skip: update CI 240

.github/workflows/auto-test.yml

@@ -10,7 +10,7 @@ on:
       resource_priority_list:
         type: string
         description: Priority list for resources (you can remove unnecessary resources during testing)
-        default: '["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]'
+        default: '["vm"]'
         #'["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]'
         required: true
 
@@ -24,7 +24,7 @@ env:
   AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
   AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
   AZURE_SECRET_VALUE: ${{ secrets.AZURE_SECRET_VALUE }}
-  default_resource_priority_list: '["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]'
+  default_resource_priority_list: '["vm"]'
   #default_resource_priority_list: '["storage", "webapp", "vnet", "network", "vm", "synapse", "sql", "mysql", "subscription", "disk", "postgresql", "cosmosdb", "signalr", "spring", "search", "service-fabric", "stream", "redis", "servicebus", "role", "monitor", "machine-learning", "logic", "kusto", "aks", "keyvault", "iothub", "front-door", "event", "data", "defender", "container", "cognitiveservice", "batch", "automation", "application", "app-configuration", "api", "alert"]'
   TF_VAR_project: ${{ secrets.TF_VAR_project }}
   TF_VAR_region: ${{ secrets.AWS_REGION }}
@@ -33,7 +33,7 @@ env:
   TF_CLI_ARGS: "-no-color"
   AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
   RED: '\033[0;31m'
-  ACTIONS_REPO_BRANCH: "main"
+  ACTIONS_REPO_BRANCH: "feature/remove_197"
 
 
 permissions:

auto_policy_testing/green/common_resources/key_vault.tf

@@ -9,6 +9,7 @@ resource "azurerm_key_vault" "this" {
   soft_delete_retention_days = 7
   purge_protection_enabled   = true
   enabled_for_disk_encryption = true
+  enabled_for_deployment      = true
 
   tags = module.naming.default_tags
 }
@@ -27,7 +28,7 @@ resource "azurerm_key_vault_access_policy" "client" {
   object_id          = data.azurerm_client_config.current.object_id
 
   key_permissions    = ["Get", "Create", "Delete", "List", "Restore", "Recover", "UnwrapKey", "WrapKey", "Purge", "Encrypt", "Decrypt", "Sign", "Verify", "GetRotationPolicy", "SetRotationPolicy"]
-  secret_permissions = ["Get"]
+  secret_permissions = ["Backup", "Delete", "Get", "List", "Purge", "Recover", "Restore", "Set"]
   certificate_permissions = [
       "Create",
       "Delete",

auto_policy_testing/green/vm/extension_linux.tf

@@ -43,6 +43,29 @@ resource "azurerm_virtual_machine_extension" "lin3" {
   depends_on = [azurerm_virtual_machine_extension.lin2]
 }
 
+resource "azurerm_virtual_machine_extension" "lin4" {
+    name                              =     "AzureDiskEncryption"
+    virtual_machine_id                =     azurerm_linux_virtual_machine.this.id
+    publisher                         =     "Microsoft.Azure.Security"
+    type                              =     "AzureDiskEncryptionForLinux"
+    type_handler_version              =     "1.1"
+    auto_upgrade_minor_version        =     true
+
+    settings = <<SETTINGS
+    {
+        "EncryptionOperation"         :     "EnableEncryption",
+        "KeyVaultURL"                 :     "${data.terraform_remote_state.common.outputs.key_vault_url}",
+        "KeyVaultResourceId"          :     "${data.terraform_remote_state.common.outputs.key_vault_id}",
+        "KeyEncryptionKeyURL"         :     "${data.terraform_remote_state.common.outputs.key_id}",
+        "KekVaultResourceId"          :     "${data.terraform_remote_state.common.outputs.key_vault_id}",
+        "KeyEncryptionAlgorithm"      :     "RSA-OAEP",
+        "VolumeType"                  :     "All"
+    }
+    SETTINGS
+
+    depends_on = [azurerm_virtual_machine_extension.lin3]
+}
+
 resource "azurerm_virtual_machine_scale_set_extension" "linvmss1" {
   name                         = "lvmssdiagext"
   virtual_machine_scale_set_id = azurerm_linux_virtual_machine_scale_set.this.id

auto_policy_testing/green/vm/vm_linux.tf

@@ -2,10 +2,11 @@ resource "azurerm_linux_virtual_machine" "this" {
   name                            = "${module.naming.resource_prefix.vm}grlin"
   location                        = data.terraform_remote_state.common.outputs.location
   resource_group_name             = data.terraform_remote_state.common.outputs.resource_group
-  size                            = "Standard_DS2_v2"
+  size                            = "Standard_DS2_v3"
   disable_password_authentication = true
   admin_username                  = random_string.this.result
   availability_set_id             = azurerm_availability_set.this.id
+  allow_extension_operations      = true
 
   admin_ssh_key {
     username   = random_string.this.result
@@ -19,6 +20,7 @@ resource "azurerm_linux_virtual_machine" "this" {
   os_disk {
     caching              = "ReadWrite"
     storage_account_type = "Standard_LRS"
+    disk_size_gb         = 64
   }
 
   source_image_reference {