diff --git a/README.md b/README.md
index 4c6ca39..abe63b9 100644
--- a/README.md
+++ b/README.md
@@ -801,6 +801,7 @@ Description: This map of objects is used to create additional `azurerm_virtual_m
- `secret_url` (Required) - The Secret URL of a Key Vault Certificate. This can be sourced from the `secret_id` field within the `azurerm_key_vault_certificate` Resource.
- `source_vault_id` (Required) - the Azure resource ID of the key vault holding the secret
- `tags` (Optional) - A mapping of tags to assign to the extension resource.
+ - `timeouts` (Optional): Timeouts for the extension resource.
Example Inputs:
@@ -867,6 +868,13 @@ map(object({
secret_url = string
source_vault_id = string
}))
+ timeouts = optional(object({
+ create = optional(string)
+ delete = optional(string)
+ update = optional(string)
+ read = optional(string)
+ })
+ )
}))
```
@@ -1367,13 +1375,14 @@ The following arguments are supported:
- `location` (Required): The Azure Region where the Virtual Machine Run Command should exist. Changing this forces a new Virtual Machine Run Command to be created.
- `name` (Required): Specifies the name of this Virtual Machine Run Command. Changing this forces a new Virtual Machine Run Command to be created.
- - `source` (Required): A source block as defined below. The source of the run command script.
+ - `script_source` (Required): A source block as defined below. The source of the run command script.
- `error_blob_managed_identity` (Optional): An error\_blob\_managed\_identity block as defined below. User-assigned managed Identity that has access to errorBlobUri storage blob.
- `error_blob_uri` (Optional): Specifies the Azure storage blob where script error stream will be uploaded.
- `output_blob_managed_identity` (Optional): An output\_blob\_managed\_identity block as defined below. User-assigned managed Identity that has access to outputBlobUri storage blob.
- `output_blob_uri` (Optional): Specifies the Azure storage blob where script output stream will be uploaded. It can be basic blob URI with SAS token.
- `parameter` (Optional): A list of parameter blocks as defined below. The parameters used by the script.
- `protected_parameter` (Optional): A list of protected\_parameter blocks as defined below. The protected parameters used by the script.
+ - `timeouts` (Optional): Timeouts for each run command.
- `tags` (Optional): A mapping of tags which should be assigned to the Virtual Machine Run Command.
An error\_blob\_managed\_identity block supports the following arguments:
@@ -1402,9 +1411,10 @@ Type:
```hcl
map(object({
- location = string
- name = string
- source = object({
+ location = string
+ name = string
+ deploy_sequence = optional(number, 3)
+ script_source = object({
command_id = optional(string)
script = optional(string)
script_uri = optional(string)
@@ -1428,6 +1438,14 @@ map(object({
value = string
})), [])
+ timeouts = optional(object({
+ create = optional(string)
+ delete = optional(string)
+ update = optional(string)
+ read = optional(string)
+ })
+ )
+
tags = optional(map(string))
}))
```
@@ -1663,6 +1681,43 @@ object({
Default: `null`
+### [timeouts](#input\_timeouts)
+
+Description: A map of timeouts to apply to the creation and destruction of resources.
+If using retry, the maximum elapsed retry time is governed by this value.
+
+The object has attributes for each resource type, with the following optional attributes:
+
+- `create` - (Optional) The timeout for creating the resource.
+- `delete` - (Optional) The timeout for deleting the resource.
+- `update` - (Optional) The timeout for updating the resource.
+- `read` - (Optional) The timeout for reading the resource.
+
+Each time duration is parsed using this function: .
+
+Type:
+
+```hcl
+object({
+ azurerm_virtual_machine_extension = optional(object({
+ create = optional(string, "30m")
+ delete = optional(string, "30m")
+ update = optional(string, "30m")
+ read = optional(string, "5m")
+ }), {}
+ )
+ azurerm_virtual_machine_run_command = optional(object({
+ create = optional(string, "30m")
+ delete = optional(string, "30m")
+ update = optional(string, "30m")
+ read = optional(string, "5m")
+ }), {}
+ )
+ })
+```
+
+Default: `{}`
+
### [timezone](#input\_timezone)
Description: (Optional) Specifies the Time Zone which should be used by the Windows Virtual Machine, [the possible values are defined here](https://jackstromberg.com/2017/01/list-of-time-zones-consumed-by-azure/). Changing this forces a new resource to be created.
@@ -1825,7 +1880,43 @@ Description: The default attributes exported by the azurerm provider. These
## Modules
-No modules.
+The following Modules are called:
+
+### [extension](#module\_extension)
+
+Source: ./modules/extension
+
+Version:
+
+### [extension\_1](#module\_extension\_1)
+
+Source: ./modules/extension
+
+Version:
+
+### [extension\_2](#module\_extension\_2)
+
+Source: ./modules/extension
+
+Version:
+
+### [run\_command](#module\_run\_command)
+
+Source: ./modules/run-command
+
+Version:
+
+### [run\_command\_1](#module\_run\_command\_1)
+
+Source: ./modules/run-command
+
+Version:
+
+### [run\_command\_2](#module\_run\_command\_2)
+
+Source: ./modules/run-command
+
+Version:
## Data Collection
diff --git a/examples/windows_w_run_command/README.md b/examples/windows_w_run_command/README.md
index f96c25c..8751952 100644
--- a/examples/windows_w_run_command/README.md
+++ b/examples/windows_w_run_command/README.md
@@ -318,7 +318,7 @@ module "testvm" {
test_example_simple = {
location = azurerm_resource_group.this_rg.location
name = "example-command"
- source = {
+ script_source = {
script = "echo Hello World"
}
@@ -330,7 +330,7 @@ module "testvm" {
name = "example-command-storage"
error_blob_uri = azurerm_storage_blob.example3.url
output_blob_uri = azurerm_storage_blob.example2.url
- source = {
+ script_source = {
script_uri = azurerm_storage_blob.example1.url
}
diff --git a/examples/windows_w_run_command/main.tf b/examples/windows_w_run_command/main.tf
index fccc844..29ab398 100644
--- a/examples/windows_w_run_command/main.tf
+++ b/examples/windows_w_run_command/main.tf
@@ -299,7 +299,7 @@ module "testvm" {
test_example_simple = {
location = azurerm_resource_group.this_rg.location
name = "example-command"
- source = {
+ script_source = {
script = "echo Hello World"
}
@@ -311,7 +311,7 @@ module "testvm" {
name = "example-command-storage"
error_blob_uri = azurerm_storage_blob.example3.url
output_blob_uri = azurerm_storage_blob.example2.url
- source = {
+ script_source = {
script_uri = azurerm_storage_blob.example1.url
}
diff --git a/main.extensions.tf b/main.extensions.tf
index 7c92727..4572679 100644
--- a/main.extensions.tf
