From d94390df8b6d96d4a711215da8a9f5483a454b11 Mon Sep 17 00:00:00 2001
From: sdeguchi <sdeguchi@microsoft.com>
Date: Wed, 22 Jan 2025 18:07:52 -0800
Subject: [PATCH 1/5] feat: adding child platform management groups

---
 .../locals.tf                                 | 221 +++++++++++++-----
 .../architecture_definition.json.tftpl        |  13 ++
 ...fsi.alz_architecture_definition.json.tftpl |  89 -------
 ...slz.alz_architecture_definition.json.tftpl |  89 -------
 4 files changed, 173 insertions(+), 239 deletions(-)
 create mode 100644 modules/template_architecture_definition/templates/architecture_definition.json.tftpl
 delete mode 100644 modules/template_architecture_definition/templates/fsi.alz_architecture_definition.json.tftpl
 delete mode 100644 modules/template_architecture_definition/templates/slz.alz_architecture_definition.json.tftpl

diff --git a/modules/template_architecture_definition/locals.tf b/modules/template_architecture_definition/locals.tf
index 2ffcfab..a7595a9 100644
--- a/modules/template_architecture_definition/locals.tf
+++ b/modules/template_architecture_definition/locals.tf
@@ -1,75 +1,174 @@
 locals {
   # Determine template architecture definition inputs from starter module tfvars
-  starter_module_tfvars           = jsondecode(file("${var.starter_module_folder_path}/terraform.tfvars.json"))
-  default_prefix                  = try(local.starter_module_tfvars.default_prefix, "alz")
-  default_postfix                 = try(local.starter_module_tfvars.default_postfix, "")
-  top_level_management_group_name = try(local.starter_module_tfvars.top_level_management_group_name, "alz")
-  default_template_file_path      = "${path.module}/templates/${var.architecture_definition_name}.alz_architecture_definition.json.tftpl"
-  template_file_path              = var.architecture_definition_template_path != "" ? var.architecture_definition_template_path : local.default_template_file_path
+  starter_module_tfvars                  = jsondecode(file("${var.starter_module_folder_path}/terraform.tfvars.json"))
+  default_prefix                         = try(local.starter_module_tfvars.default_prefix, "alz")
+  default_postfix                        = try(local.starter_module_tfvars.default_postfix, "")
+  management_group_configuration         = local.starter_module_tfvars.management_group_configuration  # this input is require, fail if incorrect configuration is provided
+  platform_management_group_children     = try(local.starter_module_tfvars.platform_management_group_children, {})
+  landing_zone_management_group_children = try(local.starter_module_tfvars.landing_zone_management_group_children, {})
+  default_template_file_path             = "${path.module}/templates/architecture_definition.json.tftpl"
+  template_file_path                     = var.architecture_definition_template_path != "" ? var.architecture_definition_template_path : local.default_template_file_path
 
   # Customer has provided a custom architecture definition
   has_architecture_definition_override = var.architecture_definition_override_path != ""
 
   # ALZ archetypes
-  alz_root           = ["\"root\""]
-  alz_platform       = ["\"platform\""]
-  alz_landing_zone   = ["\"landing_zones\""]
-  alz_decommissioned = ["\"decommissioned\""]
-  alz_sandboxes      = ["\"sandboxes\""]
-  alz_corp           = ["\"corp\""]
-  alz_online         = ["\"online\""]
-  alz_management     = ["\"management\""]
-  alz_connectivity   = ["\"connectivity\""]
-  alz_identity       = ["\"identity\""]
+  alz_root_archtype           = ["root"]
+  alz_platform_archtype       = ["platform"]
+  alz_landing_zone_archtype   = ["landing_zones"]
+  alz_decommissioned_archtype = ["decommissioned"]
+  alz_sandboxes_archtype      = ["sandboxes"]
+  alz_management_archtype     = ["management"]
+  alz_connectivity_archtype   = ["connectivity"]
+  alz_identity_archtype       = ["identity"]
+  alz_corp_archtype           = ["corp"]
+  alz_online_archtype         = ["online"]
 
