Upgrade the aaw-prod-cc-00 azurerm version

[EveningStarlight]

New postgres flexible module needs a 3.x azurerm
This addresses all the breaking changes from 2.x -> 3.x.

PR: https://gitlab.k8s.cloud.statcan.ca/cloudnative/aaw/daaas-infrastructure/aaw-prod-cc-00/-/merge_requests/136

[EveningStarlight]

Key permissions are now case sensitive as 3.0

hashicorp/terraform-provider-azurerm#16354

│ Error: expected key_permissions.0 to be one of ["Get" "List" "Update" "Create" "Import" "Delete" "Recover" "Backup" "Restore" "Decrypt" "Encrypt" "UnwrapKey" "WrapKey" "Verify" "Sign" "Purge" "Release" "Rotate" "GetRotationPolicy" "SetRotationPolicy"], got get
│ 
│   with azurerm_key_vault_access_policy.ci_keys,
│   on encryption.tf line 28, in resource "azurerm_key_vault_access_policy" "ci_keys":
│   28:     "get",

Simple as replacing get with Get (and all other key options)

[EveningStarlight]

some resources are now passed with id instead of name

│ Error: Missing required argument
│ 
│   on modules/terraform-azurerm-storage-account/main.tf line 25, in resource "azurerm_storage_account_network_rules" "storage":
│   25: resource "azurerm_storage_account_network_rules" "storage" {
│ 
│ The argument "storage_account_id" is required, but no definition was found.
╵
╷
│ Error: Unsupported argument
│ 
│   on modules/terraform-azurerm-storage-account/main.tf line 26, in resource "azurerm_storage_account_network_rules" "storage":
│   26:   storage_account_name = azurerm_storage_account.storage.name
│ 
│ An argument named "storage_account_name" is not expected here.

[EveningStarlight]

azurerm_storage_account_network_rules

The deprecated field resource_group_name will be removed since it can be inferred from the storage_account_id property

[EveningStarlight]

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/3.0-upgrade-guide

Storage: The field allow_blob_public_access will be renamed to allow_nested_items_to_be_public to resolve confusion about what this field does. This field specifies whether items within the Storage Account (such as Containers and Blobs) can opt-in to being made public (for example at the Container or Blob level) - and not that all resources within this Storage Account are public by default.

[EveningStarlight]

This address all changes in the main modules.

Other issues are part of dependent modules.

[EveningStarlight]

Dependent modules are all fixed simply by referencing the newest version.

[EveningStarlight]

plan and validate pass their checks.
Plan fails on permission errors.

╷
│ Error: current client lacks permissions to read Key Rotation Policy for Key "aaw-prod-cc-00-key-jfrog-storage" ("Key Vault (Subscription: \"9f29402c-64f1-4691-853c-a14607472bdc\"\nResource Group Name: \"aaw-prod-cc-00-rg-daaas-services\"\nKey Vault Name: \"aaw-prod-cc-00-kv-svcenc\")", Vault url: "https://aaw-prod-cc-00-kv-svcenc.vault.azure.net/"), please update this as described here: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_key#example-usage : keyvault.BaseClient#GetKeyRotationPolicy: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Forbidden" Message="The user, group or application 'appid=10f020b4-8904-45a2-936b-2d932e7f6349;oid=b52a038c-86b5-4888-8458-f9d89ded4b21;iss=https://sts.windows.net/[MASKED]/' does not have keys getrotationpolicy permission on key vault 'aaw-prod-cc-00-kv-svcenc;location=canadacentral'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287" InnerError={"code":"ForbiddenByPolicy"}
│ 
│   with azurerm_key_vault_key.jfrog_storage,
│   on jfrog.tf line 63, in resource "azurerm_key_vault_key" "jfrog_storage":
│   63: resource "azurerm_key_vault_key" "jfrog_storage" {
│ 
╵
╷
│ Error: current client lacks permissions to read Key Rotation Policy for Key "aaw-prod-cc-00-key-vault" ("Key Vault (Subscription: \"9f29402c-64f1-4691-853c-a14607472bdc\"\nResource Group Name: \"aaw-prod-cc-00-rg-daaas-services\"\nKey Vault Name: \"aaw-prod-cc-00-kv-vault\")", Vault url: "https://aaw-prod-cc-00-kv-vault.vault.azure.net/"), please update this as described here: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_key#example-usage : keyvault.BaseClient#GetKeyRotationPolicy: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Forbidden" Message="The user, group or application 'appid=10f020b4-8904-45a2-936b-2d932e7f6349;oid=b52a038c-86b5-4888-8458-f9d89ded4b21;iss=https://sts.windows.net/[MASKED]/' does not have keys getrotationpolicy permission on key vault 'aaw-prod-cc-00-kv-vault;location=canadacentral'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287" InnerError={"code":"ForbiddenByPolicy"}
│ 
│   with azurerm_key_vault_key.vault,
│   on vault.tf line 48, in resource "azurerm_key_vault_key" "vault":
│   48: resource "azurerm_key_vault_key" "vault" {
│ 
╵
╷
│ Error: current client lacks permissions to read Key Rotation Policy for Key "aaw-prod-cc-00-pgsql-jfrog-tfex-key" ("Key Vault (Subscription: \"9f29402c-64f1-4691-853c-a14607472bdc\"\nResource Group Name: \"aaw-prod-cc-00-rg-daaas-services\"\nKey Vault Name: \"aaw-prod-cc-00-kv-svcenc\")", Vault url: "https://aaw-prod-cc-00-kv-svcenc.vault.azure.net/"), please update this as described here: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_key#example-usage : keyvault.BaseClient#GetKeyRotationPolicy: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Forbidden" Message="The user, group or application 'appid=10f020b4-8904-45a2-936b-2d932e7f6349;oid=b52a038c-86b5-4888-8458-f9d89ded4b21;iss=https://sts.windows.net/[MASKED]/' does not have keys getrotationpolicy permission on key vault 'aaw-prod-cc-00-kv-svcenc;location=canadacentral'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287" InnerError={"code":"ForbiddenByPolicy"}
│ 
│   with module.jfrog_[MASKED]ql.azurerm_key_vault_key.pgsql,
│   on modules/terraform-azurerm-[MASKED]ql/main.tf line 1, in resource "azurerm_key_vault_key" "pgsql":
│    1: resource "azurerm_key_vault_key" "pgsql" {
│ 
╵
╷
│ Error: retrieving Container "aawprodcc00pgsqljfrogpgsql" (Account "Account \"aawprodcc00pgsqljfrogpgs\" (IsEdgeZone false / ZoneName \"\" / Subdomain Type \"blob\" / DomainSuffix \"core.windows.net\")"): executing request: unexpected status 403 (403 This request is not authorized to perform this operation.) with AuthorizationFailure: This request is not authorized to perform this operation.
│ RequestId:7043a308-401e-0050-494e-94bde2000000
│ Time:2025-03-13T19:28:22.6745768Z
│ 
│   with module.jfrog_[MASKED]ql.azurerm_storage_container.pgsql[0],
│   on modules/terraform-azurerm-[MASKED]ql/storage_account.tf line 19, in resource "azurerm_storage_container" "pgsql":
│   19: resource "azurerm_storage_container" "pgsql" {
│ 
╵