From f80acc2f33e484b0d0c5af0cddcc209686e1a1be Mon Sep 17 00:00:00 2001
From: John Hixson <jhixson@redhat.com>
Date: Wed, 23 Jun 2021 13:44:39 -0700
Subject: [PATCH] Azure: Split terraform into stages

vnet: create permanent network resources
bootstrap: create bootstrap resources
cluster: create permanent cluster resources

This is needed for Terraform v0.14.6 and later since Terraform deletions now
destroy all resource dependencies.

https://issues.redhat.com/browse/CORS-1695
---
 data/data/azure/bootstrap/main.tf             |  47 ++--
 data/data/azure/bootstrap/outputs.tf          |   3 +
 data/data/azure/bootstrap/variables.tf        |  89 +++-----
 data/data/azure/{ => cluster}/dns/dns.tf      |   0
 .../data/azure/{ => cluster}/dns/variables.tf |   0
 data/data/azure/{ => cluster}/dns/versions.tf |   0
 data/data/azure/cluster/main.tf               |  73 +++++++
 .../data/azure/{ => cluster}/master/master.tf |   0
 data/data/azure/cluster/master/outputs.tf     |   3 +
 .../azure/{ => cluster}/master/variables.tf   |   0
 .../azure/{ => cluster}/master/versions.tf    |   0
 data/data/azure/cluster/outputs.tf            |   3 +
 data/data/azure/cluster/variables.tf          |  94 ++++++++
 data/data/azure/{ => cluster}/versions.tf     |   0
 data/data/azure/main.tf                       | 201 ------------------
 data/data/azure/master/outputs.tf             |   0
 data/data/azure/vnet/common.tf                |  40 ++--
 data/data/azure/vnet/internal-lb.tf           |  20 +-
 data/data/azure/vnet/main.tf                  | 104 +++++++++
 data/data/azure/vnet/nsg.tf                   |  10 +-
 data/data/azure/vnet/outputs.tf               |  38 +++-
 data/data/azure/vnet/public-lb.tf             |  48 ++---
 data/data/azure/vnet/variables.tf             |  83 --------
 data/data/azure/vnet/vnet.tf                  |  22 +-
 pkg/terraform/stages/azure/stages.go          |  13 ++
 pkg/terraform/stages/compat/stage.go          |  11 -
 pkg/terraform/stages/platform/stages.go       |   4 +
 27 files changed, 452 insertions(+), 454 deletions(-)
 create mode 100644 data/data/azure/bootstrap/outputs.tf
 rename data/data/azure/{ => cluster}/dns/dns.tf (100%)
 rename data/data/azure/{ => cluster}/dns/variables.tf (100%)
 rename data/data/azure/{ => cluster}/dns/versions.tf (100%)
 create mode 100644 data/data/azure/cluster/main.tf
 rename data/data/azure/{ => cluster}/master/master.tf (100%)
 create mode 100644 data/data/azure/cluster/master/outputs.tf
 rename data/data/azure/{ => cluster}/master/variables.tf (100%)
 rename data/data/azure/{ => cluster}/master/versions.tf (100%)
 create mode 100644 data/data/azure/cluster/outputs.tf
 create mode 100644 data/data/azure/cluster/variables.tf
 rename data/data/azure/{ => cluster}/versions.tf (100%)
 delete mode 100644 data/data/azure/main.tf
 delete mode 100644 data/data/azure/master/outputs.tf
 create mode 100644 data/data/azure/vnet/main.tf
 delete mode 100644 data/data/azure/vnet/variables.tf
 create mode 100644 pkg/terraform/stages/azure/stages.go

diff --git a/data/data/azure/bootstrap/main.tf b/data/data/azure/bootstrap/main.tf
index 28634c8eba7..11731b04385 100644
--- a/data/data/azure/bootstrap/main.tf
+++ b/data/data/azure/bootstrap/main.tf
@@ -2,6 +2,21 @@ locals {
   bootstrap_nic_ip_v4_configuration_name = "bootstrap-nic-ip-v4"
   bootstrap_nic_ip_v6_configuration_name = "bootstrap-nic-ip-v6"
   description                            = "Created By OpenShift Installer"
+  tags = merge(
+    {
+      "kubernetes.io_cluster.${var.cluster_id}" = "owned"
+    },
+    var.azure_extra_tags,
+  )
+}
+
+provider "azurerm" {
+  features {}
+  subscription_id = var.azure_subscription_id
+  client_id       = var.azure_client_id
+  client_secret   = var.azure_client_secret
+  tenant_id       = var.azure_tenant_id
+  environment     = var.azure_environment
 }
 
 data "azurerm_storage_account_sas" "ignition" {
@@ -43,7 +58,7 @@ resource "azurerm_storage_container" "ignition" {
 }
 
 resource "local_file" "ignition_bootstrap" {
-  content  = var.ignition
+  content  = var.ignition_bootstrap
   filename = "${path.module}/ignition_bootstrap.ign"
 }
 
@@ -62,27 +77,27 @@ data "ignition_config" "redirect" {
 }
 
 resource "azurerm_public_ip" "bootstrap_public_ip_v4" {
-  count = var.private || ! var.use_ipv4 ? 0 : 1
+  count = var.azure_private || ! var.use_ipv4 ? 0 : 1
 
   sku                 = "Standard"
-  location            = var.region
+  location            = var.azure_region
   name                = "${var.cluster_id}-bootstrap-pip-v4"
   resource_group_name = var.resource_group_name
   allocation_method   = "Static"
 }
 
 data "azurerm_public_ip" "bootstrap_public_ip_v4" {
-  count = var.private ? 0 : 1
+  count = var.azure_private ? 0 : 1
 
   name                = azurerm_public_ip.bootstrap_public_ip_v4[0].name
   resource_group_name = var.resource_group_name
 }
 
 resource "azurerm_public_ip" "bootstrap_public_ip_v6" {
-  count = var.private || ! var.use_ipv6 ? 0 : 1
+  count = var.azure_private || ! var.use_ipv6 ? 0 : 1
 
   sku                 = "Standard"
-  location            = var.region
+  location            = var.azure_region
   name                = "${var.cluster_id}-bootstrap-pip-v6"
   resource_group_name = var.resource_group_name
   allocation_method   = "Static"
@@ -90,7 +105,7 @@ resource "azurerm_public_ip" "bootstrap_public_ip_v6" {
 }
 
 data "azurerm_public_ip" "bootstrap_public_ip_v6" {
-  count = var.private || ! var.use_ipv6 ? 0 : 1
+  count = var.azure_private || ! var.use_ipv6 ? 0 : 1
 
   name                = azurerm_public_ip.bootstrap_public_ip_v6[0].name
   resource_group_name = var.resource_group_name
@@ -98,7 +113,7 @@ data "azurerm_public_ip" "bootstrap_public_ip_v6" {
 
 resource "azurerm_network_interface" "bootstrap" {
   name                = "${var.cluster_id}-bootstrap-nic"
-  location            = var.region
+  location            = var.azure_region
   resource_group_name = var.resource_group_name
 
   dynamic "ip_configuration" {
@@ -108,14 +123,14 @@ resource "azurerm_network_interface" "bootstrap" {
         primary : var.use_ipv4,
         name : local.bootstrap_nic_ip_v4_configuration_name,
         ip_address_version : "IPv4",
-        public_ip_id : var.private ? null : azurerm_public_ip.bootstrap_public_ip_v4[0].id,
+        public_ip_id : var.azure_private ? null : azurerm_public_ip.bootstrap_public_ip_v4[0].id,
         include : var.use_ipv4 || var.use_ipv6,
       },
       {
         primary : ! var.use_ipv4,
         name : local.bootstrap_nic_ip_v6_configuration_name,
         ip_address_version : "IPv6",
-        public_ip_id : var.private || ! var.use_ipv6 ? null : azurerm_public_ip.bootstrap_public_ip_v6[0].id,
+        public_ip_id : var.azure_private || ! var.use_ipv6 ? null : azurerm_public_ip.bootstrap_public_ip_v6[0].id,
         include : var.use_ipv6,
       },
       ] : {
@@ -129,7 +144,7 @@ resource "azurerm_network_interface" "bootstrap" {
     content {
       primary                       = ip_configuration.value.primary
       name                          = ip_configuration.value.name
-      subnet_id                     = var.subnet_id
+      subnet_id                     = var.master_subnet_id
       private_ip_address_version    = ip_configuration.value.ip_address_version
       private_ip_address_allocation = "Dynamic"
       public_ip_address_id          = ip_configuration.value.public_ip_id
@@ -140,7 +155,7 @@ resource "azurerm_network_interface" "bootstrap" {
 resource "azurerm_network_interface_backend_address_pool_association" "public_lb_bootstrap_v4" {
   // This is required because terraform cannot calculate counts during plan phase completely and therefore the `vnet/public-lb.tf`
   // conditional need to be recreated. See https://github.com/hashicorp/terraform/issues/12570
-  count = (! var.private || ! var.outbound_udr) ? 1 : 0
+  count = (! var.azure_private || ! var.azure_outbound_user_defined_routing) ? 1 : 0
 
