Added Azure Blob Storage by ArendPeter · Pull Request #35 · Equal-Vote/terraform

ArendPeter · 2026-01-03T18:31:18Z

Uses the same resource group from main.tf
Seems like the lock file should be included, similar to package-lock.json https://stackoverflow.com/questions/67963719/should-terraform-lock-hcl-be-included-in-the-gitignore-file

github-actions · 2026-01-03T18:31:36Z

OpenTofu Format and Style 🖌`failure`

OpenTofu Initialization ⚙️`success`

OpenTofu Validation 🤖`success`

Validation Output


Success! The configuration is valid.

OpenTofu Plan 📖`failure`

Show Plan


tofu

Pusher: @ArendPeter, Action: pull_request, Working Directory: ``, Workflow: .github/workflows/opentofu.yml

storage.tf

github-actions · 2026-01-03T18:53:57Z

OpenTofu Format and Style 🖌`success`

OpenTofu Initialization ⚙️`success`

OpenTofu Validation 🤖`success`

Validation Output


Success! The configuration is valid.

OpenTofu Plan 📖`success`

Show Plan


tofu
data.azurerm_client_config.current: Reading...
azurerm_resource_group.equalvote: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote]
data.azurerm_client_config.current: Read complete after 0s [id=Y2xpZW50Q29uZmlncy9jbGllbnRJZD0xMDZmYTU2Ny1lZjBmLTQxNzYtYWY4MS0zZjJhZjcwNmZhMjA7b2JqZWN0SWQ9ZTQ1MzZmMDctOGY1YS00NTAxLWJlOTAtNmEzZDJhMDliMGYzO3N1YnNjcmlwdGlvbklkPTg2ZjMxNDVhLTQ4Y2MtNDI1NS04NzU3LWRkMzEwNGQxNWU1Nzt0ZW5hbnRJZD1mYjViMDlkMC02YzdjLTRiZjItYWRmNy02ZmI2MWY5MDJkZTk=]
azurerm_data_protection_backup_vault.equalvote: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.DataProtection/backupVaults/equalvote-backup-vault]
azurerm_virtual_network.equalvote: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.Network/virtualNetworks/equalvote]
azurerm_key_vault.equalvote: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.KeyVault/vaults/equalvote]
azurerm_user_assigned_identity.argocd-identity: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.ManagedIdentity/userAssignedIdentities/argocd]
azurerm_dns_zone.prod: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.Network/dnsZones/prod.equal.vote]
azurerm_dns_zone.dev: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.Network/dnsZones/dev.equal.vote]
azurerm_dns_zone.sandbox: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.Network/dnsZones/sandbox.star.vote]
azurerm_key_vault.equalvote-argocd: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.KeyVault/vaults/equalvote-argocd]
azurerm_kubernetes_cluster.equalvote: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.ContainerService/managedClusters/equalvote]
azurerm_subnet.equalvote: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.Network/virtualNetworks/equalvote/subnets/equalvote]
azurerm_data_protection_backup_policy_disk.equalvote: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.DataProtection/backupVaults/equalvote-backup-vault/backupPolicies/equalvote-backup-policy]
azurerm_key_vault_key.sops: Refreshing state... [id=https://equalvote.vault.azure.net/keys/sops/92a0fe05a77b4a3787d10bbd444f19c6]
azurerm_key_vault_access_policy.argocd-policy: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.KeyVault/vaults/equalvote-argocd/objectId/2c7d3739-7134-4112-ae3d-8e3fd181032d]
azurerm_key_vault_key.sops-key: Refreshing state... [id=https://equalvote-argocd.vault.azure.net/keys/sops-key/9d7a971e677f4d8a9f2f7adaf349f7ff]
azurerm_federated_identity_credential.kubernetes-federated-credential: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.ManagedIdentity/userAssignedIdentities/argocd/federatedIdentityCredentials/kubernetes-federated-credential]

OpenTofu used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

OpenTofu will perform the following actions:

