chore(deps): update terraform azurerm to v4

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
azurerm (source)	required_provider	major	3.109.0 -> 4.0.0

---

Release Notes

hashicorp/terraform-provider-azurerm (azurerm)

v4.0.0

Compare Source

NOTES:

• Major Version: Version 4.0 of the Azure Provider is a major version - some behaviours have changed and some deprecated fields/resources have been removed - please refer to the 4.0 upgrade guide for more information.
• When upgrading to v4.0 of the AzureRM Provider, we recommend upgrading to the latest version of Terraform Core (which can be found here).

ENHANCEMENTS:

• Data Source: azurerm_shared_image - add support for the trusted_launch_supported, trusted_launch_enabled, confidential_vm_supported, confidential_vm_enabled, accelerated_network_support_enabled and hibernation_enabled properties (#​26975)
• dependencies: updating hashicorp/go-azure-sdk to v0.20240819.1075239 (#​27107)
• applicationgateways - updating to use 2023-11-01 (#​26776)
• containerregistry - updating to use 2023-06-01-preview (#​23393)
• containerservice - updating to 2024-05-01 (#​27105)
• mssql - updating to use hashicorp/go-azure-sdk and 023-08-01-preview (#​27073)
• mssqlmanagedinstance - updating to use hashicorp/go-azure-sdk and 2023-08-01-preview (#​26872)
• azurerm_image - add support for the disk_encryption_set_id property to the data_disk block (#​27015)
• azurerm_log_analytics_workspace_table - add support for more total_retention_in_days and retention_in_days values (#​27053)
• azurerm_mssql_elasticpool - add support for the HS_MOPRMS and MOPRMS skus (#​27085)
• azurerm_netapp_pool - allow 1 as a valid value for size_in_tb (#​27095)
• azurerm_notification_hub - add support for the browser_credential property (#​27058)
• azurerm_redis_cache - add support for the access_keys_authentication_enabled property (#​27039)
• azurerm_role_assignment - add support for the /, /providers/Microsoft.Capacity and /providers/Microsoft.BillingBenefits scopes (#​26663)
• azurerm_shared_image - add support for the hibernation_enabled property (#​26975)
• azurerm_storage_account - support queue_encryption_key_type and table_encryption_key_type for more storage account kinds (#​27112)
• azurerm_web_application_firewall_policy - add support for the request_body_enforcement property (#​27094)

BUG FIXES:

• azurerm_ip_group_cidr - fixed the position of the CIDR check to correctly refresh the resource when it's no longer present (#​27103)
• azurerm_monitor_diagnostic_setting - add further polling to work around an eventual consistency issue when creating the resource (#​27088)
• azurerm_storage_account - prevent API error by populating infrastructure_encryption_enabled when updating customer_managed_key (#​26971)
• azurerm_storage_blob_inventory_policy - the filter property can now be set when scope is container (#​27113)
• azurerm_virtual_network_dns_servers - moved locks to prevent the creation of subnets with stale data (#​27036)
• azurerm_virtual_network_gateway_connection - allow 0 as a valid value for ipsec_policy.sa_datasize (#​27056)

---

For information on changes between the v3.116.0 and v3.0.0 releases, please see the previous v3.x changelog entries.

For information on changes between the v2.99.0 and v2.0.0 releases, please see the previous v2.x changelog entries.

For information on changes between the v1.44.0 and v1.0.0 releases, please see the previous v1.x changelog entries.

For information on changes prior to the v1.0.0 release, please see the v0.x changelog.

v3.116.0

Compare Source

DEPRECATIONS:

All Azure Kubernetes Service (AKS) properties related to preview features are deprecated since they will not be available in a stable API. Please see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/4.0-upgrade-guide#aks-migration-to-stable-api for more details (#​26863)

FEATURES:

• New Resource: azurerm_ai_services (#​26008)
• New Resource: azurerm_communication_service_email_domain_association (#​26432)
• New Resource: azurerm_dev_center_project_environment_type (#​26941)
• New Resource: azurerm_extended_location_custom_location (#​24267)
• New Resource: azurerm_postgresql_flexible_server_virtual_endpoint (#​26708)

