From b53fd905a1f5da1323be5c24dcf01dfe4d89fa79 Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Fri, 29 May 2020 02:20:57 +0000
Subject: [PATCH 01/30] Update CI

---
 .github/workflows/ci-branches.yml |  5 ++-
 .github/workflows/master.yml      |  2 +-
 .github/workflows/vnext.yml       | 56 +++++++++++++++++++++++++++++++
 3 files changed, 59 insertions(+), 4 deletions(-)
 create mode 100644 .github/workflows/vnext.yml

diff --git a/.github/workflows/ci-branches.yml b/.github/workflows/ci-branches.yml
index 3f3482cc..2cea4a25 100644
--- a/.github/workflows/ci-branches.yml
+++ b/.github/workflows/ci-branches.yml
@@ -4,6 +4,7 @@ on:
   push:
     branches-ignore:
       - master
+      - vnext
 
 env:
   ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
@@ -34,17 +35,15 @@ jobs:
     - name: Build the rover
       run: |        
         set -e
-        docker_tag=$(date +"%g%m.%d%H%M")
+        docker_tag=latest
         echo ::set-env name=docker_tag::${docker_tag}
 
         # Build the rover base image
         docker-compose build --build-arg versionRover="aztfmod/roverdev:$docker_tag"
 
         docker tag rover_rover aztfmod/roverdev:$docker_tag
-        docker tag rover_rover aztfmod/roverdev:latest
         
         docker push aztfmod/roverdev:$docker_tag
-        docker push aztfmod/roverdev:latest
   
     - name: Create Release
       id: create_release
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 2ec88294..4771335e 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -1,7 +1,7 @@
 name: master
 
 on:
-  push:
+  pull_request:
     branches:
       - master
 
diff --git a/.github/workflows/vnext.yml b/.github/workflows/vnext.yml
new file mode 100644
index 00000000..20e1975a
--- /dev/null
+++ b/.github/workflows/vnext.yml
@@ -0,0 +1,56 @@
+name: vnext
+
+on:
+  pull_request:
+    branches:
+      - vnext
+
+env:
+  ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
+  ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
+  ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
+  ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+  TF_VAR_azure_devops_pat_token: ${{ secrets.TF_VAR_azure_devops_pat_token }}
+  TF_VAR_azure_devops_url_organization: ${{ secrets.TF_VAR_azure_devops_url_organization }}
+
+
+jobs:
+  build:
+
+    name: Build roverdev
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v1
+    - name: Docker Hub Login
+      uses: Azure/docker-login@v1
+      with:
+        # Container registry username
+        username: aztfmod 
+        # Container registry password
+        password: ${{ secrets.docker_registry_password }}
+        # Container registry server url
+        login-server: https://index.docker.io/v1/
+    - name: Build the rover
+      run: |        
+        set -e
+        docker_tag=$(date +"%g%m.%d%H%M")
+        echo ::set-env name=docker_tag::${docker_tag}
+
+        # Build the rover base image
+        docker-compose build --build-arg versionRover="aztfmod/roverdev:$docker_tag"
+
+        docker tag rover_rover aztfmod/roverdev:$docker_tag
+        
+        docker push aztfmod/roverdev:$docker_tag
+  
+    - name: Create Release
+      id: create_release
+      uses: actions/create-release@latest
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+      with:
+        tag_name: ${{ env.docker_tag }}
+        release_name: aztfmod/roverdev:${{ env.docker_tag }}
+        draft: true
+        prerelease: false
\ No newline at end of file

From 7c08747e59ec13124b0b69e3f22abddc01fef9f3 Mon Sep 17 00:00:00 2001
From: lolorol <LaurentLesle@users.noreply.github.com>
Date: Fri, 29 May 2020 11:42:17 +0800
Subject: [PATCH 02/30] Fixes #45 (#46)

* Fixes #45

* Fix 45

Co-authored-by: lolorol <lalesle@microsoft.com>
---
 scripts/functions.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/scripts/functions.sh b/scripts/functions.sh
index e86743ac..78bb0b11 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -178,6 +178,8 @@ function initialize_state {
     export TF_VAR_tf_plan=${TF_VAR_tf_plan:="$(basename $(pwd)).tfplan"}
     export STDERR_FILE="${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/$(basename $(pwd))_stderr.txt"
 
+    mkdir -p "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}"
+    
     terraform init \
         -get-plugins=true \
         -upgrade=true
@@ -638,6 +640,8 @@ function deploy_landingzone {
     export TF_VAR_tf_plan=${TF_VAR_tf_plan:="$(basename $(pwd)).tfplan"}
     export STDERR_FILE="${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/$(basename $(pwd))_stderr.txt"
 
+    mkdir -p "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}"
+
     get_remote_state_details
     export ARM_ACCESS_KEY=$(az storage account keys list --account-name ${TF_VAR_lowerlevel_storage_account_name} --resource-group ${TF_VAR_lowerlevel_resource_group_name} -o json | jq -r .[0].value)
 

From 7166fea132b760a91031451e069f6d6268a496e4 Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Tue, 2 Jun 2020 01:28:36 +0000
Subject: [PATCH 03/30] Adjusting the other command to support taint

---
 scripts/functions.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/scripts/functions.sh b/scripts/functions.sh
index e86743ac..d5da1cf2 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -610,8 +610,9 @@ function other {
     
     rm -f $STDERR_FILE
 
-    terraform ${tf_action} ${tf_command} \
-        -state="${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/${TF_VAR_tf_name}" 2>$STDERR_FILE | tee ${tf_output_file}
+    terraform ${tf_action} \
+        -state="${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/${TF_VAR_tf_name}" \
+        ${tf_command} 2>$STDERR_FILE | tee ${tf_output_file}
 
     RETURN_CODE=$? && echo "Terraform ${tf_action} return code: ${RETURN_CODE}"
 

From 582b2a1890866e3388ea6e431f3c8a76051223e5 Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Tue, 2 Jun 2020 01:30:32 +0000
Subject: [PATCH 04/30] Fix vnet ci

---
 .github/workflows/vnext.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/vnext.yml b/.github/workflows/vnext.yml
index 20e1975a..86853791 100644
--- a/.github/workflows/vnext.yml
+++ b/.github/workflows/vnext.yml
@@ -4,6 +4,9 @@ on:
   pull_request:
     branches:
       - vnext
+  push:
+    branches:
+      - vnext
 
 env:
   ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}

From 216c5b8e1e20694b80806411f6a098f2df9c7827 Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Tue, 2 Jun 2020 04:13:24 +0000
Subject: [PATCH 05/30] Fix rover destroy condition

---
 scripts/functions.sh | 40 ++++++++++++++++++++--------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/scripts/functions.sh b/scripts/functions.sh
index 69f15205..03576607 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -509,7 +509,7 @@ function validate {
 }
 
 function destroy {
-    echo "@calling destroy"
+    echo "@calling destroy $1"
 
     cd ${landingzone_name}
 
@@ -552,24 +552,6 @@ function destroy {
             error ${LINENO} "Error running terraform destroy" $RETURN_CODE
         fi
 
-        # Delete tfstate
-        echo "Delete state file on storage account:"
-        stg_name=$(az storage account show --ids ${id} -o json | jq -r .name) && echo " -stg_name: ${stg_name}"
-        
-        fileExists=$(az storage blob exists \
-                --name ${TF_VAR_tf_name} \
-                --container-name ${TF_VAR_workspace} \
-                --auth-mode login \
-                --account-name ${stg_name} -o json | jq .exists)
-        
-        if [ "${fileExists}" == "true" ]; then
-            az storage blob delete \
-                --name ${TF_VAR_tf_name} \
-                --container-name ${TF_VAR_workspace} \
-                --auth-mode login \
-                --account-name ${stg_name}
-        fi
-
     else
         echo 'running terraform destroy with local tfstate'
         # Destroy is performed with the logged in user who last ran the launchap .. apply from the rover. Only this user has permission in the kv access policy
@@ -603,12 +585,30 @@ function destroy {
     echo "Removing ${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/${TF_VAR_tf_name}"
     rm -f "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/${TF_VAR_tf_name}"
 
+    # Delete tfstate
+    echo "Delete state file on storage account:"
+    stg_name=$(az storage account show --ids ${id} -o json | jq -r .name) && echo " -stg_name: ${stg_name}"
+    
+    fileExists=$(az storage blob exists \
+            --name ${TF_VAR_tf_name} \
+            --container-name ${TF_VAR_workspace} \
+            --auth-mode login \
+            --account-name ${stg_name} -o json | jq .exists)
+    
+    if [ "${fileExists}" == "true" ]; then
+        az storage blob delete \
+            --name ${TF_VAR_tf_name} \
+            --container-name ${TF_VAR_workspace} \
+            --auth-mode login \
+            --account-name ${stg_name}
+    fi
+
 }
 
 function other {
     echo "@calling other"
 
-    echo "running terraform ${tf_action} ${tf_command} -state="${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/${TF_VAR_tf_name}""
+    echo "running terraform ${tf_action} -state="${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/${TF_VAR_tf_name}"  ${tf_command}"
     
     rm -f $STDERR_FILE
 

From a08cc63f4cbaf9e5cb64b2613245410990993251 Mon Sep 17 00:00:00 2001
From: Arnaud Lheureux <arnaudlh@hotmail.com>
Date: Tue, 2 Jun 2020 18:22:48 +0800
Subject: [PATCH 06/30] Updates for #34, #35, #36

---
 .devcontainer/docker-compose.yml | 2 +-
 .env                             | 4 ++--
 README.md                        | 7 ++++---
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
index 5ff31a28..091814c0 100644
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@@ -6,7 +6,7 @@
   version: '3.7'
   services:
     rover:
-      image: aztfmod/rover:2005.1314
+      image: aztfmod/rover:2005.1510
     
       labels:
         - "caf=Azure CAF"
diff --git a/.env b/.env
index 99d8c03f..5619d08f 100644
--- a/.env
+++ b/.env
@@ -1,5 +1,5 @@
-versionTerraform=0.12.24
-versionAzureCli=2.3.1
+versionTerraform=0.12.26
+versionAzureCli=2.6
 versionKubectl=v1.18.2
 versionGit=2.25.0
 versionTflint=0.13.1
diff --git a/README.md b/README.md
index 40d1a6b2..b0883b1c 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,8 @@
 ![](https://github.com/aztfmod/rover/workflows/.github/workflows/ci-branches.yml/badge.svg)
 
 ## Introduction
-The **Azure CAF rover** is a Docker container in charge of the deployment of the landing zones in your Azure environment. It is acting as a **sandbox toolchain** development environment to avoid impacting the local machine but more importantly to make sure that all contributors in the GitOps teams are using a **consistent set of tools** and version. 
+
+The **Azure CAF rover** is a Docker container in charge of the deployment of the landing zones in your Azure environment. It is acting as a **sandbox toolchain** development environment to avoid impacting the local machine but more importantly to make sure that all contributors in the GitOps teams are using a **consistent set of tools** and version.
 
 The Azure CAF rover is the same container regarless you are using Windows, Linux or macOS. On the local GitOps machine you need to install Visual Studio Code. The Azure CAF rover is executed locally in a container.
 
@@ -10,10 +11,10 @@ The Azure CAF rover is the same container regarless you are using Windows, Linux
 
 You can learn more about the Visual Studio Code Remote on this [link](https://code.visualstudio.com/docs/remote/remote-overview).
 