  # azurerm_storage_account.storage will be created
  + resource "azurerm_storage_account" "storage" {
      + access_tier                        = (known after apply)
      + account_kind                       = "StorageV2"
      + account_replication_type           = "LRS"
      + account_tier                       = "Standard"
      + allow_nested_items_to_be_public    = true
      + cross_tenant_replication_enabled   = false
      + default_to_oauth_authentication    = false
      + dns_endpoint_type                  = "Standard"
      + https_traffic_only_enabled         = true
      + id                                 = (known after apply)
      + infrastructure_encryption_enabled  = false
      + is_hns_enabled                     = false
      + large_file_share_enabled           = (known after apply)
      + local_user_enabled                 = true
      + location                           = "westus2"
      + min_tls_version                    = "TLS1_2"
      + name                               = "defaultstorageacct"
      + nfsv3_enabled                      = false
      + primary_access_key                 = (sensitive value)
      + primary_blob_connection_string     = (sensitive value)
      + primary_blob_endpoint              = (known after apply)
      + primary_blob_host                  = (known after apply)
      + primary_blob_internet_endpoint     = (known after apply)
      + primary_blob_internet_host         = (known after apply)
      + primary_blob_microsoft_endpoint    = (known after apply)
      + primary_blob_microsoft_host        = (known after apply)
      + primary_connection_string          = (sensitive value)
      + primary_dfs_endpoint               = (known after apply)
      + primary_dfs_host                   = (known after apply)
      + primary_dfs_internet_endpoint      = (known after apply)
      + primary_dfs_internet_host          = (known after apply)
      + primary_dfs_microsoft_endpoint     = (known after apply)
      + primary_dfs_microsoft_host         = (known after apply)
      + primary_file_endpoint              = (known after apply)
      + primary_file_host                  = (known after apply)
      + primary_file_internet_endpoint     = (known after apply)
      + primary_file_internet_host         = (known after apply)
      + primary_file_microsoft_endpoint    = (known after apply)
      + primary_file_microsoft_host        = (known after apply)
      + primary_location                   = (known after apply)
      + primary_queue_endpoint             = (known after apply)
      + primary_queue_host                 = (known after apply)
      + primary_queue_microsoft_endpoint   = (known after apply)
      + primary_queue_microsoft_host       = (known after apply)
      + primary_table_endpoint             = (known after apply)
      + primary_table_host                 = (known after apply)
      + primary_table_microsoft_endpoint   = (known after apply)
      + primary_table_microsoft_host       = (known after apply)
      + primary_web_endpoint               = (known after apply)
      + primary_web_host                   = (known after apply)
      + primary_web_internet_endpoint      = (known after apply)
      + primary_web_internet_host          = (known after apply)
      + primary_web_microsoft_endpoint     = (known after apply)
      + primary_web_microsoft_host         = (known after apply)
      + public_network_access_enabled      = true
      + queue_encryption_key_type          = "Service"
      + resource_group_name                = "equalvote"
      + secondary_access_key               = (sensitive value)
      + secondary_blob_connection_string   = (sensitive value)
      + secondary_blob_endpoint            = (known after apply)
      + secondary_blob_host                = (known after apply)
      + secondary_blob_internet_endpoint   = (known after apply)
      + secondary_blob_internet_host       = (known after apply)
      + secondary_blob_microsoft_endpoint  = (known after apply)
      + secondary_blob_microsoft_host      = (known after apply)
      + secondary_connection_string        = (sensitive value)
      + secondary_dfs_endpoint             = (known after apply)
      + secondary_dfs_host                 = (known after apply)
      + secondary_dfs_internet_endpoint    = (known after apply)
      + secondary_dfs_internet_host        = (known after apply)
      + secondary_dfs_microsoft_endpoint   = (known after apply)
      + secondary_dfs_microsoft_host       = (known after apply)
      + secondary_file_endpoint            = (known after apply)
      + secondary_file_host                = (known after apply)
      + secondary_file_internet_endpoint   = (known after apply)
      + secondary_file_internet_host       = (known after apply)
      + secondary_file_microsoft_endpoint  = (known after apply)
      + secondary_file_microsoft_host      = (known after apply)
      + secondary_location                 = (known after apply)
      + secondary_queue_endpoint           = (known after apply)
      + secondary_queue_host               = (known after apply)
      + secondary_queue_microsoft_endpoint = (known after apply)
      + secondary_queue_microsoft_host     = (known after apply)
      + secondary_table_endpoint           = (known after apply)
      + secondary_table_host               = (known after apply)
      + secondary_table_microsoft_endpoint = (known after apply)
      + secondary_table_microsoft_host     = (known after apply)
      + secondary_web_endpoint             = (known after apply)
      + secondary_web_host                 = (known after apply)
      + secondary_web_internet_endpoint    = (known after apply)
      + secondary_web_internet_host        = (known after apply)
      + secondary_web_microsoft_endpoint   = (known after apply)
      + secondary_web_microsoft_host       = (known after apply)
      + sftp_enabled                       = false
      + shared_access_key_enabled          = true
      + table_encryption_key_type          = "Service"