+++ b/main.extensions.tf
@@ -1,104 +1,105 @@
-resource "azurerm_virtual_machine_extension" "this_extension" {
- #forcing to use the map key to address terraform limitation around sensitive values in the map (https://developer.hashicorp.com/terraform/language/meta-arguments/for_each#limitations-on-values-used-in-for_each)
- for_each = toset([for k, v in nonsensitive(var.extensions) : k if v.deploy_sequence >= 5])
+module "extension" {
+ source = "./modules/extension"
+ for_each = toset([for k, v in nonsensitive(var.extensions) : k if v.deploy_sequence >= 3]) #forcing to use the map key to address terraform limitation around sensitive values in the map (https://developer.hashicorp.com/terraform/language/meta-arguments/for_each#limitations-on-values-used-in-for_each)
#using explicit references using the for_each key to get around the secrets issue in the above link
- name = var.extensions[each.key].name
- publisher = var.extensions[each.key].publisher
- type = var.extensions[each.key].type
- type_handler_version = var.extensions[each.key].type_handler_version
- virtual_machine_id = local.virtualmachine_resource_id
- auto_upgrade_minor_version = var.extensions[each.key].auto_upgrade_minor_version
- automatic_upgrade_enabled = var.extensions[each.key].automatic_upgrade_enabled
- failure_suppression_enabled = var.extensions[each.key].failure_suppression_enabled
- protected_settings = var.extensions[each.key].protected_settings
- provision_after_extensions = var.extensions[each.key].provision_after_extensions
- settings = var.extensions[each.key].settings
- tags = var.extensions[each.key].tags != null && var.extensions[each.key].tags != {} ? var.extensions[each.key].tags : local.tags
-
- dynamic "protected_settings_from_key_vault" {
- for_each = var.extensions[each.key].protected_settings_from_key_vault != null ? [each.key] : []
-
- content {
- secret_url = var.extensions[each.key].protected_settings_from_key_vault.secret_url
- source_vault_id = var.extensions[each.key].protected_settings_from_key_vault.source_vault_id
- }
+ name = var.extensions[each.key].name
+ publisher = var.extensions[each.key].publisher
+ type = var.extensions[each.key].type
+ type_handler_version = var.extensions[each.key].type_handler_version
+ virtualmachine_resource_id = local.virtualmachine_resource_id
+ auto_upgrade_minor_version = var.extensions[each.key].auto_upgrade_minor_version
+ automatic_upgrade_enabled = var.extensions[each.key].automatic_upgrade_enabled
+ failure_suppression_enabled = var.extensions[each.key].failure_suppression_enabled
+ protected_settings = var.extensions[each.key].protected_settings
+ provision_after_extensions = var.extensions[each.key].provision_after_extensions
+ settings = var.extensions[each.key].settings
+ protected_settings_from_key_vault = var.extensions[each.key].protected_settings_from_key_vault
+
+ timeouts = {
+ create = coalesce(try(var.extensions[each.key].timeouts.create, null), var.timeouts.azurerm_virtual_machine_extension.create)
+ delete = coalesce(try(var.extensions[each.key].timeouts.delete, null), var.timeouts.azurerm_virtual_machine_extension.delete)
+ read = coalesce(try(var.extensions[each.key].timeouts.read, null), var.timeouts.azurerm_virtual_machine_extension.read)
+ update = coalesce(try(var.extensions[each.key].timeouts.update, null), var.timeouts.azurerm_virtual_machine_extension.update)
}
+ tags = var.extensions[each.key].tags != null && var.extensions[each.key].tags != {} ? var.extensions[each.key].tags : local.tags
+
depends_on = [
azurerm_virtual_machine_data_disk_attachment.this_linux,
azurerm_virtual_machine_data_disk_attachment.this_windows,
- azurerm_virtual_machine_extension.this_extension_1,
- azurerm_virtual_machine_extension.this_extension_2,
- azurerm_virtual_machine_extension.this_extension_3,
- azurerm_virtual_machine_extension.this_extension_4
+ module.extension_1,
+ module.extension_2,
+ module.extension_3,
+ module.extension_4
]
}
-resource "azurerm_virtual_machine_extension" "this_extension_1" {
- #forcing to use the map key to address terraform limitation around sensitive values in the map (https://developer.hashicorp.com/terraform/language/meta-arguments/for_each#limitations-on-values-used-in-for_each)
- for_each = toset([for k, v in nonsensitive(var.extensions) : k if v.deploy_sequence == 1])
+module "extension_1" {
+ source = "./modules/extension"
+ for_each = toset([for k, v in nonsensitive(var.extensions) : k if v.deploy_sequence == 1]) #forcing to use the map key to address terraform limitation around sensitive values in the map (https://developer.hashicorp.com/terraform/language/meta-arguments/for_each#limitations-on-values-used-in-for_each)
#using explicit references using the for_each key to get around the secrets issue in the above link
- name = var.extensions[each.key].name
- publisher = var.extensions[each.key].publisher
- type = var.extensions[each.key].type
- type_handler_version = var.extensions[each.key].type_handler_version
- virtual_machine_id = local.virtualmachine_resource_id
- auto_upgrade_minor_version = var.extensions[each.key].auto_upgrade_minor_version
- automatic_upgrade_enabled = var.extensions[each.key].automatic_upgrade_enabled
- failure_suppression_enabled = var.extensions[each.key].failure_suppression_enabled
- protected_settings = var.extensions[each.key].protected_settings
- provision_after_extensions = var.extensions[each.key].provision_after_extensions
- settings = var.extensions[each.key].settings
- tags = var.extensions[each.key].tags != null && var.extensions[each.key].tags != {} ? var.extensions[each.key].tags : local.tags
-
- dynamic "protected_settings_from_key_vault" {
- for_each = var.extensions[each.key].protected_settings_from_key_vault != null ? [each.key] : []
-
- content {
- secret_url = var.extensions[each.key].protected_settings_from_key_vault.secret_url
- source_vault_id = var.extensions[each.key].protected_settings_from_key_vault.source_vault_id
- }
+ name = var.extensions[each.key].name
+ publisher = var.extensions[each.key].publisher
+ type = var.extensions[each.key].type
+ type_handler_version = var.extensions[each.key].type_handler_version
+ virtualmachine_resource_id = local.virtualmachine_resource_id
+ auto_upgrade_minor_version = var.extensions[each.key].auto_upgrade_minor_version
+ automatic_upgrade_enabled = var.extensions[each.key].automatic_upgrade_enabled
+ failure_suppression_enabled = var.extensions[each.key].failure_suppression_enabled
+ protected_settings = var.extensions[each.key].protected_settings
+ provision_after_extensions = var.extensions[each.key].provision_after_extensions
+ settings = var.extensions[each.key].settings
