show Plan


terraform
Acquiring state lock. This may take a few moments...
�[0m�[1mdata.azurerm_log_analytics_workspace.log_analytics_workspace: Reading...�[0m�[0m
�[0m�[1mdata.azurerm_network_security_group.network_security_group: Reading...�[0m�[0m
�[0m�[1mdata.azurerm_route_table.route_table: Reading...�[0m�[0m
�[0m�[1mmodule.communication_service.data.azurerm_client_config.current: Reading...�[0m�[0m
�[0m�[1mdata.azurerm_virtual_network.virtual_network: Reading...�[0m�[0m
�[0m�[1mmodule.key_vault.data.azurerm_client_config.current: Reading...�[0m�[0m
�[0m�[1mdata.azurerm_client_config.current: Reading...�[0m�[0m
�[0m�[1mmodule.key_vault.data.azurerm_client_config.current: Read complete after 0s [id=Y2xpZW50Q29uZmlncy9jbGllbnRJZD1lNWRmNjg0My1lYmRlLTRkNzktOWM3ZS03NDMxYTNjZDQzZDI7b2JqZWN0SWQ9OTczZGYyYWQtNGU1ZS00ZThiLTlkZjYtMTdmNjFlOWVmZDU1O3N1YnNjcmlwdGlvbklkPTFmZGFiMTE4LTE2MzgtNDE5YS04YjEyLTA2Yzk1NDM3MTRhMDt0ZW5hbnRJZD0zNzk2M2RkNC1mNGU2LTQwZjgtYTdkNi0yNGI5NzkxOWU0NTI=]�[0m
�[0m�[1mdata.azurerm_client_config.current: Read complete after 0s [id=Y2xpZW50Q29uZmlncy9jbGllbnRJZD1lNWRmNjg0My1lYmRlLTRkNzktOWM3ZS03NDMxYTNjZDQzZDI7b2JqZWN0SWQ9OTczZGYyYWQtNGU1ZS00ZThiLTlkZjYtMTdmNjFlOWVmZDU1O3N1YnNjcmlwdGlvbklkPTFmZGFiMTE4LTE2MzgtNDE5YS04YjEyLTA2Yzk1NDM3MTRhMDt0ZW5hbnRJZD0zNzk2M2RkNC1mNGU2LTQwZjgtYTdkNi0yNGI5NzkxOWU0NTI=]�[0m
�[0m�[1mmodule.communication_service.data.azurerm_client_config.current: Read complete after 0s [id=Y2xpZW50Q29uZmlncy9jbGllbnRJZD1lNWRmNjg0My1lYmRlLTRkNzktOWM3ZS03NDMxYTNjZDQzZDI7b2JqZWN0SWQ9OTczZGYyYWQtNGU1ZS00ZThiLTlkZjYtMTdmNjFlOWVmZDU1O3N1YnNjcmlwdGlvbklkPTFmZGFiMTE4LTE2MzgtNDE5YS04YjEyLTA2Yzk1NDM3MTRhMDt0ZW5hbnRJZD0zNzk2M2RkNC1mNGU2LTQwZjgtYTdkNi0yNGI5NzkxOWU0NTI=]�[0m
�[0m�[1mdata.azurerm_virtual_network.virtual_network: Read complete after 1s [id=/subscriptions/1fdab118-1638-419a-8b12-06c9543714a0/resourceGroups/ptt-dev-networking-rg/providers/Microsoft.Network/virtualNetworks/spoke-ptt-dev-vnet001]�[0m
�[0m�[1mdata.azurerm_route_table.route_table: Read complete after 1s [id=/subscriptions/1fdab118-1638-419a-8b12-06c9543714a0/resourceGroups/ptt-dev-networking-rg/providers/Microsoft.Network/routeTables/ptt-dev-default-rt001]�[0m
�[0m�[1mdata.azurerm_log_analytics_workspace.log_analytics_workspace: Read complete after 1s [id=/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-logging-rg/providers/Microsoft.OperationalInsights/workspaces/ptt-dev-log001]�[0m
�[0m�[1mdata.azurerm_network_security_group.network_security_group: Read complete after 1s [id=/subscriptions/1fdab118-1638-419a-8b12-06c9543714a0/resourceGroups/ptt-dev-networking-rg/providers/Microsoft.Network/networkSecurityGroups/ptt-dev-default-nsg001]�[0m

