Merge branch 'v0.19.0-fixes' into v0.19.0-merge

Author: jchancellor-ms

README.md

@@ -0,0 +1,87 @@
+variable "admin_password" {
+  type        = string
+  default     = null
+  description = "DEPRECATED:  This input has been moved to `account_credentials.admin_credentials.password` and will be removed with the release of version v1.0.0. Password to use for the default admin account created for the virtual machine. Passing this as a key vault secret value is recommended."
+  sensitive   = true
+}
+
+variable "admin_ssh_keys" {
+  type = list(object({
+    public_key = string
+    username   = string
+  }))
+  default     = []
+  description = <<ADMIN_SSH_KEYS
+DEPRECATED:  This input has been moved to `account_credentials.admin_credentials.ssh_keys` and will be removed with the release of version v1.0.0.
+A list of objects defining one or more ssh public keys
+
+- `public_key` (Required) - The Public Key which should be used for authentication, which needs to be at least 2048-bit and in `ssh-rsa` format. Changing this forces a new resource to be created.
+- `username` (Required) - The Username for which this Public SSH Key should be configured. Changing this forces a new resource to be created. The Azure VM Agent only allows creating SSH Keys at the path `/home/{admin_username}/.ssh/authorized_keys`. As such this public key will be written to the authorized keys file. If no username is provided this module will use var.admin_username.
+
+Example Input:
+
+```hcl
+admin_ssh_keys = [
+  {
+    public_key = "<base64 string for the key>"
+    username   = "exampleuser"
+  },
+  {
+    public_key = "<base64 string for the next user key>"
+    username   = "examleuser2"
+  }
+]
+```
+  ADMIN_SSH_KEYS
+}
+
+variable "admin_username" {
+  type        = string
+  default     = "azureuser"
+  description = "DEPRECATED:  This input has been moved to `account_credentials.admin_credentials.username` and will be removed with the release of version v1.0.0. Name to use for the default admin account created for the virtual machine"
+  nullable    = false
+
+  validation {
+    condition     = !can(regex("^(administrator|admin|user|user1|test|user2|test2|user3|admin1|1|123|a|actuser|adm|admin2|aspnet|backup|console|david|guest|john|owner|root|server|sql|support|support_388945a0|sys|test2|test3|user4|user5)$", lower(var.admin_username)))
+    error_message = "Admin username may not contain any of the following reserved values. ( administrator, admin, user, user1, test, user2, test1, user3, admin1, 1, 123, a, actuser, adm, admin2, aspnet, backup, console, david, guest, john, owner, root, server, sql, support, support_388945a0, sys, test2, test3, user4, user5 )"
+  }
+  validation {
+    condition     = can(regex("^.{1,64}$", var.admin_username))
+    error_message = "Admin username for linux must be between 1 and 64 characters in length. Admin name for windows must be between 1 and 20 characters in length."
+  }
+}
+
+variable "disable_password_authentication" {
+  type        = bool
+  default     = true
+  description = "DEPRECATED:  This input has been moved to `account_credentials.password_authentication_disabled` and will be removed with the release of version v1.0.0. If true this value will disallow password authentication on linux vm's. This will require at least one public key to be configured. If using the option to auto generate passwords and keys, setting this value to `false` will cause a password to be generated an stored instead of an SSH key."
+  nullable    = false
+}
+
+variable "generate_admin_password_or_ssh_key" {
+  type        = bool
+  default     = true
+  description = "DEPRECATED:  The logic behind this input has been moved to `account_credentials`. This input will be removed with the release of version v1.0.0. Set this value to true if the deployment should create a strong password for the admin user. If `os_type` is Linux, this will generate and store an SSH key as the default. However, setting `disable_password_authentication` to `false` will generate and store a password value instead of an ssh key."
+}
+
+variable "generated_secrets_key_vault_secret_config" {
+  type = object({
+    key_vault_resource_id          = string
+    name                           = optional(string, null)
+    expiration_date_length_in_days = optional(number, 45)
+    content_type                   = optional(string, "text/plain")
+    not_before_date                = optional(string, null)
+    tags                           = optional(map(string), {})
+  })
+  default     = null
+  description = <<DESCRIPTION
+DEPRECATED:  The logic behind this input has been consolidated to `account_credentials.key_vault_configuration` to locate all credential related input into a single interface and help minimize configuration issues. This input will be removed with the release of version v1.0.0
+For simplicity this module provides the option to use an auto-generated admin user password or SSH key.  That password or key is then stored in a key vault provided in the `admin_credential_key_vault_resource_id` input. This variable allows the user to override the configuration for the key vault secret which stores the generated password or ssh key. The object details are:
+
+- `name` - (Optional) - The name to use for the key vault secret that stores the auto-generated ssh key or password
+- `expiration_date_length_in_days` - (Optional) - This value sets the number of days from the installation date to set the key vault expiration value. It defaults to `45` days.  This value will not be overridden in subsequent runs. If you need to maintain this virtual machine resource for a long period, generate and/or use your own password or ssh key.
+- `content_type` - (Optional) - This value sets the secret content type.  Defaults to `text/plain`
+- `not_before_date` - (Optional) - The UTC datetime (Y-m-d'T'H:M:S'Z) date before which this key is not valid.  Defaults to null.
+- `tags` - (Optional) - Specific tags to assign to this secret resource
+DESCRIPTION
+}

