efellowsbg · lyudmililchev92 · Jul 28, 2025 · Jul 28, 2025 · Jul 28, 2025 · Jul 28, 2025
@@ -4,6 +4,10 @@ terraform {
       source  = "hashicorp/azurerm"
       version = "4.33.0"
     }
+    azapi = {
+      source  = "Azure/azapi"
+      version = "2.5.0" // version
+    }
   }
 }
 
@@ -15,3 +19,7 @@ provider "azurerm" {
   tenant_id       = var.tenant_id
   subscription_id = var.subscription_id
 }
+
+provider "azapi" {
+  # Configuration options
+}
@@ -5,4 +5,7 @@ resource "azurerm_public_ip" "main" {
   allocation_method   = try(var.settings.allocation_method, "Static")
   tags                = local.tags
   zones               = try(var.settings.zones, null)
+  sku                 = try(var.settings.sku, null)
+  sku_tier            = try(var.settings.sku_tier, null)
+  domain_name_label   = try(var.settings.domain_name_label, null)
 }
@@ -17,6 +17,7 @@ locals {
   direction = try(var.settings.direction, "<->")
   target    = local.direction == "target"
   source    = local.direction == "source"
+  custom = local.direction == "custom"
 
   # These use regex to simulate startswith/endswith
   peer_left_to_right = can(regex("->$", local.direction))

@@ -6,8 +6,8 @@ variable "settings" {
   description = "All the configuration for this resource"
 
   validation {
-    condition     = contains(["<-", "->", "<->", "target", "source"], try(var.settings.direction, "<->"))
-    error_message = "Allowed values for 'direction' are '<-', '->', '<->', 'target', or 'source'. Defaults to '<->' if not set."
+    condition     = contains(["<-", "->", "<->", "target", "source", "custom"], try(var.settings.direction, "<->"))
+    error_message = "Allowed values for 'direction' are '<-', '->', '<->', 'target', 'source' or 'custom' . Defaults to '<->' if not set."
   }
 }
 

@@ -28,6 +28,19 @@ resource "azurerm_virtual_network_peering" "target" {
   use_remote_gateways          = true
 }
 
+resource "azurerm_virtual_network_peering" "custom" {
+  count = local.custom ? 1 : 0
+
+  name                         = try(var.settings.custom_name, "peering-${local.vnet_right.name}")
+  resource_group_name          = local.vnet_right.resource_group_name
+  virtual_network_name         = local.vnet_right.name
+  remote_virtual_network_id    = try(var.settings.remote_vnet_id, local.vnet_left.id)
+  allow_virtual_network_access = try(var.settings.allow_virtual_network_access, false)
+  allow_forwarded_traffic      = try(var.settings.allow_forwarded_traffic, false)
+  use_remote_gateways          = try(var.settings.use_remote_gateways, false)
+  allow_gateway_transit        = try(var.settings.allow_gateway_transit, false)
+}
+
 resource "azurerm_virtual_network_peering" "source" {
   count = local.source ? 1 : 0
 

@@ -49,6 +49,7 @@ resource "azurerm_storage_account" "main" {
     for_each = can(var.settings.blob_properties) ? [1] : []
 
     content {
+      versioning_enabled = try(var.settings.blob_properties.versioning_enabled, false)
       dynamic "cors_rule" {
         for_each = can(var.settings.blob_properties.cors_rule) ? [1] : []
 

@@ -6,3 +6,31 @@ resource "azurerm_storage_container" "main" {
 
   container_access_type = try(each.value.access_type, null)
 }
+
+
+resource "azapi_resource" "main" {
+  for_each = try(var.settings.api_containers, {})
+
+  type      = "Microsoft.Storage/storageAccounts/blobServices/containers@2023-05-01"
+  name      = each.value.name
+  parent_id = "${azurerm_storage_account.main.id}/blobServices/default"
+  body = {
+    properties = {
+      defaultEncryptionScope      = try(each.value.default_encryption_scope, "$account-encryption-key")
+      denyEncryptionScopeOverride = try(each.value.deny_encryption_scope_override, false)
+      immutableStorageWithVersioning = {
+        enabled = try(each.value.enable_versioning, true)
+      }
+      publicAccess = try(each.value.public_access, "None")
+    }
+  }
+}
+
+
+terraform {
+  required_providers {
+    azapi = {
+      source = "Azure/azapi"
+    }
+  }
+}
@@ -7,18 +7,21 @@ locals {
 
   network_interface_ids = module.network_interface.ids
 
-  key_vault_id = var.resources[
+  key_vault_id = try(var.resources[
     try(var.settings.keyvault_lz_key, var.client_config.landingzone_key)
     ].keyvaults[
     var.settings.keyvault_ref
-  ].id
+  ].id, null)
 
