From 4d9d6a2715091ac563b4a2741d851ffb76b59751 Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Tue, 4 Feb 2025 13:33:40 +0200
Subject: [PATCH 01/25] Refactor virtual machines module

---
 examples/virtual_machines.tfvars                            | 6 +++---
 src/modules/virtual_machines/_variables.tf                  | 2 +-
 .../virtual_machines/linux_virtual_machine/_variables.tf    | 2 +-
 .../virtual_machines/{virtual_machines.tf => main.tf}       | 4 ++--
 .../virtual_machines/network_interface/_variables.tf        | 2 +-
 .../network_interface/{network_interface.tf => main.tf}     | 0
 .../virtual_machines/windows_virtual_machine/_ouputs.tf     | 3 +++
 .../virtual_machines/windows_virtual_machine/_variables.tf  | 2 +-
 8 files changed, 12 insertions(+), 9 deletions(-)
 rename src/modules/virtual_machines/{virtual_machines.tf => main.tf} (85%)
 rename src/modules/virtual_machines/network_interface/{network_interface.tf => main.tf} (100%)

diff --git a/examples/virtual_machines.tfvars b/examples/virtual_machines.tfvars
index 51a5a09c..97452797 100644
--- a/examples/virtual_machines.tfvars
+++ b/examples/virtual_machines.tfvars
@@ -1,7 +1,7 @@
 virtual_machines = {
   machine_1 = {
     type               = "windows"
-    name               = "vm-win-braytest-dv-ne-02"
+    name               = "vm-win-test-dv-ne-02"
     resource_group_ref = "rg_test"
     size               = "Standard_F2"
     admin_username     = "adminuser"
@@ -40,7 +40,7 @@ virtual_machines = {
 
   machine_2 = {
     type               = "linux"
-    name               = "vm-lin-braytest-dv-ne-02"
+    name               = "vm-lin-test-dv-ne-02"
     resource_group_ref = "rg_test"
     size               = "Standard_F2"
     admin_username     = "adminuser"
@@ -95,7 +95,7 @@ virtual_machines = {
 # pre-requisites
 resource_groups = {
   rg_test = {
-    name     = "rg-braytest-dv-ne-02"
+    name     = "rg-test-dv-ne-02"
     location = "northeurope"
   }
 }
diff --git a/src/modules/virtual_machines/_variables.tf b/src/modules/virtual_machines/_variables.tf
index 6f1524d4..f1f1f520 100644
--- a/src/modules/virtual_machines/_variables.tf
+++ b/src/modules/virtual_machines/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for this resource"
+  description = "All the configuration for virtual machines"
 }
 
 variable "resources" {
diff --git a/src/modules/virtual_machines/linux_virtual_machine/_variables.tf b/src/modules/virtual_machines/linux_virtual_machine/_variables.tf
index 6f1524d4..dbbcebac 100644
--- a/src/modules/virtual_machines/linux_virtual_machine/_variables.tf
+++ b/src/modules/virtual_machines/linux_virtual_machine/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for this resource"
+  description = "All the configuration for linux virtual machine"
 }
 
 variable "resources" {
diff --git a/src/modules/virtual_machines/virtual_machines.tf b/src/modules/virtual_machines/main.tf
similarity index 85%
rename from src/modules/virtual_machines/virtual_machines.tf
rename to src/modules/virtual_machines/main.tf
index 2bc83027..2961e1eb 100644
--- a/src/modules/virtual_machines/virtual_machines.tf
+++ b/src/modules/virtual_machines/main.tf
@@ -1,4 +1,4 @@
-module "linux_virtual_machine" {
+module "linux_virtual_machines" {
   source = "./linux_virtual_machine"
 
   count           = var.settings.type == "linux" ? 1 : 0
@@ -7,7 +7,7 @@ module "linux_virtual_machine" {
   resources       = var.resources
 }
 
-module "windows_virtual_machine" {
+module "windows_virtual_machines" {
   source = "./windows_virtual_machine"
 
   count           = var.settings.type == "windows" ? 1 : 0
diff --git a/src/modules/virtual_machines/network_interface/_variables.tf b/src/modules/virtual_machines/network_interface/_variables.tf
index 6f1524d4..6ba2a504 100644
--- a/src/modules/virtual_machines/network_interface/_variables.tf
+++ b/src/modules/virtual_machines/network_interface/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for this resource"
+  description = "All the configuration for this network interface"
 }
 
 variable "resources" {
diff --git a/src/modules/virtual_machines/network_interface/network_interface.tf b/src/modules/virtual_machines/network_interface/main.tf
similarity index 100%
rename from src/modules/virtual_machines/network_interface/network_interface.tf
rename to src/modules/virtual_machines/network_interface/main.tf
diff --git a/src/modules/virtual_machines/windows_virtual_machine/_ouputs.tf b/src/modules/virtual_machines/windows_virtual_machine/_ouputs.tf
index e69de29b..4c5a9cb4 100644
--- a/src/modules/virtual_machines/windows_virtual_machine/_ouputs.tf
+++ b/src/modules/virtual_machines/windows_virtual_machine/_ouputs.tf
@@ -0,0 +1,3 @@
+output "id" {
+  value = azurerm_windows_virtual_machine.main.id
+}
diff --git a/src/modules/virtual_machines/windows_virtual_machine/_variables.tf b/src/modules/virtual_machines/windows_virtual_machine/_variables.tf
index 6f1524d4..77811f74 100644
--- a/src/modules/virtual_machines/windows_virtual_machine/_variables.tf
+++ b/src/modules/virtual_machines/windows_virtual_machine/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for this resource"
+  description = "All the configuration for windows virtual machine"
 }
 
 variable "resources" {

From 3018eca55e8d75b1728aa81afb02e8f37f8bdb06 Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Tue, 4 Feb 2025 15:37:11 +0200
Subject: [PATCH 02/25] Refactor storage accounts module

---
 src/modules/storage_account/_locals.tf        |   5 +
 .../storage_account/private_endpoint.tf       |  13 +-
 .../private_endpoint/_locals.tf               |  22 ++-
 .../private_endpoint/_variables.tf            |   8 +-
 .../{private_endpoint.tf => main.tf}          |   0
 .../storage_account/storage_account.tf        | 162 ++++++++++++++++--
 ...storage_account.tf => storage_accounts.tf} |   0
 7 files changed, 170 insertions(+), 40 deletions(-)
 rename src/modules/storage_account/private_endpoint/{private_endpoint.tf => main.tf} (100%)
 rename src/{storage_account.tf => storage_accounts.tf} (100%)

diff --git a/src/modules/storage_account/_locals.tf b/src/modules/storage_account/_locals.tf
index af37c82b..6c0f6454 100644
--- a/src/modules/storage_account/_locals.tf
+++ b/src/modules/storage_account/_locals.tf
@@ -9,6 +9,11 @@ locals {
     )
   ]
 
+  identity_ids = [
+    for id_ref in try(var.settings.identity.identity_ids_ref, []) :
+    var.resources.managed_identities[id_ref].id
+  ]
+
   tags = merge(
     var.global_settings.tags,
     var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},
diff --git a/src/modules/storage_account/private_endpoint.tf b/src/modules/storage_account/private_endpoint.tf
index 36f3f6dc..e0a4bd60 100644
--- a/src/modules/storage_account/private_endpoint.tf
+++ b/src/modules/storage_account/private_endpoint.tf
@@ -3,11 +3,10 @@ module "storage_account_endpoint" {
 
   count = try(var.settings.private_endpoint != null, false) ? 1 : 0
 
-  settings        = var.settings
-  storage_acccount_id     = azurerm_storage_account.main.id
-  subnet_ref      = var.settings.private_endpoint.subnet_ref
-  dns_zones_ref   = var.settings.private_endpoint.dns_zones_ref
-  global_settings = var.global_settings
-  resources       = var.resources
+  settings            = var.settings
+  storage_acccount_id = azurerm_storage_account.main.id
+  subnet_ref          = var.settings.private_endpoint.subnet_ref
+  dns_zones_ref       = var.settings.private_endpoint.dns_zones_ref
+  global_settings     = var.global_settings
+  resources           = var.resources
 }
-
diff --git a/src/modules/storage_account/private_endpoint/_locals.tf b/src/modules/storage_account/private_endpoint/_locals.tf
index 7d0b778e..5e7f72ce 100644
--- a/src/modules/storage_account/private_endpoint/_locals.tf
+++ b/src/modules/storage_account/private_endpoint/_locals.tf
@@ -1,23 +1,21 @@
 locals {
+  resource_group      = var.resources.resource_groups[var.settings.resource_group_ref]
+  resource_group_name = local.resource_group.name
+  location            = local.resource_group.location
+
   subnet_id = try(
     var.resources.virtual_networks[split("/", var.settings.private_endpoint.subnet_ref)[0]].subnets[split("/", var.settings.private_endpoint.subnet_ref)[1]].id,
     null
   )
+
+  dns_zone_ids = try([
+    for zone in var.settings.private_endpoint.dns_zones_ref :
+    var.resources.private_dns_zones[zone].id
+  ], null)
+
   tags = merge(
     var.global_settings.tags,
     var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},
     try(var.settings.tags, {})
   )
-
-  resource_group = var.resources.resource_groups[var.settings.resource_group_ref]
-
-  resource_group_name = local.resource_group.name
-  location            = local.resource_group.location
-}
-
-locals {
-  dns_zone_ids = try([
-    for zone in var.settings.private_endpoint.dns_zones_ref :
-    var.resources.private_dns_zones[zone].id
-  ], [])
 }
diff --git a/src/modules/storage_account/private_endpoint/_variables.tf b/src/modules/storage_account/private_endpoint/_variables.tf
index 0b220815..82498fd4 100644
--- a/src/modules/storage_account/private_endpoint/_variables.tf
+++ b/src/modules/storage_account/private_endpoint/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for this resource"
+  description = "All the configuration for private endpoint"
 }
 
 variable "storage_acccount_id" {
@@ -11,13 +11,13 @@ variable "storage_acccount_id" {
 }
 
 variable "resources" {
-  description = "All the configuration for this resource"
+  description = "All required resources"
 }
 
 variable "subnet_ref" {
-  description = "All the configuration for this resource"
+  description = "Subnet reference"
 }
 
 variable "dns_zones_ref" {
-  description = "All the configuration for this resource"
+  description = "Dns zone references"
 }
diff --git a/src/modules/storage_account/private_endpoint/private_endpoint.tf b/src/modules/storage_account/private_endpoint/main.tf
similarity index 100%
rename from src/modules/storage_account/private_endpoint/private_endpoint.tf
rename to src/modules/storage_account/private_endpoint/main.tf
diff --git a/src/modules/storage_account/storage_account.tf b/src/modules/storage_account/storage_account.tf
index c61731c7..fd2d0e56 100644
--- a/src/modules/storage_account/storage_account.tf
+++ b/src/modules/storage_account/storage_account.tf
@@ -7,27 +7,155 @@ resource "azurerm_storage_account" "main" {
   account_kind             = try(var.settings.account_kind, "StorageV2")
   account_tier             = try(var.settings.account_tier, "Standard")
   account_replication_type = var.settings.account_replication_type
-  allow_nested_items_to_be_public = try(var.settings.allow_nested_items_to_be_public, null)
 
+  allow_nested_items_to_be_public   = try(var.settings.allow_nested_items_to_be_public, null)
   cross_tenant_replication_enabled  = try(var.settings.cross_tenant_replication_enabled, null)
   large_file_share_enabled          = try(var.settings.large_file_share_enabled, null)
   infrastructure_encryption_enabled = try(var.settings.infrastructure_encryption_enabled, null)
+  is_hns_enabled                    = try(var.settings.is_hns_enabled, null)
+  sftp_enabled                      = try(var.settings.sftp_enabled, null)
+  nfsv3_enabled                     = try(var.settings.nfsv3_enabled, null)
 
