From b22d91164e0960a0c472cec41eb4bdbf7cc7531a Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Mon, 28 Jul 2025 11:23:12 +0300 Subject: [PATCH 01/27] add optional key vault id --- src/modules/virtual_machines/linux_virtual_machine/_locals.tf | 4 ++-- .../virtual_machines/linux_virtual_machine/tls_private_key.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/modules/virtual_machines/linux_virtual_machine/_locals.tf b/src/modules/virtual_machines/linux_virtual_machine/_locals.tf index 7716b3d9..22f2fd87 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/_locals.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/_locals.tf @@ -7,11 +7,11 @@ locals { network_interface_ids = module.network_interface.ids - key_vault_id = var.resources[ + key_vault_id = try(var.resources[ try(var.settings.keyvault_lz_key, var.client_config.landingzone_key) ].keyvaults[ var.settings.keyvault_ref - ].id + ].id,null) vm_keys = { for key, ssh_key in var.settings.admin_ssh_key : key => tls_private_key.main[ssh_key.public_key_ref] diff --git a/src/modules/virtual_machines/linux_virtual_machine/tls_private_key.tf b/src/modules/virtual_machines/linux_virtual_machine/tls_private_key.tf index ec38c336..cc78dcfa 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/tls_private_key.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/tls_private_key.tf @@ -1,6 +1,6 @@ resource "tls_private_key" "main" { - for_each = var.settings.public_key_openssh + for_each = var.settings.public_key_openssh != null && length(var.settings.public_key_openssh) > 0 ? var.settings.public_key_openssh : {} algorithm = each.value.algorithm rsa_bits = each.value.rsa_bits -} +} \ No newline at end of file From 188a48dc2337cd4fa7da5cb0fdce795ba610ab43 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Mon, 28 Jul 2025 11:27:31 +0300 Subject: [PATCH 02/27] fix private key --- .../virtual_machines/linux_virtual_machine/tls_private_key.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/virtual_machines/linux_virtual_machine/tls_private_key.tf b/src/modules/virtual_machines/linux_virtual_machine/tls_private_key.tf index cc78dcfa..a29156f2 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/tls_private_key.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/tls_private_key.tf @@ -1,5 +1,5 @@ resource "tls_private_key" "main" { - for_each = var.settings.public_key_openssh != null && length(var.settings.public_key_openssh) > 0 ? var.settings.public_key_openssh : {} + for_each = try(var.settings.public_key_openssh, {}) algorithm = each.value.algorithm rsa_bits = each.value.rsa_bits From bc543ef4c34a0f84b3dbdef541833ba61badb089 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Mon, 28 Jul 2025 11:32:43 +0300 Subject: [PATCH 03/27] fix keys --- .../virtual_machines/linux_virtual_machine/_locals.tf | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/modules/virtual_machines/linux_virtual_machine/_locals.tf b/src/modules/virtual_machines/linux_virtual_machine/_locals.tf index 22f2fd87..c26b1b4a 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/_locals.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/_locals.tf @@ -11,14 +11,17 @@ locals { try(var.settings.keyvault_lz_key, var.client_config.landingzone_key) ].keyvaults[ var.settings.keyvault_ref - ].id,null) + ].id, null) - vm_keys = { for key, ssh_key in var.settings.admin_ssh_key : + vm_keys = { + for key, ssh_key in try(var.settings.admin_ssh_key, {}) : key => tls_private_key.main[ssh_key.public_key_ref] } + private_keys_pem = { for key, value in local.vm_keys : key => value.private_key_pem } public_keys_openssh = { for key, value in local.vm_keys : key => value.public_key_openssh } + tags = merge( var.global_settings.tags, var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {}, From b46eb1b17c20609c25349632718182bb13ed3ac1 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Mon, 28 Jul 2025 13:39:39 +0300 Subject: [PATCH 04/27] fix virtual machine plan settings --- .../linux_virtual_machine/linux_virtual_machine.tf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf index 556ed72d..180ede8e 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf @@ -15,6 +15,14 @@ resource "azurerm_linux_virtual_machine" "main" { public_key = tls_private_key.main[admin_ssh_key.value.public_key_ref].public_key_openssh } } + dynamic "plan" { + for_each = can(var.settings.plan) ? [1] : [] + content { + name = var.settings.plan.name + product = var.settings.plan.product + publisher = var.settings.plan.publisher + } + } os_disk { caching = var.settings.os_disk.caching From be88c1647dd910eee32720a2ade9086c249e9473 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Mon, 28 Jul 2025 15:17:27 +0300 Subject: [PATCH 05/27] add sku and sku tier to public ip --- src/modules/_networking/public_ip/main.tf | 2 ++ .../linux_virtual_machine/linux_virtual_machine.tf | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/modules/_networking/public_ip/main.tf b/src/modules/_networking/public_ip/main.tf index 43fe1e55..3b7ec9cd 100644 --- a/src/modules/_networking/public_ip/main.tf +++ b/src/modules/_networking/public_ip/main.tf @@ -5,4 +5,6 @@ resource "azurerm_public_ip" "main" { allocation_method = try(var.settings.allocation_method, "Static") tags = local.tags zones = try(var.settings.zones, null) + sku = try(var.settings.sku,null) + sku_tier = try(var.settings.sku_tier,null) } diff --git a/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf index 180ede8e..e4b752b9 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf @@ -5,6 +5,8 @@ resource "azurerm_linux_virtual_machine" "main" { admin_username = var.settings.admin_username size = var.settings.size network_interface_ids = local.network_interface_ids + encryption_at_host_enabled = try(var.settings.encryption_at_host_enabled,null) + disable_password_authentication = try(var.settings.disable_password_authentication,null) tags = local.tags From a8b0d4a23cb62d0c0c672301578d52d142e26eec Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Mon, 28 Jul 2025 15:20:01 +0300 Subject: [PATCH 06/27] add domain name label to public ip --- src/modules/_networking/public_ip/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/src/modules/_networking/public_ip/main.tf b/src/modules/_networking/public_ip/main.tf index 3b7ec9cd..dc8f01b8 100644 --- a/src/modules/_networking/public_ip/main.tf +++ b/src/modules/_networking/public_ip/main.tf @@ -7,4 +7,5 @@ resource "azurerm_public_ip" "main" { zones = try(var.settings.zones, null) sku = try(var.settings.sku,null) sku_tier = try(var.settings.sku_tier,null) + domain_name_label = try(var.settings.domain_name_label,null) } From 456128d437dda953af5a52e91c90fa3c48040d91 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Mon, 28 Jul 2025 15:36:33 +0300 Subject: [PATCH 07/27] add availability set id --- .../linux_virtual_machine/availability_set.tf | 6 ++++++ .../linux_virtual_machine/linux_virtual_machine.tf | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 src/modules/virtual_machines/linux_virtual_machine/availability_set.tf diff --git a/src/modules/virtual_machines/linux_virtual_machine/availability_set.tf b/src/modules/virtual_machines/linux_virtual_machine/availability_set.tf new file mode 100644 index 00000000..0e17e257 --- /dev/null +++ b/src/modules/virtual_machines/linux_virtual_machine/availability_set.tf @@ -0,0 +1,6 @@ +resource "azurerm_availability_set" "main" { + count = try(var.settings.availability_set, null) == null ? 0 : 1 + name = try(var.settings.availability_set.name) + location = local.location + resource_group_name = local.resource_group_name +} \ No newline at end of file diff --git a/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf index e4b752b9..20878297 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf @@ -7,6 +7,7 @@ resource "azurerm_linux_virtual_machine" "main" { network_interface_ids = local.network_interface_ids encryption_at_host_enabled = try(var.settings.encryption_at_host_enabled,null) disable_password_authentication = try(var.settings.disable_password_authentication,null) + availability_set_id = try(azurerm_availability_set.main.id,null) tags = local.tags @@ -40,4 +41,4 @@ resource "azurerm_linux_virtual_machine" "main" { sku = var.settings.source_image_reference.sku version = var.settings.source_image_reference.version } -} +} \ No newline at end of file From 94cb27cab588a916bf076090f05c9a8b713069a3 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Mon, 28 Jul 2025 15:40:40 +0300 Subject: [PATCH 08/27] fix availabiolity set --- .../linux_virtual_machine/linux_virtual_machine.