+ protected_settings_from_key_vault = var.extensions[each.key].protected_settings_from_key_vault
+
+ timeouts = {
+ create = coalesce(try(var.extensions[each.key].timeouts.create, null), var.timeouts.azurerm_virtual_machine_extension.create)
+ delete = coalesce(try(var.extensions[each.key].timeouts.delete, null), var.timeouts.azurerm_virtual_machine_extension.delete)
+ read = coalesce(try(var.extensions[each.key].timeouts.read, null), var.timeouts.azurerm_virtual_machine_extension.read)
+ update = coalesce(try(var.extensions[each.key].timeouts.update, null), var.timeouts.azurerm_virtual_machine_extension.update)
}
+ tags = var.extensions[each.key].tags != null && var.extensions[each.key].tags != {} ? var.extensions[each.key].tags : local.tags
+
depends_on = [
azurerm_virtual_machine_data_disk_attachment.this_linux,
- azurerm_virtual_machine_data_disk_attachment.this_windows
+ azurerm_virtual_machine_data_disk_attachment.this_windows,
]
}
-resource "azurerm_virtual_machine_extension" "this_extension_2" {
- #forcing to use the map key to address terraform limitation around sensitive values in the map (https://developer.hashicorp.com/terraform/language/meta-arguments/for_each#limitations-on-values-used-in-for_each)
- for_each = toset([for k, v in nonsensitive(var.extensions) : k if v.deploy_sequence == 2])
+module "extension_2" {
+ source = "./modules/extension"
+ for_each = toset([for k, v in nonsensitive(var.extensions) : k if v.deploy_sequence == 2]) #forcing to use the map key to address terraform limitation around sensitive values in the map (https://developer.hashicorp.com/terraform/language/meta-arguments/for_each#limitations-on-values-used-in-for_each)
- #using explicit references using the for_each key to get around the secrets issue in the above link
- name = var.extensions[each.key].name
- publisher = var.extensions[each.key].publisher
- type = var.extensions[each.key].type
- type_handler_version = var.extensions[each.key].type_handler_version
- virtual_machine_id = local.virtualmachine_resource_id
- auto_upgrade_minor_version = var.extensions[each.key].auto_upgrade_minor_version
- automatic_upgrade_enabled = var.extensions[each.key].automatic_upgrade_enabled
- failure_suppression_enabled = var.extensions[each.key].failure_suppression_enabled
- protected_settings = var.extensions[each.key].protected_settings
- provision_after_extensions = var.extensions[each.key].provision_after_extensions
- settings = var.extensions[each.key].settings
- tags = var.extensions[each.key].tags != null && var.extensions[each.key].tags != {} ? var.extensions[each.key].tags : local.tags
- dynamic "protected_settings_from_key_vault" {
- for_each = var.extensions[each.key].protected_settings_from_key_vault != null ? [each.key] : []
-
- content {
- secret_url = var.extensions[each.key].protected_settings_from_key_vault.secret_url
- source_vault_id = var.extensions[each.key].protected_settings_from_key_vault.source_vault_id
- }
+ #using explicit references using the for_each key to get around the secrets issue in the above link
+ name = var.extensions[each.key].name
+ publisher = var.extensions[each.key].publisher
+ type = var.extensions[each.key].type
+ type_handler_version = var.extensions[each.key].type_handler_version
+ virtualmachine_resource_id = local.virtualmachine_resource_id
+ auto_upgrade_minor_version = var.extensions[each.key].auto_upgrade_minor_version
+ automatic_upgrade_enabled = var.extensions[each.key].automatic_upgrade_enabled
+ failure_suppression_enabled = var.extensions[each.key].failure_suppression_enabled
+ protected_settings = var.extensions[each.key].protected_settings
+ provision_after_extensions = var.extensions[each.key].provision_after_extensions
+ settings = var.extensions[each.key].settings
+ protected_settings_from_key_vault = var.extensions[each.key].protected_settings_from_key_vault
+
+ timeouts = {
+ create = coalesce(try(var.extensions[each.key].timeouts.create, null), var.timeouts.azurerm_virtual_machine_extension.create)
+ delete = coalesce(try(var.extensions[each.key].timeouts.delete, null), var.timeouts.azurerm_virtual_machine_extension.delete)
+ read = coalesce(try(var.extensions[each.key].timeouts.read, null), var.timeouts.azurerm_virtual_machine_extension.read)
+ update = coalesce(try(var.extensions[each.key].timeouts.update, null), var.timeouts.azurerm_virtual_machine_extension.update)
}
+ tags = var.extensions[each.key].tags != null && var.extensions[each.key].tags != {} ? var.extensions[each.key].tags : local.tags
+
depends_on = [
azurerm_virtual_machine_data_disk_attachment.this_linux,
azurerm_virtual_machine_data_disk_attachment.this_windows,
- azurerm_virtual_machine_extension.this_extension_1
+ module.extension_1
]
}
diff --git a/main.linux_vm.tf b/main.linux_vm.tf
index 17c4618..cc680b4 100644
--- a/main.linux_vm.tf
+++ b/main.linux_vm.tf
@@ -181,6 +181,11 @@ resource "azurerm_management_lock" "this_linux_virtualmachine" {
azurerm_linux_virtual_machine.this,
azurerm_monitor_diagnostic_setting.this_nic_diags,
azurerm_monitor_diagnostic_setting.this_vm_diags,
- azurerm_virtual_machine_extension.this_extension
+ module.extension,
+ module.extension_1,
+ module.extension_2,
+ module.run_command,
+ module.run_command_1,
+ module.run_command_2
]
}
diff --git a/main.runcommand.tf b/main.runcommand.tf
index 1289c9b..d31a127 100644
--- a/main.runcommand.tf
+++ b/main.runcommand.tf
@@ -1,66 +1,110 @@
-resource "azurerm_virtual_machine_run_command" "this" {
- for_each = var.run_commands
-
- location = each.value.location
- name = each.value.name
- virtual_machine_id = local.virtualmachine_resource_id
- error_blob_uri = each.value.error_blob_uri
- output_blob_uri = each.value.output_blob_uri
- run_as_password = try(var.run_commands_secrets[each.key].run_as_password, null)
- run_as_user = try(var.run_commands_secrets[each.key].run_as_user, null)
- tags = each.value.tags
-
- source {
- command_id = each.value.source.command_id
- script = each.value.source.script
- script_uri = each.value.source.script_uri
-
- dynamic "script_uri_managed_identity" {
- for_each = each.value.source.script_uri_managed_identity == null ? [] : ["script_uri_managed_identity"]
-
- content {
- client_id = each.value.source.script_uri_managed_identity.client_id
- object_id = each.value.source.script_uri_managed_identity.object_id
- }
- }
- }
- dynamic "error_blob_managed_identity" {
- for_each = each.value.error_blob_managed_identity == null ? [] : ["error_blob_managed_identity"]
+module "run_command" {
+ source = "./modules/run-command"
- content {
- client_id = each.value.error_blob_managed_identity.client_id
- object_id = each.value.error_blob_managed_identity.object_id