   network_interface_id    = azurerm_network_interface.bootstrap.id
   backend_address_pool_id = var.elb_backend_pool_v4_id
@@ -150,7 +165,7 @@ resource "azurerm_network_interface_backend_address_pool_association" "public_lb
 resource "azurerm_network_interface_backend_address_pool_association" "public_lb_bootstrap_v6" {
   // This is required because terraform cannot calculate counts during plan phase completely and therefore the `vnet/public-lb.tf`
   // conditional need to be recreated. See https://github.com/hashicorp/terraform/issues/12570
-  count = var.use_ipv6 && (! var.private || ! var.outbound_udr) ? 1 : 0
+  count = var.use_ipv6 && (! var.azure_private || ! var.azure_outbound_user_defined_routing) ? 1 : 0
 
   network_interface_id    = azurerm_network_interface.bootstrap.id
   backend_address_pool_id = var.elb_backend_pool_v6_id
@@ -175,10 +190,10 @@ resource "azurerm_network_interface_backend_address_pool_association" "internal_
 
 resource "azurerm_linux_virtual_machine" "bootstrap" {
   name                  = "${var.cluster_id}-bootstrap"
-  location              = var.region
+  location              = var.azure_region
   resource_group_name   = var.resource_group_name
   network_interface_ids = [azurerm_network_interface.bootstrap.id]
-  size                  = var.vm_size
+  size                  = var.azure_bootstrap_vm_type
   admin_username        = "core"
   # The password is normally applied by WALA (the Azure agent), but this
   # isn't installed in RHCOS. As a result, this password is never set. It is
@@ -216,7 +231,7 @@ resource "azurerm_linux_virtual_machine" "bootstrap" {
 }
 
 resource "azurerm_network_security_rule" "bootstrap_ssh_in" {
-  count = var.private ? 0 : 1
+  count = var.azure_private ? 0 : 1
 
   name                        = "bootstrap_ssh_in"
   priority                    = 103
diff --git a/data/data/azure/bootstrap/outputs.tf b/data/data/azure/bootstrap/outputs.tf
new file mode 100644
index 00000000000..92c0add6b64
--- /dev/null
+++ b/data/data/azure/bootstrap/outputs.tf
@@ -0,0 +1,3 @@
+output "bootstrap_ip" {
+  value = var.azure_private ? azurerm_network_interface.bootstrap.private_ip_address : azurerm_public_ip.bootstrap_public_ip_v4[0].ip_address
+}
diff --git a/data/data/azure/bootstrap/variables.tf b/data/data/azure/bootstrap/variables.tf
index fbe0a9b2908..c319f987d45 100644
--- a/data/data/azure/bootstrap/variables.tf
+++ b/data/data/azure/bootstrap/variables.tf
@@ -1,72 +1,30 @@
-variable "vm_size" {
-  type        = string
-  description = "The SKU ID for the bootstrap node."
-}
-
-variable "vm_image" {
-  type        = string
-  description = "The resource id of the vm image used for bootstrap."
-}
-
-variable "region" {
-  type        = string
-  description = "The region for the deployment."
-}
-
-variable "resource_group_name" {
-  type        = string
-  description = "The resource group name for the deployment."
-}
-
-variable "cluster_id" {
-  type        = string
-  description = "The identifier for the cluster."
-}
-
-variable "identity" {
-  type        = string
-  description = "The user assigned identity id for the vm."
-}
-
-variable "ignition" {
-  type        = string
-  description = "The content of the bootstrap ignition file."
-}
-
-variable "subnet_id" {
-  type        = string
-  description = "The subnet ID for the bootstrap node."
-}
-
 variable "elb_backend_pool_v4_id" {
   type        = string
+  default     = null
   description = "The external load balancer bakend pool id. used to attach the bootstrap NIC"
 }
 
 variable "elb_backend_pool_v6_id" {
   type        = string
+  default     = null
   description = "The external load balancer bakend pool id for ipv6. used to attach the bootstrap NIC"
 }
 
 variable "ilb_backend_pool_v4_id" {
   type        = string
+  default     = null
   description = "The internal load balancer bakend pool id. used to attach the bootstrap NIC"
 }
 
 variable "ilb_backend_pool_v6_id" {
   type        = string
+  default     = null
   description = "The internal load balancer bakend pool id for ipv6. used to attach the bootstrap NIC"
 }
 
-variable "storage_account" {
-  type        = any
-  description = "the storage account for the cluster. It can be used for boot diagnostics."
-}
-
-variable "tags" {
-  type        = map(string)
-  default     = {}
-  description = "tags to be applied to created resources."
+variable "master_subnet_id" {
+  type        = string
+  description = "The subnet ID for the bootstrap node."
 }
 
 variable "nsg_name" {
@@ -74,19 +32,24 @@ variable "nsg_name" {
   description = "The network security group for the subnet."
 }
 
-variable "private" {
-  type        = bool
-  description = "This value determines if this is a private cluster or not."
+variable "resource_group_name" {
+  type        = string
+  description = "The resource group name for the deployment."
+}
+
+variable "storage_account" {
+  type        = any
+  description = "the storage account for the cluster. It can be used for boot diagnostics."
 }
 
-variable "use_ipv4" {
-  type        = bool
-  description = "This value determines if this is cluster should use IPv4 networking."
+variable "vm_image" {
+  type        = string
+  description = "The resource id of the vm image used for bootstrap."
 }
 
-variable "use_ipv6" {
-  type        = bool
-  description = "This value determines if this is cluster should use IPv6 networking."
+variable "identity" {
+  type        = string
+  description = "The user assigned identity id for the vm."
 }
 
 variable "outbound_udr" {
@@ -94,10 +57,14 @@ variable "outbound_udr" {
   default = false
 
   description = <<EOF
-This determined whether User defined routing will be used for egress to Internet.
+This determined whether User defined routing will be used for egress to
+Internet.
 When false, Standard LB will be used for egress to the Internet.
 