-  is_hns_enabled = try(var.settings.is_hns_enabled, null)
-  sftp_enabled   = try(var.settings.sftp_enabled, null)
-  nfsv3_enabled  = try(var.settings.nfsv3_enabled, null)
-
-  # TODO: identity block
-  # TODO: blob properties block
-  # TODO: share_properties
-  # TODO: azure_files_authentication block
-  # TODO: routing block
-  # TODO: sas_policy block
-
-  network_rules {
-    default_action             = try(var.settings.network_rules.default_action, "Deny")
-    bypass                     = try(var.settings.network_rules.bypass, null)
-    ip_rules                   = try(var.settings.network_rules.allowed_ips, null)
-    virtual_network_subnet_ids = local.subnet_ids
+  dynamic "network_rules" {
+    for_each = can(var.settings.network_rules) ? [1] : []
+
+    content {
+      default_action             = try(var.settings.network_rules.default_action, "Deny")
+      bypass                     = try(var.settings.network_rules.bypass, null)
+      ip_rules                   = try(var.settings.network_rules.allowed_ips, null)
+      virtual_network_subnet_ids = try(local.subnet_ids, null)
+
+      dynamic "private_link_access" {
+        for_each = can(var.settings.network_rules.private_link_access) ? [1] : []
+
+        content {
+          endpoint_resource_id = var.settings.network_rules.private_link_access.endpoint_resource_id
+          endpoint_tenant_id   = try(var.settings.network_rules.private_link_access.endpoint_tenant_id, null)
+        }
+      }
+    }
+  }
+
+  dynamic "identity" {
+    for_each = can(var.settings.identity) ? [1] : []
+
+    content {
+      type         = try(var.settings.identity.type, null)
+      identity_ids = try(local.identity_ids, null)
+    }
+  }
+
+  dynamic "blob_properties" {
+    for_each = can(var.settings.blob_properties) ? [1] : []
+
+    content {
+      dynamic "cors_rule" {
+        for_each = can(var.settings.blob_properties.cors_rule) ? [1] : []
+
+        content {
+          allowed_headers    = var.settings.blob_properties.cors_rule.allowed_headers
+          allowed_methods    = var.settings.blob_properties.cors_rule.allowed_methods
+          allowed_origins    = var.settings.blob_properties.cors_rule.allowed_origins
+          exposed_headers    = var.settings.blob_properties.cors_rule.exposed_headers
+          max_age_in_seconds = var.settings.blob_properties.cors_rule.max_age_in_seconds
+        }
+      }
+
+      dynamic "delete_retention_policy" {
+        for_each = can(var.settings.blob_properties.delete_retention_policy) ? [1] : []
+
+        content {
+          days                     = try(var.settings.blob_properties.delete_retention_policy.days, null)
+          permanent_delete_enabled = try(var.settings.blob_properties.delete_retention_policy.permanent_delete_enabled, null)
+        }
+      }
+
+      dynamic "restore_policy" {
+        for_each = can(var.settings.blob_properties.restore_policy) ? [1] : []
+
+        content {
+          days = var.settings.blob_properties.restore_policy.days
+        }
+      }
+    }
+  }
+
+  dynamic "share_properties" {
+    for_each = can(var.settings.share_properties) ? [1] : []
+
+    content {
+      dynamic "cors_rule" {
+        for_each = can(var.settings.share_properties.cors_rule) ? [1] : []
+
+        content {
+          allowed_headers    = var.settings.share_properties.cors_rule.allowed_headers
+          allowed_methods    = var.settings.share_properties.cors_rule.allowed_methods
+          allowed_origins    = var.settings.share_properties.cors_rule.allowed_origins
+          exposed_headers    = var.settings.share_properties.cors_rule.exposed_headers
+          max_age_in_seconds = var.settings.share_properties.cors_rule.max_age_in_seconds
+        }
+      }
+
+      dynamic "retention_policy" {
+        for_each = can(var.settings.share_properties.retention_policy) ? [1] : []
+
+        content {
+          days = try(var.settings.share_properties.retention_policy.days, null)
+        }
+      }
+
+      dynamic "smb" {
+        for_each = can(var.settings.share_properties.smb) ? [1] : []
+
+        content {
+          versions                        = try(var.settings.share_properties.smb.versions, null)
+          authentication_types            = try(var.settings.share_properties.smb.authentication_types, null)
+          kerberos_ticket_encryption_type = try(var.settings.share_properties.smb.kerberos_ticket_encryption_type, null)
+          channel_encryption_type         = try(var.settings.share_properties.smb.channel_encryption_type, null)
+          multichannel_enabled            = try(var.settings.share_properties.smb.multichannel_enabled, null)
+        }
+      }
+    }
+  }
+
+  dynamic "azure_files_authentication" {
+    for_each = can(var.settings.azure_files_authentication) ? [1] : []
+
+    content {
+      directory_type                 = var.settings.azure_files_authentication.directory_type
+      default_share_level_permission = try(var.settings.azure_files_authentication.default_share_level_permission, null)
+
+      dynamic "active_directory" {
+        for_each = can(var.settings.azure_files_authentication.active_directory) ? [1] : []
+
+        content {
+          domain_name         = var.settings.azure_files_authentication.active_directory.domain_name
+          domain_guid         = var.settings.azure_files_authentication.active_directory.domain_guid
+          domain_sid          = try(var.settings.azure_files_authentication.active_directory.domain_sid, null)
+          storage_sid         = try(var.settings.azure_files_authentication.active_directory.storage_sid, null)
+          forest_name         = try(var.settings.azure_files_authentication.active_directory.forest_name, null)
+          netbios_domain_name = try(var.settings.azure_files_authentication.active_directory.netbios_domain_name, null)
+        }
+      }
+    }
+  }
+
+  dynamic "routing" {
+    for_each = can(var.settings.routing) ? [1] : []
+
+    content {
+      publish_internet_endpoints  = try(var.settings.routing.publish_internet_endpoints, null)
+      publish_microsoft_endpoints = try(var.settings.routing.publish_microsoft_endpoints, null)
+      choice                      = try(var.settings.routing.choice, null)
+    }
+  }
+
+  dynamic "sas_policy" {
+    for_each = try(var.settings.sas_policy, {})
+
+    content {
+      expiration_period = sas_policy.value.expiration_period
+      expiration_action = try(sas_policy.value.expiration_action, null)
+    }
   }
 }
diff --git a/src/storage_account.tf b/src/storage_accounts.tf
similarity index 100%
rename from src/storage_account.tf
rename to src/storage_accounts.tf

From 255cc62335a1c6f85c955123f1ae622cfd54f239 Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Tue, 4 Feb 2025 15:39:52 +0200
Subject: [PATCH 03/25] Refactor role definitions module

---
 src/modules/role_definition/{role_definition.tf => main.tf} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename src/modules/role_definition/{role_definition.tf => main.tf} (100%)

diff --git a/src/modules/role_definition/role_definition.tf b/src/modules/role_definition/main.tf
similarity index 100%
rename from src/modules/role_definition/role_definition.tf
rename to src/modules/role_definition/main.tf

From a6a47f94c609318594c70e627007c7fe336bc7cb Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Tue, 4 Feb 2025 15:44:51 +0200
Subject: [PATCH 04/25] Refactor managed identities module

---
 src/main.tf               | 12 ------------
 src/managed_identities.tf | 11 +++++++++++
 2 files changed, 11 insertions(+), 12 deletions(-)
 create mode 100644 src/managed_identities.tf

diff --git a/src/main.tf b/src/main.tf
index e7d1fc08..d614ab89 100644
--- a/src/main.tf
+++ b/src/main.tf
@@ -7,15 +7,3 @@ module "resource_groups" {
   settings        = each.value
   global_settings = local.global_settings
 }
-
-module "managed_identities" {
-  source   = "./modules/managed_identity"
-  for_each = var.managed_identities
-
-  settings        = each.value
-  global_settings = local.global_settings
-
-  resources = {
-    resource_groups = module.resource_groups
-  }
-}
diff --git a/src/managed_identities.tf b/src/managed_identities.tf
new file mode 100644
index 00000000..7d226999
--- /dev/null
+++ b/src/managed_identities.tf
@@ -0,0 +1,11 @@
+module "managed_identities" {
+  source   = "./modules/managed_identity"
+  for_each = var.managed_identities
+
+  settings        = each.value
+  global_settings = local.global_settings
+
+  resources = {
+    resource_groups = module.resource_groups
+  }
+}

From 69731d1a1a0cd4bcdde3623f65b86188c93eac69 Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Tue, 4 Feb 2025 15:48:30 +0200
Subject: [PATCH 05/25] Refcator role assignments module

---
 src/modules/managed_identity/_variables.tf                    | 2 +-
 .../{built_in_roles => built_in_role}/_variables.tf           | 0
 .../{built_in_roles => built_in_role}/main.tf                 | 0
 .../{custom_roles => custom_role}/_variables.tf               | 0
 .../{custom_roles/custom_roles.tf => custom_role/main.tf}     | 0
 src/modules/role_assignments/main.tf                          | 4 ++--
 6 files changed, 3 insertions(+), 3 deletions(-)
 rename src/modules/role_assignments/{built_in_roles => built_in_role}/_variables.tf (100%)
 rename src/modules/role_assignments/{built_in_roles => built_in_role}/main.tf (100%)
 rename src/modules/role_assignments/{custom_roles => custom_role}/_variables.tf (100%)
 rename src/modules/role_assignments/{custom_roles/custom_roles.tf => custom_role/main.tf} (100%)

diff --git a/src/modules/managed_identity/_variables.tf b/src/modules/managed_identity/_variables.tf
index 6f1524d4..ecc9eac0 100644
--- a/src/modules/managed_identity/_variables.tf
+++ b/src/modules/managed_identity/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for this resource"
+  description = "All the configuration for managed identity"
 }
 
 variable "resources" {
diff --git a/src/modules/role_assignments/built_in_roles/_variables.tf b/src/modules/role_assignments/built_in_role/_variables.tf
similarity index 100%
rename from src/modules/role_assignments/built_in_roles/_variables.tf
rename to src/modules/role_assignments/built_in_role/_variables.tf
diff --git a/src/modules/role_assignments/built_in_roles/main.tf b/src/modules/role_assignments/built_in_role/main.tf
similarity index 100%
rename from src/modules/role_assignments/built_in_roles/main.tf
rename to src/modules/role_assignments/built_in_role/main.tf
diff --git a/src/modules/role_assignments/custom_roles/_variables.tf b/src/modules/role_assignments/custom_role/_variables.tf
similarity index 100%
rename from src/modules/role_assignments/custom_roles/_variables.tf
rename to src/modules/role_assignments/custom_role/_variables.tf
diff --git a/src/modules/role_assignments/custom_roles/custom_roles.tf b/src/modules/role_assignments/custom_role/main.tf
similarity index 100%
rename from src/modules/role_assignments/custom_roles/custom_roles.tf
rename to src/modules/role_assignments/custom_role/main.tf
diff --git a/src/modules/role_assignments/main.tf b/src/modules/role_assignments/main.tf
index f33e9d88..eb9b1857 100644
--- a/src/modules/role_assignments/main.tf
+++ b/src/modules/role_assignments/main.tf
@@ -1,5 +1,5 @@
 module "built_in_roles" {
-  source = "./built_in_roles"
+  source = "./built_in_role"
 
   for_each = {
     for resource_type, roles in try(var.settings.built_in_roles, {}) :
@@ -16,7 +16,7 @@ module "built_in_roles" {
 }
 
 module "custom_roles" {
-  source = "./custom_roles"
+  source = "./custom_role"
 
   for_each = {
     for resource_type, roles in try(var.settings.custom_roles, {}) :

From 5e558e6b34e238fae8068d6bc49d39b5dc6be20e Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Tue, 4 Feb 2025 15:58:49 +0200
Subject: [PATCH 06/25] Refactor managed disks module

---
 src/modules/managed_disk/_variables.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/modules/managed_disk/_variables.tf b/src/modules/managed_disk/_variables.tf
index 6f1524d4..e1151183 100644
--- a/src/modules/managed_disk/_variables.tf
+++ b/src/modules/managed_disk/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for this resource"
+  description = "All the configuration for managed disk"
 }
 
 variable "resources" {

From 84e425373c57af1589fa21fbf6d87621240c8aaf Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Tue, 4 Feb 2025 16:06:26 +0200
Subject: [PATCH 07/25] Refactor log log analytics workspaces module