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  �[32m+�[0m create�[0m
 �[36m<=�[0m read (data resources)�[0m

Terraform will perform the following actions:

�[1m  # data.azurerm_monitor_diagnostic_categories.diagnostic_categories_container_app_environment�[0m will be read during apply
  # (config refers to values not yet known)
�[0m �[36m<=�[0m�[0m data "azurerm_monitor_diagnostic_categories" "diagnostic_categories_container_app_environment" {
      �[32m+�[0m�[0m id                  = (known after apply)
      �[32m+�[0m�[0m log_category_groups = (known after apply)
      �[32m+�[0m�[0m log_category_types  = (known after apply)
      �[32m+�[0m�[0m metrics             = (known after apply)
      �[32m+�[0m�[0m resource_id         = (known after apply)
    }

�[1m  # azapi_resource.subnet_container_app�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azapi_resource" "subnet_container_app" {
      �[32m+�[0m�[0m body                      = {
          �[32m+�[0m�[0m properties = {
              �[32m+�[0m�[0m addressPrefix                     = "10.3.0.64/26"
              �[32m+�[0m�[0m delegations                       = [
                  �[32m+�[0m�[0m {
                      �[32m+�[0m�[0m name       = "ContainerAppDelegation"
                      �[32m+�[0m�[0m properties = {
                          �[32m+�[0m�[0m serviceName = "Microsoft.App/environments"
                        }
                    },
                ]
              �[32m+�[0m�[0m ipAllocations                     = []
              �[32m+�[0m�[0m networkSecurityGroup              = {
                  �[32m+�[0m�[0m id = "/subscriptions/1fdab118-1638-419a-8b12-06c9543714a0/resourceGroups/ptt-dev-networking-rg/providers/Microsoft.Network/networkSecurityGroups/ptt-dev-default-nsg001"
                }
              �[32m+�[0m�[0m privateEndpointNetworkPolicies    = "Enabled"
              �[32m+�[0m�[0m privateLinkServiceNetworkPolicies = "Enabled"
              �[32m+�[0m�[0m routeTable                        = {
                  �[32m+�[0m�[0m id = "/subscriptions/1fdab118-1638-419a-8b12-06c9543714a0/resourceGroups/ptt-dev-networking-rg/providers/Microsoft.Network/routeTables/ptt-dev-default-rt001"
                }
              �[32m+�[0m�[0m serviceEndpointPolicies           = []
              �[32m+�[0m�[0m serviceEndpoints                  = []
            }
        }
      �[32m+�[0m�[0m id                        = (known after apply)
      �[32m+�[0m�[0m ignore_casing             = false
      �[32m+�[0m�[0m ignore_missing_property   = true
      �[32m+�[0m�[0m name                      = "ConAppEnvironmentSubnet"
      �[32m+�[0m�[0m output                    = (known after apply)
      �[32m+�[0m�[0m parent_id                 = "/subscriptions/1fdab118-1638-419a-8b12-06c9543714a0/resourceGroups/ptt-dev-networking-rg/providers/Microsoft.Network/virtualNetworks/spoke-ptt-dev-vnet001"
      �[32m+�[0m�[0m schema_validation_enabled = true
      �[32m+�[0m�[0m type                      = "Microsoft.Network/virtualNetworks/subnets@2024-01-01"
    }