-
-
 ## Pre-requisites
+
 The Visual Studio Code system requirements describe the steps to follow to get your GitOps development environment ready -> [link](https://code.visualstudio.com/docs/remote/containers#_system-requirements)
+
 * **Windows**: Docker Desktop 2.0+ on Windows 10 Pro/Enterprise with Linux Container mode
 * **macOS**: Docker Desktop 2.0+
 * **Linux**: Docker CE/EE 18.06+ and Docker Compose 1.24+

From fb37757a911623bcd0b63d33d563176c908387e8 Mon Sep 17 00:00:00 2001
From: Arnaud Lheureux <arnaudlh@hotmail.com>
Date: Tue, 2 Jun 2020 18:34:29 +0800
Subject: [PATCH 07/30] AzureCli 2.7.0

---
 .env | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.env b/.env
index 5619d08f..1ed08685 100644
--- a/.env
+++ b/.env
@@ -1,5 +1,5 @@
 versionTerraform=0.12.26
-versionAzureCli=2.6
+versionAzureCli=2.7.0
 versionKubectl=v1.18.2
 versionGit=2.25.0
 versionTflint=0.13.1

From 7d1a628ee298cbc509e7a97b40dadb16f50014c1 Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Tue, 2 Jun 2020 23:51:11 +0000
Subject: [PATCH 08/30] Update ci release body Add vnext image

---
 .github/workflows/vnext.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/vnext.yml b/.github/workflows/vnext.yml
index 86853791..1befb01f 100644
--- a/.github/workflows/vnext.yml
+++ b/.github/workflows/vnext.yml
@@ -44,9 +44,11 @@ jobs:
         docker-compose build --build-arg versionRover="aztfmod/roverdev:$docker_tag"
 
         docker tag rover_rover aztfmod/roverdev:$docker_tag
-        
+        docker tag rover_rover aztfmod/roverdev:vnext
+
         docker push aztfmod/roverdev:$docker_tag
-  
+        docker tag rover_rover aztfmod/roverdev:vnext
+
     - name: Create Release
       id: create_release
       uses: actions/create-release@latest
@@ -56,4 +58,5 @@ jobs:
         tag_name: ${{ env.docker_tag }}
         release_name: aztfmod/roverdev:${{ env.docker_tag }}
         draft: true
-        prerelease: false
\ No newline at end of file
+        prerelease: false
+        body: You can also use the latest vnext by using aztfmod/roverdev:vnext
\ No newline at end of file

From 9f2edfddcc2d3fac44393bc454b2ce8b862da07f Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Thu, 4 Jun 2020 00:42:30 +0000
Subject: [PATCH 09/30] Add push vnext build to registry

---
 .github/workflows/vnext.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/vnext.yml b/.github/workflows/vnext.yml
index 1befb01f..962d4ace 100644
--- a/.github/workflows/vnext.yml
+++ b/.github/workflows/vnext.yml
@@ -47,7 +47,7 @@ jobs:
         docker tag rover_rover aztfmod/roverdev:vnext
 
         docker push aztfmod/roverdev:$docker_tag
-        docker tag rover_rover aztfmod/roverdev:vnext
+        docker push rover_rover aztfmod/roverdev:vnext
 
     - name: Create Release
       id: create_release

From 0279bb23da1eb9c088d665bd0be65c8c1f7a31d2 Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Thu, 4 Jun 2020 00:53:18 +0000
Subject: [PATCH 10/30] Fix docker push

---
 .github/workflows/vnext.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/vnext.yml b/.github/workflows/vnext.yml
index 962d4ace..4f761d4b 100644
--- a/.github/workflows/vnext.yml
+++ b/.github/workflows/vnext.yml
@@ -47,7 +47,7 @@ jobs:
         docker tag rover_rover aztfmod/roverdev:vnext
 
         docker push aztfmod/roverdev:$docker_tag
-        docker push rover_rover aztfmod/roverdev:vnext
+        docker push aztfmod/roverdev:vnext
 
     - name: Create Release
       id: create_release

From a9d9e3305ac24891c1e22bd36366ee4a3d7bcd15 Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Wed, 10 Jun 2020 10:56:16 +0000
Subject: [PATCH 11/30] Update vnext build

---
 .github/workflows/vnext.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/.github/workflows/vnext.yml b/.github/workflows/vnext.yml
index 4f761d4b..fdaead38 100644
--- a/.github/workflows/vnext.yml
+++ b/.github/workflows/vnext.yml
@@ -49,6 +49,21 @@ jobs:
         docker push aztfmod/roverdev:$docker_tag
         docker push aztfmod/roverdev:vnext
 
+    - name: Build the rover
+      run: |        
+        set -e
+        docker_tag=vnext-13-beta1
+        
+        # Override .env variable
+        export versionTerraform="0.13.0-beta1"
+
+        # Build the rover base image
+        docker-compose build --build-arg versionRover="aztfmod/roverdev:$docker_tag"
+
+        docker tag rover_rover aztfmod/roverdev:$docker_tag
+
+        docker push aztfmod/roverdev:$docker_tag
+
     - name: Create Release
       id: create_release
       uses: actions/create-release@latest

From c0ca7bbdbbe044a2c28ed030d21d897b3768c9c1 Mon Sep 17 00:00:00 2001
From: Arnaud Lheureux <arnaudlh@users.noreply.github.com>
Date: Fri, 19 Jun 2020 16:13:57 +0800
Subject: [PATCH 12/30] Adding validation tools  (#50)

* Add tools

* Removing graphviz, fixing typos

* One more typo

Co-authored-by: lolorol <LaurentLesle@users.noreply.github.com>
---
 .devcontainer/docker-compose.yml | 58 ++++++++++++++++----------------
 .env                             |  5 +--
 Dockerfile                       | 27 +++++++++++++--
 docker-compose.yml               |  1 +
 4 files changed, 57 insertions(+), 34 deletions(-)

diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
index 091814c0..41e946d1 100644
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@@ -1,29 +1,29 @@
-#-------------------------------------------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
-#-------------------------------------------------------------------------------------------------------------
- 
-  version: '3.7'
-  services:
-    rover:
-      image: aztfmod/rover:2005.1510
-    
-      labels:
-        - "caf=Azure CAF"
-   
-      volumes:
-        - ..:/tf/rover
-        - volume-caf-vscode:/home/vscode
-        - ~/.ssh:/tmp/.ssh-localhost:ro
-   
-        - /var/run/docker.sock:/var/run/docker.sock 
-   
-      # Overrides default command so things don't shut down after the process ends.
-      command: /bin/sh -c "while sleep 1000; do :; done" 
-   
-  volumes:
-     volume-caf-vscode:
-      labels:
-        - "caf=Azure CAF"
-
-  
+#-------------------------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
+#-------------------------------------------------------------------------------------------------------------
+ 
+  version: '3.7'
+  services:
+    rover:
+      image: aztfmod/roverdev:vnext
+    
+      labels:
+        - "caf=Azure CAF"
+   
+      volumes:
+        - ..:/tf/rover
+        - volume-caf-vscode:/home/vscode
+        - ~/.ssh:/tmp/.ssh-localhost:ro
+   
+        - /var/run/docker.sock:/var/run/docker.sock 
+   
+      # Overrides default command so things don't shut down after the process ends.
+      command: /bin/sh -c "while sleep 1000; do :; done" 
+   
+  volumes:
+     volume-caf-vscode:
+      labels:
+        - "caf=Azure CAF"
+
+  
diff --git a/.env b/.env
index 1ed08685..a82ed2c5 100644
--- a/.env
+++ b/.env
@@ -2,8 +2,9 @@ versionTerraform=0.12.26
 versionAzureCli=2.7.0
 versionKubectl=v1.18.2
 versionGit=2.25.0
-versionTflint=0.13.1
+versionTflint=v0.16.2
 versionJq=1.6
 versionDockerCompose=1.25.5
 versionLaunchpadOpensource=master
-versionAzureCafTerraform=v.0.3.1
\ No newline at end of file
+versionAzureCafTerraform=v.0.3.1
+versionTfsec=v0.21.0
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index fd279805..8b22b1e6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -32,6 +32,13 @@ RUN yum makecache fast && \
     yum -y update
 
 
+###########################################################
+# Getting latest version of tfsec
+###########################################################
+FROM golang:1.13 as tfsec
+
+# to force the docker cache to invalidate when there is a new version
+RUN env GO111MODULE=on go get -u github.com/liamg/tfsec/cmd/tfsec
 
 ###########################################################
 # Getting latest version of Azure DevOps Terraform provider
@@ -75,6 +82,7 @@ ARG versionGit
 ARG versionJq
 ARG versionDockerCompose
 ARG versionLaunchpadOpensource
+ARG versionTfsec
 
 ARG USERNAME=vscode
 ARG USER_UID=1000
@@ -88,6 +96,7 @@ ENV versionTerraform=${versionTerraform} \
     versionGit=${versionGit} \
     versionDockerCompose=${versionDockerCompose} \
     versionLaunchpadOpensource=${versionLaunchpadOpensource} \
+    versionTfsec=${versionTfsec} \
     TF_DATA_DIR="/home/${USERNAME}/.terraform.cache" \
     TF_PLUGIN_CACHE_DIR="/home/${USERNAME}/.terraform.cache/plugin-cache"
      
@@ -157,11 +166,22 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azu
     curl -L -o /usr/bin/jq https://github.com/stedolan/jq/releases/download/jq-${versionJq}/jq-linux64 && \
     chmod +x /usr/bin/jq && \
     #
+    # Install pre-commit
+    #
+    echo "Installing pre-commit ..." && \
+    python3 -m pip install pre-commit && \ 
+    #
+    # Install graphviz
+    #
     # echo "Installing graphviz ..." && \
     # yum -y install graphviz && \
-    # && echo "Installing tflint ..." \
-    # && curl -sSL -o /tmp/tflint.zip https://github.com/wata727/tflint/releases/download/v${versionTflint}/tflint_linux_amd64.zip \
-    # && unzip -d /usr/local/bin /tmp/tflint.zip \
+    #
+    # Install tflint
+    #
+    echo "Installing tflint ..." && \
+    curl -sSL -o /tmp/tflint.zip https://github.com/terraform-linters/tflint/releases/download/${versionTflint}/tflint_linux_amd64.zip && \
+    unzip -d /usr/bin /tmp/tflint.zip && \
+    chmod +x /usr/bin/tflint && \
     #
     # Clean-up
     rm -f /tmp/*.zip && rm -f /tmp/*.gz && \
@@ -189,6 +209,7 @@ RUN echo "cloning the launchpads version ${versionLaunchpadOpensource}" && \
 # Add Community terraform providers
 COPY --from=devops /tmp/terraform-provider-azuredevops/bin /bin/
 COPY --from=azurecaf /tmp/terraform-provider-azurecaf/terraform-provider-azurecaf /bin/
+COPY --from=tfsec /go/bin/tfsec /bin/
 
 WORKDIR /tf/rover
 COPY ./scripts/rover.sh .
diff --git a/docker-compose.yml b/docker-compose.yml
index a16fab60..7bcabf28 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -23,6 +23,7 @@ services:
         - versionLaunchpadOpensource
         - versionAzureCafTerraform
         - versionRover
+        - versionTfsec
 
     volumes:
       - ..:/tf

From 5677b4deb02442ce87b6484d4c9430c2d7a10419 Mon Sep 17 00:00:00 2001
From: Arnaud Lheureux <arnaudlh@users.noreply.github.com>
Date: Fri, 19 Jun 2020 12:50:21 +0000
Subject: [PATCH 13/30] Adding terraform-docs

---
 .env               |  3 ++-
 Dockerfile         | 11 +++++++++++
 docker-compose.yml |  1 +
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/.env b/.env
index a82ed2c5..94b35f4d 100644
--- a/.env
+++ b/.env
@@ -7,4 +7,5 @@ versionJq=1.6
 versionDockerCompose=1.25.5
 versionLaunchpadOpensource=master
 versionAzureCafTerraform=v.0.3.1
-versionTfsec=v0.21.0
\ No newline at end of file
+versionTfsec=v0.21.0
+versionTerraformDocs=v0.9.1
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 8b22b1e6..12fb25cd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -32,6 +32,16 @@ RUN yum makecache fast && \
     yum -y update
 
 
+###########################################################
+# Getting latest version of terraform-docs
+###########################################################
+FROM golang:1.13 as terraform-docs
+
+ARG versionTerraformDocs
+ENV versionTerraformDocs=${versionTerraformDocs}
+
+RUN GO111MODULE="on" go get github.com/segmentio/terraform-docs@${versionTerraformDocs}
+
 ###########################################################
 # Getting latest version of tfsec
 ###########################################################
@@ -210,6 +220,7 @@ RUN echo "cloning the launchpads version ${versionLaunchpadOpensource}" && \
 COPY --from=devops /tmp/terraform-provider-azuredevops/bin /bin/
 COPY --from=azurecaf /tmp/terraform-provider-azurecaf/terraform-provider-azurecaf /bin/
 COPY --from=tfsec /go/bin/tfsec /bin/
+COPY --from=terraform-docs /go/bin/terraform-docs /bin/
 
