Tips-Of-Mine/terraform
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Tips-Of-Mine:users/GitHubPolicyService/46ac6b72-fb6d-4399-a02a-714c519189f1
Branches Tags
Tips-Of-Mine:master Tips-Of-Mine:UserStory335474 Tips-Of-Mine:UserStory281947b Tips-Of-Mine:UserStory330782 Tips-Of-Mine:UserStory281947 Tips-Of-Mine:f-101-aks-standard-lb-and-vmss Tips-Of-Mine:UserStory330721 Tips-Of-Mine:UserStory327082 Tips-Of-Mine:UserStory327081 Tips-Of-Mine:UserStory327080 Tips-Of-Mine:UserStory327079 Tips-Of-Mine:301-machine-learning-hub-spoke-secure Tips-Of-Mine:301-hub-spoke Tips-Of-Mine:201-vmss-jumpbox Tips-Of-Mine:UserStory284326 Tips-Of-Mine:101-vm-with-infrastructure Tips-Of-Mine:101-devtest-labs Tips-Of-Mine:101-attestation-provider Tips-Of-Mine:101-authn-managed-identity Tips-Of-Mine:UserStory316624 Tips-Of-Mine:202-machine-learning-moderately-secure-existing-VNet Tips-Of-Mine:UserStory316612 Tips-Of-Mine:cron Tips-Of-Mine:bump-changed-files Tips-Of-Mine:release/358 Tips-Of-Mine:users/GitHubPolicyService/46ac6b72-fb6d-4399-a02a-714c519189f1 Tips-Of-Mine:rebrand
Tips-Of-Mine:release/UserStory316624
..
compare: Tips-Of-Mine:rebrand
Branches Tags
Tips-Of-Mine:master Tips-Of-Mine:UserStory335474 Tips-Of-Mine:UserStory281947b Tips-Of-Mine:UserStory330782 Tips-Of-Mine:UserStory281947 Tips-Of-Mine:f-101-aks-standard-lb-and-vmss Tips-Of-Mine:UserStory330721 Tips-Of-Mine:UserStory327082 Tips-Of-Mine:UserStory327081 Tips-Of-Mine:UserStory327080 Tips-Of-Mine:UserStory327079 Tips-Of-Mine:301-machine-learning-hub-spoke-secure Tips-Of-Mine:301-hub-spoke Tips-Of-Mine:201-vmss-jumpbox Tips-Of-Mine:UserStory284326 Tips-Of-Mine:101-vm-with-infrastructure Tips-Of-Mine:101-devtest-labs Tips-Of-Mine:101-attestation-provider Tips-Of-Mine:101-authn-managed-identity Tips-Of-Mine:UserStory316624 Tips-Of-Mine:202-machine-learning-moderately-secure-existing-VNet Tips-Of-Mine:UserStory316612 Tips-Of-Mine:cron Tips-Of-Mine:bump-changed-files Tips-Of-Mine:release/358 Tips-Of-Mine:users/GitHubPolicyService/46ac6b72-fb6d-4399-a02a-714c519189f1 Tips-Of-Mine:rebrand
Tips-Of-Mine:release/UserStory316624

2 Commits
users/GitH ... rebrand

Author SHA1 Message Date
Jeffrey Cline
7444c8d3b0 Update README.md 
Updated title to use new MI branding
 2019-04-22 15:17:22 -07:00
Jeffrey Cline
35eef43623 Update README.md 
Updated MSI to use new branding term
 2019-04-22 15:16:22 -07:00
345 changed files with 990 additions and 20658 deletions
Expand all files Collapse all files

48
.github/ISSUE_TEMPLATE/1_feature.yml vendored
View File

@ -1,48 +0,0 @@
name: 'Azure Terraform feature Ask'
description: Request a feature for Azure Terraform Verified Modules, Examples, AzAPI provider, Azure Terrafy, etc.
title: "<title>"
labels: [enhancement]
body:
- type: checkboxes
attributes:
label: Is there an existing issue for this?
description: Please search to see if an issue already exists for the bug you encountered.
options:
- label: I have searched the existing issues
required: true
- type: dropdown
attributes:
label: Where would you like this feature added?
description: Let us know what product or area you would like to see this feature added to.
multiple: false
options:
- "Verified Modules"
- "AzAPI Provider"
- "Azure Terrafy"
- "Examples (Quickstart, Samples, etc.)"
- "Other/Unknown"
validations:
required: true
- type: textarea
attributes:
label: Is this feature ask due to a problem that you are encountering?
description: If so, please provide a clear and concise description of what the problem is.
placeholder: I'm always frustrated when [...]
validations:
required: false
- type: textarea
attributes:
label: Describe potential solutions.
description: Please provide a clear and concise description of what you want to happen.
placeholder: Add a way for me to [...]
validations:
required: true
- type: textarea
attributes:
label: Anything else?
description: |
Links? References? Anything that will give us more context about the feature you are requesting!
Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
validations:
required: false

58
.github/ISSUE_TEMPLATE/2_example_bug.yml vendored
View File

@ -1,58 +0,0 @@
name: 'Azure Terraform example Bug Report'
description: File a bug/issue for a configuration example (Quickstart, samples, etc.)
title: "<title>"
labels: [bug, example]
body:
- type: checkboxes
attributes:
label: Is there an existing issue for this?
description: Please search to see if an issue already exists for the bug you encountered.
options:
- label: I have searched the existing issues
required: true
- type: input
attributes:
label: Example Name
description: The name of the example where you found the bug.
validations:
required: true
- type: input
attributes:
label: Terraform Version
description: |
What version of Terraform were you using when you encountered this issue?
`terraform --version
placeholder: 1.0.0
validations:
required: true
- type: textarea
attributes:
label: Current Behavior
description: A concise description of what you're experiencing.
validations:
required: true
- type: textarea
attributes:
label: Expected Behavior
description: A concise description of what you expected to happen.
validations:
required: true
- type: textarea
attributes:
label: Steps To Reproduce
description: Steps to reproduce the behavior.
placeholder: |
1. Run '...'
2. See error...
validations:
required: false
- type: textarea
attributes:
label: Anything else?
description: |
Links? References? Anything that will give us more context about the issue you are encountering!
Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
validations:
required: false

73
.github/ISSUE_TEMPLATE/3_module_bug.yml vendored
View File

@ -1,73 +0,0 @@
name: 'Azure Verified Module Bug Report'
description: File a bug/issue for a verified module
title: "<title>"
labels: [bug, module]
body:
- type: checkboxes
attributes:
label: Is there an existing issue for this?
description: Please search to see if an issue already exists for the bug you encountered.
options:
- label: I have searched the existing issues
required: true
- type: input
attributes:
label: Module Name
description: The name of the module where you found the bug.
validations:
required: true
- type: input
attributes:
label: Terraform Version
description: |
What version of Terraform were you using when you encountered this issue?
`terraform --version
placeholder: 1.0.0
validations:
required: true
- type: input
attributes:
label: Module Version
description: |
What version of the Azure module were you using when you encountered this issue?
placeholder: 0.1.0
validations:
required: true
- type: textarea
attributes:
label: Current Behavior
description: A concise description of what you're experiencing.
validations:
required: true
- type: textarea
attributes:
label: Expected Behavior
description: A concise description of what you expected to happen.
validations:
required: true
- type: textarea
attributes:
label: Terraform configuration
description: Please provide the minimum Terraform configuration that is resulting in the bug / issue.
render: terraform
validations:
required: true
- type: textarea
attributes:
label: Steps To Reproduce
description: Steps to reproduce the behavior.
placeholder: |
1. Run '...'
2. See error...
validations:
required: false
- type: textarea
attributes:
label: Anything else?
description: |
Links? References? Anything that will give us more context about the issue you are encountering!
Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
validations:
required: false

71
.github/ISSUE_TEMPLATE/4_azapi_bug.yml vendored
View File

@ -1,71 +0,0 @@
name: 'AzAPI Provider Bug Report'
description: File a bug/issue for the AzAPI Terraform Provider
title: "<title>"
labels: [bug, azapi]
body:
- type: checkboxes
attributes:
label: Is there an existing issue for this?
description: Please search to see if an issue already exists for the bug you encountered.
options:
- label: I have searched the existing issues
required: true
- type: input
attributes:
label: Terraform Version
description: |
What version of Terraform were you using when you encountered this issue?
Please include operating system when applicable.
`terraform --version`
placeholder: 1.0.0
validations:
required: true
- type: input
attributes:
label: Provider Version
description: |
What version of the AzAPI provider were you using when you encountered this issue?
placeholder: 0.1.0
validations:
required: true
- type: textarea
attributes:
label: Current Behavior
description: A concise description of what you're experiencing. Include Error output where applicable.
validations:
required: true
- type: textarea
attributes:
label: Expected Behavior
description: A concise description of what you expected to happen.
validations:
required: true
- type: textarea
attributes:
label: Terraform configuration
description: Please provide the minimum Terraform configuration that is resulting in the bug / issue.
render: terraform
validations:
required: true
- type: textarea
attributes:
label: Steps To Reproduce
description: |
Steps to reproduce the behavior.
`terraform apply`
placeholder: |
1. Run '...'
2. See error...
validations:
required: false
- type: textarea
attributes:
label: Anything else?
description: |
Links? References? Anything that will give us more context about the issue you are encountering!
Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
validations:
required: false

43
.github/ISSUE_TEMPLATE/5_aztfy_bug.yml vendored
View File

@ -1,43 +0,0 @@
name: 'Azure Terrafy Bug Report'
description: File a bug/issue for Azure Terrafy (aztfy)
title: "<title>"
labels: [bug, aztfy]
body:
- type: checkboxes
attributes:
label: Is there an existing issue for this?
description: Please search to see if an issue already exists for the bug you encountered.
options:
- label: I have searched the existing issues
required: true
- type: textarea
attributes:
label: Current Behavior
description: A concise description of what you're experiencing. Include error output where applicable.
validations:
required: true
- type: textarea
attributes:
label: Expected Behavior
description: A concise description of what you expected to happen.
validations:
required: true
- type: textarea
attributes:
label: Steps To Reproduce
description: Steps to reproduce the behavior.
placeholder: |
1. In this environment...
2. Run '...'
3. See error...
validations:
required: true
- type: textarea
attributes:
label: Anything else?
description: |
Links? References? Anything that will give us more context about the issue you are encountering!
Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
validations:
required: false

5
.github/ISSUE_TEMPLATE/config.yml vendored
View File

@ -1,5 +0,0 @@
blank_issues_enabled: true
contact_links:
- name: AzureRM provider issues and Feature requests
url: https://github.com/hashicorp/terraform-provider-azurerm/issues
about: Please ask questions and report issues with the AzureRM provider and related resources here.

298
.gitignore vendored
View File

@ -1,12 +1,288 @@
log/
obj/
_site/
.optemp/
_themes*/
_repo.*/
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
##
## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
# User-specific files
*.suo
*.user
*.userosscache
*.sln.docstates
# User-specific files (MonoDevelop/Xamarin Studio)
*.userprefs
# Build results
[Dd]ebug/
[Dd]ebugPublic/
[Rr]elease/
[Rr]eleases/
x64/
x86/
bld/
[Bb]in/
[Oo]bj/
[Ll]og/
# Visual Studio 2015 cache/options directory
.vs/
.vscode/
.idea
.ionide/
.openpublishing.buildcore.ps1.vscode/
*.DS_Store
# Uncomment if you have tasks that create the project's static files in wwwroot
#wwwroot/
# MSTest test Results
[Tt]est[Rr]esult*/
[Bb]uild[Ll]og.*
# NUNIT
*.VisualState.xml
TestResult.xml
# Build Results of an ATL Project
[Dd]ebugPS/
[Rr]eleasePS/
dlldata.c
# .NET Core
project.lock.json
project.fragment.lock.json
artifacts/
**/Properties/launchSettings.json
*_i.c
*_p.c
*_i.h
*.ilk
*.meta
*.obj
*.pch
*.pdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.tmp_proj
*.log
*.vspscc
*.vssscc
.builds
*.pidb
*.svclog
*.scc
# Chutzpah Test files
_Chutzpah*
# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opendb
*.opensdf
*.sdf
*.cachefile
*.VC.db
*.VC.VC.opendb
# Visual Studio profiler
*.psess
*.vsp
*.vspx
*.sap
# TFS 2012 Local Workspace
$tf/
# Guidance Automation Toolkit
*.gpState
# ReSharper is a .NET coding add-in
_ReSharper*/
*.[Rr]e[Ss]harper
*.DotSettings.user
# JustCode is a .NET coding add-in
.JustCode
# TeamCity is a build add-in
_TeamCity*
# DotCover is a Code Coverage Tool
*.dotCover
# Visual Studio code coverage results
*.coverage
*.coveragexml
# NCrunch
_NCrunch_*
.*crunch*.local.xml
nCrunchTemp_*
# MightyMoose
*.mm.*
AutoTest.Net/
# Web workbench (sass)
.sass-cache/
# Installshield output folder
[Ee]xpress/
# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html
# Click-Once directory
publish/
# Publish Web Output
*.[Pp]ublish.xml
*.azurePubxml
# TODO: Comment the next line if you want to checkin your web deploy settings
# but database connection strings (with potential passwords) will be unencrypted
*.pubxml
*.publishproj
# Microsoft Azure Web App publish settings. Comment the next line if you want to
# checkin your Azure Web App publish settings, but sensitive information contained
# in these scripts will be unencrypted
PublishScripts/
# NuGet Packages
*.nupkg
# The packages folder can be ignored because of Package Restore
**/packages/*
# except build/, which is used as an MSBuild target.
!**/packages/build/
# Uncomment if necessary however generally it will be regenerated when needed
#!**/packages/repositories.config
# NuGet v3's project.json files produces more ignorable files
*.nuget.props
*.nuget.targets
# Microsoft Azure Build Output
csx/
*.build.csdef
# Microsoft Azure Emulator
ecf/
rcf/
# Windows Store app package directories and files
AppPackages/
BundleArtifacts/
Package.StoreAssociation.xml
_pkginfo.txt
# Visual Studio cache files
# files ending in .cache can be ignored
*.[Cc]ache
# but keep track of directories ending in .cache
!*.[Cc]ache/
# Others
ClientBin/
~$*
*~
*.dbmdl
*.dbproj.schemaview
*.jfm
*.pfx
*.publishsettings
orleans.codegen.cs
# Since there are multiple workflows, uncomment next line to ignore bower_components
# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
#bower_components/
# RIA/Silverlight projects
Generated_Code/
# Backup & report files from converting an old project file
# to a newer Visual Studio version. Backup files are not needed,
# because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
UpgradeLog*.htm
# SQL Server files
*.mdf
*.ldf
*.ndf
# Business Intelligence projects
*.rdl.data
*.bim.layout
*.bim_*.settings
# Microsoft Fakes
FakesAssemblies/
# GhostDoc plugin setting file
*.GhostDoc.xml
# Node.js Tools for Visual Studio
.ntvs_analysis.dat
node_modules/
# Typescript v1 declaration files
typings/
# Visual Studio 6 build log
*.plg
# Visual Studio 6 workspace options file
*.opt
# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
*.vbw
# Visual Studio LightSwitch build output
**/*.HTMLClient/GeneratedArtifacts
**/*.DesktopClient/GeneratedArtifacts
**/*.DesktopClient/ModelManifest.xml
**/*.Server/GeneratedArtifacts
**/*.Server/ModelManifest.xml
_Pvt_Extensions
# Paket dependency manager
.paket/paket.exe
paket-files/
# FAKE - F# Make
.fake/
# JetBrains Rider
.idea/
*.sln.iml
# CodeRush
.cr/
# Python Tools for Visual Studio (PTVS)
__pycache__/
*.pyc
# Cake - Uncomment if you are using it
# tools/**
# !tools/packages.config
# Telerik's JustMock configuration file
*.jmconfig
# BizTalk build output
*.btp.cs
*.btm.cs
*.odx.cs
*.xsd.cs

104
.gitmodules vendored
View File

@ -1,104 +0,0 @@
[submodule "provider/terraform-provider-azurerm"]
path = provider/terraform-provider-azurerm
url = git@github.com:terraform-providers/terraform-provider-azurerm.git
branch = master
[submodule "module/terraform-azurerm-compute"]
path = module/terraform-azurerm-compute
url = git@github.com:Azure/terraform-azurerm-compute.git
branch = master
[submodule "module/terraform-azurerm-network"]
path = module/terraform-azurerm-network
url = git@github.com:Azure/terraform-azurerm-network.git
branch = master
[submodule "module/terraform-azurerm-database"]
path = module/terraform-azurerm-database
url = git@github.com:Azure/terraform-azurerm-database.git
branch = master
[submodule "module/terraform-azurerm-loadbalancer"]
path = module/terraform-azurerm-loadbalancer
url = git@github.com:Azure/terraform-azurerm-loadbalancer.git
branch = master
[submodule "module/terraform-azurerm-computegroup"]
path = module/terraform-azurerm-computegroup
url = git@github.com:Azure/terraform-azurerm-computegroup.git
branch = master
[submodule "module/terraform-azurerm-network-security-group"]
path = module/terraform-azurerm-network-security-group
url = git@github.com:Azure/terraform-azurerm-network-security-group.git
branch = master
[submodule "module/terraform-azurerm-manageddisk"]
path = module/terraform-azurerm-manageddisk
url = git@github.com:Azure/terraform-azurerm-manageddisk.git
branch = master
[submodule "module/terraform-azurerm-vm"]
path = module/terraform-azurerm-vm
url = git@github.com:Azure/terraform-azurerm-vm.git
branch = master
[submodule "module/terraform-azurerm-vmss-cloudinit"]
path = module/terraform-azurerm-vmss-cloudinit
url = git@github.com:Azure/terraform-azurerm-vmss-cloudinit.git
branch = master
[submodule "module/terraform-azurerm-vnet"]
path = module/terraform-azurerm-vnet
url = git@github.com:Azure/terraform-azurerm-vnet.git
branch = master
[submodule "module/terraform-azurerm-encryptedmanageddisk"]
path = module/terraform-azurerm-encryptedmanageddisk
url = git@github.com:Azure/terraform-azurerm-encryptedmanageddisk.git
branch = master
[submodule "module/terraform-azurerm-diskencrypt"]
path = module/terraform-azurerm-diskencrypt
url = git@github.com:Azure/terraform-azurerm-diskencrypt.git
branch = master
[submodule "module/terraform-azurerm-postgresql"]
path = module/terraform-azurerm-postgresql
url = git@github.com:Azure/terraform-azurerm-postgresql.git
branch = master
[submodule "module/terraform-azurerm-storage-account"]
path = module/terraform-azurerm-storage-account
url = git@github.com:Azure/terraform-azurerm-storage-account.git
branch = master
[submodule "module/terraform-azurerm-routetable"]
path = module/terraform-azurerm-routetable
url = git@github.com:Azure/terraform-azurerm-routetable.git
branch = master
[submodule "module/terraform-azurerm-search-service"]
path = module/terraform-azurerm-search-service
url = git@github.com:Azure/terraform-azurerm-search-service.git
branch = master
[submodule "module/terraform-azurerm-vnetpeering"]
path = module/terraform-azurerm-vnetpeering
url = git@github.com:Azure/terraform-azurerm-vnetpeering.git
branch = master
[submodule "module/terraform-azurerm-aks"]
path = module/terraform-azurerm-aks
url = git@github.com:Azure/terraform-azurerm-aks.git
branch = master
[submodule "module/terraform-azurerm-consul"]
path = module/terraform-azurerm-consul
url = git@github.com:Azure/terraform-azurerm-consul.git
branch = master
[submodule "module/terraform-azurerm-aci"]
path = module/terraform-azurerm-aci
url = git@github.com:Azure/terraform-azurerm-aci.git
branch = master
[submodule "module/terraform-azurerm-disk-snapshot"]
path = module/terraform-azurerm-disk-snapshot
url = git@github.com:Azure/terraform-azurerm-disk-snapshot.git
branch = master
[submodule "module/terraform-azurerm-resource-group"]
path = module/terraform-azurerm-resource-group
url = git@github.com:Azure/terraform-azurerm-resource-group.git
branch = master
[submodule "module/terraform-azurerm-vm-extension-msi"]
path = module/terraform-azurerm-vm-extension-msi
url = git@github.com:Azure/terraform-azurerm-vm-extension-msi.git
branch = master
[submodule "module/terraform-azurerm-application-security-group"]
path = module/terraform-azurerm-application-security-group
url = git@github.com:Azure/terraform-azurerm-application-security-group.git
branch = master
[submodule "module/terraform-azurerm-module-test-jenkins"]
path = module/terraform-azurerm-module-test-jenkins
url = git@github.com:Azure/terraform-azurerm-module-test-jenkins.git
branch = master

42
LICENSE
View File

@ -1,21 +1,21 @@
MIT License
Copyright (c) Microsoft Corporation. All rights reserved.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE
MIT License
Copyright (c) Microsoft Corporation. All rights reserved.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE

38
README.md
View File

@ -1,24 +1,14 @@
# Contributing
This project welcomes contributions and suggestions.
## Modules
Module summary
[Module contribution guide](./module/CONTRIBUTE.md)
## Providers
Provider summary
[Provider contribution guide](./provider/CONTRIBUTE.md)
# Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a
Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide
a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions
provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
# Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a
Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide
a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions
provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.

