diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 00000000..b9fa3215 --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,52 @@ +--- +# Format and labels used aim to match those used by Ansible project +name-template: '$RESOLVED_VERSION' +tag-template: '$RESOLVED_VERSION' +categories: + - title: 'Major Changes' + labels: + - 'major' # c6476b + - title: 'Minor Changes' + labels: + - 'feature' # 006b75 + - 'enhancement' # ededed + - 'refactoring' + - title: 'Bugfixes' + labels: + - 'bug' # fbca04 + - title: 'Deprecations' + labels: + - 'deprecated' # fef2c0 +exclude-labels: + - 'skip-changelog' + - 'duplicate' +version-resolver: + major: + labels: + - 'major' + minor: + labels: + - 'minor' + - 'feature' + - 'enhancement' + - 'refactoring' + patch: + labels: + - 'patch' + - 'bug' + - 'deprecated' + default: patch +autolabeler: + - label: 'skip-changelog' + title: '/chore/i' + - label: 'bug' + title: '/fix/i' + - label: 'enhancement' + title: '/(enhance|improve)/i' + - label: 'feature' + title: '/feature/i' + - label: 'dreprecated' + title: '/deprecat/i' +template: | + $CHANGES + Kudos goes to: $CONTRIBUTORS diff --git a/.github/workflows/prettier-md.yml b/.github/workflows/prettier-md.yml new file mode 100644 index 00000000..95ea2687 --- /dev/null +++ b/.github/workflows/prettier-md.yml @@ -0,0 +1,24 @@ +--- +# https://github.com/creyD/prettier_action +name: Prettier markdown files + +on: + push: + paths: + - '**.md' + +jobs: + prettier-md: + runs-on: ubuntu-latest + timeout-minutes: 1 + + steps: + - name: Git checkout + uses: actions/checkout@v3 + with: + ref: ${{ github.head_ref }} + + - name: Prettify code + uses: creyD/prettier_action@v4.2 + with: + prettier_options: --write {**/*,*}.md diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..c88448ea --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,80 @@ +--- +name: New release + +on: # yamllint disable-line rule:truthy + workflow_dispatch: + push: + branches: + - main + +jobs: + generate_changelog: + runs-on: ubuntu-latest + name: create release draft + steps: + - uses: actions/checkout@v3.0.2 + with: + fetch-depth: 0 + + - name: 'Get Previous tag' + id: previoustag + uses: "WyriHaximus/github-action-get-previous-tag@master" + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + + - name: calculate next version + id: version + uses: patrickjahns/version-drafter-action@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Generate changelog + uses: charmixer/auto-changelog-action@v1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + future_release: ${{ steps.version.outputs.next-version }} + + - name: Generate readme + uses: terraform-docs/gh-actions@main + with: + working-dir: . + output-file: README.md + output-method: inject + + - name: push changelog and readme + uses: github-actions-x/commit@v2.9 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + push-branch: 'main' + commit-message: 'update changelog' + force-add: 'true' + files: CHANGELOG.md README.md + name: T-Systems MMS + email: frage@t-systems-mms.com + + # do a second checkout to prevent race situation + # changelog gets updated but action works on old commit id + - uses: actions/checkout@v3.0.2 + with: + ref: main + + - name: Generate changelog for the release + run: | + sed '/## \[${{ steps.previoustag.outputs.tag }}\]/Q' CHANGELOG.md > CHANGELOGRELEASE.md + - name: Read CHANGELOG.md + id: package + uses: juliangruber/read-file-action@v1 + with: + path: ./CHANGELOGRELEASE.md + + - name: Create Release draft + id: create_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token + with: + release_name: ${{ steps.version.outputs.next-version }} + tag_name: ${{ steps.version.outputs.next-version }} + body: | + ${{ steps.package.outputs.content }} + draft: true diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml new file mode 100644 index 00000000..06826e6a --- /dev/null +++ b/.github/workflows/terraform.yml @@ -0,0 +1,23 @@ +--- +name: Terraform + +on: [push, pull_request] + +jobs: + terraform-lint: + runs-on: ubuntu-latest + + steps: + # Important: This sets up your GITHUB_WORKSPACE environment variable + - uses: actions/checkout@v3 + - uses: hashicorp/setup-terraform@v2 + + - name: fmt + run: terraform fmt -recursive -check + continue-on-error: true + + - name: init + run: terraform init + + - name: validate + run: terraform