      + blob_properties (known after apply)

      + network_rules (known after apply)

      + queue_properties (known after apply)

      + routing (known after apply)

      + share_properties (known after apply)

      + static_website (known after apply)
    }

  # azurerm_storage_container.candidate-photos will be created
  + resource "azurerm_storage_container" "candidate-photos" {
      + container_access_type             = "blob"
      + default_encryption_scope          = (known after apply)
      + encryption_scope_override_enabled = true
      + has_immutability_policy           = (known after apply)
      + has_legal_hold                    = (known after apply)
      + id                                = (known after apply)
      + metadata                          = (known after apply)
      + name                              = "candidate-photos"
      + resource_manager_id               = (known after apply)
      + storage_account_id                = (known after apply)
    }

Plan: 2 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.file

To perform exactly these actions, run the following command to apply:
    tofu apply "plan.file"

Pusher: @evanstucker-hates-2fa, Action: pull_request, Working Directory: ``, Workflow: .github/workflows/opentofu.yml

github-actions · 2026-01-03T19:02:51Z

OpenTofu Format and Style 🖌`success`

OpenTofu Initialization ⚙️`skipped`

OpenTofu Validation 🤖`success`

Validation Output


Success! The configuration is valid.

OpenTofu Plan 📖`success`

Show Plan


tofu
data.azurerm_client_config.current: Reading...
azurerm_resource_group.equalvote: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote]
data.azurerm_client_config.current: Read complete after 0s [id=Y2xpZW50Q29uZmlncy9jbGllbnRJZD0xMDZmYTU2Ny1lZjBmLTQxNzYtYWY4MS0zZjJhZjcwNmZhMjA7b2JqZWN0SWQ9ZTQ1MzZmMDctOGY1YS00NTAxLWJlOTAtNmEzZDJhMDliMGYzO3N1YnNjcmlwdGlvbklkPTg2ZjMxNDVhLTQ4Y2MtNDI1NS04NzU3LWRkMzEwNGQxNWU1Nzt0ZW5hbnRJZD1mYjViMDlkMC02YzdjLTRiZjItYWRmNy02ZmI2MWY5MDJkZTk=]
azurerm_dns_zone.prod: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.Network/dnsZones/prod.equal.vote]
azurerm_dns_zone.sandbox: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.Network/dnsZones/sandbox.star.vote]
azurerm_data_protection_backup_vault.equalvote: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.DataProtection/backupVaults/equalvote-backup-vault]
azurerm_virtual_network.equalvote: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.Network/virtualNetworks/equalvote]
azurerm_dns_zone.dev: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.Network/dnsZones/dev.equal.vote]
azurerm_user_assigned_identity.argocd-identity: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.ManagedIdentity/userAssignedIdentities/argocd]
azurerm_key_vault.equalvote-argocd: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.KeyVault/vaults/equalvote-argocd]
azurerm_key_vault.equalvote: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.KeyVault/vaults/equalvote]
azurerm_kubernetes_cluster.equalvote: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.ContainerService/managedClusters/equalvote]
azurerm_subnet.equalvote: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.Network/virtualNetworks/equalvote/subnets/equalvote]
azurerm_data_protection_backup_policy_disk.equalvote: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.DataProtection/backupVaults/equalvote-backup-vault/backupPolicies/equalvote-backup-policy]
azurerm_key_vault_key.sops: Refreshing state... [id=https://equalvote.vault.azure.net/keys/sops/92a0fe05a77b4a3787d10bbd444f19c6]
azurerm_key_vault_access_policy.argocd-policy: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.KeyVault/vaults/equalvote-argocd/objectId/2c7d3739-7134-4112-ae3d-8e3fd181032d]
azurerm_key_vault_key.sops-key: Refreshing state... [id=https://equalvote-argocd.vault.azure.net/keys/sops-key/9d7a971e677f4d8a9f2f7adaf349f7ff]
azurerm_federated_identity_credential.kubernetes-federated-credential: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.ManagedIdentity/userAssignedIdentities/argocd/federatedIdentityCredentials/kubernetes-federated-credential]