   # management group layered archetypes
-  root                = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_root : []
-  platform            = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_platform : []
-  landing_zone        = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_landing_zone : []
-  decommissioned      = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_decommissioned : []
-  sandboxes           = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_sandboxes : []
-  corp                = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_corp : []
-  online              = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_online : []
-  management          = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_management : []
-  connectivity        = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_connectivity : []
-  identity            = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_identity : []
-  confidential_corp   = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_corp : []
-  confidential_online = var.apply_alz_archetypes_via_architecture_definition_template ? local.alz_online : []
+  root_archtypes                = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_root_archtype, local.management_group_configuration.root.archetypes) : local.management_group_configuration.root.archetypes
+  platform_archtypes            = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_platform_archtype, local.management_group_configuration.platform.archetypes) : local.management_group_configuration.platform.archetypes
+  landingzones_archtypes        = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_landing_zone_archtype, local.management_group_configuration.landingzones.archetypes) : local.management_group_configuration.landingzones.archetypes
+  decommissioned_archtypes      = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_decommissioned_archtype, local.management_group_configuration.decommissioned.archetypes) : local.management_group_configuration.decommissioned.archetypes
+  sandbox_archtypes             = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_sandboxes_archtype, local.management_group_configuration.sandbox.archetypes) : local.management_group_configuration.sandbox.archetypes
+  management_archtypes          = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_management_archtype, local.management_group_configuration.management.archetypes) : local.management_group_configuration.management.archetypes
+  connectivity_archtypes        = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_connectivity_archtype, local.management_group_configuration.connectivity.archetypes) : local.management_group_configuration.connectivity.archetypes
+  identity_archtypes            = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_identity_archtype, local.management_group_configuration.identity.archetypes) : local.management_group_configuration.identity.archetypes
+  corp_archtypes                = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_corp_archtype, local.management_group_configuration.corp.archetypes) : local.management_group_configuration.corp.archetypes
+  online_archtypes              = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_online_archtype, local.management_group_configuration.online.archetypes) : local.management_group_configuration.online.archetypes
+  confidential_corp_archtypes   = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_corp_archtype, local.management_group_configuration.confidential_corp.archetypes) : local.management_group_configuration.confidential_corp.archetypes
+  confidential_online_archtypes = var.apply_alz_archetypes_via_architecture_definition_template ? concat(local.alz_online_archtype, local.management_group_configuration.confidential_online.archetypes) : local.management_group_configuration.confidential_online.archetypes
 
-  template_vars = {
-    architecture_definition_name            = var.architecture_definition_name
-    top_level_management_group_name         = local.top_level_management_group_name
-    root_management_group_id                = "${local.default_prefix}${local.default_postfix}"
-    platform_management_group_id            = "${local.default_prefix}-platform${local.default_postfix}"
-    landing_zone_management_group_id        = "${local.default_prefix}-landingzones${local.default_postfix}"
-    decommissioned_management_group_id      = "${local.default_prefix}-decommissioned${local.default_postfix}"
-    sandbox_management_group_id             = "${local.default_prefix}-sandbox${local.default_postfix}"
-    corp_management_group_id                = "${local.default_prefix}-landingzones-corp${local.default_postfix}"
-    online_management_group_id              = "${local.default_prefix}-landingzones-online${local.default_postfix}"
-    management_management_group_id          = "${local.default_prefix}-platform-management${local.default_postfix}"
-    connectivity_management_group_id        = "${local.default_prefix}-platform-connectivity${local.default_postfix}"
-    identity_management_group_id            = "${local.default_prefix}-platform-identity${local.default_postfix}"
-    confidential_corp_management_group_id   = "${local.default_prefix}-landingzones-confidential-corp${local.default_postfix}"
-    confidential_online_management_group_id = "${local.default_prefix}-landingzones-confidential-online${local.default_postfix}"
-
-    root_archetypes                = join(", ", local.root)
-    platform_archetypes            = join(", ", local.platform)
-    landing_zone_archetypes        = join(", ", local.landing_zone)
-    decommissioned_archetypes      = join(", ", local.decommissioned)
-    sandboxes_archetypes           = join(", ", local.sandboxes)
-    corp_archetypes                = join(", ", local.corp)
-    online_archetypes              = join(", ", local.online)
-    management_archetypes          = join(", ", local.management)
-    connectivity_archetypes        = join(", ", local.connectivity)
-    identity_archetypes            = join(", ", local.identity)
-    confidential_corp_archetypes   = join(", ", local.confidential_corp)
-    confidential_online_archetypes = join(", ", local.confidential_online)
+  management_group_format_variables = {
+    default_prefix  = local.default_prefix
+    default_postfix = local.default_postfix
   }
 