-This is required because terraform cannot calculate counts during plan phase completely and therefore the `vnet/public-lb.tf`
-conditional need to be recreated. See https://github.com/hashicorp/terraform/issues/12570
+This is required because terraform cannot calculate counts during plan phase
+completely and therefore the `vnet/public-lb.tf`
+conditional need to be recreated. See
+https://github.com/hashicorp/terraform/issues/12570
 EOF
 }
+
diff --git a/data/data/azure/dns/dns.tf b/data/data/azure/cluster/dns/dns.tf
similarity index 100%
rename from data/data/azure/dns/dns.tf
rename to data/data/azure/cluster/dns/dns.tf
diff --git a/data/data/azure/dns/variables.tf b/data/data/azure/cluster/dns/variables.tf
similarity index 100%
rename from data/data/azure/dns/variables.tf
rename to data/data/azure/cluster/dns/variables.tf
diff --git a/data/data/azure/dns/versions.tf b/data/data/azure/cluster/dns/versions.tf
similarity index 100%
rename from data/data/azure/dns/versions.tf
rename to data/data/azure/cluster/dns/versions.tf
diff --git a/data/data/azure/cluster/main.tf b/data/data/azure/cluster/main.tf
new file mode 100644
index 00000000000..a9d9080199e
--- /dev/null
+++ b/data/data/azure/cluster/main.tf
@@ -0,0 +1,73 @@
+locals {
+  tags = merge(
+    {
+      "kubernetes.io_cluster.${var.cluster_id}" = "owned"
+    },
+    var.azure_extra_tags,
+  )
+  description = "Created By OpenShift Installer"
+  # At this time min_tls_version is only supported in the Public Cloud and US Government Cloud.
+  environments_with_min_tls_version = ["public", "usgovernment"]
+
+}
+
+provider "azurerm" {
+  features {}
+  subscription_id = var.azure_subscription_id
+  client_id       = var.azure_client_id
+  client_secret   = var.azure_client_secret
+  tenant_id       = var.azure_tenant_id
+  environment     = var.azure_environment
+}
+
+provider "azureprivatedns" {
+  subscription_id = var.azure_subscription_id
+  client_id       = var.azure_client_id
+  client_secret   = var.azure_client_secret
+  tenant_id       = var.azure_tenant_id
+  environment     = var.azure_environment
+}
+
+module "master" {
+  source                 = "./master"
+  resource_group_name    = var.resource_group_name
+  cluster_id             = var.cluster_id
+  region                 = var.azure_region
+  availability_zones     = var.azure_master_availability_zones
+  vm_size                = var.azure_master_vm_type
+  vm_image               = var.vm_image
+  identity               = var.identity
+  ignition               = var.ignition_master
+  elb_backend_pool_v4_id = var.elb_backend_pool_v4_id
+  elb_backend_pool_v6_id = var.elb_backend_pool_v6_id
+  ilb_backend_pool_v4_id = var.ilb_backend_pool_v4_id
+  ilb_backend_pool_v6_id = var.ilb_backend_pool_v6_id
+  subnet_id              = var.master_subnet_id
+  instance_count         = var.master_count
+  storage_account        = var.storage_account
+  os_volume_type         = var.azure_master_root_volume_type
+  os_volume_size         = var.azure_master_root_volume_size
+  private                = var.azure_private
+  outbound_udr           = var.azure_outbound_user_defined_routing
+
+  use_ipv4 = var.use_ipv4
+  use_ipv6 = var.use_ipv6
+}
+
+module "dns" {
+  source                          = "./dns"
+  cluster_domain                  = var.cluster_domain
+  cluster_id                      = var.cluster_id
+  base_domain                     = var.base_domain
+  virtual_network_id              = var.virtual_network_id
+  external_lb_fqdn_v4             = var.public_lb_pip_v4_fqdn
+  external_lb_fqdn_v6             = var.public_lb_pip_v6_fqdn
+  internal_lb_ipaddress_v4        = var.internal_lb_ip_v4_address
+  internal_lb_ipaddress_v6        = var.internal_lb_ip_v6_address
+  resource_group_name             = var.resource_group_name
+  base_domain_resource_group_name = var.azure_base_domain_resource_group_name
+  private                         = var.azure_private
+
+  use_ipv4 = var.use_ipv4
+  use_ipv6 = var.use_ipv6
+}
diff --git a/data/data/azure/master/master.tf b/data/data/azure/cluster/master/master.tf
similarity index 100%
rename from data/data/azure/master/master.tf
rename to data/data/azure/cluster/master/master.tf
diff --git a/data/data/azure/cluster/master/outputs.tf b/data/data/azure/cluster/master/outputs.tf
new file mode 100644
index 00000000000..4bbd7104ac3
--- /dev/null
+++ b/data/data/azure/cluster/master/outputs.tf
@@ -0,0 +1,3 @@
+output "ip_addresses" {
+  value = azurerm_network_interface.master.*.private_ip_addresses
+}
diff --git a/data/data/azure/master/variables.tf b/data/data/azure/cluster/master/variables.tf
similarity index 100%
rename from data/data/azure/master/variables.tf
rename to data/data/azure/cluster/master/variables.tf
diff --git a/data/data/azure/master/versions.tf b/data/data/azure/cluster/master/versions.tf
similarity index 100%
rename from data/data/azure/master/versions.tf
rename to data/data/azure/cluster/master/versions.tf
diff --git a/data/data/azure/cluster/outputs.tf b/data/data/azure/cluster/outputs.tf
new file mode 100644
index 00000000000..6c62d865e51
--- /dev/null
+++ b/data/data/azure/cluster/outputs.tf
@@ -0,0 +1,3 @@
+output "control_plane_ips" {
+  value = module.master.ip_addresses
+}
diff --git a/data/data/azure/cluster/variables.tf b/data/data/azure/cluster/variables.tf
new file mode 100644
index 00000000000..abcc4051256
--- /dev/null
+++ b/data/data/azure/cluster/variables.tf
@@ -0,0 +1,94 @@
+variable "elb_backend_pool_v4_id" {
+  type        = string
+  default     = null
+  description = "The external load balancer bakend pool id. used to attach the bootstrap NIC"
+}
+
+variable "elb_backend_pool_v6_id" {
+  type        = string
+  default     = null
+  description = "The external load balancer bakend pool id for ipv6. used to attach the bootstrap NIC"
+}
+
+variable "ilb_backend_pool_v4_id" {
+  type        = string
+  default     = null
+  description = "The internal load balancer bakend pool id. used to attach the bootstrap NIC"
+}
+
+variable "ilb_backend_pool_v6_id" {
+  type        = string
+  default     = null
+  description = "The internal load balancer bakend pool id for ipv6. used to attach the bootstrap NIC"
+}
+
+variable "public_lb_pip_v4_fqdn" {
+  type    = string
+  default = null
+}
+
+variable "public_lb_pip_v6_fqdn" {
+  type    = string
+  default = null
+}
+
+variable "internal_lb_ip_v4_address" {
+  type    = string
+  default = null
+}
+
+variable "internal_lb_ip_v6_address" {
+  type    = string
+  default = null
+}
+
+variable "virtual_network_id" {
+  description = "The ID for Virtual Network that will be linked to the Private DNS zone."
+  type        = string
+}
+
+variable "master_subnet_id" {
+  type        = string
+  description = "The subnet ID for the bootstrap node."
+}
+
+variable "nsg_name" {
+  type        = string
+  description = "The network security group for the subnet."
+}
+
+variable "resource_group_name" {
+  type        = string
+  description = "The resource group name for the deployment."
+}
+
+variable "storage_account" {
+  type        = any
+  description = "the storage account for the cluster. It can be used for boot diagnostics."
+}
+
+variable "vm_image" {
+  type        = string
+  description = "The resource id of the vm image used for bootstrap."
+}
+
+variable "identity" {
+  type        = string
+  description = "The user assigned identity id for the vm."
+}
+
+variable "outbound_udr" {
+  type    = bool
+  default = false
+
+  description = <<EOF
+This determined whether User defined routing will be used for egress to
+Internet.
+When false, Standard LB will be used for egress to the Internet.
+
+This is required because terraform cannot calculate counts during plan phase
+completely and therefore the `vnet/public-lb.tf`
+conditional need to be recreated. See
+https://github.com/hashicorp/terraform/issues/12570
+EOF
+}
diff --git a/data/data/azure/versions.tf b/data/data/azure/cluster/versions.tf
similarity index 100%
rename from data/data/azure/versions.tf
rename to data/data/azure/cluster/versions.tf
diff --git a/data/data/azure/main.tf b/data/data/azure/main.tf
deleted file mode 100644
index 848d312c56d..00000000000
