Skip to content

Commit

Permalink
Add disk_encryption_set_id support to VM module (#1952)
Browse files Browse the repository at this point in the history 
* add support for disk_encryption_set_id to vm module

* Update configurations.tfvars

* Update configurations.tfvars

* Update vm_disk.tf

* Update vm_linux.tf

* Update vm_windows.tf
  • Loading branch information
@onlyillusion
onlyillusion authored Apr 23, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
1 parent 3dc5487 commit d335431
Showing 4 changed files with 5 additions and 7 deletions.
1 change: 1 addition & 0 deletions examples/compute/virtual_machine/212-vm-disk-encryption-set/configurations.tfvars
View file
Original file line number Diff line number Diff line change
@@ -152,6 +152,7 @@ virtual_machines = {

disk_encryption_set_key = "set1"
# lz_key = "" # for remote disk_encryption_set
# disk_encryption_set_id = "/subscription/xxx/id" # for disk_encryption_set_id
}

source_image_reference = {
5 changes: 2 additions & 3 deletions modules/compute/virtual_machine/vm_disk.tf
View file
Original file line number Diff line number Diff line change
@@ -10,7 +10,7 @@ data "azurecaf_name" "disk" {
use_slug = var.global_settings.use_slug
}

resource "azurerm_managed_disk" "disk" {
resource "azurerm_managed_disk" "disk" {
for_each = lookup(var.settings, "data_disks", {})

name = data.azurecaf_name.disk[each.key].result
@@ -23,8 +23,7 @@ resource "azurerm_managed_disk" "disk" {
disk_iops_read_write = try(each.value.disk_iops_read_write, null)
disk_mbps_read_write = try(each.value.disk.disk_mbps_read_write, null)
tags = merge(local.tags, try(each.value.tags, {}))
disk_encryption_set_id = try(each.value.disk_encryption_set_key, null) == null ? null : var.disk_encryption_sets[try(each.value.lz_key, var.client_config.landingzone_key)][each.value.disk_encryption_set_key].id

disk_encryption_set_id = can(each.value.disk_encryption_set_id) ? each.value.disk_encryption_set_id : can(each.value.disk_encryption_set_key) ? var.disk_encryption_sets[try(each.value.lz_key, var.client_config.landingzone_key)][each.value.disk_encryption_set_key].id : null
lifecycle {
ignore_changes = [
name, #for ASR disk restores
3 changes: 1 addition & 2 deletions modules/compute/virtual_machine/vm_linux.tf
View file
Original file line number Diff line number Diff line change
@@ -148,8 +148,7 @@ resource "azurerm_linux_virtual_machine" "vm" {
name = try(data.azurecaf_name.os_disk_linux[each.key].result, null)
storage_account_type = try(each.value.os_disk.storage_account_type, null)
write_accelerator_enabled = try(each.value.os_disk.write_accelerator_enabled, false)
disk_encryption_set_id = try(each.value.os_disk.disk_encryption_set_key, null) == null ? null : try(var.disk_encryption_sets[var.client_config.landingzone_key][each.value.os_disk.disk_encryption_set_key].id, var.disk_encryption_sets[each.value.os_disk.lz_key][each.value.os_disk.disk_encryption_set_key].id, null)

disk_encryption_set_id = can(each.value.os_disk.disk_encryption_set_id) ? each.value.os_disk.disk_encryption_set_id : can(each.value.os_disk.disk_encryption_set_key) ? var.disk_encryption_sets[try(each.value.os_disk.lz_key, var.client_config.landingzone_key)][each.value.os_disk.disk_encryption_set_key].id : null
dynamic "diff_disk_settings" {
for_each = try(each.value.diff_disk_settings, false) == false ? [] : [1]

3 changes: 1 addition & 2 deletions modules/compute/virtual_machine/vm_windows.tf
View file
Original file line number Diff line number Diff line change
@@ -81,8 +81,7 @@ resource "azurerm_windows_virtual_machine" "vm" {
name = data.azurecaf_name.os_disk_windows[each.key].result
storage_account_type = each.value.os_disk.storage_account_type
write_accelerator_enabled = try(each.value.os_disk.write_accelerator_enabled, false)
disk_encryption_set_id = try(each.value.os_disk.disk_encryption_set_key, null) == null ? null : try(var.disk_encryption_sets[var.client_config.landingzone_key][each.value.os_disk.disk_encryption_set_key].id, var.disk_encryption_sets[each.value.os_disk.lz_key][each.value.os_disk.disk_encryption_set_key].id, null)

disk_encryption_set_id = can(each.value.os_disk.disk_encryption_set_id) ? each.value.os_disk.disk_encryption_set_id : can(each.value.os_disk.disk_encryption_set_key) ? var.disk_encryption_sets[try(each.value.os_disk.lz_key, var.client_config.landingzone_key)][each.value.os_disk.disk_encryption_set_key].id : null
dynamic "diff_disk_settings" {
for_each = try(each.value.diff_disk_settings, false) == false ? [] : [1]

0 comments on commit d335431

Please sign in to comment.