From 754603dcb2cc8dedfb56d123123b8b87add6ab7d Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Fri, 19 Dec 2025 10:30:36 +0200 Subject: [PATCH 1/3] Add managed disks in lunx vm module --- .../managed_data_disks.tf | 77 +++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 src/modules/virtual_machines/linux_virtual_machine/managed_data_disks.tf diff --git a/src/modules/virtual_machines/linux_virtual_machine/managed_data_disks.tf b/src/modules/virtual_machines/linux_virtual_machine/managed_data_disks.tf new file mode 100644 index 00000000..a30ceaa7 --- /dev/null +++ b/src/modules/virtual_machines/linux_virtual_machine/managed_data_disks.tf @@ -0,0 +1,77 @@ +resource "azurerm_managed_disk" "data" { + for_each = try(var.settings.data_disks, {}) + + name = try(each.value.name, "${var.settings.name}-data-disk-${each.key}") + storage_account_type = try(each.value.storage_account_type, "Standard_LRS") + location = local.location + resource_group_name = local.resource_group_name + create_option = each.value.create_option + disk_encryption_set_id = try(each.value.disk_encryption_set_id, null) + disk_iops_read_write = try(each.value.disk_iops_read_write, null) + disk_mbps_read_write = try(each.value.disk_mbps_read_write, null) + disk_iops_read_only = try(each.value.disk_iops_read_only, null) + disk_mbps_read_only = try(each.value.disk_mbps_read_only, null) + upload_size_bytes = try(each.value.upload_size_bytes, null) + disk_size_gb = try(each.value.disk_size_gb, null) + edge_zone = try(each.value.edge_zone, null) + hyper_v_generation = try(each.value.hyper_v_generation, null) + image_reference_id = try(each.value.image_reference_id, null) + gallery_image_reference_id = try(each.value.gallery_image_reference_id, null) + logical_sector_size = try(each.value.logical_sector_size, null) + optimized_frequent_attach_enabled = try(each.value.optimized_frequent_attach_enabled, null) + performance_plus_enabled = try(each.value.performance_plus_enabled, null) + os_type = try(each.value.os_type, null) + source_resource_id = try(each.value.source_resource_id, null) + source_uri = try(each.value.source_uri, null) + tier = try(each.value.tier, null) + max_shares = try(each.value.max_shares, null) + trusted_launch_enabled = try(each.value.trusted_launch_enabled, null) + security_type = try(each.value.security_type, null) + secure_vm_disk_encryption_set_id = try(each.value.secure_vm_disk_encryption_set_id, null) + on_demand_bursting_enabled = try(each.value.on_demand_bursting_enabled, null) + zone = try(each.value.zone, null) + network_access_policy = try(each.value.network_access_policy, null) + disk_access_id = try(each.value.disk_access_id, null) + public_network_access_enabled = try(each.value.public_network_access_enabled, null) + + storage_account_id = try( + var.resources[ + try(var.settings.stacc_lz_key, var.client_config.landingzone_key) + ].storage_accounts[each.value.storage_account_ref].id, + each.value.storage_account_id, + null + ) + + tags = { + environment = "staging" + } + + dynamic "encryption_settings" { + for_each = can(each.value.encryption_settings) ? [1] : [] + content { + disk_encryption_key { + secret_url = each.value.encryption_settings.disk_encryption_key.secret_url + source_vault_id = try( + var.resources[ + try(each.value.encryption_settings.disk_encryption_key.kv_lz_key, var.client_config.landingzone_key) + ].keyvaults[each.value.encryption_settings.disk_encryption_key.kv_ref].id, + each.value.encryption_settings.disk_encryption_key.source_vault_id, + null + ) + } + dynamic "key_encryption_key" { + for_each = can(each.value.encryption_settings.key_encryption_key) ? [1] : [] + content { + key_url = each.value.encryption_settings.key_encryption_key.key_url + source_vault_id = try( + var.resources[ + try(each.value.encryption_settings.key_encryption_key.kv_lz_key, var.client_config.landingzone_key) + ].keyvaults[each.value.encryption_settings.key_encryption_key.kv_ref].id, + each.value.encryption_settings.key_encryption_key.source_vault_id, + null + ) + } + } + } + } +} From 375ec42afc0a96b942232fec3834822ad988310f Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Fri, 19 Dec 2025 12:04:51 +0200 Subject: [PATCH 2/3] Add module's missing arguments --- .../managed_data_disks.tf | 147 +++++++++--------- .../linux_virtual_machine/managed_disks.tf | 49 ++++-- 2 files changed, 114 insertions(+), 82 deletions(-) diff --git a/src/modules/virtual_machines/linux_virtual_machine/managed_data_disks.tf b/src/modules/virtual_machines/linux_virtual_machine/managed_data_disks.tf index a30ceaa7..696c8cbb 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/managed_data_disks.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/managed_data_disks.tf @@ -1,77 +1,78 @@ -resource "azurerm_managed_disk" "data" { - for_each = try(var.settings.data_disks, {}) +# resource "azurerm_managed_disk" "data" { +# for_each = try(var.settings.data_disks, {}) - name = try(each.value.name, "${var.settings.name}-data-disk-${each.key}") - storage_account_type = try(each.value.storage_account_type, "Standard_LRS") - location = local.location - resource_group_name = local.resource_group_name - create_option = each.value.create_option - disk_encryption_set_id = try(each.value.disk_encryption_set_id, null) - disk_iops_read_write = try(each.value.disk_iops_read_write, null) - disk_mbps_read_write = try(each.value.disk_mbps_read_write, null) - disk_iops_read_only = try(each.value.disk_iops_read_only, null) - disk_mbps_read_only = try(each.value.disk_mbps_read_only, null) - upload_size_bytes = try(each.value.upload_size_bytes, null) - disk_size_gb = try(each.value.disk_size_gb, null) - edge_zone = try(each.value.edge_zone, null) - hyper_v_generation = try(each.value.hyper_v_generation, null) - image_reference_id = try(each.value.image_reference_id, null) - gallery_image_reference_id = try(each.value.gallery_image_reference_id, null) - logical_sector_size = try(each.value.logical_sector_size, null) - optimized_frequent_attach_enabled = try(each.value.optimized_frequent_attach_enabled, null) - performance_plus_enabled = try(each.value.performance_plus_enabled, null) - os_type = try(each.value.os_type, null) - source_resource_id = try(each.value.source_resource_id, null) - source_uri = try(each.value.source_uri, null) - tier = try(each.value.tier, null) - max_shares = try(each.value.max_shares, null) - trusted_launch_enabled = try(each.value.trusted_launch_enabled, null) - security_type = try(each.value.security_type, null) - secure_vm_disk_encryption_set_id = try(each.value.secure_vm_disk_encryption_set_id, null) - on_demand_bursting_enabled = try(each.value.on_demand_bursting_enabled, null) - zone = try(each.value.zone, null) - network_access_policy = try(each.value.network_access_policy, null) - disk_access_id = try(each.value.disk_access_id, null) - public_network_access_enabled = try(each.value.public_network_access_enabled, null) +# name = try(each.value.name, "${var.settings.name}-data-disk-${each.key}") +# storage_account_type = try(each.value.storage_account_type, "Standard_LRS") +# location = local.location +# resource_group_name = local.resource_group_name +# create_option = each.value.create_option +# disk_size_gb = try(each.value.disk_size_gb, null) +# zone = try(each.value.zone, null) +# tier = try(each.value.tier, null) - storage_account_id = try( - var.resources[ - try(var.settings.stacc_lz_key, var.client_config.landingzone_key) - ].storage_accounts[each.value.storage_account_ref].id, - each.value.storage_account_id, - null - ) +# disk_encryption_set_id = try(each.value.disk_encryption_set_id, null) +# disk_iops_read_write = try(each.value.disk_iops_read_write, null) +# disk_mbps_read_write = try(each.value.disk_mbps_read_write, null) +# disk_iops_read_only = try(each.value.disk_iops_read_only, null) +# disk_mbps_read_only = try(each.value.disk_mbps_read_only, null) +# upload_size_bytes = try(each.value.upload_size_bytes, null) +# edge_zone = try(each.value.edge_zone, null) +# hyper_v_generation = try(each.value.hyper_v_generation, null) +# image_reference_id = try(each.value.image_reference_id, null) +# gallery_image_reference_id = try(each.value.gallery_image_reference_id, null) +# logical_sector_size = try(each.value.logical_sector_size, null) +# optimized_frequent_attach_enabled = try(each.value.optimized_frequent_attach_enabled, null) +# performance_plus_enabled = try(each.value.performance_plus_enabled, null) +# os_type = try(each.value.os_type, null) +# source_resource_id = try(each.value.source_resource_id, null) +# source_uri = try(each.value.source_uri, null) +# max_shares = try(each.value.max_shares, null) +# trusted_launch_enabled = try(each.value.trusted_launch_enabled, null) +# security_type = try(each.value.security_type, null) +# secure_vm_disk_encryption_set_id = try(each.value.secure_vm_disk_encryption_set_id, null) +# on_demand_bursting_enabled = try(each.value.on_demand_bursting_enabled, null) +# network_access_policy = try(each.value.network_access_policy, null) +# disk_access_id = try(each.value.disk_access_id, null) +# public_network_access_enabled = try(each.value.public_network_access_enabled, null) - tags = { - environment = "staging" - } +# storage_account_id = try( +# var.resources[ +# try(var.settings.stacc_lz_key, var.client_config.landingzone_key) +# ].storage_accounts[each.value.storage_account_ref].id, +# each.value.storage_account_id, +# null +# ) - dynamic "encryption_settings" { - for_each = can(each.value.encryption_settings) ? [1] : [] - content { - disk_encryption_key { - secret_url = each.value.encryption_settings.disk_encryption_key.secret_url - source_vault_id = try( - var.resources[ - try(each.value.encryption_settings.disk_encryption_key.kv_lz_key, var.client_config.landingzone_key) - ].keyvaults[each.value.encryption_settings.disk_encryption_key.kv_ref].id, - each.value.encryption_settings.disk_encryption_key.source_vault_id, - null - ) - } - dynamic "key_encryption_key" { - for_each = can(each.value.encryption_settings.key_encryption_key) ? [1] : [] - content { - key_url = each.value.encryption_settings.key_encryption_key.key_url - source_vault_id = try( - var.resources[ - try(each.value.encryption_settings.key_encryption_key.kv_lz_key, var.client_config.landingzone_key) - ].keyvaults[each.value.encryption_settings.key_encryption_key.kv_ref].id, - each.value.encryption_settings.key_encryption_key.source_vault_id, - null - ) - } - } - } - } -} +# tags = { +# environment = "staging" +# } + +# dynamic "encryption_settings" { +# for_each = can(each.value.encryption_settings) ? [1] : [] +# content { +# disk_encryption_key { +# secret_url = each.value.encryption_settings.disk_encryption_key.secret_url +# source_vault_id = try( +# var.resources[ +# try(each.value.encryption_settings.disk_encryption_key.kv_lz_key, var.client_config.landingzone_key) +# ].keyvaults[each.value.encryption_settings.disk_encryption_key.kv_ref].id, +# each.value.encryption_settings.disk_encryption_key.source_vault_id, +# null +# ) +# } +# dynamic "key_encryption_key" { +# for_each = can(each.value.encryption_settings.key_encryption_key) ? [1] : [] +# content { +# key_url = each.value.encryption_settings.key_encryption_key.key_url +# source_vault_id = try( +# var.resources[ +# try(each.value.encryption_settings.key_encryption_key.kv_lz_key, var.client_config.landingzone_key) +# ].keyvaults[each.value.encryption_settings.key_encryption_key.kv_ref].id, +# each.value.encryption_settings.key_encryption_key.source_vault_id, +# null +# ) +# } +# } +# } +# } +# } diff --git a/src/modules/virtual_machines/linux_virtual_machine/managed_disks.tf b/src/modules/virtual_machines/linux_virtual_machine/managed_disks.tf index 440df2d5..950d2255 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/managed_disks.