41
SECURITY.md
View File

@ -1,41 +0,0 @@
<!-- BEGIN MICROSOFT SECURITY.MD V0.0.7 BLOCK -->
## Security
Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below.
## Reporting Security Issues
**Please do not report security vulnerabilities through public GitHub issues.**
Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report).
If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey).
You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc).
Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
* Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
* Full paths of source file(s) related to the manifestation of the issue
* The location of the affected source code (tag/branch/commit or direct URL)
* Any special configuration required to reproduce the issue
* Step-by-step instructions to reproduce the issue
* Proof-of-concept or exploit code (if possible)
* Impact of the issue, including how an attacker might exploit the issue
This information will help us triage your report more quickly.
If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs.
## Preferred Languages
We prefer all communications to be in English.
## Policy
Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd).
<!-- END MICROSOFT SECURITY.MD BLOCK -->

37
module/CONTRIBUTE.md
View File

@ -1,37 +0,0 @@
# Contribute to Terraform Modules Registry
This document describes the basic process of authoring and contributing re-usable, verifiable Terraform templates to Terraform Registry (https://registry.terraform.io). Terraform Registry serves as a centralized location to discover, learn and use Terraform artifacts to provision infrastructure into Azure, as well as into other cloud platforms.
## Basic Steps
Below are the basic steps to create and publish a verified Azure module into the Terraform Registry:
1. Following best practices for Terraform template authoring, create a template deploying infrastructure components into Azure.
2. Create a set of tests verifying correctness of Terraform template created in Step 1.
3. Set up a basic Azure DevOps pipeline for Continuous Integration and Deployment, including running the tests created in Step 2 above.
4. Using your GitHub credentials, sign into Terraform Registry and publish your module.
While Steps 2 and 3 are not a requirement for Terraform Registry, we strongly encourage all modules published as "Azure Verified" to include those steps.
### Step 1 - Creating Terraform template
While Terraform offers an easy-to-create, easy-to-understand template authoring language in the form HCL, creating components that could be re-usable is often a time-consuming art form. With Terraform Registry, you are forced to think about various customer scenarios a template could be deployed with, and the permutation of various use cases could be daunting. While it is impossible to anticipate all the scenarios, we recommend that you familiarize yourself with a [set of Terraform Best Practices] (https://www.terraform.io/docs/enterprise/guides/recommended-practices/index.html) published by HashiCorp. Then, think through the most common use cases your module would likely serve, and try to author it in such a way that it will accommodate a set of those scenarios (as opposed to being strongly coupled to a single use case).
We have [created and documented a tool](https://docs.microsoft.com/en-us/azure/terraform/terraform-vscode-module-generator) that builds basic scaffolding for an Azure module, including a sample test. You are also welcome to clone one of the [existing modules] (https://github.com/Azure/terraform-azurerm-postgresql), providing you a set of Terraform files that you can customize for your module.
### Step 2 - Create a set of tests
After experimenting with several approaches for testing Terraform modules, we have settled on using [Terratest](https://github.com/gruntwork-io/terratest). The benefits of Terratest are its ease of integration with CI/CD tooling, as well its similarity to native [Terraform acceptance testing](https://github.com/hashicorp/terraform/blob/master/.github/CONTRIBUTING.md#writing-an-acceptance-test) framework. You will, however, need to be familiar with Go to create tests using Terratest.
If you used [Module Generator](https://docs.microsoft.com/en-us/azure/terraform/terraform-vscode-module-generator) in Step 1, a default test using Terratest is created for you in the test folder. You will need to think through additional tests that you can create that verify correctness of your template.
### Step 3 - Integrate with Azure DevOps
As you introduce changes to the module, or approve pull requests, you'd like to be certain that new changes did not break the functionality the users have become dependent on. This is where CI/CD integration comes in. Integration with Azure DevOps is straightforward to setup - you will need to make sure you have an [azure-pipelines.yml](https://github.com/Azure/terraform-azurerm-postgresql/blob/master/azure-pipelines.yml) in your repo, as well as add the [test.sh](https://github.com/Azure/terraform-azurerm-postgresql/blob/master/test.sh) file to the root of the repo.
The pipelines file is very generic - it builds a docker container and then calls into test.sh for Terratest execution. The only thing you will change in that file is the imageName variable - this will be the docker image name that the pipeline will create. The test.sh file is generic and stays as is, calling all of the test methods that were authored in Step 2.
After your pipelines succeed, please send a request to Terraform on Azure distribution list to pull this pipeline into Terraform ADO environment.
### Step 4 - Publish Module to Terraform Registry
This is the easiest step of all. Simply sign into [Terraform Registry](https://registry.terraform.io) using your GitHub credentials, then click on Publish in the top right corner. Select the repo to publish, then click publish to complete the process.
After your module has been published, please send a request to Terraform on Azure distribution list to enusre we add an "Azure Verified" check box next to the module you've created.

0
module/README.md
View File

1
module/terraform-azurerm-aci

Submodule module/terraform-azurerm-aci deleted from 7778d5ae12

1
module/terraform-azurerm-aks

Submodule module/terraform-azurerm-aks deleted from 3c05c77a6e

1
module/terraform-azurerm-application-security-group

Submodule module/terraform-azurerm-application-security-group deleted from 82484c9a66

1
module/terraform-azurerm-compute

Submodule module/terraform-azurerm-compute deleted from e9b43630cf

1
module/terraform-azurerm-computegroup

Submodule module/terraform-azurerm-computegroup deleted from c6b9a4031f

1
module/terraform-azurerm-consul

Submodule module/terraform-azurerm-consul deleted from a046262ebb

1
module/terraform-azurerm-database

Submodule module/terraform-azurerm-database deleted from 9e5038e2c3

1
module/terraform-azurerm-disk-snapshot

Submodule module/terraform-azurerm-disk-snapshot deleted from 786868fedd

1
module/terraform-azurerm-diskencrypt

Submodule module/terraform-azurerm-diskencrypt deleted from e7c145d784

1
module/terraform-azurerm-encryptedmanageddisk

Submodule module/terraform-azurerm-encryptedmanageddisk deleted from 0843a2b77b

1
module/terraform-azurerm-loadbalancer

Submodule module/terraform-azurerm-loadbalancer deleted from ffb9ef9b71

1
module/terraform-azurerm-manageddisk

Submodule module/terraform-azurerm-manageddisk deleted from ba09ddb60a

1
module/terraform-azurerm-module-test-jenkins

Submodule module/terraform-azurerm-module-test-jenkins deleted from 1cbfdfe3c7

1
module/terraform-azurerm-network

Submodule module/terraform-azurerm-network deleted from 0336beac05

1
module/terraform-azurerm-network-security-group

Submodule module/terraform-azurerm-network-security-group deleted from 2b53b511b3

1
module/terraform-azurerm-postgresql

Submodule module/terraform-azurerm-postgresql deleted from 2c8caf978b

1
module/terraform-azurerm-resource-group

Submodule module/terraform-azurerm-resource-group deleted from 58b98b34ee

1
module/terraform-azurerm-routetable

Submodule module/terraform-azurerm-routetable deleted from 999ef40f5a

1
module/terraform-azurerm-search-service

Submodule module/terraform-azurerm-search-service deleted from 6e17afd471

1
module/terraform-azurerm-storage-account

Submodule module/terraform-azurerm-storage-account deleted from c34103ce65

1
module/terraform-azurerm-vm

Submodule module/terraform-azurerm-vm deleted from 005ac3e840

1
module/terraform-azurerm-vm-extension-msi

Submodule module/terraform-azurerm-vm-extension-msi deleted from dc02d38c47

1
module/terraform-azurerm-vmss-cloudinit

Submodule module/terraform-azurerm-vmss-cloudinit deleted from 4cbad8048b

1
module/terraform-azurerm-vnet

Submodule module/terraform-azurerm-vnet deleted from 8a5b060d55

1
module/terraform-azurerm-vnetpeering

Submodule module/terraform-azurerm-vnetpeering deleted from 99af18dfe6

276
provider/CONTRIBUTE.md
View File

@ -1,276 +0,0 @@
# Contribute to Terraform AzureRM provider
This document describe how you can get ready to contribute to the [AzureRM Terraform provider](https://github.com/terraform-providers/terraform-provider-azurerm).
We also recommend that you read the [README](https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/README.md) on the AzureRM Terraform Provider repository.
## Setup your system
### Terraform
You need to install Terraform on your dev environment. You can downlaod it from [terraform](https://www.terraform.io/downloads.html).
### Go tools
Terraform is developed using Go Programming Language. You need to install Go Programming Language **1.x.x** to be able to build and debug the provider locally. You can check to see what version of Go is currently being used in the project by checking the [go.mod](https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/go.mod) file in the root directory.
You can download it from [golang](https://golang.org/dl/) and find the installation instructions for your system [golang install](https://golang.org/doc/install#install)
Then you can test your environment following the instructions on [golang testing](https://golang.org/doc/install#testing).
### Check your environment variables
As with many Go project, AzureRM Terraform provider rely on your GOPATH environment variable. You may want to make sure it is well configured for your system, reading [golang setting go path](https://github.com/golang/go/wiki/SettingGOPATH).
### Visual Studio Code
You can use the IDE you love, but in this documentation we will describe how to contribute to the Terraform AzureRM provider using Visual Studio Code. You can download it for your system from [visual studio](https://code.visualstudio.com/Download).
Once installed, download the Go extension for VS Code:
![VS Code Go Extension](assets/ms-vscode-go.png)
Once installed, open VS Code and look for the `Go: Install/Update Tools` in the command palette, a select all the tools:
![Install Go Tools](assets/code-install-go-tools.png)
![Install Go Tools - All](assets/code-install-go-tools-all.png)
![Install Go Tools - Wait](assets/code-install-go-tools-wait.png)
### Specific requirements for Windows users
If you are running Windows, then you need to install Git Bash and Make for Windows. Check the dedicated section on Terraform on Azure repository [terraform developer requirements](https://github.com/terraform-providers/terraform-provider-azurerm#developer-requirements).
## Get the sources
First, go to the [AzureRM Terraform provider](https://github.com/terraform-providers/terraform-provider-azurerm) project page and fork the repository into your GitHub account.
Once done, you need to clone your fork into the `$GOPATH/src/github.com/terraform-providers/terraform-provider-azurerm` folder.
## Build the sources
You can check that everything is OK by building the AzureRM provider:
```bash
cd $GOPATH/src/github.com/terraform-providers/terraform-provider-azurerm
make build
```
Once completed, the binary of the AzureRM provider should be available in the `$GOPATH/bin` directory.
*Note: on Windows, you need to use Git Bash*
More information [here](https://github.com/terraform-providers/terraform-provider-azurerm#developing-the-provider).
## Work with your local build
Once you have built a new version of the AzureRM Terraform provider, you can use it locally.
First, you need to move your `terraform` binary which is in the `$GOPATH/bin` folder on your machine, to the third-party plugins folder which is located at `~/.terraform.d/plugins` on most operating systems and `%APPDATA%\terraform.d\plugins` on Windows.
Then you will need to go to your terraform test folder where the `main.tf` configuration file exists and initialize your terraform working directory by using the `terraform init` command.
If the third-party plugin folder is empty, the init operation will download the AzureRM Provider for you.
More information [here](https://www.terraform.io/docs/extend/how-terraform-works.html#plugin-locations).
## Debug the AzureRM provider using Visual Studio Code and Delve
It is possible to use Visual Studio Code and Delve (the Golang debugger) to debug the AzureRM provider.
The easiest way to debug Terraform AzureRM Provider is to execute the acceptances unit test with the Delve debugger attached. Acceptance tests are tests that are written for every resources and data sources and that will really execute the code to an Azure subscription, to validate everything is working well.
First, to be able to connect to Azure, you need to create a service principal using the following command:
```bash
az ad sp create-for-rbac --role=Contributor --scope=/subscriptions/<YOUR_SUBSCRIPTION_ID>
```
Then, you need to create a `.launch.json` file inside the `.vscode` folder at the root of the Terraform AzureRM provider directory (create the `.vscode` folder if it does not exist).
Copy the following content into the file:
```json
{
// Use IntelliSense to learn about possible attributes.
// Hover to view descriptions of existing attributes.
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
"version": "0.2.0",
"configurations": [
{
"name": "Launch test function",
"type": "go",
"request": "launch",
"mode": "test",
"program": "${workspaceRoot}/azurerm/resource_arm_container_registry_test.go",
"args": [
"-test.v",
"-test.run",
"TestAccAzureRMContainerRegistry_geoReplication"
],
"envFile": "${workspaceRoot}/.vscode/private.env",
"showLog": true
},
]
}
```
The configuration above allows to start debugging a Terraform resource, by launching one or more acceptance test:
- The `program` property indicates the file you want to debug
- The last entry of the `args` property, here `TestAccAzureRMContainerRegistry_geoReplication` represents th test to launch. You can use regex to run multiple tests (ex: `TestAccAzureRMContainerRegistry_*`)
- The `envFile` property defines the path to get the environment variables file (mainly Azure credentials) that needs to be used to run the acceptance test.
Create the `private.env` file into the `.vscode` folder and fill it with the following environment variables:
```
ARM_CLIENT_ID=<YOUR_SERVICE_PRINCIPAL_CLIENT_ID>
ARM_CLIENT_SECRET=<YOUR_SERVICE_PRINCIPAL_CLIENT_SECRET>
ARM_SUBSCRIPTION_ID=<YOUR_AZURE_SUBSCRIPTION_ID>
ARM_TENANT_ID=<YOUR_AZURE_TENANT_ID>
ARM_TEST_LOCATION=<AZURE_LOCATION_1>
ARM_TEST_LOCATION_ALT=<AZURE_LOCATION_2>
TF_ACC=1
```
*Note: it is possible to customize the logging level of Terraform. It might be super useful in some situations. It can be done by setting the `TF_LOG` environment variable. Refer to [the official debugging documentation](https://www.terraform.io/docs/internals/debugging.html) for more details.*
Once done, you can just press F5 and the debug will start! You can place breakpoints in your code to do step by step debugging:
![Install Go Tools - Wait](assets/code-debug-breakpoint.png)
*Note: the first time your start the debug, it can take a while, you need to be patient :-)*
## How to contribute to the Azure RM provider
*Note: we also invite you to read the official documentation about developing a provider [here](https://www.terraform.io/docs/plugins/basics.html#developing-a-plugin)*
First you need to pick [an issue on the provider](https://github.com/terraform-providers/terraform-provider-azurerm/issues) by commenting the issue and saying that you're going to work on that, to make sure that the repo maintainers are aware that you are going to work on this issue.
We also strongly advise that you describe the work you are planning to do, like explaining your implementation, submitting the TF schema for new resources, to make sure the discussion start early as possible with the reviewers.
*Note: if there is no issue for the problem you are trying to solve, you can create one.*
If you are a new contributor, there is a [good first issue](https://github.com/terraform-providers/terraform-provider-azurerm/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22) label that may help you to filter the issue and start with a simple one.
For each piece of code that you write into the provider, you need to make sure that you have:
- the implementations of the `data source` and/or `resource` definition
- acceptance test created or updated
- documentation created or updated
- example created or updated (optional)
Data sources, resources and tests are defined in the [azurerm/internal/services](https://github.com/terraform-providers/terraform-provider-azurerm/tree/master/azurerm/internal/services) folder of the repository.
Documentation for data sources is in the [website/docs/d](https://github.com/terraform-providers/terraform-provider-azurerm/tree/master/website/docs/d) folder and documentation for resources is in the [website/docs/r](https://github.com/terraform-providers/terraform-provider-azurerm/tree/master/website/docs/r) folder.
Finally, examples are located in the [examples](https://github.com/terraform-providers/terraform-provider-azurerm/tree/master/examples) folder.
AzureRM Terraform provider uses the [Azure SDK for Go](https://github.com/Azure/azure-sdk-for-go) to interact with Azure. It's important that you respect that rule. If you are trying to do something that is not available in the Azure SDK for Go, then you should check if the API is availble in [Azure Service Repository](https://github.com/Azure/azure-rest-api-specs) and open an issue in the **Azure SDK for Go** repository to have it added to a future release of the Azure SDK for Go.
We recommand that you start with fixing issues/patching an existing data source or resource to understand how it works in details before trying to implement a brand new one.
Don't forget that you are working on your own fork of the repository and that you need to open a pull request to the main repository to bring your update to the HashiCorp team, for review.
### Working with Azure SDK for Go
All the imports for the Azure for Go SDK services have to be done in the [client.go](https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/azurerm/internal/clients/client.go) file. It exposes a top level struct, `Client` that exposes all the service clients that you may use in a data source or resource to interact with Azure. If the service already exist and you are just modifying an existing resource you can skip this step.
Then you need to register your subservice in `client.go` in your corresponding service folder.
For example, if you need to work on implementing Azure Batch Account support to the provider:
1. Check if the service `Batch` registered in service [client.go](https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/azurerm/internal/clients/client.go). If not, you need to register your service.
2. Go to your corresponding service folder [batch](https://github.com/terraform-providers/terraform-provider-azurerm/tree/master/azurerm/internal/services/batch) and write a `client.go` in client folder. If the service folder does not exist, you will need to create one.
3. Add a variable `AccountClient` which is created by the service api `NewAccountClientWithBaseURI` from `"github.com/Azure/azure-sdk-for-go/services/batch/mgmt/2019-08-01/batch"`.
```go
type Client struct {
AccountClient *batch.AccountClient
}
```
4. Register your client in the Terraform ResourceManagerAuthorizer:
```go
func NewClient(o *common.ClientOptions) *Client {
accountClient := batch.NewAccountClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&accountClient.Client, o.ResourceManagerAuthorizer)
return &Client{
AccountClient: &accountClient,
}
}
```
By doing the four steps above, you will make sure that when developping the data source or the resource, you can access the Azure SDK for Go clients that you need.
### Developing a Data Source
When naming a new data source file it should follow the below naming convention:
**name_of_the_data_source**_data_source.go
A data source is composed of two relevant functions:
- The function that creates a `schema.Resource` object that returns the schema (definition) of the data source,i.e. the property that compose the data source, and some rules about those properties. You only need to provide required properties to locate that resource, and mark all other properties returned from the service as `Computed`. This function is named by convention dataSourceArm*NAME_OF_THE_DATA_SOURCE*, for example `dataSourceArmBatchAccount` for a Batch Account.
- The function that retrieves the data from Azure using the Azure SDK for Go client and set all the values related to the data source. This function is named by convention dataSourceArm*NAME_OF_THE_DATA_SOURCE*Read, for example `dataSourceArmBatchAccountRead` for a Batch Account.
This function takes a `schema.ResourceData` in parameter. You can get the name of the object to retrieve and any property that is defined by the user on that object:
```go
resourceGroup := d.Get("resource_group_name").(string)
name := d.Get("name").(string)
```
You can get a reference on any Azure SDK for Go client registered in the `client.go` using:
```go
client := meta.(*clients.Client).Batch.AccountClient
```
Finally, you can set values retrieve from Azure on the same object, using the `Set` function:
```go
d.Set("account_endpoint", resp.AccountEndpoint)
```
You can check the whole definition of the Azure Batch Account data source [here](https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/azurerm/internal/services/batch/batch_account_data_source.go).
Once your data source is defined, you need to register it into the data sources map in the `registration.go` file:
```go
func (r Registration) SupportedDataSources() map[string]*schema.Resource {
return map[string]*schema.Resource{
"azurerm_batch_account": dataSourceArmBatchAccount(),
}
}
```
### Developing a resource
Developing a resource is really similar to developing a data source. Instead of having only a function to read the data from Azure, it also offers the possibility to write functions to create, update and delete the resource. Apart from that, concepts are the same:
- The file is named using the convention: *name_of_resource*_resource.go
- One function to define the schema of the resource, named by convention resourceArm*NAME_OF_RESOURCE*, for example `resourceArmBatchAccount`.
- One function to create the resource, named by convention resourceArm*NAME_OF_RESOURCE*Create, for example `resourceArmBatchAccountCreate`.
- One function to read the resource, named by convention resourceArm*NAME_OF_RESOURCE*Read, for example `resourceArmBatchAccountRead`.
- One function to update the resource, named by convention resourceArm*NAME_OF_RESOURCE*Update, for example `resourceArmBatchAccountUpdate`.
- One function to delete the resource, named by convention resourceArm*NAME_OF_RESOURCE*Delete, for example `resourceArmBatchAccountDelete`.
The [Azure Batch Account resource](https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/azurerm/internal/services/batch/batch_account_resource.go) is a good and simple example to understand the flow.
Once your resource is defined, you need to register it into the resources map in the `registration.go` file:
```go
func (r Registration) SupportedResources() map[string]*schema.Resource {
return map[string]*schema.Resource{
"azurerm_batch_account": resourceArmBatchAccount(),
}
}
```
### Acceptance tests
Acceptance tests are tests that will run live on your Azure subscription to validate that your resource/data source is working as expected. Each resource/data source should have its own set of acceptance tests that will run independently of each other.
All tests for a given resource/data source are located in the `test` folder which is a sub folder of the service folder. The file name for the tests will be exactly the same as the resource/data source with the addition of the `_test.go` suffix. For example, if you created a data source for `batch account`, the data source file would be named **batch_account_data_source.go** and the test file would have the name **batch_account_data_source_test.go**.
You can find examples of tests for Azure Batch Account data source [here](https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/azurerm/internal/services/batch/batch_account_data_source_test.go) and Azure Batch Account resource [here](https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/azurerm/internal/services/batch/batch_account_resource_test.go).
Please refer to the above section to learn how to run the acceptance tests on your computer.