OpenTofu used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

OpenTofu will perform the following actions:

  # azurerm_storage_account.storage will be created
  + resource "azurerm_storage_account" "storage" {
      + access_tier                        = (known after apply)
      + account_kind                       = "StorageV2"
      + account_replication_type           = "LRS"
      + account_tier                       = "Standard"
      + allow_nested_items_to_be_public    = true
      + cross_tenant_replication_enabled   = false
      + default_to_oauth_authentication    = false
      + dns_endpoint_type                  = "Standard"
      + https_traffic_only_enabled         = true
      + id                                 = (known after apply)
      + infrastructure_encryption_enabled  = false
      + is_hns_enabled                     = false
      + large_file_share_enabled           = (known after apply)
      + local_user_enabled                 = true
      + location                           = "westus2"
      + min_tls_version                    = "TLS1_2"
      + name                               = "defaultstorageacct"
      + nfsv3_enabled                      = false
      + primary_access_key                 = (sensitive value)
      + primary_blob_connection_string     = (sensitive value)
      + primary_blob_endpoint              = (known after apply)
      + primary_blob_host                  = (known after apply)
      + primary_blob_internet_endpoint     = (known after apply)
      + primary_blob_internet_host         = (known after apply)
      + primary_blob_microsoft_endpoint    = (known after apply)
      + primary_blob_microsoft_host        = (known after apply)
      + primary_connection_string          = (sensitive value)
      + primary_dfs_endpoint               = (known after apply)
      + primary_dfs_host                   = (known after apply)
      + primary_dfs_internet_endpoint      = (known after apply)
      + primary_dfs_internet_host          = (known after apply)
      + primary_dfs_microsoft_endpoint     = (known after apply)
      + primary_dfs_microsoft_host         = (known after apply)
      + primary_file_endpoint              = (known after apply)
      + primary_file_host                  = (known after apply)
      + primary_file_internet_endpoint     = (known after apply)
      + primary_file_internet_host         = (known after apply)
      + primary_file_microsoft_endpoint    = (known after apply)
      + primary_file_microsoft_host        = (known after apply)
      + primary_location                   = (known after apply)
      + primary_queue_endpoint             = (known after apply)
      + primary_queue_host                 = (known after apply)
      + primary_queue_microsoft_endpoint   = (known after apply)
      + primary_queue_microsoft_host       = (known after apply)
      + primary_table_endpoint             = (known after apply)
      + primary_table_host                 = (known after apply)
      + primary_table_microsoft_endpoint   = (known after apply)
      + primary_table_microsoft_host       = (known after apply)
      + primary_web_endpoint               = (known after apply)
      + primary_web_host                   = (known after apply)
      + primary_web_internet_endpoint      = (known after apply)
      + primary_web_internet_host          = (known after apply)
      + primary_web_microsoft_endpoint     = (known after apply)
      + primary_web_microsoft_host         = (known after apply)
      + public_network_access_enabled      = true
      + queue_encryption_key_type          = "Service"
      + resource_group_name                = "equalvote"
      + secondary_access_key               = (sensitive value)
      + secondary_blob_connection_string   = (sensitive value)
      + secondary_blob_endpoint            = (known after apply)
      + secondary_blob_host                = (known after apply)
      + secondary_blob_internet_endpoint   = (known after apply)
      + secondary_blob_internet_host       = (known after apply)
      + secondary_blob_microsoft_endpoint  = (known after apply)
      + secondary_blob_microsoft_host      = (known after apply)
      + secondary_connection_string        = (sensitive value)
      + secondary_dfs_endpoint             = (known after apply)
      + secondary_dfs_host                 = (known after apply)
      + secondary_dfs_internet_endpoint    = (known after apply)
      + secondary_dfs_internet_host        = (known after apply)
      + secondary_dfs_microsoft_endpoint   = (known after apply)
      + secondary_dfs_microsoft_host       = (known after apply)
      + secondary_file_endpoint            = (known after apply)
      + secondary_file_host                = (known after apply)
      + secondary_file_internet_endpoint   = (known after apply)
      + secondary_file_internet_host       = (known after apply)
      + secondary_file_microsoft_endpoint  = (known after apply)
      + secondary_file_microsoft_host      = (known after apply)
      + secondary_location                 = (known after apply)
      + secondary_queue_endpoint           = (known after apply)
      + secondary_queue_host               = (known after apply)
      + secondary_queue_microsoft_endpoint = (known after apply)
      + secondary_queue_microsoft_host     = (known after apply)
      + secondary_table_endpoint           = (known after apply)
      + secondary_table_host               = (known after apply)
      + secondary_table_microsoft_endpoint = (known after apply)
      + secondary_table_microsoft_host     = (known after apply)
      + secondary_web_endpoint             = (known after apply)
      + secondary_web_host                 = (known after apply)
      + secondary_web_internet_endpoint    = (known after apply)
      + secondary_web_internet_host        = (known after apply)
      + secondary_web_microsoft_endpoint   = (known after apply)
      + secondary_web_microsoft_host       = (known after apply)
      + sftp_enabled                       = false
      + shared_access_key_enabled          = true
      + table_encryption_key_type          = "Service"

