Merge remote-tracking branch 'origin/master' into sql-managed-instance

2022-11-04 11:42:42 +01:00 · 2022-11-04 11:42:42 +01:00 · 66f805be99
commit 66f805be99
parent e70d967524 cb17e827ba
27 changed files with 555 additions and 94 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,41 @@
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.7 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report).
+
+If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). 
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->
--- a/quickstart/101-attestation-provider/main.tf
+++ b/quickstart/101-attestation-provider/main.tf
@ -3,14 +3,13 @@ resource "random_pet" "rg_name" {
 }

 resource "azurerm_resource_group" "rg" {
-  name     = random_pet.rg_name.id
  location = var.resource_group_location
+  name     = random_pet.rg_name.id
 }

 resource "azurerm_attestation_provider" "corp_attestation" {
-  name                = var.attestation_provider_name
-  resource_group_name = azurerm_resource_group.rg.name
-  location            = azurerm_resource_group.rg.location
-
+  location                        = azurerm_resource_group.rg.location
+  name                            = var.attestation_provider_name
+  resource_group_name             = azurerm_resource_group.rg.name
  policy_signing_certificate_data = file(var.policy_file)
 }
--- a/quickstart/101-attestation-provider/outputs.tf
+++ b/quickstart/101-attestation-provider/outputs.tf
@ -1,3 +1,3 @@
 output "resource_group_name" {
  value = azurerm_resource_group.rg.name
-}
+}
--- a/quickstart/101-attestation-provider/providers.tf
+++ b/quickstart/101-attestation-provider/providers.tf
@ -6,9 +6,13 @@ terraform {
      source  = "hashicorp/azurerm"
      version = "~>2.0"
    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.0"
+    }
  }
 }

 provider "azurerm" {
  features {}
-}
+}
--- a/quickstart/101-attestation-provider/readme.md
+++ b/quickstart/101-attestation-provider/readme.md
@ -12,8 +12,8 @@ This template deploys an [Attestation provider](/azure/attestation/overview) on

 | Name | Description | Default |
 |-|-|-|
-| `resource_group_name_prefix` | (Optional) Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription.| rg |
-| `resource_group_location` | (Optional) Azure Region in which to deploy these resources.| eastus |
+| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg |
+| `resource_group_location` | Location of the resource group. | eastus |
 | `attestation_provider_name` | Name of the Attestation provider | attestationprovider007 |

 ## Example
--- a/quickstart/101-attestation-provider/variables.tf
+++ b/quickstart/101-attestation-provider/variables.tf
@ -1,6 +1,9 @@
-variable "resource_group_name_prefix" {
-  default     = "rg"
-  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
+variable "attestation_provider_name" {
+  default = "attestationprovider007"
+}
+
+variable "policy_file" {
+  default = "~/.certs/cert.pem"
 }

 variable "resource_group_location" {
@ -8,10 +11,7 @@ variable "resource_group_location" {
  description = "Location of the resource group."
 }

-variable "policy_file" {
-  default = "~/.certs/cert.pem"
-}
-
-variable "attestation_provider_name" {
-  default = "attestationprovider007"
+variable "resource_group_name_prefix" {
+  default     = "rg"
+  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
 }
--- a/quickstart/101-resource-group/main.tf
+++ b/quickstart/101-resource-group/main.tf
@ -3,6 +3,6 @@ resource "random_pet" "rg_name" {
 }

 resource "azurerm_resource_group" "rg" {
-  name     = random_pet.rg_name.id
  location = var.resource_group_location
-}
+  name     = random_pet.rg_name.id
+}
--- a/quickstart/101-resource-group/providers.tf
+++ b/quickstart/101-resource-group/providers.tf
@ -6,9 +6,13 @@ terraform {
      source  = "hashicorp/azurerm"
      version = "~>2.0"
    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.0"
+    }
  }
 }

 provider "azurerm" {
  features {}
-}
+}
--- a/quickstart/101-resource-group/readme.md
+++ b/quickstart/101-resource-group/readme.md
@ -9,10 +9,10 @@ This template deploys an Azure resource group with a random name beginning with