BIN
provider/assets/code-debug-breakpoint.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 208 KiB

BIN
provider/assets/code-install-go-tools-all.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 96 KiB

BIN
provider/assets/code-install-go-tools-wait.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 38 KiB

BIN
provider/assets/code-install-go-tools.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 8.7 KiB

BIN
provider/assets/ms-vscode-go.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 128 KiB

1
provider/terraform-provider-azurerm

Submodule provider/terraform-provider-azurerm deleted from 14c2a086f9

160
quickstart/101-application-gateway/main.tf
View File

@ -1,160 +0,0 @@
resource "azurerm_resource_group" "rg1" {
name = "myResourceGroupAG"
location = "eastus"
}
resource "azurerm_virtual_network" "vnet1" {
name = "myVNet"
resource_group_name = azurerm_resource_group.rg1.name
location = azurerm_resource_group.rg1.location
address_space = ["10.21.0.0/16"]
}
resource "azurerm_subnet" "frontend" {
name = "myAGSubnet"
resource_group_name = azurerm_resource_group.rg1.name
virtual_network_name = azurerm_virtual_network.vnet1.name
address_prefixes = ["10.21.0.0/24"]
}
resource "azurerm_subnet" "backend" {
name = "myBackendSubnet"
resource_group_name = azurerm_resource_group.rg1.name
virtual_network_name = azurerm_virtual_network.vnet1.name
address_prefixes = ["10.21.1.0/24"]
}
resource "azurerm_public_ip" "pip1" {
name = "myAGPublicIPAddress"
resource_group_name = azurerm_resource_group.rg1.name
location = azurerm_resource_group.rg1.location
allocation_method = "Static"
sku = "Standard"
}
resource "azurerm_application_gateway" "network" {
name = "myAppGateway"
resource_group_name = azurerm_resource_group.rg1.name
location = azurerm_resource_group.rg1.location
sku {
name = "Standard_v2"
tier = "Standard_v2"
capacity = 2
}
gateway_ip_configuration {
name = "my-gateway-ip-configuration"
subnet_id = azurerm_subnet.frontend.id
}
frontend_port {
name = var.frontend_port_name
port = 80
}
frontend_ip_configuration {
name = var.frontend_ip_configuration_name
public_ip_address_id = azurerm_public_ip.pip1.id
}
backend_address_pool {
name = var.backend_address_pool_name
}
backend_http_settings {
name = var.http_setting_name
cookie_based_affinity = "Disabled"
port = 80
protocol = "Http"
request_timeout = 60
}
http_listener {
name = var.listener_name
frontend_ip_configuration_name = var.frontend_ip_configuration_name
frontend_port_name = var.frontend_port_name
protocol = "Http"
}
request_routing_rule {
name = var.request_routing_rule_name
rule_type = "Basic"
http_listener_name = var.listener_name
backend_address_pool_name = var.backend_address_pool_name
backend_http_settings_name = var.http_setting_name
}
}
resource "azurerm_network_interface" "nic" {
count = 2
name = "nic-${count.index+1}"
location = azurerm_resource_group.rg1.location
resource_group_name = azurerm_resource_group.rg1.name
ip_configuration {
name = "nic-ipconfig-${count.index+1}"
subnet_id = azurerm_subnet.backend.id
private_ip_address_allocation = "Dynamic"
}
}
resource "azurerm_network_interface_application_gateway_backend_address_pool_association" "nic-assoc01" {
count = 2
network_interface_id = azurerm_network_interface.nic[count.index].id
ip_configuration_name = "nic-ipconfig-${count.index+1}"
backend_address_pool_id = azurerm_application_gateway.network.backend_address_pool[0].id
}
resource "random_password" "password" {
length = 16
special = true
lower = true
upper = true
number = true
}
resource "azurerm_windows_virtual_machine" "vm" {
count = 2
name = "myVM${count.index+1}"
resource_group_name = azurerm_resource_group.rg1.name
location = azurerm_resource_group.rg1.location
size = "Standard_DS1_v2"
admin_username = "azureadmin"
admin_password = random_password.password.result
network_interface_ids = [
azurerm_network_interface.nic[count.index].id,
]
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-Datacenter"
version = "latest"
}
}
resource "azurerm_virtual_machine_extension" "vm-extensions" {
count = 2
name = "vm${count.index+1}-ext"
virtual_machine_id = azurerm_windows_virtual_machine.vm[count.index].id
publisher = "Microsoft.Compute"
type = "CustomScriptExtension"
type_handler_version = "1.10"
settings = <<SETTINGS
{
"commandToExecute": "powershell Add-WindowsFeature Web-Server; powershell Add-Content -Path \"C:\\inetpub\\wwwroot\\Default.htm\" -Value $($env:computername)"
}
SETTINGS
}

15
quickstart/101-application-gateway/providers.tf
View File

@ -1,15 +0,0 @@
terraform {
required_version = ">=0.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">=2.97.0"
}
}
}
provider "azurerm" {
features {}
}

382
quickstart/101-application-gateway/readme.md
View File

@ -1,382 +0,0 @@
# Azure Application Gateway
This template deploys an [Azure Application Gateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_gateway) v2 and two Windows Server 2019 Datacenter test servers for the backend pool.
## Resources
| Terraform Resource Type | Description |
| - | - |
| `azurerm_resource_group` | The resource group all the deployed resources.|
| `azurerm_virtual_network` | The virtual network for the application gateway. |
| `azurerm_subnet` |The application gateway subnets.|
| `azurerm_public_ip` | The application gateway public IP address. |
| `azurerm_application_gateway` | The v2 Azure Application Gateway. |
| `azurerm_network_interface` | The network interfaces for the test servers. |
| `azurerm_network_interface_application_gateway_backend_address_pool_association` | The network interface association to the backend pool. |
| `azurerm_virtual_machine_extension` | The VM extension for the test servers to install the Web server. |
| `azurerm_windows_virtual_machine` | The VM test servers. |
| `random_password` | Random password for the VM test servers. |
## Variables
| Name | Description |
|-|-|
| `backend_address_pool_name` | Backend pool name |
| `frontend_port_name` | Frontend port name|
| `frontend_ip_configuration_name` | Frontend IP configuration name |
| `http_setting_name` | HTTP setting name |
| `listener_name` | Listener name |
| `request_routing_rule_name` | Routing rule name|
| `redirect_configuration_name` | Redirection configuration name |
## Example
```bash
$ terraform plan -out main.tfplan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# azurerm_application_gateway.network will be created
+ resource "azurerm_application_gateway" "network" {
+ id = (known after apply)
+ location = "eastus"
+ name = "myAppGateway"
+ private_endpoint_connection = (known after apply)
+ resource_group_name = "myResourceGroupAG"
+ backend_address_pool {
+ id = (known after apply)
+ name = "myBackendPool"
}
+ backend_http_settings {
+ cookie_based_affinity = "Disabled"
+ id = (known after apply)
+ name = "myHTTPsetting"
+ pick_host_name_from_backend_address = false
+ port = 80
+ probe_id = (known after apply)
+ protocol = "Http"
+ request_timeout = 60
}
+ frontend_ip_configuration {
+ id = (known after apply)
+ name = "myAGIPConfig"
+ private_ip_address = (known after apply)
+ private_ip_address_allocation = (known after apply)
+ private_link_configuration_id = (known after apply)
+ public_ip_address_id = (known after apply)
+ subnet_id = (known after apply)
}
+ frontend_port {
+ id = (known after apply)
+ name = "myFrontendPort"
+ port = 80
}
+ gateway_ip_configuration {
+ id = (known after apply)
+ name = "my-gateway-ip-configuration"
+ subnet_id = (known after apply)
}
+ http_listener {
+ frontend_ip_configuration_id = (known after apply)
+ frontend_ip_configuration_name = "myAGIPConfig"
+ frontend_port_id = (known after apply)
+ frontend_port_name = "myFrontendPort"
+ id = (known after apply)
+ name = "myListener"
+ protocol = "Http"
+ ssl_certificate_id = (known after apply)
+ ssl_profile_id = (known after apply)
}
+ request_routing_rule {
+ backend_address_pool_id = (known after apply)
+ backend_address_pool_name = "myBackendPool"
+ backend_http_settings_id = (known after apply)
+ backend_http_settings_name = "myHTTPsetting"
+ http_listener_id = (known after apply)
+ http_listener_name = "myListener"
+ id = (known after apply)
+ name = "myRoutingRule"
+ redirect_configuration_id = (known after apply)
+ rewrite_rule_set_id = (known after apply)
+ rule_type = "Basic"
+ url_path_map_id = (known after apply)
}
+ sku {
+ capacity = 2
+ name = "Standard_v2"
+ tier = "Standard_v2"
}
+ ssl_policy {
+ cipher_suites = (known after apply)
+ disabled_protocols = (known after apply)
+ min_protocol_version = (known after apply)
+ policy_name = (known after apply)
+ policy_type = (known after apply)
}
}
# azurerm_network_interface.nic[0] will be created
+ resource "azurerm_network_interface" "nic" {
+ applied_dns_servers = (known after apply)
+ dns_servers = (known after apply)
+ enable_accelerated_networking = false
+ enable_ip_forwarding = false
+ id = (known after apply)
+ internal_dns_name_label = (known after apply)
+ internal_domain_name_suffix = (known after apply)
+ location = "eastus"
+ mac_address = (known after apply)
+ name = "nic-1"
+ private_ip_address = (known after apply)
+ private_ip_addresses = (known after apply)
+ resource_group_name = "myResourceGroupAG"
+ virtual_machine_id = (known after apply)
+ ip_configuration {
+ gateway_load_balancer_frontend_ip_configuration_id = (known after apply)
+ name = "nic-ipconfig-1"
+ primary = (known after apply)
+ private_ip_address = (known after apply)
+ private_ip_address_allocation = "Dynamic"
+ private_ip_address_version = "IPv4"
+ subnet_id = (known after apply)
}
}
# azurerm_network_interface.nic[1] will be created
+ resource "azurerm_network_interface" "nic" {
+ applied_dns_servers = (known after apply)
+ dns_servers = (known after apply)
+ enable_accelerated_networking = false
+ enable_ip_forwarding = false
+ id = (known after apply)
+ internal_dns_name_label = (known after apply)
+ internal_domain_name_suffix = (known after apply)
+ location = "eastus"
+ mac_address = (known after apply)
+ name = "nic-2"
+ private_ip_address = (known after apply)
+ private_ip_addresses = (known after apply)
+ resource_group_name = "myResourceGroupAG"
+ virtual_machine_id = (known after apply)
+ ip_configuration {
+ gateway_load_balancer_frontend_ip_configuration_id = (known after apply)
+ name = "nic-ipconfig-2"
+ primary = (known after apply)
+ private_ip_address = (known after apply)
+ private_ip_address_allocation = "Dynamic"
+ private_ip_address_version = "IPv4"
+ subnet_id = (known after apply)
}
}
# azurerm_network_interface_application_gateway_backend_address_pool_association.nic-assoc01[0] will be created
+ resource "azurerm_network_interface_application_gateway_backend_address_pool_association" "nic-assoc01" {
+ backend_address_pool_id = (known after apply)
+ id = (known after apply)
+ ip_configuration_name = "nic-ipconfig-1"
+ network_interface_id = (known after apply)
}
# azurerm_network_interface_application_gateway_backend_address_pool_association.nic-assoc01[1] will be created
+ resource "azurerm_network_interface_application_gateway_backend_address_pool_association" "nic-assoc01" {
+ backend_address_pool_id = (known after apply)
+ id = (known after apply)
+ ip_configuration_name = "nic-ipconfig-2"
+ network_interface_id = (known after apply)
}
# azurerm_public_ip.pip1 will be created
+ resource "azurerm_public_ip" "pip1" {
+ allocation_method = "Static"
+ availability_zone = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ idle_timeout_in_minutes = 4
+ ip_address = (known after apply)
+ ip_version = "IPv4"
+ location = "eastus"
+ name = "myAGPublicIPAddress"
+ resource_group_name = "myResourceGroupAG"
+ sku = "Standard"
+ sku_tier = "Regional"
+ zones = (known after apply)
}
# azurerm_resource_group.rg1 will be created
+ resource "azurerm_resource_group" "rg1" {
+ id = (known after apply)
+ location = "eastus"
+ name = "myResourceGroupAG"
}
# azurerm_subnet.backend will be created
+ resource "azurerm_subnet" "backend" {
+ address_prefix = (known after apply)
+ address_prefixes = [
+ "10.21.1.0/24",
]
+ enforce_private_link_endpoint_network_policies = false
+ enforce_private_link_service_network_policies = false
+ id = (known after apply)
+ name = "myBackendSubnet"
+ resource_group_name = "myResourceGroupAG"
+ virtual_network_name = "myVNet"
}
# azurerm_subnet.frontend will be created
+ resource "azurerm_subnet" "frontend" {
+ address_prefix = (known after apply)
+ address_prefixes = [
+ "10.21.0.0/24",
]
+ enforce_private_link_endpoint_network_policies = false
+ enforce_private_link_service_network_policies = false
+ id = (known after apply)
+ name = "myAGSubnet"
+ resource_group_name = "myResourceGroupAG"
+ virtual_network_name = "myVNet"
}
# azurerm_virtual_machine_extension.vm-extensions[0] will be created
+ resource "azurerm_virtual_machine_extension" "vm-extensions" {
+ id = (known after apply)
+ name = "vm1-ext"
+ publisher = "Microsoft.Compute"
+ settings = jsonencode(
{
+ commandToExecute = "powershell Add-WindowsFeature Web-Server; powershell Add-Content -Path \"C:\\inetpub\\wwwroot\\Default.htm\" -Value $($env:computername)"
}
)
+ type = "CustomScriptExtension"
+ type_handler_version = "1.10"
+ virtual_machine_id = (known after apply)
}
# azurerm_virtual_machine_extension.vm-extensions[1] will be created
+ resource "azurerm_virtual_machine_extension" "vm-extensions" {
+ id = (known after apply)
+ name = "vm2-ext"
+ publisher = "Microsoft.Compute"
+ settings = jsonencode(
{
+ commandToExecute = "powershell Add-WindowsFeature Web-Server; powershell Add-Content -Path \"C:\\inetpub\\wwwroot\\Default.htm\" -Value $($env:computername)"
}
)
+ type = "CustomScriptExtension"
+ type_handler_version = "1.10"
+ virtual_machine_id = (known after apply)
}
# azurerm_virtual_network.vnet1 will be created
+ resource "azurerm_virtual_network" "vnet1" {
+ address_space = [
+ "10.21.0.0/16",
]
+ dns_servers = (known after apply)
+ guid = (known after apply)
+ id = (known after apply)
+ location = "eastus"
+ name = "myVNet"
+ resource_group_name = "myResourceGroupAG"
+ subnet = (known after apply)
+ vm_protection_enabled = false
}
# azurerm_windows_virtual_machine.vm[0] will be created
+ resource "azurerm_windows_virtual_machine" "vm" {
+ admin_password = (sensitive value)
+ admin_username = "azureadmin"
+ allow_extension_operations = true
+ computer_name = (known after apply)
+ enable_automatic_updates = true
+ extensions_time_budget = "PT1H30M"
+ hotpatching_enabled = false
+ id = (known after apply)
+ location = "eastus"
+ max_bid_price = -1
+ name = "myVM1"
+ network_interface_ids = (known after apply)
+ patch_mode = "AutomaticByOS"
+ platform_fault_domain = -1
+ priority = "Regular"
+ private_ip_address = (known after apply)
+ private_ip_addresses = (known after apply)
+ provision_vm_agent = true
+ public_ip_address = (known after apply)
+ public_ip_addresses = (known after apply)
+ resource_group_name = "myResourceGroupAG"
+ size = "Standard_DS1_v2"
+ virtual_machine_id = (known after apply)
+ zone = (known after apply)
+ os_disk {
+ caching = "ReadWrite"
+ disk_size_gb = (known after apply)
+ name = (known after apply)
+ storage_account_type = "Standard_LRS"
+ write_accelerator_enabled = false
}
+ source_image_reference {
+ offer = "WindowsServer"
+ publisher = "MicrosoftWindowsServer"
+ sku = "2019-Datacenter"
+ version = "latest"
}
}
# azurerm_windows_virtual_machine.vm[1] will be created
+ resource "azurerm_windows_virtual_machine" "vm" {
+ admin_password = (sensitive value)
+ admin_username = "azureadmin"
+ allow_extension_operations = true
+ computer_name = (known after apply)
+ enable_automatic_updates = true
+ extensions_time_budget = "PT1H30M"
+ hotpatching_enabled = false
+ id = (known after apply)
+ location = "eastus"
+ max_bid_price = -1
+ name = "myVM2"
+ network_interface_ids = (known after apply)
+ patch_mode = "AutomaticByOS"
+ platform_fault_domain = -1
+ priority = "Regular"
+ private_ip_address = (known after apply)
+ private_ip_addresses = (known after apply)
+ provision_vm_agent = true
+ public_ip_address = (known after apply)
+ public_ip_addresses = (known after apply)
+ resource_group_name = "myResourceGroupAG"
+ size = "Standard_DS1_v2"
+ virtual_machine_id = (known after apply)
+ zone = (known after apply)
+ os_disk {
+ lower = true
+ min_lower = 0
+ min_numeric = 0
+ min_special = 0
+ min_upper = 0
+ number = true
+ result = (sensitive value)
+ special = true
+ upper = true
}
Plan: 15 to add, 0 to change, 0 to destroy.
```