 WORKDIR /tf/rover
 COPY ./scripts/rover.sh .
diff --git a/docker-compose.yml b/docker-compose.yml
index 7bcabf28..8283ecff 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -24,6 +24,7 @@ services:
         - versionAzureCafTerraform
         - versionRover
         - versionTfsec
+        - versionTerraformDocs
 
     volumes:
       - ..:/tf

From 5859c9e529e1beea98933b66dbb4387c0b27701c Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Thu, 25 Jun 2020 00:14:41 +0000
Subject: [PATCH 14/30] Move launchpad to rover Add rover -launchpad Deprecate
 launchpad Add environment and level support

---
 Dockerfile           |  38 ++++--
 scripts/functions.sh | 302 +++++++++++++++++++++++++++----------------
 scripts/launchpad.sh |  87 +++++++------
 scripts/rover.sh     | 109 +++++++++-------
 4 files changed, 322 insertions(+), 214 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index fd279805..0c687883 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -33,17 +33,17 @@ RUN yum makecache fast && \
 
 
 
-###########################################################
-# Getting latest version of Azure DevOps Terraform provider
-###########################################################
-FROM golang:1.13 as devops
-
-# to force the docker cache to invalidate when there is a new version
-ADD https://api.github.com/repos/microsoft/terraform-provider-azuredevops/git/refs/heads/master version.json
-RUN cd /tmp && \
-    git clone https://github.com/microsoft/terraform-provider-azuredevops.git && \
-    cd terraform-provider-azuredevops && \
-    ./scripts/build.sh
+# ###########################################################
+# # Getting latest version of Azure DevOps Terraform provider
+# ###########################################################
+# FROM golang:1.13 as devops
+
+# # to force the docker cache to invalidate when there is a new version
+# ADD https://api.github.com/repos/microsoft/terraform-provider-azuredevops/git/refs/heads/master version.json
+# RUN cd /tmp && \
+#     git clone https://github.com/microsoft/terraform-provider-azuredevops.git && \
+#     cd terraform-provider-azuredevops && \
+#     ./scripts/build.sh
 
 ###########################################################
 # Getting latest version of Azure CAF Terraform provider
@@ -60,6 +60,19 @@ RUN cd /tmp && \
     cd terraform-provider-azurecaf && \
     go build -o terraform-provider-azurecaf
 
+###########################################################
+# Getting latest version of yaegashi/terraform-provider-msgraph
+###########################################################
+FROM golang:1.13 as msgraph
+
+# to force the docker cache to invalidate when there is a new version
+ADD https://api.github.com/repos/aztfmod/terraform-provider-azurecaf/git/ref/heads/master version.json
+RUN cd /tmp && \
+    git clone https://github.com/yaegashi/terraform-provider-msgraph.git && \
+    cd terraform-provider-msgraph && \
+    go build -o terraform-provider-msgraph
+
+
 
 ###########################################################
 # CAF rover image
@@ -187,8 +200,9 @@ RUN echo "cloning the launchpads version ${versionLaunchpadOpensource}" && \
     chmod +x /tf/bootstrap/*.sh
 
 # Add Community terraform providers
-COPY --from=devops /tmp/terraform-provider-azuredevops/bin /bin/
+# COPY --from=devops /tmp/terraform-provider-azuredevops/bin /bin/
 COPY --from=azurecaf /tmp/terraform-provider-azurecaf/terraform-provider-azurecaf /bin/
+COPY --from=msgraph /tmp/terraform-provider-msgraph/terraform-provider-msgraph /bin/
 
 WORKDIR /tf/rover
 COPY ./scripts/rover.sh .
diff --git a/scripts/functions.sh b/scripts/functions.sh
index 03576607..85897e87 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -53,25 +53,13 @@ function display_instructions {
         for i in $(ls -d /tf/caf/landingzones/public/landingzones/landingzone*); do echo ${i%%/}; done
             echo ""
     fi
-
-    # The followinf folder is used when developing the launchpads from the rover.
-    if [ -d "/tf/caf/launchpads" ]; then
-        for i in $(ls -d /tf/caf/launchpads/launchpad*); do echo ${i%%/}; done
-            echo ""
-    fi
 }
 
 function display_launchpad_instructions {
     echo ""
-    echo "You can bootstrap the launchpad from the rover by running:"
-    echo " launchpad [launchpad_foler_name] [plan|apply|destroy]"
+    echo "You need to deploy the launchpad from the rover by running:"
+    echo " rover /tf/caf/launchpads/launchpad apply -launchpad"
     echo ""
-    echo "List of the launchpads available:"
-    
-    if [ -d "/tf/launchpads" ]; then
-        for i in $(ls -d /tf/launchpads/launchpad*); do echo ${i%%/}; done
-            echo ""
-    fi
 }
 
 
@@ -146,7 +134,8 @@ function verify_landingzone {
     echo "@calling verifiy_landingzone"
 
     if [ -z "${landingzone_name}" ] && [ -z "${tf_action}" ] && [ -z "${tf_command}" ]; then
-            get_remote_state_details
+            # get_remote_state_details
+            login_as_launchpad
 
         if [ -z ${TF_VAR_lowerlevel_storage_account_name} ]; then 
             display_launchpad_instructions
@@ -196,7 +185,7 @@ function initialize_state {
             plan
             apply
             # Create sandpit workspace
-            id=$(az storage account list --query "[?tags.tfstate=='level0' && tags.workspace=='level0'].{id:id}" -o json | jq -r .[0].id)
+            id=$(az storage account list --query "[?tags.tfstate=='${TF_VAR_level}' && tags.environment=='${TF_VAR_environment}'].{id:id}" -o json | jq -r .[0].id)
             workspace_create "sandpit"
             workspace_create ${TF_VAR_workspace}
             upload_tfstate
@@ -206,7 +195,7 @@ function initialize_state {
             validate
             ;;
         "destroy")
-            echo "Shall we call destroy here?"
+            echo "No more tfstate file"
             exit
             ;;
         *)
@@ -229,7 +218,9 @@ function deploy_from_remote_state {
 
     get_logged_user_object_id
 
-    get_launchpad_coordinates
+    login_as_launchpad
+
+    # get_launchpad_coordinates
 
     deploy_landingzone
     
@@ -245,14 +236,20 @@ function destroy_from_remote_state {
 
     get_logged_user_object_id
 
-    get_launchpad_coordinates
-
-    # get_remote_state_details
+    if [ $(whoami) == "vscode" ] && [ ${TF_VAR_user_type} != "user" ] && [ ${caf_command} == "launchpad" ]; then
+        error "When connected in vscode devcontainer you must be logging the Azure AD user who did the original launchpad initialization to perform a complete cleanup."
+    else
+        login_as_launchpad
+    fi
 
     export TF_VAR_tf_name=${TF_VAR_tf_name:="$(basename $(pwd)).tfstate"}
     export TF_VAR_tf_plan=${TF_VAR_tf_plan:="$(basename $(pwd)).tfplan"}
     export STDERR_FILE="${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/$(basename $(pwd))_stderr.txt"
 
+    # Cleanup previous deployments
+    rm -rf "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}"
+    rm -rf "${TF_DATA_DIR}/tfstates/terraform.tfstate"
+
     mkdir -p "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}"
 
     stg_name=$(az storage account show --ids ${id} -o json | jq -r .name)
@@ -264,7 +261,7 @@ function destroy_from_remote_state {
         --account-name ${stg_name} -o json | jq .exists)
     
     if [ "${fileExists}" == "true" ]; then
-        if [ ${TF_VAR_workspace} == "level0" ]; then
+        if [ ${caf_command} == "launchpad" ]; then
             az storage blob download \
                 --name ${TF_VAR_tf_name} \
                 --file "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/${TF_VAR_tf_name}" \
@@ -315,7 +312,6 @@ function upload_tfstate {
 
     rm -f "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/${TF_VAR_tf_name}"
 
-    display_instructions
 }
 
 function list_deployed_landingzones {
@@ -342,93 +338,51 @@ function list_deployed_landingzones {
     echo ""
 }
 
-function get_remote_state_details {
-    echo "@calling get_remote_state_details"
-
-    echo ""
-
-        # Set the security context under the devops app
-    export keyvault=$(az keyvault list --query "[?tags.tfstate=='level0' && tags.workspace=='level0']" -o json | jq -r .[0].name) && echo " - keyvault_name: ${keyvault}"
-    
-
-        # Don't get there for launchpad destroy
-    if [ "${caf_action}" == "launchpad" ]; then
-        echo ""
-        echo "Impersonating with the launchpad service principal to deliver the landingzone"
-        
-        export LAUNCHPAD_NAME=$(az keyvault secret show -n launchpad-name --vault-name ${keyvault} -o json | jq -r .value) && echo " - Name: ${LAUNCHPAD_NAME}"
-        
-        # If the logged in user does not have access to the launchpad
-        if [ "${LAUNCHPAD_NAME}" == "" ]; then
-            error 326 "Not authorized to manage landingzones. User must be member of the security group to access the launchpad and deploy a landing zone" 102
-        fi
-    
-        export ARM_CLIENT_ID=$(az keyvault secret show -n launchpad-application-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - client id: ${ARM_CLIENT_ID}"
-        export TF_VAR_rover_pilot_client_id=$(az keyvault secret show -n launchpad-service-principal-client-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - rover client id: ${TF_VAR_rover_pilot_client_id}"
-        export ARM_CLIENT_SECRET=$(az keyvault secret show -n launchpad-service-principal-client-secret --vault-name ${keyvault} -o json | jq -r .value)
-        export ARM_TENANT_ID=$(az keyvault secret show -n launchpad-tenant-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - tenant id: ${ARM_TENANT_ID}"
-        export ARM_SUBSCRIPTION_ID=$(az keyvault secret show -n launchpad-subscription-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - subscription id: ${ARM_SUBSCRIPTION_ID}"
-
-        az login --service-principal -u ${ARM_CLIENT_ID} -p ${ARM_CLIENT_SECRET} --tenant ${ARM_TENANT_ID} 
-        az account set -s ${ARM_SUBSCRIPTION_ID}
-    fi  
-
-    get_launchpad_coordinates
-
-    echo ""
-
-}
 
 function login_as_launchpad {
     echo "@calling login_as_launchpad"
 
-    export keyvault=$(az keyvault list --query "[?tags.tfstate=='level0' && tags.workspace=='level0']" -o json | jq -r .[0].name) && echo " - keyvault_name: ${keyvault}"
+    export keyvault=$(az keyvault list --query "[?tags.tfstate=='${TF_VAR_level}' && tags.environment=='${TF_VAR_environment}']" -o json | jq -r .[0].name) && echo " - keyvault_name: ${keyvault}"
     
-    export LAUNCHPAD_NAME=$(az keyvault secret show -n launchpad-name --vault-name ${keyvault} -o json | jq -r .value) && echo " - Name: ${LAUNCHPAD_NAME}"
+    export SECRET_PREFIX=$(az keyvault secret show -n launchpad-secret-prefix --vault-name ${keyvault} -o json | jq -r .value) && echo " - Name: ${SECRET_PREFIX}"
         
     # If the logged in user does not have access to the launchpad
-    if [ "${LAUNCHPAD_NAME}" == "" ]; then
+    if [ "${SECRET_PREFIX}" == "" ]; then
         error 326 "Not authorized to manage landingzones. User must be member of the security group to access the launchpad and deploy a landing zone" 102
     fi
 