 ## Variables

-| Name | Description |
-|-|-|
-| `resource_group_name_prefix` | (Optional) Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. Value defaults to: rg|
-| `resource_group_location` | (Optional) Azure Region in which to deploy these resources. Value defaults to: eastus |
+| Name | Description | Default |
+|-|-|-|
+| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg |
+| `resource_group_location` | Location of the resource group. | eastus |

 ## Example

--- a/quickstart/101-resource-group/variables.tf
+++ b/quickstart/101-resource-group/variables.tf
@ -1,9 +1,9 @@
-variable "resource_group_name_prefix" {
-  default     = "rg"
-  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
-}
-
 variable "resource_group_location" {
  default     = "eastus"
  description = "Location of the resource group."
 }
+
+variable "resource_group_name_prefix" {
+  default     = "rg"
+  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
+}
--- a/quickstart/101-vm-with-infrastructure/main.tf
+++ b/quickstart/101-vm-with-infrastructure/main.tf
@ -0,0 +1,131 @@
+resource "random_pet" "rg_name" {
+  prefix = var.resource_group_name_prefix
+}
+
+resource "azurerm_resource_group" "rg" {
+  location = var.resource_group_location
+  name     = random_pet.rg_name.id
+}
+
+# Create virtual network
+resource "azurerm_virtual_network" "my_terraform_network" {
+  name                = "myVnet"
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+}
+
+# Create subnet
+resource "azurerm_subnet" "my_terraform_subnet" {
+  name                 = "mySubnet"
+  resource_group_name  = azurerm_resource_group.rg.name
+  virtual_network_name = azurerm_virtual_network.my_terraform_network.name
+  address_prefixes     = ["10.0.1.0/24"]
+}
+
+# Create public IPs
+resource "azurerm_public_ip" "my_terraform_public_ip" {
+  name                = "myPublicIP"
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+  allocation_method   = "Dynamic"
+}
+
+# Create Network Security Group and rule
+resource "azurerm_network_security_group" "my_terraform_nsg" {
+  name                = "myNetworkSecurityGroup"
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+
+  security_rule {
+    name                       = "SSH"
+    priority                   = 1001
+    direction                  = "Inbound"
+    access                     = "Allow"
+    protocol                   = "Tcp"
+    source_port_range          = "*"
+    destination_port_range     = "22"
+    source_address_prefix      = "*"
+    destination_address_prefix = "*"
+  }
+}
+
+# Create network interface
+resource "azurerm_network_interface" "my_terraform_nic" {
+  name                = "myNIC"
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+
+  ip_configuration {
+    name                          = "my_nic_configuration"
+    subnet_id                     = azurerm_subnet.my_terraform_subnet.id
+    private_ip_address_allocation = "Dynamic"
+    public_ip_address_id          = azurerm_public_ip.my_terraform_public_ip.id
+  }
+}
+
+# Connect the security group to the network interface
+resource "azurerm_network_interface_security_group_association" "example" {
+  network_interface_id      = azurerm_network_interface.my_terraform_nic.id
+  network_security_group_id = azurerm_network_security_group.my_terraform_nsg.id
+}
+
+# Generate random text for a unique storage account name
+resource "random_id" "random_id" {
+  keepers = {
+    # Generate a new ID only when a new resource group is defined
+    resource_group = azurerm_resource_group.rg.name
+  }
+
+  byte_length = 8
+}
+
+# Create storage account for boot diagnostics
+resource "azurerm_storage_account" "my_storage_account" {
+  name                     = "diag${random_id.random_id.hex}"
+  location                 = azurerm_resource_group.rg.location
+  resource_group_name      = azurerm_resource_group.rg.name
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+}