27
quickstart/101-application-gateway/variables.tf
View File

@ -1,27 +0,0 @@
variable "backend_address_pool_name" {
default = "myBackendPool"
}
variable "frontend_port_name" {
default = "myFrontendPort"
}
variable "frontend_ip_configuration_name" {
default = "myAGIPConfig"
}
variable "http_setting_name" {
default = "myHTTPsetting"
}
variable "listener_name" {
default = "myListener"
}
variable "request_routing_rule_name" {
default = "myRoutingRule"
}
variable "redirect_configuration_name" {
default = "myRedirectConfig"
}

28
quickstart/101-attestation-provider/main.tf
View File

@ -1,28 +0,0 @@
terraform {
required_version = ">=0.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>2.0"
}
}
}
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "rg" {
name = var.resource_group_name
location = var.resource_group_location
}
resource "azurerm_attestation_provider" "corpAttestation" {
name = var.attestation_provider_name
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
policy_signing_certificate_data = file(var.policy_file)
}

15
quickstart/101-attestation-provider/variables.tf
View File

@ -1,15 +0,0 @@
variable "resource_group_name" {
default = "myResourceGroup"
}
variable "resource_group_location" {
default = "eastus"
}
variable "policy_file" {
default = "~/.certs/cert.pem"
}
variable "attestation_provider_name" {
default = "attestationprovider007"
}

28
quickstart/101-azapi-eventhub-network-rules/main-generic.tf
View File

@ -1,28 +0,0 @@
# AzAPI update resource is used to enable Network Rule sets on Event Hub namespace
resource "azapi_update_resource" "qs101" {
type = "Microsoft.EventHub/namespaces/networkRuleSets@2021-11-01"
name = "default"
parent_id = azurerm_eventhub_namespace.qs101.id
body = jsonencode({
properties = {
defaultAction = "Deny"
publicNetworkAccess = "Enabled"
virtualNetworkRules = [
{
ignoreMissingVnetServiceEndpoint = false
subnet = {
# API bug, returned id replaced `resourceGroups` with `resourcegroups`
id = replace(azurerm_subnet.qs101.id, "resourceGroups", "resourcegroups")
}
}
]
ipRules = [
{
action = "Allow"
ipMask = "1.1.1.1"
}
]
}
})
}

34
quickstart/101-azapi-eventhub-network-rules/main.tf
View File

@ -1,34 +0,0 @@
resource "azurerm_resource_group" "qs101" {
name = "rg-qs101-eh-rules"
location = "westus2"
}
resource "azurerm_virtual_network" "qs101" {
name = "myvnet"
location = azurerm_resource_group.qs101.location
resource_group_name = azurerm_resource_group.qs101.name
address_space = ["172.17.0.0/16"]
dns_servers = ["10.0.0.4", "10.0.0.5"]
}
resource "azurerm_subnet" "qs101" {
name = "default"
resource_group_name = azurerm_resource_group.qs101.name
virtual_network_name = azurerm_virtual_network.qs101.name
address_prefixes = ["172.17.0.0/24"]
service_endpoints = ["Microsoft.EventHub"]
}
resource "random_pet" "qs101_namespace" {
length = 3
separator = ""
}
resource "azurerm_eventhub_namespace" "qs101" {
name = random_pet.qs101_namespace.id
location = azurerm_resource_group.qs101.location
resource_group_name = azurerm_resource_group.qs101.name
sku = "Standard"
capacity = 2
}

28
quickstart/101-azapi-eventhub-network-rules/providers.tf
View File

@ -1,28 +0,0 @@
terraform {
required_providers {
azapi = {
source = "azure/azapi"
version = "=0.1.0"
}
azurerm = {
source = "hashicorp/azurerm"
version = "=3.0.2"
}
random = {
source = "hashicorp/random"
version = "=3.1.2"
}
}
}
provider "azapi" {
}
provider "azurerm" {
features {}
}
provider "random" {
}

25
quickstart/101-azapi-lab-services/main-generic.tf
View File

@ -1,25 +0,0 @@
# Provision a Lab Service Account and a Lab that are in public preview
resource "azapi_resource" "qs101-account" {
type = "Microsoft.LabServices/labaccounts@2018-10-15"
name = "qs101LabAccount"
parent_id = azurerm_resource_group.qs101.id
body = jsonencode({
properties = {
enabledRegionSelection = false
}
})
}
resource "azapi_resource" "qs101-lab" {
type = "Microsoft.LabServices/labaccounts/labs@2018-10-15"
name = "qs101Lab"
parent_id = azapi_resource.qs101-account.id
body = jsonencode({
properties = {
maxUsersInLab = 10
userAccessMode = "Restricted"
}
})
}

4
quickstart/101-azapi-lab-services/main.tf
View File

@ -1,4 +0,0 @@
resource "azurerm_resource_group" "qs101" {
name = "rg-qs101"
location = "westus2"
}

23
quickstart/101-azapi-lab-services/providers.tf
View File

@ -1,23 +0,0 @@
terraform {
required_providers {
azapi = {
source = "azure/azapi"
version = "=0.1.0"
}
azurerm = {
source = "hashicorp/azurerm"
version = "=3.0.2"
}
}
}
provider "azapi" {
default_location = "eastus"
default_tags = {
team = "Azure deployments"
}
}
provider "azurerm" {
features {}
}

123
quickstart/101-azure-virtual-desktop-anf/README.md
View File

@ -1,123 +0,0 @@
## Terraform for Azure Virtual Desktop
The purpose of this repository is to demonstrate using Terraform to deploy a simple Azure Virtual Desktop environment. For Classic Azure Virtual Desktop click [here](https://github.com/Azure/RDS-Templates/tree/master/wvd-sh/terraform-azurerm-windowsvirtualdesktop).
## Requirements and limitations
* Ensure that you meet the [requirements for Azure Virtual Desktop](https://docs.microsoft.com/en-us/azure/virtual-desktop/overview#requirements)
* Terraform must be installed and configured as outlined [here](https://docs.microsoft.com/en-us/azure/developer/terraform/get-started-cloud-shell)
* Active Directory already in place in this example, we are using AD in its own VNet.
* Users in AAD that will be given access to AVD
* This demo does not support Azure ADDS only deployment
* Destroy could produce errors deleting subnet due to resources associated. Manually delete resources within the subnet before running destroy
## Components
* Azure Virtual Desktop Environment
* Networking Infrastructure
* Session Hosts
* Profile Storage
* Role Based Access Control
## Features
This directory contains the various components for building out Azure Virtual Desktop.
* `main.tf`
deploys a new workspace, hostpool, application group with associations
* `networking.tf`
deploys a new vnet, subnet, nsg and peering to AD vnet
* `host.tf`
deploys new session host from the marketplace build and join to domain
* `rbac.tf`
deploys rbac assignment for the users group
* `variables.tf`
Input variables
* `loganalytics.tf`
deploys log anaylytics workspace
* `sig.tf`
deploys log anaylytics workspace
* `random.tf`
Random provider configuration
* `defaults.tfvars`
declares the actual input values (keep security in mind if you are putting confidential data)
* `provider.tf`
Azure RM and Azure AD provider configuration
* `outputs.tf`
defines the outputs that will be displayed on deployment
* `netappstorage.tf`
as an alternate to Azure Files storage this deploys NetApp Files storage for profiles in a dedicated subnet (access needs to be granted to the ANF service) [Set up Azure NetApp Files](https://docs.microsoft.com/en-us/azure/azure-netapp-files/azure-netapp-files-quickstart-set-up-account-create-volumes?tabs=azure-portal)
## Variable Inputs
[Variable Inputs](USAGE.md#inputs)
## Deploy
If youve not previously setup terraform, check out this article to get it installed [Quickstart - Configure Terraform using Azure Cloud Shell](https://docs.microsoft.com/en-us/azure/developer/terraform/get-started-cloud-shell)
You can review our sample configuration video here
Once Terraform is setup and you have created your Terraform templates, the first step is to initialize Terraform. This step ensures that Terraform has all the prerequisites to build your template in Azure.
```
terraform init
```
The next step is to have Terraform review and validate the template. An execution plan is generated and stored in the file specified by the -out parameter.
We also need to pass our variable definitions file during the plan. We can either load it automatically by renaming env.tfvars as terraform.tfvars OR env.auto.tfvars, in which case we will use the following to create the execution plan:
```bash
terraform plan -out terraform_azure.tfplan
```
When you're ready to build the infrastructure in Azure, apply the execution plan:
```bash
terraform apply terraform_azure.tfplan
```
## Final Configuration
Youll notice we didnt actually configure the session hosts to use our profile storage at any point. There is an assumption that we are using GPO to manage FSLogix across our host pools as documented here: [Use FSLogix Group Policy Template Files - FSLogix](https://docs.microsoft.com/en-us/fslogix/use-group-policy-templates-ht).
At a minimum youll need to configure the registry keys to enable FSLogix and configure the VHD Location to the NetApp Share URI: [Profile Container registry configuration settings - FSLogix](https://docs.microsoft.com/en-us/fslogix/profile-container-configuration-reference#enabled)
## Troubleshooting Terraform deployment
<details>
<summary>Click to expand</summary>
Terraform deployment can fail in two main categories:
Issues with Terraform code
1. [Issues with Desired State Configuration (DSC)](#issues-with-desired-state-configuration-dsc)
2. [Issues with Terraform code](#issues-with-desired-state-configuration-dsc)
While it is rare to have issues with the Terraform code it is still possible, however most often errors are due to bad input in variables.tf.
* If there are errors in the Terraform code, please file a GitHub issue.
* If there are warning in the Terraform code feel free to ignore or address for your own instance of that code.
* Using Terraform error messages it's a good starting point towards identifying issues with input variables
### Issues with Desired State Configuration (DSC)
To troubleshoot this type of issue, navigate to the Azure portal and if needed reset the password on the VM that failed DSC. Once you are able to log in to the VM review the log files in the following two folders:
</details>
## Additional References
<details>
<summary>Click to expand</summary>
* [Terraform Download](https://www.terraform.io/downloads.html)
* [Visual Code Download](https://code.visualstudio.com/Download)
* [Powershell VS Code Extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.PowerShell)
* [HashiCorp Terraform VS Code Extension](https://marketplace.visualstudio.com/items?itemName=HashiCorp.terraform)
* [Azure Terraform VS Code Extension Name](https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-azureterraform)
* [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-windows?tabs=azure-cli)
* [Configure the Azure Terraform Visual Studio Code extension](https://docs.microsoft.com/en-us/azure/developer/terraform/configure-vs-code-extension-for-terraform)
* [Setup video](https://youtu.be/YmbmpGdhI6w)
</details>

102
quickstart/101-azure-virtual-desktop-anf/USAGE.md
View File

@ -1,102 +0,0 @@
# Usage
<!--- BEGIN_TF_DOCS --->
## Requirements
| Name | Version |
|------|---------|
| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~>2.0 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_azuread"></a> [azuread](#provider\_azuread) | n/a |
| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | ~>2.0 |
| <a name="provider_random"></a> [random](#provider\_random) | n/a |
| <a name="provider_time"></a> [time](#provider\_time) | n/a |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [azuread_group.aad_group](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/group) | resource |
| [azuread_group_member.aad_group_member](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/group_member) | resource |
| [azurerm_log_analytics_workspace.law](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) | resource |
| [azurerm_network_interface.avd_vm_nic](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) | resource |
| [azurerm_network_security_group.nsg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) | resource |
| [azurerm_resource_group.log](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.rg_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.sigrg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_role_assignment.af_role](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
| [azurerm_role_assignment.role](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
| [azurerm_shared_image.example](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/shared_image) | resource |
| [azurerm_shared_image_gallery.sig](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/shared_image_gallery) | resource |
| [azurerm_storage_account.storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource |
| [azurerm_storage_share.FSShare](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_share) | resource |
| [azurerm_subnet.subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource |
| [azurerm_subnet_network_security_group_association.nsg_assoc](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association) | resource |
| [azurerm_virtual_desktop_application_group.dag](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_desktop_application_group) | resource |
| [azurerm_virtual_desktop_host_pool.hostpool](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_desktop_host_pool) | resource |
| [azurerm_virtual_desktop_workspace.workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_desktop_workspace) | resource |
| [azurerm_virtual_desktop_workspace_application_group_association.ws-dag](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_desktop_workspace_application_group_association) | resource |
| [azurerm_virtual_machine_extension.domain_join](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_extension) | resource |
| [azurerm_virtual_machine_extension.vmext_dsc](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_extension) | resource |
| [azurerm_virtual_network.vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) | resource |
| [azurerm_virtual_network_peering.peer1](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network_peering) | resource |
| [azurerm_virtual_network_peering.peer2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network_peering) | resource |
| [azurerm_windows_virtual_machine.avd_vm](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_virtual_machine) | resource |
| [random_string.AVD_local_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
| [random_string.random](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
| [time_rotating.avd_token](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/rotating) | resource |
| [azuread_user.aad_user](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/user) | data source |
| [azurerm_role_definition.role](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/role_definition) | data source |
| [azurerm_role_definition.storage_role](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/role_definition) | data source |
| [azurerm_virtual_network.ad_vnet_data](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_aad_group_name"></a> [aad\_group\_name](#input\_aad\_group\_name) | Azure Active Directory Group for AVD users | `string` | n/a | yes |
| <a name="input_ad_rg"></a> [ad\_rg](#input\_ad\_rg) | The resource group for AD VM | `string` | n/a | yes |
| <a name="input_ad_vnet"></a> [ad\_vnet](#input\_ad\_vnet) | Name of domain controller vnet | `string` | n/a | yes |
| <a name="input_avd_users"></a> [avd\_users](#input\_avd\_users) | AVD users | `list` | `[]` | no |
| <a name="input_deploy_location"></a> [deploy\_location](#input\_deploy\_location) | The Azure Region in which all resources in this example should be created. | `string` | n/a | yes |
| <a name="input_dns_servers"></a> [dns\_servers](#input\_dns\_servers) | Custom DNS configuration | `list(string)` | n/a | yes |
| <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | Name of the domain to join | `string` | n/a | yes |
| <a name="input_domain_password"></a> [domain\_password](#input\_domain\_password) | Password of the user to authenticate with the domain | `string` | n/a | yes |
| <a name="input_domain_user_upn"></a> [domain\_user\_upn](#input\_domain\_user\_upn) | Username for domain join (do not include domain name as this is appended) | `string` | n/a | yes |
| <a name="input_hostpool"></a> [hostpool](#input\_hostpool) | Name of the Azure Virtual Desktop host pool | `string` | `"AVD-TF-HP"` | no |
| <a name="input_local_admin_password"></a> [local\_admin\_password](#input\_local\_admin\_password) | local admin password | `any` | n/a | yes |
| <a name="input_local_admin_username"></a> [local\_admin\_username](#input\_local\_admin\_username) | local admin username | `string` | n/a | yes |
| <a name="input_ou_path"></a> [ou\_path](#input\_ou\_path) | n/a | `string` | `""` | no |
| <a name="input_prefix"></a> [prefix](#input\_prefix) | Prefix of the name of the AVD machine(s) | `string` | n/a | yes |
| <a name="input_rdsh_count"></a> [rdsh\_count](#input\_rdsh\_count) | Number of AVD machines to deploy | `number` | `2` | no |
| <a name="input_rg_name"></a> [rg\_name](#input\_rg\_name) | Name of the Resource group in which to deploy these resources | `string` | `"AVD-TF"` | no |
| <a name="input_shared"></a> [shared](#input\_shared) | Prefix of the name of the AVD machine(s) | `string` | n/a | yes |
| <a name="input_subnet_range"></a> [subnet\_range](#input\_subnet\_range) | Address range for session host subnet | `list(string)` | n/a | yes |
| <a name="input_vm_size"></a> [vm\_size](#input\_vm\_size) | Size of the machine to deploy | `string` | `"Standard_DS2_v2"` | no |
| <a name="input_vnet_range"></a> [vnet\_range](#input\_vnet\_range) | Address range for deployment VNet | `list(string)` | n/a | yes |
| <a name="input_workspace"></a> [workspace](#input\_workspace) | Name of the Azure Virtual Desktop workspace | `string` | `"AVD TF Workspace"` | no |
## Outputs
| Name | Description |
|------|-------------|
| <a name="output_aadgroupname"></a> [aadgroupname](#output\_aadgroupname) | Azure Active Directory Group for AVD users |
| <a name="output_avdusers"></a> [avdusers](#output\_avdusers) | AVD users |
| <a name="output_dnsservers"></a> [dnsservers](#output\_dnsservers) | Custom DNS configuration |
| <a name="output_location"></a> [location](#output\_location) | The Azure region |
| <a name="output_rdshcount"></a> [rdshcount](#output\_rdshcount) | The number of VMs created |
| <a name="output_resource_group_name"></a> [resource\_group\_name](#output\_resource\_group\_name) | Name of the Resource group created |
| <a name="output_storage_account_share"></a> [storage\_account\_share](#output\_storage\_account\_share) | Name of the Azure File Share created for FSLogix |
| <a name="output_vnetrange"></a> [vnetrange](#output\_vnetrange) | Address range for deployment vnet |
<!--- END_TF_DOCS --->