�[1m  # azapi_resource.subnet_private_endpoints�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azapi_resource" "subnet_private_endpoints" {
      �[32m+�[0m�[0m body                      = {
          �[32m+�[0m�[0m properties = {
              �[32m+�[0m�[0m addressPrefix                     = "10.3.0.128/26"
              �[32m+�[0m�[0m delegations                       = []
              �[32m+�[0m�[0m ipAllocations                     = []
              �[32m+�[0m�[0m networkSecurityGroup              = {
                  �[32m+�[0m�[0m id = "/subscriptions/1fdab118-1638-419a-8b12-06c9543714a0/resourceGroups/ptt-dev-networking-rg/providers/Microsoft.Network/networkSecurityGroups/ptt-dev-default-nsg001"
                }
              �[32m+�[0m�[0m privateEndpointNetworkPolicies    = "Enabled"
              �[32m+�[0m�[0m privateLinkServiceNetworkPolicies = "Enabled"
              �[32m+�[0m�[0m routeTable                        = {
                  �[32m+�[0m�[0m id = "/subscriptions/1fdab118-1638-419a-8b12-06c9543714a0/resourceGroups/ptt-dev-networking-rg/providers/Microsoft.Network/routeTables/ptt-dev-default-rt001"
                }
              �[32m+�[0m�[0m serviceEndpointPolicies           = []
              �[32m+�[0m�[0m serviceEndpoints                  = []
            }
        }
      �[32m+�[0m�[0m id                        = (known after apply)
      �[32m+�[0m�[0m ignore_casing             = false
      �[32m+�[0m�[0m ignore_missing_property   = true
      �[32m+�[0m�[0m name                      = "ConAppPrivateEndpointSubnet"
      �[32m+�[0m�[0m output                    = (known after apply)
      �[32m+�[0m�[0m parent_id                 = "/subscriptions/1fdab118-1638-419a-8b12-06c9543714a0/resourceGroups/ptt-dev-networking-rg/providers/Microsoft.Network/virtualNetworks/spoke-ptt-dev-vnet001"
      �[32m+�[0m�[0m schema_validation_enabled = true
      �[32m+�[0m�[0m type                      = "Microsoft.Network/virtualNetworks/subnets@2024-01-01"
    }

�[1m  # azurerm_container_app_environment.container_app_environment�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_container_app_environment" "container_app_environment" {
      �[32m+�[0m�[0m custom_domain_verification_id               = (known after apply)
      �[32m+�[0m�[0m dapr_application_insights_connection_string = (sensitive value)
      �[32m+�[0m�[0m default_domain                              = (known after apply)
      �[32m+�[0m�[0m docker_bridge_cidr                          = (known after apply)
      �[32m+�[0m�[0m id                                          = (known after apply)
      �[32m+�[0m�[0m infrastructure_resource_group_name          = "voi-aig-dev-cae001-rg"
      �[32m+�[0m�[0m infrastructure_subnet_id                    = (known after apply)
      �[32m+�[0m�[0m internal_load_balancer_enabled              = true
      �[32m+�[0m�[0m location                                    = "northeurope"
      �[32m+�[0m�[0m logs_destination                            = "azure-monitor"
      �[32m+�[0m�[0m mutual_tls_enabled                          = false
      �[32m+�[0m�[0m name                                        = "voi-aig-dev-cae001"
      �[32m+�[0m�[0m platform_reserved_cidr                      = (known after apply)
      �[32m+�[0m�[0m platform_reserved_dns_ip_address            = (known after apply)
      �[32m+�[0m�[0m resource_group_name                         = "voi-aig-dev-container-rg"
      �[32m+�[0m�[0m static_ip_address                           = (known after apply)
      �[32m+�[0m�[0m tags                                        = {
          �[32m+�[0m�[0m "workload" = "voice-agent"
        }
      �[32m+�[0m�[0m zone_redundancy_enabled                     = false

      �[32m+�[0m�[0m workload_profile {
          �[32m+�[0m�[0m name                  = "Consumption"
          �[32m+�[0m�[0m workload_profile_type = "Consumption"
        }
    }

�[1m  # azurerm_monitor_diagnostic_setting.diagnostic_setting_container_app_environment["0"]�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting_container_app_environment" {
      �[32m+�[0m�[0m id                             = (known after apply)
      �[32m+�[0m�[0m log_analytics_destination_type = (known after apply)
      �[32m+�[0m�[0m log_analytics_workspace_id     = "/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-logging-rg/providers/Microsoft.OperationalInsights/workspaces/ptt-dev-log001"
      �[32m+�[0m�[0m name                           = "applicationLogs-0"
      �[32m+�[0m�[0m target_resource_id             = (known after apply)

      �[32m+�[0m�[0m enabled_log (known after apply)

      �[32m+�[0m�[0m metric (known after apply)
    }

�[1m  # azurerm_resource_group.resource_group_container_app�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_resource_group" "resource_group_container_app" {
      �[32m+�[0m�[0m id       = (known after apply)
      �[32m+�[0m�[0m location = "northeurope"
      �[32m+�[0m�[0m name     = "voi-aig-dev-container-rg"
      �[32m+�[0m�[0m tags     = {
          �[32m+�[0m�[0m "workload" = "voice-agent"
        }
    }