-    export ARM_CLIENT_ID=$(az keyvault secret show -n launchpad-application-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - client id: ${ARM_CLIENT_ID}"
-    export TF_VAR_rover_pilot_client_id=$(az keyvault secret show -n launchpad-service-principal-client-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - rover client id: ${TF_VAR_rover_pilot_client_id}"
-    export ARM_CLIENT_SECRET=$(az keyvault secret show -n launchpad-service-principal-client-secret --vault-name ${keyvault} -o json | jq -r .value)
-    export ARM_TENANT_ID=$(az keyvault secret show -n launchpad-tenant-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - tenant id: ${ARM_TENANT_ID}"
-    export ARM_SUBSCRIPTION_ID=$(az keyvault secret show -n launchpad-subscription-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - subscription id: ${ARM_SUBSCRIPTION_ID}"
-
-    if [ "${caf_launchpad}" == "launchpad_opensource" ]; then
-
-        echo ""
-        echo "Impersonating with the launchpad service principal to deploy the landingzone"
-        
-        az login --service-principal -u ${ARM_CLIENT_ID} -p ${ARM_CLIENT_SECRET} --tenant ${ARM_TENANT_ID} 
-        az account set -s ${ARM_SUBSCRIPTION_ID}
-
-    fi
-}
-
-function get_launchpad_coordinates {
-    echo "@calling get_launchpad_coordinates"
-
-    echo ""
-    echo "Getting launchpad coordinates:"
-    
-    export keyvault=$(az keyvault list --query "[?tags.tfstate=='level0' && tags.workspace=='level0']" -o json | jq -r .[0].name)
     
     stg=$(az storage account show --ids ${id} -o json)
 
+    echo ""
+    echo "Getting launchpad coordinates:"
     export TF_VAR_lowerlevel_storage_account_name=$(echo ${stg} | jq -r .name) && echo " - storage_account_name: ${TF_VAR_lowerlevel_storage_account_name}"
     export TF_VAR_lowerlevel_resource_group_name=$(echo ${stg} | jq -r .resourceGroup) && echo " - resource_group: ${TF_VAR_lowerlevel_resource_group_name}"
     export TF_VAR_lowerlevel_container_name=$(az keyvault secret show -n launchpad-blob-container --vault-name ${keyvault} -o json | jq -r .value) && echo " - container: ${TF_VAR_lowerlevel_container_name}"
-    
-    # If the logged in user does not have access to the launchpad
-    if [ "${TF_VAR_lowerlevel_container_name}" == "" ]; then
-        error 351 "Not authorized to manage landingzones. User must be member of the security group to access the launchpad and deploy a landing zone" 101
-    fi
-
     export TF_VAR_lowerlevel_key=$(az keyvault secret show -n launchpad-blob-name --vault-name ${keyvault} -o json | jq -r .value) && echo " - tfstate file: ${TF_VAR_lowerlevel_key}"  
+    export ARM_SUBSCRIPTION_ID=$(az keyvault secret show -n launchpad-subscription-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - subscription id: ${ARM_SUBSCRIPTION_ID}"
+    launchpad_mode=$(az keyvault secret show -n launchpad-mode --vault-name ${keyvault} -o json | jq -r .value) && echo " - launchpad mode: ${launchpad_mode}"  
+
+    if [ ${launchpad_mode} != "launchpad_light" ]; then
+        echo "Set terraform provider context to Azure AD application launchpad "
+        export ARM_CLIENT_ID=$(az keyvault secret show -n ${SECRET_PREFIX}-client-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - client id: ${ARM_CLIENT_ID}"
+        export ARM_CLIENT_SECRET=$(az keyvault secret show -n ${SECRET_PREFIX}-client-secret --vault-name ${keyvault} -o json | jq -r .value)
+        export ARM_TENANT_ID=$(az keyvault secret show -n ${SECRET_PREFIX}-tenant-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - tenant id: ${ARM_TENANT_ID}"
+    fi 
 
+    if [ ${caf_command} == "rover" ] && [ ${launchpad_mode} != "launchpad_light" ]; then
+        
+        echo "rover mode"
+        if [ ${TF_VAR_lowerlevel_key} == ${TF_VAR_tf_name} ] && [ ${tf_action} == "destroy" ]; then
+            error "You must run the rover in launchpad mode to destroy the launchpad"
+        fi
+        
+        echo "Impersonating with the azure session with the launchpad service principal to deploy the landingzone"
+        
+        az login --service-principal -u ${ARM_CLIENT_ID} -p ${ARM_CLIENT_SECRET} --tenant ${ARM_TENANT_ID} 
+    fi
+
+    az account set -s ${ARM_SUBSCRIPTION_ID}
 }
 
 function plan {
@@ -436,6 +390,8 @@ function plan {
 
     echo "running terraform plan with ${tf_command}"
     echo " -TF_VAR_workspace: ${TF_VAR_workspace}"
+    echo " -state: ${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/${TF_VAR_tf_name}"
+    echo " -plan:  ${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/${TF_VAR_tf_plan}"
 
     pwd
     mkdir -p "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}"
@@ -446,7 +402,7 @@ function plan {
     terraform plan ${tf_command} \
             -refresh=true \
             -state="${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/${TF_VAR_tf_name}" \
-            -out="${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/${TF_VAR_tf_plan}" 2>$STDERR_FILE | tee ${tf_output_file}
+            -out="${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/${TF_VAR_tf_plan}" $PWD 2>$STDERR_FILE | tee ${tf_output_file}
     
     RETURN_CODE=$? && echo "Terraform plan return code: ${RETURN_CODE}"
 
@@ -521,6 +477,10 @@ function destroy {
 
     get_logged_user_object_id
 
+    if [ ${TF_VAR_user_type} != "user" ] && [ "${caf_command}" == "launchpad" ]; then
+        error "You must be connected with the user who did the original launchpad initialization to destroy it"
+    fi
+
     rm -f "${TF_DATA_DIR}/terraform.tfstate"
     sudo rm -f ${landingzone_name}/backend.azurerm.tf
 
@@ -555,7 +515,7 @@ function destroy {
     else
         echo 'running terraform destroy with local tfstate'
         # Destroy is performed with the logged in user who last ran the launchap .. apply from the rover. Only this user has permission in the kv access policy
-        if [ ${user_type} == "user" ]; then
+        if [ ${TF_VAR_user_type} == "user" ]; then
             unset ARM_TENANT_ID
             unset ARM_SUBSCRIPTION_ID
             unset ARM_CLIENT_ID
@@ -586,23 +546,31 @@ function destroy {
     rm -f "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/${TF_VAR_tf_name}"
 
     # Delete tfstate
-    echo "Delete state file on storage account:"
-    stg_name=$(az storage account show --ids ${id} -o json | jq -r .name) && echo " -stg_name: ${stg_name}"
-    
-    fileExists=$(az storage blob exists \
-            --name ${TF_VAR_tf_name} \
-            --container-name ${TF_VAR_workspace} \
-            --auth-mode login \
-            --account-name ${stg_name} -o json | jq .exists)
+    id=$(az storage account list --query "[?tags.tfstate=='${TF_VAR_level}' && tags.environment=='${TF_VAR_environment}']" -o json | jq -r .[0].id)
     
-    if [ "${fileExists}" == "true" ]; then
-        az storage blob delete \
-            --name ${TF_VAR_tf_name} \
-            --container-name ${TF_VAR_workspace} \
-            --auth-mode login \
-            --account-name ${stg_name}
+    if [ "$id" != "null" ]; then
+        echo "Delete state file on storage account:"
+        echo " -tfstate: ${TF_VAR_tf_name}"
+        stg_name=$(az storage account show --ids ${id} -o json | jq -r .name) && echo " -stg_name: ${stg_name}"
+        
+        fileExists=$(az storage blob exists \
+                --name ${TF_VAR_tf_name} \
+                --container-name ${TF_VAR_workspace} \
+                --auth-mode login \
+                --account-name ${stg_name} -o json | jq .exists)
+        
+        if [ "${fileExists}" == "true" ]; then
+            echo " - found"
+            az storage blob delete \
+                --name ${TF_VAR_tf_name} \
+                --container-name ${TF_VAR_workspace} \
+                --auth-mode login \
+                --account-name ${stg_name}
+            echo " -deleted"
+        fi
     fi
 
+    rm -rf  ${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}
 }
 
 function other {
@@ -643,7 +611,9 @@ function deploy_landingzone {
 
     mkdir -p "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}"
 
-    get_remote_state_details
+    # get_remote_state_details
+    # login_as_launchpad
+
     export ARM_ACCESS_KEY=$(az storage account keys list --account-name ${TF_VAR_lowerlevel_storage_account_name} --resource-group ${TF_VAR_lowerlevel_resource_group_name} -o json | jq -r .[0].value)
 
 
@@ -752,8 +722,8 @@ function clean_up_variables {
 function get_logged_user_object_id {
     echo "@calling_get_logged_user_object_id"
 
-    export user_type=$(az account show --query user.type -o tsv)
-    if [ ${user_type} == "user" ]; then
+    export TF_VAR_user_type=$(az account show --query user.type -o tsv)
+    if [ ${TF_VAR_user_type} == "user" ]; then
 
         unset ARM_TENANT_ID
         unset ARM_SUBSCRIPTION_ID
@@ -773,7 +743,7 @@ function get_logged_user_object_id {
                 echo " - logged in Azure with System Assigned Identity"
                 ;;
             "userAssignedIdentity")
-                echo " - logged in Azure wiht User Assigned Identity: ($(az account show | jq -r .user.assignedIdentityInfo))"
+                echo " - logged in Azure wiht User Assigned Identity: ($(az account show -o json | jq -r .user.assignedIdentityInfo))"
                 ;;
             *)
                 # When connected with a service account the name contains the objectId
@@ -783,4 +753,112 @@ function get_logged_user_object_id {
         esac
 
     fi
+}
+
+function deploy {
+
+
+    case "${id}" in 
+        "null")
+            echo "No launchpad found."
+            if [ "${caf_command}" == "launchpad" ]; then 
+                if [ -e "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/${TF_VAR_tf_name}" ]; then
+                    echo "Recover from an un-finished previous execution"
+                    if [ "${tf_action}" == "destroy" ]; then
+                        destroy
+                    else
+                        initialize_state
+                    fi
+                else
+                    rm -rf "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}"
+                    if [ "${tf_action}" == "destroy" ]; then
+                        echo "There is no launchpad in this subscription"
+                    else
+                        echo "Deploying from scratch the launchpad"
+                        rm -rf "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}"
+                        initialize_state
+                    fi
+                    exit
+                fi
+            else
+                error ${LINENO} "You need to initialise a launchpad first with the command \n
+                rover /tf/launchpads/launchpad_opensource_light [plan | apply | destroy] -launchpad" 1000
+            fi
+        ;;
+        '')
+            error ${LINENO} "you must login to an Azure subscription first or logout / login again" 2
+            ;;
+        *)
+        
+        # Get the launchpad version
+        caf_launchpad=$(az storage account show --ids $id -o json | jq -r .tags.launchpad)
+        echo ""
+        echo "${caf_launchpad} already installed"
+        echo ""
+
+        if [ -e "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/${TF_VAR_tf_name}" ]; then
+            echo "Recover from an un-finished previous execution"
+            if [ "${tf_action}" == "destroy" ]; then
+                if [ "${caf_command}" == "rover" ]; then 
+                login_as_launchpad
+                fi
+                destroy
+            else
+                initialize_state
+            fi
+            exit 0
+        else
+            case "${tf_action}" in
+            "destroy")
+                destroy_from_remote_state
+                ;;
+            "plan"|"apply")
+                deploy_from_remote_state
+                ;;
+            *)
+                login_as_launchpad
+                # get_launchpad_coordinates
+                display_instructions
+                ;;
+            esac
+        fi
+        ;;
+    esac
+
+
+}
+
+function landing_zone {
+        case "${tf_action}" in 
+                "list")
+                        echo "Listing the deployed landing zones"
+                        list_deployed_landingzones
+                        ;;
+                *)
+                        echo "launchpad landing_zone [ list | unlock [landing_zone_tfstate_name]]"
+                        ;;
+        esac
+}
+
+## Workspaces are used to isolate environments like sandpit, dev, sit, production
+function workspace {
+
+        if [ "${id}" == "null" ]; then
+                display_launchpad_instructions
+                exit 1000
+        fi
+
+        case "${tf_action}" in 
+                "list")
+                        workspace_list
+                        ;;
+                "create")
+                        workspace_create ${tf_command}
+                        ;;
+                "delete")     
+                        ;;
+                *)
+                        echo "launchpad workspace [ list | create | delete ]"
+                        ;;
+        esac
 }
\ No newline at end of file
diff --git a/scripts/launchpad.sh b/scripts/launchpad.sh
index 6405d835..b034aec5 100755
--- a/scripts/launchpad.sh
+++ b/scripts/launchpad.sh
@@ -53,47 +53,54 @@ id=$(az storage account list --query "[?tags.tfstate=='level0' && tags.workspace
 