-  unclean_templated_file_content = templatefile(local.template_file_path, local.template_vars)
+  root_management_group_id                = templatestring(local.management_group_configuration.root.id, local.management_group_format_variables)
+  platform_management_group_id            = templatestring(local.management_group_configuration.platform.id, local.management_group_format_variables)
+  landing_zone_management_group_id        = templatestring(local.management_group_configuration.landingzones.id, local.management_group_format_variables)
+  decommissioned_management_group_id      = templatestring(local.management_group_configuration.decommissioned.id, local.management_group_format_variables)
+  sandbox_management_group_id             = templatestring(local.management_group_configuration.sandbox.id, local.management_group_format_variables)
+  management_management_group_id          = templatestring(local.management_group_configuration.management.id, local.management_group_format_variables)
+  connectivity_management_group_id        = templatestring(local.management_group_configuration.connectivity.id, local.management_group_format_variables)
+  identity_management_group_id            = templatestring(local.management_group_configuration.identity.id, local.management_group_format_variables)
+  corp_management_group_id                = templatestring(local.management_group_configuration.corp.id, local.management_group_format_variables)
+  online_management_group_id              = templatestring(local.management_group_configuration.online.id, local.management_group_format_variables)
+  confidential_corp_management_group_id   = templatestring(local.management_group_configuration.confidential_corp.id, local.management_group_format_variables)
+  confidential_online_management_group_id = templatestring(local.management_group_configuration.confidential_online.id, local.management_group_format_variables)
+
+  alz_management_groups = [
+    {
+      "archetypes" : jsonencode(local.root_archtypes),
+      "display_name" : jsonencode(local.management_group_configuration.root.display_name),
+      "exists" : false,
+      "id" : jsonencode(local.root_management_group_id),
+      "parent_id" : jsonencode(null)
+    },
+    {
+      "archetypes" : jsonencode(local.platform_archtypes),
+      "display_name" : jsonencode(local.management_group_configuration.platform.display_name),
+      "exists" : false,
+      "id" : jsonencode(local.platform_management_group_id),
+      "parent_id" : jsonencode(local.root_management_group_id)
+    },
+    {
+      "archetypes" : jsonencode(local.landingzones_archtypes),
+      "display_name" : jsonencode(local.management_group_configuration.landingzones.display_name),
+      "exists" : false,
+      "id" : jsonencode(local.landing_zone_management_group_id),
+      "parent_id" : jsonencode(local.root_management_group_id)
+    },
+    {
+      "archetypes" : jsonencode(local.sandbox_archtypes),
+      "display_name" : jsonencode(local.management_group_configuration.sandbox.display_name),
+      "exists" : false,
+      "id" : jsonencode(local.sandbox_management_group_id),
+      "parent_id" : jsonencode(local.root_management_group_id)
+    },
+    {
+      "archetypes" : jsonencode(local.decommissioned_archtypes),
+      "display_name" : jsonencode(local.management_group_configuration.decommissioned.display_name),
+      "exists" : false,
+      "id" : jsonencode(local.decommissioned_management_group_id),
+      "parent_id" : jsonencode(local.root_management_group_id)
+    },
+    {
+      "archetypes" : jsonencode(local.management_archtypes),
+      "display_name" : jsonencode(local.management_group_configuration.management.display_name),
+      "exists" : false,
+      "id" : jsonencode(local.management_management_group_id),
+      "parent_id" : jsonencode(local.platform_management_group_id)
+    },
+    {
+      "archetypes" : jsonencode(local.connectivity_archtypes),
+      "display_name" : jsonencode(local.management_group_configuration.connectivity.display_name),
+      "exists" : false,
+      "id" : jsonencode(local.connectivity_management_group_id),
+      "parent_id" : jsonencode(local.platform_management_group_id)
+    },
+    {
+      "archetypes" : jsonencode(local.identity_archtypes),
+      "display_name" : jsonencode(local.management_group_configuration.identity.display_name),
+      "exists" : false,
+      "id" : jsonencode(local.identity_management_group_id),
+      "parent_id" : jsonencode(local.platform_management_group_id)
+    },
+    {
+      "archetypes" : jsonencode(local.corp_archtypes),
+      "display_name" : jsonencode(local.management_group_configuration.corp.display_name),
+      "exists" : false,
+      "id" : jsonencode(local.corp_management_group_id),
+      "parent_id" : jsonencode(local.landing_zone_management_group_id)
+    },
+    {
+      "archetypes" : jsonencode(local.online_archtypes),
+      "display_name" : jsonencode(local.management_group_configuration.online.display_name),
+      "exists" : false,
+      "id" : jsonencode(local.online_management_group_id),
+      "parent_id" : jsonencode(local.landing_zone_management_group_id)
+    },
+    {
+      "archetypes" : jsonencode(local.confidential_corp_archtypes),
+      "display_name" : jsonencode(local.management_group_configuration.confidential_corp.display_name),
+      "exists" : false,
+      "id" : jsonencode(local.confidential_corp_management_group_id),
+      "parent_id" : jsonencode(local.landing_zone_management_group_id)
+    },
+    {
+      "archetypes" : jsonencode(local.confidential_online_archtypes),
+      "display_name" : jsonencode(local.management_group_configuration.confidential_online.display_name),
+      "exists" : false,
+      "id" : jsonencode(local.confidential_online_management_group_id),
+      "parent_id" : jsonencode(local.landing_zone_management_group_id)
+    }
+  ]
+
+  platform_management_groups = [for k, v in local.platform_management_group_children :
+    {
+      "archetypes" : jsonencode(v.archetypes),
+      "display_name" : jsonencode(v.display_name),
+      "exists" : false,
+      "id" : jsonencode(templatestring(v.id, local.management_group_format_variables)),
+      "parent_id" : jsonencode(local.platform_management_group_id)
+    }
+  ]
+
+  landing_zone_management_groups = [for k, v in local.landing_zone_management_group_children :
+    {
+      "archetypes" : jsonencode(v.archetypes),
+      "display_name" : jsonencode(v.display_name),
+      "exists" : false,
+      "id" : jsonencode(templatestring(v.id, local.management_group_format_variables)),
+      "parent_id" : jsonencode(local.landing_zone_management_group_id)
+    }
+  ]
+
+  management_groups = concat(local.alz_management_groups, local.platform_management_groups, local.landing_zone_management_groups)
+
+  template_vars = {
+    architecture_definition_name = var.architecture_definition_name
+    management_groups            = local.management_groups
+  }
 