---
 src/modules/log_analytics_workspace/_variables.tf  |  2 +-
 .../log_analytics_data_export_rule.tf              | 10 +++++-----
 .../log_analytics_workspace.tf                     | 14 +++++++-------
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/src/modules/log_analytics_workspace/_variables.tf b/src/modules/log_analytics_workspace/_variables.tf
index a3f46b5f..0b5598ed 100644
--- a/src/modules/log_analytics_workspace/_variables.tf
+++ b/src/modules/log_analytics_workspace/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for log analytics workspace module"
+  description = "All the configuration for log analytics workspace"
 }
 
 variable "resources" {
diff --git a/src/modules/log_analytics_workspace/log_analytics_data_export_rule.tf b/src/modules/log_analytics_workspace/log_analytics_data_export_rule.tf
index 92b52751..377b753c 100644
--- a/src/modules/log_analytics_workspace/log_analytics_data_export_rule.tf
+++ b/src/modules/log_analytics_workspace/log_analytics_data_export_rule.tf
@@ -10,13 +10,13 @@ resource "azurerm_log_analytics_data_export_rule" "main" {
   enabled = try(each.value.enabled, false)
 
   dynamic "timeouts" {
-    for_each = try(each.value.timeouts[*], {})
+    for_each = can(var.settings.timeouts) ? [1] : []
 
     content {
-      read   = try(timeouts.value.read, null)
-      create = try(timeouts.value.create, null)
-      update = try(timeouts.value.update, null)
-      delete = try(timeouts.value.delete, null)
+      read   = try(var.settings.timeouts.read, null)
+      create = try(var.settings.timeouts.create, null)
+      update = try(var.settings.timeouts.update, null)
+      delete = try(var.settings.timeouts.delete, null)
     }
   }
 }
diff --git a/src/modules/log_analytics_workspace/log_analytics_workspace.tf b/src/modules/log_analytics_workspace/log_analytics_workspace.tf
index b43cc4b8..f29f2a46 100644
--- a/src/modules/log_analytics_workspace/log_analytics_workspace.tf
+++ b/src/modules/log_analytics_workspace/log_analytics_workspace.tf
@@ -22,22 +22,22 @@ resource "azurerm_log_analytics_workspace" "main" {
   )
 
   dynamic "identity" {
-    for_each = try(var.settings.identity[*], {})
+    for_each = can(var.settings.identity) ? [1] : []
 
     content {
-      type         = try(identity.value.type, null)
+      type         = try(var.settings.identity.type, null)
       identity_ids = try(local.identity_ids, null)
     }
   }
 
   dynamic "timeouts" {
-    for_each = try(var.settings.timeouts[*], {})
+    for_each = can(var.settings.timeouts) ? [1] : []
 
     content {
-      read   = try(timeouts.value.read, null)
-      create = try(timeouts.value.create, null)
-      update = try(timeouts.value.update, null)
-      delete = try(timeouts.value.delete, null)
+      read   = try(var.settings.timeouts.read, null)
+      create = try(var.settings.timeouts.create, null)
+      update = try(var.settings.timeouts.update, null)
+      delete = try(var.settings.timeouts.delete, null)
     }
   }
 }

From 0457cbda8bf5eaa00e50d6954c60d1c780563699 Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Tue, 4 Feb 2025 16:08:05 +0200
Subject: [PATCH 08/25] Refactor log_analytics data export rules module

---
 .../log_analytics_data_export_rule/_variables.tf       |  2 +-
 .../log_analytics_data_export_rule.tf                  | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/modules/log_analytics_data_export_rule/_variables.tf b/src/modules/log_analytics_data_export_rule/_variables.tf
index f307e5dc..28b121ca 100644
--- a/src/modules/log_analytics_data_export_rule/_variables.tf
+++ b/src/modules/log_analytics_data_export_rule/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for Log analytics data export rule module"
+  description = "All the configuration for Log analytics data export rule"
 }
 
 variable "resources" {
diff --git a/src/modules/log_analytics_data_export_rule/log_analytics_data_export_rule.tf b/src/modules/log_analytics_data_export_rule/log_analytics_data_export_rule.tf
index 5fe71645..cd42b1c3 100644
--- a/src/modules/log_analytics_data_export_rule/log_analytics_data_export_rule.tf
+++ b/src/modules/log_analytics_data_export_rule/log_analytics_data_export_rule.tf
@@ -8,13 +8,13 @@ resource "azurerm_log_analytics_data_export_rule" "main" {
   enabled = try(var.settings.enabled, false)
 
   dynamic "timeouts" {
-    for_each = try(var.settings.timeouts[*], {})
+    for_each = can(var.settings.timeouts) ? [1] : []
 
     content {
-      read   = try(timeouts.value.read, null)
-      create = try(timeouts.value.create, null)
-      update = try(timeouts.value.update, null)
-      delete = try(timeouts.value.delete, null)
+      read   = try(var.settings.timeouts.read, null)
+      create = try(var.settings.timeouts.create, null)
+      update = try(var.settings.timeouts.update, null)
+      delete = try(var.settings.timeouts.delete, null)
     }
   }
 }

From b73dda0070e6c671afd5ab34ce4906bc1da6ef6a Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Tue, 4 Feb 2025 16:35:13 +0200
Subject: [PATCH 09/25] Refactor keyvaults module

---
 src/modules/keyvault/_locals.tf               |  5 ++--
 src/modules/keyvault/keyvault.tf              | 14 +++++++----
 .../keyvault_access_policy/_locals.tf         |  5 ----
 .../keyvault_access_policy/_variables.tf      | 15 ++++++------
 .../{access_policy.tf => main.tf}             |  0
 .../{access_policies.tf => main.tf}           |  0
 .../keyvault_private_endpoint/_locals.tf      | 23 +++++++++----------
 .../keyvault_private_endpoint/_variables.tf   | 12 +++++-----
 .../{private_endpoint.tf => main.tf}          |  0
 .../keyvault/keyvault_secret/_variables.tf    | 10 ++++----
 src/modules/keyvault/secrets.tf               |  4 +---
 11 files changed, 43 insertions(+), 45 deletions(-)
 rename src/modules/keyvault/keyvault_access_policy/access_policy/{access_policy.tf => main.tf} (100%)
 rename src/modules/keyvault/keyvault_access_policy/{access_policies.tf => main.tf} (100%)
 rename src/modules/keyvault/keyvault_private_endpoint/{private_endpoint.tf => main.tf} (100%)

diff --git a/src/modules/keyvault/_locals.tf b/src/modules/keyvault/_locals.tf
index 6b55ec36..060a8c5c 100644
--- a/src/modules/keyvault/_locals.tf
+++ b/src/modules/keyvault/_locals.tf
@@ -1,6 +1,5 @@
 locals {
-  resource_group = var.resources.resource_groups[var.settings.resource_group_ref]
-
+  resource_group      = var.resources.resource_groups[var.settings.resource_group_ref]
   resource_group_name = local.resource_group.name
   location            = local.resource_group.location
 
@@ -9,10 +8,12 @@ locals {
       var.resources.virtual_networks[split("/", config.subnet_ref)[0]].subnets[split("/", config.subnet_ref)[1]].id
     )
   ]
+
   subnet_id = try(
     var.resources.virtual_networks[split("/", var.settings.private_endpoint.subnet_ref)[0]].subnets[split("/", var.settings.private_endpoint.subnet_ref)[1]].id,
     null
   )
+
   tags = merge(
     var.global_settings.tags,
     var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},
diff --git a/src/modules/keyvault/keyvault.tf b/src/modules/keyvault/keyvault.tf
index 73847b67..313ab392 100644
--- a/src/modules/keyvault/keyvault.tf
+++ b/src/modules/keyvault/keyvault.tf
@@ -13,10 +13,14 @@ resource "azurerm_key_vault" "main" {
 
   public_network_access_enabled = try(var.settings.public_network_access_enabled, false)
 
-  network_acls {
-    default_action             = try(var.settings.network_rules.default_action, "Deny")
-    bypass                     = try(var.settings.network_rules.bypass, "AzureServices")
-    ip_rules                   = try(var.settings.network_rules.allowed_ips, null)
-    virtual_network_subnet_ids = local.subnet_ids
+  dynamic "network_acls" {
+    for_each = can(var.settings.network_rules) ? [1] : []
+
+    content {
+      bypass                     = try(var.settings.network_rules.bypass, null)
+      default_action             = try(var.settings.network_rules.default_action, "Deny")
+      ip_rules                   = try(var.settings.network_rules.allowed_ips, null)
+      virtual_network_subnet_ids = try(local.subnet_ids, null)
+    }
   }
 }
diff --git a/src/modules/keyvault/keyvault_access_policy/_locals.tf b/src/modules/keyvault/keyvault_access_policy/_locals.tf
index 82771146..1a6d8127 100644
--- a/src/modules/keyvault/keyvault_access_policy/_locals.tf
+++ b/src/modules/keyvault/keyvault_access_policy/_locals.tf
@@ -32,9 +32,7 @@ locals {
     "GetRotationPolicy",
     "SetRotationPolicy",
   ]
-}
 
-locals {
   effective_key_permissions = (
     var.access_policies.key_permissions == "All" ?
     local.all_key_permissions :
@@ -46,10 +44,7 @@ locals {
     local.all_secret_permissions :
     tolist(try(var.access_policies.secret_permissions, []))
   )
-}
 
-
-locals {
   debug_settings    = var.settings
   has_logged_in_key = contains(keys(var.settings), "managed_identity")
 }
diff --git a/src/modules/keyvault/keyvault_access_policy/_variables.tf b/src/modules/keyvault/keyvault_access_policy/_variables.tf
index bd4ad120..dcce37c7 100644
--- a/src/modules/keyvault/keyvault_access_policy/_variables.tf
+++ b/src/modules/keyvault/keyvault_access_policy/_variables.tf
@@ -1,7 +1,15 @@
+variable "global_settings" {
+  description = "Global settings for tinycaf"
+}
+
 variable "settings" {
   description = "All the configuration for this resource"
 }
 
+variable "resources" {
+  description = "All required resources"
+}
+
 variable "keyvault_id" {
   description = "keyvault id"
 }
@@ -12,15 +20,8 @@ variable "access_policies" {
     error_message = "A maximun of 16 access policies can be set."
   }
 }
-variable "global_settings" {
-  description = "Global settings for tinycaf"
-}
 
 variable "policy_name" {
   description = "The key of the access policy."
   type        = string
 }
-
-variable "resources" {
-  description = "All the configuration for this resource"
-}
diff --git a/src/modules/keyvault/keyvault_access_policy/access_policy/access_policy.tf b/src/modules/keyvault/keyvault_access_policy/access_policy/main.tf
similarity index 100%
rename from src/modules/keyvault/keyvault_access_policy/access_policy/access_policy.tf
rename to src/modules/keyvault/keyvault_access_policy/access_policy/main.tf
diff --git a/src/modules/keyvault/keyvault_access_policy/access_policies.tf b/src/modules/keyvault/keyvault_access_policy/main.tf
similarity index 100%
rename from src/modules/keyvault/keyvault_access_policy/access_policies.tf
rename to src/modules/keyvault/keyvault_access_policy/main.tf
diff --git a/src/modules/keyvault/keyvault_private_endpoint/_locals.tf b/src/modules/keyvault/keyvault_private_endpoint/_locals.tf
index fbfafc96..77f8cffd 100644
--- a/src/modules/keyvault/keyvault_private_endpoint/_locals.tf
+++ b/src/modules/keyvault/keyvault_private_endpoint/_locals.tf
@@ -1,28 +1,27 @@
 locals {
+  resource_group      = var.resources.resource_groups[var.settings.resource_group_ref]
+  resource_group_name = local.resource_group.name
+  location            = local.resource_group.location
+
   subnet_ids = [
     for network_rule_ref, config in try(var.settings.network_rules.subnets, {}) : (
       var.resources.virtual_networks[split("/", config.subnet_ref)[0]].subnets[split("/", config.subnet_ref)[1]].id
     )
   ]
+
   subnet_id = try(
     var.resources.virtual_networks[split("/", var.settings.private_endpoint.subnet_ref)[0]].subnets[split("/", var.settings.private_endpoint.subnet_ref)[1]].id,
     null
   )
-  tags = merge(
-    var.global_settings.tags,
-    var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},
-    try(var.settings.tags, {})
-  )
 
