Prepare v6.0 and new CI pipeline.

.github/ISSUE_TEMPLATE/Bug_Report.yml

@@ -0,0 +1,120 @@
+name: Bug Report
+description: If something isn't working as expected.
+labels: [bug]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for taking the time to fill out a bug report.
+
+        If you are not running the latest version of this module, please try to reproduce your bug with the latest version before opening an issue.
+  - type: checkboxes
+    attributes:
+      label: Is there an existing issue for this?
+      description: Please search to see if an issue already exists for the bug you encountered.
+      options:
+        - label: I have searched the existing issues
+          required: true
+  - type: dropdown
+    attributes:
+      label: Greenfield/Brownfield provisioning
+      description: Do you reproduce the bug with a new infrastructure provisioning (greenfield) or you need an existing infrastructure with an existing terraform state (brownfield) to reproduce the bug ?
+      multiple: false
+      options:
+        - greenfield
+        - brownfield
+    validations:
+      required: true
+  - type: input
+    id: terraform
+    attributes:
+      label: Terraform Version
+      description: Which Terraform version are you using?
+      placeholder: 1.2.8
+    validations:
+      required: true
+  - type: input
+    id: module
+    attributes:
+      label: Module Version
+      description: Which module version are you using?
+      placeholder: 5.0.0
+    validations:
+      required: true
+  - type: input
+    id: azurerm
+    attributes:
+      label: AzureRM Provider Version
+      description: Which AzureRM Provider version are you using?
+      placeholder: 3.0.0
+    validations:
+      required: true
+  - type: input
+    id: resource
+    attributes:
+      label: Affected Resource(s)/Data Source(s)
+      description: Please list the affected resources and/or data sources.
+      placeholder: azurerm_XXXXX
+    validations:
+      required: true
+  - type: textarea
+    id: config
+    attributes:
+      label: Terraform Configuration Files
+      description: |
+        Please provide a minimal Terraform configuration that can reproduce the issue.
+      render: hcl
+    validations:
+      required: true
+  - type: textarea
+    id: tfvars
+    attributes:
+      label: tfvars variables values
+      description: |
+        Please provide the necessary tfvars variables values to reproduce the issue. Do not share secrets or sensitive information.
+      render: hcl
+    validations:
+      required: true
+  - type: textarea
+    id: debug
+    attributes:
+      label: Debug Output/Panic Output
+      description: |
+        For long debug logs please provide a link to a GitHub Gist containing the complete debug output. Please do NOT paste the debug output in the issue; just paste a link to the Gist.
+
+        To obtain the debug output, see the [Terraform documentation on debugging](https://www.terraform.io/docs/internals/debugging.html).
+      render: shell
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected Behaviour
+      description: What should have happened?
+  - type: textarea
+    id: actual
+    attributes:
+      label: Actual Behaviour
+      description: What actually happened?
+  - type: textarea
+    id: reproduce
+    attributes:
+      label: Steps to Reproduce
+      description: |
+        Please list the steps required to reproduce the issue, e.g.
+
+        1. `terraform apply`
+  - type: input
+    id: facts
+    attributes:
+      label: Important Factoids
+      description: |
+        Are there anything atypical about your accounts that we should know? For example: Running in a Azure China/Germany/Government?
+  - type: textarea
+    id: references
+    attributes:
+      label: References
+      description: |
+        Information about referencing Github Issues: https://help.github.com/articles/basic-writing-and-formatting-syntax/#referencing-issues-and-pull-requests
+
+        Are there any other GitHub issues (open or closed) or pull requests that should be linked here? Such as vendor documentation?