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf index 20878297..d1f95dd1 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf @@ -7,7 +7,8 @@ resource "azurerm_linux_virtual_machine" "main" { network_interface_ids = local.network_interface_ids encryption_at_host_enabled = try(var.settings.encryption_at_host_enabled,null) disable_password_authentication = try(var.settings.disable_password_authentication,null) - availability_set_id = try(azurerm_availability_set.main.id,null) + availability_set_id = try(one(azurerm_availability_set.main[*].id), null) + tags = local.tags From 7833df01a3806fede18baada2bd0cfd06370e865 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Mon, 28 Jul 2025 15:47:43 +0300 Subject: [PATCH 09/27] add platform fault domain count --- .../virtual_machines/linux_virtual_machine/availability_set.tf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/modules/virtual_machines/linux_virtual_machine/availability_set.tf b/src/modules/virtual_machines/linux_virtual_machine/availability_set.tf index 0e17e257..f7490cfd 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/availability_set.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/availability_set.tf @@ -3,4 +3,7 @@ resource "azurerm_availability_set" "main" { name = try(var.settings.availability_set.name) location = local.location resource_group_name = local.resource_group_name + platform_fault_domain_count = try(var.settings.availability_set.platform_fault_domain_count,null) + platform_update_domain_count = try(var.settings.availability_set.platform_update_domain_count,null) + tags = local.tags } \ No newline at end of file From 2497535e647faf0329db34f2dbdb5c7c9bba85e6 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Mon, 28 Jul 2025 15:54:03 +0300 Subject: [PATCH 10/27] add minor change in network interface inside vms --- src/modules/virtual_machines/network_interface/main.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/modules/virtual_machines/network_interface/main.tf b/src/modules/virtual_machines/network_interface/main.tf index bc88bb8f..f13428cf 100644 --- a/src/modules/virtual_machines/network_interface/main.tf +++ b/src/modules/virtual_machines/network_interface/main.tf @@ -3,6 +3,8 @@ resource "azurerm_network_interface" "main" { name = each.value.name resource_group_name = local.resource_group_name location = local.location + accelerated_networking_enabled = try(each.value.accelerated_networking_enabled,false) + ip_forwarding_enabled = try(each.value.ip_forwarding_enabled,false) tags = local.tags From a9a3a380674579329d7612a33d782dd293e12c95 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Mon, 28 Jul 2025 16:45:09 +0300 Subject: [PATCH 11/27] add admin password to linux machines --- .../linux_virtual_machine.tf | 1 + .../linux_virtual_machine/secrets.tf | 20 +++++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf index d1f95dd1..85747c85 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf @@ -3,6 +3,7 @@ resource "azurerm_linux_virtual_machine" "main" { resource_group_name = local.resource_group_name location = local.location admin_username = var.settings.admin_username + admin_password = try(random_password.admin.result,null) size = var.settings.size network_interface_ids = local.network_interface_ids encryption_at_host_enabled = try(var.settings.encryption_at_host_enabled,null) diff --git a/src/modules/virtual_machines/linux_virtual_machine/secrets.tf b/src/modules/virtual_machines/linux_virtual_machine/secrets.tf index 1dcecc71..94f6129e 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/secrets.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/secrets.tf @@ -11,3 +11,23 @@ resource "azurerm_key_vault_secret" "public_keys" { value = each.value key_vault_id = local.key_vault_id } + + +resource "random_password" "admin" { + count = try(var.settings.disable_password_authentication, false) ? 0 : 1 + length = 18 + min_upper = 2 + min_lower = 2 + min_special = 2 + numeric = true + special = true + override_special = "!@#$%&" +} + + +resource "azurerm_key_vault_secret" "admin_password" { + count = try(var.settings.disable_password_authentication, false) ? 