forked from hmcts/terraform-module-virtual-machine
-
Notifications
You must be signed in to change notification settings - Fork 0
/
010-main.tf
111 lines (92 loc) · 3.28 KB
/
010-main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
resource "azurerm_windows_virtual_machine" "winvm" {
count = var.vm_type == "windows" ? 1 : 0
name = var.vm_name
resource_group_name = var.vm_resource_group
location = var.vm_location
size = var.vm_size
admin_username = var.vm_admin_name
admin_password = var.vm_admin_password
zone = var.vm_availabilty_zones
custom_data = var.custom_data
network_interface_ids = [
azurerm_network_interface.vm_nic.id,
]
os_disk {
caching = var.os_disk_type
storage_account_type = var.os_disk_storage_account_type
disk_encryption_set_id = var.encrypt_CMK ? azurerm_disk_encryption_set.disk_enc_set[0].id : null
}
identity {
count = var.identity != null ? 1 : 0
type = "SystemAssigned, UserAssigned"
identity_ids = var.identity
}
source_image_reference {
publisher = var.vm_publisher_name
offer = var.vm_offer
sku = var.vm_sku
version = var.vm_version
}
dynamic "boot_diagnostics" {
for_each = local.dynamic_boot_diagnostics
content {
storage_account_uri = var.boot_storage_uri
}
}
tags = var.tags
depends_on = [azurerm_disk_encryption_set.disk_enc_set, azurerm_key_vault_access_policy.disk_policy]
lifecycle {
precondition {
condition = (var.encrypt_CMK && !var.encrypt_ADE) || (!var.encrypt_CMK && var.encrypt_ADE) || (!var.encrypt_CMK && !var.encrypt_ADE)
error_message = "You can either have Customer Managed Key Encryption or Azure Disk Encryption, you can not encrypt with both"
}
}
}
resource "azurerm_linux_virtual_machine" "linvm" {
count = var.vm_type == "linux" ? 1 : 0
name = var.vm_name
resource_group_name = var.vm_resource_group
location = var.vm_location
size = var.vm_size
admin_username = var.vm_admin_name
admin_password = var.vm_admin_password
zone = var.vm_availabilty_zones
custom_data = var.custom_data
disable_password_authentication = false
network_interface_ids = [
azurerm_network_interface.vm_nic.id,
]
os_disk {
caching = var.os_disk_type
storage_account_type = var.os_disk_storage_account_type
disk_encryption_set_id = var.encrypt_CMK ? azurerm_disk_encryption_set.disk_enc_set[0].id : null
}
identity {
count = var.identity != null ? 1 : 0
type = "SystemAssigned, UserAssigned"
identity_ids = var.identity
}
source_image_reference {
publisher = var.vm_publisher_name
offer = var.vm_offer
sku = var.vm_sku
version = var.vm_version
}
dynamic "boot_diagnostics" {
for_each = local.dynamic_boot_diagnostics
content {
storage_account_uri = var.boot_storage_uri
}
}
tags = var.tags
depends_on = [azurerm_disk_encryption_set.disk_enc_set]
}
# resource "azurerm_marketplace_agreement" "this" {
# publisher = var.vm_publisher_name
# offer = var.vm_offer
# plan = var.marketplace_sku
# depends_on = [
# azurerm_linux_virtual_machine.linvm,
# azurerm_windows_virtual_machine.winvm
# ]
# }