.github/ISSUE_TEMPLATE/Feature_Request.yml

@@ -0,0 +1,42 @@
+name: Feature Request
+description: I have a suggestion (and might want to implement myself)!
+title: "Support for [thing]"
+body:
+  - type: checkboxes
+    attributes:
+      label: Is there an existing issue for this?
+      description: Please search to see if an issue already exists for the feature you are requesting.
+      options:
+        - label: I have searched the existing issues
+          required: true
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: Please leave a helpful description of the feature request here.
+    validations:
+      required: true
+  - type: input
+    id: resource
+    attributes:
+      label: New or Affected Resource(s)/Data Source(s)
+      description: Please list the new or affected resources and/or data sources.
+      placeholder: azurerm_XXXXX
+    validations:
+      required: true
+  - type: textarea
+    id: config
+    attributes:
+      label: Potential Terraform Configuration
+      description: Please provide an example of what the enhancement could look like on this Terraform module.
+      render: hcl
+  - type: textarea
+    id: references
+    attributes:
+      label: References
+      description: |
+        Information about referencing Github Issues: https://help.github.com/articles/basic-writing-and-formatting-syntax/#referencing-issues-and-pull-requests
+
+        Are there any other GitHub issues (open or closed) or pull requests that should be linked here? Vendor blog posts or documentation? For example:
+
+        * https://azure.microsoft.com/en-us/roadmap/virtual-network-service-endpoint-for-azure-cosmos-db/

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1 @@
+blank_issues_enabled: false

.github/workflows/acc-test.yaml

@@ -0,0 +1,36 @@
+name: E2E Test
+on:
+  pull_request:
+    types: [ 'opened', 'synchronize' ]
+    paths:
+      - '.github/**'
+      - '**.go'
+      - '**.tf'
+      - '.github/workflows/**'
+      - '**.md'
+
+env:
+  MSI_ID: 'fe405819-42c4-4877-a28d-f96b88d7994b'
+
+jobs:
+  acc-tests:
+    runs-on: [self-hosted, 1ES.Pool=AzureVerifiedTerraformModule]
+    environment:
+      name: acctests
+    steps:
+      - uses: actions/setup-go@v3
+        with:
+          go-version: '>=1.19.0'
+      - uses: actions/checkout@v3
+      - name: e2e test
+        run: |
+          az login --identity --username $MSI_ID
+          export ARM_SUBSCRIPTION_ID=$(az login --identity --username $MSI_ID | jq -r '.[0] | .id')
+          export ARM_TENANT_ID=$(az login --identity --username $MSI_ID | jq -r '.[0] | .tenantId')
+          ARM_USE_MSI=true make e2e-test
+      - name: version-upgrade test
+        run: |
+          az login --identity --username $MSI_ID
+          export ARM_SUBSCRIPTION_ID=$(az login --identity --username $MSI_ID | jq -r '.[0] | .id')
+          export ARM_TENANT_ID=$(az login --identity --username $MSI_ID | jq -r '.[0] | .tenantId')
+          ARM_USE_MSI=true make version-upgrade-test

.github/workflows/main-branch-push.yaml

@@ -0,0 +1,32 @@
+name: Main Branch Push
+on:
+  push:
+    branches:
+      - main
+      - master
+jobs:
+  main-branch-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: 8BitJonny/gh-get-current-pr@2.1.0
+        id: PR
+      # checkov:skip=CKV_GHA_3 bypass check for CKV_GHA_3 since the GITHUB_TOKEN will be a one-time token https://docs.bridgecrew.io/docs/suspicious-use-of-curl-with-secrets
+      - name: Warn remaining PR branch
+        run: |
+          echo "=====> Query remaining pull requests"
+          response=$(curl \
+          -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+          -H "Accept: application/vnd.github.v3+json" \
+          https://api.github.com/repos/${{ github.repository }}/pulls?per_page=100)
+          export pr_number=$(echo "$response" | jq '.[].number')
+
+          echo "=====> Warn pull requests branch"
+
+          for p in $pr_number; do
+            curl -s -X PUT -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -H "Accept: application/vnd.github.lydian-preview+json" https://api.github.com/repos/${{ github.repository }}/pulls/$p/update-branch
+            curl -s -X POST -H "Accept: application/vnd.github+json" -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/repos/${{ github.repository }}/issues/$p/comments -d "{\"body\":\"MAIN BRANCH PUSH DETECTED DUE TO #${{steps.PR.outputs.number}}, THIS PR WILL BE UPDATED.\"}"
+          done