-  # Templated file contents could have malformed json due hard-coded archetypes in the template file. 
-  # This fixes commas in the json at beginning and end of arrays, and two consecutive commas in the arrays.
-  # Occurs when there are no archetypes in the array that is being used to replace the template variable.
-  template_file = replace(replace(replace(local.unclean_templated_file_content, "/\\[\\s*,\\s*/", "["), "/,\\s*\\]/", "]"), "/\\,\\s*,/", ",")
+  template_file = templatefile(local.template_file_path, local.template_vars)
 }
diff --git a/modules/template_architecture_definition/templates/architecture_definition.json.tftpl b/modules/template_architecture_definition/templates/architecture_definition.json.tftpl
new file mode 100644
index 0000000..64ec1b2
--- /dev/null
+++ b/modules/template_architecture_definition/templates/architecture_definition.json.tftpl
@@ -0,0 +1,13 @@
+{
+  "name": "${architecture_definition_name}",
+  "management_groups": [
+    %{ for management_group in management_groups }{
+      "archetypes": ${management_group.archetypes},
+      "display_name": ${management_group.display_name},
+      "id": ${management_group.id},
+      "exists": ${management_group.exists},
+      "parent_id": ${management_group.parent_id}
+    }%{ if management_group != management_groups[length(management_groups) - 1] && length(management_groups) != 0},
+    %{ endif }%{ endfor }
+  ]
+}
diff --git a/modules/template_architecture_definition/templates/fsi.alz_architecture_definition.json.tftpl b/modules/template_architecture_definition/templates/fsi.alz_architecture_definition.json.tftpl
deleted file mode 100644
index 19934c5..0000000
--- a/modules/template_architecture_definition/templates/fsi.alz_architecture_definition.json.tftpl
+++ /dev/null
@@ -1,89 +0,0 @@
-{
-  "name": "${architecture_definition_name}",
-  "management_groups": [
-    {
-      "archetypes": [${root_archetypes}, "fsi_root", "tr_01_logging", "re_01_zonal_residency", "so_04_cmk", "so_01_data_residency"],
-      "display_name": "${top_level_management_group_name}",
-      "exists": false,
-      "id": "${root_management_group_id}",
-      "parent_id": null
-    },
-    {
-      "archetypes": [${landing_zone_archetypes}],
-      "display_name": "Landing Zones",
-      "exists": false,
-      "id": "${landing_zone_management_group_id}",
-      "parent_id": "${root_management_group_id}"
-    },
-    {
-      "archetypes": [${platform_archetypes}],
-      "display_name": "Platform",
-      "exists": false,
-      "id": "${platform_management_group_id}",
-      "parent_id": "${root_management_group_id}"
-    },
-    {
-      "archetypes": [${identity_archetypes}],
-      "display_name": "Identity",
-      "exists": false,
-      "id": "${identity_management_group_id}",
-      "parent_id": "${platform_management_group_id}"
-    },
-    {
-      "archetypes": [${connectivity_archetypes}],
-      "display_name": "Connectivity",
-      "exists": false,
-      "id": "${connectivity_management_group_id}",
-      "parent_id": "${platform_management_group_id}"
-    },
-    {
-      "archetypes": [${management_archetypes}],
-      "display_name": "Management",
-      "exists": false,
-      "id": "${management_management_group_id}",
-      "parent_id": "${platform_management_group_id}"
-    },
-    {
-      "archetypes": [${corp_archetypes}],
-      "display_name": "Corp",
-      "exists": false,
-      "id": "${corp_management_group_id}",
-      "parent_id": "${landing_zone_management_group_id}"
-    },
-    {
-      "archetypes": [${confidential_corp_archetypes}, "confidential"],
-      "display_name": "Confidential Corp",
-      "exists": false,
-      "id": "${confidential_corp_management_group_id}",
-      "parent_id": "${landing_zone_management_group_id}"
-    },
-    {
-      "archetypes": [${online_archetypes}],
-      "display_name": "Online",
-      "exists": false,
-      "id": "${online_management_group_id}",
-      "parent_id": "${landing_zone_management_group_id}"