�[1m  # azurerm_role_assignment.current_role_assignment_key_vault_secrets_officer�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_role_assignment" "current_role_assignment_key_vault_secrets_officer" {
      �[32m+�[0m�[0m condition_version                = (known after apply)
      �[32m+�[0m�[0m id                               = (known after apply)
      �[32m+�[0m�[0m name                             = (known after apply)
      �[32m+�[0m�[0m principal_id                     = "973df2ad-4e5e-4e8b-9df6-17f61e9efd55"
      �[32m+�[0m�[0m principal_type                   = (known after apply)
      �[32m+�[0m�[0m role_definition_id               = (known after apply)
      �[32m+�[0m�[0m role_definition_name             = "Key Vault Secrets Officer"
      �[32m+�[0m�[0m scope                            = (known after apply)
      �[32m+�[0m�[0m skip_service_principal_aad_check = (known after apply)
    }

�[1m  # azurerm_role_assignment.uai_role_assignment_key_vault_secrets_user�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_role_assignment" "uai_role_assignment_key_vault_secrets_user" {
      �[32m+�[0m�[0m condition_version                = (known after apply)
      �[32m+�[0m�[0m id                               = (known after apply)
      �[32m+�[0m�[0m name                             = (known after apply)
      �[32m+�[0m�[0m principal_id                     = (known after apply)
      �[32m+�[0m�[0m principal_type                   = (known after apply)
      �[32m+�[0m�[0m role_definition_id               = (known after apply)
      �[32m+�[0m�[0m role_definition_name             = "Key Vault Secrets User"
      �[32m+�[0m�[0m scope                            = (known after apply)
      �[32m+�[0m�[0m skip_service_principal_aad_check = (known after apply)
    }

�[1m  # module.application_insights.data.azurerm_monitor_diagnostic_categories.diagnostic_categories_application_insights�[0m will be read during apply
  # (config refers to values not yet known)
�[0m �[36m<=�[0m�[0m data "azurerm_monitor_diagnostic_categories" "diagnostic_categories_application_insights" {
      �[32m+�[0m�[0m id                  = (known after apply)
      �[32m+�[0m�[0m log_category_groups = (known after apply)
      �[32m+�[0m�[0m log_category_types  = (known after apply)
      �[32m+�[0m�[0m metrics             = (known after apply)
      �[32m+�[0m�[0m resource_id         = (known after apply)
    }

�[1m  # module.application_insights.azurerm_application_insights.application_insights�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_application_insights" "application_insights" {
      �[32m+�[0m�[0m app_id                                = (known after apply)
      �[32m+�[0m�[0m application_type                      = "web"
      �[32m+�[0m�[0m connection_string                     = (sensitive value)
      �[32m+�[0m�[0m daily_data_cap_in_gb                  = 100
      �[32m+�[0m�[0m daily_data_cap_notifications_disabled = false
      �[32m+�[0m�[0m disable_ip_masking                    = false
      �[32m+�[0m�[0m force_customer_storage_for_profiler   = false
      �[32m+�[0m�[0m id                                    = (known after apply)
      �[32m+�[0m�[0m instrumentation_key                   = (sensitive value)
      �[32m+�[0m�[0m internet_ingestion_enabled            = true
      �[32m+�[0m�[0m internet_query_enabled                = true
      �[32m+�[0m�[0m local_authentication_disabled         = false
      �[32m+�[0m�[0m location                              = "northeurope"
      �[32m+�[0m�[0m name                                  = "voi-aig-dev-appi001"
      �[32m+�[0m�[0m resource_group_name                   = "voi-aig-dev-container-rg"
      �[32m+�[0m�[0m retention_in_days                     = 90
      �[32m+�[0m�[0m sampling_percentage                   = 100
      �[32m+�[0m�[0m tags                                  = {
          �[32m+�[0m�[0m "workload" = "voice-agent"
        }
      �[32m+�[0m�[0m workspace_id                          = "/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-logging-rg/providers/Microsoft.OperationalInsights/workspaces/ptt-dev-log001"
    }