--- a/data/data/azure/main.tf
+++ /dev/null
@@ -1,201 +0,0 @@
-locals {
-  tags = merge(
-    {
-      "kubernetes.io_cluster.${var.cluster_id}" = "owned"
-    },
-    var.azure_extra_tags,
-  )
-  description = "Created By OpenShift Installer"
-  # At this time min_tls_version is only supported in the Public Cloud and US Government Cloud.
-  environments_with_min_tls_version = ["public", "usgovernment"]
-
-}
-
-provider "azurerm" {
-  features {}
-  subscription_id = var.azure_subscription_id
-  client_id       = var.azure_client_id
-  client_secret   = var.azure_client_secret
-  tenant_id       = var.azure_tenant_id
-  environment     = var.azure_environment
-}
-
-provider "azureprivatedns" {
-  subscription_id = var.azure_subscription_id
-  client_id       = var.azure_client_id
-  client_secret   = var.azure_client_secret
-  tenant_id       = var.azure_tenant_id
-  environment     = var.azure_environment
-}
-
-module "bootstrap" {
-  source                 = "./bootstrap"
-  resource_group_name    = data.azurerm_resource_group.main.name
-  region                 = var.azure_region
-  vm_size                = var.azure_bootstrap_vm_type
-  vm_image               = azurerm_image.cluster.id
-  identity               = azurerm_user_assigned_identity.main.id
-  cluster_id             = var.cluster_id
-  ignition               = var.ignition_bootstrap
-  subnet_id              = module.vnet.master_subnet_id
-  elb_backend_pool_v4_id = module.vnet.public_lb_backend_pool_v4_id
-  elb_backend_pool_v6_id = module.vnet.public_lb_backend_pool_v6_id
-  ilb_backend_pool_v4_id = module.vnet.internal_lb_backend_pool_v4_id
-  ilb_backend_pool_v6_id = module.vnet.internal_lb_backend_pool_v6_id
-  tags                   = local.tags
-  storage_account        = azurerm_storage_account.cluster
-  nsg_name               = module.vnet.cluster_nsg_name
-  private                = module.vnet.private
-  outbound_udr           = var.azure_outbound_user_defined_routing
-
-  use_ipv4 = var.use_ipv4
-  use_ipv6 = var.use_ipv6
-}
-
-module "vnet" {
-  source              = "./vnet"
-  resource_group_name = data.azurerm_resource_group.main.name
-  vnet_v4_cidrs       = var.machine_v4_cidrs
-  vnet_v6_cidrs       = var.machine_v6_cidrs
-  cluster_id          = var.cluster_id
-  region              = var.azure_region
-  dns_label           = var.cluster_id
-
-  preexisting_network         = var.azure_preexisting_network
-  network_resource_group_name = var.azure_network_resource_group_name
-  virtual_network_name        = var.azure_virtual_network
-  master_subnet               = var.azure_control_plane_subnet
-  worker_subnet               = var.azure_compute_subnet
-  private                     = var.azure_private
-  outbound_udr                = var.azure_outbound_user_defined_routing
-
-  use_ipv4 = var.use_ipv4
-  use_ipv6 = var.use_ipv6
-}
-
-module "master" {
-  source                 = "./master"
-  resource_group_name    = data.azurerm_resource_group.main.name
-  cluster_id             = var.cluster_id
-  region                 = var.azure_region
-  availability_zones     = var.azure_master_availability_zones
-  vm_size                = var.azure_master_vm_type
-  vm_image               = azurerm_image.cluster.id
-  identity               = azurerm_user_assigned_identity.main.id
-  ignition               = var.ignition_master
-  elb_backend_pool_v4_id = module.vnet.public_lb_backend_pool_v4_id
-  elb_backend_pool_v6_id = module.vnet.public_lb_backend_pool_v6_id
-  ilb_backend_pool_v4_id = module.vnet.internal_lb_backend_pool_v4_id
-  ilb_backend_pool_v6_id = module.vnet.internal_lb_backend_pool_v6_id
-  subnet_id              = module.vnet.master_subnet_id
-  instance_count         = var.master_count
-  storage_account        = azurerm_storage_account.cluster
-  os_volume_type         = var.azure_master_root_volume_type
-  os_volume_size         = var.azure_master_root_volume_size
-  private                = module.vnet.private
-  outbound_udr           = var.azure_outbound_user_defined_routing
-
-  use_ipv4 = var.use_ipv4
-  use_ipv6 = var.use_ipv6
-}
-
-module "dns" {
-  source                          = "./dns"
-  cluster_domain                  = var.cluster_domain
-  cluster_id                      = var.cluster_id
-  base_domain                     = var.base_domain
-  virtual_network_id              = module.vnet.virtual_network_id
-  external_lb_fqdn_v4             = module.vnet.public_lb_pip_v4_fqdn
-  external_lb_fqdn_v6             = module.vnet.public_lb_pip_v6_fqdn
-  internal_lb_ipaddress_v4        = module.vnet.internal_lb_ip_v4_address
-  internal_lb_ipaddress_v6        = module.vnet.internal_lb_ip_v6_address
-  resource_group_name             = data.azurerm_resource_group.main.name
-  base_domain_resource_group_name = var.azure_base_domain_resource_group_name
-  private                         = module.vnet.private
-
-  use_ipv4 = var.use_ipv4
-  use_ipv6 = var.use_ipv6
-}
-
-resource "random_string" "storage_suffix" {
-  length  = 5
-  upper   = false
-  special = false
-}
-
-resource "azurerm_resource_group" "main" {
-  count = var.azure_resource_group_name == "" ? 1 : 0
-
-  name     = "${var.cluster_id}-rg"
-  location = var.azure_region
-  tags     = local.tags
-}
-
-data "azurerm_resource_group" "main" {
-  name = var.azure_resource_group_name == "" ? "${var.cluster_id}-rg" : var.azure_resource_group_name
-
-  depends_on = [azurerm_resource_group.main]
-}
-
-data "azurerm_resource_group" "network" {
-  count = var.azure_preexisting_network ? 1 : 0
-
-  name = var.azure_network_resource_group_name
-}
-
-resource "azurerm_storage_account" "cluster" {
-  name                     = "cluster${random_string.storage_suffix.result}"
-  resource_group_name      = data.azurerm_resource_group.main.name
-  location                 = var.azure_region
-  account_tier             = "Standard"
-  account_replication_type = "LRS"
-  min_tls_version          = contains(local.environments_with_min_tls_version, var.azure_environment) ? "TLS1_2" : null
-}
-
-resource "azurerm_user_assigned_identity" "main" {
-  resource_group_name = data.azurerm_resource_group.main.name
-  location            = data.azurerm_resource_group.main.location
-
-  name = "${var.cluster_id}-identity"
-}
-
-resource "azurerm_role_assignment" "main" {
-  scope                = data.azurerm_resource_group.main.id
-  role_definition_name = "Contributor"
-  principal_id         = azurerm_user_assigned_identity.main.principal_id
-}
-
-resource "azurerm_role_assignment" "network" {
-  count = var.azure_preexisting_network ? 1 : 0
-
-  scope                = data.azurerm_resource_group.network[0].id
-  role_definition_name = "Contributor"
-  principal_id         = azurerm_user_assigned_identity.main.principal_id
-}
-
-# copy over the vhd to cluster resource group and create an image using that
-resource "azurerm_storage_container" "vhd" {
-  name                 = "vhd"
-  storage_account_name = azurerm_storage_account.cluster.name
-}
-
-resource "azurerm_storage_blob" "rhcos_image" {
-  name                   = "rhcos${random_string.storage_suffix.result}.vhd"
-  storage_account_name   = azurerm_storage_account.cluster.name
-  storage_container_name = azurerm_storage_container.vhd.name
-  type                   = "Page"
-  source_uri             = var.azure_image_url
-  metadata               = map("source_uri", var.azure_image_url)
-}
-
-resource "azurerm_image" "cluster" {
-  name                = var.cluster_id
-  resource_group_name = data.azurerm_resource_group.main.name
-  location            = var.azure_region
-
-  os_disk {
-    os_type  = "Linux"
-    os_state = "Generalized"
-    blob_uri = azurerm_storage_blob.rhcos_image.url
-  }
-}
diff --git a/data/data/azure/master/outputs.tf b/data/data/azure/master/outputs.tf
deleted file mode 100644
index e69de29bb2d..00000000000
diff --git a/data/data/azure/vnet/common.tf b/data/data/azure/vnet/common.tf
index 2075ee8bacf..a045b5fabea 100644
--- a/data/data/azure/vnet/common.tf
+++ b/data/data/azure/vnet/common.tf
@@ -2,41 +2,39 @@
 # read only: only locals and data source definitions allowed. No resources or module blocks in this file
 