 function launchpad_opensource {
 
-        case "${id}" in 
-                "null")
-                        echo "No launchpad found."
-                        rm -rf "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}"
-
-                        if [ "${tf_action}" == "destroy" ]; then
-                                echo "There is no launchpad in this subscription"
-                        else
-                                echo "Deploying from scratch the launchpad"
-                                initialize_state
-                        fi
-                        ;;
-                '')
-                        error ${LINENO} "you must login to an Azure subscription first or logout / login again" 2
-                        ;;
-                *)
-                        
-                        if [ -e "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/$(basename ${landingzone_name}).tfstate" ]; then
-                                echo "Recover from an un-finished initialisation"
-                                if [ "${tf_action}" == "destroy" ]; then
-                                        destroy
-                                else
-                                        initialize_state
-                                fi
-                                exit 0
-                        else
-                                case "${tf_action}" in
-                                        "destroy")
-                                                destroy_from_remote_state
-                                                ;;
-                                        "plan"|"apply")
-                                                deploy_from_remote_state
-                                                ;;
-                                        *)
-                                                get_launchpad_coordinates
-                                                display_instructions
-                                                ;;
-                                esac
-                        fi
-                        ;;
+  case "${id}" in 
+    "null")
+      echo "No launchpad found."
+
+      if [ "${tf_action}" == "destroy" ]; then
+        if [ -e "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/$(basename ${landingzone_name}).tfstate" ]; then
+          echo "Recover from an un-finished initialisation"
+          destroy
+        else
+          rm -rf "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}"
+          echo "There is no launchpad in this subscription"
+        fi
+      else
+        echo "Deploying from scratch the launchpad"
+        rm -rf "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}"
+        initialize_state
+        display_instructions
+      fi
+      ;;
+    '')
+      error ${LINENO} "you must login to an Azure subscription first or logout / login again" 2
+      ;;
+    *)
+            
+      if [ -e "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/$(basename ${landingzone_name}).tfstate" ]; then
+        echo "Recover from an un-finished initialisation"
+        if [ "${tf_action}" == "destroy" ]; then
+          destroy
+        else
+          initialize_state
+        fi
+        exit 0
+      else
+        case "${tf_action}" in
+          "destroy")
+            destroy_from_remote_state
+            ;;
+          "plan"|"apply")
+            deploy_from_remote_state
+            ;;
+          *)
+            get_launchpad_coordinates
+            display_instructions
+            ;;
         esac
+      fi
+      ;;
+  esac
 
 
 }
diff --git a/scripts/rover.sh b/scripts/rover.sh
index 32d060e1..5d88c91a 100755
--- a/scripts/rover.sh
+++ b/scripts/rover.sh
@@ -5,24 +5,36 @@
 # deploy a landingzone with 
 # rover [landingzone_folder_name] [plan | apply | destroy] [parameters]
 
-# capture the current path
-export TF_VAR_workspace=${TF_VAR_workspace:="sandpit"}
-export TF_VAR_rover_version=$(echo $(cat /tf/rover/version.txt))
-export caf_command="rover"
 current_path=$(pwd)
 landingzone_name=$1
 tf_action=$2
 shift 2
 
+cd ${landingzone_name}
+
+# capture the current path
+export TF_VAR_workspace=${TF_VAR_workspace:="sandpit"}
+export TF_VAR_environment=${TF_VAR_environment:="sandpit"}
+export TF_VAR_rover_version=$(echo $(cat /tf/rover/version.txt))
+export TF_VAR_tf_name=${TF_VAR_tf_name:="$(basename $(pwd)).tfstate"}
+export TF_VAR_tf_plan=${TF_VAR_tf_plan:="$(basename $(pwd)).tfplan"}
+export TF_VAR_level=${TF_VAR_level:="level0"}
+export caf_command="rover"
+
+
 while (( "$#" )); do
-        case "$1" in
+        case "${1}" in
         -o|--output)
-                tf_output_file=$2
+                tf_output_file=${2}
                 shift 2
                 ;;
         -w|--workspace)
-                echo "configurting workspace"
-                export TF_VAR_workspace=$2
+                export TF_VAR_workspace=${2}
+                shift 2
+                echo "set workspace to ${TF_VAR_workspace}"
+                ;;
+        -env|--environment)
+                export TF_VAR_environment=${2}
                 shift 2
                 ;;
         -tfstate)
@@ -30,10 +42,20 @@ while (( "$#" )); do
                 export TF_VAR_tf_plan="${2}.tfplan"
                 shift 2
                 ;;
+        -level)
+                export TF_VAR_level=${2}
+                shift 2
+                ;;
+        -launchpad)
+                export caf_command="launchpad"
+                export TF_VAR_workspace="level0"
+                shift 1
+                echo "set rover to mode ${caf_command}"
+                echo "set workspace to level0"
+                ;;
         *) # preserve positional arguments
-                echo "else $1"
 
-                PARAMS+="$1 "
+                PARAMS+="${1} "
                 shift
                 ;;
         esac
@@ -49,54 +71,41 @@ tf_command=$(echo $PARAMS | sed -e 's/^[ \t]*//')
 
 echo ""
 
-echo "tool                          : '$(echo ${caf_command})'"
+echo "mode                          : '$(echo ${caf_command})'"
 echo "tf_action                     : '$(echo ${tf_action})'"
 echo "tf_command                    : '$(echo ${tf_command})'"
 echo "landingzone                   : '$(echo ${landingzone_name})'"
 echo "terraform command output file : '$(echo ${tf_output_file})' "
-echo "workspace                     : '$(echo ${TF_VAR_workspace})'"
+echo "level                         : '$(echo ${TF_VAR_level})'" 
+echo "environment                   : '$(echo ${TF_VAR_environment})'"
+# echo "workspace                     : '$(echo ${TF_VAR_workspace})'"
 echo "tfstate                       : '$(echo ${TF_VAR_tf_name})'"
 echo ""
 
 verify_azure_session
 verify_parameters
 
-
 # Trying to retrieve the terraform state storage account id
-id=$(az storage account list --query "[?tags.tfstate=='level0' && tags.workspace=='level0']" -o json | jq -r .[0].id)
-
-if [ "${id}" == '' ]; then
-        error ${LINENO} "you must login to an Azure subscription first or logout / login again" 2
-fi
-
-# Initialise storage account to store remote terraform state
-if [ "${id}" == "null" ]; then
-        error ${LINENO} "You need to initialise a launchpad first with the command \n
-                launchpad /tf/launchpads/launchpad_opensource_light [plan | apply | destroy]" 1000
-fi
-
-if [ "${landingzone_name}" == *"/tf/launchpads/launchpad_opensource"* ]; then
-
-        error ${LINENO} "You need to manage the launchpad using the command \n
-                launchpad /tf/launchpads/launchpad_opensource_light [plan | apply | destroy]" 1001
-
-fi
-
-# Get the launchpad version
-caf_launchpad=$(az storage account show --ids $id | jq -r .tags.launchpad)
-echo ""
-echo "${caf_launchpad} already installed"
-echo ""
-
-
-if [ -z "${landingzone_name}" ]; then 
-        display_instructions
-else
-        login_as_launchpad
-        
-        if [ "${tf_action}" == "destroy" ]; then
-                destroy_from_remote_state
-        else
-                deploy_from_remote_state
-        fi
-fi
+id=$(az storage account list --query "[?tags.tfstate=='${TF_VAR_level}' && tags.environment=='${TF_VAR_environment}']" -o json | jq -r .[0].id)
+
+
+case "${landingzone_name}" in
+  "landing_zone")
+    landing_zone
+    ;;
+  "workspace")
+    workspace
+    ;;
+  "")
+    if [ "${id}" == "null" ]; then
+      display_launchpad_instructions
+      exit 1000
+    else
+      # login_as_launchpad
+      # get_launchpad_coordinates
+      display_instructions
+    fi
+    ;;
+  *)
+    deploy ${TF_VAR_workspace}
+esac
\ No newline at end of file

From caec0dca4b0ef459e8c555e651197aacdaf3813b Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Thu, 25 Jun 2020 00:15:50 +0000
Subject: [PATCH 15/30] Add vnext-13-beta2

---
 .github/workflows/vnext.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/vnext.yml b/.github/workflows/vnext.yml
index fdaead38..2809d0c8 100644
--- a/.github/workflows/vnext.yml
+++ b/.github/workflows/vnext.yml
@@ -52,10 +52,10 @@ jobs:
     - name: Build the rover
       run: |        
         set -e
-        docker_tag=vnext-13-beta1
+        docker_tag=vnext-13-beta2
         
         # Override .env variable
-        export versionTerraform="0.13.0-beta1"
+        export versionTerraform="0.13.0-beta2"
 
         # Build the rover base image
         docker-compose build --build-arg versionRover="aztfmod/roverdev:$docker_tag"

From 09046a057afebaa546f09223b11cd78aebd89440 Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Thu, 25 Jun 2020 22:04:39 +0000
Subject: [PATCH 16/30] Fix to be backward compatible with launchpad 1510

---
 scripts/functions.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/scripts/functions.sh b/scripts/functions.sh
index 85897e87..d39d60e9 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -186,6 +186,11 @@ function initialize_state {
             apply
             # Create sandpit workspace
             id=$(az storage account list --query "[?tags.tfstate=='${TF_VAR_level}' && tags.environment=='${TF_VAR_environment}'].{id:id}" -o json | jq -r .[0].id)
+            if [ ${id} == null ]; then
+                #1510 launchpad version
+                id=$(az storage account list --query "[?tags.tfstate=='level0' && tags.workspace=='level0']" -o json | jq -r .[0].id)
+            fi
+            
             workspace_create "sandpit"
             workspace_create ${TF_VAR_workspace}
             upload_tfstate

From 8bcb74095a0f1aaa2fc9904b3e5634e9b49f6d5f Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Thu, 25 Jun 2020 22:30:39 +0000
Subject: [PATCH 17/30] Add_get_storage_id

---
 scripts/functions.sh | 21 +++++++++++++--------
 scripts/rover.sh     |  3 +--
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/scripts/functions.sh b/scripts/functions.sh
index d39d60e9..91fa431b 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -185,12 +185,8 @@ function initialize_state {
             plan
             apply
             # Create sandpit workspace
-            id=$(az storage account list --query "[?tags.tfstate=='${TF_VAR_level}' && tags.environment=='${TF_VAR_environment}'].{id:id}" -o json | jq -r .[0].id)
-            if [ ${id} == null ]; then
-                #1510 launchpad version
-                id=$(az storage account list --query "[?tags.tfstate=='level0' && tags.workspace=='level0']" -o json | jq -r .[0].id)
-            fi
-            
+            get_storage_id
+
             workspace_create "sandpit"
             workspace_create ${TF_VAR_workspace}
             upload_tfstate
@@ -551,8 +547,8 @@ function destroy {
     rm -f "${TF_DATA_DIR}/tfstates/${TF_VAR_workspace}/${TF_VAR_tf_name}"
 
     # Delete tfstate
-    id=$(az storage account list --query "[?tags.tfstate=='${TF_VAR_level}' && tags.environment=='${TF_VAR_environment}']" -o json | jq -r .[0].id)
-    
+    get_storage_id
+
     if [ "$id" != "null" ]; then
         echo "Delete state file on storage account:"
         echo " -tfstate: ${TF_VAR_tf_name}"
@@ -866,4 +862,13 @@ function workspace {
                         echo "launchpad workspace [ list | create | delete ]"
                         ;;
         esac
+}
+
+function get_storage_id {
+    echo "@calling get_storage_id"
+    id=$(az storage account list --query "[?tags.tfstate=='${TF_VAR_level}' && tags.environment=='${TF_VAR_environment}'].{id:id}" -o json | jq -r .[0].id)
+    if [ ${id} == null ]; then
+        #1510 launchpad version
+        id=$(az storage account list --query "[?tags.tfstate=='level0' && tags.workspace=='level0']" -o json | jq -r .[0].id)
+    fi
 }
\ No newline at end of file
diff --git a/scripts/rover.sh b/scripts/rover.sh
index 5d88c91a..a2777ccb 100755
--- a/scripts/rover.sh
+++ b/scripts/rover.sh
@@ -86,8 +86,7 @@ verify_azure_session
 verify_parameters
 