      + blob_properties (known after apply)

      + network_rules (known after apply)

      + queue_properties (known after apply)

      + routing (known after apply)

      + share_properties (known after apply)

      + static_website (known after apply)
    }

  # azurerm_storage_container.candidate-photos will be created
  + resource "azurerm_storage_container" "candidate-photos" {
      + container_access_type             = "blob"
      + default_encryption_scope          = (known after apply)
      + encryption_scope_override_enabled = true
      + has_immutability_policy           = (known after apply)
      + has_legal_hold                    = (known after apply)
      + id                                = (known after apply)
      + metadata                          = (known after apply)
      + name                              = "candidate-photos"
      + resource_manager_id               = (known after apply)
      + storage_account_id                = (known after apply)
    }

Plan: 2 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.file

To perform exactly these actions, run the following command to apply:
    tofu apply "plan.file"

Pusher: @evanstucker-hates-2fa, Action: pull_request, Working Directory: ``, Workflow: .github/workflows/opentofu.yml

github-actions · 2026-01-15T23:37:13Z

OpenTofu Format and Style 🖌`success`

OpenTofu Initialization ⚙️`success`

OpenTofu Validation 🤖`success`

Validation Output


Success! The configuration is valid.

OpenTofu Plan 📖`success`

Show Plan


tofu
data.azurerm_client_config.current: Reading...
azurerm_resource_group.equalvote: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote]
data.azurerm_client_config.current: Read complete after 0s [id=Y2xpZW50Q29uZmlncy9jbGllbnRJZD0xMDZmYTU2Ny1lZjBmLTQxNzYtYWY4MS0zZjJhZjcwNmZhMjA7b2JqZWN0SWQ9ZTQ1MzZmMDctOGY1YS00NTAxLWJlOTAtNmEzZDJhMDliMGYzO3N1YnNjcmlwdGlvbklkPTg2ZjMxNDVhLTQ4Y2MtNDI1NS04NzU3LWRkMzEwNGQxNWU1Nzt0ZW5hbnRJZD1mYjViMDlkMC02YzdjLTRiZjItYWRmNy02ZmI2MWY5MDJkZTk=]
azurerm_dns_zone.sandbox: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.Network/dnsZones/sandbox.star.vote]
azurerm_data_protection_backup_vault.equalvote: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.DataProtection/backupVaults/equalvote-backup-vault]
azurerm_dns_zone.dev: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.Network/dnsZones/dev.equal.vote]
azurerm_dns_zone.prod: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.Network/dnsZones/prod.equal.vote]
azurerm_virtual_network.equalvote: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.Network/virtualNetworks/equalvote]
azurerm_user_assigned_identity.argocd-identity: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.ManagedIdentity/userAssignedIdentities/argocd]
azurerm_key_vault.equalvote-argocd: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.KeyVault/vaults/equalvote-argocd]
azurerm_key_vault.equalvote: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.KeyVault/vaults/equalvote]
azurerm_kubernetes_cluster.equalvote: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.ContainerService/managedClusters/equalvote]
azurerm_subnet.equalvote: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.Network/virtualNetworks/equalvote/subnets/equalvote]
azurerm_data_protection_backup_policy_disk.equalvote: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.DataProtection/backupVaults/equalvote-backup-vault/backupPolicies/equalvote-backup-policy]
azurerm_key_vault_access_policy.argocd-policy: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.KeyVault/vaults/equalvote-argocd/objectId/2c7d3739-7134-4112-ae3d-8e3fd181032d]
azurerm_key_vault_key.sops-key: Refreshing state... [id=https://equalvote-argocd.vault.azure.net/keys/sops-key/9d7a971e677f4d8a9f2f7adaf349f7ff]
azurerm_key_vault_key.sops: Refreshing state... [id=https://equalvote.vault.azure.net/keys/sops/92a0fe05a77b4a3787d10bbd444f19c6]
azurerm_federated_identity_credential.kubernetes-federated-credential: Refreshing state... [id=/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.ManagedIdentity/userAssignedIdentities/argocd/federatedIdentityCredentials/kubernetes-federated-credential]

OpenTofu used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

OpenTofu will perform the following actions:

  # azurerm_storage_account.storage will be created
  + resource "azurerm_storage_account" "storage" {
      + access_tier                        = (known after apply)
      + account_kind                       = "StorageV2"
      + account_replication_type           = "LRS"
      + account_tier                       = "Standard"
      + allow_nested_items_to_be_public    = true
      + cross_tenant_replication_enabled   = false
      + default_to_oauth_authentication    = false
      + dns_endpoint_type                  = "Standard"
      + https_traffic_only_enabled         = true
      + id                                 = (known after apply)
      + infrastructure_encryption_enabled  = false
      + is_hns_enabled                     = false
      + large_file_share_enabled           = (known after apply)
      + local_user_enabled                 = true
      + location                           = "westus2"
      + min_tls_version                    = "TLS1_2"
      + name                               = "defaultstorageacct"
      + nfsv3_enabled                      = false
      + primary_access_key                 = (sensitive value)
      + primary_blob_connection_string     = (sensitive value)
      + primary_blob_endpoint              = (known after apply)
      + primary_blob_host                  = (known after apply)
      + primary_blob_internet_endpoint     = (known after apply)
      + primary_blob_internet_host         = (known after apply)
      + primary_blob_microsoft_endpoint    = (known after apply)
      + primary_blob_microsoft_host        = (known after apply)
      + primary_connection_string          = (sensitive value)
      + primary_dfs_endpoint               = (known after apply)
      + primary_dfs_host                   = (known after apply)
      + primary_dfs_internet_endpoint      = (known after apply)
      + primary_dfs_internet_host          = (known after apply)
      + primary_dfs_microsoft_endpoint     = (known after apply)
      + primary_dfs_microsoft_host         = (known after apply)
      + primary_file_endpoint              = (known after apply)
      + primary_file_host                  = (known after apply)
      + primary_file_internet_endpoint     = (known after apply)
      + primary_file_internet_host         = (known after apply)
      + primary_file_microsoft_endpoint    = (known after apply)
      + primary_file_microsoft_host        = (known after apply)
      + primary_location                   = (known after apply)
      + primary_queue_endpoint             = (known after apply)
      + primary_queue_host                 = (known after apply)
      + primary_queue_microsoft_endpoint   = (known after apply)
      + primary_queue_microsoft_host       = (known after apply)
      + primary_table_endpoint             = (known after apply)
      + primary_table_host                 = (known after apply)
      + primary_table_microsoft_endpoint   = (known after apply)
      + primary_table_microsoft_host       = (known after apply)
      + primary_web_endpoint               = (known after apply)
      + primary_web_host                   = (known after apply)