0 : 1 + name = "${var.settings.name}-${var.settings.admin_username}" + value = random_password.admin.result + key_vault_id = local.key_vault_id +} From 6ce1280fc068aac9734435328b7251ae16e64b65 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Mon, 28 Jul 2025 16:48:31 +0300 Subject: [PATCH 12/27] add admin password to linux vm --- .../linux_virtual_machine/linux_virtual_machine.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf index 85747c85..ff1bc8a9 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf @@ -3,7 +3,7 @@ resource "azurerm_linux_virtual_machine" "main" { resource_group_name = local.resource_group_name location = local.location admin_username = var.settings.admin_username - admin_password = try(random_password.admin.result,null) + admin_password = try(random_password.admin[0].result,null) size = var.settings.size network_interface_ids = local.network_interface_ids encryption_at_host_enabled = try(var.settings.encryption_at_host_enabled,null) From 92b1fb7ca624371a832d7fa13905d7ac366f9b98 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Mon, 28 Jul 2025 16:48:56 +0300 Subject: [PATCH 13/27] fix secret --- src/modules/virtual_machines/linux_virtual_machine/secrets.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/virtual_machines/linux_virtual_machine/secrets.tf b/src/modules/virtual_machines/linux_virtual_machine/secrets.tf index 94f6129e..e47b23e9 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/secrets.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/secrets.tf @@ -28,6 +28,6 @@ resource "random_password" "admin" { resource "azurerm_key_vault_secret" "admin_password" { count = try(var.settings.disable_password_authentication, false) ? 0 : 1 name = "${var.settings.name}-${var.settings.admin_username}" - value = random_password.admin.result + value = random_password.admin[0].result key_vault_id = local.key_vault_id } From 2ebb9eff364807fd4459e4d4145a3c4b1f8e9c4a Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Wed, 30 Jul 2025 13:13:34 +0300 Subject: [PATCH 14/27] add versioning enabled for storage account --- src/modules/storage_account/storage_account.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/src/modules/storage_account/storage_account.tf b/src/modules/storage_account/storage_account.tf index fd2d0e56..171ffb0b 100644 --- a/src/modules/storage_account/storage_account.tf +++ b/src/modules/storage_account/storage_account.tf @@ -49,6 +49,7 @@ resource "azurerm_storage_account" "main" { for_each = can(var.settings.blob_properties) ? [1] : [] content { + versioning_enabled = try(var.settings.blob_properties.versioning_enabled,false) dynamic "cors_rule" { for_each = can(var.settings.blob_properties.cors_rule) ? [1] : [] From bc2ebd33a96650557dc9547803bf5f648d7bc60d Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Wed, 30 Jul 2025 15:18:17 +0300 Subject: [PATCH 15/27] add az api resource --- .../storage_account/storage_container.tf | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/modules/storage_account/storage_container.tf b/src/modules/storage_account/storage_container.tf index b490d093..9dbea757 100644 --- a/src/modules/storage_account/storage_container.tf +++ b/src/modules/storage_account/storage_container.tf @@ -6,3 +6,22 @@ resource "azurerm_storage_container" "main" { container_access_type = try(each.value.access_type, null) } + + +resource "azapi_resource" "main" { + for_each = try(var.settings.api_containers, {}) + + type = "Microsoft.Storage/storageAccounts/blobServices/containers@2023-05-01" + name = each.value.name + parent_id = "${azurerm_storage_account.main.id}/blobServices/default" + body = { + properties = { + defaultEncryptionScope = try(each.value.default_encryption_scope,"$account-encryption-key") + denyEncryptionScopeOverride = try(each.value.deny_encryption_scope_override,false) + immutableStorageWithVersioning = { + enabled = try(each.value.enable_versioning,true) + } + publicAccess = try(each.value.public_access,"None") + } + } +} From 391863a7e26e02b9392651dfc78ce62aee9955de Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Wed, 30 Jul 2025 15:32:36 +0300 Subject: [PATCH 16/27] add azapi --- src/_provider.