- }
- }
- dynamic "output_blob_managed_identity" {
- for_each = each.value.output_blob_managed_identity == null ? [] : ["output_blob_managed_identity"]
+ for_each = { for k, v in var.run_commands : k => v if v.deploy_sequence >= 3 }
+
+ name = each.value.name
+ location = each.value.location
+ virtualmachine_resource_id = local.virtualmachine_resource_id
+ script_source = each.value.script_source
+ error_blob_managed_identity = each.value.error_blob_managed_identity
+ error_blob_uri = each.value.error_blob_uri
+ output_blob_managed_identity = each.value.output_blob_managed_identity
+ output_blob_uri = each.value.output_blob_uri
+ parameters = each.value.parameters
+ protected_parameters = try(var.run_commands_secrets[each.key].protected_parameters, null)
+ run_as_user = try(var.run_commands_secrets[each.key].run_as_user, null)
+ run_as_password = try(var.run_commands_secrets[each.key].run_as_password, null)
- content {
- client_id = each.value.output_blob_managed_identity.client_id
- object_id = each.value.output_blob_managed_identity.object_id
- }
+ timeouts = {
+ create = coalesce(try(each.value.timeouts.create, null), var.timeouts.azurerm_virtual_machine_run_command.create)
+ delete = coalesce(try(each.value.timeouts.delete, null), var.timeouts.azurerm_virtual_machine_run_command.delete)
+ read = coalesce(try(each.value.timeouts.read, null), var.timeouts.azurerm_virtual_machine_run_command.read)
+ update = coalesce(try(each.value.timeouts.update, null), var.timeouts.azurerm_virtual_machine_run_command.update)
}
- dynamic "parameter" {
- for_each = each.value.parameters
- content {
- name = parameter.value.name
- value = parameter.value.value
- }
+ tags = each.value.tags
+
+ depends_on = [
+ azurerm_windows_virtual_machine.this,
+ azurerm_linux_virtual_machine.this,
+ azurerm_role_assignment.this_virtual_machine,
+ azurerm_role_assignment.system_managed_identity,
+ module.run_command_1,
+ module.run_command_2,
+ module.extension
+ ]
+}
+
+module "run_command_1" {
+ source = "./modules/run-command"
+
+ for_each = { for k, v in var.run_commands : k => v if v.deploy_sequence == 1 }
+
+ name = each.value.name
+ location = each.value.location
+ virtualmachine_resource_id = local.virtualmachine_resource_id
+ script_source = each.value.script_source
+ error_blob_managed_identity = each.value.error_blob_managed_identity
+ error_blob_uri = each.value.error_blob_uri
+ output_blob_managed_identity = each.value.output_blob_managed_identity
+ output_blob_uri = each.value.output_blob_uri
+ parameters = each.value.parameters
+ protected_parameters = try(var.run_commands_secrets[each.key].protected_parameters, null)
+ run_as_user = try(var.run_commands_secrets[each.key].run_as_user, null)
+ run_as_password = try(var.run_commands_secrets[each.key].run_as_password, null)
+
+ timeouts = {
+ create = coalesce(try(each.value.timeouts.create, null), var.timeouts.azurerm_virtual_machine_run_command.create)
+ delete = coalesce(try(each.value.timeouts.delete, null), var.timeouts.azurerm_virtual_machine_run_command.delete)
+ read = coalesce(try(each.value.timeouts.read, null), var.timeouts.azurerm_virtual_machine_run_command.read)
+ update = coalesce(try(each.value.timeouts.update, null), var.timeouts.azurerm_virtual_machine_run_command.update)
}
- dynamic "protected_parameter" {
- for_each = try(length(var.run_commands_secrets[each.key].protected_parameters) > 0, false) ? var.run_commands_secrets[each.key].protected_parameters : []
- content {
- name = protected_parameter.value.name
- value = protected_parameter.value.value
- }
+ tags = each.value.tags
+
+ depends_on = [
+ azurerm_windows_virtual_machine.this,
+ azurerm_linux_virtual_machine.this,
+ azurerm_role_assignment.this_virtual_machine,
+ azurerm_role_assignment.system_managed_identity,
+ module.extension
+ ]
+}
+
+module "run_command_2" {
+ source = "./modules/run-command"
+
+ for_each = { for k, v in var.run_commands : k => v if v.deploy_sequence == 2 }
+
+ name = each.value.name
+ location = each.value.location
+ virtualmachine_resource_id = local.virtualmachine_resource_id
+ script_source = each.value.script_source
+ error_blob_managed_identity = each.value.error_blob_managed_identity
+ error_blob_uri = each.value.error_blob_uri
+ output_blob_managed_identity = each.value.output_blob_managed_identity
+ output_blob_uri = each.value.output_blob_uri
+ parameters = each.value.parameters
+ protected_parameters = try(var.run_commands_secrets[each.key].protected_parameters, null)
+ run_as_user = try(var.run_commands_secrets[each.key].run_as_user, null)
+ run_as_password = try(var.run_commands_secrets[each.key].run_as_password, null)
+
+ timeouts = {
+ create = coalesce(try(each.value.timeouts.create, null), var.timeouts.azurerm_virtual_machine_run_command.create)
+ delete = coalesce(try(each.value.timeouts.delete, null), var.timeouts.azurerm_virtual_machine_run_command.delete)
+ read = coalesce(try(each.value.timeouts.read, null), var.timeouts.azurerm_virtual_machine_run_command.read)
+ update = coalesce(try(each.value.timeouts.update, null), var.timeouts.azurerm_virtual_machine_run_command.update)
}
+ tags = each.value.tags
+
depends_on = [
azurerm_windows_virtual_machine.this,
azurerm_linux_virtual_machine.this,
azurerm_role_assignment.this_virtual_machine,
- azurerm_role_assignment.system_managed_identity
+ azurerm_role_assignment.system_managed_identity,
+ module.run_command_1,
+ module.extension
]
-}
\ No newline at end of file
+}
diff --git a/main.windows_vm.tf b/main.windows_vm.tf
index cdb4b09..7a9a722 100644
--- a/main.windows_vm.tf
+++ b/main.windows_vm.tf
@@ -194,7 +194,12 @@ resource "azurerm_management_lock" "this_windows_virtualmachine" {
azurerm_linux_virtual_machine.this,
azurerm_monitor_diagnostic_setting.this_nic_diags,
azurerm_monitor_diagnostic_setting.this_vm_diags,
- azurerm_virtual_machine_extension.this_extension
+ module.extension,
+ module.extension_1,
+ module.extension_2,
+ module.run_command,
+ module.run_command_1,
+ module.run_command_2
]
}
diff --git a/modules/.terraform-docs.yml b/modules/.terraform-docs.yml
index d18e428..b965d9d 100644
--- a/modules/.terraform-docs.yml
+++ b/modules/.terraform-docs.yml
@@ -4,7 +4,7 @@
formatter: "markdown document" # this is required
-version: "~> 0.18.0"
+version: "~> 0.18"
header-from: "_header.md"
footer-from: "_footer.md"
diff --git a/modules/extension/README.md b/modules/extension/README.md
new file mode 100644
index 0000000..adda899
--- /dev/null
+++ b/modules/extension/README.md
@@ -0,0 +1,249 @@
+
+# Azure Virtual Machine Extension Module
+
+This module is used to manage Azure Virtual Machine Extensions.