-    },
-    {
-      "archetypes": [${confidential_online_archetypes}, "confidential"],
-      "display_name": "Confidential Online",
-      "exists": false,
-      "id": "${confidential_online_management_group_id}",
-      "parent_id": "${landing_zone_management_group_id}"
-    },
-    {
-      "archetypes": [${sandboxes_archetypes}],
-      "display_name": "Sandbox",
-      "exists": false,
-      "id": "${sandbox_management_group_id}",
-      "parent_id": "${root_management_group_id}"
-    },
-    {
-      "archetypes": [${decommissioned_archetypes}],
-      "display_name": "Decommissioned",
-      "exists": false,
-      "id": "${decommissioned_management_group_id}",
-      "parent_id": "${root_management_group_id}"
-    }
-  ]
-}
diff --git a/modules/template_architecture_definition/templates/slz.alz_architecture_definition.json.tftpl b/modules/template_architecture_definition/templates/slz.alz_architecture_definition.json.tftpl
deleted file mode 100644
index ecbbf01..0000000
--- a/modules/template_architecture_definition/templates/slz.alz_architecture_definition.json.tftpl
+++ /dev/null
@@ -1,89 +0,0 @@
-{
-  "name": "${architecture_definition_name}",
-  "management_groups": [
-    {
-      "archetypes": [${root_archetypes}, "global"],
-      "display_name": "${top_level_management_group_name}",
-      "exists": false,
-      "id": "${root_management_group_id}",
-      "parent_id": null
-    },
-    {
-      "archetypes": [${landing_zone_archetypes}],
-      "display_name": "Landing Zones",
-      "exists": false,
-      "id": "${landing_zone_management_group_id}",
-      "parent_id": "${root_management_group_id}"
-    },
-    {
-      "archetypes": [${platform_archetypes}],
-      "display_name": "Platform",
-      "exists": false,
-      "id": "${platform_management_group_id}",
-      "parent_id": "${root_management_group_id}"
-    },
-    {
-      "archetypes": [${identity_archetypes}],
-      "display_name": "Identity",
-      "exists": false,
-      "id": "${identity_management_group_id}",
-      "parent_id": "${platform_management_group_id}"
-    },
-    {
-      "archetypes": [${connectivity_archetypes}],
-      "display_name": "Connectivity",
-      "exists": false,
-      "id": "${connectivity_management_group_id}",
-      "parent_id": "${platform_management_group_id}"
-    },
-    {
-      "archetypes": [${management_archetypes}],
-      "display_name": "Management",
-      "exists": false,
-      "id": "${management_management_group_id}",
-      "parent_id": "${platform_management_group_id}"
-    },
-    {
-      "archetypes": [${corp_archetypes}],
-      "display_name": "Corp",
-      "exists": false,
-      "id": "${corp_management_group_id}",
-      "parent_id": "${landing_zone_management_group_id}"
-    },
-    {
-      "archetypes": [${confidential_corp_archetypes}, "confidential"],
-      "display_name": "Confidential Corp",
-      "exists": false,
-      "id": "${confidential_corp_management_group_id}",
-      "parent_id": "${landing_zone_management_group_id}"
-    },
-    {
-      "archetypes": [${online_archetypes}],
-      "display_name": "Online",
-      "exists": false,
-      "id": "${online_management_group_id}",
-      "parent_id": "${landing_zone_management_group_id}"
-    },
-    {
-      "archetypes": [${confidential_online_archetypes}, "confidential"],
-      "display_name": "Confidential Online",
-      "exists": false,
-      "id": "${confidential_online_management_group_id}",
-      "parent_id": "${landing_zone_management_group_id}"
-    },
-    {
-      "archetypes": [${sandboxes_archetypes}],
-      "display_name": "Sandbox",
-      "exists": false,
-      "id": "${sandbox_management_group_id}",
-      "parent_id": "${root_management_group_id}"
-    },
-    {
-      "archetypes": [${decommissioned_archetypes}],
-      "display_name": "Decommissioned",
-      "exists": false,
-      "id": "${decommissioned_management_group_id}",
-      "parent_id": "${root_management_group_id}"
-    }
-  ]
-}