-  resource_group = var.resources.resource_groups[var.settings.resource_group_ref]
-
-  resource_group_name = local.resource_group.name
-  location            = local.resource_group.location
-}
-
-locals {
   dns_zone_ids = try([
     for zone in var.settings.private_endpoint.dns_zones_ref :
     var.resources.private_dns_zones[zone].id
   ], [])
+
+  tags = merge(
+    var.global_settings.tags,
+    var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},
+    try(var.settings.tags, {})
+  )
 }
diff --git a/src/modules/keyvault/keyvault_private_endpoint/_variables.tf b/src/modules/keyvault/keyvault_private_endpoint/_variables.tf
index 9429c388..07187b77 100644
--- a/src/modules/keyvault/keyvault_private_endpoint/_variables.tf
+++ b/src/modules/keyvault/keyvault_private_endpoint/_variables.tf
@@ -6,18 +6,18 @@ variable "settings" {
   description = "All the configuration for this resource"
 }
 
-variable "keyvault_id" {
-  description = "id of the keyvault"
+variable "resources" {
+  description = "All required resources"
 }
 
-variable "resources" {
-  description = "All the configuration for this resource"
+variable "keyvault_id" {
+  description = "id of the keyvault"
 }
 
 variable "subnet_ref" {
-  description = "All the configuration for this resource"
+  description = "Reference for subnet"
 }
 
 variable "dns_zones_ref" {
-  description = "All the configuration for this resource"
+  description = "Reference for DNS zone"
 }
diff --git a/src/modules/keyvault/keyvault_private_endpoint/private_endpoint.tf b/src/modules/keyvault/keyvault_private_endpoint/main.tf
similarity index 100%
rename from src/modules/keyvault/keyvault_private_endpoint/private_endpoint.tf
rename to src/modules/keyvault/keyvault_private_endpoint/main.tf
diff --git a/src/modules/keyvault/keyvault_secret/_variables.tf b/src/modules/keyvault/keyvault_secret/_variables.tf
index e494a0fd..371e7178 100644
--- a/src/modules/keyvault/keyvault_secret/_variables.tf
+++ b/src/modules/keyvault/keyvault_secret/_variables.tf
@@ -6,14 +6,14 @@ variable "settings" {
   description = "All the configuration for this resource"
 }
 
-variable "keyvault_id" {
-  description = "id of the keyvault"
+variable "resources" {
+  description = "All trequired resources"
 }
 
-variable "resources" {
-  description = "All the configuration for this resource"
+variable "keyvault_id" {
+  description = "id of the keyvault"
 }
 
 variable "secrets" {
-  description = "All the configuration for this resource"
+  description = "Keyvault secrets"
 }
diff --git a/src/modules/keyvault/secrets.tf b/src/modules/keyvault/secrets.tf
index 893c82ed..c830168d 100644
--- a/src/modules/keyvault/secrets.tf
+++ b/src/modules/keyvault/secrets.tf
@@ -1,7 +1,5 @@
 module "secrets" {
-  source = "./keyvault_secret"
-
-  # Use for_each to iterate over the secrets map
+  source   = "./keyvault_secret"
   for_each = try(var.settings.secrets, {})
 
   settings        = var.settings

From 5d1a9b65c3e5ed2cd55af9aa1530b29ee402178e Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Tue, 4 Feb 2025 16:47:34 +0200
Subject: [PATCH 10/25] Refactor variables

---
 src/modules/compute/kubernetes/_locals.tf              |  5 +++--
 .../kubernetes/kubernetes_cluster/_variables.tf        |  1 -
 .../kubernetes_cluster_node_pool/_variables.tf         |  7 +++----
 src/modules/container_group/_variables.tf              |  2 +-
 .../container_group/{container_groups.tf => main.tf}   |  0
 src/modules/container_registry/_variables.tf           |  2 +-
 src/modules/key_vault_key/_variables.tf                |  2 +-
 .../key_vault_key/{key_vault_key.tf => main.tf}        |  1 -
 .../log_analytics_data_export_rule/_variables.tf       |  2 +-
 src/modules/log_analytics_workspace/_variables.tf      |  2 +-
 src/modules/managed_disk/_locals.tf                    |  3 +--
 src/modules/managed_disk/_variables.tf                 |  2 +-
 src/modules/managed_identity/_locals.tf                |  3 +--
 src/modules/managed_identity/_variables.tf             |  2 +-
 src/modules/role_assignments/_variables.tf             |  2 +-
 .../role_assignments/built_in_role/_variables.tf       |  2 +-
 src/modules/role_assignments/custom_role/_variables.tf |  2 +-
 src/modules/role_definition/_variables.tf              |  2 +-
 src/modules/storage_account/_variables.tf              |  2 +-
 .../storage_account/private_endpoint/_variables.tf     | 10 +++++-----
 src/modules/virtual_machines/_variables.tf             |  2 +-
 .../linux_virtual_machine/_variables.tf                |  2 +-
 .../virtual_machines/network_interface/_variables.tf   |  2 +-
 .../windows_virtual_machine/_variables.tf              |  2 +-
 24 files changed, 29 insertions(+), 33 deletions(-)
 rename src/modules/container_group/{container_groups.tf => main.tf} (100%)
 rename src/modules/key_vault_key/{key_vault_key.tf => main.tf} (95%)

diff --git a/src/modules/compute/kubernetes/_locals.tf b/src/modules/compute/kubernetes/_locals.tf
index 6b55ec36..060a8c5c 100644
--- a/src/modules/compute/kubernetes/_locals.tf
+++ b/src/modules/compute/kubernetes/_locals.tf
@@ -1,6 +1,5 @@
 locals {
-  resource_group = var.resources.resource_groups[var.settings.resource_group_ref]
-
+  resource_group      = var.resources.resource_groups[var.settings.resource_group_ref]
   resource_group_name = local.resource_group.name
   location            = local.resource_group.location
 
@@ -9,10 +8,12 @@ locals {
       var.resources.virtual_networks[split("/", config.subnet_ref)[0]].subnets[split("/", config.subnet_ref)[1]].id
     )
   ]
+
   subnet_id = try(
     var.resources.virtual_networks[split("/", var.settings.private_endpoint.subnet_ref)[0]].subnets[split("/", var.settings.private_endpoint.subnet_ref)[1]].id,
     null
   )
+
   tags = merge(
     var.global_settings.tags,
     var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},
diff --git a/src/modules/compute/kubernetes/kubernetes_cluster/_variables.tf b/src/modules/compute/kubernetes/kubernetes_cluster/_variables.tf
index 49a9bbe2..6f1524d4 100644
--- a/src/modules/compute/kubernetes/kubernetes_cluster/_variables.tf
+++ b/src/modules/compute/kubernetes/kubernetes_cluster/_variables.tf
@@ -6,7 +6,6 @@ variable "settings" {
   description = "All the configuration for this resource"
 }
 
-
 variable "resources" {
   description = "All required resources"
 }
diff --git a/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/_variables.tf b/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/_variables.tf
index 291f30cc..5185b096 100644
--- a/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/_variables.tf
+++ b/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/_variables.tf
@@ -6,6 +6,9 @@ variable "settings" {
   description = "All the configuration for this resource"
 }
 
+variable "all_settings" {
+  description = "All the configuration for this resource"
+}
 
 variable "resources" {
   description = "All required resources"
@@ -14,7 +17,3 @@ variable "resources" {
 variable "cluster_id" {
   description = "All the configuration for this resource"
 }
-
-variable "all_settings" {
-  description = "All the configuration for this resource"
-}
diff --git a/src/modules/container_group/_variables.tf b/src/modules/container_group/_variables.tf
index d7d1dadd..6f1524d4 100644
--- a/src/modules/container_group/_variables.tf
+++ b/src/modules/container_group/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for a azure container group"
+  description = "All the configuration for this resource"
 }
 
 variable "resources" {
diff --git a/src/modules/container_group/container_groups.tf b/src/modules/container_group/main.tf
similarity index 100%
rename from src/modules/container_group/container_groups.tf
rename to src/modules/container_group/main.tf
diff --git a/src/modules/container_registry/_variables.tf b/src/modules/container_registry/_variables.tf
index 23af81a0..6f1524d4 100644
--- a/src/modules/container_registry/_variables.tf
+++ b/src/modules/container_registry/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for a azure container registry"
+  description = "All the configuration for this resource"
 }
 
 variable "resources" {
diff --git a/src/modules/key_vault_key/_variables.tf b/src/modules/key_vault_key/_variables.tf
index d1971ddd..6f1524d4 100644
--- a/src/modules/key_vault_key/_variables.tf
+++ b/src/modules/key_vault_key/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for Key vault key"
+  description = "All the configuration for this resource"
 }
 
 variable "resources" {
diff --git a/src/modules/key_vault_key/key_vault_key.tf b/src/modules/key_vault_key/main.tf
similarity index 95%
rename from src/modules/key_vault_key/key_vault_key.tf
rename to src/modules/key_vault_key/main.tf
index a5e7bb5d..e870ef99 100644
--- a/src/modules/key_vault_key/key_vault_key.tf
+++ b/src/modules/key_vault_key/main.tf
@@ -10,7 +10,6 @@ resource "azurerm_key_vault_key" "main" {
   not_before_date = try(var.settings.not_before_date, null)
   expiration_date = try(var.settings.expiration_date, null)
 
-  #TODO: Implement rotation policy module when created
   dynamic "rotation_policy" {
     for_each = can(var.settings.rotation_policy) ? [1] : []
 
diff --git a/src/modules/log_analytics_data_export_rule/_variables.tf b/src/modules/log_analytics_data_export_rule/_variables.tf
index 28b121ca..6f1524d4 100644
--- a/src/modules/log_analytics_data_export_rule/_variables.tf
+++ b/src/modules/log_analytics_data_export_rule/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for Log analytics data export rule"
+  description = "All the configuration for this resource"
 }
 
 variable "resources" {
diff --git a/src/modules/log_analytics_workspace/_variables.tf b/src/modules/log_analytics_workspace/_variables.tf
index 0b5598ed..6f1524d4 100644
--- a/src/modules/log_analytics_workspace/_variables.tf
+++ b/src/modules/log_analytics_workspace/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for log analytics workspace"
+  description = "All the configuration for this resource"
 }
 
 variable "resources" {
diff --git a/src/modules/managed_disk/_locals.tf b/src/modules/managed_disk/_locals.tf
index 687c6aaa..b6c4756f 100644
--- a/src/modules/managed_disk/_locals.tf
+++ b/src/modules/managed_disk/_locals.tf
@@ -1,6 +1,5 @@
 locals {
-  resource_group = var.resources.resource_groups[var.settings.resource_group_ref]
-
+  resource_group      = var.resources.resource_groups[var.settings.resource_group_ref]
   resource_group_name = local.resource_group.name
   location            = local.resource_group.location
 
diff --git a/src/modules/managed_disk/_variables.tf b/src/modules/managed_disk/_variables.tf
index e1151183..6f1524d4 100644
--- a/src/modules/managed_disk/_variables.tf
+++ b/src/modules/managed_disk/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for managed disk"
+  description = "All the configuration for this resource"
 }
 
 variable "resources" {
diff --git a/src/modules/managed_identity/_locals.tf b/src/modules/managed_identity/_locals.tf
index 687c6aaa..b6c4756f 100644
--- a/src/modules/managed_identity/_locals.tf
+++ b/src/modules/managed_identity/_locals.tf
@@ -1,6 +1,5 @@
 locals {
-  resource_group = var.resources.resource_groups[var.settings.resource_group_ref]
-
+  resource_group      = var.resources.resource_groups[var.settings.resource_group_ref]
   resource_group_name = local.resource_group.name
   location            = local.resource_group.location
 
diff --git a/src/modules/managed_identity/_variables.tf b/src/modules/managed_identity/_variables.tf
index ecc9eac0..6f1524d4 100644
--- a/src/modules/managed_identity/_variables.tf
+++ b/src/modules/managed_identity/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for managed identity"
+  description = "All the configuration for this resource"
 }
 
 variable "resources" {
diff --git a/src/modules/role_assignments/_variables.tf b/src/modules/role_assignments/_variables.tf
index cf50fbef..6f1524d4 100644
--- a/src/modules/role_assignments/_variables.tf
+++ b/src/modules/role_assignments/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for a role assignments"
+  description = "All the configuration for this resource"
 }
 