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/_provider.tf b/src/_provider.tf index 440df980..e7af39b5 100644 --- a/src/_provider.tf +++ b/src/_provider.tf @@ -4,6 +4,10 @@ terraform { source = "hashicorp/azurerm" version = "4.33.0" } + azapi = { + source = "Azure/azapi" + version = "~>1.8.0" + } } } @@ -15,3 +19,5 @@ provider "azurerm" { tenant_id = var.tenant_id subscription_id = var.subscription_id } + +provider "azapi" {} \ No newline at end of file From ef4742d1e7010ca15624b8bf7a8c1068548e81ea Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Wed, 30 Jul 2025 15:35:20 +0300 Subject: [PATCH 17/27] add version 2.5.0 --- src/_provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/_provider.tf b/src/_provider.tf index e7af39b5..14fc9a5f 100644 --- a/src/_provider.tf +++ b/src/_provider.tf @@ -6,7 +6,7 @@ terraform { } azapi = { source = "Azure/azapi" - version = "~>1.8.0" + version = "2.5.0" } } } From 4fea05c2bc7471ee006f747f031ac357659c3b48 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Wed, 30 Jul 2025 15:39:43 +0300 Subject: [PATCH 18/27] azapi --- src/_provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/_provider.tf b/src/_provider.tf index 14fc9a5f..b115bbe8 100644 --- a/src/_provider.tf +++ b/src/_provider.tf @@ -5,7 +5,7 @@ terraform { version = "4.33.0" } azapi = { - source = "Azure/azapi" + source = "azure/azapi" version = "2.5.0" } } From 2280567b4a1b5c6ad3601a71031fdee92e9682e6 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Wed, 30 Jul 2025 15:42:06 +0300 Subject: [PATCH 19/27] fix --- src/_provider.tf | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/_provider.tf b/src/_provider.tf index b115bbe8..22e51409 100644 --- a/src/_provider.tf +++ b/src/_provider.tf @@ -1,13 +1,12 @@ terraform { required_providers { + azapi = { + source = "Azure/azapi" + } azurerm = { source = "hashicorp/azurerm" version = "4.33.0" } - azapi = { - source = "azure/azapi" - version = "2.5.0" - } } } From cff971b2882cae3ab3f87b6e1a482cbcaa0c48d5 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Wed, 30 Jul 2025 15:47:13 +0300 Subject: [PATCH 20/27] add azapi --- src/_provider.tf | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/src/_provider.tf b/src/_provider.tf index 22e51409..58e7d927 100644 --- a/src/_provider.tf +++ b/src/_provider.tf @@ -1,8 +1,5 @@ terraform { required_providers { - azapi = { - source = "Azure/azapi" - } azurerm = { source = "hashicorp/azurerm" version = "4.33.0" @@ -19,4 +16,15 @@ provider "azurerm" { subscription_id = var.subscription_id } -provider "azapi" {} \ No newline at end of file +terraform { + required_providers { + azapi = { + source = "Azure/azapi" + version = "2.5.0" // version + } + } +} + +provider "azapi" { + # Configuration options +} \ No newline at end of file From 2f525586f38e02dba5474a6ce9de64fc960bb373 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Wed, 30 Jul 2025 15:51:23 +0300 Subject: [PATCH 21/27] fix azapi --- src/_provider.tf | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/src/_provider.tf b/src/_provider.tf index 58e7d927..f1b580eb 100644 --- a/src/_provider.tf +++ b/src/_provider.tf @@ -4,6 +4,10 @@ terraform { source = "hashicorp/azurerm" version = "4.33.0" } + azapi = { + source = "Azure/azapi" + version = "2.5.0" // version + } } } @@ -16,15 +20,6 @@ provider "azurerm" { subscription_id = var.subscription_id } -terraform { - required_providers { - azapi = { - source = "Azure/azapi" - version = "2.5.0" // version - } - } -} - provider "azapi" { # Configuration options } \ No newline at end of file From cde3df2e92bf61cca9a5ad9763c97a0ce3c97fb9 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Wed, 30 Jul 2025 15:55:14 +0300 Subject: [PATCH 22/27] add providers --- src/modules/storage_account/storage_container.tf | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/modules/storage_account/storage_container.tf b/src/modules/storage_account/storage_container.tf index 9dbea757..d8fe2b09 100644 --- a/src/modules/storage_account/storage_container.tf +++ b/src/modules/storage_account/storage_container.tf @@ -25,3 +25,12 @@ resource "azapi_resource" "main" { } } } + + +terraform { + required_providers { + azapi = { + source = "Azure/azapi" + } + } +} \ No newline at end of file From 86406231310ce22a6751873a13bb730bb53d3aec Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Wed, 30 Jul 2025 16:11:22 +0300 Subject: [PATCH 23/27] fix pre commit --- src/_provider.tf | 4 +-- src/modules/_networking/public_ip/main.tf | 6 ++--- src/modules/storage_account/provider.tf | 7 +++++ .../storage_account/storage_account.tf | 2 +- .../storage_account/storage_container.tf | 18 ++++++------- .../linux_virtual_machine/availability_set.tf | 16 ++++++------ .../linux_virtual_machine.tf | 26 +++++++++---------- .../linux_virtual_machine/tls_private_key.tf | 2 +- .../network_interface/main.tf | 12 ++++----- 9 files changed, 50 insertions(+), 43 deletions(-) create mode 100644 src/modules/storage_account/provider.tf diff --git a/src/_provider.tf b/src/_provider.tf index f1b580eb..c055825a 100644 --- a/src/_provider.tf +++ b/src/_provider.tf @@ -5,7 +5,7 @@ terraform { version = "4.33.0" } azapi = { - source = "Azure/azapi" + source = "Azure/azapi" version = "2.5.0" // version } } @@ -22,4 +22,4 @@ provider "azurerm" { provider "azapi" { # Configuration options -} \ No newline at end of file +} diff --git a/src/modules/_networking/public_ip/main.tf b/src/modules/_networking/public_ip/main.tf index dc8f01b8..48a06bd0 100644 --- a/src/modules/_networking/public_ip/main.tf +++ b/src/modules/_networking/public_ip/main.tf @@ -5,7 +5,7 @@ resource "azurerm_public_ip" "main" { allocation_method = try(var.settings.allocation_method, "Static") tags = local.tags zones = try(var.settings.zones, null) - sku = try(var.settings.sku,null) - sku_tier = try(var.settings.sku_tier,null) - domain_name_label = try(var.settings.domain_name_label,null) + sku = try(var.settings.sku, null) + sku_tier = try(var.settings.sku_tier, null) + domain_name_label = try(var.settings.domain_name_label, null) } diff --git a/src/modules/storage_account/provider.tf b/src/modules/storage_account/provider.tf new file mode 100644 index 00000000..ee853a09 --- /dev/null +++ b/src/modules/storage_account/provider.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + azapi = { + source = "Azure/azapi" + } + } +} \ No newline at end of file diff --git a/src/modules/storage_account/storage_account.tf b/src/modules/storage_account/storage_account.tf index 171ffb0b..0babdd8e 100644 --- a/src/modules/storage_account/storage_account.tf +++ b/src/modules/storage_account/storage_account.tf @@ -49,7 +49,7 @@ resource "azurerm_storage_account" "main" { for_each = can(var.settings.blob_properties) ? [1] : [] content { - versioning_enabled = try(var.settings.blob_properties.versioning_enabled,false) + versioning_enabled = try(var.settings.blob_properties.versioning_enabled, false) dynamic "cors_rule" { for_each = can(var.settings.blob_properties.cors_rule) ? [1] : [] diff --git a/src/modules/storage_account/storage_container.tf b/src/modules/storage_account/storage_container.tf index d8fe2b09..5e4c102d 100644 --- a/src/modules/storage_account/storage_container.tf +++ b/src/modules/storage_account/storage_container.tf @@ -16,21 +16,21 @@ resource "azapi_resource" "main" { parent_id = "${azurerm_storage_account.main.id}/blobServices/default" body = { properties = { - defaultEncryptionScope = try(each.value.default_encryption_scope,"$account-encryption-key") - denyEncryptionScopeOverride = try(each.value.deny_encryption_scope_override,false) + defaultEncryptionScope = try(each.value.default_encryption_scope, "$account-encryption-key") + denyEncryptionScopeOverride = try(each.value.deny_encryption_scope_override, false) immutableStorageWithVersioning = { - enabled = try(each.value.enable_versioning,true) + enabled = try(each.value.enable_versioning, true) } - publicAccess = try(each.value.public_access,"None") + publicAccess = try(each.value.public_access, "None") } } } terraform { - required_providers { - azapi = { - source = "Azure/azapi" - } + required_providers { + azapi = { + source = "Azure/azapi" + } } -} \ No newline at end of file +} diff --git a/src/modules/virtual_machines/linux_virtual_machine/availability_set.tf b/src/modules/virtual_machines/linux_virtual_machine/availability_set.tf index f7490cfd..4af1d8ee 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/availability_set.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/availability_set.tf @@ -1,9 +1,9 @@ resource "azurerm_availability_set" "main" { - count = try(var.settings.availability_set, null) == null ? 