21
quickstart/101-azure-virtual-desktop-anf/environments/sample.tfvars
View File

@ -1,21 +0,0 @@
# Customized the sample values below for your environment and either rename to terraform.tfvars or env.auto.tfvars
deploy_location = "west europe"
rg_name = "avd-resources-rg"
prefix = "avdtf"
local_admin_username = "localadm"
local_admin_password = "ChangeMe123$"
vnet_range = ["10.1.0.0/16"]
subnet_range = ["10.1.0.0/24"]
netapp_address = ["10.1.1.0/24"]
dns_servers = ["10.0.1.4", "168.63.129.16"]
aad_group_name = "AVDUsers"
domain_name = "infra.local"
domain_user_upn = "admin" # do not include domain name as this is appended
domain_password = "ChangeMe123!"
ad_vnet = "infra-network"
ad_rg = "infra-rg"
avd_users = [
"avduser01@infra.local",
"avduser01@infra.local"
]

131
quickstart/101-azure-virtual-desktop-anf/host.tf
View File

@ -1,131 +0,0 @@
locals {
registration_token = azurerm_virtual_desktop_host_pool_registration_info.registrationinfo.token
}
resource "random_string" "AVD_local_password" {
count = var.rdsh_count
length = 16
special = true
min_special = 2
override_special = "*!@#?"
}
resource "azurerm_resource_group" "rg" {
name = var.rg
location = var.resource_group_location
}
resource "azurerm_network_interface" "avd_vm_nic" {
count = var.rdsh_count
name = "${var.prefix}-${count.index + 1}-nic"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
ip_configuration {
name = "nic${count.index + 1}_config"
subnet_id = azurerm_subnet.subnet.id
private_ip_address_allocation = "dynamic"
}
depends_on = [
azurerm_resource_group.rg
]
}
resource "azurerm_windows_virtual_machine" "avd_vm" {
count = var.rdsh_count
name = "${var.prefix}-${count.index + 1}"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
size = var.vm_size
network_interface_ids = ["${azurerm_network_interface.avd_vm_nic.*.id[count.index]}"]
provision_vm_agent = true
admin_username = var.local_admin_username
admin_password = var.local_admin_password
os_disk {
name = "${lower(var.prefix)}-${count.index + 1}"
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "MicrosoftWindowsDesktop"
offer = "Windows-10"
sku = "20h2-evd"
version = "latest"
}
depends_on = [
azurerm_resource_group.rg,
azurerm_network_interface.avd_vm_nic
]
}
resource "azurerm_virtual_machine_extension" "domain_join" {
count = var.rdsh_count
name = "${var.prefix}-${count.index + 1}-domainJoin"
virtual_machine_id = azurerm_windows_virtual_machine.avd_vm.*.id[count.index]
publisher = "Microsoft.Compute"
type = "JsonADDomainExtension"
type_handler_version = "1.3"
auto_upgrade_minor_version = true
settings = <<SETTINGS
{
"Name": "${var.domain_name}",
"OUPath": "${var.ou_path}",
"User": "${var.domain_user_upn}@${var.domain_name}",
"Restart": "true",
"Options": "3"
}
SETTINGS
protected_settings = <<PROTECTED_SETTINGS
{
"Password": "${var.domain_password}"
}
PROTECTED_SETTINGS
lifecycle {
ignore_changes = [settings, protected_settings]
}
depends_on = [
azurerm_virtual_network_peering.peer1,
azurerm_virtual_network_peering.peer2
]
}
resource "azurerm_virtual_machine_extension" "vmext_dsc" {
count = var.rdsh_count
name = "${var.prefix}${count.index + 1}-avd_dsc"
virtual_machine_id = azurerm_windows_virtual_machine.avd_vm.*.id[count.index]
publisher = "Microsoft.Powershell"
type = "DSC"
type_handler_version = "2.73"
auto_upgrade_minor_version = true
settings = <<-SETTINGS
{
"modulesUrl": "https://wvdportalstorageblob.blob.core.windows.net/galleryartifacts/Configuration_3-10-2021.zip",
"configurationFunction": "Configuration.ps1\\AddSessionHost",
"properties": {
"HostPoolName":"${azurerm_virtual_desktop_host_pool.hostpool.name}"
}
}
SETTINGS
protected_settings = <<PROTECTED_SETTINGS
{
"properties": {
"registrationInfoToken": "${local.registration_token}"
}
}
PROTECTED_SETTINGS
depends_on = [
azurerm_virtual_machine_extension.domain_join,
azurerm_virtual_desktop_host_pool.hostpool
]
}

14
quickstart/101-azure-virtual-desktop-anf/loganalytics.tf
View File

@ -1,14 +0,0 @@
resource "azurerm_resource_group" "log" {
name = var.rg_shared_name
location = var.deploy_location
}
# Creates Log Anaylytics Workspace
# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace
resource "azurerm_log_analytics_workspace" "law" {
name = "log${random_string.random.id}"
location = azurerm_resource_group.log.location
resource_group_name = azurerm_resource_group.log.name
sku = "PerGB2018"
retention_in_days = 30
}

51
quickstart/101-azure-virtual-desktop-anf/main.tf
View File

@ -1,51 +0,0 @@
# Resource group name is output when execution plan is applied.
resource "azurerm_resource_group" "sh" {
name = var.rg_name
location = var.resource_group_location
}
# Create AVD workspace
resource "azurerm_virtual_desktop_workspace" "workspace" {
name = var.workspace
resource_group_name = azurerm_resource_group.sh.name
location = azurerm_resource_group.sh.location
friendly_name = "${var.prefix} Workspace"
description = "${var.prefix} Workspace"
}
# Create AVD host pool
resource "azurerm_virtual_desktop_host_pool" "hostpool" {
resource_group_name = azurerm_resource_group.sh.name
location = azurerm_resource_group.sh.location
name = var.hostpool
friendly_name = var.hostpool
validate_environment = true
custom_rdp_properties = "audiocapturemode:i:1;audiomode:i:0;"
description = "${var.prefix} Terraform HostPool"
type = "Pooled"
maximum_sessions_allowed = 16
load_balancer_type = "DepthFirst" #[BreadthFirst DepthFirst]
}
resource "azurerm_virtual_desktop_host_pool_registration_info" "registrationinfo" {
hostpool_id = azurerm_virtual_desktop_host_pool.hostpool.id
expiration_date = var.rfc3339
}
# Create AVD DAG
resource "azurerm_virtual_desktop_application_group" "dag" {
resource_group_name = azurerm_resource_group.sh.name
host_pool_id = azurerm_virtual_desktop_host_pool.hostpool.id
location = azurerm_resource_group.sh.location
type = "Desktop"
name = "${var.prefix}-dag"
friendly_name = "Desktop AppGroup"
description = "AVD application group"
depends_on = [azurerm_virtual_desktop_host_pool.hostpool, azurerm_virtual_desktop_workspace.workspace]
}
# Associate Workspace and DAG
resource "azurerm_virtual_desktop_workspace_application_group_association" "ws-dag" {
application_group_id = azurerm_virtual_desktop_application_group.dag.id
workspace_id = azurerm_virtual_desktop_workspace.workspace.id
}

69
quickstart/101-azure-virtual-desktop-anf/netappstorage.tf
View File

@ -1,69 +0,0 @@
# As an alternate to Azure Files storage use this file to replace afstorage.tf to deploy NetApp Files storage for profiles in a dedicated subnet (access needs to be granted to the ANF service)
# Set up Azure NetApp Files https://docs.microsoft.com/en-us/azure/azure-netapp-files/azure-netapp-files-quickstart-set-up-account-create-volumes?tabs=azure-portal
resource "azurerm_subnet" "netapp_subnet" {
name = var.netapp_subnet_name
resource_group_name = var.rg_stor
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = var.netapp_address
delegation {
name = "NetAppdelegation"
service_delegation {
name = "Microsoft.Netapp/volumes"
}
}
}
resource "azurerm_netapp_account" "netapp_acct" {
name = var.netapp_acct_name
resource_group_name = var.rg_stor
location = var.deploy_location
active_directory {
username = var.domain_user_upn
password = var.domain_password
smb_server_name = var.netapp_smb_name
dns_servers = var.dns_servers
domain = var.domain_name
organizational_unit = var.ou_path
}
depends_on = [
azurerm_resource_group.rg
]
}
resource "azurerm_netapp_pool" "netapp_pool" {
name = var.netapp_pool_name
location = var.deploy_location
resource_group_name = var.rg_stor
account_name = var.netapp_acct_name
service_level = "Standard"
size_in_tb = 4
depends_on = [
azurerm_resource_group.rg, azurerm_netapp_account.netapp_acct
]
}
resource "azurerm_netapp_volume" "NetApp_Vol" {
lifecycle {
prevent_destroy = true
}
name = var.netapp_volume_name
location = var.deploy_location
resource_group_name = var.rg_stor
account_name = var.netapp_acct_name
pool_name = var.netapp_pool_name
volume_path = var.netapp_volume_path
service_level = "Standard"
subnet_id = azurerm_subnet.netapp_subnet.id
protocols = ["CIFS"]
storage_quota_in_gb = 100
depends_on = [
azurerm_netapp_pool.netapp_pool
]
}

57
quickstart/101-azure-virtual-desktop-anf/networking.tf
View File

@ -1,57 +0,0 @@
resource "azurerm_virtual_network" "vnet" {
name = "${var.prefix}-VNet"
address_space = var.vnet_range
dns_servers = var.dns_servers
location = var.deploy_location
resource_group_name = var.rg_name
depends_on = [azurerm_resource_group.rg]
}
resource "azurerm_subnet" "subnet" {
name = "default"
resource_group_name = var.rg_name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = var.subnet_range
depends_on = [azurerm_resource_group.rg]
}
resource "azurerm_network_security_group" "nsg" {
name = "${var.prefix}-NSG"
location = var.deploy_location
resource_group_name = var.rg_name
security_rule {
name = "HTTPS"
priority = 1001
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "443"
source_address_prefix = "*"
destination_address_prefix = "*"
}
depends_on = [azurerm_resource_group.rg]
}
resource "azurerm_subnet_network_security_group_association" "nsg_assoc" {
subnet_id = azurerm_subnet.subnet.id
network_security_group_id = azurerm_network_security_group.nsg.id
}
data "azurerm_virtual_network" "ad_vnet_data" {
name = var.ad_vnet
resource_group_name = var.ad_rg
}
resource "azurerm_virtual_network_peering" "peer1" {
name = "peer_avd_ad"
resource_group_name = var.rg_name
virtual_network_name = azurerm_virtual_network.vnet.name
remote_virtual_network_id = data.azurerm_virtual_network.ad_vnet_data.id
}
resource "azurerm_virtual_network_peering" "peer2" {
name = "peer_ad_avd"
resource_group_name = var.ad_rg
virtual_network_name = var.ad_vnet
remote_virtual_network_id = azurerm_virtual_network.vnet.id
}

54
quickstart/101-azure-virtual-desktop-anf/outputs.tf
View File

@ -1,54 +0,0 @@
output "azure_virtual_desktop_compute_resource_group" {
description = "Name of the Resource group in which to deploy session host"
value = azurerm_resource_group.rg.name
}
output "azure_virtual_desktop_host_pool" {
description = "Name of the Azure Virtual Desktop host pool"
value = azurerm_virtual_desktop_host_pool.hostpool.name
}
output "azurerm_virtual_desktop_application_group" {
description = "Name of the Azure Virtual Desktop DAG"
value = azurerm_virtual_desktop_application_group.dag.name
}
output "azurerm_virtual_desktop_workspace" {
description = "Name of the Azure Virtual Desktop workspace"
value = azurerm_virtual_desktop_workspace.workspace.name
}
output "location" {
description = "The Azure region"
value = azurerm_resource_group.rg.location
}
output "storage_account" {
description = "Storage account for Profiles"
value = azurerm_storage_account.storage.name
}
output "storage_account_share" {
description = "Name of the Azure File Share created for FSLogix"
value = azurerm_storage_share.FSShare.name
}
output "session_host_count" {
description = "The number of VMs created"
value = var.rdsh_count
}
output "dnsservers" {
description = "Custom DNS configuration"
value = azurerm_virtual_network.vnet.dns_servers
}
output "vnetrange" {
description = "Address range for deployment vnet"
value = azurerm_virtual_network.vnet.address_space
}
output "AVD_user_groupname" {
description = "Azure Active Directory Group for AVD users"
value = azuread_group.aad_group.display_name
}

15
quickstart/101-azure-virtual-desktop-anf/provider.tf
View File

@ -1,15 +0,0 @@
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>2.0"
}
azuread = {
source = "hashicorp/azuread"
}
}
}
provider "azurerm" {
features {}
}

25
quickstart/101-azure-virtual-desktop-anf/rbac.tf
View File

@ -1,25 +0,0 @@
data "azuread_user" "aad_user" {
for_each = toset(var.avd_users)
user_principal_name = format("%s", each.key)
}
data "azurerm_role_definition" "role" { # access an existing built-in role
name = "Desktop Virtualization User"
}
resource "azuread_group" "aad_group" {
display_name = var.aad_group_name
security_enabled = true
}
resource "azuread_group_member" "aad_group_member" {
for_each = data.azuread_user.aad_user
group_object_id = azuread_group.aad_group.id
member_object_id = each.value["id"]
}
resource "azurerm_role_assignment" "role" {
scope = azurerm_virtual_desktop_application_group.dag.id
role_definition_id = data.azurerm_role_definition.role.id
principal_id = azuread_group.aad_group.id
}

44
quickstart/101-azure-virtual-desktop-anf/sig.tf
View File

@ -1,44 +0,0 @@
resource "azurerm_resource_group" "sigrg" {
location = var.deploy_location
name = var.rg_shared_name
}
# generate a random string (consisting of four characters)
# https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string
resource "random_string" "rando" {
length = 4
upper = false
special = false
}
# Creates Shared Image Gallery
# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/shared_image_gallery
resource "azurerm_shared_image_gallery" "sig" {
name = "sig${random_string.random.id}"
resource_group_name = azurerm_resource_group.sigrg.name
location = azurerm_resource_group.sigrg.location
description = "Shared images"
tags = {
Environment = "Demo"
Tech = "Terraform"
}
}
#Creates image definition
# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/shared_image
resource "azurerm_shared_image" "example" {
name = "avd-image"
gallery_name = azurerm_shared_image_gallery.sig.name
resource_group_name = azurerm_resource_group.sigrg.name
location = azurerm_resource_group.sigrg.location
os_type = "Windows"
identifier {
publisher = "MicrosoftWindowsDesktop"
offer = "office-365"
sku = "20h2-evd-o365pp"
}
}

176
quickstart/101-azure-virtual-desktop-anf/variables.tf
View File

@ -1,176 +0,0 @@
variable "resource_group_location" {
default = "eastus"
description = "Location of the resource group."
}
variable "rg" {
type = string
default = "rg-avd-compute"
description = "Name of the Resource group in which to deploy session host"
}
variable "rg_name" {
type = string
default = "rg-avd-resources"
description = "Name of the Resource group in which to deploy service objects"
}
variable "rg_stor" {
type = string
default = "rg-avd-storage"
description = "Name of the Resource group in which to deploy storage"
}
variable "rg_shared_name" {
type = string
default = "rg-shared-resources"
description = "Name of the Resource group in which to deploy shared resources"
}
variable "deploy_location" {
type = string
default = "eastus"
description = "The Azure Region in which all resources in this example should be created."
}
variable "workspace" {
type = string
description = "Name of the Azure Virtual Desktop workspace"
default = "AVD TF Workspace"
}
variable "hostpool" {
type = string
description = "Name of the Azure Virtual Desktop host pool"
default = "AVD-TF-HP"
}
variable "ad_vnet" {
type = string
default = "infra-network"
description = "Name of domain controller vnet"
}
variable "rfc3339" {
type = string
default = "2022-03-30T12:43:13Z"
description = "Registration token expiration"
}
variable "dns_servers" {
type = list(string)
default = ["10.0.1.4", "168.63.129.16"]
description = "Custom DNS configuration"
}
variable "vnet_range" {
type = list(string)
default = ["10.2.0.0/16"]
description = "Address range for deployment VNet"
}
variable "subnet_range" {
type = list(string)
default = ["10.2.0.0/24"]
description = "Address range for session host subnet"
}
variable "ad_rg" {
type = string
default = "infra-rg"
description = "The resource group for AD VM"
}
variable "avd_users" {
description = "AVD users"
default = [
"avduser01@contoso.net",
"avduser02@contoso.net"
]
}
variable "aad_group_name" {
type = string
default = "AVDUsers"
description = "Azure Active Directory Group for AVD users"
}
variable "rdsh_count" {
description = "Number of AVD machines to deploy"
default = 2
}
variable "prefix" {
type = string
default = "avdtf"
description = "Prefix of the name of the AVD machine(s)"
}
variable "domain_name" {
type = string
default = "infra.local"
description = "Name of the domain to join"
}
variable "domain_user_upn" {
type = string
default = "domainjoineruser" # do not include domain name as this is appended
description = "Username for domain join (do not include domain name as this is appended)"
}
variable "domain_password" {
type = string
default = "ChangeMe123!"
description = "Password of the user to authenticate with the domain"
sensitive = true
}
variable "vm_size" {
description = "Size of the machine to deploy"
default = "Standard_DS2_v2"
}
variable "ou_path" {
default = ""
}
variable "local_admin_username" {
type = string
default = "localadm"
description = "local admin username"
}
variable "local_admin_password" {
type = string
default = "ChangeMe123!"
description = "local admin password"
sensitive = true
}
variable "netapp_acct_name" {
default = "AVD_NetApp"
}
variable "netapp_pool_name" {
default = "AVD_NetApp_pool"
}
variable "netapp_volume_name" {
default = "AVD_NetApp_volume"
}
variable "netapp_smb_name" {
default = "AVDNetApp"
}
variable "netapp_volume_path" {
default = "AVDNetAppVolume"
}
variable "netapp_subnet_name" {
default = "NetAppSubnet"
}
variable "netapp_address" {
default = ["10.1.1.0/24"]
description = "Address range for NetApp Subnet"
}