�[1m  # module.application_insights.azurerm_monitor_diagnostic_setting.diagnostic_setting_application_insights["0"]�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting_application_insights" {
      �[32m+�[0m�[0m id                             = (known after apply)
      �[32m+�[0m�[0m log_analytics_destination_type = (known after apply)
      �[32m+�[0m�[0m log_analytics_workspace_id     = "/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-logging-rg/providers/Microsoft.OperationalInsights/workspaces/ptt-dev-log001"
      �[32m+�[0m�[0m name                           = "applicationLogs-0"
      �[32m+�[0m�[0m target_resource_id             = (known after apply)

      �[32m+�[0m�[0m enabled_log (known after apply)

      �[32m+�[0m�[0m metric (known after apply)
    }

�[1m  # module.communication_service.data.azurerm_monitor_diagnostic_categories.diagnostic_categories_communication_service�[0m will be read during apply
  # (config refers to values not yet known)
�[0m �[36m<=�[0m�[0m data "azurerm_monitor_diagnostic_categories" "diagnostic_categories_communication_service" {
      �[32m+�[0m�[0m id                  = (known after apply)
      �[32m+�[0m�[0m log_category_groups = (known after apply)
      �[32m+�[0m�[0m log_category_types  = (known after apply)
      �[32m+�[0m�[0m metrics             = (known after apply)
      �[32m+�[0m�[0m resource_id         = (known after apply)
    }

�[1m  # module.communication_service.azurerm_communication_service.communication_service�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_communication_service" "communication_service" {
      �[32m+�[0m�[0m data_location               = "Europe"
      �[32m+�[0m�[0m hostname                    = (known after apply)
      �[32m+�[0m�[0m id                          = (known after apply)
      �[32m+�[0m�[0m name                        = "voi-aig-dev-acs001"
      �[32m+�[0m�[0m primary_connection_string   = (sensitive value)
      �[32m+�[0m�[0m primary_key                 = (sensitive value)
      �[32m+�[0m�[0m resource_group_name         = "voi-aig-dev-container-rg"
      �[32m+�[0m�[0m secondary_connection_string = (sensitive value)
      �[32m+�[0m�[0m secondary_key               = (sensitive value)
      �[32m+�[0m�[0m tags                        = {
          �[32m+�[0m�[0m "workload" = "voice-agent"
        }
    }

�[1m  # module.communication_service.azurerm_monitor_diagnostic_setting.diagnostic_setting_communication_service["0"]�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting_communication_service" {
      �[32m+�[0m�[0m id                             = (known after apply)
      �[32m+�[0m�[0m log_analytics_destination_type = (known after apply)
      �[32m+�[0m�[0m log_analytics_workspace_id     = "/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-logging-rg/providers/Microsoft.OperationalInsights/workspaces/ptt-dev-log001"
      �[32m+�[0m�[0m name                           = "applicationLogs-0"
      �[32m+�[0m�[0m target_resource_id             = (known after apply)

      �[32m+�[0m�[0m enabled_log (known after apply)

      �[32m+�[0m�[0m metric (known after apply)
    }

�[1m  # module.key_vault.data.azurerm_monitor_diagnostic_categories.diagnostic_categories_key_vault�[0m will be read during apply
  # (config refers to values not yet known)
�[0m �[36m<=�[0m�[0m data "azurerm_monitor_diagnostic_categories" "diagnostic_categories_key_vault" {
      �[32m+�[0m�[0m id                  = (known after apply)
      �[32m+�[0m�[0m log_category_groups = (known after apply)
      �[32m+�[0m�[0m log_category_types  = (known after apply)
      �[32m+�[0m�[0m metrics             = (known after apply)
      �[32m+�[0m�[0m resource_id         = (known after apply)
    }