+
+# Create (and display) an SSH key
+resource "tls_private_key" "example_ssh" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+# Create virtual machine
+resource "azurerm_linux_virtual_machine" "my_terraform_vm" {
+  name                  = "myVM"
+  location              = azurerm_resource_group.rg.location
+  resource_group_name   = azurerm_resource_group.rg.name
+  network_interface_ids = [azurerm_network_interface.my_terraform_nic.id]
+  size                  = "Standard_DS1_v2"
+
+  os_disk {
+    name                 = "myOsDisk"
+    caching              = "ReadWrite"
+    storage_account_type = "Premium_LRS"
+  }
+
+  source_image_reference {
+    publisher = "Canonical"
+    offer     = "UbuntuServer"
+    sku       = "18.04-LTS"
+    version   = "latest"
+  }
+
+  computer_name                   = "myvm"
+  admin_username                  = "azureuser"
+  disable_password_authentication = true
+
+  admin_ssh_key {
+    username   = "azureuser"
+    public_key = tls_private_key.example_ssh.public_key_openssh
+  }
+
+  boot_diagnostics {
+    storage_account_uri = azurerm_storage_account.my_storage_account.primary_blob_endpoint
+  }
+}
--- a/quickstart/101-vm-with-infrastructure/outputs.tf
+++ b/quickstart/101-vm-with-infrastructure/outputs.tf
@ -0,0 +1,12 @@
+output "resource_group_name" {
+  value = azurerm_resource_group.rg.name
+}
+
+output "public_ip_address" {
+  value = azurerm_linux_virtual_machine.my_terraform_vm.public_ip_address
+}
+
+output "tls_private_key" {
+  value     = tls_private_key.example_ssh.private_key_pem
+  sensitive = true
+}
--- a/quickstart/101-vm-with-infrastructure/providers.tf
+++ b/quickstart/101-vm-with-infrastructure/providers.tf
@ -0,0 +1,22 @@
+terraform {
+  required_version = ">=0.12"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~>2.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.0"
+    }
+    tls = {
+      source = "hashicorp/tls"
+      version = "~>4.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}
--- a/quickstart/101-vm-with-infrastructure/readme.md
+++ b/quickstart/101-vm-with-infrastructure/readme.md
@ -0,0 +1,30 @@
+# Azure resource group
+
+This template deploys a Linux virtual machine (VM) with infrastructure that includes a virtual network, subnet, public IP address, and more.
+
+## Terraform resource types
+
+- [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet)
+- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group)
+
+- [azurerm_virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network)
+- [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet)
+- [azurerm_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip)
+- [azurerm_network_security_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group)
+- [azurerm_network_interface](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface)
+- [azurerm_network_interface_security_group_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface_security_group_association)
+- [random_id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id)
+- [azurerm_storage_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account)
+- [tls_private_key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key)
+- [azurerm_linux_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine)
+
+## Variables
+
+| Name | Description | Default |
+|-|-|
+| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg |
+| `resource_group_location` | Location of the resource group. | eastus |
+
+## Example
+
+To see how to run this example, see [Quickstart: Configure a Linux virtual machine in Azure using Terraform](https://docs.microsoft.com/azure/developer/terraform/create-linux-virtual-machine-with-infrastructure).
--- a/quickstart/101-vm-with-infrastructure/variables.tf
+++ b/quickstart/101-vm-with-infrastructure/variables.tf
@ -0,0 +1,9 @@
+variable "resource_group_location" {
+  default     = "eastus"