validate -no-color diff --git a/.terraform-docs.yml b/.terraform-docs.yml new file mode 100644 index 00000000..90d78d0a --- /dev/null +++ b/.terraform-docs.yml @@ -0,0 +1,46 @@ +formatter: template + +sections: + show: + - header + - requirements + - providers + - resources + - modules + - inputs + - outputs + - footer + +content: |- + {{ .Header }} + + <-- This file is autogenerated, please do not change. --> + + {{ .Requirements }} + + {{ .Providers }} + + {{ .Resources }} + + {{ .Inputs }} + + {{ .Outputs }} + + ## Examples + + ```hcl + {{ include "examples/main.tf" }} + ``` + +sort: + enabled: true + by: required + +settings: + indent: 2 + hide-empty: true + anchor: false + escape: false + required: true + type: true + read-comments: true diff --git a/LICENSE b/LICENSE new file mode 100644 index 00000000..82b4de97 --- /dev/null +++ b/LICENSE @@ -0,0 +1,353 @@ +Mozilla Public License, version 2.0 + +1. Definitions + +1.1. “Contributor” + + means each individual or legal entity that creates, contributes to the + creation of, or owns Covered Software. + +1.2. “Contributor Version” + + means the combination of the Contributions of others (if any) used by a + Contributor and that particular Contributor’s Contribution. + +1.3. “Contribution” + + means Covered Software of a particular Contributor. + +1.4. “Covered Software” + + means Source Code Form to which the initial Contributor has attached the + notice in Exhibit A, the Executable Form of such Source Code Form, and + Modifications of such Source Code Form, in each case including portions + thereof. + +1.5. “Incompatible With Secondary Licenses” + means + + a. that the initial Contributor has attached the notice described in + Exhibit B to the Covered Software; or + + b. that the Covered Software was made available under the terms of version + 1.1 or earlier of the License, but not also under the terms of a + Secondary License. + +1.6. “Executable Form” + + means any form of the work other than Source Code Form. + +1.7. “Larger Work” + + means a work that combines Covered Software with other material, in a separate + file or files, that is not Covered Software. + +1.8. “License” + + means this document. + +1.9. “Licensable” + + means having the right to grant, to the maximum extent possible, whether at the + time of the initial grant or subsequently, any and all of the rights conveyed by + this License. + +1.10. “Modifications” + + means any of the following: + + a. any file in Source Code Form that results from an addition to, deletion + from, or modification of the contents of Covered Software; or + + b. any new file in Source Code Form that contains any Covered Software. + +1.11. “Patent Claims” of a Contributor + + means any patent claim(s), including without limitation, method, process, + and apparatus claims, in any patent Licensable by such Contributor that + would be infringed, but for the grant of the License, by the making, + using, selling, offering for sale, having made, import, or transfer of + either its Contributions or its Contributor Version. + +1.12. “Secondary License” + + means either the GNU General Public License, Version 2.0, the GNU Lesser + General Public License, Version 2.1, the GNU Affero General Public + License, Version 3.0, or any later versions of those licenses. + +1.13. “Source Code Form” + + means the form of the work preferred for making modifications. + +1.14. “You” (or “Your”) + + means an individual or a legal entity exercising rights under this + License. For legal entities, “You” includes any entity that controls, is + controlled by, or is under common control with You. For purposes of this + definition, “control” means (a) the power, direct or indirect, to cause + the direction or management of such entity, whether by contract or + otherwise, or (b) ownership of more than fifty percent (50%) of the + outstanding shares or beneficial ownership of such entity. + + +2. License Grants and Conditions + +2.1. Grants + + Each Contributor hereby grants You a world-wide, royalty-free, + non-exclusive license: + + a. under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or as + part of a Larger Work; and + + b. under Patent Claims of such Contributor to make, use, sell, offer for + sale, have made, import, and otherwise transfer either its Contributions + or its Contributor Version. + +2.2. Effective Date + + The licenses granted in Section 2.1 with respect to any Contribution become + effective for each Contribution on the date the Contributor first distributes + such Contribution. + +2.3. Limitations on Grant Scope + + The licenses granted in this Section 2 are the only rights granted under this + License. No additional rights or licenses will be implied from the distribution + or licensing of Covered Software under this License. Notwithstanding Section + 2.1(b) above, no patent license is granted by a Contributor: + + a. for any code that a Contributor has removed from Covered Software; or + + b. for infringements caused by: (i) Your and any other third party’s + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + + c. under Patent Claims infringed by Covered Software in the absence of its + Contributions. + + This License does not grant any rights in the trademarks, service marks, or + logos of any Contributor (except as may be necessary to comply with the + notice requirements in Section 3.4). + +2.4. Subsequent Licenses + + No Contributor makes additional grants as a result of Your choice to + distribute the Covered Software under a subsequent version of this License + (see Section 10.2) or under the terms of a Secondary License (if permitted + under the terms of Section 3.3). + +2.5. Representation + + Each Contributor represents that the Contributor believes its Contributions + are its original creation(s) or it has sufficient rights to grant the + rights to its Contributions conveyed by this License. + +2.6. Fair Use + + This License is not intended to limit any rights You have under applicable + copyright doctrines of fair use, fair dealing, or other equivalents. + +2.7. Conditions + + Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in + Section 2.1. + + +3. Responsibilities + +3.1. Distribution of Source Form + + All distribution of Covered Software in Source Code Form, including any + Modifications that You create or to which You contribute, must be under the + terms of this License. You must inform recipients that the Source Code Form + of the Covered Software is governed by the terms of this License, and how + they can obtain a copy of this License. You may not attempt to alter or + restrict the recipients’ rights in the Source Code Form. + +3.2. Distribution of Executable Form + + If You distribute Covered Software in Executable Form then: + + a. such Covered Software must also be made available in Source Code Form, + as described in Section 3.1, and You must inform recipients of the + Executable Form how they can obtain a copy of such Source Code Form by + reasonable means in a timely manner, at a charge no more than the cost + of distribution to the recipient; and + + b. You may distribute such Executable Form under the terms of this License, + or sublicense it under different terms, provided that the license for + the Executable Form does not attempt to limit or alter the recipients’ + rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + + You may create and distribute a Larger Work under terms of Your choice, + provided that You also comply with the requirements of this License for the + Covered Software. If the Larger Work is a combination of Covered Software + with a work governed by one or more Secondary Licenses, and the Covered + Software is not Incompatible With Secondary Licenses, this License permits + You to additionally distribute such Covered Software under the terms of + such Secondary License(s), so that the recipient of the Larger Work may, at + their option, further distribute the Covered Software under the terms of + either this License or such Secondary License(s). + +3.4. Notices + + You may not remove or alter the substance of any license notices (including + copyright notices, patent notices, disclaimers of warranty, or limitations + of liability) contained within the Source Code Form of the Covered + Software, except that You may alter any license notices to the extent + required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + + You may choose to offer, and to charge a fee for, warranty, support, + indemnity or liability obligations to one or more recipients of Covered + Software. However, You may do so only on Your own behalf, and not on behalf + of any Contributor. You must make it absolutely clear that any such + warranty, support, indemnity, or liability obligation is offered by You + alone, and You hereby agree to indemnify every Contributor for any + liability incurred by such Contributor as a result of warranty, support, + indemnity or liability terms You offer. You may include additional + disclaimers of warranty and limitations of liability specific to any + jurisdiction. + +4. Inability to Comply Due to Statute or Regulation + + If it is impossible for You to comply with any of the terms of this License + with respect to some or all of the Covered Software due to statute, judicial + order, or regulation then You must: (a) comply with the terms of this License + to the maximum extent possible; and (b) describe the limitations and the code + they affect. Such description must be placed in a text file included with all + distributions of the Covered Software under this License. Except to the + extent prohibited by statute or regulation, such description must be + sufficiently detailed for a recipient of ordinary skill to be able to + understand it. + +5. Termination + +5.1. The rights granted under this License will terminate automatically if You + fail to comply with any of its terms. However, if You become compliant, + then the rights granted under this License from a particular Contributor + are reinstated (a) provisionally, unless and until such Contributor + explicitly and finally terminates Your grants, and (b) on an ongoing basis, + if such Contributor fails to notify You of the non-compliance by some + reasonable means prior to 60 days after You have come back into compliance. + Moreover, Your grants from a particular Contributor are reinstated on an + ongoing basis if such Contributor notifies You of the non-compliance by + some reasonable means, this is the first time You have received notice of + non-compliance with this License from such Contributor, and You become + compliant prior to 30 days after Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent + infringement claim (excluding declaratory judgment actions, counter-claims, + and cross-claims) alleging that a Contributor Version directly or + indirectly infringes any patent, then the rights granted to You by any and + all Contributors for the Covered Software under Section 2.1 of this License + shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user + license agreements (excluding distributors and resellers) which have been + validly granted by You or Your distributors under this License prior to + termination shall survive termination. + +6. Disclaimer of Warranty + + Covered Software is provided under this License on an “as is” basis, without + warranty of any kind, either expressed, implied, or statutory, including, + without limitation, warranties that the Covered Software is free of defects, + merchantable, fit for a particular purpose or non-infringing. The entire + risk as to the quality and performance of the Covered Software is with You. + Should any Covered Software prove defective in any respect, You (not any + Contributor) assume the cost of any necessary servicing, repair, or + correction. This disclaimer of warranty constitutes an essential part of this + License. No use of any Covered Software is authorized under this License + except under this disclaimer. + +7. Limitation of Liability + + Under no circumstances and under no legal theory, whether tort (including + negligence), contract, or otherwise, shall any Contributor, or anyone who + distributes Covered Software as permitted above, be liable to You for any + direct, indirect, special, incidental, or consequential damages of any + character including, without limitation, damages for lost profits, loss of + goodwill, work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses, even if such party shall have been + informed of the possibility of such damages. This limitation of liability + shall not apply to liability for death or personal injury resulting from such + party’s negligence to the extent applicable law prohibits such limitation. + Some jurisdictions do not allow the exclusion or limitation of incidental or + consequential damages, so this exclusion and limitation may not apply to You. + +8. Litigation + + Any litigation relating to this License may be brought only in the courts of + a jurisdiction