�[1m  # module.key_vault.azurerm_key_vault.key_vault�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_key_vault" "key_vault" {
      �[32m+�[0m�[0m access_policy                   = []
      �[32m+�[0m�[0m enable_rbac_authorization       = true
      �[32m+�[0m�[0m enabled_for_deployment          = false
      �[32m+�[0m�[0m enabled_for_disk_encryption     = false
      �[32m+�[0m�[0m enabled_for_template_deployment = false
      �[32m+�[0m�[0m id                              = (known after apply)
      �[32m+�[0m�[0m location                        = "northeurope"
      �[32m+�[0m�[0m name                            = "voi-aig-dev-kv001"
      �[32m+�[0m�[0m public_network_access_enabled   = false
      �[32m+�[0m�[0m purge_protection_enabled        = true
      �[32m+�[0m�[0m resource_group_name             = "voi-aig-dev-container-rg"
      �[32m+�[0m�[0m sku_name                        = "standard"
      �[32m+�[0m�[0m soft_delete_retention_days      = 7
      �[32m+�[0m�[0m tags                            = {
          �[32m+�[0m�[0m "workload" = "voice-agent"
        }
      �[32m+�[0m�[0m tenant_id                       = "37963dd4-f4e6-40f8-a7d6-24b97919e452"
      �[32m+�[0m�[0m vault_uri                       = (known after apply)

      �[32m+�[0m�[0m contact (known after apply)

      �[32m+�[0m�[0m network_acls {
          �[32m+�[0m�[0m bypass         = "AzureServices"
          �[32m+�[0m�[0m default_action = "Deny"
        }
    }

�[1m  # module.key_vault.azurerm_monitor_diagnostic_setting.diagnostic_setting_key_vault["0"]�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting_key_vault" {
      �[32m+�[0m�[0m id                             = (known after apply)
      �[32m+�[0m�[0m log_analytics_destination_type = (known after apply)
      �[32m+�[0m�[0m log_analytics_workspace_id     = "/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-logging-rg/providers/Microsoft.OperationalInsights/workspaces/ptt-dev-log001"
      �[32m+�[0m�[0m name                           = "applicationLogs-0"
      �[32m+�[0m�[0m target_resource_id             = (known after apply)

      �[32m+�[0m�[0m enabled_log (known after apply)

      �[32m+�[0m�[0m metric (known after apply)
    }

�[1m  # module.key_vault.azurerm_private_endpoint.private_endpoint_cognitive_account_vault�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_private_endpoint" "private_endpoint_cognitive_account_vault" {
      �[32m+�[0m�[0m custom_dns_configs            = (known after apply)
      �[32m+�[0m�[0m custom_network_interface_name = "voi-aig-dev-kv001-vault-nic"
      �[32m+�[0m�[0m id                            = (known after apply)
      �[32m+�[0m�[0m location                      = "northeurope"
      �[32m+�[0m�[0m name                          = "voi-aig-dev-kv001-vault-pe"
      �[32m+�[0m�[0m network_interface             = (known after apply)
      �[32m+�[0m�[0m private_dns_zone_configs      = (known after apply)
      �[32m+�[0m�[0m resource_group_name           = "voi-aig-dev-container-rg"
      �[32m+�[0m�[0m subnet_id                     = (known after apply)
      �[32m+�[0m�[0m tags                          = {
          �[32m+�[0m�[0m "workload" = "voice-agent"
        }

      �[32m+�[0m�[0m private_dns_zone_group {
          �[32m+�[0m�[0m id                   = (known after apply)
          �[32m+�[0m�[0m name                 = "voi-aig-dev-kv001-arecord"
          �[32m+�[0m�[0m private_dns_zone_ids = [
              �[32m+�[0m�[0m "/subscriptions/e82c5267-9dc4-4f45-ac13-abdd5e130d27/resourceGroups/ptt-dev-privatedns-rg/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net",
            ]
        }

      �[32m+�[0m�[0m private_service_connection {
          �[32m+�[0m�[0m is_manual_connection           = false
          �[32m+�[0m�[0m name                           = "voi-aig-dev-kv001-vault-svc"
          �[32m+�[0m�[0m private_connection_resource_id = (known after apply)
          �[32m+�[0m�[0m private_ip_address             = (known after apply)
          �[32m+�[0m�[0m subresource_names              = [
              �[32m+�[0m�[0m "vault",
            ]
        }
    }