+  description = "Location of the resource group."
+}
+
+variable "resource_group_name_prefix" {
+  default     = "rg"
+  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
+}
--- a/quickstart/201-k8s-cluster-with-tf-and-aks/main.tf
+++ b/quickstart/201-k8s-cluster-with-tf-and-aks/main.tf
@ -0,0 +1,65 @@
+# Generate random resource group name
+resource "random_pet" "rg_name" {
+  prefix = var.resource_group_name_prefix
+}
+
+resource "azurerm_resource_group" "rg" {
+  location = var.resource_group_location
+  name     = random_pet.rg_name.id
+}
+
+resource "random_id" "log_analytics_workspace_name_suffix" {
+  byte_length = 8
+}
+
+resource "azurerm_log_analytics_workspace" "test" {
+  location            = var.log_analytics_workspace_location
+  # The WorkSpace name has to be unique across the whole of azure, not just the current subscription/tenant.
+  name                = "${var.log_analytics_workspace_name}-${random_id.log_analytics_workspace_name_suffix.dec}"
+  resource_group_name = azurerm_resource_group.rg.name
+  sku                 = var.log_analytics_workspace_sku
+}
+
+resource "azurerm_log_analytics_solution" "test" {
+  location              = azurerm_log_analytics_workspace.test.location
+  resource_group_name   = azurerm_resource_group.rg.name
+  solution_name         = "ContainerInsights"
+  workspace_name        = azurerm_log_analytics_workspace.test.name
+  workspace_resource_id = azurerm_log_analytics_workspace.test.id
+
+  plan {
+    product   = "OMSGallery/ContainerInsights"
+    publisher = "Microsoft"
+  }
+}
+
+resource "azurerm_kubernetes_cluster" "k8s" {
+  location            = azurerm_resource_group.rg.location
+  name                = var.cluster_name
+  resource_group_name = azurerm_resource_group.rg.name
+  dns_prefix          = var.dns_prefix
+  tags                = {
+    Environment = "Development"
+  }
+
+  default_node_pool {
+    name       = "agentpool"
+    vm_size    = "Standard_D2_v2"
+    node_count = var.agent_count
+  }
+  linux_profile {
+    admin_username = "ubuntu"
+
+    ssh_key {
+      key_data = file(var.ssh_public_key)
+    }
+  }
+  network_profile {
+    network_plugin    = "kubenet"
+    load_balancer_sku = "standard"
+  }
+  service_principal {
+    client_id     = var.aks_service_principal_app_id
+    client_secret = var.aks_service_principal_client_secret
+  }
+}
--- a/quickstart/201-k8s-cluster-with-tf-and-aks/outputs.tf
+++ b/quickstart/201-k8s-cluster-with-tf-and-aks/outputs.tf
@ -0,0 +1,38 @@
+output "client_certificate" {
+  value     = azurerm_kubernetes_cluster.k8s.kube_config[0].client_certificate
+  sensitive = true
+}
+
+output "client_key" {
+  value     = azurerm_kubernetes_cluster.k8s.kube_config[0].client_key
+  sensitive = true
+}
+
+output "cluster_ca_certificate" {
+  value     = azurerm_kubernetes_cluster.k8s.kube_config[0].cluster_ca_certificate
+  sensitive = true
+}
+
+output "cluster_password" {
+  value     = azurerm_kubernetes_cluster.k8s.kube_config[0].password
+  sensitive = true
+}
+
+output "cluster_username" {
+  value     = azurerm_kubernetes_cluster.k8s.kube_config[0].username
+  sensitive = true
+}
+
+output "host" {
+  value     = azurerm_kubernetes_cluster.k8s.kube_config[0].host
+  sensitive = true
+}
+
+output "kube_config" {
+  value     = azurerm_kubernetes_cluster.k8s.kube_config_raw
+  sensitive = true
+}
+
+output "resource_group_name" {
+  value = azurerm_resource_group.rg.name
+}
--- a/quickstart/201-k8s-cluster-with-tf-and-aks/providers.tf
+++ b/quickstart/201-k8s-cluster-with-tf-and-aks/providers.tf
@ -0,0 +1,18 @@
+terraform {
+  required_version = ">=1.0"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~>3.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}
--- a/quickstart/201-k8s-cluster-with-tf-and-aks/readme.md
+++ b/quickstart/201-k8s-cluster-with-tf-and-aks/readme.md
@ -0,0 +1,33 @@
+# Kubernetes cluster with Azure Kubernetes Service (AKS)
+