+
+## Features
+
+This module supports managing virtual machine extensions.
+
+The module supports:
+
+- Creating an extension
+
+## Usage
+
+To use this module in your Terraform configuration, you'll need to provide values for the required variables.
+
+### Example - Azure Monitor Agent
+
+This example shows the most basic usage of the module.
+
+```terraform
+module "avm-res-compute-virtualmachine-extension" {
+ source = "Azure/avm-res-compute-virtualmachine/azurerm//modules/extension"
+
+ name = "AzureMonitorWindowsAgent"
+ virtualmachine_resource_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM"
+ publisher = "Microsoft.Azure.Monitor"
+ type = "AzureMonitorWindowsAgent"
+ type_handler_version = "1.2"
+ auto_upgrade_minor_version = true
+ automatic_upgrade_enabled = true
+ settings = null
+}
+```
+
+```hcl
+resource "azurerm_virtual_machine_extension" "this" {
+ name = var.name
+ publisher = var.publisher
+ type = var.type
+ type_handler_version = var.type_handler_version
+ virtual_machine_id = var.virtualmachine_resource_id
+ auto_upgrade_minor_version = var.auto_upgrade_minor_version
+ automatic_upgrade_enabled = var.automatic_upgrade_enabled
+ failure_suppression_enabled = var.failure_suppression_enabled
+ protected_settings = var.protected_settings
+ provision_after_extensions = var.provision_after_extensions
+ settings = var.settings
+ tags = var.tags
+
+ dynamic "protected_settings_from_key_vault" {
+ for_each = var.protected_settings_from_key_vault != null ? [var.protected_settings_from_key_vault] : []
+
+ content {
+ secret_url = var.protected_settings_from_key_vault.secret_url
+ source_vault_id = var.protected_settings_from_key_vault.source_vault_id
+ }
+ }
+ timeouts {
+ create = var.timeouts.create
+ delete = var.timeouts.delete
+ read = var.timeouts.read
+ update = var.timeouts.update
+ }
+}
+```
+
+
+## Requirements
+
+The following requirements are needed by this module:
+
+- [terraform](#requirement\_terraform) (~> 1.6)
+
+- [azurerm](#requirement\_azurerm) (>= 3.116, < 5.0)
+
+## Providers
+
+The following providers are used by this module:
+
+- [azurerm](#provider\_azurerm) (>= 3.116, < 5.0)
+
+## Resources
+
+The following resources are used by this module:
+
+- [azurerm_virtual_machine_extension.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_extension) (resource)
+
+
+## Required Inputs
+
+The following input variables are required:
+
+### [name](#input\_name)
+
+Description: (Required) - Set a custom name on this value if you want the guest configuration extension to have a custom name.
+
+Type: `string`
+
+### [publisher](#input\_publisher)
+
+Description: (Required) - Configure the publisher for the extension to be deployed. The Publisher and Type of Virtual Machine Extensions can be found using the Azure CLI, via: az vm extension image list --location westus -o table.
+
+Type: `string`
+
+### [type](#input\_type)
+
+Description: (Required) - Configure the type value for the extension to be deployed.
+
+Type: `string`
+
+### [type\_handler\_version](#input\_type\_handler\_version)
+
+Description: (Required) - The type handler version for the extension. A common value is 1.0.
+
+Type: `string`
+
+### [virtualmachine\_resource\_id](#input\_virtualmachine\_resource\_id)
+
+Description: (Required): Specifies the resource id of the Virtual Machine to apply the Run Command to.
+
+Type: `string`
+
+## Optional Inputs
+
+The following input variables are optional (have default values):
+
+### [auto\_upgrade\_minor\_version](#input\_auto\_upgrade\_minor\_version)
+
+Description: (Optional) - Set this to false to avoid automatic upgrades for minor versions on the extension. Defaults to true
+
+Type: `bool`
+
+Default: `true`
+
+### [automatic\_upgrade\_enabled](#input\_automatic\_upgrade\_enabled)
+
+Description: (Optional) - Set this to false to avoid automatic upgrades for major versions on the extension. Defaults to true
+
+Type: `bool`
+
+Default: `true`
+
+### [failure\_suppression\_enabled](#input\_failure\_suppression\_enabled)
+
+Description: (Optional) - Should failures from the extension be suppressed? Possible values are true or false. Defaults to false. Operational failures such as not connecting to the VM will not be suppressed regardless of the failure\_suppression\_enabled value.
+
+Type: `bool`
+
+Default: `false`
+
+### [protected\_settings](#input\_protected\_settings)
+
+Description: (Optional) - The protected\_settings passed to the extension, like settings, these are specified as a JSON object in a string. Certain VM Extensions require that the keys in the protected\_settings block are case sensitive. If you're seeing unhelpful errors, please ensure the keys are consistent with how Azure is expecting them (for instance, for the JsonADDomainExtension extension, the keys are expected to be in TitleCase.)
+
+Type: `string`
+
+Default: `null`
+
+### [protected\_settings\_from\_key\_vault](#input\_protected\_settings\_from\_key\_vault)
+
+Description: (Optional) object for protected settings. Cannot be used with `protected_settings`
+ - `secret_url` (Required) - The Secret URL of a Key Vault Certificate. This can be sourced from the `secret_id` field within the `azurerm_key_vault_certificate` Resource.