      + primary_web_internet_endpoint      = (known after apply)
      + primary_web_internet_host          = (known after apply)
      + primary_web_microsoft_endpoint     = (known after apply)
      + primary_web_microsoft_host         = (known after apply)
      + public_network_access_enabled      = true
      + queue_encryption_key_type          = "Service"
      + resource_group_name                = "equalvote"
      + secondary_access_key               = (sensitive value)
      + secondary_blob_connection_string   = (sensitive value)
      + secondary_blob_endpoint            = (known after apply)
      + secondary_blob_host                = (known after apply)
      + secondary_blob_internet_endpoint   = (known after apply)
      + secondary_blob_internet_host       = (known after apply)
      + secondary_blob_microsoft_endpoint  = (known after apply)
      + secondary_blob_microsoft_host      = (known after apply)
      + secondary_connection_string        = (sensitive value)
      + secondary_dfs_endpoint             = (known after apply)
      + secondary_dfs_host                 = (known after apply)
      + secondary_dfs_internet_endpoint    = (known after apply)
      + secondary_dfs_internet_host        = (known after apply)
      + secondary_dfs_microsoft_endpoint   = (known after apply)
      + secondary_dfs_microsoft_host       = (known after apply)
      + secondary_file_endpoint            = (known after apply)
      + secondary_file_host                = (known after apply)
      + secondary_file_internet_endpoint   = (known after apply)
      + secondary_file_internet_host       = (known after apply)
      + secondary_file_microsoft_endpoint  = (known after apply)
      + secondary_file_microsoft_host      = (known after apply)
      + secondary_location                 = (known after apply)
      + secondary_queue_endpoint           = (known after apply)
      + secondary_queue_host               = (known after apply)
      + secondary_queue_microsoft_endpoint = (known after apply)
      + secondary_queue_microsoft_host     = (known after apply)
      + secondary_table_endpoint           = (known after apply)
      + secondary_table_host               = (known after apply)
      + secondary_table_microsoft_endpoint = (known after apply)
      + secondary_table_microsoft_host     = (known after apply)
      + secondary_web_endpoint             = (known after apply)
      + secondary_web_host                 = (known after apply)
      + secondary_web_internet_endpoint    = (known after apply)
      + secondary_web_internet_host        = (known after apply)
      + secondary_web_microsoft_endpoint   = (known after apply)
      + secondary_web_microsoft_host       = (known after apply)
      + sftp_enabled                       = false
      + shared_access_key_enabled          = true
      + table_encryption_key_type          = "Service"

      + blob_properties (known after apply)

      + network_rules (known after apply)

      + queue_properties (known after apply)

      + routing (known after apply)

      + share_properties (known after apply)