+This template provisions an [AKS / Azure Kubernetes service (also known as a Managed Kubernetes Cluster)](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster).
+
+## Terraform resource types
+
+- [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet)
+- [random_string](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string)
+- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group)
+- [azurerm_log_analytics_workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace)
+- [azurerm_log_analytics_solution](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_solution)
+- [azurerm_kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster)
+
+## Variables
+
+| Name | Description | Default |
+|-|-|-|
+| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg |
+| `resource_group_location` | Location of the resource group. | eastus |
+| `agent_count` | Initial number of nodes which should exist in this Node Pool. Value must be between 1 and 1000. | 3 | 
+| `ssh_public_key` | File containing the an ssh_key block. | ~/.ssh/id_rsa.pub |
+| `dns_prefix` | DNS prefix specified when creating the managed cluster. | k8stest |
+| `cluster_name` | Name of the Managed Kubernetes Cluster to create. | k8stest |
+| `log_analytics_workspace_name` | Prefix of the name of the Log Analytics Workspace. Random value is appended to ensure uniqueness across Azure. | testLogAnalyticsWorkspaceName |
+| `log_analytics_workspace_location` | Azure location where the resource exists. | eastus |
+| `log_analytics_workspace_sku` | SKU of the Log Analytics Workspace. | PerGB2018 |
+| `aks_service_principal_app_id` | Service principal app ID. | |
+| `aks_service_principal_client_secret` | Service principal password. | |
+| `aks_service_principal_object_id` | Service principal object ID. | |
+
+## Example
+
+To see how to run this example, see [Create a Kubernetes cluster with Azure Kubernetes Service using Terraform](https://docs.microsoft.com/azure/developer/terraform/create-k8s-cluster-with-tf-and-aks).
--- a/quickstart/201-k8s-cluster-with-tf-and-aks/terraform.tfvars
+++ b/quickstart/201-k8s-cluster-with-tf-and-aks/terraform.tfvars
@ -0,0 +1,2 @@
+aks_service_principal_app_id = "<service_principal_app_id>"
+aks_service_principal_client_secret = "<service_principal_password>"
--- a/quickstart/201-k8s-cluster-with-tf-and-aks/variables.tf
+++ b/quickstart/201-k8s-cluster-with-tf-and-aks/variables.tf
@ -0,0 +1,49 @@
+variable "agent_count" {
+  default = 3
+}
+
+# The following two variable declarations are placeholder references.
+# Set the values for these variable in terraform.tfvars
+variable "aks_service_principal_app_id" {
+  default = ""
+}
+
+variable "aks_service_principal_client_secret" {
+  default = ""
+}
+
+variable "cluster_name" {
+  default = "k8stest"
+}
+
+variable "dns_prefix" {
+  default = "k8stest"
+}
+
+# Refer to https://azure.microsoft.com/global-infrastructure/services/?products=monitor for available Log Analytics regions.
+variable "log_analytics_workspace_location" {
+  default = "eastus"
+}
+
+variable "log_analytics_workspace_name" {
+  default = "testLogAnalyticsWorkspaceName"
+}
+
+# Refer to https://azure.microsoft.com/pricing/details/monitor/ for Log Analytics pricing
+variable "log_analytics_workspace_sku" {
+  default = "PerGB2018"
+}
+
+variable "resource_group_location" {
+  default     = "eastus"
+  description = "Location of the resource group."
+}
+
+variable "resource_group_name_prefix" {
+  default     = "rg"
+  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
+}
+
+variable "ssh_public_key" {
+  default = "~/.ssh/id_rsa.pub"
+}
--- a/quickstart/201-mysql-fs-db/main.tf
+++ b/quickstart/201-mysql-fs-db/main.tf
@ -1,53 +1,57 @@
-// Generate random value for the Resource Group name
+# Generate random resource group name
 resource "random_pet" "rg_name" {
-  prefix = var.name_prefix
+  prefix = var.resource_group_name_prefix
 }