 data "azurerm_subnet" "preexisting_master_subnet" {
-  count = var.preexisting_network ? 1 : 0
+  count = var.azure_preexisting_network ? 1 : 0
 
-  resource_group_name  = var.network_resource_group_name
-  virtual_network_name = var.virtual_network_name
-  name                 = var.master_subnet
+  resource_group_name  = var.azure_network_resource_group_name
+  virtual_network_name = var.azure_virtual_network
+  name                 = var.azure_control_plane_subnet
 }
 
 data "azurerm_subnet" "preexisting_worker_subnet" {
-  count = var.preexisting_network ? 1 : 0
+  count = var.azure_preexisting_network ? 1 : 0
 
-  resource_group_name  = var.network_resource_group_name
-  virtual_network_name = var.virtual_network_name
-  name                 = var.worker_subnet
+  resource_group_name  = var.azure_network_resource_group_name
+  virtual_network_name = var.azure_virtual_network
+  name                 = var.azure_compute_subnet
 }
 
 data "azurerm_virtual_network" "preexisting_virtual_network" {
-  count = var.preexisting_network ? 1 : 0
+  count = var.azure_preexisting_network ? 1 : 0
 
-  resource_group_name = var.network_resource_group_name
-  name                = var.virtual_network_name
+  resource_group_name = var.azure_network_resource_group_name
+  name                = var.azure_virtual_network
 }
 
 // Only reference data sources which are guaranteed to exist at any time (above) in this locals{} block
 locals {
-  master_subnet_cidr_v4 = var.use_ipv4 ? cidrsubnet(var.vnet_v4_cidrs[0], 1, 0) : null  #master subnet is a smaller subnet within the vnet. i.e from /16 to /17
-  master_subnet_cidr_v6 = var.use_ipv6 ? cidrsubnet(var.vnet_v6_cidrs[0], 16, 0) : null #master subnet is a smaller subnet within the vnet. i.e from /48 to /64
+  master_subnet_cidr_v4 = var.use_ipv4 ? cidrsubnet(var.machine_v4_cidrs[0], 1, 0) : null  #master subnet is a smaller subnet within the vnet. i.e from /16 to /17
+  master_subnet_cidr_v6 = var.use_ipv6 ? cidrsubnet(var.machine_v6_cidrs[0], 16, 0) : null #master subnet is a smaller subnet within the vnet. i.e from /48 to /64
 
-  worker_subnet_cidr_v4 = var.use_ipv4 ? cidrsubnet(var.vnet_v4_cidrs[0], 1, 1) : null  #node subnet is a smaller subnet within the vnet. i.e from /16 to /17
-  worker_subnet_cidr_v6 = var.use_ipv6 ? cidrsubnet(var.vnet_v6_cidrs[0], 16, 1) : null #node subnet is a smaller subnet within the vnet. i.e from /48 to /64
+  worker_subnet_cidr_v4 = var.use_ipv4 ? cidrsubnet(var.machine_v4_cidrs[0], 1, 1) : null  #node subnet is a smaller subnet within the vnet. i.e from /16 to /17
+  worker_subnet_cidr_v6 = var.use_ipv6 ? cidrsubnet(var.machine_v6_cidrs[0], 16, 1) : null #node subnet is a smaller subnet within the vnet. i.e from /48 to /64
 
-  master_subnet_id = var.preexisting_network ? data.azurerm_subnet.preexisting_master_subnet[0].id : azurerm_subnet.master_subnet[0].id
-  worker_subnet_id = var.preexisting_network ? data.azurerm_subnet.preexisting_worker_subnet[0].id : azurerm_subnet.worker_subnet[0].id
+  master_subnet_id = var.azure_preexisting_network ? data.azurerm_subnet.preexisting_master_subnet[0].id : azurerm_subnet.master_subnet[0].id
+  worker_subnet_id = var.azure_preexisting_network ? data.azurerm_subnet.preexisting_worker_subnet[0].id : azurerm_subnet.worker_subnet[0].id
 
-  virtual_network    = var.preexisting_network ? data.azurerm_virtual_network.preexisting_virtual_network[0].name : azurerm_virtual_network.cluster_vnet[0].name
-  virtual_network_id = var.preexisting_network ? data.azurerm_virtual_network.preexisting_virtual_network[0].id : azurerm_virtual_network.cluster_vnet[0].id
-
-  description = "Created By OpenShift Installer"
+  virtual_network    = var.azure_preexisting_network ? data.azurerm_virtual_network.preexisting_virtual_network[0].name : azurerm_virtual_network.cluster_vnet[0].name
+  virtual_network_id = var.azure_preexisting_network ? data.azurerm_virtual_network.preexisting_virtual_network[0].id : azurerm_virtual_network.cluster_vnet[0].id
 }
diff --git a/data/data/azure/vnet/internal-lb.tf b/data/data/azure/vnet/internal-lb.tf
index 4c80808882d..40e29a29730 100644
--- a/data/data/azure/vnet/internal-lb.tf
+++ b/data/data/azure/vnet/internal-lb.tf
@@ -6,8 +6,8 @@ locals {
 resource "azurerm_lb" "internal" {
   sku                 = "Standard"
   name                = "${var.cluster_id}-internal"
-  resource_group_name = var.resource_group_name
-  location            = var.region
+  resource_group_name = data.azurerm_resource_group.main.name
+  location            = var.azure_region
 
   dynamic "frontend_ip_configuration" {
     for_each = [for ip in [
@@ -35,7 +35,7 @@ resource "azurerm_lb" "internal" {
 resource "azurerm_lb_backend_address_pool" "internal_lb_controlplane_pool_v4" {
   count = var.use_ipv4 ? 1 : 0
 
-  resource_group_name = var.resource_group_name
+  resource_group_name = data.azurerm_resource_group.main.name
   loadbalancer_id     = azurerm_lb.internal.id
   name                = var.cluster_id
 }
@@ -43,7 +43,7 @@ resource "azurerm_lb_backend_address_pool" "internal_lb_controlplane_pool_v4" {
 resource "azurerm_lb_backend_address_pool" "internal_lb_controlplane_pool_v6" {
   count = var.use_ipv6 ? 1 : 0
 
-  resource_group_name = var.resource_group_name
+  resource_group_name = data.azurerm_resource_group.main.name
   loadbalancer_id     = azurerm_lb.internal.id
   name                = "${var.cluster_id}-IPv6"
 }
@@ -52,7 +52,7 @@ resource "azurerm_lb_rule" "internal_lb_rule_api_internal_v4" {
   count = var.use_ipv4 ? 1 : 0
 
   name                           = "api-internal-v4"
-  resource_group_name            = var.resource_group_name
+  resource_group_name            = data.azurerm_resource_group.main.name
   protocol                       = "Tcp"
   backend_address_pool_id        = azurerm_lb_backend_address_pool.internal_lb_controlplane_pool_v4[0].id
   loadbalancer_id                = azurerm_lb.internal.id
@@ -69,7 +69,7 @@ resource "azurerm_lb_rule" "internal_lb_rule_api_internal_v6" {
   count = var.use_ipv6 ? 1 : 0
 
   name                           = "api-internal-v6"
-  resource_group_name            = var.resource_group_name
+  resource_group_name            = data.azurerm_resource_group.main.name
   protocol                       = "Tcp"
   backend_address_pool_id        = azurerm_lb_backend_address_pool.internal_lb_controlplane_pool_v6[0].id
   loadbalancer_id                = azurerm_lb.internal.id
@@ -86,7 +86,7 @@ resource "azurerm_lb_rule" "internal_lb_rule_sint_v4" {
   count = var.use_ipv4 ? 1 : 0
 
   name                           = "sint-v4"
-  resource_group_name            = var.resource_group_name
+  resource_group_name            = data.azurerm_resource_group.main.name
   protocol                       = "Tcp"
   backend_address_pool_id        = azurerm_lb_backend_address_pool.internal_lb_controlplane_pool_v4[0].id
   loadbalancer_id                = azurerm_lb.internal.id
@@ -103,7 +103,7 @@ resource "azurerm_lb_rule" "internal_lb_rule_sint_v6" {
   count = var.use_ipv6 ? 1 : 0
 
   name                           = "sint-v6"
-  resource_group_name            = var.resource_group_name
+  resource_group_name            = data.azurerm_resource_group.main.name
   protocol                       = "Tcp"
   backend_address_pool_id        = azurerm_lb_backend_address_pool.internal_lb_controlplane_pool_v6[0].id
   loadbalancer_id                = azurerm_lb.internal.id
@@ -118,7 +118,7 @@ resource "azurerm_lb_rule" "internal_lb_rule_sint_v6" {
 