0 : 1 - name = try(var.settings.availability_set.name) - location = local.location - resource_group_name = local.resource_group_name - platform_fault_domain_count = try(var.settings.availability_set.platform_fault_domain_count,null) - platform_update_domain_count = try(var.settings.availability_set.platform_update_domain_count,null) - tags = local.tags -} \ No newline at end of file + count = try(var.settings.availability_set, null) == null ? 0 : 1 + name = try(var.settings.availability_set.name) + location = local.location + resource_group_name = local.resource_group_name + platform_fault_domain_count = try(var.settings.availability_set.platform_fault_domain_count, null) + platform_update_domain_count = try(var.settings.availability_set.platform_update_domain_count, null) + tags = local.tags +} diff --git a/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf index ff1bc8a9..34c7a263 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/linux_virtual_machine.tf @@ -1,14 +1,14 @@ resource "azurerm_linux_virtual_machine" "main" { - name = var.settings.name - resource_group_name = local.resource_group_name - location = local.location - admin_username = var.settings.admin_username - admin_password = try(random_password.admin[0].result,null) - size = var.settings.size - network_interface_ids = local.network_interface_ids - encryption_at_host_enabled = try(var.settings.encryption_at_host_enabled,null) - disable_password_authentication = try(var.settings.disable_password_authentication,null) - availability_set_id = try(one(azurerm_availability_set.main[*].id), null) + name = var.settings.name + resource_group_name = local.resource_group_name + location = local.location + admin_username = var.settings.admin_username + admin_password = try(random_password.admin[0].result, null) + size = var.settings.size + network_interface_ids = local.network_interface_ids + encryption_at_host_enabled = try(var.settings.encryption_at_host_enabled, null) + disable_password_authentication = try(var.settings.disable_password_authentication, null) + availability_set_id = try(one(azurerm_availability_set.main[*].id), null) tags = local.tags @@ -23,8 +23,8 @@ resource "azurerm_linux_virtual_machine" "main" { dynamic "plan" { for_each = can(var.settings.plan) ? [1] : [] content { - name = var.settings.plan.name - product = var.settings.plan.product + name = var.settings.plan.name + product = var.settings.plan.product publisher = var.settings.plan.publisher } } @@ -43,4 +43,4 @@ resource "azurerm_linux_virtual_machine" "main" { sku = var.settings.source_image_reference.sku version = var.settings.source_image_reference.version } -} \ No newline at end of file +} diff --git a/src/modules/virtual_machines/linux_virtual_machine/tls_private_key.tf b/src/modules/virtual_machines/linux_virtual_machine/tls_private_key.tf index a29156f2..29dcc678 100644 --- a/src/modules/virtual_machines/linux_virtual_machine/tls_private_key.tf +++ b/src/modules/virtual_machines/linux_virtual_machine/tls_private_key.tf @@ -3,4 +3,4 @@ resource "tls_private_key" "main" { algorithm = each.value.algorithm rsa_bits = each.value.rsa_bits -} \ No newline at end of file +} diff --git a/src/modules/virtual_machines/network_interface/main.tf b/src/modules/virtual_machines/network_interface/main.tf index f13428cf..82529720 100644 --- a/src/modules/virtual_machines/network_interface/main.tf +++ b/src/modules/virtual_machines/network_interface/main.tf @@ -1,10 +1,10 @@ resource "azurerm_network_interface" "main" { - for_each = var.settings.network_interfaces - name = each.value.name - resource_group_name = local.resource_group_name - location = local.location - accelerated_networking_enabled = try(each.value.accelerated_networking_enabled,false) - ip_forwarding_enabled = try(each.value.ip_forwarding_enabled,false) + for_each = var.settings.network_interfaces + name = each.value.name + resource_group_name = local.resource_group_name + location = local.location + accelerated_networking_enabled = try(each.value.accelerated_networking_enabled, false) + ip_forwarding_enabled = try(each.value.ip_forwarding_enabled, false) tags = local.tags From 03d27d05163e6d561e0c0b884b9d70828c8bffa4 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Wed, 30 Jul 2025 16:12:03 +0300 Subject: [PATCH 24/27] remove unused file --- src/modules/storage_account/provider.tf | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 src/modules/storage_account/provider.tf diff --git a/src/modules/storage_account/provider.tf b/src/modules/storage_account/provider.tf deleted file mode 100644 index ee853a09..00000000 --- a/src/modules/storage_account/provider.