 # Trying to retrieve the terraform state storage account id
-id=$(az storage account list --query "[?tags.tfstate=='${TF_VAR_level}' && tags.environment=='${TF_VAR_environment}']" -o json | jq -r .[0].id)
-
+get_storage_id
 
 case "${landingzone_name}" in
   "landing_zone")

From 9a0309b55f5e206fd6feeb8f7170fd8a94a1b98f Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Thu, 25 Jun 2020 22:44:15 +0000
Subject: [PATCH 18/30] Update launchpad instructions

---
 scripts/functions.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/functions.sh b/scripts/functions.sh
index 91fa431b..72d0d9d8 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -58,7 +58,7 @@ function display_instructions {
 function display_launchpad_instructions {
     echo ""
     echo "You need to deploy the launchpad from the rover by running:"
-    echo " rover /tf/caf/launchpads/launchpad apply -launchpad"
+    echo " rover /tf/caf/landinzones/launchpad apply -launchpad"
     echo ""
 }
 
@@ -783,7 +783,7 @@ function deploy {
                 fi
             else
                 error ${LINENO} "You need to initialise a launchpad first with the command \n
-                rover /tf/launchpads/launchpad_opensource_light [plan | apply | destroy] -launchpad" 1000
+                rover /tf/caf/landingzones/launchpad [plan | apply | destroy] -launchpad" 1000
             fi
         ;;
         '')

From c6f152e9bcc97a106dfbbc2a928f1e15bcc07737 Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Fri, 26 Jun 2020 04:20:19 +0000
Subject: [PATCH 19/30] Keyvault fix for backward compatibility

---
 scripts/functions.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/scripts/functions.sh b/scripts/functions.sh
index 72d0d9d8..f478fbe2 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -343,8 +343,14 @@ function list_deployed_landingzones {
 function login_as_launchpad {
     echo "@calling login_as_launchpad"
 
-    export keyvault=$(az keyvault list --query "[?tags.tfstate=='${TF_VAR_level}' && tags.environment=='${TF_VAR_environment}']" -o json | jq -r .[0].name) && echo " - keyvault_name: ${keyvault}"
+    export keyvault=$(az keyvault list --query "[?tags.tfstate=='${TF_VAR_level}' && tags.environment=='${TF_VAR_environment}']" -o json | jq -r .[0].name)
     
+    if [ "${keyvault}" == "null" ]; then
+        export keyvault=$(az keyvault list --query "[?tags.tfstate=='level0' && tags.workspace=='level0']" -o json | jq -r .[0].name)
+    fi
+
+    echo " - keyvault_name: ${keyvault}"
+
     export SECRET_PREFIX=$(az keyvault secret show -n launchpad-secret-prefix --vault-name ${keyvault} -o json | jq -r .value) && echo " - Name: ${SECRET_PREFIX}"
         
     # If the logged in user does not have access to the launchpad

From a4c52e57d169910d726c82edc305d1162dbbd771 Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Fri, 26 Jun 2020 05:53:51 +0000
Subject: [PATCH 20/30] Fix 1510 login compatibility

---
 scripts/functions.sh | 90 ++++++++++++++++++++++++++++++--------------
 1 file changed, 61 insertions(+), 29 deletions(-)

diff --git a/scripts/functions.sh b/scripts/functions.sh
index f478fbe2..798a402e 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -347,49 +347,81 @@ function login_as_launchpad {
     
     if [ "${keyvault}" == "null" ]; then
         export keyvault=$(az keyvault list --query "[?tags.tfstate=='level0' && tags.workspace=='level0']" -o json | jq -r .[0].name)
+        login_as_launchpad_1510
+    else
+
+        echo " - keyvault_name: ${keyvault}"
+
+        export SECRET_PREFIX=$(az keyvault secret show -n launchpad-secret-prefix --vault-name ${keyvault} -o json | jq -r .value) && echo " - Name: ${SECRET_PREFIX}"
+            
+        # If the logged in user does not have access to the launchpad
+        if [ "${SECRET_PREFIX}" == "" ]; then
+            error 326 "Not authorized to manage landingzones. User must be member of the security group to access the launchpad and deploy a landing zone" 102
+        fi
+
+        
+        stg=$(az storage account show --ids ${id} -o json)
+
+        echo ""
+        echo "Getting launchpad coordinates:"
+        export TF_VAR_lowerlevel_storage_account_name=$(echo ${stg} | jq -r .name) && echo " - storage_account_name: ${TF_VAR_lowerlevel_storage_account_name}"
+        export TF_VAR_lowerlevel_resource_group_name=$(echo ${stg} | jq -r .resourceGroup) && echo " - resource_group: ${TF_VAR_lowerlevel_resource_group_name}"
+        export TF_VAR_lowerlevel_container_name=$(az keyvault secret show -n launchpad-blob-container --vault-name ${keyvault} -o json | jq -r .value) && echo " - container: ${TF_VAR_lowerlevel_container_name}"
+        export TF_VAR_lowerlevel_key=$(az keyvault secret show -n launchpad-blob-name --vault-name ${keyvault} -o json | jq -r .value) && echo " - tfstate file: ${TF_VAR_lowerlevel_key}"  
+        export ARM_SUBSCRIPTION_ID=$(az keyvault secret show -n launchpad-subscription-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - subscription id: ${ARM_SUBSCRIPTION_ID}"
+        launchpad_mode=$(az keyvault secret show -n launchpad-mode --vault-name ${keyvault} -o json | jq -r .value) && echo " - launchpad mode: ${launchpad_mode}"  
+
+        if [ ${launchpad_mode} != "launchpad_light" ]; then
+            echo "Set terraform provider context to Azure AD application launchpad "
+            export ARM_CLIENT_ID=$(az keyvault secret show -n ${SECRET_PREFIX}-client-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - client id: ${ARM_CLIENT_ID}"
+            export ARM_CLIENT_SECRET=$(az keyvault secret show -n ${SECRET_PREFIX}-client-secret --vault-name ${keyvault} -o json | jq -r .value)
+            export ARM_TENANT_ID=$(az keyvault secret show -n ${SECRET_PREFIX}-tenant-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - tenant id: ${ARM_TENANT_ID}"
+        fi 
+
+        if [ ${caf_command} == "rover" ] && [ ${launchpad_mode} != "launchpad_light" ]; then
+            
+            echo "rover mode"
+            if [ ${TF_VAR_lowerlevel_key} == ${TF_VAR_tf_name} ] && [ ${tf_action} == "destroy" ]; then
+                error "You must run the rover in launchpad mode to destroy the launchpad"
+            fi
+            
+            echo "Impersonating with the azure session with the launchpad service principal to deploy the landingzone"
+            
+            az login --service-principal -u ${ARM_CLIENT_ID} -p ${ARM_CLIENT_SECRET} --tenant ${ARM_TENANT_ID} 
+        fi
+
+        az account set -s ${ARM_SUBSCRIPTION_ID}
+
     fi
+}
 
-    echo " - keyvault_name: ${keyvault}"
+function login_as_launchpad_1510 {
+    echo "@calling login_as_launchpad_1510"
 
-    export SECRET_PREFIX=$(az keyvault secret show -n launchpad-secret-prefix --vault-name ${keyvault} -o json | jq -r .value) && echo " - Name: ${SECRET_PREFIX}"
+    export keyvault=$(az keyvault list --query "[?tags.tfstate=='level0' && tags.workspace=='level0']" -o json | jq -r .[0].name) && echo " - keyvault_name: ${keyvault}"
+    
+    export LAUNCHPAD_NAME=$(az keyvault secret show -n launchpad-name --vault-name ${keyvault} -o json | jq -r .value) && echo " - Name: ${LAUNCHPAD_NAME}"
         
     # If the logged in user does not have access to the launchpad
-    if [ "${SECRET_PREFIX}" == "" ]; then
+    if [ "${LAUNCHPAD_NAME}" == "" ]; then
         error 326 "Not authorized to manage landingzones. User must be member of the security group to access the launchpad and deploy a landing zone" 102
     fi
 
-    
-    stg=$(az storage account show --ids ${id} -o json)
-
-    echo ""
-    echo "Getting launchpad coordinates:"
-    export TF_VAR_lowerlevel_storage_account_name=$(echo ${stg} | jq -r .name) && echo " - storage_account_name: ${TF_VAR_lowerlevel_storage_account_name}"
-    export TF_VAR_lowerlevel_resource_group_name=$(echo ${stg} | jq -r .resourceGroup) && echo " - resource_group: ${TF_VAR_lowerlevel_resource_group_name}"
-    export TF_VAR_lowerlevel_container_name=$(az keyvault secret show -n launchpad-blob-container --vault-name ${keyvault} -o json | jq -r .value) && echo " - container: ${TF_VAR_lowerlevel_container_name}"
-    export TF_VAR_lowerlevel_key=$(az keyvault secret show -n launchpad-blob-name --vault-name ${keyvault} -o json | jq -r .value) && echo " - tfstate file: ${TF_VAR_lowerlevel_key}"  
+    export ARM_CLIENT_ID=$(az keyvault secret show -n launchpad-application-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - client id: ${ARM_CLIENT_ID}"
+    export TF_VAR_rover_pilot_client_id=$(az keyvault secret show -n launchpad-service-principal-client-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - rover client id: ${TF_VAR_rover_pilot_client_id}"
+    export ARM_CLIENT_SECRET=$(az keyvault secret show -n launchpad-service-principal-client-secret --vault-name ${keyvault} -o json | jq -r .value)
+    export ARM_TENANT_ID=$(az keyvault secret show -n launchpad-tenant-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - tenant id: ${ARM_TENANT_ID}"
     export ARM_SUBSCRIPTION_ID=$(az keyvault secret show -n launchpad-subscription-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - subscription id: ${ARM_SUBSCRIPTION_ID}"
-    launchpad_mode=$(az keyvault secret show -n launchpad-mode --vault-name ${keyvault} -o json | jq -r .value) && echo " - launchpad mode: ${launchpad_mode}"  
 
-    if [ ${launchpad_mode} != "launchpad_light" ]; then
-        echo "Set terraform provider context to Azure AD application launchpad "
-        export ARM_CLIENT_ID=$(az keyvault secret show -n ${SECRET_PREFIX}-client-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - client id: ${ARM_CLIENT_ID}"
-        export ARM_CLIENT_SECRET=$(az keyvault secret show -n ${SECRET_PREFIX}-client-secret --vault-name ${keyvault} -o json | jq -r .value)
-        export ARM_TENANT_ID=$(az keyvault secret show -n ${SECRET_PREFIX}-tenant-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - tenant id: ${ARM_TENANT_ID}"
-    fi 
+    if [ "${caf_launchpad}" == "launchpad_opensource" ]; then
 
-    if [ ${caf_command} == "rover" ] && [ ${launchpad_mode} != "launchpad_light" ]; then
-        
-        echo "rover mode"
-        if [ ${TF_VAR_lowerlevel_key} == ${TF_VAR_tf_name} ] && [ ${tf_action} == "destroy" ]; then
-            error "You must run the rover in launchpad mode to destroy the launchpad"
-        fi
-        
-        echo "Impersonating with the azure session with the launchpad service principal to deploy the landingzone"
+        echo ""
+        echo "Impersonating with the launchpad service principal to deploy the landingzone"
         
         az login --service-principal -u ${ARM_CLIENT_ID} -p ${ARM_CLIENT_SECRET} --tenant ${ARM_TENANT_ID} 
-    fi
+        az account set -s ${ARM_SUBSCRIPTION_ID}
 