 variable "resources" {
diff --git a/src/modules/role_assignments/built_in_role/_variables.tf b/src/modules/role_assignments/built_in_role/_variables.tf
index c30187c8..0d34043e 100644
--- a/src/modules/role_assignments/built_in_role/_variables.tf
+++ b/src/modules/role_assignments/built_in_role/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for a buil-in role"
+  description = "All the configuration for this resource"
 }
 
 variable "resources" {
diff --git a/src/modules/role_assignments/custom_role/_variables.tf b/src/modules/role_assignments/custom_role/_variables.tf
index 406ada1a..0d34043e 100644
--- a/src/modules/role_assignments/custom_role/_variables.tf
+++ b/src/modules/role_assignments/custom_role/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for a custom role"
+  description = "All the configuration for this resource"
 }
 
 variable "resources" {
diff --git a/src/modules/role_definition/_variables.tf b/src/modules/role_definition/_variables.tf
index 265f34a5..6f1524d4 100644
--- a/src/modules/role_definition/_variables.tf
+++ b/src/modules/role_definition/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for a role definition"
+  description = "All the configuration for this resource"
 }
 
 variable "resources" {
diff --git a/src/modules/storage_account/_variables.tf b/src/modules/storage_account/_variables.tf
index d72b17b4..6f1524d4 100644
--- a/src/modules/storage_account/_variables.tf
+++ b/src/modules/storage_account/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for a storage account"
+  description = "All the configuration for this resource"
 }
 
 variable "resources" {
diff --git a/src/modules/storage_account/private_endpoint/_variables.tf b/src/modules/storage_account/private_endpoint/_variables.tf
index 82498fd4..912af739 100644
--- a/src/modules/storage_account/private_endpoint/_variables.tf
+++ b/src/modules/storage_account/private_endpoint/_variables.tf
@@ -3,17 +3,17 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for private endpoint"
-}
-
-variable "storage_acccount_id" {
-  description = "id of the keyvault"
+  description = "All the configuration for this resource"
 }
 
 variable "resources" {
   description = "All required resources"
 }
 
+variable "storage_acccount_id" {
+  description = "id of the keyvault"
+}
+
 variable "subnet_ref" {
   description = "Subnet reference"
 }
diff --git a/src/modules/virtual_machines/_variables.tf b/src/modules/virtual_machines/_variables.tf
index f1f1f520..6f1524d4 100644
--- a/src/modules/virtual_machines/_variables.tf
+++ b/src/modules/virtual_machines/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for virtual machines"
+  description = "All the configuration for this resource"
 }
 
 variable "resources" {
diff --git a/src/modules/virtual_machines/linux_virtual_machine/_variables.tf b/src/modules/virtual_machines/linux_virtual_machine/_variables.tf
index dbbcebac..6f1524d4 100644
--- a/src/modules/virtual_machines/linux_virtual_machine/_variables.tf
+++ b/src/modules/virtual_machines/linux_virtual_machine/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for linux virtual machine"
+  description = "All the configuration for this resource"
 }
 
 variable "resources" {
diff --git a/src/modules/virtual_machines/network_interface/_variables.tf b/src/modules/virtual_machines/network_interface/_variables.tf
index 6ba2a504..6f1524d4 100644
--- a/src/modules/virtual_machines/network_interface/_variables.tf
+++ b/src/modules/virtual_machines/network_interface/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for this network interface"
+  description = "All the configuration for this resource"
 }
 
 variable "resources" {
diff --git a/src/modules/virtual_machines/windows_virtual_machine/_variables.tf b/src/modules/virtual_machines/windows_virtual_machine/_variables.tf
index 77811f74..6f1524d4 100644
--- a/src/modules/virtual_machines/windows_virtual_machine/_variables.tf
+++ b/src/modules/virtual_machines/windows_virtual_machine/_variables.tf
@@ -3,7 +3,7 @@ variable "global_settings" {
 }
 
 variable "settings" {
-  description = "All the configuration for windows virtual machine"
+  description = "All the configuration for this resource"
 }
 
 variable "resources" {

From 60a9c15961246d835dd68731bcde8db7121413c3 Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Tue, 4 Feb 2025 17:06:32 +0200
Subject: [PATCH 11/25] Refactor aks module

---
 src/modules/compute/kubernetes/_variables.tf  |  1 -
 .../kubernetes/kubernetes_cluster/_locals.tf  | 27 +++++-----
 .../kubernetes_cluster/{aks.tf => main.tf}    | 51 ++++++++++---------
 .../kubernetes_cluster_node_pool/_locals.tf   |  6 ++-
 .../_variables.tf                             |  2 +-
 .../{aks_node_pool.tf => main.tf}             |  7 +--
 .../compute/kubernetes/{aks.tf => main.tf}    |  0
 7 files changed, 51 insertions(+), 43 deletions(-)
 rename src/modules/compute/kubernetes/kubernetes_cluster/{aks.tf => main.tf} (83%)
 rename src/modules/compute/kubernetes/kubernetes_cluster_node_pool/{aks_node_pool.tf => main.tf} (91%)
 rename src/modules/compute/kubernetes/{aks.tf => main.tf} (100%)

diff --git a/src/modules/compute/kubernetes/_variables.tf b/src/modules/compute/kubernetes/_variables.tf
index 49a9bbe2..6f1524d4 100644
--- a/src/modules/compute/kubernetes/_variables.tf
+++ b/src/modules/compute/kubernetes/_variables.tf
@@ -6,7 +6,6 @@ variable "settings" {
   description = "All the configuration for this resource"
 }
 
-
 variable "resources" {
   description = "All required resources"
 }
diff --git a/src/modules/compute/kubernetes/kubernetes_cluster/_locals.tf b/src/modules/compute/kubernetes/kubernetes_cluster/_locals.tf
index db6a076d..1ab61d50 100644
--- a/src/modules/compute/kubernetes/kubernetes_cluster/_locals.tf
+++ b/src/modules/compute/kubernetes/kubernetes_cluster/_locals.tf
@@ -2,28 +2,24 @@ locals {
   resource_group      = var.resources.resource_groups[var.settings.resource_group_ref]
   resource_group_name = local.resource_group.name
   location            = local.resource_group.location
+
+  managed_identity = can(var.resources.managed_identities[var.settings.identity.managed_identity_ref]) ? var.resources.managed_identities[var.settings.identity.managed_identity_ref] : null
+  kubelet_identity = can(var.resources.managed_identities[var.settings.kubelet_identity.managed_identity_ref]) ? var.resources.managed_identities[var.settings.kubelet_identity.managed_identity_ref] : null
+
+  validated_pod_cidr           = local.effective_network_profile.network_plugin == "azure" && local.effective_network_profile.pod_cidr != null && local.effective_network_profile.network_plugin_mode != "overlay" ? error("Error: When network_plugin is 'azure', pod_cidr must not be set unless network_plugin_mode is 'overlay'.") : local.effective_network_profile.pod_cidr
+  validated_network_data_plane = local.effective_network_profile.network_policy == "cilium" && local.effective_network_profile.network_data_plane != "cilium" ? error("Error: When network_policy is set to 'cilium', the network_data_plane must also be set to 'cilium'.") : local.effective_network_profile.network_data_plane
+
   subnet_ids = [
     for network_rule_ref, config in try(var.settings.network_rules.subnets, {}) : (
       var.resources.virtual_networks[split("/", config.subnet_ref)[0]].subnets[split("/", config.subnet_ref)[1]].id
     )
   ]
+
   vnet_subnet_id = try(
     var.resources.virtual_networks[split("/", var.settings.default_node_pool.subnet_ref)[0]].subnets[split("/", var.settings.default_node_pool.subnet_ref)[1]].id,
     null
   )
-  managed_identity = can(var.resources.managed_identities[var.settings.identity.managed_identity_ref]) ? var.resources.managed_identities[var.settings.identity.managed_identity_ref] : null
-  kubelet_identity = can(var.resources.managed_identities[var.settings.kubelet_identity.managed_identity_ref]) ? var.resources.managed_identities[var.settings.kubelet_identity.managed_identity_ref] : null
-  tags = merge(
-    var.global_settings.tags,
-    var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},
-    try(var.settings.tags, {})
-  )
-  validated_pod_cidr = local.effective_network_profile.network_plugin == "azure" && local.effective_network_profile.pod_cidr != null && local.effective_network_profile.network_plugin_mode != "overlay" ? error("Error: When network_plugin is 'azure', pod_cidr must not be set unless network_plugin_mode is 'overlay'.") : local.effective_network_profile.pod_cidr
-
-}
 
-
-locals {
   effective_network_profile = {
     network_plugin      = try(var.settings.network_profile.network_plugin, "azure")
     network_mode        = try(var.settings.network_profile.network_mode, "transparent")
@@ -37,5 +33,10 @@ locals {
     service_cidrs       = try(var.settings.network_profile.service_cidrs, null)
     pod_cidr            = try(var.settings.network_profile.pod_cidr, null)
   }
-  validated_network_data_plane = local.effective_network_profile.network_policy == "cilium" && local.effective_network_profile.network_data_plane != "cilium" ? error("Error: When network_policy is set to 'cilium', the network_data_plane must also be set to 'cilium'.") : local.effective_network_profile.network_data_plane
+
+  tags = merge(
+    var.global_settings.tags,
+    var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},
+    try(var.settings.tags, {})
+  )
 }
diff --git a/src/modules/compute/kubernetes/kubernetes_cluster/aks.tf b/src/modules/compute/kubernetes/kubernetes_cluster/main.tf
similarity index 83%
rename from src/modules/compute/kubernetes/kubernetes_cluster/aks.tf
rename to src/modules/compute/kubernetes/kubernetes_cluster/main.tf
index 028e0c71..10f5dcdd 100644
--- a/src/modules/compute/kubernetes/kubernetes_cluster/aks.tf
+++ b/src/modules/compute/kubernetes/kubernetes_cluster/main.tf
@@ -1,13 +1,23 @@
 resource "azurerm_kubernetes_cluster" "main" {
-  name                = var.settings.cluster_name
-  resource_group_name = local.resource_group_name
-  location            = local.location
-  node_resource_group = try(var.settings.node_resource_group_name, null)
-  sku_tier            = try(var.settings.sku_tier, "Free")
-  kubernetes_version  = try(var.settings.kubernetes_version, null)
-  dns_prefix          = try(var.settings.dns_prefix, "default")
+  name                                = var.settings.cluster_name
+  resource_group_name                 = local.resource_group_name
+  location                            = local.location
+  tags                                = local.tags
+  node_resource_group                 = try(var.settings.node_resource_group_name, null)
+  sku_tier                            = try(var.settings.sku_tier, "Free")
+  kubernetes_version                  = try(var.settings.kubernetes_version, null)
+  dns_prefix                          = try(var.settings.dns_prefix, "default")
+  private_cluster_enabled             = try(var.settings.private_cluster_enabled, false)
+  private_dns_zone_id                 = try(var.settings.private_dns_zone_id, "System")
+  private_cluster_public_fqdn_enabled = try(var.settings.private_cluster_public_fqdn_enabled, false)
+  role_based_access_control_enabled   = try(var.settings.role_based_access_control_enabled, true)
+  run_command_enabled                 = try(var.settings.run_command_enabled, true)
+  oidc_issuer_enabled                 = try(var.settings.oidc_issuer_enabled, false)
+  workload_identity_enabled           = try(var.settings.oidc_issuer_enabled ? var.settings.workload_identity_enabled : false, false)
+  open_service_mesh_enabled           = try(var.settings.open_service_mesh_enabled, false)
 
   default_node_pool {
+    vnet_subnet_id              = local.vnet_subnet_id
     name                        = try(var.settings.default_node_pool.name, "default")
     node_count                  = try(var.settings.default_node_pool.node_count, 1)
     vm_size                     = try(var.settings.default_node_pool.vm_size, "Standard_D2s_v3")
@@ -20,12 +30,13 @@ resource "azurerm_kubernetes_cluster" "main" {
     os_disk_type                = try(var.settings.default_node_pool.os_disk_type, null)
     os_disk_size_gb             = try(var.settings.default_node_pool.os_disk_size_gb, null)
     os_sku                      = try(var.settings.default_node_pool.os_sku, null)
-    vnet_subnet_id              = local.vnet_subnet_id
     pod_subnet_id               = try(var.settings.default_node_pool.pod_subnet_id, null)
     temporary_name_for_rotation = try(var.settings.default_node_pool.temporary_name_for_rotation, null)
     host_encryption_enabled     = try(var.settings.default_node_pool.host_encryption_enabled, false)
+
     dynamic "upgrade_settings" {
       for_each = try(var.settings.default_node_pool.upgrade_settings[*], {})
+
       content {
         drain_timeout_in_minutes      = try(upgrade_settings.value.drain_timeout_in_minutes, null)
         node_soak_duration_in_minutes = try(upgrade_settings.value.node_soak_duration_in_minutes, null)
@@ -48,8 +59,14 @@ resource "azurerm_kubernetes_cluster" "main" {
     pod_cidr            = local.validated_pod_cidr
   }
 
+  identity {
+    type         = try(var.settings.identity.type, "SystemAssigned")
+    identity_ids = try(var.settings.identity.type == "UserAssigned" ? [local.managed_identity.id] : null, null)
+  }
+
   dynamic "storage_profile" {
     for_each = try(var.settings.storage_profile[*], {})
+
     content {
       blob_driver_enabled         = try(storage_profile.value.blob_driver_enabled, false)
       disk_driver_enabled         = try(storage_profile.value.disk_driver_enabled, true)
@@ -58,16 +75,13 @@ resource "azurerm_kubernetes_cluster" "main" {
     }
   }
 
-  private_cluster_enabled             = try(var.settings.private_cluster_enabled, false)
-  private_dns_zone_id                 = try(var.settings.private_dns_zone_id, "System")
-  private_cluster_public_fqdn_enabled = try(var.settings.private_cluster_public_fqdn_enabled, false)
   dynamic "api_server_access_profile" {
     for_each = try(var.settings.api_server_access_profile[*], {})
     content {
       authorized_ip_ranges = try(api_server_access_profile.value.authorized_ip_ranges, null)
     }
   }
-  role_based_access_control_enabled = try(var.settings.role_based_access_control_enabled, true)
+
   dynamic "azure_active_directory_role_based_access_control" {
     for_each = try(var.settings.azure_active_directory_role_based_access_control[*], {})
     content {
@@ -76,7 +90,7 @@ resource "azurerm_kubernetes_cluster" "main" {
       azure_rbac_enabled     = try(azure_active_directory_role_based_access_control.value.azure_rbac_enabled, true)
     }
   }
-  run_command_enabled = try(var.settings.run_command_enabled, true)
+
   dynamic "key_vault_secrets_provider" {
     for_each = try(var.settings.key_vault_secrets_provider[*], {})
     content {
@@ -84,10 +98,7 @@ resource "azurerm_kubernetes_cluster" "main" {
       secret_rotation_interval = try(key_vault_secrets_provider.value.secret_rotation_interval, null)
     }
   }
-  identity {
-    type         = try(var.settings.identity.type, "SystemAssigned")
-    identity_ids = try(var.settings.identity.type == "UserAssigned" ? [local.managed_identity.id] : null, null)
-  }
+
   dynamic "kubelet_identity" {
     for_each = try(var.settings.kubelet_identity[*], {})
     content {
@@ -96,10 +107,4 @@ resource "azurerm_kubernetes_cluster" "main" {
       user_assigned_identity_id = try(kubelet_identity.value.type == "UserAssigned" ? local.kubelet_identity.id : null, null)
     }
   }
-
-  oidc_issuer_enabled       = try(var.settings.oidc_issuer_enabled, false)
-  workload_identity_enabled = try(var.settings.oidc_issuer_enabled ? var.settings.workload_identity_enabled : false, false)
-  open_service_mesh_enabled = try(var.settings.open_service_mesh_enabled, false)
-
-  tags = local.tags
 }
diff --git a/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/_locals.tf b/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/_locals.tf
index f627742b..19f00e1d 100644
--- a/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/_locals.tf
+++ b/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/_locals.tf
@@ -1,6 +1,5 @@
 locals {
-  resource_group = var.resources.resource_groups[var.all_settings.resource_group_ref]
-
+  resource_group      = var.resources.resource_groups[var.all_settings.resource_group_ref]
   resource_group_name = local.resource_group.name
   location            = local.resource_group.location
 
@@ -9,14 +8,17 @@ locals {
       var.resources.virtual_networks[split("/", config.subnet_ref)[0]].subnets[split("/", config.subnet_ref)[1]].id
     )
   ]
+
   pod_subnet_id = try(
     var.resources.virtual_networks[split("/", var.settings.pod_subnet_ref)[0]].subnets[split("/", var.settings.pod_subnet_ref)[1]].id,
     null
   )
+
   vnet_subnet_id = try(
     var.resources.virtual_networks[split("/", var.settings.vnet_subnet_ref)[0]].subnets[split("/", var.settings.vnet_subnet_ref)[1]].id,
     null
   )
+
   tags = merge(
     var.global_settings.tags,
     var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},
diff --git a/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/_variables.tf b/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/_variables.tf
index 5185b096..281cdc5e 100644
--- a/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/_variables.tf
+++ b/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/_variables.tf
@@ -15,5 +15,5 @@ variable "resources" {
 }
 
 variable "cluster_id" {
-  description = "All the configuration for this resource"
+  description = "Clusters's id"
 }
diff --git a/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/aks_node_pool.tf b/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/main.tf
similarity index 91%
rename from src/modules/compute/kubernetes/kubernetes_cluster_node_pool/aks_node_pool.tf
rename to src/modules/compute/kubernetes/kubernetes_cluster_node_pool/main.tf
index 26e81b6b..8da74876 100644
--- a/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/aks_node_pool.tf
+++ b/src/modules/compute/kubernetes/kubernetes_cluster_node_pool/main.tf
@@ -1,6 +1,8 @@
 resource "azurerm_kubernetes_cluster_node_pool" "main" {
-  name                    = var.settings.name
-  kubernetes_cluster_id   = var.cluster_id
+  name                  = var.settings.name
+  kubernetes_cluster_id = var.cluster_id
+  tags                  = local.tags
+
   vm_size                 = try(var.settings.vm_size, "Standard_DS2_v2")
   node_count              = try(var.settings.node_count, 1)
   auto_scaling_enabled    = try(var.settings.auto_scaling_enabled, false)
@@ -17,7 +19,6 @@ resource "azurerm_kubernetes_cluster_node_pool" "main" {
   vnet_subnet_id          = try(local.vnet_subnet_id, null)
   os_type                 = try(var.settings.os_type, null)
   ultra_ssd_enabled       = try(var.settings.ultra_ssd_enabled, false)
-  tags                    = local.tags
   fips_enabled            = try(var.settings.fips_enabled, false)
   host_encryption_enabled = try(var.settings.host_encryption_enabled, false)
   kubelet_disk_type       = try(var.settings.kubelet_disk_type, "OS")
diff --git a/src/modules/compute/kubernetes/aks.tf b/src/modules/compute/kubernetes/main.tf
similarity index 100%
rename from src/modules/compute/kubernetes/aks.tf
rename to src/modules/compute/kubernetes/main.tf

From 28002ed7fe3eb5e67278cc7d3430d8f167db2a13 Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Tue, 4 Feb 2025 17:27:14 +0200
Subject: [PATCH 12/25] Refactor networking module

---
 examples/README.md                            |  4 ++++
 .../local_network_gateway/_locals.tf          |  3 +--
 .../{local_network_gateway.tf.tf => main.tf}  |  0
 .../_networking/private_dns_zone/_locals.tf   | 14 +++++------
 src/modules/_networking/public_ip/_locals.tf  |  3 +--
 .../virtual_network/virtual_network.tf        |  6 ++---
 .../virtual_network_gateway/_locals.tf        |  3 +--
 .../virtual_network_gateway/_variables.tf     |  1 -
 .../virtual_network_gateway/main.tf           |  7 +++---
 .../_locals.tf                                | 24 ++++++++-----------
 .../main.tf                                   | 10 +++++---
 11 files changed, 35 insertions(+), 40 deletions(-)
 rename src/modules/_networking/local_network_gateway/{local_network_gateway.tf.tf => main.tf} (100%)

diff --git a/examples/README.md b/examples/README.md
index 6e646651..da00985b 100644
--- a/examples/README.md
+++ b/examples/README.md
@@ -1,2 +1,6 @@
 All the examples for CAF modules.
 ##
+Missing examples:
+    - aks.tfvars
+    - public_ips.tfvars
+    - virtual_network_gateway_connections.tfvars
diff --git a/src/modules/_networking/local_network_gateway/_locals.tf b/src/modules/_networking/local_network_gateway/_locals.tf
index 687c6aaa..b6c4756f 100644
--- a/src/modules/_networking/local_network_gateway/_locals.tf
+++ b/src/modules/_networking/local_network_gateway/_locals.tf
@@ -1,6 +1,5 @@
 locals {
-  resource_group = var.resources.resource_groups[var.settings.resource_group_ref]
-
+  resource_group      = var.resources.resource_groups[var.settings.resource_group_ref]
   resource_group_name = local.resource_group.name
   location            = local.resource_group.location
 
diff --git a/src/modules/_networking/local_network_gateway/local_network_gateway.tf.tf b/src/modules/_networking/local_network_gateway/main.tf
similarity index 100%
rename from src/modules/_networking/local_network_gateway/local_network_gateway.tf.tf
rename to src/modules/_networking/local_network_gateway/main.tf
diff --git a/src/modules/_networking/private_dns_zone/_locals.tf b/src/modules/_networking/private_dns_zone/_locals.tf
index d5dd2830..76167270 100644
--- a/src/modules/_networking/private_dns_zone/_locals.tf
+++ b/src/modules/_networking/private_dns_zone/_locals.tf
@@ -11,14 +11,6 @@ locals {
     }
   }
 
-  tags = merge(
-    var.global_settings.tags,
-    var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},
-    try(var.settings.tags, {})
-  )
-}
-
-locals {
   # local object used to map possible private dns zoone names
   zone_names = {
     "storage_blob"         = "privatelink.blob.core.windows.net"
@@ -29,4 +21,10 @@ locals {
     "keyvaults"            = "privatelink.vaultcore.azure.net"
     "container_registries" = "privatelink.azurecr.io"
   }
+
+  tags = merge(
+    var.global_settings.tags,
+    var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},
+    try(var.settings.tags, {})
+  )
 }
diff --git a/src/modules/_networking/public_ip/_locals.tf b/src/modules/_networking/public_ip/_locals.tf
index 687c6aaa..b6c4756f 100644
--- a/src/modules/_networking/public_ip/_locals.tf
+++ b/src/modules/_networking/public_ip/_locals.tf
@@ -1,6 +1,5 @@
 locals {
-  resource_group = var.resources.resource_groups[var.settings.resource_group_ref]
-
+  resource_group      = var.resources.resource_groups[var.settings.resource_group_ref]
   resource_group_name = local.resource_group.name
   location            = local.resource_group.location
 
diff --git a/src/modules/_networking/virtual_network/virtual_network.tf b/src/modules/_networking/virtual_network/virtual_network.tf
index 7abc6302..26083eab 100644
--- a/src/modules/_networking/virtual_network/virtual_network.tf
+++ b/src/modules/_networking/virtual_network/virtual_network.tf
@@ -2,8 +2,6 @@ resource "azurerm_virtual_network" "main" {
   name                = var.settings.name
   location            = local.location
   resource_group_name = local.resource_group_name
-
-  address_space = var.settings.cidr
-
-  tags = local.tags
+  address_space       = var.settings.cidr
+  tags                = local.tags
 }
diff --git a/src/modules/_networking/virtual_network_gateway/_locals.tf b/src/modules/_networking/virtual_network_gateway/_locals.tf
index 687c6aaa..b6c4756f 100644
--- a/src/modules/_networking/virtual_network_gateway/_locals.tf
+++ b/src/modules/_networking/virtual_network_gateway/_locals.tf
@@ -1,6 +1,5 @@
 locals {
-  resource_group = var.resources.resource_groups[var.settings.resource_group_ref]
-
+  resource_group      = var.resources.resource_groups[var.settings.resource_group_ref]
   resource_group_name = local.resource_group.name
   location            = local.resource_group.location
 
diff --git a/src/modules/_networking/virtual_network_gateway/_variables.tf b/src/modules/_networking/virtual_network_gateway/_variables.tf
index df03f817..4c20a831 100644
--- a/src/modules/_networking/virtual_network_gateway/_variables.tf
+++ b/src/modules/_networking/virtual_network_gateway/_variables.tf
@@ -6,7 +6,6 @@ variable "settings" {
   description = "All the configuration for this resource"
 }
 
-
 variable "resources" {
   description = "All the configuration for this resource"
 }
diff --git a/src/modules/_networking/virtual_network_gateway/main.tf b/src/modules/_networking/virtual_network_gateway/main.tf
index a04a5641..84ec91e2 100644
--- a/src/modules/_networking/virtual_network_gateway/main.tf
+++ b/src/modules/_networking/virtual_network_gateway/main.tf
@@ -4,12 +4,11 @@ resource "azurerm_virtual_network_gateway" "main" {
   location            = local.location
   tags                = local.tags
 
-  sku  = try(var.settings.sku, "VpnGw1")
-  type = try(var.settings.type, "Vpn")
-
+  sku           = try(var.settings.sku, "VpnGw1")
+  type          = try(var.settings.type, "Vpn")
+  active_active = try(var.settings.active_active, false)
   generation    = try(var.settings.generation, null)
   vpn_type      = try(var.settings.vpn_type, null)
-  active_active = try(var.settings.active_active, false)
   enable_bgp    = try(var.settings.enable_bgp, null)
 
   dynamic "ip_configuration" {
diff --git a/src/modules/_networking/virtual_network_gateway_connections/_locals.tf b/src/modules/_networking/virtual_network_gateway_connections/_locals.tf
index 5c6ff644..9b93d3ac 100644
--- a/src/modules/_networking/virtual_network_gateway_connections/_locals.tf
+++ b/src/modules/_networking/virtual_network_gateway_connections/_locals.tf
@@ -1,29 +1,25 @@
 locals {
-  resource_group = var.resources.resource_groups[var.settings.resource_group_ref]
-
+  resource_group      = var.resources.resource_groups[var.settings.resource_group_ref]
   resource_group_name = local.resource_group.name
   location            = local.resource_group.location
 
-  tags = merge(
-    var.global_settings.tags,
-    var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},
-    try(var.settings.tags, {})
-  )
-}
+  keyvault_id                = try(var.resources.keyvaults[local.keyvault_ref].id, null)
+  local_network_gateway_id   = try(var.resources.local_network_gateways[var.settings.local_network_gateway_ref].id, null)
+  virtual_network_gateway_id = try(var.resources.virtual_network_gateways[var.settings.virtual_network_gateway_ref].id, null)
 
-locals {
   keyvault_ref = try(
     element(split("/", var.settings.shared_key_secret), 0),
     null
   )
+
   secret_name = try(
     element(split("/", var.settings.shared_key_secret), 1),
     null
   )
-  keyvault_id = try(var.resources.keyvaults[local.keyvault_ref].id, null)
-}
 
-locals {
-  local_network_gateway_id   = try(var.resources.local_network_gateways[var.settings.local_network_gateway_ref].id, null)
-  virtual_network_gateway_id = try(var.resources.virtual_network_gateways[var.settings.virtual_network_gateway_ref].id, null)
+  tags = merge(
+    var.global_settings.tags,
+    var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},
+    try(var.settings.tags, {})
+  )
 }
diff --git a/src/modules/_networking/virtual_network_gateway_connections/main.tf b/src/modules/_networking/virtual_network_gateway_connections/main.tf
index 9eb4c57c..35cf7a41 100644
--- a/src/modules/_networking/virtual_network_gateway_connections/main.tf
+++ b/src/modules/_networking/virtual_network_gateway_connections/main.tf
@@ -14,15 +14,19 @@ resource "azurerm_virtual_network_gateway_connection" "main" {
     ? data.azurerm_key_vault_secret.main[0].value
     : null
   )
+
   dynamic "traffic_selector_policy" {
     for_each = (try(var.settings.local_address_cidrs, null) != null && try(var.settings.remote_address_cidrs, null) != null) ? [1] : []
+
     content {
-      local_address_cidrs  = try(var.settings.local_address_cidrs, [])
-      remote_address_cidrs = try(var.settings.remote_address_cidrs, [])
+      local_address_cidrs  = var.settings.local_address_cidrs
+      remote_address_cidrs = var.settings.remote_address_cidrs
     }
   }
+
   dynamic "ipsec_policy" {
-    for_each = try(var.settings.use_policy_based_traffic_selectors, true) ? [1] : []
+    for_each = can(var.settings.use_policy_based_traffic_selectors) ? [1] : []
+
     content {
       dh_group         = try(var.settings.ipsec_policy.dh_group, "DHGroup14")
       ike_encryption   = try(var.settings.ipsec_policy.ike_encryption, "AES256")

From 5fa41e6a450f31760dd2a13fceeacaf78b43328e Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Tue, 4 Feb 2025 17:35:13 +0200
Subject: [PATCH 13/25] Refactor vng connection module

---
 .../_networking/virtual_network_gateway_connections/main.tf     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/modules/_networking/virtual_network_gateway_connections/main.tf b/src/modules/_networking/virtual_network_gateway_connections/main.tf
index 35cf7a41..175bfbad 100644
--- a/src/modules/_networking/virtual_network_gateway_connections/main.tf
+++ b/src/modules/_networking/virtual_network_gateway_connections/main.tf
@@ -3,9 +3,9 @@ resource "azurerm_virtual_network_gateway_connection" "main" {
   location            = local.location
   resource_group_name = local.resource_group_name
 
-  type                               = try(var.settings.type, "IPsec")
   virtual_network_gateway_id         = local.virtual_network_gateway_id
   local_network_gateway_id           = local.local_network_gateway_id
+  type                               = try(var.settings.type, "IPsec")
   connection_protocol                = try(var.settings.connection_protocol, "IKEv2")
   use_policy_based_traffic_selectors = try(var.settings.use_policy_based_traffic_selectors, true)
 

From ffcc8def78a4516f3e14014437ec4b21eaf2f195 Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Tue, 4 Feb 2025 17:37:26 +0200
Subject: [PATCH 14/25] Refactor global vars

---
 src/_variables.tf | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/_variables.tf b/src/_variables.tf
index d54d3f08..c78f924b 100644
--- a/src/_variables.tf
+++ b/src/_variables.tf
@@ -9,9 +9,7 @@ variable "global_settings" {
   })
 
   default = {
-    tags = {
-
-    }
+    tags                        = {}
     inherit_resource_group_tags = false
   }
 }

From dee3c5ed1e5599620692a0e1ea4abada424e43f9 Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Wed, 5 Feb 2025 09:39:07 +0200
Subject: [PATCH 15/25] Add default value for bypass in kevault network rules

---
 src/modules/keyvault/keyvault.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/modules/keyvault/keyvault.tf b/src/modules/keyvault/keyvault.tf
index 313ab392..f480a883 100644
--- a/src/modules/keyvault/keyvault.tf
+++ b/src/modules/keyvault/keyvault.tf
@@ -17,7 +17,7 @@ resource "azurerm_key_vault" "main" {
     for_each = can(var.settings.network_rules) ? [1] : []
 
     content {
-      bypass                     = try(var.settings.network_rules.bypass, null)
+      bypass                     = try(var.settings.network_rules.bypass, "AzureServices")
       default_action             = try(var.settings.network_rules.default_action, "Deny")
       ip_rules                   = try(var.settings.network_rules.allowed_ips, null)
       virtual_network_subnet_ids = try(local.subnet_ids, null)

From 03f67812fa7643f156fd6983ac7fce0d13de2afb Mon Sep 17 00:00:00 2001
From: lyudmililchev92 <lyudmil.ilchev@teladochealth.com>
Date: Wed, 5 Feb 2025 09:42:11 +0200
Subject: [PATCH 16/25] Add private dns zones into storage account main module
 call

---
 src/storage_accounts.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/storage_accounts.tf b/src/storage_accounts.tf
index b595afc5..1f1bea8d 100644
--- a/src/storage_accounts.tf
+++ b/src/storage_accounts.tf
@@ -8,5 +8,6 @@ module "storage_accounts" {
   resources = {
     resource_groups  = module.resource_groups
     virtual_networks = module.virtual_networks
+    private_dns_zones = module.private_dns_zones
   }
 }

From 99a50fc7ae935d135e5551ba873938ab6edeab27 Mon Sep 17 00:00:00 2001
From: lyudmililchev92 <lyudmil.ilchev@teladochealth.com>
Date: Wed, 5 Feb 2025 09:45:36 +0200
Subject: [PATCH 17/25] fix ipsec_policy

---
 .../_networking/virtual_network_gateway_connections/main.tf     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/modules/_networking/virtual_network_gateway_connections/main.tf b/src/modules/_networking/virtual_network_gateway_connections/main.tf
index 175bfbad..be5b328d 100644
--- a/src/modules/_networking/virtual_network_gateway_connections/main.tf
+++ b/src/modules/_networking/virtual_network_gateway_connections/main.tf
@@ -25,7 +25,7 @@ resource "azurerm_virtual_network_gateway_connection" "main" {
   }
 
   dynamic "ipsec_policy" {
-    for_each = can(var.settings.use_policy_based_traffic_selectors) ? [1] : []
+    for_each = can(var.settings.ipsec_policy) ? [1] : []
 
     content {
       dh_group         = try(var.settings.ipsec_policy.dh_group, "DHGroup14")

From 98ffc8bd8f046df3684c759c170489a66ee6859d Mon Sep 17 00:00:00 2001
From: lyudmililchev92 <lyudmil.ilchev@teladochealth.com>
Date: Wed, 5 Feb 2025 09:56:18 +0200
Subject: [PATCH 18/25] fix pre commit

---
 src/storage_accounts.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/storage_accounts.tf b/src/storage_accounts.tf
index 1f1bea8d..1a95039c 100644
--- a/src/storage_accounts.tf
+++ b/src/storage_accounts.tf
@@ -6,8 +6,8 @@ module "storage_accounts" {
   global_settings = var.global_settings
 
   resources = {
-    resource_groups  = module.resource_groups
-    virtual_networks = module.virtual_networks
+    resource_groups   = module.resource_groups
+    virtual_networks  = module.virtual_networks
     private_dns_zones = module.private_dns_zones
   }
 }

From 283f9a3862be8d206d9313cad6868c111664986f Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Thu, 13 Feb 2025 11:47:41 +0200
Subject: [PATCH 19/25] Move keyvault-key into keyvault

---
 src/key_vault_keys.tf                                  | 2 +-
 src/modules/{ => keyvault}/key_vault_key/_locals.tf    | 0
 src/modules/{ => keyvault}/key_vault_key/_outputs.tf   | 0
 src/modules/{ => keyvault}/key_vault_key/_variables.tf | 0
 src/modules/{ => keyvault}/key_vault_key/main.tf       | 0
 5 files changed, 1 insertion(+), 1 deletion(-)
 rename src/modules/{ => keyvault}/key_vault_key/_locals.tf (100%)
 rename src/modules/{ => keyvault}/key_vault_key/_outputs.tf (100%)
 rename src/modules/{ => keyvault}/key_vault_key/_variables.tf (100%)
 rename src/modules/{ => keyvault}/key_vault_key/main.tf (100%)

diff --git a/src/key_vault_keys.tf b/src/key_vault_keys.tf
index 7a01b2fe..decde031 100644
--- a/src/key_vault_keys.tf
+++ b/src/key_vault_keys.tf
@@ -1,5 +1,5 @@
 module "key_vault_keys" {
-  source   = "./modules/key_vault_key"
+  source   = "./modules/keyvault/key_vault_key"
   for_each = var.key_vault_keys
 
   settings        = each.value
diff --git a/src/modules/key_vault_key/_locals.tf b/src/modules/keyvault/key_vault_key/_locals.tf
similarity index 100%
rename from src/modules/key_vault_key/_locals.tf
rename to src/modules/keyvault/key_vault_key/_locals.tf
diff --git a/src/modules/key_vault_key/_outputs.tf b/src/modules/keyvault/key_vault_key/_outputs.tf
similarity index 100%
rename from src/modules/key_vault_key/_outputs.tf
rename to src/modules/keyvault/key_vault_key/_outputs.tf
diff --git a/src/modules/key_vault_key/_variables.tf b/src/modules/keyvault/key_vault_key/_variables.tf
similarity index 100%
rename from src/modules/key_vault_key/_variables.tf
rename to src/modules/keyvault/key_vault_key/_variables.tf
diff --git a/src/modules/key_vault_key/main.tf b/src/modules/keyvault/key_vault_key/main.tf
similarity index 100%
rename from src/modules/key_vault_key/main.tf
rename to src/modules/keyvault/key_vault_key/main.tf