 resource "azurerm_lb_probe" "internal_lb_probe_sint" {
   name                = "sint-probe"
-  resource_group_name = var.resource_group_name
+  resource_group_name = data.azurerm_resource_group.main.name
   interval_in_seconds = 5
   number_of_probes    = 2
   loadbalancer_id     = azurerm_lb.internal.id
@@ -129,7 +129,7 @@ resource "azurerm_lb_probe" "internal_lb_probe_sint" {
 
 resource "azurerm_lb_probe" "internal_lb_probe_api_internal" {
   name                = "api-internal-probe"
-  resource_group_name = var.resource_group_name
+  resource_group_name = data.azurerm_resource_group.main.name
   interval_in_seconds = 5
   number_of_probes    = 2
   loadbalancer_id     = azurerm_lb.internal.id
diff --git a/data/data/azure/vnet/main.tf b/data/data/azure/vnet/main.tf
new file mode 100644
index 00000000000..5f592b2ad21
--- /dev/null
+++ b/data/data/azure/vnet/main.tf
@@ -0,0 +1,104 @@
+locals {
+  tags = merge(
+    {
+      "kubernetes.io_cluster.${var.cluster_id}" = "owned"
+    },
+    var.azure_extra_tags,
+  )
+  description = "Created By OpenShift Installer"
+  # At this time min_tls_version is only supported in the Public Cloud and US Government Cloud.
+  environments_with_min_tls_version = ["public", "usgovernment"]
+
+}
+
+provider "azurerm" {
+  features {}
+  subscription_id = var.azure_subscription_id
+  client_id       = var.azure_client_id
+  client_secret   = var.azure_client_secret
+  tenant_id       = var.azure_tenant_id
+  environment     = var.azure_environment
+}
+
+resource "random_string" "storage_suffix" {
+  length  = 5
+  upper   = false
+  special = false
+}
+
+resource "azurerm_resource_group" "main" {
+  count = var.azure_resource_group_name == "" ? 1 : 0
+
+  name     = "${var.cluster_id}-rg"
+  location = var.azure_region
+  tags     = local.tags
+}
+
+data "azurerm_resource_group" "main" {
+  name = var.azure_resource_group_name == "" ? "${var.cluster_id}-rg" : var.azure_resource_group_name
+
+  depends_on = [azurerm_resource_group.main]
+}
+
+data "azurerm_resource_group" "network" {
+  count = var.azure_preexisting_network ? 1 : 0
+
+  name = var.azure_network_resource_group_name
+}
+
+resource "azurerm_storage_account" "cluster" {
+  name                     = "cluster${random_string.storage_suffix.result}"
+  resource_group_name      = data.azurerm_resource_group.main.name
+  location                 = var.azure_region
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+  min_tls_version          = contains(local.environments_with_min_tls_version, var.azure_environment) ? "TLS1_2" : null
+}
+
+resource "azurerm_user_assigned_identity" "main" {
+  resource_group_name = data.azurerm_resource_group.main.name
+  location            = data.azurerm_resource_group.main.location
+
+  name = "${var.cluster_id}-identity"
+}
+
+resource "azurerm_role_assignment" "main" {
+  scope                = data.azurerm_resource_group.main.id
+  role_definition_name = "Contributor"
+  principal_id         = azurerm_user_assigned_identity.main.principal_id
+}
+
+resource "azurerm_role_assignment" "network" {
+  count = var.azure_preexisting_network ? 1 : 0
+
+  scope                = data.azurerm_resource_group.network[0].id
+  role_definition_name = "Contributor"
+  principal_id         = azurerm_user_assigned_identity.main.principal_id
+}
+
+# copy over the vhd to cluster resource group and create an image using that
+resource "azurerm_storage_container" "vhd" {
+  name                 = "vhd"
+  storage_account_name = azurerm_storage_account.cluster.name
+}
+
+resource "azurerm_storage_blob" "rhcos_image" {
+  name                   = "rhcos${random_string.storage_suffix.result}.vhd"
+  storage_account_name   = azurerm_storage_account.cluster.name
+  storage_container_name = azurerm_storage_container.vhd.name
+  type                   = "Page"
+  source_uri             = var.azure_image_url
+  metadata               = map("source_uri", var.azure_image_url)
+}
+
+resource "azurerm_image" "cluster" {
+  name                = var.cluster_id
+  resource_group_name = data.azurerm_resource_group.main.name
+  location            = var.azure_region
+
+  os_disk {
+    os_type  = "Linux"
+    os_state = "Generalized"
+    blob_uri = azurerm_storage_blob.rhcos_image.url
+  }
+}
diff --git a/data/data/azure/vnet/nsg.tf b/data/data/azure/vnet/nsg.tf
index 97549b7b021..62439960688 100644
--- a/data/data/azure/vnet/nsg.tf
+++ b/data/data/azure/vnet/nsg.tf
@@ -1,18 +1,18 @@
 resource "azurerm_network_security_group" "cluster" {
   name                = "${var.cluster_id}-nsg"
-  location            = var.region
-  resource_group_name = var.resource_group_name
+  location            = var.azure_region
+  resource_group_name = data.azurerm_resource_group.main.name
 }
 
 resource "azurerm_subnet_network_security_group_association" "master" {
-  count = var.preexisting_network ? 0 : 1
+  count = var.azure_preexisting_network ? 0 : 1
 
   subnet_id                 = azurerm_subnet.master_subnet[0].id
   network_security_group_id = azurerm_network_security_group.cluster.id
 }
 
 resource "azurerm_subnet_network_security_group_association" "worker" {
-  count = var.preexisting_network ? 0 : 1
+  count = var.azure_preexisting_network ? 0 : 1
 
   subnet_id                 = azurerm_subnet.worker_subnet[0].id
   network_security_group_id = azurerm_network_security_group.cluster.id
@@ -28,7 +28,7 @@ resource "azurerm_network_security_rule" "apiserver_in" {
   destination_port_range      = "6443"
   source_address_prefix       = "*"
   destination_address_prefix  = "*"
-  resource_group_name         = var.resource_group_name
+  resource_group_name         = data.azurerm_resource_group.main.name
   network_security_group_name = azurerm_network_security_group.cluster.name
   description                 = local.description
 }
diff --git a/data/data/azure/vnet/outputs.tf b/data/data/azure/vnet/outputs.tf
index 0385f5dc9ae..98e6c2eec1d 100644
--- a/data/data/azure/vnet/outputs.tf
+++ b/data/data/azure/vnet/outputs.tf
@@ -1,23 +1,19 @@
-output "public_lb_backend_pool_v4_id" {
+output "elb_backend_pool_v4_id" {
   value = local.need_public_ipv4 ? azurerm_lb_backend_address_pool.public_lb_pool_v4[0].id : null
 }
 
-output "public_lb_backend_pool_v6_id" {
+output "elb_backend_pool_v6_id" {
   value = local.need_public_ipv6 ? azurerm_lb_backend_address_pool.public_lb_pool_v6[0].id : null
 }
 
-output "internal_lb_backend_pool_v4_id" {
+output "ilb_backend_pool_v4_id" {
   value = var.use_ipv4 ? azurerm_lb_backend_address_pool.internal_lb_controlplane_pool_v4[0].id : null
 }
 
-output "internal_lb_backend_pool_v6_id" {
+output "ilb_backend_pool_v6_id" {
   value = var.use_ipv6 ? azurerm_lb_backend_address_pool.internal_lb_controlplane_pool_v6[0].id : null
 }
 
-output "public_lb_id" {
-  value = var.private ? null : azurerm_lb.public.id
-}
-
 output "public_lb_pip_v4_fqdn" {
   value = local.need_public_ipv4 ? data.azurerm_public_ip.cluster_public_ip_v4[0].fqdn : null
 }
@@ -34,7 +30,7 @@ output "internal_lb_ip_v6_address" {
   value = var.use_ipv6 ? azurerm_lb.internal.private_ip_addresses[1] : null
 }
 
-output "cluster_nsg_name" {
+output "nsg_name" {
   value = azurerm_network_security_group.cluster.name
 }
 
@@ -50,6 +46,26 @@ output "worker_subnet_id" {
   value = local.worker_subnet_id
 }
 