+ - `source_vault_id` (Required) - the Azure resource ID of the key vault holding the secret
+
+Type:
+
+```hcl
+object({
+ secret_url = string
+ source_vault_id = string
+ })
+```
+
+Default:
+
+```json
+{
+ "secret_url": null,
+ "source_vault_id": null
+}
+```
+
+### [provision\_after\_extensions](#input\_provision\_after\_extensions)
+
+Description: (Optional) - list of strings that specifies the collection of extension names after which this extension needs to be provisioned.
+
+Type: `list(string)`
+
+Default: `[]`
+
+### [settings](#input\_settings)
+
+Description: (Optional) - The settings passed to the extension, these are specified as a JSON object in a string. Certain VM Extensions require that the keys in the settings block are case sensitive. If you're seeing unhelpful errors, please ensure the keys are consistent with how Azure is expecting them (for instance, for the JsonADDomainExtension extension, the keys are expected to be in TitleCase.)
+
+Type: `string`
+
+Default: `null`
+
+### [tags](#input\_tags)
+
+Description: (Optional) Tags of the resource.
+
+Type: `map(string)`
+
+Default: `null`
+
+### [timeouts](#input\_timeouts)
+
+Description: An object of timeouts to apply to the creation and destruction of resources.
+
+- `create` - (Optional) The timeout for creating the resource.
+- `delete` - (Optional) The timeout for deleting the resource.
+- `update` - (Optional) The timeout for updating the resource.
+- `read` - (Optional) The timeout for reading the resource.
+
+Each time duration is parsed using this function: .
+
+Type:
+
+```hcl
+object({
+ create = optional(string)
+ delete = optional(string)
+ update = optional(string)
+ read = optional(string)
+ })
+```
+
+Default: `{}`
+
+## Outputs
+
+The following outputs are exported:
+
+### [resource\_id](#output\_resource\_id)
+
+Description: n/a
+
+## Modules
+
+No modules.
+
+
+## Data Collection
+
+The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at . You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.
+
\ No newline at end of file
diff --git a/modules/extension/_footer.md b/modules/extension/_footer.md
new file mode 100644
index 0000000..bc56bcb
--- /dev/null
+++ b/modules/extension/_footer.md
@@ -0,0 +1,4 @@
+
+## Data Collection
+
+The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at . You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.
diff --git a/modules/extension/_header.md b/modules/extension/_header.md
new file mode 100644
index 0000000..0e44e34
--- /dev/null
+++ b/modules/extension/_header.md
@@ -0,0 +1,34 @@
+# Azure Virtual Machine Extension Module
+
+This module is used to manage Azure Virtual Machine Extensions.
+
+## Features
+
+This module supports managing virtual machine extensions.
+
+The module supports:
+
+- Creating an extension
+
+## Usage
+
+To use this module in your Terraform configuration, you'll need to provide values for the required variables.
+
+### Example - Azure Monitor Agent
+
+This example shows the most basic usage of the module.
+
+```terraform
+module "avm-res-compute-virtualmachine-extension" {
+ source = "Azure/avm-res-compute-virtualmachine/azurerm//modules/extension"
+
+ name = "AzureMonitorWindowsAgent"
+ virtualmachine_resource_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM"
+ publisher = "Microsoft.Azure.Monitor"
+ type = "AzureMonitorWindowsAgent"
+ type_handler_version = "1.2"
+ auto_upgrade_minor_version = true
+ automatic_upgrade_enabled = true
+ settings = null
+}
+```
diff --git a/modules/extension/main.tf b/modules/extension/main.tf
new file mode 100644
index 0000000..c3bde64
--- /dev/null
+++ b/modules/extension/main.tf
@@ -0,0 +1,29 @@
+resource "azurerm_virtual_machine_extension" "this" {
+ name = var.name
+ publisher = var.publisher
+ type = var.type
+ type_handler_version = var.type_handler_version
+ virtual_machine_id = var.virtualmachine_resource_id
+ auto_upgrade_minor_version = var.auto_upgrade_minor_version
+ automatic_upgrade_enabled = var.automatic_upgrade_enabled
+ failure_suppression_enabled = var.failure_suppression_enabled
+ protected_settings = var.protected_settings
+ provision_after_extensions = var.provision_after_extensions
+ settings = var.settings
+ tags = var.tags
+
+ dynamic "protected_settings_from_key_vault" {
+ for_each = var.protected_settings_from_key_vault != null ? [var.protected_settings_from_key_vault] : []
+
+ content {
+ secret_url = var.protected_settings_from_key_vault.secret_url
+ source_vault_id = var.protected_settings_from_key_vault.source_vault_id
+ }
+ }
+ timeouts {
+ create = var.timeouts.create
+ delete = var.timeouts.delete
+ read = var.timeouts.read
+ update = var.timeouts.update
+ }
+}
diff --git a/modules/extension/outputs.tf b/modules/extension/outputs.tf
new file mode 100644
index 0000000..4c0e26e
--- /dev/null
+++ b/modules/extension/outputs.tf
@@ -0,0 +1,3 @@
+output "resource_id" {
+ value = azurerm_virtual_machine_extension.this.id
+}
diff --git a/modules/extension/terraform.tf b/modules/extension/terraform.tf
new file mode 100644
index 0000000..348978a
--- /dev/null
+++ b/modules/extension/terraform.tf
@@ -0,0 +1,9 @@
+terraform {
+ required_version = "~> 1.6"
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = ">= 3.116, < 5.0"
+ }
+ }
+}
diff --git a/modules/extension/variables.tf b/modules/extension/variables.tf
new file mode 100644
index 0000000..7694043
--- /dev/null
+++ b/modules/extension/variables.tf
@@ -0,0 +1,130 @@
+variable "name" {
+ type = string
+ description = <.
+DESCRIPTION
+}
diff --git a/modules/run-command/README.md b/modules/run-command/README.md
new file mode 100644
index 0000000..49cb2c6
--- /dev/null
+++ b/modules/run-command/README.md
@@ -0,0 +1,309 @@
+
+# Azure Virtual Machine Run Command Module
+
+This module is used to manage Azure Virtual Machine Run Command.
+
+## Features
+
+This module supports managing virtual machine run commands.
+
+The module supports:
+
+- Creating a run command
+
+## Usage
+
+To use this module in your Terraform configuration, you'll need to provide values for the required variables.
+
+### Example - Basic run command
+
+This example shows the most basic usage of the module.
+
+```terraform
+module "avm-res-compute-virtualmachine-runcommand" {
+ source = "Azure/avm-res-compute-virtualmachine/azurerm//modules/run-command"
+
+ name = "example-command"
+ location = "uksouth"
+ virtualmachine_resource_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM"
+ script_source = {
+ script = "echo Hello World"
+ }
+}
+```
+
+```hcl
+resource "azurerm_virtual_machine_run_command" "this" {
+ location = var.location
+ name = var.name
+ virtual_machine_id = var.virtualmachine_resource_id
+ error_blob_uri = var.error_blob_uri
+ output_blob_uri = var.output_blob_uri
+ run_as_password = try(var.run_as_password, null)
+ run_as_user = try(var.run_as_user, null)
+ tags = var.tags
+
+ source {
+ command_id = var.script_source.command_id
+ script = var.script_source.script
+ script_uri = var.script_source.script_uri
+
+ dynamic "script_uri_managed_identity" {
+ for_each = var.script_source.script_uri_managed_identity == null ? [] : ["script_uri_managed_identity"]
+
+ content {
+ client_id = var.script_source.script_uri_managed_identity.client_id
+ object_id = var.script_source.script_uri_managed_identity.object_id
+ }
+ }
+ }
+ dynamic "error_blob_managed_identity" {
+ for_each = var.error_blob_managed_identity == null ? [] : ["error_blob_managed_identity"]
+
+ content {
+ client_id = var.error_blob_managed_identity.client_id
+ object_id = var.error_blob_managed_identity.object_id
+ }
+ }
+ dynamic "output_blob_managed_identity" {
+ for_each = var.output_blob_managed_identity == null ? [] : ["output_blob_managed_identity"]
+
+ content {
+ client_id = var.output_blob_managed_identity.client_id
+ object_id = var.output_blob_managed_identity.object_id
+ }
+ }
+ dynamic "parameter" {
+ for_each = var.parameters
+
+ content {
+ name = parameter.value.name
+ value = parameter.value.value
+ }
+ }
+ dynamic "protected_parameter" {
+ for_each = try(length(var.protected_parameters) > 0, false) ? var.protected_parameters : []
+
+ content {
+ name = protected_parameter.value.name
+ value = protected_parameter.value.value
+ }
+ }
+ timeouts {
+ create = var.timeouts.create
+ delete = var.timeouts.delete
+ read = var.timeouts.read
+ update = var.timeouts.update
+ }
+}
+```
+
+
+## Requirements
+
+The following requirements are needed by this module:
+
+- [terraform](#requirement\_terraform) (~> 1.6)
+
+- [azapi](#requirement\_azapi) (~> 2.0)
+
+- [azurerm](#requirement\_azurerm) (>= 3.116, < 5.0)
+
+## Providers
+
+The following providers are used by this module:
+
+- [azurerm](#provider\_azurerm) (>= 3.116, < 5.0)
+
+## Resources
+
+The following resources are used by this module:
+
+- [azurerm_virtual_machine_run_command.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_run_command) (resource)
+
+
+## Required Inputs
+
+The following input variables are required:
+
+### [location](#input\_location)
+
+Description: (Required): The Azure Region where the Virtual Machine Run Command should exist. Changing this forces a new Virtual Machine Run Command to be created.
+
+Type: `string`
+
+### [name](#input\_name)
+
+Description: (Required): Specifies the name of this Virtual Machine Run Command. Changing this forces a new Virtual Machine Run Command to be created.
+
+Type: `string`
+
+### [script\_source](#input\_script\_source)
+
+Description: (Required): A source block as defined below. The source of the run command script.
+
+Type:
+
+```hcl
+object({
+ command_id = optional(string)
+ script = optional(string)
+ script_uri = optional(string)
+ script_uri_managed_identity = optional(object({
+ client_id = optional(string)
+ object_id = optional(string)
+ }))
+ })
+```
+
+### [virtualmachine\_resource\_id](#input\_virtualmachine\_resource\_id)
+
+Description: (Required): Specifies the resource id of the Virtual Machine to apply the Run Command to.
+
+Type: `string`
+
+## Optional Inputs
+
+The following input variables are optional (have default values):
+
+### [error\_blob\_managed\_identity](#input\_error\_blob\_managed\_identity)
+
+Description: (Optional): An error\_blob\_managed\_identity block as defined below. User-assigned managed Identity that has access to errorBlobUri storage blob.
+
+Type:
+
+```hcl
+object({
+ client_id = optional(string)
+ object_id = optional(string)
+ })
+```
+
+Default: `null`
+
+### [error\_blob\_uri](#input\_error\_blob\_uri)
+
+Description: (Optional): Specifies the Azure storage blob where script error stream will be uploaded. It can be basic blob URI with SAS token.
+
+Type: `string`
+
+Default: `null`
+
+### [output\_blob\_managed\_identity](#input\_output\_blob\_managed\_identity)
+
+Description: (Optional): An output\_blob\_managed\_identity block as defined below. User-assigned managed Identity that has access to outputBlobUri storage blob.
+
+Type:
+
+```hcl
+object({
+ client_id = optional(string)
+ object_id = optional(string)
+ })
+```
+
+Default: `null`
+
+### [output\_blob\_uri](#input\_output\_blob\_uri)
+
+Description: (Optional): Specifies the Azure storage blob where script output stream will be uploaded. It can be basic blob URI with SAS token.
+
+Type: `string`
+
+Default: `null`
+
+### [parameters](#input\_parameters)
+
+Description: (Optional): A list of parameter blocks as defined below. The parameters used by the script.
+
+Type:
+
+```hcl
+list(object({
+ name = string
+ value = string
+ }))
+```
+
+Default: `[]`
+
+### [protected\_parameters](#input\_protected\_parameters)
+
+Description: (Optional): A list of protected\_parameter blocks as defined below. The protected parameters used by the script.
+
+Type:
+
+```hcl
+list(object({
+ name = string
+ value = string
+ }))
+```
+
+Default: `[]`
+
+### [run\_as\_password](#input\_run\_as\_password)
+
+Description: (Optional): Specifies the user account password on the VM when executing the Virtual Machine Run Command.
+
+Type: `string`
+
+Default: `null`
+
+### [run\_as\_user](#input\_run\_as\_user)
+
+Description: (Optional): Specifies the user account on the VM when executing the Virtual Machine Run Command.
+
+Type: `string`
+
+Default: `null`
+
+### [tags](#input\_tags)
+
+Description: (Optional) Tags of the resource.
+
+Type: `map(string)`
+
+Default: `null`
+
+### [timeouts](#input\_timeouts)
+
+Description: An object of timeouts to apply to the creation and destruction of resources.
+
+- `create` - (Optional) The timeout for creating the resource.
+- `delete` - (Optional) The timeout for deleting the resource.
+- `update` - (Optional) The timeout for updating the resource.
+- `read` - (Optional) The timeout for reading the resource.
+
+Each time duration is parsed using this function: .