From 5af8f57a2ee35b26c301188bd912e158111f9aca Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Fri, 21 Mar 2025 17:40:18 +0200
Subject: [PATCH 20/25] Add linux vm private key

---
 .../virtual_machines/linux_virtual_machine/_locals.tf     | 4 +++-
 .../linux_virtual_machine/linux_virtual_machine.tf        | 4 ++--
 .../virtual_machines/linux_virtual_machine/secrets.tf     | 8 +++++++-
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/modules/virtual_machines/linux_virtual_machine/_locals.tf b/src/modules/virtual_machines/linux_virtual_machine/_locals.tf
index e0dc3347..09cd1803 100644
--- a/src/modules/virtual_machines/linux_virtual_machine/_locals.tf
+++ b/src/modules/virtual_machines/linux_virtual_machine/_locals.tf
@@ -7,7 +7,9 @@ locals {
 
   key_vault_id = var.resources.keyvaults[var.settings.keyvault_ref].id
 
-  public_key = tls_private_key.main[var.settings.admin_ssh_key.public_key_ref].public_key_openssh
+  vm_key      = tls_private_key.main[var.settings.admin_ssh_key.public_key_ref]
+  private_key = local.vm_key.private_key_pem
+  public_key  = local.vm_key.public_key_openssh
 
   tags = merge(
     var.global_settings.tags,
diff --git a/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf
index 75488d97..e8a7db55 100644
--- a/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf
+++ b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf
@@ -9,10 +9,10 @@ resource "azurerm_linux_virtual_machine" "main" {
   tags = local.tags
 
   dynamic "admin_ssh_key" {
-    for_each = try(var.settings.admin_ssh_key[*], {})
+    for_each = try(var.settings.admin_ssh_key, {})
     content {
       username   = try(admin_ssh_key.value.username, null)
-      public_key = try(admin_ssh_key.value.public_key, null)
+      public_key = try(tls_private_key.main[admin_ssh_key.value.public_key_ref].public_key_openssh, null)
     }
   }
 
diff --git a/src/modules/virtual_machines/linux_virtual_machine/secrets.tf b/src/modules/virtual_machines/linux_virtual_machine/secrets.tf
index 1471855e..084080ca 100644
--- a/src/modules/virtual_machines/linux_virtual_machine/secrets.tf
+++ b/src/modules/virtual_machines/linux_virtual_machine/secrets.tf
@@ -1,5 +1,11 @@
-resource "azurerm_key_vault_secret" "main" {
+resource "azurerm_key_vault_secret" "private_key" {
   name         = "${var.settings.name}-ssh-private-key"
+  value        = local.private_key
+  key_vault_id = local.key_vault_id
+}
+
+resource "azurerm_key_vault_secret" "public_key" {
+  name         = "${var.settings.name}-ssh-public-key"
   value        = local.public_key
   key_vault_id = local.key_vault_id
 }

From 65615ffd6653efb3f54b143131f7c07865e7938f Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Mon, 24 Mar 2025 09:59:23 +0200
Subject: [PATCH 21/25] Remove "try" in admin ssh key.

---
 .../linux_virtual_machine/linux_virtual_machine.tf            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf
index e8a7db55..450da51d 100644
--- a/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf
+++ b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf
@@ -11,8 +11,8 @@ resource "azurerm_linux_virtual_machine" "main" {
   dynamic "admin_ssh_key" {
     for_each = try(var.settings.admin_ssh_key, {})
     content {
-      username   = try(admin_ssh_key.value.username, null)
-      public_key = try(tls_private_key.main[admin_ssh_key.value.public_key_ref].public_key_openssh, null)
+      username   = admin_ssh_key.value.username
+      public_key = tls_private_key.main[admin_ssh_key.value.public_key_ref].public_key_openssh
     }
   }
 

From 787f49ac0de626502481f7951a9cea8a4fe7b062 Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Mon, 24 Mar 2025 10:09:37 +0200
Subject: [PATCH 22/25] Add index of vm_key property

---
 src/modules/virtual_machines/linux_virtual_machine/_locals.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/modules/virtual_machines/linux_virtual_machine/_locals.tf b/src/modules/virtual_machines/linux_virtual_machine/_locals.tf
index 09cd1803..7c625651 100644
--- a/src/modules/virtual_machines/linux_virtual_machine/_locals.tf
+++ b/src/modules/virtual_machines/linux_virtual_machine/_locals.tf
@@ -7,7 +7,7 @@ locals {
 
   key_vault_id = var.resources.keyvaults[var.settings.keyvault_ref].id
 
-  vm_key      = tls_private_key.main[var.settings.admin_ssh_key.public_key_ref]
+  vm_key      = tls_private_key.main[var.settings.admin_ssh_key[1].public_key_ref]
   private_key = local.vm_key.private_key_pem
   public_key  = local.vm_key.public_key_openssh
 

From 865e2bec32948ee3b01e35bac1a8337176731fc8 Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Mon, 24 Mar 2025 10:19:08 +0200
Subject: [PATCH 23/25] Handle multiple admin_ssh_key blocks

---
 .../linux_virtual_machine/_locals.tf          | 13 +++++++---
 .../linux_virtual_machine/secrets.tf          | 26 ++++++++++++++-----
 2 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/src/modules/virtual_machines/linux_virtual_machine/_locals.tf b/src/modules/virtual_machines/linux_virtual_machine/_locals.tf
index 7c625651..a6be831a 100644
--- a/src/modules/virtual_machines/linux_virtual_machine/_locals.tf
+++ b/src/modules/virtual_machines/linux_virtual_machine/_locals.tf
@@ -7,9 +7,16 @@ locals {
 
   key_vault_id = var.resources.keyvaults[var.settings.keyvault_ref].id
 
-  vm_key      = tls_private_key.main[var.settings.admin_ssh_key[1].public_key_ref]
-  private_key = local.vm_key.private_key_pem
-  public_key  = local.vm_key.public_key_openssh
+  # vm_key      = tls_private_key.main[var.settings.admin_ssh_key[1].public_key_ref]
+  # private_key = local.vm_key.private_key_pem
+  # public_key  = local.vm_key.public_key_openssh
+
+  vm_keys = { for key, ssh_key in var.settings.admin_ssh_key :
+    key => tls_private_key.main[ssh_key.public_key_ref]
+  }
+
+  private_keys_pem    = { for key, value in local.vm_keys : key => value.private_key_pem }
+  public_keys_openssh = { for key, value in local.vm_keys : key => value.public_key_openssh }
 
   tags = merge(
     var.global_settings.tags,
diff --git a/src/modules/virtual_machines/linux_virtual_machine/secrets.tf b/src/modules/virtual_machines/linux_virtual_machine/secrets.tf
index 084080ca..926b3fec 100644
--- a/src/modules/virtual_machines/linux_virtual_machine/secrets.tf
+++ b/src/modules/virtual_machines/linux_virtual_machine/secrets.tf
@@ -1,11 +1,25 @@
-resource "azurerm_key_vault_secret" "private_key" {
-  name         = "${var.settings.name}-ssh-private-key"
-  value        = local.private_key
+# resource "azurerm_key_vault_secret" "private_key" {
+#   name         = "${var.settings.name}-ssh-private-key"
+#   value        = local.private_key
+#   key_vault_id = local.key_vault_id
+# }
+
+# resource "azurerm_key_vault_secret" "public_key" {
+#   name         = "${var.settings.name}-ssh-public-key"
+#   value        = local.public_key
+#   key_vault_id = local.key_vault_id
+# }
+
+resource "azurerm_key_vault_secret" "private_keys" {
+  for_each     = local.private_keys_pem
+  name         = "${var.settings.name}-${each.key}-ssh-private-key"
+  value        = each.value
   key_vault_id = local.key_vault_id
 }
 
-resource "azurerm_key_vault_secret" "public_key" {
-  name         = "${var.settings.name}-ssh-public-key"
-  value        = local.public_key
+resource "azurerm_key_vault_secret" "public_keys" {
+  for_each     = local.public_keys_openssh
+  name         = "${var.settings.name}-${each.key}-ssh-public-key"
+  value        = each.value
   key_vault_id = local.key_vault_id
 }

From a31fb086ca57529731ed0ba4a7861fd1c254d83c Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Mon, 24 Mar 2025 10:28:47 +0200
Subject: [PATCH 24/25] Handle naming in secrets

---
 src/modules/virtual_machines/linux_virtual_machine/secrets.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/modules/virtual_machines/linux_virtual_machine/secrets.tf b/src/modules/virtual_machines/linux_virtual_machine/secrets.tf
index 926b3fec..aaebbe98 100644
--- a/src/modules/virtual_machines/linux_virtual_machine/secrets.tf
+++ b/src/modules/virtual_machines/linux_virtual_machine/secrets.tf
@@ -12,14 +12,14 @@
 
 resource "azurerm_key_vault_secret" "private_keys" {
   for_each     = local.private_keys_pem
-  name         = "${var.settings.name}-${each.key}-ssh-private-key"
+  name         = "${var.settings.name}-${replace(each.key, "_", "-")}-ssh-private-key"
   value        = each.value
   key_vault_id = local.key_vault_id
 }
 
 resource "azurerm_key_vault_secret" "public_keys" {
   for_each     = local.public_keys_openssh
-  name         = "${var.settings.name}-${each.key}-ssh-public-key"
+  name         = "${var.settings.name}-${replace(each.key, "_", "-")}-ssh-public-key"
   value        = each.value
   key_vault_id = local.key_vault_id
 }

From c79635802901c8f07e3c817dfb55ec43f51b549e Mon Sep 17 00:00:00 2001
From: Borislav Raynov <braynov@efellows.bg>
Date: Mon, 24 Mar 2025 10:36:42 +0200
Subject: [PATCH 25/25] Remove comments

---
 .../linux_virtual_machine/_locals.tf                 |  5 -----
 .../linux_virtual_machine/secrets.tf                 | 12 ------------
 2 files changed, 17 deletions(-)

diff --git a/src/modules/virtual_machines/linux_virtual_machine/_locals.tf b/src/modules/virtual_machines/linux_virtual_machine/_locals.tf
index a6be831a..e797cd93 100644
--- a/src/modules/virtual_machines/linux_virtual_machine/_locals.tf
+++ b/src/modules/virtual_machines/linux_virtual_machine/_locals.tf
@@ -7,14 +7,9 @@ locals {
 
   key_vault_id = var.resources.keyvaults[var.settings.keyvault_ref].id
 
-  # vm_key      = tls_private_key.main[var.settings.admin_ssh_key[1].public_key_ref]
-  # private_key = local.vm_key.private_key_pem
-  # public_key  = local.vm_key.public_key_openssh
-
   vm_keys = { for key, ssh_key in var.settings.admin_ssh_key :
     key => tls_private_key.main[ssh_key.public_key_ref]
   }
-
   private_keys_pem    = { for key, value in local.vm_keys : key => value.private_key_pem }
   public_keys_openssh = { for key, value in local.vm_keys : key => value.public_key_openssh }
 
diff --git a/src/modules/virtual_machines/linux_virtual_machine/secrets.tf b/src/modules/virtual_machines/linux_virtual_machine/secrets.tf
index aaebbe98..1dcecc71 100644
--- a/src/modules/virtual_machines/linux_virtual_machine/secrets.tf
+++ b/src/modules/virtual_machines/linux_virtual_machine/secrets.tf
@@ -1,15 +1,3 @@
-# resource "azurerm_key_vault_secret" "private_key" {
-#   name         = "${var.settings.name}-ssh-private-key"
-#   value        = local.private_key
-#   key_vault_id = local.key_vault_id
-# }
-
-# resource "azurerm_key_vault_secret" "public_key" {
-#   name         = "${var.settings.name}-ssh-public-key"
-#   value        = local.public_key
-#   key_vault_id = local.key_vault_id
-# }
-
 resource "azurerm_key_vault_secret" "private_keys" {
   for_each     = local.private_keys_pem
   name         = "${var.settings.name}-${replace(each.key, "_", "-")}-ssh-private-key"