123
quickstart/101-azure-virtual-desktop/README.md
View File

@ -1,123 +0,0 @@
## Terraform for Azure Virtual Desktop
The purpose of this repository is to demonstrate using Terraform to deploy a simple Azure Virtual Desktop environment. For Classic Azure Virtual Desktop click [here](https://github.com/Azure/RDS-Templates/tree/master/wvd-sh/terraform-azurerm-windowsvirtualdesktop).
## Requirements and limitations
* Ensure that you meet the [requirements for Azure Virtual Desktop](https://docs.microsoft.com/en-us/azure/virtual-desktop/overview#requirements)
* Terraform must be installed and configured as outlined [here](https://docs.microsoft.com/en-us/azure/developer/terraform/get-started-cloud-shell)
* Active Directory already in place in this example, we are using AD in its own VNet.
* Users in AAD that will be given access to AVD
* This demo does not support Azure ADDS only deployment
* Destroy could produce errors deleting subnet due to resources associated. Manually delete resources within the subnet before running destroy
## Components
* Azure Virtual Desktop Environment
* Networking Infrastructure
* Session Hosts
* Profile Storage
* Role Based Access Control
## Features
This directory contains the various components for building out Azure Virtual Desktop.
* `main.tf`
deploys a new workspace, hostpool, application group with associations
* `networking.tf`
deploys a new vnet, subnet, nsg and peering to AD vnet
* `host.tf`
deploys new session host from the marketplace build and join to domain
* `afstorage.tf`
deploys Azure Files storage for profiles and creates file share with RBAC permissions for the users group ([NTFS permissions will need to be configured](https://docs.microsoft.com/en-us/azure/virtual-desktop/create-file-share))
* `rbac.tf`
deploys rbac assignment for the users group
* `variables.tf`
Input variables
* `loganalytics.tf`
deploys log anaylytics workspace
* `sig.tf`
deploys log anaylytics workspace
* `random.tf`
Random provider configuration
* `defaults.tfvars`
declares the actual input values (keep security in mind if you are putting confidential data)
* `provider.tf`
Azure RM and Azure AD provider configuration
* `outputs.tf`
defines the outputs that will be displayed on deployment
## Variable Inputs
[Variable Inputs](USAGE.md#inputs)
## Deploy
If youve not previously setup terraform, check out this article to get it installed [Quickstart - Configure Terraform using Azure Cloud Shell](https://docs.microsoft.com/en-us/azure/developer/terraform/get-started-cloud-shell)
You can review our sample configuration video here
Once Terraform is setup and you have created your Terraform templates, the first step is to initialize Terraform. This step ensures that Terraform has all the prerequisites to build your template in Azure.
```
terraform init
```
The next step is to have Terraform review and validate the template. An execution plan is generated and stored in the file specified by the -out parameter.
We also need to pass our variable definitions file during the plan. We can either load it automatically by renaming env.tfvars as terraform.tfvars OR env.auto.tfvars, in which case we will use the following to create the execution plan:
```bash
terraform plan -out terraform_azure.tfplan
```
When you're ready to build the infrastructure in Azure, apply the execution plan:
```bash
terraform apply terraform_azure.tfplan
```
## Final Configuration
Youll notice we didnt actually configure the session hosts to use our profile storage at any point. There is an assumption that we are using GPO to manage FSLogix across our host pools as documented here: [Use FSLogix Group Policy Template Files - FSLogix](https://docs.microsoft.com/en-us/fslogix/use-group-policy-templates-ht).
At a minimum youll need to configure the registry keys to enable FSLogix and configure the VHD Location to the NetApp Share URI: [Profile Container registry configuration settings - FSLogix](https://docs.microsoft.com/en-us/fslogix/profile-container-configuration-reference#enabled)
## Troubleshooting Terraform deployment
<details>
<summary>Click to expand</summary>
Terraform deployment can fail in two main categories:
Issues with Terraform code
1. [Issues with Desired State Configuration (DSC)](#issues-with-desired-state-configuration-dsc)
2. [Issues with Terraform code](#issues-with-desired-state-configuration-dsc)
While it is rare to have issues with the Terraform code it is still possible, however most often errors are due to bad input in variables.tf.
* If there are errors in the Terraform code, please file a GitHub issue.
* If there are warning in the Terraform code feel free to ignore or address for your own instance of that code.
* Using Terraform error messages it's a good starting point towards identifying issues with input variables
### Issues with Desired State Configuration (DSC)
To troubleshoot this type of issue, navigate to the Azure portal and if needed reset the password on the VM that failed DSC. Once you are able to log in to the VM review the log files in the following two folders:
</details>
## Additional References
<details>
<summary>Click to expand</summary>
* [Terraform Download](https://www.terraform.io/downloads.html)
* [Visual Code Download](https://code.visualstudio.com/Download)
* [Powershell VS Code Extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.PowerShell)
* [HashiCorp Terraform VS Code Extension](https://marketplace.visualstudio.com/items?itemName=HashiCorp.terraform)
* [Azure Terraform VS Code Extension Name](https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-azureterraform)
* [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-windows?tabs=azure-cli)
* [Configure the Azure Terraform Visual Studio Code extension](https://docs.microsoft.com/en-us/azure/developer/terraform/configure-vs-code-extension-for-terraform)
* [Setup video](https://youtu.be/YmbmpGdhI6w)
</details>

102
quickstart/101-azure-virtual-desktop/USAGE.md
View File

@ -1,102 +0,0 @@
# Usage
<!--- BEGIN_TF_DOCS --->
## Requirements
| Name | Version |
|------|---------|
| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~>2.0 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_azuread"></a> [azuread](#provider\_azuread) | n/a |
| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | ~>2.0 |
| <a name="provider_random"></a> [random](#provider\_random) | n/a |
| <a name="provider_time"></a> [time](#provider\_time) | n/a |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [azuread_group.aad_group](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/group) | resource |
| [azuread_group_member.aad_group_member](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/group_member) | resource |
| [azurerm_log_analytics_workspace.law](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) | resource |
| [azurerm_network_interface.avd_vm_nic](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_interface) | resource |
| [azurerm_network_security_group.nsg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) | resource |
| [azurerm_resource_group.log](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.rg_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.sigrg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_role_assignment.af_role](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
| [azurerm_role_assignment.role](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
| [azurerm_shared_image.example](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/shared_image) | resource |
| [azurerm_shared_image_gallery.sig](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/shared_image_gallery) | resource |
| [azurerm_storage_account.storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource |
| [azurerm_storage_share.FSShare](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_share) | resource |
| [azurerm_subnet.subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource |
| [azurerm_subnet_network_security_group_association.nsg_assoc](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association) | resource |
| [azurerm_virtual_desktop_application_group.dag](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_desktop_application_group) | resource |
| [azurerm_virtual_desktop_host_pool.hostpool](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_desktop_host_pool) | resource |
| [azurerm_virtual_desktop_workspace.workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_desktop_workspace) | resource |
| [azurerm_virtual_desktop_workspace_application_group_association.ws-dag](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_desktop_workspace_application_group_association) | resource |
| [azurerm_virtual_machine_extension.domain_join](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_extension) | resource |
| [azurerm_virtual_machine_extension.vmext_dsc](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_extension) | resource |
| [azurerm_virtual_network.vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) | resource |
| [azurerm_virtual_network_peering.peer1](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network_peering) | resource |
| [azurerm_virtual_network_peering.peer2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network_peering) | resource |
| [azurerm_windows_virtual_machine.avd_vm](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_virtual_machine) | resource |
| [random_string.AVD_local_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
| [random_string.random](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
| [time_rotating.avd_token](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/rotating) | resource |
| [azuread_user.aad_user](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/user) | data source |
| [azurerm_role_definition.role](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/role_definition) | data source |
| [azurerm_role_definition.storage_role](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/role_definition) | data source |
| [azurerm_virtual_network.ad_vnet_data](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_aad_group_name"></a> [aad\_group\_name](#input\_aad\_group\_name) | Azure Active Directory Group for AVD users | `string` | n/a | yes |
| <a name="input_ad_rg"></a> [ad\_rg](#input\_ad\_rg) | The resource group for AD VM | `string` | n/a | yes |
| <a name="input_ad_vnet"></a> [ad\_vnet](#input\_ad\_vnet) | Name of domain controller vnet | `string` | n/a | yes |
| <a name="input_avd_users"></a> [avd\_users](#input\_avd\_users) | AVD users | `list` | `[]` | no |
| <a name="input_deploy_location"></a> [deploy\_location](#input\_deploy\_location) | The Azure Region in which all resources in this example should be created. | `string` | n/a | yes |
| <a name="input_dns_servers"></a> [dns\_servers](#input\_dns\_servers) | Custom DNS configuration | `list(string)` | n/a | yes |
| <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | Name of the domain to join | `string` | n/a | yes |
| <a name="input_domain_password"></a> [domain\_password](#input\_domain\_password) | Password of the user to authenticate with the domain | `string` | n/a | yes |
| <a name="input_domain_user_upn"></a> [domain\_user\_upn](#input\_domain\_user\_upn) | Username for domain join (do not include domain name as this is appended) | `string` | n/a | yes |
| <a name="input_hostpool"></a> [hostpool](#input\_hostpool) | Name of the Azure Virtual Desktop host pool | `string` | `"AVD-TF-HP"` | no |
| <a name="input_local_admin_password"></a> [local\_admin\_password](#input\_local\_admin\_password) | local admin password | `any` | n/a | yes |
| <a name="input_local_admin_username"></a> [local\_admin\_username](#input\_local\_admin\_username) | local admin username | `string` | n/a | yes |
| <a name="input_ou_path"></a> [ou\_path](#input\_ou\_path) | n/a | `string` | `""` | no |
| <a name="input_prefix"></a> [prefix](#input\_prefix) | Prefix of the name of the AVD machine(s) | `string` | n/a | yes |
| <a name="input_rdsh_count"></a> [rdsh\_count](#input\_rdsh\_count) | Number of AVD machines to deploy | `number` | `2` | no |
| <a name="input_rg_name"></a> [rg\_name](#input\_rg\_name) | Name of the Resource group in which to deploy these resources | `string` | `"AVD-TF"` | no |
| <a name="input_shared"></a> [shared](#input\_shared) | Prefix of the name of the AVD machine(s) | `string` | n/a | yes |
| <a name="input_subnet_range"></a> [subnet\_range](#input\_subnet\_range) | Address range for session host subnet | `list(string)` | n/a | yes |
| <a name="input_vm_size"></a> [vm\_size](#input\_vm\_size) | Size of the machine to deploy | `string` | `"Standard_DS2_v2"` | no |
| <a name="input_vnet_range"></a> [vnet\_range](#input\_vnet\_range) | Address range for deployment VNet | `list(string)` | n/a | yes |
| <a name="input_workspace"></a> [workspace](#input\_workspace) | Name of the Azure Virtual Desktop workspace | `string` | `"AVD TF Workspace"` | no |
## Outputs
| Name | Description |
|------|-------------|
| <a name="output_aadgroupname"></a> [aadgroupname](#output\_aadgroupname) | Azure Active Directory Group for AVD users |
| <a name="output_avdusers"></a> [avdusers](#output\_avdusers) | AVD users |
| <a name="output_dnsservers"></a> [dnsservers](#output\_dnsservers) | Custom DNS configuration |
| <a name="output_location"></a> [location](#output\_location) | The Azure region |
| <a name="output_rdshcount"></a> [rdshcount](#output\_rdshcount) | The number of VMs created |
| <a name="output_resource_group_name"></a> [resource\_group\_name](#output\_resource\_group\_name) | Name of the Resource group created |
| <a name="output_storage_account_share"></a> [storage\_account\_share](#output\_storage\_account\_share) | Name of the Azure File Share created for FSLogix |
| <a name="output_vnetrange"></a> [vnetrange](#output\_vnetrange) | Address range for deployment vnet |
<!--- END_TF_DOCS --->

43
quickstart/101-azure-virtual-desktop/afstorage.tf
View File

@ -1,43 +0,0 @@
## Create a Resource Group for Storage
resource "azurerm_resource_group" "rg_storage" {
location = var.deploy_location
name = var.rg_stor
}
# generate a random string (consisting of four characters)
# https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string
resource "random_string" "random" {
length = 4
upper = false
special = false
}
## Azure Storage Accounts requires a globally unique names
## https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
## Create a File Storage Account
resource "azurerm_storage_account" "storage" {
name = "stor${random_string.random.id}"
resource_group_name = azurerm_resource_group.rg_storage.name
location = azurerm_resource_group.rg_storage.location
account_tier = "Premium"
account_replication_type = "LRS"
account_kind = "FileStorage"
}
resource "azurerm_storage_share" "FSShare" {
name = "fslogix"
storage_account_name = azurerm_storage_account.storage.name
depends_on = [azurerm_storage_account.storage]
}
## Azure built-in roles
## https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
data "azurerm_role_definition" "storage_role" {
name = "Storage File Data SMB Share Contributor"
}
resource "azurerm_role_assignment" "af_role" {
scope = azurerm_storage_account.storage.id
role_definition_id = data.azurerm_role_definition.storage_role.id
principal_id = azuread_group.aad_group.id
}

20
quickstart/101-azure-virtual-desktop/environments/sample.tfvars
View File

@ -1,20 +0,0 @@
# Customized the sample values below for your environment and either rename to terraform.tfvars or env.auto.tfvars
deploy_location = "west europe"
rg_name = "avd-resources-rg"
prefix = "avdtf"
local_admin_username = "localadm"
local_admin_password = "ChangeMe123$"
vnet_range = ["10.1.0.0/16"]
subnet_range = ["10.1.0.0/24"]
dns_servers = ["10.0.1.4", "168.63.129.16"]
aad_group_name = "AVDUsers"
domain_name = "infra.local"
domain_user_upn = "admin" # do not include domain name as this is appended
domain_password = "ChangeMe123!"
ad_vnet = "infra-network"
ad_rg = "infra-rg"
avd_users = [
"avduser01@infra.local",
"avduser01@infra.local"
]

131
quickstart/101-azure-virtual-desktop/host.tf
View File

@ -1,131 +0,0 @@
locals {
registration_token = azurerm_virtual_desktop_host_pool_registration_info.registrationinfo.token
}
resource "random_string" "AVD_local_password" {
count = var.rdsh_count
length = 16
special = true
min_special = 2
override_special = "*!@#?"
}
resource "azurerm_resource_group" "rg" {
name = var.rg
location = var.resource_group_location
}
resource "azurerm_network_interface" "avd_vm_nic" {
count = var.rdsh_count
name = "${var.prefix}-${count.index + 1}-nic"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
ip_configuration {
name = "nic${count.index + 1}_config"
subnet_id = azurerm_subnet.subnet.id
private_ip_address_allocation = "dynamic"
}
depends_on = [
azurerm_resource_group.rg
]
}
resource "azurerm_windows_virtual_machine" "avd_vm" {
count = var.rdsh_count
name = "${var.prefix}-${count.index + 1}"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
size = var.vm_size
network_interface_ids = ["${azurerm_network_interface.avd_vm_nic.*.id[count.index]}"]
provision_vm_agent = true
admin_username = var.local_admin_username
admin_password = var.local_admin_password
os_disk {
name = "${lower(var.prefix)}-${count.index + 1}"
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "MicrosoftWindowsDesktop"
offer = "Windows-10"
sku = "20h2-evd"
version = "latest"
}
depends_on = [
azurerm_resource_group.rg,
azurerm_network_interface.avd_vm_nic
]
}
resource "azurerm_virtual_machine_extension" "domain_join" {
count = var.rdsh_count
name = "${var.prefix}-${count.index + 1}-domainJoin"
virtual_machine_id = azurerm_windows_virtual_machine.avd_vm.*.id[count.index]
publisher = "Microsoft.Compute"
type = "JsonADDomainExtension"
type_handler_version = "1.3"
auto_upgrade_minor_version = true
settings = <<SETTINGS
{
"Name": "${var.domain_name}",
"OUPath": "${var.ou_path}",
"User": "${var.domain_user_upn}@${var.domain_name}",
"Restart": "true",
"Options": "3"
}
SETTINGS
protected_settings = <<PROTECTED_SETTINGS
{
"Password": "${var.domain_password}"
}
PROTECTED_SETTINGS
lifecycle {
ignore_changes = [settings, protected_settings]
}
depends_on = [
azurerm_virtual_network_peering.peer1,
azurerm_virtual_network_peering.peer2
]
}
resource "azurerm_virtual_machine_extension" "vmext_dsc" {
count = var.rdsh_count
name = "${var.prefix}${count.index + 1}-avd_dsc"
virtual_machine_id = azurerm_windows_virtual_machine.avd_vm.*.id[count.index]
publisher = "Microsoft.Powershell"
type = "DSC"
type_handler_version = "2.73"
auto_upgrade_minor_version = true
settings = <<-SETTINGS
{
"modulesUrl": "https://wvdportalstorageblob.blob.core.windows.net/galleryartifacts/Configuration_3-10-2021.zip",
"configurationFunction": "Configuration.ps1\\AddSessionHost",
"properties": {
"HostPoolName":"${azurerm_virtual_desktop_host_pool.hostpool.name}"
}
}
SETTINGS
protected_settings = <<PROTECTED_SETTINGS
{
"properties": {
"registrationInfoToken": "${local.registration_token}"
}
}
PROTECTED_SETTINGS
depends_on = [
azurerm_virtual_machine_extension.domain_join,
azurerm_virtual_desktop_host_pool.hostpool
]
}

14
quickstart/101-azure-virtual-desktop/loganalytics.tf
View File

@ -1,14 +0,0 @@
resource "azurerm_resource_group" "log" {
name = var.rg_shared_name
location = var.deploy_location
}
# Creates Log Anaylytics Workspace
# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace
resource "azurerm_log_analytics_workspace" "law" {
name = "log${random_string.random.id}"
location = azurerm_resource_group.log.location
resource_group_name = azurerm_resource_group.log.name
sku = "PerGB2018"
retention_in_days = 30
}

51
quickstart/101-azure-virtual-desktop/main.tf
View File

@ -1,51 +0,0 @@
# Resource group name is output when execution plan is applied.
resource "azurerm_resource_group" "sh" {
name = var.rg_name
location = var.resource_group_location
}
# Create AVD workspace
resource "azurerm_virtual_desktop_workspace" "workspace" {
name = var.workspace
resource_group_name = azurerm_resource_group.sh.name
location = azurerm_resource_group.sh.location
friendly_name = "${var.prefix} Workspace"
description = "${var.prefix} Workspace"
}
# Create AVD host pool
resource "azurerm_virtual_desktop_host_pool" "hostpool" {
resource_group_name = azurerm_resource_group.sh.name
location = azurerm_resource_group.sh.location
name = var.hostpool
friendly_name = var.hostpool
validate_environment = true
custom_rdp_properties = "audiocapturemode:i:1;audiomode:i:0;"
description = "${var.prefix} Terraform HostPool"
type = "Pooled"
maximum_sessions_allowed = 16
load_balancer_type = "DepthFirst" #[BreadthFirst DepthFirst]
}
resource "azurerm_virtual_desktop_host_pool_registration_info" "registrationinfo" {
hostpool_id = azurerm_virtual_desktop_host_pool.hostpool.id
expiration_date = var.rfc3339
}
# Create AVD DAG
resource "azurerm_virtual_desktop_application_group" "dag" {
resource_group_name = azurerm_resource_group.sh.name
host_pool_id = azurerm_virtual_desktop_host_pool.hostpool.id
location = azurerm_resource_group.sh.location
type = "Desktop"
name = "${var.prefix}-dag"
friendly_name = "Desktop AppGroup"
description = "AVD application group"
depends_on = [azurerm_virtual_desktop_host_pool.hostpool, azurerm_virtual_desktop_workspace.workspace]
}
# Associate Workspace and DAG
resource "azurerm_virtual_desktop_workspace_application_group_association" "ws-dag" {
application_group_id = azurerm_virtual_desktop_application_group.dag.id
workspace_id = azurerm_virtual_desktop_workspace.workspace.id
}