�[1m  # module.key_vault.azurerm_role_assignment.current_roleassignment_key_vault�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_role_assignment" "current_roleassignment_key_vault" {
      �[32m+�[0m�[0m condition_version                = (known after apply)
      �[32m+�[0m�[0m id                               = (known after apply)
      �[32m+�[0m�[0m name                             = (known after apply)
      �[32m+�[0m�[0m principal_id                     = "973df2ad-4e5e-4e8b-9df6-17f61e9efd55"
      �[32m+�[0m�[0m principal_type                   = (known after apply)
      �[32m+�[0m�[0m role_definition_id               = (known after apply)
      �[32m+�[0m�[0m role_definition_name             = "Key Vault Administrator"
      �[32m+�[0m�[0m scope                            = (known after apply)
      �[32m+�[0m�[0m skip_service_principal_aad_check = (known after apply)
    }

�[1m  # module.key_vault.time_sleep.sleep_connectivity�[0m will be created
�[0m  �[32m+�[0m�[0m resource "time_sleep" "sleep_connectivity" {
      �[32m+�[0m�[0m create_duration = "120s"
      �[32m+�[0m�[0m id              = (known after apply)
    }

�[1m  # module.user_assigned_identity.azurerm_user_assigned_identity.user_assigned_identity�[0m will be created
�[0m  �[32m+�[0m�[0m resource "azurerm_user_assigned_identity" "user_assigned_identity" {
      �[32m+�[0m�[0m client_id           = (known after apply)
      �[32m+�[0m�[0m id                  = (known after apply)
      �[32m+�[0m�[0m location            = "northeurope"
      �[32m+�[0m�[0m name                = "voi-aig-dev-uai001"
      �[32m+�[0m�[0m principal_id        = (known after apply)
      �[32m+�[0m�[0m resource_group_name = "voi-aig-dev-container-rg"
      �[32m+�[0m�[0m tags                = {
          �[32m+�[0m�[0m "workload" = "voice-agent"
        }
      �[32m+�[0m�[0m tenant_id           = (known after apply)
    }

�[1mPlan:�[0m 17 to add, 0 to change, 0 to destroy.
�[0m�[90m
─────────────────────────────────────────────────────────────────────────────�[0m

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Releasing state lock. This may take a few moments...

marvinbuss added 6 commits October 15, 2025 00:50

Add infra baseline

44fa590

Add ACS

50280ae

Add linting

217fd5d

Add terraform workflows

dbbd6e1

Update workflows

671bb48

Add deployment config

126cede

marvinbuss self-assigned this Oct 15, 2025

marvinbuss added the enhancement New feature or request label Oct 15, 2025

Copilot AI review requested due to automatic review settings October 15, 2025 16:50

marvinbuss had a problem deploying to dev October 15, 2025 16:50 — with GitHub Actions Failure

Copilot AI reviewed Oct 15, 2025

View reviewed changes

Add suggested changes

48eb171

marvinbuss had a problem deploying to dev October 15, 2025 17:30 — with GitHub Actions Failure

Update vars

2fc87e5

marvinbuss had a problem deploying to dev October 15, 2025 18:03 — with GitHub Actions Failure

Update provider config

83a9ab4

marvinbuss temporarily deployed to dev October 15, 2025 21:37 — with GitHub Actions Inactive

marvinbuss added 2 commits October 16, 2025 12:58

Merge branch 'main' of https://github.com/PerfectThymeTech/real-time-…

eaa86a4

…agent into marvinbuss/infra_baseline

Run apply

7063553

marvinbuss had a problem deploying to dev October 16, 2025 10:59 — with GitHub Actions Failure

marvinbuss deployed to dev October 16, 2025 23:14 — with GitHub Actions Active

marvinbuss had a problem deploying to dev October 16, 2025 23:49 — with GitHub Actions Failure

Add infrastructure baseline #16

Are you sure you want to change the base?

Add infrastructure baseline #16

Uh oh!

Conversation

marvinbuss commented Oct 15, 2025

Uh oh!

github-actions bot commented Oct 15, 2025

Terraform Lint Results

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull Request Overview

Reviewed Changes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

github-actions bot commented Oct 15, 2025

Terraform Lint Results

Uh oh!

github-actions bot commented Oct 15, 2025

Terraform Lint Results

Uh oh!

github-actions bot commented Oct 15, 2025

Terraform Lint Results

Uh oh!

github-actions bot commented Oct 15, 2025

Terraform Validation & Plan Results

Uh oh!

github-actions bot commented Oct 16, 2025

Terraform Lint Results

Uh oh!

github-actions bot commented Oct 16, 2025

Terraform Validation & Plan Results

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant