Tips-Of-Mine/terraform-azure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

resolve comments

Browse Source
This commit is contained in:
Yichun Ma
2022-06-28 17:23:27 +08:00
parent aae3e0fbec
commit 191572bc6b
8 changed files with 47 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
quickstart/201-vm-disk-encryption-extension/main.tf
View File

@@ -39,7 +39,7 @@ resource "azurerm_key_vault_access_policy" "service-principal" {
resource "azurerm_key_vault_key" "example" { resource "azurerm_key_vault_key" "example" {
name = "examplekey" name = "examplekey"
key_vault_id = azurerm_key_vault.example.id key_vault_id = azurerm_key_vault.example.id
key_type = "RSA" key_type = "RSA-HSM"
key_size = 2048 key_size = 2048
key_opts = [ key_opts = [
@@ -120,15 +120,13 @@ resource "azurerm_virtual_machine_extension" "example" {
auto_upgrade_minor_version = false auto_upgrade_minor_version = false
virtual_machine_id = azurerm_linux_virtual_machine.example.id virtual_machine_id = azurerm_linux_virtual_machine.example.id
settings = <<SETTINGS settings = jsonencode({
{ "EncryptionOperation" = "EnableEncryption"
"EncryptionOperation": "EnableEncryption", "KeyEncryptionAlgorithm" = "RSA-OAEP"
"KeyEncryptionAlgorithm": "RSA-OAEP", "KeyVaultURL" = azurerm_key_vault.example.vault_uri
"KeyVaultURL": "${azurerm_key_vault.example.vault_uri}", "KeyVaultResourceId" = azurerm_key_vault.example.id
"KeyVaultResourceId": "${azurerm_key_vault.example.id}", "KeyEncryptionKeyURL" = azurerm_key_vault_key.example.id
"KeyEncryptionKeyURL": "${azurerm_key_vault_key.example.id}", "KekVaultResourceId" = azurerm_key_vault.example.id
"KekVaultResourceId": "${azurerm_key_vault.example.id}", "VolumeType" = "All"
"VolumeType": "All" })
}
SETTINGS
} }

0
quickstart/201-vm-disk-encryption-extension/provider.tf → quickstart/201-vm-disk-encryption-extension/providers.tf
View File

2
quickstart/201-vm-disk-encryption-extension/readme.md
View File

@@ -19,8 +19,8 @@ This template deploys an Azure virtual machine with disk encryption extension.
| Name | Description | | Name | Description |
|-|-| |-|-|
| `location` | (Required) Azure Region in which to deploy these resources.| | `location` | (Required) Azure Region in which to deploy these resources.|
| `name_prefix` | (Required) Prefix of the resource name.|
| `vm_public_key` | (Required) Public key of the Virtual Machine.| | `vm_public_key` | (Required) Public key of the Virtual Machine.|
| `name_prefix` | (Optional) Prefix of the resource name. Value defaults to: tftest|
## Example ## Example

11
quickstart/201-vm-disk-encryption-extension/variables.tf
View File

@@ -3,13 +3,12 @@ variable "location" {
description = "Location where resources will be created" description = "Location where resources will be created"
} }
variable "name_prefix" {
type = string
description = "Prefix of the resource name"
}
variable "vm_public_key" { variable "vm_public_key" {
type = string type = string
description = "Public key of the Virtual Machine" description = "Public key of the Virtual Machine"
} }
variable "name_prefix" {
type = string
default = "tftest"
description = "Prefix of the resource name"
}

22
quickstart/201-vmss-disk-encryption-extension/main.tf
View File

@@ -39,7 +39,7 @@ resource "azurerm_key_vault_access_policy" "service-principal" {
resource "azurerm_key_vault_key" "example" { resource "azurerm_key_vault_key" "example" {
name = "examplekey" name = "examplekey"
key_vault_id = azurerm_key_vault.example.id key_vault_id = azurerm_key_vault.example.id
key_type = "RSA" key_type = "RSA-HSM"
key_size = 3072 key_size = 3072
key_opts = [ key_opts = [
@@ -114,15 +114,13 @@ resource "azurerm_virtual_machine_scale_set_extension" "example" {
auto_upgrade_minor_version = false auto_upgrade_minor_version = false
virtual_machine_scale_set_id = azurerm_windows_virtual_machine_scale_set.example.id virtual_machine_scale_set_id = azurerm_windows_virtual_machine_scale_set.example.id
settings = <<SETTINGS settings = jsonencode({
{ "EncryptionOperation" = "EnableEncryption"
"EncryptionOperation": "EnableEncryption", "KeyEncryptionAlgorithm" = "RSA-OAEP"
"KeyEncryptionAlgorithm": "RSA-OAEP", "KeyVaultURL" = azurerm_key_vault.example.vault_uri
"KeyVaultURL": "${azurerm_key_vault.example.vault_uri}", "KeyVaultResourceId" = azurerm_key_vault.example.id
"KeyVaultResourceId": "${azurerm_key_vault.example.id}", "KeyEncryptionKeyURL" = azurerm_key_vault_key.example.id
"KeyEncryptionKeyURL": "${azurerm_key_vault_key.example.id}", "KekVaultResourceId" = azurerm_key_vault.example.id
"KekVaultResourceId": "${azurerm_key_vault.example.id}", "VolumeType" = "All"
"VolumeType": "All" })
}
SETTINGS
} }

0
quickstart/201-vmss-disk-encryption-extension/provider.tf → quickstart/201-vmss-disk-encryption-extension/providers.tf
View File

2
quickstart/201-vmss-disk-encryption-extension/readme.md
View File

@@ -19,7 +19,7 @@ This template deploys an Azure virtual machine scale set with disk encryption ex
|-|-| |-|-|
| `admin_password` | (Required) Admin password of the virtual machine scale set.| | `admin_password` | (Required) Admin password of the virtual machine scale set.|
| `location` | (Required) Azure Region in which to deploy these resources.| | `location` | (Required) Azure Region in which to deploy these resources.|
| `name_prefix` | (Optional) Prefix of the resource name. Value defaults to: tftest| | `name_prefix` | (Required) Prefix of the resource name.|
## Example ## Example

1
quickstart/201-vmss-disk-encryption-extension/variables.tf
View File

@@ -11,6 +11,5 @@ variable "location" {
variable "name_prefix" { variable "name_prefix" {
type = string type = string
default = "tftest"
description = "Prefix of the resource name" description = "Prefix of the resource name"
} }