57
quickstart/101-azure-virtual-desktop/networking.tf
View File

@ -1,57 +0,0 @@
resource "azurerm_virtual_network" "vnet" {
name = "${var.prefix}-VNet"
address_space = var.vnet_range
dns_servers = var.dns_servers
location = var.deploy_location
resource_group_name = var.rg_name
depends_on = [azurerm_resource_group.rg]
}
resource "azurerm_subnet" "subnet" {
name = "default"
resource_group_name = var.rg_name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = var.subnet_range
depends_on = [azurerm_resource_group.rg]
}
resource "azurerm_network_security_group" "nsg" {
name = "${var.prefix}-NSG"
location = var.deploy_location
resource_group_name = var.rg_name
security_rule {
name = "HTTPS"
priority = 1001
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "443"
source_address_prefix = "*"
destination_address_prefix = "*"
}
depends_on = [azurerm_resource_group.rg]
}
resource "azurerm_subnet_network_security_group_association" "nsg_assoc" {
subnet_id = azurerm_subnet.subnet.id
network_security_group_id = azurerm_network_security_group.nsg.id
}
data "azurerm_virtual_network" "ad_vnet_data" {
name = var.ad_vnet
resource_group_name = var.ad_rg
}
resource "azurerm_virtual_network_peering" "peer1" {
name = "peer_avdspoke_ad"
resource_group_name = var.rg_name
virtual_network_name = azurerm_virtual_network.vnet.name
remote_virtual_network_id = data.azurerm_virtual_network.ad_vnet_data.id
}
resource "azurerm_virtual_network_peering" "peer2" {
name = "peer_ad_avdspoke"
resource_group_name = var.ad_rg
virtual_network_name = var.ad_vnet
remote_virtual_network_id = azurerm_virtual_network.vnet.id
}

54
quickstart/101-azure-virtual-desktop/outputs.tf
View File

@ -1,54 +0,0 @@
output "azure_virtual_desktop_compute_resource_group" {
description = "Name of the Resource group in which to deploy session host"
value = azurerm_resource_group.rg.name
}
output "azure_virtual_desktop_host_pool" {
description = "Name of the Azure Virtual Desktop host pool"
value = azurerm_virtual_desktop_host_pool.hostpool.name
}
output "azurerm_virtual_desktop_application_group" {
description = "Name of the Azure Virtual Desktop DAG"
value = azurerm_virtual_desktop_application_group.dag.name
}
output "azurerm_virtual_desktop_workspace" {
description = "Name of the Azure Virtual Desktop workspace"
value = azurerm_virtual_desktop_workspace.workspace.name
}
output "location" {
description = "The Azure region"
value = azurerm_resource_group.rg.location
}
output "storage_account" {
description = "Storage account for Profiles"
value = azurerm_storage_account.storage.name
}
output "storage_account_share" {
description = "Name of the Azure File Share created for FSLogix"
value = azurerm_storage_share.FSShare.name
}
output "session_host_count" {
description = "The number of VMs created"
value = var.rdsh_count
}
output "dnsservers" {
description = "Custom DNS configuration"
value = azurerm_virtual_network.vnet.dns_servers
}
output "vnetrange" {
description = "Address range for deployment vnet"
value = azurerm_virtual_network.vnet.address_space
}
output "AVD_user_groupname" {
description = "Azure Active Directory Group for AVD users"
value = azuread_group.aad_group.display_name
}

15
quickstart/101-azure-virtual-desktop/provider.tf
View File

@ -1,15 +0,0 @@
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>2.0"
}
azuread = {
source = "hashicorp/azuread"
}
}
}
provider "azurerm" {
features {}
}

25
quickstart/101-azure-virtual-desktop/rbac.tf
View File

@ -1,25 +0,0 @@
data "azuread_user" "aad_user" {
for_each = toset(var.avd_users)
user_principal_name = format("%s", each.key)
}
data "azurerm_role_definition" "role" { # access an existing built-in role
name = "Desktop Virtualization User"
}
resource "azuread_group" "aad_group" {
display_name = var.aad_group_name
security_enabled = true
}
resource "azuread_group_member" "aad_group_member" {
for_each = data.azuread_user.aad_user
group_object_id = azuread_group.aad_group.id
member_object_id = each.value["id"]
}
resource "azurerm_role_assignment" "role" {
scope = azurerm_virtual_desktop_application_group.dag.id
role_definition_id = data.azurerm_role_definition.role.id
principal_id = azuread_group.aad_group.id
}

44
quickstart/101-azure-virtual-desktop/sig.tf
View File

@ -1,44 +0,0 @@
resource "azurerm_resource_group" "sigrg" {
location = var.deploy_location
name = var.rg_shared_name
}
# generate a random string (consisting of four characters)
# https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string
resource "random_string" "rando" {
length = 4
upper = false
special = false
}
# Creates Shared Image Gallery
# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/shared_image_gallery
resource "azurerm_shared_image_gallery" "sig" {
name = "sig${random_string.random.id}"
resource_group_name = azurerm_resource_group.sigrg.name
location = azurerm_resource_group.sigrg.location
description = "Shared images"
tags = {
Environment = "Demo"
Tech = "Terraform"
}
}
#Creates image definition
# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/shared_image
resource "azurerm_shared_image" "example" {
name = "avd-image"
gallery_name = azurerm_shared_image_gallery.sig.name
resource_group_name = azurerm_resource_group.sigrg.name
location = azurerm_resource_group.sigrg.location
os_type = "Windows"
identifier {
publisher = "MicrosoftWindowsDesktop"
offer = "office-365"
sku = "20h2-evd-o365pp"
}
}

148
quickstart/101-azure-virtual-desktop/variables.tf
View File

@ -1,148 +0,0 @@
variable "resource_group_location" {
default = "eastus"
description = "Location of the resource group."
}
variable "rg" {
type = string
default = "rg-avd-compute"
description = "Name of the Resource group in which to deploy session host"
}
variable "rg_name" {
type = string
default = "rg-avd-resources"
description = "Name of the Resource group in which to deploy service objects"
}
variable "rg_stor" {
type = string
default = "rg-avd-storage"
description = "Name of the Resource group in which to deploy storage"
}
variable "rg_shared_name" {
type = string
default = "rg-shared-resources"
description = "Name of the Resource group in which to deploy shared resources"
}
variable "deploy_location" {
type = string
default = "eastus"
description = "The Azure Region in which all resources in this example should be created."
}
variable "workspace" {
type = string
description = "Name of the Azure Virtual Desktop workspace"
default = "AVD TF Workspace"
}
variable "hostpool" {
type = string
description = "Name of the Azure Virtual Desktop host pool"
default = "AVD-TF-HP"
}
variable "ad_vnet" {
type = string
default = "infra-network"
description = "Name of domain controller vnet"
}
variable "rfc3339" {
type = string
default = "2022-03-30T12:43:13Z"
description = "Registration token expiration"
}
variable "dns_servers" {
type = list(string)
default = ["10.0.1.4", "168.63.129.16"]
description = "Custom DNS configuration"
}
variable "vnet_range" {
type = list(string)
default = ["10.2.0.0/16"]
description = "Address range for deployment VNet"
}
variable "subnet_range" {
type = list(string)
default = ["10.2.0.0/24"]
description = "Address range for session host subnet"
}
variable "ad_rg" {
type = string
default = "infra-rg"
description = "The resource group for AD VM"
}
variable "avd_users" {
description = "AVD users"
default = [
"avduser01@contoso.net",
"avduser02@contoso.net"
]
}
variable "aad_group_name" {
type = string
default = "AVDUsers"
description = "Azure Active Directory Group for AVD users"
}
variable "rdsh_count" {
description = "Number of AVD machines to deploy"
default = 2
}
variable "prefix" {
type = string
default = "avdtf"
description = "Prefix of the name of the AVD machine(s)"
}
variable "domain_name" {
type = string
default = "infra.local"
description = "Name of the domain to join"
}
variable "domain_user_upn" {
type = string
default = "domainjoineruser" # do not include domain name as this is appended
description = "Username for domain join (do not include domain name as this is appended)"
}
variable "domain_password" {
type = string
default = "ChangeMe123!"
description = "Password of the user to authenticate with the domain"
sensitive = true
}
variable "vm_size" {
description = "Size of the machine to deploy"
default = "Standard_DS2_v2"
}
variable "ou_path" {
default = ""
}
variable "local_admin_username" {
type = string
default = "localadm"
description = "local admin username"
}
variable "local_admin_password" {
type = string
default = "ChangeMe123!"
description = "local admin password"
sensitive = true
}

199
quickstart/101-cosmos-db-aad-rbac/README.md
View File

@ -1,199 +0,0 @@
# Cosmos db with role definition and assignment
This template deploys a cosmos db account with sql db and aad role definition and assignment. A similar example can be created using the [azurerm/cosmosdb module](https://github.com/azure/terraform-azurerm-cosmosdb).
## Terraform resource types
- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group)
- [azurerm_cosmosdb_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_account)
- [azurerm_cosmosdb_sql_database](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_database)
- [azurerm_cosmosdb_sql_container](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container)
- [azurerm_cosmosdb_sql_role_assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_role_assignment)
- [azurerm_cosmosdb_sql_role_definition](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_role_definition)
## Variables
| Name | Description |
|-|-|
| `resource_group_name` | Resource group name |
| `resource_group_location` | Resource group location |
| `cosmosdb_account_name` | Cosmos db account name |
| `cosmosdb_location` | Cosmos db primary location |
| `throughput` | DB manual throughput |
| `sql_container_name` | Name of sql container |
## Example terraform.tfvars file
```
resource_group_name = "rg-cosmosdb-101"
location = "centralus"
cosmosdb_account_name = "cosmosdb-dev-centralus-101"
cosmosdb_account_location = "centralus"
cosmosdb_sqldb_name = "sqlapidb"
throughput = 400
sql_container_name = "example-container"
```
## Usage
```bash
>terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# azurerm_cosmosdb_account.example will be created
+ resource "azurerm_cosmosdb_account" "example" {
+ access_key_metadata_writes_enabled = true
+ analytical_storage_enabled = false
+ connection_strings = (sensitive value)
+ create_mode = (known after apply)
+ default_identity_type = "FirstPartyIdentity"
+ enable_automatic_failover = false
+ enable_free_tier = false
+ enable_multiple_write_locations = false
+ endpoint = (known after apply)
+ id = (known after apply)
+ is_virtual_network_filter_enabled = false
+ kind = "GlobalDocumentDB"
+ local_authentication_disabled = false
+ location = "centralus"
+ mongo_server_version = (known after apply)
+ name = "cosmosdb-dev-centralus-101"
+ network_acl_bypass_for_azure_services = false
+ offer_type = "Standard"
+ primary_key = (sensitive value)
+ primary_readonly_key = (sensitive value)
+ public_network_access_enabled = true
+ read_endpoints = (known after apply)
+ resource_group_name = "rg-cosmosdb-101"
+ secondary_key = (sensitive value)
+ secondary_readonly_key = (sensitive value)
+ write_endpoints = (known after apply)
+ analytical_storage {
+ schema_type = (known after apply)
}
+ backup {
+ interval_in_minutes = (known after apply)
+ retention_in_hours = (known after apply)
+ storage_redundancy = (known after apply)
+ type = (known after apply)
}
+ capabilities {
+ name = (known after apply)
}
+ capacity {
+ total_throughput_limit = (known after apply)
}
+ consistency_policy {
+ consistency_level = "BoundedStaleness"
+ max_interval_in_seconds = 300
+ max_staleness_prefix = 100000
}
+ geo_location {
+ failover_priority = 0
+ id = (known after apply)
+ location = "centralus"
+ zone_redundant = false
}
}
# azurerm_cosmosdb_sql_container.example will be created
+ resource "azurerm_cosmosdb_sql_container" "example" {
+ account_name = "cosmosdb-dev-centralus-101"
+ database_name = "sqlapidb"
+ default_ttl = (known after apply)
+ id = (known after apply)
+ name = "example-container"
+ partition_key_path = "/definition/id"
+ partition_key_version = 1
+ resource_group_name = "rg-cosmosdb-101"
+ throughput = 400
+ conflict_resolution_policy {
+ conflict_resolution_path = (known after apply)
+ conflict_resolution_procedure = (known after apply)
+ mode = (known after apply)
}
+ indexing_policy {
+ indexing_mode = "consistent"
+ excluded_path {
+ path = "/excluded/?"
}
+ included_path {
+ path = "/*"
}
+ included_path {
+ path = "/included/?"
}
}
+ unique_key {
+ paths = [
+ "/definition/idlong",
+ "/definition/idshort",
]
}
}
# azurerm_cosmosdb_sql_database.example will be created
+ resource "azurerm_cosmosdb_sql_database" "example" {
+ account_name = "cosmosdb-dev-centralus-101"
+ id = (known after apply)
+ name = "sqlapidb"
+ resource_group_name = "rg-cosmosdb-101"
+ throughput = 400
}
# azurerm_cosmosdb_sql_role_assignment.example will be created
+ resource "azurerm_cosmosdb_sql_role_assignment" "example" {
+ account_name = "cosmosdb-dev-centralus-101"
+ id = (known after apply)
+ name = (known after apply)
+ principal_id = "1b887731-4609-4904-a699-64f06f3d380d"
+ resource_group_name = "rg-cosmosdb-101"
+ role_definition_id = (known after apply)
+ scope = "/subscriptions/aa86e73d-372b-4cd6-a37e-0d12ae93e964/resourceGroups/rg-cosmosdb-101/providers/Microsoft.DocumentDB/databaseAccounts/cosmosdb-dev-centralus-101"
}
# azurerm_cosmosdb_sql_role_definition.example will be created
+ resource "azurerm_cosmosdb_sql_role_definition" "example" {
+ account_name = "cosmosdb-dev-centralus-101"
+ assignable_scopes = [
+ "/subscriptions/aa86e73d-372b-4cd6-a37e-0d12ae93e964/resourceGroups/rg-cosmosdb-101/providers/Microsoft.DocumentDB/databaseAccounts/cosmosdb-dev-centralus-101",
]
+ id = (known after apply)
+ name = "examplesqlroledef"
+ resource_group_name = "rg-cosmosdb-101"
+ role_definition_id = (known after apply)
+ type = "CustomRole"
+ permissions {
+ data_actions = [
+ "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read",
]
}
}
# azurerm_resource_group.example will be created
+ resource "azurerm_resource_group" "example" {
+ id = (known after apply)
+ location = "centralus"
+ name = "rg-cosmosdb-101"
}
Plan: 6 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ cosmosdb_account_id = (known after apply)
+ cosmosdb_sql_database_id = (known after apply)
```

86
quickstart/101-cosmos-db-aad-rbac/main.tf
View File

@ -1,86 +0,0 @@
data "azurerm_client_config" "current" {}
resource "azurerm_resource_group" "example" {
name = var.resource_group_name
location = var.location
}
resource "azurerm_cosmosdb_account" "example" {
name = var.cosmosdb_account_name
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
geo_location {
location = var.location
failover_priority = 0
}
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
}
depends_on = [
azurerm_resource_group.example
]
}
resource "azurerm_cosmosdb_sql_database" "example" {
name = var.cosmosdb_sqldb_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
throughput = var.throughput
}
resource "azurerm_cosmosdb_sql_container" "example" {
name = var.sql_container_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.example.name
partition_key_path = "/definition/id"
partition_key_version = 1
throughput = 400
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
}
included_path {
path = "/included/?"
}
excluded_path {
path = "/excluded/?"
}
}
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
}
}
resource "azurerm_cosmosdb_sql_role_definition" "example" {
name = "examplesqlroledef"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
type = "CustomRole"
assignable_scopes = ["/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${azurerm_resource_group.example.name}/providers/Microsoft.DocumentDB/databaseAccounts/${azurerm_cosmosdb_account.example.name}"]
permissions {
data_actions = ["Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read"]
}
}
resource "azurerm_cosmosdb_sql_role_assignment" "example" {
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
role_definition_id = azurerm_cosmosdb_sql_role_definition.example.id
principal_id = data.azurerm_client_config.current.object_id
scope = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${azurerm_resource_group.example.name}/providers/Microsoft.DocumentDB/databaseAccounts/${azurerm_cosmosdb_account.example.name}"
}

7
quickstart/101-cosmos-db-aad-rbac/outputs.tf
View File

@ -1,7 +0,0 @@
output "cosmosdb_account_id" {
value = azurerm_cosmosdb_account.example.id
}
output "cosmosdb_sql_database_id" {
value = azurerm_cosmosdb_sql_database.example.id
}

12
quickstart/101-cosmos-db-aad-rbac/providers.tf
View File

@ -1,12 +0,0 @@
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">=3.0.0"
}
}
}
provider "azurerm" {
features {}
}

42
quickstart/101-cosmos-db-aad-rbac/variables.tf
View File

@ -1,42 +0,0 @@
variable "resource_group_name" {
type = string
description = "Resource group name"
}
variable "location" {
type = string
description = "Resource group location"
}
variable "cosmosdb_account_name" {
type = string
description = "Cosmos db account name"
}
variable "cosmosdb_account_location" {
type = string
description = "Cosmos db account location"
}
variable "cosmosdb_sqldb_name" {
type = string
description = "value"
}
variable "throughput" {
type = number
description = "Cosmos db database throughput"
validation {
condition = var.throughput >= 400 && var.throughput <= 1000000
error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
}
validation {
condition = var.throughput % 100 == 0
error_message = "Cosmos db throughput should be in increments of 100."
}
}
variable "sql_container_name" {
type = string
description = "SQL API container name."
}