.github/workflows/pr-check.yaml

@@ -0,0 +1,57 @@
+name: Pre Pull Request Check
+on:
+  pull_request:
+    types: ['opened', 'synchronize']
+    paths:
+      - '.github/**'
+      - '**.go'
+      - '**.tf'
+      - '.github/workflows/**'
+      - '**.md'
+
+jobs:
+  prepr-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
+        with:
+          go-version: '>=1.17.0'
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 14
+      - name: make tools
+        run: |
+          make tools
+      - name: gofmtcheck
+        run: |
+          make gofmtcheck
+      - name: gencheck
+        run: |
+          make gencheck
+      - name: tfvalidatecheck
+        run: |
+          make tfvalidatecheck
+      - name: tffmtcheck
+        run: |
+          make tffmtcheck
+      - name: terrafmtcheck
+        run: |
+          make terrafmtcheck
+      - name: golint
+        run: |
+          make golint
+      - name: tflint
+        run: |
+          make tflint
+      - name: Run Checkov action
+        id: checkov
+        if: ${{env.SKIP_CHECKOV == ''}}
+        uses: bridgecrewio/checkov-action@master
+        with:
+          directory: ./
+          framework: terraform
+          quiet: true
+          output_format: sarif
+          download_external_modules: true

.gitignore

@@ -8,10 +8,12 @@ terraform.tfvars
 *.tfstate.backup
 *.tfvars
 
+**/.terraform.lock.hcl
+
 # Terraform directory
 .terraform/
 terraform.tfstate.d/
-logs/ 
+logs/
 
 # Go vendor directory
 vendor/
@@ -47,4 +49,14 @@ Gemfile.lock
 .terraform.tfstate.lock.info
 
 # SSH Key
-private_ssh_key
+private_ssh_key
+
+# generated readme by the pr-check job
+
+README-generated.md
+
+**/override.tf
+
+.tflint.hcl
+
+tfmod-scaffold/

CHANGLOG.md → CHANGELOG-v5.md

@@ -29,10 +29,3 @@ ENHANCEMENTS:
 BUG FIXES:
 
 * Change the incorrect description of variable `tags`. ([#175](https://github.com/Azure/terraform-azurerm-aks/pull/175))
-
-# 5.1.0 (August 31, 2022)
-
-* Loose the restriction on `tls` provider's version to include major version greater than 3.0. [#228](https://github.com/Azure/terraform-azurerm-aks/issues/228)
-* Mark some outputs as sensitive. [#231](https://github.com/Azure/terraform-azurerm-aks/pull/231)
-* Output Kubernetes Cluster Name. [#234](https://github.com/Azure/terraform-azurerm-aks/pull/234)
-* Require minimum `hashicorp/azurerm` provider version to 3.21.0 (fixes for AKS 1.24) [#238](https://github.com/Azure/terraform-azurerm-aks/pull/238)

CHANGELOG.md

@@ -0,0 +1,14 @@
+## 6.0.0 (August 10, 2022)
+
+The goal of v6.0.0 is to add a GitHub Action-based CI pipeline and introduce modern acceptance tests to ensure that future pull requests to this module meet our new standard for AzureRM modules.
+
+ENHANCEMENTS:
+
+* Loose the restriction on `tls` provider's version to include major version greater than 3.0. [#228](https://github.com/Azure/terraform-azurerm-aks/issues/228)
+* Mark some outputs as sensitive. [#231](https://github.com/Azure/terraform-azurerm-aks/pull/231)
+* Output Kubernetes Cluster Name. [#234](https://github.com/Azure/terraform-azurerm-aks/pull/234)
+* Add Microsoft Defender support. [#232](https://github.com/Azure/terraform-azurerm-aks/pull/232)
+
+# BUG FIXES:
+
+* Update hashicorp/terraform-provider-azurerm to version 3.21.0. [#238](https://github.com/Azure/terraform-azurerm-aks/pull/238)

CODE_OF_CONDUCT.md

@@ -0,0 +1,5 @@
+# Code of Conduct
+
+This code of conduct outlines expectations for participation in Microsoft-managed open source communities, as well as steps for reporting unacceptable behavior. We are committed to providing a welcoming and inspiring community for all. People violating this code of conduct may be banned from the community.
+
+Please read the full text at [https://opensource.microsoft.com/codeofconduct/](https://opensource.microsoft.com/codeofconduct/)