-    az account set -s ${ARM_SUBSCRIPTION_ID}
+    fi
 }
 
 function plan {

From 0368c5967c8f0d60fadfc3181b7481ef983e78b0 Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Fri, 26 Jun 2020 06:20:31 +0000
Subject: [PATCH 21/30] Fix 1510 storage account

---
 scripts/functions.sh | 13 ++++++++++++-
 scripts/rover.sh     |  6 ++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/scripts/functions.sh b/scripts/functions.sh
index 798a402e..4ae48430 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -371,11 +371,15 @@ function login_as_launchpad {
         export ARM_SUBSCRIPTION_ID=$(az keyvault secret show -n launchpad-subscription-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - subscription id: ${ARM_SUBSCRIPTION_ID}"
         launchpad_mode=$(az keyvault secret show -n launchpad-mode --vault-name ${keyvault} -o json | jq -r .value) && echo " - launchpad mode: ${launchpad_mode}"  
 
-        if [ ${launchpad_mode} != "launchpad_light" ]; then
+        if [ ${launchpad_mode} == "launchpad" ] && [ ${caf_impersonate} == 1 ]; then
             echo "Set terraform provider context to Azure AD application launchpad "
             export ARM_CLIENT_ID=$(az keyvault secret show -n ${SECRET_PREFIX}-client-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - client id: ${ARM_CLIENT_ID}"
             export ARM_CLIENT_SECRET=$(az keyvault secret show -n ${SECRET_PREFIX}-client-secret --vault-name ${keyvault} -o json | jq -r .value)
             export ARM_TENANT_ID=$(az keyvault secret show -n ${SECRET_PREFIX}-tenant-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - tenant id: ${ARM_TENANT_ID}"
+        else
+            unset ARM_CLIENT_ID
+            unset ARM_CLIENT_SECRET
+            unset ARM_TENANT_ID
         fi 
 
         if [ ${caf_command} == "rover" ] && [ ${launchpad_mode} != "launchpad_light" ]; then
@@ -413,6 +417,13 @@ function login_as_launchpad_1510 {
     export ARM_TENANT_ID=$(az keyvault secret show -n launchpad-tenant-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - tenant id: ${ARM_TENANT_ID}"
     export ARM_SUBSCRIPTION_ID=$(az keyvault secret show -n launchpad-subscription-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - subscription id: ${ARM_SUBSCRIPTION_ID}"
 
+    stg=$(az storage account show --ids ${id} -o json)
+
+    export TF_VAR_lowerlevel_storage_account_name=$(echo ${stg} | jq -r .name) && echo " - storage_account_name: ${TF_VAR_lowerlevel_storage_account_name}"
+    export TF_VAR_lowerlevel_resource_group_name=$(echo ${stg} | jq -r .resourceGroup) && echo " - resource_group: ${TF_VAR_lowerlevel_resource_group_name}"
+    export TF_VAR_lowerlevel_container_name=$(az keyvault secret show -n launchpad-blob-container --vault-name ${keyvault} -o json | jq -r .value) && echo " - container: ${TF_VAR_lowerlevel_container_name}"
+    
+
     if [ "${caf_launchpad}" == "launchpad_opensource" ]; then
 
         echo ""
diff --git a/scripts/rover.sh b/scripts/rover.sh
index a2777ccb..cd5ac19d 100755
--- a/scripts/rover.sh
+++ b/scripts/rover.sh
@@ -19,6 +19,7 @@ export TF_VAR_rover_version=$(echo $(cat /tf/rover/version.txt))
 export TF_VAR_tf_name=${TF_VAR_tf_name:="$(basename $(pwd)).tfstate"}
 export TF_VAR_tf_plan=${TF_VAR_tf_plan:="$(basename $(pwd)).tfplan"}
 export TF_VAR_level=${TF_VAR_level:="level0"}
+export caf_impersonate=${caf_impersonate:=1}
 export caf_command="rover"
 
 
@@ -46,9 +47,14 @@ while (( "$#" )); do
                 export TF_VAR_level=${2}
                 shift 2
                 ;;
+        -donotimpersonate)
+                export caf_impersonate=0
+                shift 1
+                ;;
         -launchpad)
                 export caf_command="launchpad"
                 export TF_VAR_workspace="level0"
+                export caf_impersonate=1
                 shift 1
                 echo "set rover to mode ${caf_command}"
                 echo "set workspace to level0"

From 796e55034d316aa64147f81e8cc69cf875e7a35f Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Fri, 26 Jun 2020 06:40:31 +0000
Subject: [PATCH 22/30] Add lowerlevelkey

---
 scripts/functions.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/functions.sh b/scripts/functions.sh
index 4ae48430..de81ae67 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -422,7 +422,7 @@ function login_as_launchpad_1510 {
     export TF_VAR_lowerlevel_storage_account_name=$(echo ${stg} | jq -r .name) && echo " - storage_account_name: ${TF_VAR_lowerlevel_storage_account_name}"
     export TF_VAR_lowerlevel_resource_group_name=$(echo ${stg} | jq -r .resourceGroup) && echo " - resource_group: ${TF_VAR_lowerlevel_resource_group_name}"
     export TF_VAR_lowerlevel_container_name=$(az keyvault secret show -n launchpad-blob-container --vault-name ${keyvault} -o json | jq -r .value) && echo " - container: ${TF_VAR_lowerlevel_container_name}"
-    
+    export TF_VAR_lowerlevel_key=$(az keyvault secret show -n launchpad-blob-name --vault-name ${keyvault} -o json | jq -r .value) && echo " - tfstate file: ${TF_VAR_lowerlevel_key}"  
 
     if [ "${caf_launchpad}" == "launchpad_opensource" ]; then
 

From 8ccc664bea36584ac5785c88dcc94928bd98ea6c Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Fri, 26 Jun 2020 08:25:08 +0000
Subject: [PATCH 23/30] Fix destroy from pipeline

---
 scripts/functions.sh | 17 +++--------------
 scripts/rover.sh     |  6 ------
 2 files changed, 3 insertions(+), 20 deletions(-)

diff --git a/scripts/functions.sh b/scripts/functions.sh
index de81ae67..11619902 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -371,18 +371,14 @@ function login_as_launchpad {
         export ARM_SUBSCRIPTION_ID=$(az keyvault secret show -n launchpad-subscription-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - subscription id: ${ARM_SUBSCRIPTION_ID}"
         launchpad_mode=$(az keyvault secret show -n launchpad-mode --vault-name ${keyvault} -o json | jq -r .value) && echo " - launchpad mode: ${launchpad_mode}"  
 
-        if [ ${launchpad_mode} == "launchpad" ] && [ ${caf_impersonate} == 1 ]; then
+        if [ ${launchpad_mode} == "launchpad" ]; then
             echo "Set terraform provider context to Azure AD application launchpad "
             export ARM_CLIENT_ID=$(az keyvault secret show -n ${SECRET_PREFIX}-client-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - client id: ${ARM_CLIENT_ID}"
             export ARM_CLIENT_SECRET=$(az keyvault secret show -n ${SECRET_PREFIX}-client-secret --vault-name ${keyvault} -o json | jq -r .value)
             export ARM_TENANT_ID=$(az keyvault secret show -n ${SECRET_PREFIX}-tenant-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - tenant id: ${ARM_TENANT_ID}"
-        else
-            unset ARM_CLIENT_ID
-            unset ARM_CLIENT_SECRET
-            unset ARM_TENANT_ID
         fi 
 
-        if [ ${caf_command} == "rover" ] && [ ${launchpad_mode} != "launchpad_light" ]; then
+        if [ ${caf_command} == "rover" ] && [ ${launchpad_mode} == "launchpad" ]; then
             
             echo "rover mode"
             if [ ${TF_VAR_lowerlevel_key} == ${TF_VAR_tf_name} ] && [ ${tf_action} == "destroy" ]; then
@@ -417,13 +413,6 @@ function login_as_launchpad_1510 {
     export ARM_TENANT_ID=$(az keyvault secret show -n launchpad-tenant-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - tenant id: ${ARM_TENANT_ID}"
     export ARM_SUBSCRIPTION_ID=$(az keyvault secret show -n launchpad-subscription-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - subscription id: ${ARM_SUBSCRIPTION_ID}"
 
-    stg=$(az storage account show --ids ${id} -o json)
-
-    export TF_VAR_lowerlevel_storage_account_name=$(echo ${stg} | jq -r .name) && echo " - storage_account_name: ${TF_VAR_lowerlevel_storage_account_name}"
-    export TF_VAR_lowerlevel_resource_group_name=$(echo ${stg} | jq -r .resourceGroup) && echo " - resource_group: ${TF_VAR_lowerlevel_resource_group_name}"
-    export TF_VAR_lowerlevel_container_name=$(az keyvault secret show -n launchpad-blob-container --vault-name ${keyvault} -o json | jq -r .value) && echo " - container: ${TF_VAR_lowerlevel_container_name}"
-    export TF_VAR_lowerlevel_key=$(az keyvault secret show -n launchpad-blob-name --vault-name ${keyvault} -o json | jq -r .value) && echo " - tfstate file: ${TF_VAR_lowerlevel_key}"  
-
     if [ "${caf_launchpad}" == "launchpad_opensource" ]; then
 
         echo ""
@@ -527,7 +516,7 @@ function destroy {
 
     get_logged_user_object_id
 
-    if [ ${TF_VAR_user_type} != "user" ] && [ "${caf_command}" == "launchpad" ]; then
+    if [ $(whoami) == "vscode" ] && [ ${TF_VAR_user_type} != "user" ] && [ "${caf_command}" == "launchpad" ] && []; then
         error "You must be connected with the user who did the original launchpad initialization to destroy it"
     fi
 
diff --git a/scripts/rover.sh b/scripts/rover.sh
index cd5ac19d..a2777ccb 100755
--- a/scripts/rover.sh
+++ b/scripts/rover.sh
@@ -19,7 +19,6 @@ export TF_VAR_rover_version=$(echo $(cat /tf/rover/version.txt))
 export TF_VAR_tf_name=${TF_VAR_tf_name:="$(basename $(pwd)).tfstate"}
 export TF_VAR_tf_plan=${TF_VAR_tf_plan:="$(basename $(pwd)).tfplan"}
 export TF_VAR_level=${TF_VAR_level:="level0"}
-export caf_impersonate=${caf_impersonate:=1}
 export caf_command="rover"
 
 
@@ -47,14 +46,9 @@ while (( "$#" )); do
                 export TF_VAR_level=${2}
                 shift 2
                 ;;
-        -donotimpersonate)
-                export caf_impersonate=0
-                shift 1
-                ;;
         -launchpad)
                 export caf_command="launchpad"
                 export TF_VAR_workspace="level0"
-                export caf_impersonate=1
                 shift 1
                 echo "set rover to mode ${caf_command}"
                 echo "set workspace to level0"

From cb31516f34baab522a0b8bedca92b8576bdb7f50 Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Fri, 26 Jun 2020 09:56:25 +0000
Subject: [PATCH 24/30] Fix 1510

---
 scripts/functions.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/scripts/functions.sh b/scripts/functions.sh
index 11619902..1adb248c 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -412,6 +412,9 @@ function login_as_launchpad_1510 {
     export ARM_CLIENT_SECRET=$(az keyvault secret show -n launchpad-service-principal-client-secret --vault-name ${keyvault} -o json | jq -r .value)
     export ARM_TENANT_ID=$(az keyvault secret show -n launchpad-tenant-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - tenant id: ${ARM_TENANT_ID}"
     export ARM_SUBSCRIPTION_ID=$(az keyvault secret show -n launchpad-subscription-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - subscription id: ${ARM_SUBSCRIPTION_ID}"
+    export TF_VAR_lowerlevel_storage_account_name=$(echo ${stg} | jq -r .name) && echo " - storage_account_name: ${TF_VAR_lowerlevel_storage_account_name}"
+    export TF_VAR_lowerlevel_resource_group_name=$(echo ${stg} | jq -r .resourceGroup) && echo " - resource_group: ${TF_VAR_lowerlevel_resource_group_name}"
+    export TF_VAR_lowerlevel_container_name=$(az keyvault secret show -n launchpad-blob-container --vault-name ${keyvault} -o json | jq -r .value) && echo " - container: ${TF_VAR_lowerlevel_container_name}"
 
     if [ "${caf_launchpad}" == "launchpad_opensource" ]; then
 

From 66883ec12424f035e05b9f38fb50bee6fd437741 Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Fri, 26 Jun 2020 10:33:05 +0000
Subject: [PATCH 25/30] Update terraform

