From 07573fcb7a609c3ef0cd0fc4bd9bc4434635ee8c Mon Sep 17 00:00:00 2001 From: Dingjia Chen <48020536+Pumpkin-3906@users.noreply.github.com> Date: Wed, 15 Feb 2023 23:35:14 -0600 Subject: [PATCH] 201-vmss-disk-encryption-extension patch (#153) * fix 201-vmss-disk-encryption-extension example --- .../main.tf | 36 ++++++++++++++----- .../outputs.tf | 4 +++ .../providers.tf | 10 ++++-- .../variables.tf | 18 +++++----- 4 files changed, 48 insertions(+), 20 deletions(-) create mode 100644 quickstart/201-vmss-disk-encryption-extension/outputs.tf diff --git a/quickstart/201-vmss-disk-encryption-extension/main.tf b/quickstart/201-vmss-disk-encryption-extension/main.tf index f290e829..e59ad450 100644 --- a/quickstart/201-vmss-disk-encryption-extension/main.tf +++ b/quickstart/201-vmss-disk-encryption-extension/main.tf @@ -1,13 +1,17 @@ resource "azurerm_resource_group" "example" { - name = "${var.name_prefix}-rg" + name = "${random_pet.prefix.id}-rg" location = var.location } // Key Vault Key data "azurerm_client_config" "current" {} +locals { + current_user_object_id = coalesce(var.msi_id, data.azurerm_client_config.current.object_id) +} + resource "azurerm_key_vault" "example" { - name = "${var.name_prefix}-kv" + name = "${random_pet.prefix.id}-kv" location = azurerm_resource_group.example.location resource_group_name = azurerm_resource_group.example.name tenant_id = data.azurerm_client_config.current.tenant_id @@ -20,7 +24,7 @@ resource "azurerm_key_vault" "example" { resource "azurerm_key_vault_access_policy" "service-principal" { key_vault_id = azurerm_key_vault.example.id tenant_id = data.azurerm_client_config.current.tenant_id - object_id = data.azurerm_client_config.current.object_id + object_id = local.current_user_object_id key_permissions = [ "Create", @@ -58,27 +62,27 @@ resource "azurerm_key_vault_key" "example" { // Virtual Machine Scale Set resource "azurerm_virtual_network" "example" { - name = "${var.name_prefix}-vnet" + name = "${random_pet.prefix.id}-vnet" address_space = ["10.0.0.0/16"] location = azurerm_resource_group.example.location resource_group_name = azurerm_resource_group.example.name } resource "azurerm_subnet" "example" { - name = "${var.name_prefix}-subnet" + name = "${random_pet.prefix.id}-subnet" resource_group_name = azurerm_resource_group.example.name virtual_network_name = azurerm_virtual_network.example.name address_prefixes = ["10.0.2.0/24"] } -resource "azurerm_windows_virtual_machine_scale_set" "example" { - name = "${var.name_prefix}-vmss" +resource "azurerm_windows_virtual_machine_scale_set" "main" { + name = "${random_pet.prefix.id}-vmss" resource_group_name = azurerm_resource_group.example.name location = azurerm_resource_group.example.location sku = "Standard_D2s_v3" instances = 2 admin_username = "adminuser" - admin_password = var.admin_password + admin_password = random_password.password.result computer_name_prefix = "vmss" upgrade_mode = "Automatic" @@ -112,7 +116,7 @@ resource "azurerm_virtual_machine_scale_set_extension" "example" { type = "AzureDiskEncryption" type_handler_version = "2.2" auto_upgrade_minor_version = false - virtual_machine_scale_set_id = azurerm_windows_virtual_machine_scale_set.example.id + virtual_machine_scale_set_id = azurerm_windows_virtual_machine_scale_set.main.id settings = jsonencode({ "EncryptionOperation" = "EnableEncryption" @@ -124,3 +128,17 @@ resource "azurerm_virtual_machine_scale_set_extension" "example" { "VolumeType" = "All" }) } + +resource "random_password" "password" { + length = 20 + min_lower = 1 + min_upper = 1 + min_numeric = 1 + min_special = 1 + special = true +} + +resource "random_pet" "prefix" { + prefix = var.prefix + length = 1 +} \ No newline at end of file diff --git a/quickstart/201-vmss-disk-encryption-extension/outputs.tf b/quickstart/201-vmss-disk-encryption-extension/outputs.tf new file mode 100644 index 00000000..c9172997 --- /dev/null +++ b/quickstart/201-vmss-disk-encryption-extension/outputs.tf @@ -0,0 +1,4 @@ +output "admin_password" { + sensitive = true + value = azurerm_windows_virtual_machine_scale_set.main.admin_password +} \ No newline at end of file diff --git a/quickstart/201-vmss-disk-encryption-extension/providers.tf b/quickstart/201-vmss-disk-encryption-extension/providers.tf index e2d198c6..f58d32b5 100644 --- a/quickstart/201-vmss-disk-encryption-extension/providers.tf +++ b/quickstart/201-vmss-disk-encryption-extension/providers.tf @@ -1,10 +1,14 @@ terraform { - required_version = ">=1.0" + required_version = ">= 1.0" required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~>3.8" + version = ">= 3.0, < 4.0" + } + random = { + source = "hashicorp/random" + version = ">= 3.0" } } } @@ -17,4 +21,4 @@ provider "azurerm" { purge_soft_deleted_keys_on_destroy = false } } -} +} \ No newline at end of file diff --git a/quickstart/201-vmss-disk-encryption-extension/variables.tf b/quickstart/201-vmss-disk-encryption-extension/variables.tf index 762681e0..a5418ec2 100644 --- a/quickstart/201-vmss-disk-encryption-extension/variables.tf +++ b/quickstart/201-vmss-disk-encryption-extension/variables.tf @@ -1,15 +1,17 @@ -variable "admin_password" { - type = string - sensitive = true - description = "Admin password of the virtual machine scale set" -} - variable "location" { type = string + default = "eastus" description = "Location where resources will be created" } -variable "name_prefix" { +variable "msi_id" { type = string - description = "Prefix of the resource name" + default = null + description = "If you're executing the test with user assigned identity, please pass the identity principal id to this variable." } + +variable "prefix" { + type = string + default = "vmss-disk-e-e" + description = "Prefix of the resource name" +} \ No newline at end of file