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/managed_disks.tf @@ -1,15 +1,46 @@ resource "azurerm_managed_disk" "main" { for_each = try(var.settings.data_disks, {}) - name = each.value.name - location = local.location - resource_group_name = local.resource_group_name - storage_account_type = try(each.value.storage_account_type, "Standard_LRS") - create_option = try(each.value.create_option, "Empty") - disk_size_gb = try(each.value.disk_size_gb, 10) - zone = try(each.value.zone, null) - tier = try(each.value.tier, null) - tags = local.tags + name = each.value.name + location = local.location + resource_group_name = local.resource_group_name + storage_account_type = try(each.value.storage_account_type, "Standard_LRS") + create_option = try(each.value.create_option, "Empty") + disk_size_gb = try(each.value.disk_size_gb, 10) + zone = try(each.value.zone, null) + tier = try(each.value.tier, null) + disk_encryption_set_id = try(each.value.disk_encryption_set_id, null) + disk_iops_read_write = try(each.value.disk_iops_read_write, null) + disk_mbps_read_write = try(each.value.disk_mbps_read_write, null) + disk_iops_read_only = try(each.value.disk_iops_read_only, null) + disk_mbps_read_only = try(each.value.disk_mbps_read_only, null) + upload_size_bytes = try(each.value.upload_size_bytes, null) + edge_zone = try(each.value.edge_zone, null) + hyper_v_generation = try(each.value.hyper_v_generation, null) + image_reference_id = try(each.value.image_reference_id, null) + gallery_image_reference_id = try(each.value.gallery_image_reference_id, null) + logical_sector_size = try(each.value.logical_sector_size, null) + optimized_frequent_attach_enabled = try(each.value.optimized_frequent_attach_enabled, null) + performance_plus_enabled = try(each.value.performance_plus_enabled, null) + os_type = try(each.value.os_type, null) + source_resource_id = try(each.value.source_resource_id, null) + source_uri = try(each.value.source_uri, null) + max_shares = try(each.value.max_shares, null) + trusted_launch_enabled = try(each.value.trusted_launch_enabled, null) + security_type = try(each.value.security_type, null) + secure_vm_disk_encryption_set_id = try(each.value.secure_vm_disk_encryption_set_id, null) + on_demand_bursting_enabled = try(each.value.on_demand_bursting_enabled, null) + network_access_policy = try(each.value.network_access_policy, null) + disk_access_id = try(each.value.disk_access_id, null) + public_network_access_enabled = try(each.value.public_network_access_enabled, null) + storage_account_id = try( + var.resources[ + try(each.value.stacc_lz_key, var.client_config.landingzone_key) + ].storage_accounts[each.value.storage_account_ref].id, + each.value.storage_account_id, + null + ) + tags = try(each.value.tags, local.tags) } resource "azurerm_virtual_machine_data_disk_attachment" "main" { From 697d8f3ac96db4209b77719a80e1688811bd0636 Mon Sep 17 00:00:00 2001 From: Borislav Raynov Date: Fri, 19 Dec 2025 12:18:33 +0200 Subject: [PATCH 3/3] Remove dublicated files --- .../managed_data_disks.tf | 78 ------------------- 1 file changed, 78 deletions(-) delete mode 100644 src/modules/virtual_machines/linux_virtual_machine/managed_data_disks.tf diff --git