      + static_website (known after apply)
    }

  # azurerm_storage_container.candidate-photos will be created
  + resource "azurerm_storage_container" "candidate-photos" {
      + container_access_type             = "container"
      + default_encryption_scope          = (known after apply)
      + encryption_scope_override_enabled = true
      + has_immutability_policy           = (known after apply)
      + has_legal_hold                    = (known after apply)
      + id                                = (known after apply)
      + metadata                          = (known after apply)
      + name                              = "candidate-photos"
      + resource_manager_id               = (known after apply)
      + storage_account_id                = (known after apply)
    }

Plan: 2 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.file

To perform exactly these actions, run the following command to apply:
    tofu apply "plan.file"

Pusher: @ArendPeter, Action: pull_request, Working Directory: ``, Workflow: .github/workflows/opentofu.yml

ArendPeter · 2026-01-16T02:03:31Z

Replaced with #37

ArendPeter added 3 commits December 29, 2025 15:21

First AI pass for blob storage

8902307

Iterate on storage.tf

00ab7db

Fix for opentofu

2183099

evanstucker-hates-2fa reviewed Jan 3, 2026

View reviewed changes

storage.tf Outdated Show resolved Hide resolved

evanstucker-hates-2fa reviewed Jan 3, 2026

View reviewed changes

storage.tf Outdated Show resolved Hide resolved

ArendPeter and others added 4 commits January 3, 2026 12:40

Update storage

58e82f0

Merge branch 'main' into blob-storage-v2

2b0c10a

.terraform.lock.hcl was incorrect somehow? Generated it again.

5500258

Using dashes - no underscores. Also tofu fmt and fixing tflint.

f5f8fa9

evanstucker-hates-2fa approved these changes Jan 3, 2026

View reviewed changes

Adding .opentofu-version to local and CI use the same version.

3c3a2d6

Update container access type

650569e

ArendPeter closed this Jan 16, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Added Azure Blob Storage#35

Added Azure Blob Storage#35
ArendPeter wants to merge 9 commits intomainfrom
blob-storage-v2

ArendPeter commented Jan 3, 2026

Uh oh!

github-actions bot commented Jan 3, 2026

Uh oh!

Uh oh!

Uh oh!

github-actions bot commented Jan 3, 2026

Uh oh!

github-actions bot commented Jan 3, 2026

Uh oh!

github-actions bot commented Jan 15, 2026

Uh oh!

ArendPeter commented Jan 16, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

ArendPeter commented Jan 3, 2026

Uh oh!

github-actions bot commented Jan 3, 2026

OpenTofu Format and Style 🖌failure

OpenTofu Initialization ⚙️success

OpenTofu Validation 🤖success

OpenTofu Plan 📖failure

Uh oh!

Uh oh!

Uh oh!

github-actions bot commented Jan 3, 2026

OpenTofu Format and Style 🖌success

OpenTofu Initialization ⚙️success

OpenTofu Validation 🤖success

OpenTofu Plan 📖success

Uh oh!

github-actions bot commented Jan 3, 2026

OpenTofu Format and Style 🖌success

OpenTofu Initialization ⚙️skipped

OpenTofu Validation 🤖success

OpenTofu Plan 📖success

Uh oh!

github-actions bot commented Jan 15, 2026

OpenTofu Format and Style 🖌success

OpenTofu Initialization ⚙️success

OpenTofu Validation 🤖success

OpenTofu Plan 📖success

Uh oh!

ArendPeter commented Jan 16, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

OpenTofu Format and Style 🖌`failure`

OpenTofu Initialization ⚙️`success`

OpenTofu Validation 🤖`success`

OpenTofu Plan 📖`failure`

OpenTofu Format and Style 🖌`success`

OpenTofu Initialization ⚙️`success`

OpenTofu Validation 🤖`success`

OpenTofu Plan 📖`success`

OpenTofu Format and Style 🖌`success`

OpenTofu Initialization ⚙️`skipped`

OpenTofu Validation 🤖`success`

OpenTofu Plan 📖`success`

OpenTofu Format and Style 🖌`success`

OpenTofu Initialization ⚙️`success`

OpenTofu Validation 🤖`success`

OpenTofu Plan 📖`success`