-  vm_keys = { for key, ssh_key in var.settings.admin_ssh_key :
+  vm_keys = {
+    for key, ssh_key in try(var.settings.admin_ssh_key, {}) :
     key => tls_private_key.main[ssh_key.public_key_ref]
   }
+
   private_keys_pem    = { for key, value in local.vm_keys : key => value.private_key_pem }
   public_keys_openssh = { for key, value in local.vm_keys : key => value.public_key_openssh }
 
+
   tags = merge(
     var.global_settings.tags,
     var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},

@@ -0,0 +1,6 @@
+resource "azurerm_marketplace_agreement" "main" {
+  count                        = try(var.settings.marketplace_agreement, null) == null ? 0 : 1
+  publisher = var.settings.marketplace_agreement.publisher
+  offer = var.settings.marketplace_agreement.offer
+  plan = var.settings.marketplace_agreement.plan
+}
@@ -0,0 +1,9 @@
+resource "azurerm_availability_set" "main" {
+  count                        = try(var.settings.availability_set, null) == null ? 0 : 1
+  name                         = try(var.settings.availability_set.name)
+  location                     = local.location
+  resource_group_name          = local.resource_group_name
+  platform_fault_domain_count  = try(var.settings.availability_set.platform_fault_domain_count, null)
+  platform_update_domain_count = try(var.settings.availability_set.platform_update_domain_count, null)
+  tags                         = local.tags
+}
@@ -1,10 +1,15 @@
 resource "azurerm_linux_virtual_machine" "main" {
-  name                  = var.settings.name
-  resource_group_name   = local.resource_group_name
-  location              = local.location
-  admin_username        = var.settings.admin_username
-  size                  = var.settings.size
-  network_interface_ids = local.network_interface_ids
+  name                            = var.settings.name
+  resource_group_name             = local.resource_group_name
+  location                        = local.location
+  admin_username                  = var.settings.admin_username
+  admin_password                  = try(random_password.admin[0].result, null)
+  size                            = var.settings.size
+  network_interface_ids           = local.network_interface_ids
+  encryption_at_host_enabled      = try(var.settings.encryption_at_host_enabled, null)
+  disable_password_authentication = try(var.settings.disable_password_authentication, null)
+  availability_set_id             = try(one(azurerm_availability_set.main[*].id), null)
+
 
   tags = local.tags
 
@@ -15,6 +20,14 @@ resource "azurerm_linux_virtual_machine" "main" {
       public_key = tls_private_key.main[admin_ssh_key.value.public_key_ref].public_key_openssh
     }
   }
+  dynamic "plan" {
+    for_each = can(var.settings.plan) ? [1] : []
+    content {
+      name      = var.settings.plan.name
+      product   = var.settings.plan.product
+      publisher = var.settings.plan.publisher
+    }
+  }
 
   os_disk {
     caching                   = var.settings.os_disk.caching

@@ -11,3 +11,23 @@ resource "azurerm_key_vault_secret" "public_keys" {
   value        = each.value
   key_vault_id = local.key_vault_id
 }
+
+
+resource "random_password" "admin" {
+  count            = try(var.settings.disable_password_authentication, false) ? 0 : 1
+  length           = 18
+  min_upper        = 2
+  min_lower        = 2
+  min_special      = 2
+  numeric          = true
+  special          = true
+  override_special = "!@#$%&"
+}
+
+
+resource "azurerm_key_vault_secret" "admin_password" {
+  count        = try(var.settings.disable_password_authentication, false) ? 0 : 1
+  name         = "${var.settings.name}-${var.settings.admin_username}"
+  value        = random_password.admin[0].result
+  key_vault_id = local.key_vault_id
+}
@@ -1,5 +1,5 @@
 resource "tls_private_key" "main" {
-  for_each = var.settings.public_key_openssh
+  for_each = try(var.settings.public_key_openssh, {})
 
   algorithm = each.value.algorithm
   rsa_bits  = each.value.rsa_bits

@@ -1,8 +1,10 @@
 resource "azurerm_network_interface" "main" {
-  for_each            = var.settings.network_interfaces
-  name                = each.value.name
-  resource_group_name = local.resource_group_name
-  location            = local.location
+  for_each                       = var.settings.network_interfaces
+  name                           = each.value.name
+  resource_group_name            = local.resource_group_name
+  location                       = local.location
+  accelerated_networking_enabled = try(each.value.accelerated_networking_enabled, false)
+  ip_forwarding_enabled          = try(each.value.ip_forwarding_enabled, false)
 
   tags = local.tags