---
 .env                 | 2 +-
 scripts/functions.sh | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/.env b/.env
index 94b35f4d..99ab761e 100644
--- a/.env
+++ b/.env
@@ -1,4 +1,4 @@
-versionTerraform=0.12.26
+versionTerraform=0.12.28
 versionAzureCli=2.7.0
 versionKubectl=v1.18.2
 versionGit=2.25.0
diff --git a/scripts/functions.sh b/scripts/functions.sh
index 1adb248c..809dcfa0 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -412,6 +412,9 @@ function login_as_launchpad_1510 {
     export ARM_CLIENT_SECRET=$(az keyvault secret show -n launchpad-service-principal-client-secret --vault-name ${keyvault} -o json | jq -r .value)
     export ARM_TENANT_ID=$(az keyvault secret show -n launchpad-tenant-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - tenant id: ${ARM_TENANT_ID}"
     export ARM_SUBSCRIPTION_ID=$(az keyvault secret show -n launchpad-subscription-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - subscription id: ${ARM_SUBSCRIPTION_ID}"
+    
+    stg=$(az storage account show --ids ${id} -o json)
+
     export TF_VAR_lowerlevel_storage_account_name=$(echo ${stg} | jq -r .name) && echo " - storage_account_name: ${TF_VAR_lowerlevel_storage_account_name}"
     export TF_VAR_lowerlevel_resource_group_name=$(echo ${stg} | jq -r .resourceGroup) && echo " - resource_group: ${TF_VAR_lowerlevel_resource_group_name}"
     export TF_VAR_lowerlevel_container_name=$(az keyvault secret show -n launchpad-blob-container --vault-name ${keyvault} -o json | jq -r .value) && echo " - container: ${TF_VAR_lowerlevel_container_name}"

From a0659711304a6bced584d99bbf3d81e179fb4631 Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Fri, 26 Jun 2020 11:11:11 +0000
Subject: [PATCH 26/30] Add lewerlevel key

---
 .github/workflows/vnext.yml | 2 +-
 scripts/functions.sh        | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/vnext.yml b/.github/workflows/vnext.yml
index 2809d0c8..518d669d 100644
--- a/.github/workflows/vnext.yml
+++ b/.github/workflows/vnext.yml
@@ -49,7 +49,7 @@ jobs:
         docker push aztfmod/roverdev:$docker_tag
         docker push aztfmod/roverdev:vnext
 
-    - name: Build the rover
+    - name: Build the rover (beta 0.13)
       run: |        
         set -e
         docker_tag=vnext-13-beta2
diff --git a/scripts/functions.sh b/scripts/functions.sh
index 809dcfa0..1bae2a62 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -415,6 +415,7 @@ function login_as_launchpad_1510 {
     
     stg=$(az storage account show --ids ${id} -o json)
 
+    export TF_VAR_lowerlevel_key=$(az keyvault secret show -n launchpad-blob-name --vault-name ${keyvault} -o json | jq -r .value) && echo " - tfstate file: ${TF_VAR_lowerlevel_key}"  
     export TF_VAR_lowerlevel_storage_account_name=$(echo ${stg} | jq -r .name) && echo " - storage_account_name: ${TF_VAR_lowerlevel_storage_account_name}"
     export TF_VAR_lowerlevel_resource_group_name=$(echo ${stg} | jq -r .resourceGroup) && echo " - resource_group: ${TF_VAR_lowerlevel_resource_group_name}"
     export TF_VAR_lowerlevel_container_name=$(az keyvault secret show -n launchpad-blob-container --vault-name ${keyvault} -o json | jq -r .value) && echo " - container: ${TF_VAR_lowerlevel_container_name}"

From 722d37d699bda6698542c03062146b6b707bee4d Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Mon, 29 Jun 2020 02:02:26 +0000
Subject: [PATCH 27/30] Fix a destroy condition for 1510

---
 scripts/functions.sh | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/scripts/functions.sh b/scripts/functions.sh
index 1bae2a62..e9c87e08 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -407,24 +407,23 @@ function login_as_launchpad_1510 {
         error 326 "Not authorized to manage landingzones. User must be member of the security group to access the launchpad and deploy a landing zone" 102
     fi
 
-    export ARM_CLIENT_ID=$(az keyvault secret show -n launchpad-application-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - client id: ${ARM_CLIENT_ID}"
-    export TF_VAR_rover_pilot_client_id=$(az keyvault secret show -n launchpad-service-principal-client-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - rover client id: ${TF_VAR_rover_pilot_client_id}"
-    export ARM_CLIENT_SECRET=$(az keyvault secret show -n launchpad-service-principal-client-secret --vault-name ${keyvault} -o json | jq -r .value)
-    export ARM_TENANT_ID=$(az keyvault secret show -n launchpad-tenant-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - tenant id: ${ARM_TENANT_ID}"
-    export ARM_SUBSCRIPTION_ID=$(az keyvault secret show -n launchpad-subscription-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - subscription id: ${ARM_SUBSCRIPTION_ID}"
-    
     stg=$(az storage account show --ids ${id} -o json)
-
+    export TF_VAR_rover_pilot_client_id=$(az keyvault secret show -n launchpad-service-principal-client-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - rover client id: ${TF_VAR_rover_pilot_client_id}"
     export TF_VAR_lowerlevel_key=$(az keyvault secret show -n launchpad-blob-name --vault-name ${keyvault} -o json | jq -r .value) && echo " - tfstate file: ${TF_VAR_lowerlevel_key}"  
     export TF_VAR_lowerlevel_storage_account_name=$(echo ${stg} | jq -r .name) && echo " - storage_account_name: ${TF_VAR_lowerlevel_storage_account_name}"
     export TF_VAR_lowerlevel_resource_group_name=$(echo ${stg} | jq -r .resourceGroup) && echo " - resource_group: ${TF_VAR_lowerlevel_resource_group_name}"
     export TF_VAR_lowerlevel_container_name=$(az keyvault secret show -n launchpad-blob-container --vault-name ${keyvault} -o json | jq -r .value) && echo " - container: ${TF_VAR_lowerlevel_container_name}"
 
-    if [ "${caf_launchpad}" == "launchpad_opensource" ]; then
+    if [ ${caf_command} == "rover" ] && [ "${caf_launchpad}" == "launchpad_opensource" ]; then
 
         echo ""
         echo "Impersonating with the launchpad service principal to deploy the landingzone"
         
+        export ARM_CLIENT_ID=$(az keyvault secret show -n launchpad-application-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - client id: ${ARM_CLIENT_ID}"
+        export ARM_CLIENT_SECRET=$(az keyvault secret show -n launchpad-service-principal-client-secret --vault-name ${keyvault} -o json | jq -r .value)
+        export ARM_TENANT_ID=$(az keyvault secret show -n launchpad-tenant-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - tenant id: ${ARM_TENANT_ID}"
+        export ARM_SUBSCRIPTION_ID=$(az keyvault secret show -n launchpad-subscription-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - subscription id: ${ARM_SUBSCRIPTION_ID}"
+
         az login --service-principal -u ${ARM_CLIENT_ID} -p ${ARM_CLIENT_SECRET} --tenant ${ARM_TENANT_ID} 
         az account set -s ${ARM_SUBSCRIPTION_ID}
 

From 212bf72fe706897207c0c61d6b2ee538a9ccb636 Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Mon, 29 Jun 2020 02:03:19 +0000
Subject: [PATCH 28/30] Adjust subscription id

---
 scripts/functions.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/scripts/functions.sh b/scripts/functions.sh
index e9c87e08..60c35236 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -413,6 +413,8 @@ function login_as_launchpad_1510 {
     export TF_VAR_lowerlevel_storage_account_name=$(echo ${stg} | jq -r .name) && echo " - storage_account_name: ${TF_VAR_lowerlevel_storage_account_name}"
     export TF_VAR_lowerlevel_resource_group_name=$(echo ${stg} | jq -r .resourceGroup) && echo " - resource_group: ${TF_VAR_lowerlevel_resource_group_name}"
     export TF_VAR_lowerlevel_container_name=$(az keyvault secret show -n launchpad-blob-container --vault-name ${keyvault} -o json | jq -r .value) && echo " - container: ${TF_VAR_lowerlevel_container_name}"
+    
+    export ARM_SUBSCRIPTION_ID=$(az keyvault secret show -n launchpad-subscription-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - subscription id: ${ARM_SUBSCRIPTION_ID}"
 
     if [ ${caf_command} == "rover" ] && [ "${caf_launchpad}" == "launchpad_opensource" ]; then
 
@@ -422,7 +424,7 @@ function login_as_launchpad_1510 {
         export ARM_CLIENT_ID=$(az keyvault secret show -n launchpad-application-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - client id: ${ARM_CLIENT_ID}"
         export ARM_CLIENT_SECRET=$(az keyvault secret show -n launchpad-service-principal-client-secret --vault-name ${keyvault} -o json | jq -r .value)
         export ARM_TENANT_ID=$(az keyvault secret show -n launchpad-tenant-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - tenant id: ${ARM_TENANT_ID}"
-        export ARM_SUBSCRIPTION_ID=$(az keyvault secret show -n launchpad-subscription-id --vault-name ${keyvault} -o json | jq -r .value) && echo " - subscription id: ${ARM_SUBSCRIPTION_ID}"
+        
 
         az login --service-principal -u ${ARM_CLIENT_ID} -p ${ARM_CLIENT_SECRET} --tenant ${ARM_TENANT_ID} 
         az account set -s ${ARM_SUBSCRIPTION_ID}

From cd3f41c1f007af9684efbd6725bdf90891e97bb3 Mon Sep 17 00:00:00 2001
From: lolorol <lalesle@microsoft.com>
Date: Mon, 29 Jun 2020 06:07:47 +0000
Subject: [PATCH 29/30] Update the get_storage_id

---
 scripts/functions.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/functions.sh b/scripts/functions.sh
index 60c35236..747813bb 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -912,9 +912,9 @@ function workspace {
 
 function get_storage_id {
     echo "@calling get_storage_id"
-    id=$(az storage account list --query "[?tags.tfstate=='${TF_VAR_level}' && tags.environment=='${TF_VAR_environment}'].{id:id}" -o json | jq -r .[0].id)
+    #1510 launchpad version
+    id=$(az storage account list --query "[?tags.tfstate=='level0' && tags.workspace=='level0']" -o json | jq -r .[0].id)
     if [ ${id} == null ]; then
-        #1510 launchpad version
-        id=$(az storage account list --query "[?tags.tfstate=='level0' && tags.workspace=='level0']" -o json | jq -r .[0].id)
+        id=$(az storage account list --query "[?tags.tfstate=='${TF_VAR_level}' && tags.environment=='${TF_VAR_environment}'].{id:id}" -o json | jq -r .[0].id)
     fi
 }
\ No newline at end of file

From 0220c24e30cb710504091edf8b2399029e4d06ca Mon Sep 17 00:00:00 2001
From: Arnaud Lheureux <arnaudlh@users.noreply.github.com>
Date: Wed, 1 Jul 2020 16:44:53 +0800
Subject: [PATCH 30/30] Update typo

---
 scripts/functions.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/functions.sh b/scripts/functions.sh
index 747813bb..d240a9bd 100644
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@@ -58,7 +58,7 @@ function display_instructions {
 function display_launchpad_instructions {
     echo ""
     echo "You need to deploy the launchpad from the rover by running:"
-    echo " rover /tf/caf/landinzones/launchpad apply -launchpad"
+    echo " rover /tf/caf/landingzones/launchpad apply -launchpad"
     echo ""
 }
 
@@ -917,4 +917,4 @@ function get_storage_id {
     if [ ${id} == null ]; then
         id=$(az storage account list --query "[?tags.tfstate=='${TF_VAR_level}' && tags.environment=='${TF_VAR_environment}'].{id:id}" -o json | jq -r .[0].id)
     fi
-}
\ No newline at end of file
+}