-// Generate random value for the name
+resource "azurerm_resource_group" "rg" {
+  location = var.resource_group_location
+  name     = random_pet.rg_name.id
+}
+
+# Generate random value for the name
 resource "random_string" "name" {
  length  = 8
-  upper   = false
  lower   = true
+  numeric = false
  special = false
+  upper   = false
 }

-// Generate random value for the login password
+# Generate random value for the login password
 resource "random_password" "password" {
  length           = 8
-  upper            = true
  lower            = true
-  special          = true
+  min_lower        = 1
+  min_numeric      = 1
+  min_special      = 1
+  min_upper        = 1
+  numeric          = true
  override_special = "_"
+  special          = true
+  upper            = true
 }

-// Manages the Resource Group where the resource exists
-resource "azurerm_resource_group" "default" {
-  name     = "mysqlfsRG-${random_pet.rg_name.id}"
-  location = var.location
-}
-
-// Manages the Virtual Network
+# Manages the Virtual Network
 resource "azurerm_virtual_network" "default" {
-  name                = "vnet-${random_string.name.result}"
-  location            = azurerm_resource_group.default.location
-  resource_group_name = azurerm_resource_group.default.name
  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.rg.location
+  name                = "vnet-${random_string.name.result}"
+  resource_group_name = azurerm_resource_group.rg.name
 }

-// Manages the Subnet
+# Manages the Subnet
 resource "azurerm_subnet" "default" {
-  name                 = "subnet-${random_string.name.result}"
-  resource_group_name  = azurerm_resource_group.default.name
-  virtual_network_name = azurerm_virtual_network.default.name
  address_prefixes     = ["10.0.2.0/24"]
+  name                 = "subnet-${random_string.name.result}"
+  resource_group_name  = azurerm_resource_group.rg.name
+  virtual_network_name = azurerm_virtual_network.default.name
  service_endpoints    = ["Microsoft.Storage"]

  delegation {
    name = "fs"

    service_delegation {
-      name = "Microsoft.DBforMySQL/flexibleServers"
-
+      name    = "Microsoft.DBforMySQL/flexibleServers"
      actions = [
        "Microsoft.Network/virtualNetworks/subnets/join/action",
      ]
@ -55,51 +59,48 @@ resource "azurerm_subnet" "default" {
  }
 }

-// Enables you to manage Private DNS zones within Azure DNS
+# Enables you to manage Private DNS zones within Azure DNS
 resource "azurerm_private_dns_zone" "default" {
  name                = "${random_string.name.result}.mysql.database.azure.com"
-  resource_group_name = azurerm_resource_group.default.name
+  resource_group_name = azurerm_resource_group.rg.name
 }

-// Enables you to manage Private DNS zone Virtual Network Links
+# Enables you to manage Private DNS zone Virtual Network Links
 resource "azurerm_private_dns_zone_virtual_network_link" "default" {
  name                  = "mysqlfsVnetZone${random_string.name.result}.com"
  private_dns_zone_name = azurerm_private_dns_zone.default.name
+  resource_group_name   = azurerm_resource_group.rg.name
  virtual_network_id    = azurerm_virtual_network.default.id
-  resource_group_name   = azurerm_resource_group.default.name
 }

-// Manages the MySQL Flexible Server
+# Manages the MySQL Flexible Server
 resource "azurerm_mysql_flexible_server" "default" {
+  location                     = azurerm_resource_group.rg.location
  name                         = "mysqlfs-${random_string.name.result}"
-  resource_group_name          = azurerm_resource_group.default.name
-  location                     = azurerm_resource_group.default.location
+  resource_group_name          = azurerm_resource_group.rg.name
  administrator_login          = random_string.name.result
  administrator_password       = random_password.password.result
-  zone                         = "1"
-  version                      = "8.0.21"
  backup_retention_days        = 7
+  delegated_subnet_id          = azurerm_subnet.default.id
  geo_redundant_backup_enabled = false
-
-  storage {
-    size_gb = 20
-    iops    = 360
-  }
-
-  delegated_subnet_id = azurerm_subnet.default.id
-  private_dns_zone_id = azurerm_private_dns_zone.default.id
-  sku_name            = "GP_Standard_D2ds_v4"
+  private_dns_zone_id          = azurerm_private_dns_zone.default.id
+  sku_name                     = "GP_Standard_D2ds_v4"
+  version                      = "8.0.21"
+  zone                         = "1"