From 0702925feff9d1a0a3a308890d758e1bc3efdd55 Mon Sep 17 00:00:00 2001
From: sdeguchi <sdeguchi@microsoft.com>
Date: Wed, 22 Jan 2025 18:58:02 -0800
Subject: [PATCH 2/5] terraform fmt

---
 modules/template_architecture_definition/locals.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/template_architecture_definition/locals.tf b/modules/template_architecture_definition/locals.tf
index a7595a9..14d8d78 100644
--- a/modules/template_architecture_definition/locals.tf
+++ b/modules/template_architecture_definition/locals.tf
@@ -3,7 +3,7 @@ locals {
   starter_module_tfvars                  = jsondecode(file("${var.starter_module_folder_path}/terraform.tfvars.json"))
   default_prefix                         = try(local.starter_module_tfvars.default_prefix, "alz")
   default_postfix                        = try(local.starter_module_tfvars.default_postfix, "")
-  management_group_configuration         = local.starter_module_tfvars.management_group_configuration  # this input is require, fail if incorrect configuration is provided
+  management_group_configuration         = local.starter_module_tfvars.management_group_configuration # this input is require, fail if incorrect configuration is provided
   platform_management_group_children     = try(local.starter_module_tfvars.platform_management_group_children, {})
   landing_zone_management_group_children = try(local.starter_module_tfvars.landing_zone_management_group_children, {})
   default_template_file_path             = "${path.module}/templates/architecture_definition.json.tftpl"

From f2c7e01145dda42b916679c5ff4149cf5a9c75e1 Mon Sep 17 00:00:00 2001
From: Jared Holgate <jaredholgate@microsoft.com>
Date: Thu, 23 Jan 2025 14:39:53 +0000
Subject: [PATCH 3/5] Skip alz module version check in e2e tests