deprecated_variables.tf

@@ -17,15 +17,15 @@ It includes the following resources in addition to the VM resource:
 
 ```hcl
 terraform {
-  required_version = "~> 1.6"
+  required_version = ">= 1.9, < 2.0"
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
       version = ">= 3.116, < 5.0"
     }
     random = {
       source  = "hashicorp/random"
-      version = "~> 3.6"
+      version = "~> 3.7"
     }
   }
 }
@@ -36,6 +36,9 @@ provider "azurerm" {
     resource_group {
       prevent_deletion_if_contains_resources = false
     }
+    key_vault {
+      purge_soft_delete_on_destroy = true
+    }
   }
 }
 
@@ -46,7 +49,7 @@ module "naming" {
 
 module "regions" {
   source  = "Azure/avm-utl-regions/azurerm"
-  version = "0.3.0"
+  version = "0.5.0"
 
   availability_zones_filter = true
 }
@@ -167,7 +170,7 @@ data "azurerm_client_config" "current" {}
 
 module "avm_res_keyvault_vault" {
   source              = "Azure/avm-res-keyvault-vault/azurerm"
-  version             = "=0.9.1"
+  version             = "=0.10.0"
   tenant_id           = data.azurerm_client_config.current.tenant_id
   name                = module.naming.key_vault.name_unique
   resource_group_name = azurerm_resource_group.this_rg.name
@@ -193,7 +196,7 @@ module "avm_res_keyvault_vault" {
 module "testvm" {
   source = "../../"
   #source = "Azure/avm-res-compute-virtualmachine/azurerm"
-  #version = "0.17.0
+  #version = "0.19.0"
 
   enable_telemetry    = var.enable_telemetry
   location            = azurerm_resource_group.this_rg.location
@@ -203,8 +206,10 @@ module "testvm" {
   sku_size            = module.vm_sku.sku
   zone                = random_integer.zone_index.result
 
-  generated_secrets_key_vault_secret_config = {
-    key_vault_resource_id = module.avm_res_keyvault_vault.resource_id
+  account_credentials = {
+    key_vault_configuration = {
+      resource_id = module.avm_res_keyvault_vault.resource_id
+    }
   }
 
   source_image_reference = {
@@ -239,11 +244,11 @@ module "testvm" {
 
 The following requirements are needed by this module:
 
-- <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) (~> 1.6)
+- <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) (>= 1.9, < 2.0)
 
 - <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 3.116, < 5.0)
 
-- <a name="requirement_random"></a> [random](#requirement\_random) (~> 3.6)
+- <a name="requirement_random"></a> [random](#requirement\_random) (~> 3.7)
 
 ## Resources
 
@@ -285,7 +290,7 @@ The following Modules are called:
 
 Source: Azure/avm-res-keyvault-vault/azurerm
 
-Version: =0.9.1
+Version: =0.10.0
 
 ### <a name="module_naming"></a> [naming](#module\_naming)
 
@@ -303,7 +308,7 @@ Version: 0.2.1
 
 Source: Azure/avm-utl-regions/azurerm
 
-Version: 0.3.0
+Version: 0.5.0
 