  high_availability {
    mode                      = "ZoneRedundant"
    standby_availability_zone = "2"
  }
-
  maintenance_window {
    day_of_week  = 0
    start_hour   = 8
    start_minute = 0
  }
+  storage {
+    iops    = 360
+    size_gb = 20
+  }

  depends_on = [azurerm_private_dns_zone_virtual_network_link.default]
 }
--- a/quickstart/201-mysql-fs-db/mysql-fs-db.tf
+++ b/quickstart/201-mysql-fs-db/mysql-fs-db.tf
@ -1,8 +1,8 @@
-// Manages the MySQL Flexible Server Database
+# Manages the MySQL Flexible Server Database
 resource "azurerm_mysql_flexible_database" "default" {
-  name                = "mysqlfsdb_${random_string.name.result}"
-  resource_group_name = azurerm_resource_group.default.name
-  server_name         = azurerm_mysql_flexible_server.default.name
  charset             = "utf8"
  collation           = "utf8_unicode_ci"
+  name                = "mysqlfsdb_${random_string.name.result}"
+  resource_group_name = azurerm_resource_group.rg.name
+  server_name         = azurerm_mysql_flexible_server.default.name
 }
--- a/quickstart/201-mysql-fs-db/outputs.tf
+++ b/quickstart/201-mysql-fs-db/outputs.tf
@ -1,7 +1,3 @@
-output "resource_group_name" {
-  value = azurerm_resource_group.default.name
-}
-
 output "azurerm_mysql_flexible_server" {
  value = azurerm_mysql_flexible_server.default.name
 }
@ -9,3 +5,7 @@ output "azurerm_mysql_flexible_server" {
 output "mysql_flexible_server_database_name" {
  value = azurerm_mysql_flexible_database.default.name
 }
+
+output "resource_group_name" {
+  value = azurerm_resource_group.rg.name
+}
--- a/quickstart/201-mysql-fs-db/providers.tf
+++ b/quickstart/201-mysql-fs-db/providers.tf
@ -6,9 +6,14 @@ terraform {
      source  = "hashicorp/azurerm"
      version = "~>3.0"
    }
+
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.0"
+    }
  }
 }

 provider "azurerm" {
  features {}
-}
+}
--- a/quickstart/201-mysql-fs-db/readme.md
+++ b/quickstart/201-mysql-fs-db/readme.md
@ -17,10 +17,10 @@ This template deploys an [Azure MySQL Flexible Server Database](https://registry

 ## Variables

-| Name | Description |
-|-|-|
-| `name_prefix` | (Optional) Prefix of the resource name. Value defaults to: tftest|
-| `location` | (Optional) Azure Region in which to deploy these resources. Value defaults to: eastus |
+| Name | Description | Default |
+|-|-|-|
+| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg |
+| `resource_group_location` | Location of the resource group. | eastus |

 ## Example

--- a/quickstart/201-mysql-fs-db/variables.tf
+++ b/quickstart/201-mysql-fs-db/variables.tf
@ -1,11 +1,9 @@
-variable "name_prefix" {
-  type        = string
-  default     = "tftest"
-  description = "Prefix of the resource name."
+variable "resource_group_location" {
+  default     = "eastus"
+  description = "Location of the resource group."
 }

-variable "location" {
-  type        = string
-  default     = "eastus"
-  description = "Location of the resource."
-}
+variable "resource_group_name_prefix" {
+  default     = "rg"
+  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
+}