---
 .github/workflows/end-to-end-test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/end-to-end-test.yml b/.github/workflows/end-to-end-test.yml
index d019166..857c425 100644
--- a/.github/workflows/end-to-end-test.yml
+++ b/.github/workflows/end-to-end-test.yml
@@ -294,7 +294,7 @@ jobs:
               if($infrastructureAsCode -eq "terraform") {
                 $starterModuleOverrideFolderPath = "$starterModuleOverrideFolderPath/templates"
               }
-              Deploy-Accelerator -output "${{ env.TARGET_FOLDER }}" -inputs "./inputs.json" -bootstrapModuleOverrideFolderPath "${{ env.BOOTSTRAP_MODULE_FOLDER }}" -starterModuleOverrideFolderPath $starterModuleOverrideFolderPath -starterRelease "${{ env.ALZ_ON_DEMAND_FOLDER_RELEASE_TAG }}" -autoApprove -ErrorAction Stop -Verbose
+              Deploy-Accelerator -output "${{ env.TARGET_FOLDER }}" -inputs "./inputs.json" -bootstrapModuleOverrideFolderPath "${{ env.BOOTSTRAP_MODULE_FOLDER }}" -starterModuleOverrideFolderPath $starterModuleOverrideFolderPath -starterRelease "${{ env.ALZ_ON_DEMAND_FOLDER_RELEASE_TAG }}" -autoApprove -skipAlzModuleVersionRequirementsCheck -ErrorAction Stop -Verbose
 
               if ($LastExitCode -eq 0) {
                 $success = $true

From 5940538e6c1d88fab5c9850a8c0e0c3975c70628 Mon Sep 17 00:00:00 2001
From: Jared Holgate <jaredholgate@microsoft.com>
Date: Thu, 23 Jan 2025 14:42:12 +0000
Subject: [PATCH 4/5] Add missing flag

---
 .github/tests/scripts/destroy.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/tests/scripts/destroy.ps1 b/.github/tests/scripts/destroy.ps1
index ea3a57a..9519171 100644
--- a/.github/tests/scripts/destroy.ps1
+++ b/.github/tests/scripts/destroy.ps1
@@ -28,7 +28,7 @@ do {
         if($infrastructureAsCode -eq "terraform") { 
           $starterModuleOverrideFolderPath = "$starterModuleOverrideFolderPath/templates"
         }
-        Deploy-Accelerator -output "$($env:TARGET_FOLDER)" -inputs "./inputs.json" -bootstrapModuleOverrideFolderPath "$($env:BOOTSTRAP_MODULE_FOLDER)" -starterModuleOverrideFolderPath $starterModuleOverrideFolderPath -starterRelease "$($env.ALZ_ON_DEMAND_FOLDER_RELEASE_TAG)" -autoApprove -destroy -ErrorAction Stop
+        Deploy-Accelerator -output "$($env:TARGET_FOLDER)" -inputs "./inputs.json" -bootstrapModuleOverrideFolderPath "$($env:BOOTSTRAP_MODULE_FOLDER)" -starterModuleOverrideFolderPath $starterModuleOverrideFolderPath -starterRelease "$($env.ALZ_ON_DEMAND_FOLDER_RELEASE_TAG)" -autoApprove -skipAlzModuleVersionRequirementsCheck -destroy -ErrorAction Stop
         if ($LastExitCode -eq 0) {
             $success = $true
         } else {

From 18d1c08f9a7418304f7da991db634a225293d44d Mon Sep 17 00:00:00 2001
From: Jared Holgate <jaredholgate@microsoft.com>
Date: Thu, 23 Jan 2025 15:08:21 +0000
Subject: [PATCH 5/5] Fix GitHub deprecated task versions

---
 .../actions/terraform/templates/workflows/cd-template.yaml    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/alz/github/actions/terraform/templates/workflows/cd-template.yaml b/alz/github/actions/terraform/templates/workflows/cd-template.yaml
index c8bdb42..d6b8212 100644
--- a/alz/github/actions/terraform/templates/workflows/cd-template.yaml
+++ b/alz/github/actions/terraform/templates/workflows/cd-template.yaml
@@ -73,7 +73,7 @@ jobs:
         shell: pwsh
 
       - name: Publish Module Artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: module
           path: ./staging/
@@ -105,7 +105,7 @@ jobs:
 
     steps:
       - name: Download a Build Artifact
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: module