Merge pull request #15 from clouddrove/hurodata-45-n

changed format of disk encryption set and assigned id to key vault key
clouddrove · Mar 29, 2023 · 34bcf34 · 34bcf34
2 parents 7054fc7 + 59ae1bd
commit 34bcf34
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 22 deletions.
diff --git a/README.yaml b/README.yaml
@@ -87,9 +87,12 @@ usage: |-
     image_version                   = "latest"
 
 
-    enable_disk_encryption_set = true
-    key_vault_id               = module.key_vault.id
-    key_vault_key_id           = module.virtual-machine.key_id
+    enable_disk_encryption_set     = true
+    key_vault_id                   = module.key_vault.id
+    addtional_capabilities_enabled = true
+    ultra_ssd_enabled              = false
+    enable_encryption_at_host      = true
+    key_vault_rbac_auth_enabled    = false
 
     data_disks = [
       {

diff --git a/_example/linux-vm/example.tf b/_example/linux-vm/example.tf
@@ -150,18 +150,19 @@ module "virtual-machine" {
   caching      = "ReadWrite"
   disk_size_gb = 30
 
-  disk_encryption_set_id          = module.virtual-machine.disk_encryption_set-id
   storage_image_reference_enabled = true
   image_publisher                 = "Canonical"
   image_offer                     = "0001-com-ubuntu-server-focal"
   image_sku                       = "20_04-lts"
   image_version                   = "latest"
 
 
-  enable_disk_encryption_set = true
-  key_vault_id               = module.key_vault.id
-  key_vault_key_id           = module.virtual-machine.key_id
-  enable_encryption_at_host  = true
+  enable_disk_encryption_set     = true
+  key_vault_id                   = module.key_vault.id
+  addtional_capabilities_enabled = true
+  ultra_ssd_enabled              = false
+  enable_encryption_at_host      = true
+  key_vault_rbac_auth_enabled    = false
 
   data_disks = [
     {

diff --git a/main.tf b/main.tf
@@ -310,7 +310,7 @@ resource "azurerm_network_interface_security_group_association" "default" {
 
 resource "azurerm_disk_encryption_set" "example" {
   count               = var.enable_disk_encryption_set ? 1 : 0
-  name                = "des"
+  name                = format("vm-%s-dsk-encrpt", module.labels.id)
   resource_group_name = var.resource_group_name
   location            = var.location
   key_vault_key_id    = var.enable_disk_encryption_set ? join("", azurerm_key_vault_key.example.*.id) : null
@@ -384,7 +384,7 @@ resource "azurerm_managed_disk" "data_disk" {
   storage_account_type   = lookup(each.value.data_disk, "storage_account_type", "StandardSSD_LRS")
   create_option          = "Empty"
   disk_size_gb           = each.value.data_disk.disk_size_gb
-  disk_encryption_set_id = var.enable_disk_encryption_set ? var.disk_encryption_set_id : null
+  disk_encryption_set_id = azurerm_disk_encryption_set.example[0].id != "" ? azurerm_disk_encryption_set.example[0].id : null #var.enable_disk_encryption_set ? var.disk_encryption_set_id : null
 
 }
 
@@ -475,6 +475,4 @@ resource "azurerm_monitor_diagnostic_setting" "nic_diagnostic" {
   lifecycle {
     ignore_changes = [log_analytics_destination_type]
   }
-}
-
-
+}
diff --git a/variables.tf b/variables.tf
@@ -507,10 +507,6 @@ variable "os_disk_storage_account_type" {
   default     = "StandardSSD_LRS"
 }
 
-variable "disk_encryption_set_id" {
-  description = "The ID of the Disk Encryption Set which should be used to Encrypt this OS Disk. The Disk Encryption Set must have the `Reader` Role Assignment scoped on the Key Vault - in addition to an Access Policy to the Key Vault"
-  default     = null
-}
 
 variable "additional_unattend_content" {
   description = "The XML formatted content that is added to the unattend.xml file for the specified path and component."
@@ -831,11 +827,6 @@ variable "vm_availability_zone" {
   default     = null
 }
 
-variable "key_vault_key_id" {
-  type    = any
-  default = null
-}
-
 variable "enable_disk_encryption_set" {
   type    = bool
   default = false