where the defendant maintains its principal place of business + and such litigation shall be governed by laws of that jurisdiction, without + reference to its conflict-of-law provisions. Nothing in this Section shall + prevent a party’s ability to bring cross-claims or counter-claims. + +9. Miscellaneous + + This License represents the complete agreement concerning the subject matter + hereof. If any provision of this License is held to be unenforceable, such + provision shall be reformed only to the extent necessary to make it + enforceable. Any law or regulation which provides that the language of a + contract shall be construed against the drafter shall not be used to construe + this License against a Contributor. + + +10. Versions of the License + +10.1. New Versions + + Mozilla Foundation is the license steward. Except as provided in Section + 10.3, no one other than the license steward has the right to modify or + publish new versions of this License. Each version will be given a + distinguishing version number. + +10.2. Effect of New Versions + + You may distribute the Covered Software under the terms of the version of + the License under which You originally received the Covered Software, or + under the terms of any subsequent version published by the license + steward. + +10.3. Modified Versions + + If you create software not governed by this License, and you want to + create a new license for such software, you may create and use a modified + version of this License if you rename the license and remove any + references to the name of the license steward (except to note that such + modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses + If You choose to distribute Source Code Form that is Incompatible With + Secondary Licenses under the terms of this version of the License, the + notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice + + This Source Code Form is subject to the + terms of the Mozilla Public License, v. + 2.0. If a copy of the MPL was not + distributed with this file, You can + obtain one at + http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular file, then +You may include the notice in a location (such as a LICENSE file in a relevant +directory) where a recipient would be likely to look for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - “Incompatible With Secondary Licenses” Notice + + This Source Code Form is “Incompatible + With Secondary Licenses”, as defined by + the Mozilla Public License, v. 2.0. diff --git a/examples/main.tf b/examples/main.tf new file mode 100644 index 00000000..363eaaa6 --- /dev/null +++ b/examples/main.tf @@ -0,0 +1,50 @@ +module "compute" { + source = "registry.terraform.io/T-Systems-MMS/compute/azurerm" + linux_virtual_machine = { + service-env-vm = { + computer_name = "service-env-vm" + location = "westeurope" + resource_group_name = "service-env-rg" + admin_username = "linux_root" + size = "Standard_E4as_v4" + network_interface_ids = [module.network.network_interface[service-env-vm].id] + zone = 1 + source_image_reference = { + publisher = "OpenLogic" + offer = "CentOS" + sku = "7.6" + version = "latest" + } + admin_ssh_key = { + mgmt-vm = { + public_key = "ssh-rsa SSH-KEY" + username = "linux_root" + } + } + tags = { + service = "service_name" + } + } + } + managed_disk = { + disk0 = { + location = "westeurope" + resource_group_name = "service-env-rg" + storage_account_type = "Premium_LRS" + create_option = "Empty" + disk_size_gb = 50 + zone = 1 + tags = { + service = "service_name" + } + } + } + virtual_machine_data_disk_attachment = { + service-env-vm = { + managed_disk_id = module.compute.managed_disk[disk0].id + virtual_machine_id = module.compute.linux_virtual_machine[service-env-vm].id + lun = 0 + caching = "None" + } + } +} diff --git a/main.tf b/main.tf index 6ab0d3a1..e659b849 100644 --- a/main.tf +++ b/main.tf @@ -45,16 +45,16 @@ resource "azurerm_linux_virtual_machine" "linux_virtual_machine" { content { public_key = local.linux_virtual_machine[each.key].admin_ssh_key[admin_ssh_key.key].public_key - username = local.linux_virtual_machine[each.key].admin_ssh_key[admin_ssh_key.key].username + username = local.linux_virtual_machine[each.key].admin_ssh_key[admin_ssh_key.key].username } } os_disk { - name = local.linux_virtual_machine[each.key].os_disk.name == "" ? each.key : local.linux_virtual_machine[each.key].os_disk.name - caching = local.linux_virtual_machine[each.key].os_disk.caching - storage_account_type = local.linux_virtual_machine[each.key].os_disk.storage_account_type - disk_encryption_set_id = local.linux_virtual_machine[each.key].os_disk.disk_encryption_set_id - disk_size_gb = local.linux_virtual_machine[each.key].os_disk.disk_size_gb + name = local.linux_virtual_machine[each.key].os_disk.name == "" ? each.key : local.linux_virtual_machine[each.key].os_disk.name + caching = local.linux_virtual_machine[each.key].os_disk.caching + storage_account_type = local.linux_virtual_machine[each.key].os_disk.storage_account_type + disk_encryption_set_id = local.linux_virtual_machine[each.key].os_disk.disk_encryption_set_id + disk_size_gb = local.linux_virtual_machine[each.key].os_disk.disk_size_gb write_accelerator_enabled = local.linux_virtual_machine[each.key].os_disk.write_accelerator_enabled dynamic "diff_disk_settings" { @@ -66,20 +66,56 @@ resource "azurerm_linux_virtual_machine" "linux_virtual_machine" { } } - // additional_capabilities {} - // boot_diagnostics {} - // identity {} - // plan {} - // secret {} + additional_capabilities { + ultra_ssd_enabled = local.linux_virtual_machine[each.key].additional_capabilities.ultra_ssd_enabled + } + + dynamic "boot_diagnostics" { + for_each = local.linux_virtual_machine[each.key].boot_diagnostics.storage_account_uri != "" ? [1] : [] + + content { + storage_account_uri = local.linux_virtual_machine[each.key].boot_diagnostics.storage_account_uri + } + } + + dynamic "identity" { + for_each = local.linux_virtual_machine[each.key].identity.type != "" ? [1] : [] + + content { + type = local.linux_virtual_machine[each.key].identity.type + identity_ids = local.linux_virtual_machine[each.key].identity.identity_ids + } + } + + dynamic "plan" { + for_each = local.linux_virtual_machine[each.key].plan != {} ? [1] : [] + + content { + name = local.linux_virtual_machine[each.key].plan.name + product = local.linux_virtual_machine[each.key].plan.product + publisher = local.linux_virtual_machine[each.key].plan.publisher + } + } + + dynamic "secret" { + for_each = local.linux_virtual_machine[each.key].secret != {} ? [1] : [] + + content { + key_vault_id = local.linux_virtual_machine[each.key].secret.key_vault_id + certificate { + url = local.linux_virtual_machine[each.key].secret.certificate.url + } + } + } dynamic "source_image_reference" { - for_each = local.linux_virtual_machine[each.key].source_image_reference != {} ? [1] : [] + for_each = local.linux_virtual_machine[each.key].source_image_reference.publisher != "" ? [1] : [] content { publisher = local.linux_virtual_machine[each.key].source_image_reference.publisher - offer = local.linux_virtual_machine[each.key].source_image_reference.offer - sku = local.linux_virtual_machine[each.key].source_image_reference.sku - version = local.linux_virtual_machine[each.key].source_image_reference.version + offer = local.linux_virtual_machine[each.key].source_image_reference.offer + sku = local.linux_virtual_machine[each.key].source_image_reference.sku + version = local.linux_virtual_machine[each.key].source_image_reference.version } } @@ -89,35 +125,48 @@ resource "azurerm_linux_virtual_machine" "linux_virtual_machine" { resource "azurerm_managed_disk" "managed_disk" { for_each = var.managed_disk - name = local.managed_disk[each.key].name == "" ? each.key : local.managed_disk[each.key].name - location = local.managed_disk[each.key].location - resource_group_name = local.managed_disk[each.key].resource_group_name - storage_account_type = local.managed_disk[each.key].storage_account_type - create_option = local.managed_disk[each.key].create_option - disk_encryption_set_id = local.managed_disk[each.key].disk_encryption_set_id - zones = local.managed_disk[each.key].zones - disk_size_gb = local.managed_disk[each.key].disk_size_gb - hyper_v_generation = local.managed_disk[each.key].hyper_v_generation - image_reference_id = local.managed_disk[each.key].image_reference_id - logical_sector_size = local.managed_disk[each.key].logical_sector_size - os_type = local.managed_disk[each.key].os_type - source_resource_id = local.managed_disk[each.key].source_resource_id - source_uri = local.managed_disk[each.key].source_uri - storage_account_id = local.managed_disk[each.key].storage_account_id - tier = local.managed_disk[each.key].tier - max_shares = local.managed_disk[each.key].max_shares - trusted_launch_enabled = local.managed_disk[each.key].trusted_launch_enabled - on_demand_bursting_enabled = local.managed_disk[each.key].on_demand_bursting_enabled - network_access_policy = local.managed_disk[each.key].network_access_policy + name = local.managed_disk[each.key].name == "" ? each.key : local.managed_disk[each.key].name + location = local.managed_disk[each.key].location + resource_group_name = local.managed_disk[each.key].resource_group_name + storage_account_type = local.managed_disk[each.key].storage_account_type + create_option = local.managed_disk[each.key].create_option + disk_encryption_set_id = local.managed_disk[each.key].disk_encryption_set_id + zone = local.managed_disk[each.key].zone + disk_size_gb = local.managed_disk[each.key].disk_size_gb + hyper_v_generation = local.managed_disk[each.key].hyper_v_generation + image_reference_id = local.managed_disk[each.key].image_reference_id + logical_sector_size = local.managed_disk[each.key].logical_sector_size + os_type = local.managed_disk[each.key].os_type + source_resource_id = local.managed_disk[each.key].source_resource_id + source_uri = local.managed_disk[each.key].source_uri + storage_account_id = local.managed_disk[each.key].storage_account_id + tier = local.managed_disk[each.key].tier + max_shares = local.managed_disk[each.key].max_shares + trusted_launch_enabled = local.managed_disk[each.key].trusted_launch_enabled + on_demand_bursting_enabled = local.managed_disk[each.key].on_demand_bursting_enabled + network_access_policy = local.managed_disk[each.key].network_access_policy public_network_access_enabled = local.managed_disk[each.key].public_network_access_enabled dynamic "encryption_settings" { - for_each = local.managed_disk[each.key].encryption_settings != {} ? [1] : [] + for_each = local.managed_disk[each.key].encryption_settings.enabled != true ? [1] : [] content { enabled = local.managed_disk[each.key].encryption_settings.enabled - // disk_encryption_key {} - // key_encryption_key {} + + dynamic "disk_encryption_key" { + for_each = local.managed_disk[each.key].encryption_settings.disk_encryption_key + content { + secret_url = local.managed_disk[each.key].encryption_settings.disk_encryption_key.secret_url + source_vault_id = local.managed_disk[each.key].encryption_settings.disk_encryption_key.source_vault_id + } + } + dynamic "key_encryption_key" { + for_each = local.managed_disk[each.key].encryption_settings.key_encryption_key + content { + key_url = local.managed_disk[each.key].encryption_settings.key_encryption_key.key_url + source_vault_id = local.managed_disk[each.key].encryption_settings.key_encryption_key.source_vault_id + } + } } } @@ -127,10 +176,10 @@ resource "azurerm_managed_disk" "managed_disk" { resource "azurerm_virtual_machine_data_disk_attachment" "virtual_machine_data_disk_attachment" { for_each = var.virtual_machine_data_disk_attachment - virtual_machine_id = local.virtual_machine_data_disk_attachment[each.key].virtual_machine_id - managed_disk_id = local.virtual_machine_data_disk_attachment[each.key].managed_disk_id - lun = local.virtual_machine_data_disk_attachment[each.key].lun - caching = local.virtual_machine_data_disk_attachment[each.key].caching - create_option = local.virtual_machine_data_disk_attachment[each.key].create_option + virtual_machine_id = local.virtual_machine_data_disk_attachment[each.key].virtual_machine_id + managed_disk_id = local.virtual_machine_data_disk_attachment[each.key].managed_disk_id + lun = local.virtual_machine_data_disk_attachment[each.key].lun + caching = local.virtual_machine_data_disk_attachment[each.key].caching + create_option = local.virtual_machine_data_disk_attachment[each.key].create_option write_accelerator_enabled = local.virtual_machine_data_disk_attachment[each.key].write_accelerator_enabled } diff --git a/outputs.tf b/outputs.tf index b09f258f..6d9ce89e 100644 --- a/outputs.tf +++ b/outputs.tf @@ -3,11 +3,11 @@ output "linux_virtual_machine" { value = { for linux_virtual_machine in keys(azurerm_linux_virtual_machine.linux_virtual_machine) : linux_virtual_machine => { - id = azurerm_linux_virtual_machine.linux_virtual_machine[linux_virtual_machine].id - name = azurerm_linux_virtual_machine.linux_virtual_machine[linux_virtual_machine].name - zone = azurerm_linux_virtual_machine.linux_virtual_machine[linux_virtual_machine].zone + id = azurerm_linux_virtual_machine.linux_virtual_machine[linux_virtual_machine].id + name = azurerm_linux_virtual_machine.linux_virtual_machine[linux_virtual_machine].name + zone = azurerm_linux_virtual_machine.linux_virtual_machine[linux_virtual_machine].zone private_ip_address = azurerm_linux_virtual_machine.linux_virtual_machine[linux_virtual_machine].private_ip_address - public_ip_address = azurerm_linux_virtual_machine.linux_virtual_machine[linux_virtual_machine].public_ip_address + public_ip_address = azurerm_linux_virtual_machine.linux_virtual_machine[linux_virtual_machine].public_ip_address virtual_machine_id = azurerm_linux_virtual_machine.linux_virtual_machine[linux_virtual_machine].virtual_machine_id } } diff --git a/variables.tf b/variables.tf index fe74b689..c378b5e3 100644 --- a/variables.tf +++ b/variables.tf @@ -19,13 +19,13 @@ locals { # resource definition linux_virtual_machine = { name = "" - computer_name = "" - admin_password = "" - license_type = null - allow_extension_operations = false - availability_set_id = null - custom_data = null - dedicated_host_id = null + computer_name = "" + admin_password = "" + license_type = null + allow_extension_operations = false + availability_set_id = null + custom_data = null + dedicated_host_id = null disable_password_authentication = true encryption_at_host_enabled = false eviction_policy = null @@ -38,48 +38,65 @@ locals { proximity_placement_group_id = null secure_boot_enabled = null source_image_id = null - user_data = null - vtpm_enabled = null - virtual_machine_scale_set_id = null - zone = 1 + user_data = null + vtpm_enabled = null + virtual_machine_scale_set_id = null + zone = 1 admin_ssh_key = {} os_disk = { - name = "" - caching = "None" - disk_encryption_set_id = null - disk_size_gb = null + name = "" + caching = "None" + disk_encryption_set_id = null + disk_size_gb = null write_accelerator_enabled = false - disk_encryption_set_id = null - diff_disk_settings = {} + disk_encryption_set_id = null + diff_disk_settings = {} } - additional_capabilities = {} - boot_diagnostics = {} - identity = {} - plan = {} - secret = {} - source_image_reference = {} - tags = {} + additional_capabilities = { + ultra_ssd_enabled = false + } + boot_diagnostics = { + storage_account_uri = "" + } + identity = { + type = "" + identity_ids = null + } + plan = {} + secret = {} + source_image_reference = { + publisher = "" + offer = null + sku = null + version = null + } + tags = {} } managed_disk = { - name = "" - disk_encryption_set_id = null - hyper_v_generation = null - image_reference_id = null - logical_sector_size = null - os_type = null - source_resource_id = null - source_uri = null - storage_account_id = null - tier = null - max_shares = null - trusted_launch_enabled = false - on_demand_bursting_enabled = false - network_access_policy = null + name = "" + disk_encryption_set_id = null + zone = null + hyper_v_generation = null + image_reference_id = null + logical_sector_size = null + os_type = null + source_resource_id = null + source_uri = null + storage_account_id = null + tier = null + max_shares = null + trusted_launch_enabled = false + on_demand_bursting_enabled = false + network_access_policy = null public_network_access_enabled = false - encryption_settings = {} + encryption_settings = { + enabled = false + disk_encryption_key = {} + key_encryption_key = {} + } } virtual_machine_data_disk_attachment = { - create_option = null + create_option = null write_accelerator_enabled = null } } @@ -99,7 +116,15 @@ locals { linux_virtual_machine => merge( local.linux_virtual_machine_values[linux_virtual_machine], { - for config in ["os_disk", "source_image_reference"] : + for config in [ + "os_disk", + "additional_capabilities", + "boot_diagnostics", + "identity", + "plan", + "secret", + "source_image_reference" + ] : config => merge(local.default.linux_virtual_machine[config], local.linux_virtual_machine_values[linux_virtual_machine][config]) }, { diff --git a/versions.tf b/versions.tf index 2ed3fc8e..2d73703c 100644 --- a/versions.tf +++ b/versions.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "registry.terraform.io/hashicorp/azurerm" - version = ">=2.98" + version = ">=3.5" } } required_version = "~>1.1"