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - azapi = { - source = "Azure/azapi" - } - } -} \ No newline at end of file From b8b6eeed72fb62c7b828eb6cf1956d7a8e484744 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Fri, 1 Aug 2025 15:03:27 +0300 Subject: [PATCH 25/27] add agreement --- .../virtual_machines/linux_virtual_machine/agreement.tf | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 src/modules/virtual_machines/linux_virtual_machine/agreement.tf diff --git a/src/modules/virtual_machines/linux_virtual_machine/agreement.tf b/src/modules/virtual_machines/linux_virtual_machine/agreement.tf new file mode 100644 index 00000000..9aa3aa30 --- /dev/null +++ b/src/modules/virtual_machines/linux_virtual_machine/agreement.tf @@ -0,0 +1,6 @@ +resource "azurerm_marketplace_agreement" "main" { + count = try(var.settings.marketplace_agreement, null) == null ? 0 : 1 + publisher = var.settings.marketplace_agreement.publisher + offer = var.settings.marketplace_agreement.offer + plan = var.settings.marketplace_agreement.plan +} From 2bfcc175d14c643a8bc5802228a06cd04a7f3d66 Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Mon, 4 Aug 2025 13:37:34 +0300 Subject: [PATCH 26/27] add one more source for vnet peerings --- src/modules/_networking/vnet_peering/_locals.tf | 1 + src/modules/_networking/vnet_peering/main.tf | 13 +++++++++++++ 2 files changed, 14 insertions(+) diff --git a/src/modules/_networking/vnet_peering/_locals.tf b/src/modules/_networking/vnet_peering/_locals.tf index 161842cf..048bb3e4 100644 --- a/src/modules/_networking/vnet_peering/_locals.tf +++ b/src/modules/_networking/vnet_peering/_locals.tf @@ -17,6 +17,7 @@ locals { direction = try(var.settings.direction, "<->") target = local.direction == "target" source = local.direction == "source" + custom = local.direction == "custom" # These use regex to simulate startswith/endswith peer_left_to_right = can(regex("->$", local.direction)) diff --git a/src/modules/_networking/vnet_peering/main.tf b/src/modules/_networking/vnet_peering/main.tf index dc0f227f..71ab2145 100644 --- a/src/modules/_networking/vnet_peering/main.tf +++ b/src/modules/_networking/vnet_peering/main.tf @@ -28,6 +28,19 @@ resource "azurerm_virtual_network_peering" "target" { use_remote_gateways = true } +resource "azurerm_virtual_network_peering" "custom" { + count = local.custom ? 1 : 0 + + name = try(var.settings.custom_name, "peering-${local.vnet_right.name}") + resource_group_name = local.vnet_right.resource_group_name + virtual_network_name = local.vnet_right.name + remote_virtual_network_id = try(var.settings.remote_vnet_id, local.vnet_left.id) + allow_virtual_network_access = try(var.settings.allow_virtual_network_access, false) + allow_forwarded_traffic = try(var.settings.allow_forwarded_traffic, false) + use_remote_gateways = try(var.settings.use_remote_gateways, false) + allow_gateway_transit = try(var.settings.allow_gateway_transit, false) +} + resource "azurerm_virtual_network_peering" "source" { count = local.source ? 1 : 0 From 7e63dcb656f1b67a5b830342f2f35070f0a2ba7f Mon Sep 17 00:00:00 2001 From: Lyudmil Ilchev Date: Mon, 4 Aug 2025 13:42:51 +0300 Subject: [PATCH 27/27] add custom to the validation --- src/modules/_networking/vnet_peering/_variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/modules/_networking/vnet_peering/_variables.tf b/src/modules/_networking/vnet_peering/_variables.tf index a4d1170f..5856fe33 100644 --- a/src/modules/_networking/vnet_peering/_variables.tf +++ b/src/modules/_networking/vnet_peering/_variables.tf @@ -6,8 +6,8 @@ variable "settings" { description = "All the configuration for this resource" validation { - condition = contains(["<-", "->", "<->", "target", "source"], try(var.settings.direction, "<->")) - error_message = "Allowed values for 'direction' are '<-', '->', '<->', 'target', or 'source'. Defaults to '<->' if not set." + condition = contains(["<-", "->", "<->", "target", "source", "custom"], try(var.settings.direction, "<->")) + error_message = "Allowed values for 'direction' are '<-', '->', '<->', 'target', 'source' or 'custom' . Defaults to '<->' if not set." } }