 ### <a name="module_testvm"></a> [testvm](#module\_testvm)
 

…s/basic_windows_w_remote_access/.gitkeep examples/linux_default/.gitkeepexamples/basic_windows_w_remote_access/.gitkeep renamed to examples/linux_default/.gitkeep examples/basic_windows_w_remote_access/.gitkeep renamed to examples/linux_default/.gitkeep

@@ -1,13 +1,13 @@
 terraform {
-  required_version = "~> 1.6"
+  required_version = ">= 1.9, < 2.0"
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
       version = ">= 3.116, < 5.0"
     }
     random = {
       source  = "hashicorp/random"
-      version = "~> 3.6"
+      version = "~> 3.7"
     }
   }
 }
@@ -18,6 +18,9 @@ provider "azurerm" {
     resource_group {
       prevent_deletion_if_contains_resources = false
     }
+    key_vault {
+      purge_soft_delete_on_destroy = true
+    }
   }
 }
 
@@ -28,7 +31,7 @@ module "naming" {
 
 module "regions" {
   source  = "Azure/avm-utl-regions/azurerm"
-  version = "0.3.0"
+  version = "0.5.0"
 
   availability_zones_filter = true
 }
@@ -149,7 +152,7 @@ data "azurerm_client_config" "current" {}
 
 module "avm_res_keyvault_vault" {
   source              = "Azure/avm-res-keyvault-vault/azurerm"
-  version             = "=0.9.1"
+  version             = "=0.10.0"
   tenant_id           = data.azurerm_client_config.current.tenant_id
   name                = module.naming.key_vault.name_unique
   resource_group_name = azurerm_resource_group.this_rg.name
@@ -175,7 +178,7 @@ module "avm_res_keyvault_vault" {
 module "testvm" {
   source = "../../"
   #source = "Azure/avm-res-compute-virtualmachine/azurerm"
-  #version = "0.17.0
+  #version = "0.19.0"
 
   enable_telemetry    = var.enable_telemetry
   location            = azurerm_resource_group.this_rg.location
@@ -185,8 +188,10 @@ module "testvm" {
   sku_size            = module.vm_sku.sku
   zone                = random_integer.zone_index.result
 
-  generated_secrets_key_vault_secret_config = {
-    key_vault_resource_id = module.avm_res_keyvault_vault.resource_id
+  account_credentials = {
+    key_vault_configuration = {
+      resource_id = module.avm_res_keyvault_vault.resource_id
+    }
   }
 
   source_image_reference = {

examples/default/README.md examples/linux_default/README.mdexamples/default/README.md renamed to examples/linux_default/README.md

@@ -21,15 +21,15 @@ It includes the following resources in addition to the VM resource:
 
 ```hcl
 terraform {
-  required_version = "~> 1.6"
+  required_version = ">= 1.9, < 2.0"
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
       version = ">= 3.116, < 5.0"
     }
     random = {
       source  = "hashicorp/random"
-      version = "~> 3.6"
+      version = "~> 3.7"
     }
     tls = {
       source  = "hashicorp/tls"
@@ -44,6 +44,9 @@ provider "azurerm" {
     resource_group {
       prevent_deletion_if_contains_resources = false
     }
+    key_vault {
+      purge_soft_delete_on_destroy = true
+    }
   }
 }
 