-output "private" {
-  value = var.private
+output "resource_group_name" {
+  value = data.azurerm_resource_group.main.name
+}
+
+output "vm_image" {
+  value = azurerm_image.cluster.id
+}
+
+output "identity" {
+  value = azurerm_user_assigned_identity.main.id
+}
+
+output "subnet_id" {
+  value = local.master_subnet_id
+}
+
+output "storage_account" {
+  value = azurerm_storage_account.cluster
+}
+
+output "outbound_udr" {
+  value = var.azure_outbound_user_defined_routing
 }
diff --git a/data/data/azure/vnet/public-lb.tf b/data/data/azure/vnet/public-lb.tf
index 0bdd53f1ef7..595f64a3c67 100644
--- a/data/data/azure/vnet/public-lb.tf
+++ b/data/data/azure/vnet/public-lb.tf
@@ -5,9 +5,9 @@ locals {
 
 locals {
   // DEBUG: Azure apparently requires dual stack LB for v6
-  need_public_ipv4 = ! var.private || ! var.outbound_udr
+  need_public_ipv4 = ! var.azure_private || ! var.azure_outbound_user_defined_routing
 
-  need_public_ipv6 = var.use_ipv6 && (! var.private || ! var.outbound_udr)
+  need_public_ipv6 = var.use_ipv6 && (! var.azure_private || ! var.azure_outbound_user_defined_routing)
 }
 
 
@@ -15,11 +15,11 @@ resource "azurerm_public_ip" "cluster_public_ip_v4" {
   count = local.need_public_ipv4 ? 1 : 0
 
   sku                 = "Standard"
-  location            = var.region
+  location            = var.azure_region
   name                = "${var.cluster_id}-pip-v4"
-  resource_group_name = var.resource_group_name
+  resource_group_name = data.azurerm_resource_group.main.name
   allocation_method   = "Static"
-  domain_name_label   = var.dns_label
+  domain_name_label   = var.cluster_id
 }
 
 data "azurerm_public_ip" "cluster_public_ip_v4" {
@@ -27,7 +27,7 @@ data "azurerm_public_ip" "cluster_public_ip_v4" {
   count = local.need_public_ipv4 ? 1 : 0
 
   name                = azurerm_public_ip.cluster_public_ip_v4[0].name
-  resource_group_name = var.resource_group_name
+  resource_group_name = data.azurerm_resource_group.main.name
 }
 
 
@@ -36,25 +36,25 @@ resource "azurerm_public_ip" "cluster_public_ip_v6" {
 
   ip_version          = "IPv6"
   sku                 = "Standard"
-  location            = var.region
+  location            = var.azure_region
   name                = "${var.cluster_id}-pip-v6"
-  resource_group_name = var.resource_group_name
+  resource_group_name = data.azurerm_resource_group.main.name
   allocation_method   = "Static"
-  domain_name_label   = var.dns_label
+  domain_name_label   = var.cluster_id
 }
 
 data "azurerm_public_ip" "cluster_public_ip_v6" {
   count = local.need_public_ipv6 ? 1 : 0
 
   name                = azurerm_public_ip.cluster_public_ip_v6[0].name
-  resource_group_name = var.resource_group_name
+  resource_group_name = data.azurerm_resource_group.main.name
 }
 
 resource "azurerm_lb" "public" {
   sku                 = "Standard"
   name                = var.cluster_id
-  resource_group_name = var.resource_group_name
-  location            = var.region
+  resource_group_name = data.azurerm_resource_group.main.name
+  location            = var.azure_region
 
   dynamic "frontend_ip_configuration" {
     for_each = [for ip in [
@@ -96,7 +96,7 @@ resource "azurerm_lb" "public" {
 resource "azurerm_lb_backend_address_pool" "public_lb_pool_v4" {
   count = local.need_public_ipv4 ? 1 : 0
 
-  resource_group_name = var.resource_group_name
+  resource_group_name = data.azurerm_resource_group.main.name
   loadbalancer_id     = azurerm_lb.public.id
   name                = var.cluster_id
 }
@@ -104,16 +104,16 @@ resource "azurerm_lb_backend_address_pool" "public_lb_pool_v4" {
 resource "azurerm_lb_backend_address_pool" "public_lb_pool_v6" {
   count = local.need_public_ipv6 ? 1 : 0
 
-  resource_group_name = var.resource_group_name
+  resource_group_name = data.azurerm_resource_group.main.name
   loadbalancer_id     = azurerm_lb.public.id
   name                = "${var.cluster_id}-IPv6"
 }
 
 resource "azurerm_lb_rule" "public_lb_rule_api_internal_v4" {
-  count = var.use_ipv4 && ! var.private ? 1 : 0
+  count = var.use_ipv4 && ! var.azure_private ? 1 : 0
 
   name                           = "api-internal-v4"
-  resource_group_name            = var.resource_group_name
+  resource_group_name            = data.azurerm_resource_group.main.name
   protocol                       = "Tcp"
   backend_address_pool_id        = azurerm_lb_backend_address_pool.public_lb_pool_v4[0].id
   loadbalancer_id                = azurerm_lb.public.id
@@ -127,10 +127,10 @@ resource "azurerm_lb_rule" "public_lb_rule_api_internal_v4" {
 }
 
 resource "azurerm_lb_rule" "public_lb_rule_api_internal_v6" {
-  count = var.use_ipv6 && ! var.private ? 1 : 0
+  count = var.use_ipv6 && ! var.azure_private ? 1 : 0
 
   name                           = "api-internal-v6"
-  resource_group_name            = var.resource_group_name
+  resource_group_name            = data.azurerm_resource_group.main.name
   protocol                       = "Tcp"
   backend_address_pool_id        = azurerm_lb_backend_address_pool.public_lb_pool_v6[0].id
   loadbalancer_id                = azurerm_lb.public.id
@@ -144,10 +144,10 @@ resource "azurerm_lb_rule" "public_lb_rule_api_internal_v6" {
 }
 
 resource "azurerm_lb_outbound_rule" "public_lb_outbound_rule_v4" {
-  count = var.use_ipv4 && var.private && ! var.outbound_udr ? 1 : 0
+  count = var.use_ipv4 && var.azure_private && ! var.azure_outbound_user_defined_routing ? 1 : 0
 
   name                    = "outbound-rule-v4"
-  resource_group_name     = var.resource_group_name
+  resource_group_name     = data.azurerm_resource_group.main.name
   loadbalancer_id         = azurerm_lb.public.id
   backend_address_pool_id = azurerm_lb_backend_address_pool.public_lb_pool_v4[0].id
   protocol                = "All"
@@ -158,10 +158,10 @@ resource "azurerm_lb_outbound_rule" "public_lb_outbound_rule_v4" {
 }
 
 resource "azurerm_lb_outbound_rule" "public_lb_outbound_rule_v6" {
-  count = var.use_ipv6 && var.private && ! var.outbound_udr ? 1 : 0
+  count = var.use_ipv6 && var.azure_private && ! var.azure_outbound_user_defined_routing ? 1 : 0
 
   name                    = "outbound-rule-v6"
-  resource_group_name     = var.resource_group_name
+  resource_group_name     = data.azurerm_resource_group.main.name
   loadbalancer_id         = azurerm_lb.public.id
   backend_address_pool_id = azurerm_lb_backend_address_pool.public_lb_pool_v6[0].id
   protocol                = "All"
@@ -172,10 +172,10 @@ resource "azurerm_lb_outbound_rule" "public_lb_outbound_rule_v6" {
 }
 
 resource "azurerm_lb_probe" "public_lb_probe_api_internal" {
-  count = var.private ? 0 : 1
+  count = var.azure_private ? 0 : 1
 
