Disable storage account cross tenant replication

[jonnyry]

What is being addressed

Disable storage account cross tenant replication.

The Azure TRE does not use cross tenant replication and it the feature is typically flagged in security posture guidance to disable if not being used, e.g. https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/StorageAccounts/disable-cross-tenant-replication.html

[github-actions]

Unit Test Results

0 tests   0 ✅  0s ⏱️
0 suites  0 💤
0 files    0 ❌

Results for commit c0a474b.

♻️ This comment has been updated with latest results.

[jonnyry]

Not sure why tflint is failing now for my change. I have changed this file (by adding cross_tenant_replication_enabled = false) but not changed the tags.

Happy to fix the tag issue if necessary? Presume it just needs the tre_id wiring through as a TF variable.

2024-11-04 08:54:14 [INFO]   File:[/github/workspace/devops/terraform/main.tf]
2024-11-04 08:54:14 [ERROR]   Found errors in [tflint] linter!
2024-11-04 08:54:14 [ERROR]   Error code: 2. Command output:
------
WARNING: "tflint FILE/DIR" is deprecated and will error in a future version. Use --chdir or --filter instead.
4 issue(s) found:

Notice: The resource is missing the following tags: "tre_id". (azurerm_resource_missing_tags)

  on main.tf line 10:
  10:   tags = {
  11:     project = "Azure Trusted Research Environment"
  12:     source  = "https://github.com/microsoft/AzureTRE/"
  13:   }

Reference: https://github.com/terraform-linters/tflint-ruleset-azurerm/blob/v0.22.0/docs/rules/azurerm_resource_missing_tags.md

Notice: The resource is missing the following tags: "tre_id". (azurerm_resource_missing_tags)

  on main.tf line 19:
  19: resource "azurerm_storage_account" "state_storage" {

Reference: https://github.com/terraform-linters/tflint-ruleset-azurerm/blob/v0.22.0/docs/rules/azurerm_resource_missing_tags.md

Notice: The resource is missing the following tags: "tre_id". (azurerm_resource_missing_tags)

  on main.tf line 33:
  33: resource "azurerm_container_registry" "shared_acr" {

Reference: https://github.com/terraform-linters/tflint-ruleset-azurerm/blob/v0.22.0/docs/rules/azurerm_resource_missing_tags.md

Notice: The resource is missing the following tags: "tre_id". (azurerm_resource_missing_tags)

  on main.tf line 45:
  45: resource "azurerm_container_registry_task" "tredev_purge" {

Reference: https://github.com/terraform-linters/tflint-ruleset-azurerm/blob/v0.22.0/docs/rules/azurerm_resource_missing_tags.md

[jonnyry]

Ah this would be the reason...

        uses: github/super-linter/slim@v5.0.0
        env:
          VALIDATE_ALL_CODEBASE: false

...didn't realise the linter only processed files changed.

[jonnyry]

Not fixing the linting issue above as per:

#4117

[tim-p-allen]

LGTM

[jonnyry]

@tim-allen-ck ok to get this one merged?

[tim-p-allen]

/test

[github-actions]

🤖 pr-bot 🤖

⚠️ When using /test on external PRs, the SHA of the checked commit must be specified

(in response to this comment from @tim-allen-ck)

[tim-p-allen]

/test c0a474b

[github-actions]

🤖 pr-bot 🤖

🏃 Running tests: https://github.com/microsoft/AzureTRE/actions/runs/12018091544 (with refid cc787b47)

(in response to this comment from @tim-allen-ck)