@@ -54,7 +57,7 @@ module "naming" {
 
 module "regions" {
   source  = "Azure/avm-utl-regions/azurerm"
-  version = "0.3.0"
+  version = "0.5.0"
 
   availability_zones_filter = true
 }
@@ -188,7 +191,7 @@ resource "azurerm_user_assigned_identity" "example_identity" {
 
 module "avm_res_keyvault_vault" {
   source                      = "Azure/avm-res-keyvault-vault/azurerm"
-  version                     = "=0.9.1"
+  version                     = "=0.10.0"
   tenant_id                   = data.azurerm_client_config.current.tenant_id
   name                        = module.naming.key_vault.name_unique
   resource_group_name         = azurerm_resource_group.this_rg.name
@@ -289,29 +292,24 @@ resource "azurerm_disk_encryption_set" "this" {
 module "testvm" {
   source = "../../"
   #source = "Azure/avm-res-compute-virtualmachine/azurerm"
-  #version = "0.17.0
-
-  admin_username                     = "azureuser"
-  enable_telemetry                   = var.enable_telemetry
-  encryption_at_host_enabled         = true
-  generate_admin_password_or_ssh_key = false
-  location                           = azurerm_resource_group.this_rg.location
-  name                               = module.naming.virtual_machine.name_unique
-  resource_group_name                = azurerm_resource_group.this_rg.name
-  os_type                            = "Linux"
-  sku_size                           = module.vm_sku.sku
-  zone                               = random_integer.zone_index.result
-
-  admin_ssh_keys = [
-    {
-      public_key = tls_private_key.this.public_key_openssh
-      username   = "azureuser" #the username must match the admin_username currently.
-    },
-    {
-      public_key = tls_private_key.this_2.public_key_openssh
-      username   = "azureuser" #the username must match the admin_username currently.
+  #version = "0.19.0"
+
+  enable_telemetry           = var.enable_telemetry
+  encryption_at_host_enabled = true
+  location                   = azurerm_resource_group.this_rg.location
+  name                       = module.naming.virtual_machine.name_unique
+  resource_group_name        = azurerm_resource_group.this_rg.name
+  os_type                    = "Linux"
+  sku_size                   = module.vm_sku.sku
+  zone                       = random_integer.zone_index.result
+
+  account_credentials = {
+    admin_credentials = {
+      username                           = "azureuser"
+      ssh_keys                           = [tls_private_key.this.public_key_openssh, tls_private_key.this_2.public_key_openssh]
+      generate_admin_password_or_ssh_key = false
     }
-  ]
+  }
 
   data_disk_managed_disks = {
     disk1 = {
@@ -360,6 +358,7 @@ module "testvm" {
           private_ip_subnet_resource_id = module.vnet.subnets["vm_subnet_2"].resource_id
         }
       }
+      is_primary = true
     }
   }
 
@@ -407,11 +406,11 @@ module "testvm" {
 
 The following requirements are needed by this module:
 
-- <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) (~> 1.6)
+- <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) (>= 1.9, < 2.0)
 
 - <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 3.116, < 5.0)
 
-- <a name="requirement_random"></a> [random](#requirement\_random) (~> 3.6)
+- <a name="requirement_random"></a> [random](#requirement\_random) (~> 3.7)
 
 - <a name="requirement_tls"></a> [tls](#requirement\_tls) (~> 4.0)
 
@@ -462,7 +461,7 @@ The following Modules are called:
 
 Source: Azure/avm-res-keyvault-vault/azurerm
 
-Version: =0.9.1
+Version: =0.10.0
 
 ### <a name="module_naming"></a> [naming](#module\_naming)
 
@@ -480,7 +479,7 @@ Version: 0.2.1
 
 Source: Azure/avm-utl-regions/azurerm
 
-Version: 0.3.0
+Version: 0.5.0
 
 ### <a name="module_testvm"></a> [testvm](#module\_testvm)