   name                = "api-internal-probe"
-  resource_group_name = var.resource_group_name
+  resource_group_name = data.azurerm_resource_group.main.name
   interval_in_seconds = 5
   number_of_probes    = 2
   loadbalancer_id     = azurerm_lb.public.id
diff --git a/data/data/azure/vnet/variables.tf b/data/data/azure/vnet/variables.tf
deleted file mode 100644
index 814f8aef55f..00000000000
--- a/data/data/azure/vnet/variables.tf
+++ /dev/null
@@ -1,83 +0,0 @@
-variable "vnet_v4_cidrs" {
-  type = list(string)
-}
-
-variable "vnet_v6_cidrs" {
-  type = list(string)
-}
-
-variable "resource_group_name" {
-  type        = string
-  description = "Resource group for the deployment"
-}
-
-variable "cluster_id" {
-  type = string
-}
-
-variable "region" {
-  type        = string
-  description = "The target Azure region for the cluster."
-}
-
-variable "tags" {
-  type        = map(string)
-  default     = {}
-  description = "Azure tags to be applied to created resources."
-}
-
-variable "dns_label" {
-  type        = string
-  description = "The label used to build the dns name. i.e. <label>.<region>.cloudapp.azure.com"
-}
-
-variable "preexisting_network" {
-  type        = bool
-  description = "This value determines if a vnet already exists or not. If true, then will not create a new vnet, subnet, or nsg's"
-  default     = false
-}
-
-variable "network_resource_group_name" {
-  type        = string
-  description = "This is the name of the network resource group for new or existing network resources"
-}
-
-variable "virtual_network_name" {
-  type        = string
-  description = "This is the name of the virtual network, new or existing"
-}
-
-variable "master_subnet" {
-  type        = string
-  description = "This is the name of the subnet used for the control plane, new or existing"
-}
-
-variable "worker_subnet" {
-  type        = string
-  description = "This is the name of the subnet used for the compute nodes, new or existing"
-}
-
-variable "private" {
-  type        = bool
-  description = "The determines if this is a private/internal cluster or not."
-}
-
-variable "use_ipv4" {
-  type        = bool
-  description = "This value determines if this is cluster should use IPv4 networking."
-}
-
-variable "use_ipv6" {
-  type        = bool
-  description = "This value determines if this is cluster should use IPv6 networking."
-}
-
-variable "outbound_udr" {
-  type    = bool
-  default = false
-
-  description = <<EOF
-This determined whether User defined routing will be used for egress to Internet.
-When false, Standard LB will be used for egress to the Internet.
-EOF
-}
diff --git a/data/data/azure/vnet/vnet.tf b/data/data/azure/vnet/vnet.tf
index ddbd632d9d6..faf1848a6d4 100644
--- a/data/data/azure/vnet/vnet.tf
+++ b/data/data/azure/vnet/vnet.tf
@@ -1,32 +1,32 @@
 resource "azurerm_virtual_network" "cluster_vnet" {
-  count = var.preexisting_network ? 0 : 1
+  count = var.azure_preexisting_network ? 0 : 1
 
-  name                = var.virtual_network_name
-  resource_group_name = var.resource_group_name
-  location            = var.region
-  address_space       = concat(var.vnet_v4_cidrs, var.vnet_v6_cidrs)
+  name                = var.azure_virtual_network
+  resource_group_name = data.azurerm_resource_group.main.name
+  location            = var.azure_region
+  address_space       = concat(var.machine_v4_cidrs, var.machine_v6_cidrs)
 }
 
 resource "azurerm_subnet" "master_subnet" {
-  count = var.preexisting_network ? 0 : 1
+  count = var.azure_preexisting_network ? 0 : 1
 
-  resource_group_name = var.resource_group_name
+  resource_group_name = data.azurerm_resource_group.main.name
   address_prefixes = [for cidr in [
     { value : local.master_subnet_cidr_v4, include : var.use_ipv4 },
     { value : local.master_subnet_cidr_v6, include : var.use_ipv6 }
   ] : cidr.value if cidr.include]
   virtual_network_name = local.virtual_network
-  name                 = var.master_subnet
+  name                 = var.azure_control_plane_subnet
 }
 
 resource "azurerm_subnet" "worker_subnet" {
-  count = var.preexisting_network ? 0 : 1
+  count = var.azure_preexisting_network ? 0 : 1
 
-  resource_group_name = var.resource_group_name
+  resource_group_name = data.azurerm_resource_group.main.name
   address_prefixes = [for cidr in [
     { value : local.worker_subnet_cidr_v4, include : var.use_ipv4 },
     { value : local.worker_subnet_cidr_v6, include : var.use_ipv6 }
   ] : cidr.value if cidr.include]
   virtual_network_name = local.virtual_network
-  name                 = var.worker_subnet
+  name                 = var.azure_compute_subnet
 }
diff --git a/pkg/terraform/stages/azure/stages.go b/pkg/terraform/stages/azure/stages.go
new file mode 100644
index 00000000000..c7ba975eb8e
--- /dev/null
+++ b/pkg/terraform/stages/azure/stages.go
@@ -0,0 +1,13 @@
+package azure
+
+import (
+	"github.com/openshift/installer/pkg/terraform"
+	"github.com/openshift/installer/pkg/terraform/stages"
+)
+
+// PlatformStages are the stages to run to provision the infrastructure in Azure.
+var PlatformStages = []terraform.Stage{
+	stages.NewStage("azure", "vnet"),
+	stages.NewStage("azure", "bootstrap", stages.WithNormalDestroy()),
+	stages.NewStage("azure", "cluster"),
+}
diff --git a/pkg/terraform/stages/compat/stage.go b/pkg/terraform/stages/compat/stage.go
index 05955234343..31c5c8a8bf8 100644
--- a/pkg/terraform/stages/compat/stage.go
+++ b/pkg/terraform/stages/compat/stage.go
@@ -8,7 +8,6 @@ import (
 	"github.com/sirupsen/logrus"
 
 	"github.com/openshift/installer/pkg/terraform"
-	gatherazure "github.com/openshift/installer/pkg/terraform/gather/azure"
 	gatherbaremetal "github.com/openshift/installer/pkg/terraform/gather/baremetal"
 	gatherkubevirt "github.com/openshift/installer/pkg/terraform/gather/kubevirt"
 	gatherlibvirt "github.com/openshift/installer/pkg/terraform/gather/libvirt"
@@ -16,7 +15,6 @@ import (
 	gatherovirt "github.com/openshift/installer/pkg/terraform/gather/ovirt"
 	gathervsphere "github.com/openshift/installer/pkg/terraform/gather/vsphere"
 	"github.com/openshift/installer/pkg/types"
-	azuretypes "github.com/openshift/installer/pkg/types/azure"
 	baremetaltypes "github.com/openshift/installer/pkg/types/baremetal"
 	kubevirttypes "github.com/openshift/installer/pkg/types/kubevirt"
 	libvirttypes "github.com/openshift/installer/pkg/types/libvirt"
@@ -88,15 +86,6 @@ func (s stage) ExtractHostAddresses(directory string, config *types.InstallConfi
 func extractHostAddresses(config *types.InstallConfig, tfstate *terraform.State) (bootstrap string, port int, masters []string, err error) {
 	port = 22
 	switch config.Platform.Name() {
-	case azuretypes.Name:
-		bootstrap, err = gatherazure.BootstrapIP(tfstate)
-		if err != nil {
-			return
-		}
-		masters, err = gatherazure.ControlPlaneIPs(tfstate)
-		if err != nil {
-			logrus.Error(err)
-		}
 	case baremetaltypes.Name:
 		bootstrap = config.Platform.BareMetal.BootstrapProvisioningIP
 		masters, err = gatherbaremetal.ControlPlaneIPs(config, tfstate)
diff --git a/pkg/terraform/stages/platform/stages.go b/pkg/terraform/stages/platform/stages.go
index 34ea7492017..a7b013c3df9 100644
--- a/pkg/terraform/stages/platform/stages.go
+++ b/pkg/terraform/stages/platform/stages.go
@@ -3,9 +3,11 @@ package platform
 import (
 	"github.com/openshift/installer/pkg/terraform"
 	"github.com/openshift/installer/pkg/terraform/stages/aws"
+	"github.com/openshift/installer/pkg/terraform/stages/azure"
 	"github.com/openshift/installer/pkg/terraform/stages/compat"
 	"github.com/openshift/installer/pkg/terraform/stages/gcp"
 	awstypes "github.com/openshift/installer/pkg/types/aws"
+	azuretypes "github.com/openshift/installer/pkg/types/azure"
 	gcptypes "github.com/openshift/installer/pkg/types/gcp"
 )
 
@@ -14,6 +16,8 @@ func StagesForPlatform(platform string) []terraform.Stage {
 	switch platform {
 	case awstypes.Name:
 		return aws.PlatformStages
+	case azuretypes.Name:
+		return azure.PlatformStages
 	case gcptypes.Name:
 		return gcp.PlatformStages
 	default: