From 9e246fc8a9dc506cf702a53ad51d7ef205cda65a Mon Sep 17 00:00:00 2001
From: Neil Perry <neil.perry@cgi.com>
Date: Wed, 11 Feb 2026 08:18:12 +0000
Subject: [PATCH 01/10] add ithc

---
 locals.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/locals.tf b/locals.tf
index 910e2ba7..be6dd786 100644
--- a/locals.tf
+++ b/locals.tf
@@ -108,7 +108,7 @@ locals {
   is_migration_environment  = contains(local.migration_environments, var.env)
   production_environments   = ["prod"]
   is_production_environment = contains(local.production_environments, var.env)
-  test_environments         = ["test", "demo", "stg"]
+  test_environments         = ["test", "demo", "ithc", "stg"]
   is_test_environment       = contains(local.test_environments, var.env)
 }
 

From e6929cdbb831ada2c4a2a4bc9a39c77579997133 Mon Sep 17 00:00:00 2001
From: Neil Perry <neil.perry@cgi.com>
Date: Wed, 11 Feb 2026 08:18:17 +0000
Subject: [PATCH 02/10] set sampling_percentage to 100% for every env

---
 app-insights.tf | 3 ++-
 variables.tf    | 5 +++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/app-insights.tf b/app-insights.tf
index 720e57cc..a640168e 100644
--- a/app-insights.tf
+++ b/app-insights.tf
@@ -3,7 +3,8 @@ module "application_insights" {
   location = azurerm_resource_group.darts_resource_group.location
   env      = var.env
   product  = var.product
-
+  
+  sampling_percentage = var.sampling_percentage
 
   resource_group_name = azurerm_resource_group.darts_resource_group.name
 
diff --git a/variables.tf b/variables.tf
index 45367013..f7bb3176 100644
--- a/variables.tf
+++ b/variables.tf
@@ -375,3 +375,8 @@ variable "install_endpoint_protection" {
   description = "Install endpoint protection extension"
   default     = false
 }
+
+variable "sampling_percentage" {
+  default     = 100
+  description = "App insights sampling percentage."
+}

From f0e83bba7748422e28422969706653950537078c Mon Sep 17 00:00:00 2001
From: Neil Perry <neil.perry@cgi.com>
Date: Wed, 11 Feb 2026 08:18:43 +0000
Subject: [PATCH 03/10] fmt

---
 app-insights.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-insights.tf b/app-insights.tf
index a640168e..397d27cf 100644
--- a/app-insights.tf
+++ b/app-insights.tf
@@ -3,7 +3,7 @@ module "application_insights" {
   location = azurerm_resource_group.darts_resource_group.location
   env      = var.env
   product  = var.product
-  
+
   sampling_percentage = var.sampling_percentage
 
   resource_group_name = azurerm_resource_group.darts_resource_group.name

From 274783ad234c8d77c908756683958e68596149f7 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 11 Feb 2026 08:22:05 +0000
Subject: [PATCH 04/10] Update dependency hashicorp/terraform to v1.14.4

---
 .terraform-version | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.terraform-version b/.terraform-version
index 18b31142..4e00d0ac 100644
--- a/.terraform-version
+++ b/.terraform-version
@@ -1 +1 @@
-1.10.4
+1.14.4

From 04db4699de2e5ba2a469af9ee14364079ab4d752 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 11 Feb 2026 08:22:20 +0000
Subject: [PATCH 05/10] Update Terraform azapi to v2

---
 state.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/state.tf b/state.tf
index 8b736c06..d00c0eb7 100755
--- a/state.tf
+++ b/state.tf
@@ -8,7 +8,7 @@ terraform {
     }
     azapi = {
       source  = "Azure/azapi"
-      version = "~> 1.15.0"
+      version = "~> 2.8.0"
     }
   }
 }

From a93b305193ead8c72893109b0984de02febec919 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 11 Feb 2026 08:22:11 +0000
Subject: [PATCH 06/10] Update Terraform azurerm to v4.59.0

---
 state.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/state.tf b/state.tf
index d00c0eb7..62372e2b 100755
--- a/state.tf
+++ b/state.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "4.23.0"
+      version = "4.59.0"
     }
     azapi = {
       source  = "Azure/azapi"

From 698f7da9140d9d84bc34ba1397f56bd63c478e8d Mon Sep 17 00:00:00 2001
From: Neil Perry <neil.perry@cgi.com>
Date: Wed, 11 Feb 2026 08:32:27 +0000
Subject: [PATCH 07/10] use exact version

---
 state.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/state.tf b/state.tf
index 62372e2b..d8397e02 100755
--- a/state.tf
+++ b/state.tf
@@ -8,7 +8,7 @@ terraform {
     }
     azapi = {
       source  = "Azure/azapi"
-      version = "~> 2.8.0"
+      version = "2.5.0"
     }
   }
 }

From 633db6c64ae3c89a493271d0777122812b44a70b Mon Sep 17 00:00:00 2001
From: Neil Perry <neil.perry@cgi.com>
Date: Wed, 11 Feb 2026 09:02:14 +0000
Subject: [PATCH 08/10] update for migration