a/src/modules/virtual_machines/linux_virtual_machine/managed_data_disks.tf b/src/modules/virtual_machines/linux_virtual_machine/managed_data_disks.tf deleted file mode 100644 index 696c8cbb..00000000 --- a/src/modules/virtual_machines/linux_virtual_machine/managed_data_disks.tf +++ /dev/null @@ -1,78 +0,0 @@ -# resource "azurerm_managed_disk" "data" { -# for_each = try(var.settings.data_disks, {}) - -# name = try(each.value.name, "${var.settings.name}-data-disk-${each.key}") -# storage_account_type = try(each.value.storage_account_type, "Standard_LRS") -# location = local.location -# resource_group_name = local.resource_group_name -# create_option = each.value.create_option -# disk_size_gb = try(each.value.disk_size_gb, null) -# zone = try(each.value.zone, null) -# tier = try(each.value.tier, null) - -# disk_encryption_set_id = try(each.value.disk_encryption_set_id, null) -# disk_iops_read_write = try(each.value.disk_iops_read_write, null) -# disk_mbps_read_write = try(each.value.disk_mbps_read_write, null) -# disk_iops_read_only = try(each.value.disk_iops_read_only, null) -# disk_mbps_read_only = try(each.value.disk_mbps_read_only, null) -# upload_size_bytes = try(each.value.upload_size_bytes, null) -# edge_zone = try(each.value.edge_zone, null) -# hyper_v_generation = try(each.value.hyper_v_generation, null) -# image_reference_id = try(each.value.image_reference_id, null) -# gallery_image_reference_id = try(each.value.gallery_image_reference_id, null) -# logical_sector_size = try(each.value.logical_sector_size, null) -# optimized_frequent_attach_enabled = try(each.value.optimized_frequent_attach_enabled, null) -# performance_plus_enabled = try(each.value.performance_plus_enabled, null) -# os_type = try(each.value.os_type, null) -# source_resource_id = try(each.value.source_resource_id, null) -# source_uri = try(each.value.source_uri, null) -# max_shares = try(each.value.max_shares, null) -# trusted_launch_enabled = try(each.value.trusted_launch_enabled, null) -# security_type = try(each.value.security_type, null) -# secure_vm_disk_encryption_set_id = try(each.value.secure_vm_disk_encryption_set_id, null) -# on_demand_bursting_enabled = try(each.value.on_demand_bursting_enabled, null) -# network_access_policy = try(each.value.network_access_policy, null) -# disk_access_id = try(each.value.disk_access_id, null) -# public_network_access_enabled = try(each.value.public_network_access_enabled, null) - -# storage_account_id = try( -# var.resources[ -# try(var.settings.stacc_lz_key, var.client_config.landingzone_key) -# ].storage_accounts[each.value.storage_account_ref].id, -# each.value.storage_account_id, -# null -# ) - -# tags = { -# environment = "staging" -# } - -# dynamic "encryption_settings" { -# for_each = can(each.value.encryption_settings) ? [1] : [] -# content { -# disk_encryption_key { -# secret_url = each.value.encryption_settings.disk_encryption_key.secret_url -# source_vault_id = try( -# var.resources[ -# try(each.value.encryption_settings.disk_encryption_key.kv_lz_key, var.client_config.landingzone_key) -# ].keyvaults[each.value.encryption_settings.disk_encryption_key.kv_ref].id, -# each.value.encryption_settings.disk_encryption_key.source_vault_id, -# null -# ) -# } -# dynamic "key_encryption_key" { -# for_each = can(each.value.encryption_settings.key_encryption_key) ? [1] : [] -# content { -# key_url = each.value.encryption_settings.key_encryption_key.key_url -# source_vault_id = try( -# var.resources[ -# try(each.value.encryption_settings.key_encryption_key.kv_lz_key, var.client_config.landingzone_key) -# ].keyvaults[each.value.encryption_settings.key_encryption_key.kv_ref].id, -# each.value.encryption_settings.key_encryption_key.source_vault_id, -# null -# ) -# } -# } -# } -# } -# }