resolve comments

2022-06-28 17:23:27 +08:00 · 2022-06-28 17:23:27 +08:00 · 191572bc6b
commit 191572bc6b
parent aae3e0fbec
8 changed files with 47 additions and 53 deletions
--- a/quickstart/201-vm-disk-encryption-extension/main.tf
+++ b/quickstart/201-vm-disk-encryption-extension/main.tf
@ -39,7 +39,7 @@ resource "azurerm_key_vault_access_policy" "service-principal" {
 resource "azurerm_key_vault_key" "example" {
  name         = "examplekey"
  key_vault_id = azurerm_key_vault.example.id
-  key_type     = "RSA"
+  key_type     = "RSA-HSM"
  key_size     = 2048

  key_opts = [
@ -120,15 +120,13 @@ resource "azurerm_virtual_machine_extension" "example" {
  auto_upgrade_minor_version = false
  virtual_machine_id         = azurerm_linux_virtual_machine.example.id

-  settings = <<SETTINGS
-{
-  "EncryptionOperation": "EnableEncryption",
-  "KeyEncryptionAlgorithm": "RSA-OAEP",
-  "KeyVaultURL": "${azurerm_key_vault.example.vault_uri}",
-  "KeyVaultResourceId": "${azurerm_key_vault.example.id}",
-  "KeyEncryptionKeyURL": "${azurerm_key_vault_key.example.id}",
-  "KekVaultResourceId": "${azurerm_key_vault.example.id}",
-  "VolumeType": "All"
-}
-SETTINGS
+  settings = jsonencode({
+    "EncryptionOperation"    = "EnableEncryption"
+    "KeyEncryptionAlgorithm" = "RSA-OAEP"
+    "KeyVaultURL"            = azurerm_key_vault.example.vault_uri
+    "KeyVaultResourceId"     = azurerm_key_vault.example.id
+    "KeyEncryptionKeyURL"    = azurerm_key_vault_key.example.id
+    "KekVaultResourceId"     = azurerm_key_vault.example.id
+    "VolumeType"             = "All"
+  })
 }
--- a/quickstart/201-vm-disk-encryption-extension/providers.tf
+++ b/quickstart/201-vm-disk-encryption-extension/providers.tf
--- a/quickstart/201-vm-disk-encryption-extension/readme.md
+++ b/quickstart/201-vm-disk-encryption-extension/readme.md
@ -19,8 +19,8 @@ This template deploys an Azure virtual machine with disk encryption extension.
 | Name | Description |
 |-|-|
 | `location` | (Required) Azure Region in which to deploy these resources.|
+| `name_prefix` | (Required) Prefix of the resource name.|
 | `vm_public_key` | (Required) Public key of the Virtual Machine.|
-| `name_prefix` | (Optional) Prefix of the resource name. Value defaults to: tftest|

 ## Example

--- a/quickstart/201-vm-disk-encryption-extension/variables.tf
+++ b/quickstart/201-vm-disk-encryption-extension/variables.tf
@ -3,13 +3,12 @@ variable "location" {
  description = "Location where resources will be created"
 }

+variable "name_prefix" {
+  type        = string
+  description = "Prefix of the resource name"
+}
+
 variable "vm_public_key" {
  type        = string
  description = "Public key of the Virtual Machine"
 }
-
-variable "name_prefix" {
-  type        = string
-  default     = "tftest"
-  description = "Prefix of the resource name"
-}
--- a/quickstart/201-vmss-disk-encryption-extension/main.tf
+++ b/quickstart/201-vmss-disk-encryption-extension/main.tf
@ -39,7 +39,7 @@ resource "azurerm_key_vault_access_policy" "service-principal" {
 resource "azurerm_key_vault_key" "example" {
  name         = "examplekey"
  key_vault_id = azurerm_key_vault.example.id
-  key_type     = "RSA"
+  key_type     = "RSA-HSM"
  key_size     = 3072

  key_opts = [
@ -114,15 +114,13 @@ resource "azurerm_virtual_machine_scale_set_extension" "example" {
  auto_upgrade_minor_version   = false
  virtual_machine_scale_set_id = azurerm_windows_virtual_machine_scale_set.example.id

-  settings = <<SETTINGS
-{
-  "EncryptionOperation": "EnableEncryption",
-  "KeyEncryptionAlgorithm": "RSA-OAEP",
-  "KeyVaultURL": "${azurerm_key_vault.example.vault_uri}",
-  "KeyVaultResourceId": "${azurerm_key_vault.example.id}",
-  "KeyEncryptionKeyURL": "${azurerm_key_vault_key.example.id}",
-  "KekVaultResourceId": "${azurerm_key_vault.example.id}",
-  "VolumeType": "All"
-}
-SETTINGS
+  settings = jsonencode({
+    "EncryptionOperation"    = "EnableEncryption"
+    "KeyEncryptionAlgorithm" = "RSA-OAEP"
+    "KeyVaultURL"            = azurerm_key_vault.example.vault_uri
+    "KeyVaultResourceId"     = azurerm_key_vault.example.id
+    "KeyEncryptionKeyURL"    = azurerm_key_vault_key.example.id
+    "KekVaultResourceId"     = azurerm_key_vault.example.id
+    "VolumeType"             = "All"
+  })
 }
--- a/quickstart/201-vmss-disk-encryption-extension/providers.tf
+++ b/quickstart/201-vmss-disk-encryption-extension/providers.tf
@ -1,20 +1,20 @@
-terraform {
-  required_version = ">=1.0"
-
-  required_providers {
-    azurerm = {
-      source  = "hashicorp/azurerm"
-      version = "~>3.8"
-    }
-  }
-}
-
-provider "azurerm" {
-  features {
-    key_vault {
-      recover_soft_deleted_key_vaults    = false
-      purge_soft_delete_on_destroy       = false
-      purge_soft_deleted_keys_on_destroy = false
-    }
-  }
-}
+terraform {
+  required_version = ">=1.0"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~>3.8"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {
+    key_vault {
+      recover_soft_deleted_key_vaults    = false
+      purge_soft_delete_on_destroy       = false
+      purge_soft_deleted_keys_on_destroy = false
+    }
+  }
+}
--- a/quickstart/201-vmss-disk-encryption-extension/readme.md
+++ b/quickstart/201-vmss-disk-encryption-extension/readme.md
@ -19,7 +19,7 @@ This template deploys an Azure virtual machine scale set with disk encryption ex
 |-|-|
 | `admin_password` | (Required) Admin password of the virtual machine scale set.|
 | `location` | (Required) Azure Region in which to deploy these resources.|
-| `name_prefix` | (Optional) Prefix of the resource name. Value defaults to: tftest|
+| `name_prefix` | (Required) Prefix of the resource name.|

 ## Example

--- a/quickstart/201-vmss-disk-encryption-extension/variables.tf
+++ b/quickstart/201-vmss-disk-encryption-extension/variables.tf
@ -11,6 +11,5 @@ variable "location" {

 variable "name_prefix" {
  type        = string
-  default     = "tftest"
  description = "Prefix of the resource name"
 }