generated from Azure/terraform-azurerm-avm-template
-
Notifications
You must be signed in to change notification settings - Fork 31
/
Copy pathmain.disks.tf
111 lines (99 loc) · 6.16 KB
/
main.disks.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
resource "azurerm_managed_disk" "this" {
for_each = var.data_disk_managed_disks
create_option = each.value.create_option
location = var.location
name = each.value.name
resource_group_name = coalesce(each.value.resource_group_name, var.resource_group_name)
storage_account_type = each.value.storage_account_type
disk_access_id = each.value.disk_access_resource_id
disk_encryption_set_id = each.value.disk_encryption_set_resource_id #preview feature to be activated at a later date
disk_iops_read_only = each.value.disk_iops_read_only
disk_iops_read_write = each.value.disk_iops_read_write
disk_mbps_read_only = each.value.disk_mbps_read_only
disk_mbps_read_write = each.value.disk_mbps_read_write
disk_size_gb = each.value.disk_size_gb
edge_zone = var.edge_zone #each.value.edge_zone
gallery_image_reference_id = each.value.gallery_image_reference_resource_id
hyper_v_generation = each.value.hyper_v_generation
image_reference_id = each.value.image_reference_resource_id
logical_sector_size = each.value.logical_sector_size
max_shares = each.value.max_shares
network_access_policy = each.value.network_access_policy
on_demand_bursting_enabled = each.value.on_demand_bursting_enabled
optimized_frequent_attach_enabled = each.value.optimized_frequent_attach_enabled
os_type = each.value.os_type
performance_plus_enabled = each.value.performance_plus_enabled
public_network_access_enabled = each.value.public_network_access_enabled
secure_vm_disk_encryption_set_id = each.value.secure_vm_disk_encryption_set_resource_id
security_type = each.value.security_type
source_resource_id = each.value.source_resource_id
source_uri = each.value.source_uri
storage_account_id = each.value.storage_account_resource_id
tags = each.value.tags != null && each.value.tags != {} ? each.value.tags : local.tags
tier = each.value.tier
trusted_launch_enabled = each.value.trusted_launch_enabled
upload_size_bytes = each.value.upload_size_bytes
zone = var.zone
dynamic "encryption_settings" {
for_each = each.value.encryption_settings
content {
disk_encryption_key {
secret_url = encryption_settings.value.disk_encryption_key_vault_secret_url
source_vault_id = encryption_settings.value.disk_encryption_key_vault_resource_id
}
key_encryption_key {
key_url = encryption_settings.value.key_encryption_key_vault_secret_url
source_vault_id = encryption_settings.value.key_encryption_key_vault_resource_id
}
}
}
}
#attach the disk(s) to the virtual machine
resource "azurerm_virtual_machine_data_disk_attachment" "this_linux" {
for_each = { for disk, values in var.data_disk_managed_disks : disk => values if(lower(var.os_type) == "linux") }
caching = each.value.caching
lun = each.value.lun
managed_disk_id = azurerm_managed_disk.this[each.key].id
virtual_machine_id = azurerm_linux_virtual_machine.this[0].id
create_option = each.value.disk_attachment_create_option
write_accelerator_enabled = each.value.write_accelerator_enabled
}
resource "azurerm_virtual_machine_data_disk_attachment" "this_windows" {
for_each = { for disk, values in var.data_disk_managed_disks : disk => values if(lower(var.os_type) == "windows") }
caching = each.value.caching
lun = each.value.lun
managed_disk_id = azurerm_managed_disk.this[each.key].id
virtual_machine_id = azurerm_windows_virtual_machine.this[0].id
create_option = each.value.disk_attachment_create_option
write_accelerator_enabled = each.value.write_accelerator_enabled
}
moved {
from = azurerm_management_lock.this-disk
to = azurerm_management_lock.this_disk
}
#configure resource locks on each Data Disk if the lock values are set. Set explicit dependencies on the attachments and vm's to ensure provisioning is complete prior to setting resource locks
resource "azurerm_management_lock" "this_disk" {
for_each = { for disk, diskvalues in var.data_disk_managed_disks : disk => diskvalues if diskvalues.lock_level != null }
lock_level = each.value.lock_level
name = coalesce(each.value.lock_name, "${each.key}-lock")
scope = azurerm_managed_disk.this[each.key].id
depends_on = [
azurerm_virtual_machine_data_disk_attachment.this_linux,
azurerm_virtual_machine_data_disk_attachment.this_windows,
azurerm_windows_virtual_machine.this,
azurerm_linux_virtual_machine.this
]
}
#assign permissions to the virtual machine if enabled and role assignments included
resource "azurerm_role_assignment" "disks" {
for_each = local.disks_role_assignments
principal_id = each.value.role_assignment.principal_id
scope = azurerm_managed_disk.this[each.value.disk_key].id
condition = each.value.role_assignment.condition
condition_version = each.value.role_assignment.condition_version
delegated_managed_identity_resource_id = each.value.role_assignment.delegated_managed_identity_resource_id
principal_type = each.value.role_assignment.principal_type
role_definition_id = (length(split("/", each.value.role_assignment.role_definition_id_or_name))) > 3 ? each.value.role_assignment.role_definition_id_or_name : null
role_definition_name = (length(split("/", each.value.role_assignment.role_definition_id_or_name))) > 3 ? null : each.value.role_assignment.role_definition_id_or_name
skip_service_principal_aad_check = each.value.role_assignment.skip_service_principal_aad_check
}