172
quickstart/101-cosmos-db-analyticalstore/README.md
View File

@ -1,172 +0,0 @@
# Cosmos db analytical storage with SQL DB
This template deploys a cosmos db account with sql db and analytical store enabled. A similar example can be created using the [azurerm/cosmosdb module](https://github.com/azure/terraform-azurerm-cosmosdb).
## Terraform resource types
- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group)
- [azurerm_cosmosdb_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_account)
- [azurerm_cosmosdb_sql_database](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_database)
- [azurerm_cosmosdb_sql_container](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container)
## Variables
| Name | Description |
|-|-|
| `resource_group_name` | Resource group name |
| `resource_group_location` | Resource group location |
| `cosmosdb_account_name` | Cosmos db account name |
| `cosmosdb_location` | Cosmos db primary location |
| `throughput` | DB manual throughput |
| `sql_container_name` | Name of sql container |
| `analytical_storage_ttl` | TTL of items in container |
## Example terraform.tfvars file
```
resource_group_name = "rg-cosmosdb-101"
location = "centralus"
cosmosdb_account_name = "cosmosdb-dev-centralus-101"
cosmosdb_account_location = "centralus"
cosmosdb_sqldb_name = "sqlapidb"
throughput = 400
sql_container_name = "example-container"
analytical_storage_ttl = 600
```
## Usage
```bash
>terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# azurerm_cosmosdb_account.example will be created
+ resource "azurerm_cosmosdb_account" "example" {
+ access_key_metadata_writes_enabled = true
+ analytical_storage_enabled = true
+ connection_strings = (sensitive value)
+ create_mode = (known after apply)
+ default_identity_type = "FirstPartyIdentity"
+ enable_automatic_failover = false
+ enable_free_tier = false
+ enable_multiple_write_locations = false
+ endpoint = (known after apply)
+ id = (known after apply)
+ is_virtual_network_filter_enabled = false
+ kind = "GlobalDocumentDB"
+ local_authentication_disabled = false
+ location = "centralus"
+ mongo_server_version = (known after apply)
+ name = "cosmosdb-dev-centralus-101"
+ network_acl_bypass_for_azure_services = false
+ offer_type = "Standard"
+ primary_key = (sensitive value)
+ primary_readonly_key = (sensitive value)
+ public_network_access_enabled = true
+ read_endpoints = (known after apply)
+ resource_group_name = "rg-cosmosdb-101"
+ secondary_key = (sensitive value)
+ secondary_readonly_key = (sensitive value)
+ write_endpoints = (known after apply)
+ analytical_storage {
+ schema_type = (known after apply)
}
+ backup {
+ interval_in_minutes = (known after apply)
+ retention_in_hours = (known after apply)
+ storage_redundancy = (known after apply)
+ type = (known after apply)
}
+ capabilities {
+ name = (known after apply)
}
+ capacity {
+ total_throughput_limit = (known after apply)
}
+ consistency_policy {
+ consistency_level = "BoundedStaleness"
+ max_interval_in_seconds = 300
+ max_staleness_prefix = 100000
}
+ geo_location {
+ failover_priority = 0
+ id = (known after apply)
+ location = "centralus"
+ zone_redundant = false
}
}
# azurerm_cosmosdb_sql_container.example will be created
+ resource "azurerm_cosmosdb_sql_container" "example" {
+ account_name = "cosmosdb-dev-centralus-101"
+ analytical_storage_ttl = 600
+ database_name = "sqlapidb"
+ default_ttl = (known after apply)
+ id = (known after apply)
+ name = "example-container"
+ partition_key_path = "/definition/id"
+ partition_key_version = 1
+ resource_group_name = "rg-cosmosdb-101"
+ throughput = 400
+ conflict_resolution_policy {
+ conflict_resolution_path = (known after apply)
+ conflict_resolution_procedure = (known after apply)
+ mode = (known after apply)
}
+ indexing_policy {
+ indexing_mode = "consistent"
+ excluded_path {
+ path = "/excluded/?"
}
+ included_path {
+ path = "/*"
}
+ included_path {
+ path = "/included/?"
}
}
+ unique_key {
+ paths = [
+ "/definition/idlong",
+ "/definition/idshort",
]
}
}
# azurerm_cosmosdb_sql_database.example will be created
+ resource "azurerm_cosmosdb_sql_database" "example" {
+ account_name = "cosmosdb-dev-centralus-101"
+ id = (known after apply)
+ name = "sqlapidb"
+ resource_group_name = "rg-cosmosdb-101"
+ throughput = 400
}
# azurerm_resource_group.example will be created
+ resource "azurerm_resource_group" "example" {
+ id = (known after apply)
+ location = "centralus"
+ name = "rg-cosmosdb-101"
}
Plan: 4 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ cosmosdb_account_id = (known after apply)
+ cosmosdb_sql_database_id = (known after apply)
```

66
quickstart/101-cosmos-db-analyticalstore/main.tf
View File

@ -1,66 +0,0 @@
resource "azurerm_resource_group" "example" {
name = var.resource_group_name
location = var.location
}
resource "azurerm_cosmosdb_account" "example" {
name = var.cosmosdb_account_name
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
analytical_storage_enabled = true
geo_location {
location = var.location
failover_priority = 0
}
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
}
depends_on = [
azurerm_resource_group.example
]
}
resource "azurerm_cosmosdb_sql_database" "example" {
name = var.cosmosdb_sqldb_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
throughput = var.throughput
}
resource "azurerm_cosmosdb_sql_container" "example" {
name = var.sql_container_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.example.name
partition_key_path = "/definition/id"
partition_key_version = 1
throughput = 400
analytical_storage_ttl = var.analytical_storage_ttl
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
}
included_path {
path = "/included/?"
}
excluded_path {
path = "/excluded/?"
}
}
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
}
}

7
quickstart/101-cosmos-db-analyticalstore/outputs.tf
View File

@ -1,7 +0,0 @@
output "cosmosdb_account_id" {
value = azurerm_cosmosdb_account.example.id
}
output "cosmosdb_sql_database_id" {
value = azurerm_cosmosdb_sql_database.example.id
}

12
quickstart/101-cosmos-db-analyticalstore/providers.tf
View File

@ -1,12 +0,0 @@
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">=3.0.0"
}
}
}
provider "azurerm" {
features {}
}

47
quickstart/101-cosmos-db-analyticalstore/variables.tf
View File

@ -1,47 +0,0 @@
variable "resource_group_name" {
type = string
description = "Resource group name"
}
variable "location" {
type = string
description = "Resource group location"
}
variable "cosmosdb_account_name" {
type = string
description = "Cosmos db account name"
}
variable "cosmosdb_account_location" {
type = string
description = "Cosmos db account location"
}
variable "cosmosdb_sqldb_name" {
type = string
description = "value"
}
variable "throughput" {
type = number
description = "Cosmos db database throughput"
validation {
condition = var.throughput >= 400 && var.throughput <= 1000000
error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
}
validation {
condition = var.throughput % 100 == 0
error_message = "Cosmos db throughput should be in increments of 100."
}
}
variable "sql_container_name" {
type = string
description = "SQL API container name."
}
variable "analytical_storage_ttl" {
type = number
description = "Analytical Storage TTL in seconds."
}

175
quickstart/101-cosmos-db-autoscale/README.md
View File

@ -1,175 +0,0 @@
# Cosmos db autoscaling with SQL DB
This template deploys a cosmos db account with sql db and autoscaling enabled. A similar example can be created using the [azurerm/cosmosdb module](https://github.com/azure/terraform-azurerm-cosmosdb).
## Terraform resource types
- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group)
- [azurerm_cosmosdb_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_account)
- [azurerm_cosmosdb_sql_database](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_database)
- [azurerm_cosmosdb_sql_container](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container)
## Variables
| Name | Description |
|-|-|
| `resource_group_name` | Resource group name |
| `resource_group_location` | Resource group location |
| `cosmosdb_account_name` | Cosmos db account name |
| `cosmosdb_location` | Cosmos db primary location |
| `sql_container_name` | Name of sql container |
| `max_throughput` | DB Max throughput for autoscaling |
## Example terraform.tfvars file
```
resource_group_name = "rg-cosmosdb-101"
location = "centralus"
cosmosdb_account_name = "cosmosdb-dev-centralus-101"
cosmosdb_account_location = "centralus"
sql_container_name = "example-container"
cosmosdb_sqldb_name = "sqlapidb"
max_throughput = 4000
```
## Usage
```bash
>terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# azurerm_cosmosdb_account.example will be created
+ resource "azurerm_cosmosdb_account" "example" {
+ access_key_metadata_writes_enabled = true
+ analytical_storage_enabled = false
+ connection_strings = (sensitive value)
+ create_mode = (known after apply)
+ default_identity_type = "FirstPartyIdentity"
+ enable_automatic_failover = false
+ enable_free_tier = false
+ enable_multiple_write_locations = false
+ endpoint = (known after apply)
+ id = (known after apply)
+ is_virtual_network_filter_enabled = false
+ kind = "GlobalDocumentDB"
+ local_authentication_disabled = false
+ location = "centralus"
+ mongo_server_version = (known after apply)
+ name = "cosmosdb-dev-centralus-101"
+ network_acl_bypass_for_azure_services = false
+ offer_type = "Standard"
+ primary_key = (sensitive value)
+ primary_readonly_key = (sensitive value)
+ public_network_access_enabled = true
+ read_endpoints = (known after apply)
+ resource_group_name = "rg-cosmosdb-101"
+ secondary_key = (sensitive value)
+ secondary_readonly_key = (sensitive value)
+ write_endpoints = (known after apply)
+ analytical_storage {
+ schema_type = (known after apply)
}
+ backup {
+ interval_in_minutes = (known after apply)
+ retention_in_hours = (known after apply)
+ storage_redundancy = (known after apply)
+ type = (known after apply)
}
+ capabilities {
+ name = (known after apply)
}
+ capacity {
+ total_throughput_limit = (known after apply)
}
+ consistency_policy {
+ consistency_level = "BoundedStaleness"
+ max_interval_in_seconds = 300
+ max_staleness_prefix = 100000
}
+ geo_location {
+ failover_priority = 0
+ id = (known after apply)
+ location = "centralus"
+ zone_redundant = false
}
}
# azurerm_cosmosdb_sql_container.example will be created
+ resource "azurerm_cosmosdb_sql_container" "example" {
+ account_name = "cosmosdb-dev-centralus-101"
+ database_name = "sqlapidb"
+ default_ttl = (known after apply)
+ id = (known after apply)
+ name = "example-container"
+ partition_key_path = "/definition/id"
+ partition_key_version = 1
+ resource_group_name = "rg-cosmosdb-101"
+ throughput = (known after apply)
+ autoscale_settings {
+ max_throughput = 4000
}
+ conflict_resolution_policy {
+ conflict_resolution_path = (known after apply)
+ conflict_resolution_procedure = (known after apply)
+ mode = (known after apply)
}
+ indexing_policy {
+ indexing_mode = "consistent"
+ excluded_path {
+ path = "/excluded/?"
}
+ included_path {
+ path = "/*"
}
+ included_path {
+ path = "/included/?"
}
}
+ unique_key {
+ paths = [
+ "/definition/idlong",
+ "/definition/idshort",
]
}
}
# azurerm_cosmosdb_sql_database.example will be created
+ resource "azurerm_cosmosdb_sql_database" "example" {
+ account_name = "cosmosdb-dev-centralus-101"
+ id = (known after apply)
+ name = "sqlapidb"
+ resource_group_name = "rg-cosmosdb-101"
+ throughput = (known after apply)
+ autoscale_settings {
+ max_throughput = 4000
}
}
# azurerm_resource_group.example will be created
+ resource "azurerm_resource_group" "example" {
+ id = (known after apply)
+ location = "centralus"
+ name = "rg-cosmosdb-101"
}
Plan: 4 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ cosmosdb_account_id = (known after apply)
+ cosmosdb_sql_database_id = (known after apply)
```

66
quickstart/101-cosmos-db-autoscale/main.tf
View File

@ -1,66 +0,0 @@
resource "azurerm_resource_group" "example" {
name = var.resource_group_name
location = var.location
}
resource "azurerm_cosmosdb_account" "example" {
name = var.cosmosdb_account_name
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
geo_location {
location = var.location
failover_priority = 0
}
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
}
depends_on = [
azurerm_resource_group.example
]
}
resource "azurerm_cosmosdb_sql_database" "example" {
name = var.cosmosdb_sqldb_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
autoscale_settings {
max_throughput = var.max_throughput
}
}
resource "azurerm_cosmosdb_sql_container" "example" {
name = var.sql_container_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.example.name
partition_key_path = "/definition/id"
partition_key_version = 1
autoscale_settings {
max_throughput = var.max_throughput
}
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
}
included_path {
path = "/included/?"
}
excluded_path {
path = "/excluded/?"
}
}
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
}
}

7
quickstart/101-cosmos-db-autoscale/outputs.tf
View File

@ -1,7 +0,0 @@
output "cosmosdb_account_id" {
value = azurerm_cosmosdb_account.example.id
}
output "cosmosdb_sql_database_id" {
value = azurerm_cosmosdb_sql_database.example.id
}

12
quickstart/101-cosmos-db-autoscale/providers.tf
View File

@ -1,12 +0,0 @@
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">=3.0.0"
}
}
}
provider "azurerm" {
features {}
}

43
quickstart/101-cosmos-db-autoscale/variables.tf
View File

@ -1,43 +0,0 @@
variable "resource_group_name" {
type = string
description = "Resource group name"
}
variable "location" {
type = string
description = "Resource group location"
}
variable "cosmosdb_account_name" {
type = string
description = "Cosmos db account name"
}
variable "cosmosdb_account_location" {
type = string
description = "Cosmos db account location"
}
variable "cosmosdb_sqldb_name" {
type = string
description = "value"
}
variable "sql_container_name" {
type = string
description = "SQL API container name."
}
variable "max_throughput" {
type = number
description = "Cosmos db database max throughput"
validation {
condition = var.max_throughput >= 4000 && var.max_throughput <= 1000000
error_message = "Cosmos db autoscale max throughput should be equal to or greater than 4000 and less than or equal to 1000000."
}
validation {
condition = var.max_throughput % 100 == 0
error_message = "Cosmos db max throughput should be in increments of 100."
}
}

168
quickstart/101-cosmos-db-free-tier/README.md
View File

@ -1,168 +0,0 @@
# Cosmos db free tier
This template deploys a cosmos db account with sql db and manual scaling in free tier. A similar example can be created using the [azurerm/cosmosdb module](https://github.com/azure/terraform-azurerm-cosmosdb).
## Terraform resource types
- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group)
- [azurerm_cosmosdb_account](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_account)
- [azurerm_cosmosdb_sql_database](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_database)
- [azurerm_cosmosdb_sql_container](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container)
## Variables
| Name | Description |
|-|-|
| `resource_group_name` | Resource group name |
| `resource_group_location` | Resource group location |
| `cosmosdb_account_name` | Cosmos db account name |
| `cosmosdb_location` | Cosmos db primary location |
| `sql_container_name` | Name of sql container |
| `throughput` | DB manual throughput |
## Example terraform.tfvars file
```
resource_group_name = "rg-cosmosdb-101"
location = "centralus"
cosmosdb_account_name = "cosmosdb-dev-centralus-101"
cosmosdb_account_location = "centralus"
cosmosdb_sqldb_name = "sqlapidb"
sql_container_name = "example-container"
throughput = 400
```
## Usage
```bash
>terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# azurerm_cosmosdb_account.example will be created
+ resource "azurerm_cosmosdb_account" "example" {
+ access_key_metadata_writes_enabled = true
+ analytical_storage_enabled = false
+ connection_strings = (sensitive value)
+ create_mode = (known after apply)
+ default_identity_type = "FirstPartyIdentity"
+ enable_automatic_failover = false
+ enable_free_tier = true
+ enable_multiple_write_locations = false
+ endpoint = (known after apply)
+ id = (known after apply)
+ is_virtual_network_filter_enabled = false
+ kind = "GlobalDocumentDB"
+ local_authentication_disabled = false
+ location = "centralus"
+ mongo_server_version = (known after apply)
+ name = "cosmosdb-dev-centralus-101"
+ network_acl_bypass_for_azure_services = false
+ offer_type = "Standard"
+ primary_key = (sensitive value)
+ primary_readonly_key = (sensitive value)
+ public_network_access_enabled = true
+ read_endpoints = (known after apply)
+ resource_group_name = "rg-cosmosdb-101"
+ secondary_key = (sensitive value)
+ secondary_readonly_key = (sensitive value)
+ write_endpoints = (known after apply)
+ analytical_storage {
+ schema_type = (known after apply)
}
+ backup {
+ interval_in_minutes = (known after apply)
+ retention_in_hours = (known after apply)
+ storage_redundancy = (known after apply)
+ type = (known after apply)
}
+ capabilities {
+ name = (known after apply)
}
+ capacity {
+ total_throughput_limit = (known after apply)
}
+ consistency_policy {
+ consistency_level = "BoundedStaleness"
+ max_interval_in_seconds = 300
+ max_staleness_prefix = 100000
}
+ geo_location {
+ failover_priority = 0
+ id = (known after apply)
+ location = "centralus"
+ zone_redundant = false
}
}
# azurerm_cosmosdb_sql_container.example will be created
+ resource "azurerm_cosmosdb_sql_container" "example" {
+ account_name = "cosmosdb-dev-centralus-101"
+ database_name = "sqlapidb"
+ default_ttl = (known after apply)
+ id = (known after apply)
+ name = "example-container"
+ partition_key_path = "/definition/id"
+ partition_key_version = 1
+ resource_group_name = "rg-cosmosdb-101"
+ throughput = 400
+ conflict_resolution_policy {
+ conflict_resolution_path = (known after apply)
+ conflict_resolution_procedure = (known after apply)
+ mode = (known after apply)
}
+ indexing_policy {
+ indexing_mode = "consistent"
+ excluded_path {
+ path = "/excluded/?"
}
+ included_path {
+ path = "/*"
}
+ included_path {
+ path = "/included/?"
}
}
+ unique_key {
+ paths = [
+ "/definition/idlong",
+ "/definition/idshort",
]
}
}
# azurerm_cosmosdb_sql_database.example will be created
+ resource "azurerm_cosmosdb_sql_database" "example" {
+ account_name = "cosmosdb-dev-centralus-101"
+ id = (known after apply)
+ name = "sqlapidb"
+ resource_group_name = "rg-cosmosdb-101"
+ throughput = 400
}
# azurerm_resource_group.example will be created
+ resource "azurerm_resource_group" "example" {
+ id = (known after apply)
+ location = "centralus"
+ name = "rg-cosmosdb-101"
}
Plan: 4 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ cosmosdb_account_id = (known after apply)
+ cosmosdb_sql_database_id = (known after apply)
```

63
quickstart/101-cosmos-db-free-tier/main.tf
View File

@ -1,63 +0,0 @@
resource "azurerm_resource_group" "example" {
name = var.resource_group_name
location = var.location
}
resource "azurerm_cosmosdb_account" "example" {
name = var.cosmosdb_account_name
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
enable_free_tier = true
geo_location {
location = var.location
failover_priority = 0
}
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
}
depends_on = [
azurerm_resource_group.example
]
}
resource "azurerm_cosmosdb_sql_database" "example" {
name = var.cosmosdb_sqldb_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
throughput = var.throughput
}
resource "azurerm_cosmosdb_sql_container" "example" {
name = var.sql_container_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.example.name
partition_key_path = "/definition/id"
partition_key_version = 1
throughput = var.throughput
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
}
included_path {
path = "/included/?"
}
excluded_path {
path = "/excluded/?"
}
}
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
}
}

Some files were not shown because too many files have changed in this diff Show More