---
 locals.tf        |  2 ++
 migration-vms.tf | 10 +++++++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/locals.tf b/locals.tf
index be6dd786..298c1a07 100644
--- a/locals.tf
+++ b/locals.tf
@@ -113,11 +113,13 @@ locals {
 }
 
 data "azurerm_key_vault_secret" "aadds_username" {
+  count        = var.env == "prod" ? 1 : 0
   name         = "domain-join-username"
   key_vault_id = "/subscriptions/17390ec1-5a5e-4a20-afb3-38d8d726ae45/resourceGroups/PINT-RG/providers/Microsoft.KeyVault/vaults/hmcts-kv-prod-int"
 }
 
 data "azurerm_key_vault_secret" "aadds_password" {
+  count        = var.env == "prod" ? 1 : 0
   name         = "domain-join-password"
   key_vault_id = "/subscriptions/17390ec1-5a5e-4a20-afb3-38d8d726ae45/resourceGroups/PINT-RG/providers/Microsoft.KeyVault/vaults/hmcts-kv-prod-int"
 }
diff --git a/migration-vms.tf b/migration-vms.tf
index 492c75ed..06849fb8 100644
--- a/migration-vms.tf
+++ b/migration-vms.tf
@@ -79,7 +79,11 @@ module "vm-bootstrap-migration_vms" {
 }
 
 resource "azurerm_virtual_machine_extension" "migration_windows_joinad" {
-  for_each             = { for key, value in var.migration_vms : key => value if value.join_ad == true }
+  for_each = {
+    for key, value in var.migration_vms :
+    key => value
+    if var.env == "prod" && value.join_ad == true
+  }
   name                 = "${each.key}-joinad"
   virtual_machine_id   = azurerm_windows_virtual_machine.migration_windows[each.key].id
   publisher            = "Microsoft.Compute"
@@ -89,14 +93,14 @@ resource "azurerm_virtual_machine_extension" "migration_windows_joinad" {
     {
         "Name": "HMCTS.NET",
         "OUPath": "OU=DARTS-Migration,DC=hmcts,DC=net",
-        "User": "HMCTS\\${data.azurerm_key_vault_secret.aadds_username.value}",
+        "User": "HMCTS\\${data.azurerm_key_vault_secret.aadds_username[0].value}",
         "Restart": "true",
         "Options": "3"
     }
   SETTINGS
   protected_settings   = <<PROTECTED_SETTINGS
     {
-      "Password": "${data.azurerm_key_vault_secret.aadds_password.value}"
+      "Password": "${data.azurerm_key_vault_secret.aadds_password[0].value}"
     }
   PROTECTED_SETTINGS
 

From 6ba00fd837e6ee989e9ba85163a56b5b4b3e0144 Mon Sep 17 00:00:00 2001
From: Neil Perry <neil.perry@cgi.com>
Date: Wed, 11 Feb 2026 09:44:03 +0000
Subject: [PATCH 09/10] Revert "update for migration"

This reverts commit 633db6c64ae3c89a493271d0777122812b44a70b.
---
 locals.tf        |  2 --
 migration-vms.tf | 10 +++-------
 2 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/locals.tf b/locals.tf
index 298c1a07..be6dd786 100644
--- a/locals.tf
+++ b/locals.tf
@@ -113,13 +113,11 @@ locals {
 }
 
 data "azurerm_key_vault_secret" "aadds_username" {
-  count        = var.env == "prod" ? 1 : 0
   name         = "domain-join-username"
   key_vault_id = "/subscriptions/17390ec1-5a5e-4a20-afb3-38d8d726ae45/resourceGroups/PINT-RG/providers/Microsoft.KeyVault/vaults/hmcts-kv-prod-int"
 }
 
 data "azurerm_key_vault_secret" "aadds_password" {
-  count        = var.env == "prod" ? 1 : 0
   name         = "domain-join-password"
   key_vault_id = "/subscriptions/17390ec1-5a5e-4a20-afb3-38d8d726ae45/resourceGroups/PINT-RG/providers/Microsoft.KeyVault/vaults/hmcts-kv-prod-int"
 }
diff --git a/migration-vms.tf b/migration-vms.tf
index 06849fb8..492c75ed 100644
--- a/migration-vms.tf
+++ b/migration-vms.tf
@@ -79,11 +79,7 @@ module "vm-bootstrap-migration_vms" {
 }
 
 resource "azurerm_virtual_machine_extension" "migration_windows_joinad" {
-  for_each = {
-    for key, value in var.migration_vms :
-    key => value
-    if var.env == "prod" && value.join_ad == true
-  }
+  for_each             = { for key, value in var.migration_vms : key => value if value.join_ad == true }
   name                 = "${each.key}-joinad"
   virtual_machine_id   = azurerm_windows_virtual_machine.migration_windows[each.key].id
   publisher            = "Microsoft.Compute"
@@ -93,14 +89,14 @@ resource "azurerm_virtual_machine_extension" "migration_windows_joinad" {
     {
         "Name": "HMCTS.NET",
         "OUPath": "OU=DARTS-Migration,DC=hmcts,DC=net",
-        "User": "HMCTS\\${data.azurerm_key_vault_secret.aadds_username[0].value}",
+        "User": "HMCTS\\${data.azurerm_key_vault_secret.aadds_username.value}",
         "Restart": "true",
         "Options": "3"
     }
   SETTINGS
   protected_settings   = <<PROTECTED_SETTINGS
     {
-      "Password": "${data.azurerm_key_vault_secret.aadds_password[0].value}"
+      "Password": "${data.azurerm_key_vault_secret.aadds_password.value}"
     }
   PROTECTED_SETTINGS
 

From 6024b280cdb523a0bd39f468a29282bde24d7452 Mon Sep 17 00:00:00 2001
From: Neil Perry <neil.perry@cgi.com>
Date: Thu, 19 Feb 2026 12:33:11 +0000
Subject: [PATCH 10/10] add public access

---
 blob-storage.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/blob-storage.tf b/blob-storage.tf
index f3a77240..96335847 100644
--- a/blob-storage.tf
+++ b/blob-storage.tf
@@ -28,6 +28,7 @@ module "sa" {
   allow_nested_items_to_be_public = "true"
   enable_change_feed              = true
   private_endpoint_subnet_id      = data.azurerm_subnet.private_endpoints.id
+  public_network_access_enabled   = true
 
   enable_data_protection = true