ENHANCEMENTS:

• notificationhub - updating to use version 2023-09-01 (#​26528)
• azurerm_api_management_api - update validation of path to allow single character strings (#​26922)
• azurerm_cosmosdb_account - add support for the property burst_capacity_enabled (#​26986)
• azurerm_linux_function_app - add support for vnet_image_pull_enabled property in 4.0 (#​27001)
• azurerm_linux_function_app_slot - add support for vnet_image_pull_enabled property in 4.0 (#​27001)
• azurerm_logic_app_standard - add support for v8.0 in site_config.dotnet_framework_version (#​26983)
• azurerm_management_group_policy_assignment - remove length restriction on name (#​27055)
• azurerm_recovery_services_vault - add support for the identity block (#​26254)
• azurerm_web_application_firewall_policy - add support for the js_challenge_cookie_expiration_in_minutes property (#​26878)
• azurerm_windows_function_app - add support for vnet_image_pull_enabled property in 4.0 (#​27001)
• azurerm_windows_function_app_slot - add support for vnet_image_pull_enabled property in 4.0 (#​27001)

BUG FIXES:

• Data Source: azurerm_storage_account - add default_share_level_permission to the azure_files_authentication to prevent invalid address errors (#​26996)
• Data Source: azurerm_search_service - expose the tags property (#​26978)
• Data Source: azurerm_virtual_machine - populate missing power_state (#​26991)
• Data Source: azurerm_virtual_machine_scale_set - populate missing power_state (#​26991)
• azurerm_api_management_api_schema - correctly unmarshal definition and components (#​26531)
• azurerm_cdn_frontdoor_secret - fix issue where expiration_date was being set into the parent block (#​26982)
• azurerm_container_app_environment - fix diff suppress on infrastructure_resource_group_name (#​27007)
• azurerm_express_route_connection - prevent sending private_link_fast_path_enabled in the payload if it hasn't been explicitly set (#​26928)
• azurerm_machine_learning_workspace - serverless_compute can now be updated (#​26940)
• azurerm_mssql_database - fix issue where the database cannot be upgraded to use serverless due to the behaviour of the license_type field (#​26850)
• azurerm_mssql_database - prevent error when creating Free edition by setting long_term_retention_policy and short_term_retention_policy as empty (#​26894)
• azurerm_nginx_deployment - omit capacity when creating deployments with a basic plan (#​26223)
• azurerm_role_management_policy - prevent panic when updating activation_rules.approval_stage (#​26800)
• azurerm_sentinel_threat_intelligence_indicator - prevent panic when importing this resource (#​26976)
• azurerm_servicebus_namespace - fix panic reading encryption with versionless ids (#​27060)
• azurerm_synapse_spark_pool - prevent plan diff due to API behaviour by setting node_count as Computed (#​26953)
• azurerm_virtual_network_gateway_connection - fix issue where ingress_nat_rule_ids was updating the egress rules on updates (#​27022)

v3.115.0

Compare Source

ENHANCEMENTS:

• cosmosdb - updating to use version 2024-05-15 (#​26758)
• healthcare - updating to use version 2024-03-31 (#​26699)
• redis - updating to use version 2024-03-01 (#​26932)
• azurerm_cosmosdb_account - avoid infinite diff to default_identity_type for legacy resources where an empty string is returned by the RP (#​26525)
• azurerm_linux_virtual_machine_scale_set - add support for the action property in the automatic_instance_repair block (#​26227)
• azurerm_log_analytics_saved_search - update the regex for the function_parameters property to support more paramters (#​26701)
• azurerm_monitor_data_collection_rule - update performance_counter.x.sampling_frequency_in_seconds range 1 to 1800 (#​26898)
• azurerm_orchestrated_virtual_machine_scale_set - add support for the action property in the automatic_instance_repair block (#​26227)
• azurerm_security_center_storage_defender - add support for the property scan_results_event_grid_topic_id (#​26599)
• azurerm_storage_account - add support for the property default_share_level_permission in the azure_files_authentication block (#​26924)
• azurerm_web_application_firewall_policy - excluded_rule_set.0.type supports Microsoft_BotManagerRuleSet (#​26903)
• azurerm_windows_virtual_machine_scale_set - add support for the action property in the automatic_instance_repair block (#​26227)

BUG FIXES:

• azurerm_container_group - retrieve and set storage_account_key in the payload when updating the resource (#​26640)
• azurerm_key_vault_managed_hardware_security_module_role_assignment - fixed a crash in error messages (#​26972)
• azurerm_kubernetes_cluster - allow an empty list for dns_zone_ids in the web_app_routing block (#​26747)
• azurerm_storage_share_file - fix a bug when encoding the MD5 hash for the content_md5 property (#​25715)

v3.114.0

Compare Source

UPGRADE NOTES:

• 4.0 Beta: This release includes a new feature-flag to opt-into the 4.0 Beta - which (when enabled) introduces a number of behavioural changes, field renames and removes some older deprecated resources and data sources. Please read the disclaimers carefully that are outlined in our guide on how to opt-into the 4.0 Beta before enabling this, as this will cause irreversible changes to your state. The 4.0 Beta is still a work-in-progress at this time and the changes listed in the 4.0 Upgrade Guide may change. We're interested to hear your feedback which can be provided by following this link.

FEATURES:

• New Resource: azurerm_dev_center_network_connection (#​26718)
• New Resource: azurerm_stack_hci_logical_network (#​26473)

ENHANCEMENTS:

• dependencies: updating go-azure-helpers to v0.70.1 (#​26757)
• arckubernetes - updating to use version 2024-01-01 (#​26761)
• data.azurerm_storage_account - the enable_https_traffic_only property has been superseded by https_traffic_only_enabled (#​26740)
• azurerm_log_analytics_cluster - add support for setting size_gb to 100 [GH-#​26865]
• azurerm_storage_account - the enable_https_traffic_only property has been superseded by https_traffic_only_enabled (#​26740)

BUG FIXES:

• azurerm_dns_cname_record - split create and update function to fix lifecycle - ignore (#​26610)
• azurerm_dns_srv_record - split create and update function to fix lifecycle - ignore (#​26627)
• azurerm_kubernetes_cluster - fix issue that prevented max_count from being updated (#​26417)
• azurerm_linux_web_app - correctly set site_config.always_on as configured during Update (#​25753)
• azurerm_linux_web_app_slot - correctly set site_config.always_on as configured during Update (#​25753)
• azurerm_management_group_policy_remediation - fix panic in deprecated schema change for 4.0 (#​26767)
• azurerm_network_security_rule - fix panic when updating source_port_ranges (#​26883)
• azurerm_public_ip - fix panix when updating idle_timeout_in_minutes

DEPRECATIONS:

• azurerm_redis_cache - enable_non_ssl_port has been superseded by non_ssl_port_enabled and redis_configuration. enable_authentication has been superseded by redis_configuration.authentication_enabled (#​26608)

v3.113.0

Compare Source

ENHANCEMENTS:

• dependencies: updating to v0.20240715.1100358 of hashicorp/go-azure-sdk (#​26638)
• storage - updating to use hashicorp/go-azure-sdk (#​26218)

BUG FIXES:

• azurerm_storage_account - fix a validation bug when replacing a StorageV2 account with a StorageV1 account (#​26639)
• azurerm_storage_account - resolve an issue refreshing blob or queue properties after recreation (#​26218)
• azurerm_storage_account - resolve an issue setting tags for an existing storage account where a policy mandates them (#​26218)
• azurerm_storage_account - fix a persistent diff with the customer_managed_key block (#​26218)
• azurerm_storage_account - resolve several consistency related issues when crreating a new storage account (#​26218)

DEPRECATIONS:

• azurerm_eventhub_namespace - deprecate the zone_redundant field in v4.0 (#​26611)
• azurerm_servicebus_namespace - deprecate the zone_redundant field in v4.0 (#​26611)

v3.112.0

Compare Source

FEATURES:

• New Data Source: azurerm_elastic_san_volume_snapshot (#​26439)
• New Resource: azurerm_dev_center_dev_box_definition (#​26307)
• New Resource: azurerm_dev_center_environment_type (#​26291)
• New Resource: azurerm_virtual_machine_restore_point (#​26526)
• New Resource: azurerm_virtual_machine_restore_point_collection (#​26526)

ENHANCEMENTS:

• dependencies: updating to v0.20240710.1114656 of github.com/hashicorp/go-azure-sdk (#​26588)
• dependencies: updating to v0.70.0 of go-azure-helpers (#​26601)
• containerservice: updating the Fleet resources to use API Version 2024-04-01 (#​26588)
• Data Source: azurerm_network_service_tags - extend validation for service to allow AzureFrontDoor.Backend, AzureFrontDoor.Frontend, and AzureFrontDoor.FirstParty (#​26429)
• azurerm_api_management_identity_provider_aad - support for the client_library property (#​26093)
• azurerm_api_management_identity_provider_aadb2c - support for the client_library property (#​26093)
• azurerm_dev_test_virtual_network - support for the shared_public_ip_address property (#​26299)
• azurerm_kubernetes_cluster - support for the certificate_authority block under the service_mesh_profile block (#​26543)
• azurerm_linux_web_app - support the value 8.3 for the php_version property (#​26194)
• azurerm_machine_learning_compute_cluster - the identity property can now be updated (#​26404)
• azurerm_web_application_firewall_policy - support for the JSChallenge value for managed_rules.managed_rule_set.rule_group_override.rule_action (#​26561)

BUG FIXES:

• Data Source: azurerm_communication_service - primary_connection_string, primary_key, secondary_connection_string and secondary_key are marked as Sensitive (#​26560)
• azurerm_app_configuration_feature - fix issue when updating the resource without an existing targeting_filter (#​26506)
• azurerm_backup_policy_vm - split create and update function to fix lifecycle - ignore (#​26591)
• azurerm_backup_protected_vm - split create and update function to fix lifecycle - ignore (#​26583)
• azurerm_communication_service - the primary_connection_string, primary_key, secondary_connection_string, and secondary_key properties are now sensitive (#​26560)
• azurerm_mysql_flexible_server_configuration - add locks to prevent conflicts when deleting the resource (#​26289)
• azurerm_nginx_deployment - changing the frontend_public.ip_address, frontend_private.ip_address, frontend_private.allocation_method, and frontend_private.subnet_id now creates a new resource (#​26298)
• azurerm_palo_alto_local_rulestack_rule - correctl read the protocol property on read when the protocol_ports property is configured (#​26510)
• azurerm_servicebus_namespace - parse the identity returned by the API insensitively before setting into state (#​26540)

DEPRECATIONS:

• azurerm_servicebus_queue - enable_batched_operations, enable_express and enable_partitioning are superseded by batched_operations_enabled, express_enabled and partitioning_enabled (#​26479)
• azurerm_servicebus_subscription - enable_batched_operations has been superseded by batched_operations_enabled (#​26479)
• azurerm_servicebus_topic - enable_batched_operations, enable_express and enable_partitioning are superseded by batched_operations_enabled, express_enabled and partitioning_enabled (#​26479)

v3.111.0

Compare Source

FEATURES:

• New Resource: azurerm_restore_point_collection (#​26518)

ENHANCEMENTS:

• dependencies: updating to v0.20240701.1082110 of github.com/hashicorp/go-azure-sdk (#​26502)
• azurerm_disk_encryption_set - support for the managed_hsm_key_id property (#​26201)
• azurerm_firewall_policy - remove Computed from the sku property and add a default of Standard in 4.0 (#​26499)
• azurerm_kubernetes_cluster - support updating default_node_pool.os_sku between Ubuntu and AzureLinux (#​26262)
• azurerm_kubernetes_cluster_node_pool - support updating os_sku between Ubuntu and AzureLinux (#​26139)
• azurerm_service_plan - support for new the Flex Consumption plan (#​26351)

BUG FIXES:

• azurerm_kubernetes_cluster - prevent a panic (#​26478)
• azurerm_kubernetes_cluster - prevent a diff in upgrade_settings when the API returns an empty object (#​26541)
• azurerm_kubernetes_cluster_node_pool - prevent a diff in upgrade_settings when the API returns an empty object (#​26541)
• azurerm_virtual_network_gateway - split create and update function to fix lifecycle - ignore (#​26451)
• azurerm_virtual_network_gateway_connection - split create and update function to fix lifecycle - ignore (#​26431)

v3.110.0

Compare Source

FEATURES:

• New Data Source: azurerm_load_test (#​26376)
• New Resource: azurerm_virtual_desktop_scaling_plan_host_pool_association (#​24670)

ENHANCEMENTS:

• Data Source: azurerm_monitor_data_collection_endpoint - support for the immutable_id property (#​26380)
• Data Source: azurerm_nginx_certificate - export the properties sha1_thumbprint, key_vault_secret_version, key_vault_secret_creation_date, error_code and error_message (#​26160)
• azurerm_backup_policy_vm - support for the tiering_policy property (#​26263)
• azurerm_kubernetes_cluster_node_pool - Pod Disruption Budgets are now respected when deleting a node pool (#​26471)
• azurerm_monitor_data_collection_endpoint - support for the immutable_id property (#​26380)
• azurerm_mssql_managed_instance - support the value GZRS for the storage_account_type property (#​26448)
• azurerm_mssql_managed_instance_transparent_data_encryption - support for the managed_hsm_key_id property (#​26496)
• azurerm_redis_cache_access_policy - allow updates to permissions (#​26440)
• azurerm_redhat_openshift_cluster - support for the managed_resource_group_name property (#​25529)
• azurerm_redhat_openshift_cluster - support for the preconfigured_network_security_group_enabled property (#​26082)
• azurerm_iotcentral_application - remove Computed from template and set default of [email protected] in 4.0 (#​26485)
• azurerm_digital_twins_time_series_database_connection - remove Computed from kusto_table_name and set a default of AdtPropertyEvents in 4.0 (#​26484)

BUG FIXES:

• Data Source: azurerm_express_route_circuit_peering - fix issue where data source attempts to parse an empty string instead of generating the resource ID (#​26441)
• azurerm_express_route_gateway - prevent a panic (#​26467)
• azurerm_monitor_scheduled_query_rules_alert_v2 - correctly handle the identity block if not specified (#​26364)
• azurerm_security_center_automation - prevent resource recreation when tags are updated (#​26292)
• azurerm_synapse_workspace - fix issue where azure_devops_repo or github_repo configuration could not be removed (#​26421)
• azurerm_virtual_network_dns_servers - split create and update function to fix lifecycle - ignore (#​26427)
• azurerm_linux_function_app - set allowed_applications in the request payload (#​26462)
• azurerm_linux_function_app_slot - set allowed_applications in the request payload (#​26462)
• azurerm_windows_function_app - set allowed_applications in the request payload (#​26462)
• azurerm_windows_function_app_slot - set allowed_applications in the request payload (#​26462)
• azurerm_linux_web_app - set allowed_applications in the request payload (#​26462)
• azurerm_linux_web_app_slot - set allowed_applications in the request payload (#​26462)
• azurerm_windows_web_app - set allowed_applications in the request payload (#​26462)
• azurerm_windows_web_app_slot - set allowed_applications in the request payload (#​26462)
• azurerm_api_management - remove ForceNew from additional_location.zones (#​26384)
• azurerm_logic_app_integration_account_schema - the name property now allows underscores (#​26475)
• azurerm_palo_alto_local_rulestack_rule - prevent error when switching between protocol and protocol_ports (#​26490)

DEPRECATIONS:

• azurerm_analysis_service_server - the property enable_power_bi_service has been superseded by power_bi_service_enabled (#​26456)

---

Configuration

📅 Schedule: Branch creation - "after 7am and before 11am every weekday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[hmcts-jenkins-d-to-i]

Plan Result (aat)

No changes. Your infrastructure matches the configuration.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[hmcts-jenkins-d-to-i]

Plan Result (prod)

No changes. Your infrastructure matches the configuration.