+
+Type:
+
+```hcl
+object({
+ create = optional(string)
+ delete = optional(string)
+ update = optional(string)
+ read = optional(string)
+ })
+```
+
+Default: `{}`
+
+## Outputs
+
+The following outputs are exported:
+
+### [resource\_id](#output\_resource\_id)
+
+Description: n/a
+
+## Modules
+
+No modules.
+
+
+## Data Collection
+
+The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at . You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.
+
\ No newline at end of file
diff --git a/modules/run-command/_footer.md b/modules/run-command/_footer.md
new file mode 100644
index 0000000..bc56bcb
--- /dev/null
+++ b/modules/run-command/_footer.md
@@ -0,0 +1,4 @@
+
+## Data Collection
+
+The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at . You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.
diff --git a/modules/run-command/_header.md b/modules/run-command/_header.md
new file mode 100644
index 0000000..50c56fd
--- /dev/null
+++ b/modules/run-command/_header.md
@@ -0,0 +1,32 @@
+# Azure Virtual Machine Run Command Module
+
+This module is used to manage Azure Virtual Machine Run Command.
+
+## Features
+
+This module supports managing virtual machine run commands.
+
+The module supports:
+
+- Creating a run command
+
+## Usage
+
+To use this module in your Terraform configuration, you'll need to provide values for the required variables.
+
+### Example - Basic run command
+
+This example shows the most basic usage of the module.
+
+```terraform
+module "avm-res-compute-virtualmachine-runcommand" {
+ source = "Azure/avm-res-compute-virtualmachine/azurerm//modules/run-command"
+
+ name = "example-command"
+ location = "uksouth"
+ virtualmachine_resource_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM"
+ script_source = {
+ script = "echo Hello World"
+ }
+}
+```
diff --git a/modules/run-command/main.tf b/modules/run-command/main.tf
new file mode 100644
index 0000000..8a54148
--- /dev/null
+++ b/modules/run-command/main.tf
@@ -0,0 +1,63 @@
+resource "azurerm_virtual_machine_run_command" "this" {
+ location = var.location
+ name = var.name
+ virtual_machine_id = var.virtualmachine_resource_id
+ error_blob_uri = var.error_blob_uri
+ output_blob_uri = var.output_blob_uri
+ run_as_password = try(var.run_as_password, null)
+ run_as_user = try(var.run_as_user, null)
+ tags = var.tags
+
+ source {
+ command_id = var.script_source.command_id
+ script = var.script_source.script
+ script_uri = var.script_source.script_uri
+
+ dynamic "script_uri_managed_identity" {
+ for_each = var.script_source.script_uri_managed_identity == null ? [] : ["script_uri_managed_identity"]
+
+ content {
+ client_id = var.script_source.script_uri_managed_identity.client_id
+ object_id = var.script_source.script_uri_managed_identity.object_id
+ }
+ }
+ }
+ dynamic "error_blob_managed_identity" {
+ for_each = var.error_blob_managed_identity == null ? [] : ["error_blob_managed_identity"]
+
+ content {
+ client_id = var.error_blob_managed_identity.client_id
+ object_id = var.error_blob_managed_identity.object_id
+ }
+ }
+ dynamic "output_blob_managed_identity" {
+ for_each = var.output_blob_managed_identity == null ? [] : ["output_blob_managed_identity"]
+
+ content {
+ client_id = var.output_blob_managed_identity.client_id
+ object_id = var.output_blob_managed_identity.object_id
+ }
+ }
+ dynamic "parameter" {
+ for_each = var.parameters
+
+ content {
+ name = parameter.value.name
+ value = parameter.value.value
+ }
+ }
+ dynamic "protected_parameter" {
+ for_each = try(length(var.protected_parameters) > 0, false) ? var.protected_parameters : []
+
+ content {
+ name = protected_parameter.value.name
+ value = protected_parameter.value.value
+ }
+ }
+ timeouts {
+ create = var.timeouts.create
+ delete = var.timeouts.delete
+ read = var.timeouts.read
+ update = var.timeouts.update
+ }
+}
diff --git a/modules/run-command/outputs.tf b/modules/run-command/outputs.tf
new file mode 100644
index 0000000..a1ee512
--- /dev/null
+++ b/modules/run-command/outputs.tf
@@ -0,0 +1,3 @@
+output "resource_id" {
+ value = azurerm_virtual_machine_run_command.this.id
+}
diff --git a/modules/run-command/terraform.tf b/modules/run-command/terraform.tf
new file mode 100644
index 0000000..9b319eb
--- /dev/null
+++ b/modules/run-command/terraform.tf
@@ -0,0 +1,13 @@
+terraform {
+ required_version = "~> 1.6"
+ required_providers {
+ azapi = {
+ source = "Azure/azapi"
+ version = "~> 2.0"
+ }
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = ">= 3.116, < 5.0"
+ }
+ }
+}
diff --git a/modules/run-command/variables.tf b/modules/run-command/variables.tf
new file mode 100644
index 0000000..03a2033
--- /dev/null
+++ b/modules/run-command/variables.tf
@@ -0,0 +1,144 @@
+variable "location" {
+ type = string
+ description = <.
+DESCRIPTION
+}
diff --git a/variables.tf b/variables.tf
index 7ebbb9d..6da6e70 100644
--- a/variables.tf
+++ b/variables.tf
@@ -692,6 +692,13 @@ variable "extensions" {
secret_url = string
source_vault_id = string
}))
+ timeouts = optional(object({
+ create = optional(string)
+ delete = optional(string)
+ update = optional(string)
+ read = optional(string)
+ })
+ )
}))
# tflint-ignore: terraform_sensitive_variable_no_default
default = {}
@@ -714,6 +721,7 @@ This map of objects is used to create additional `azurerm_virtual_machine_extens
- `secret_url` (Required) - The Secret URL of a Key Vault Certificate. This can be sourced from the `secret_id` field within the `azurerm_key_vault_certificate` Resource.
- `source_vault_id` (Required) - the Azure resource ID of the key vault holding the secret
- `tags` (Optional) - A mapping of tags to assign to the extension resource.
+ - `timeouts` (Optional): Timeouts for the extension resource.
Example Inputs:
@@ -1182,9 +1190,10 @@ SYSTEM_MANAGED_IDENTITY_ROLE_ASSIGNMENTS
variable "run_commands" {
type = map(object({
- location = string
- name = string
- source = object({
+ location = string
+ name = string
+ deploy_sequence = optional(number, 3)
+ script_source = object({
command_id = optional(string)
script = optional(string)
script_uri = optional(string)
@@ -1208,6 +1217,14 @@ variable "run_commands" {
value = string
})), [])
+ timeouts = optional(object({
+ create = optional(string)
+ delete = optional(string)
+ update = optional(string)
+ read = optional(string)
+ })
+ )
+
tags = optional(map(string))
}))
default = {}
@@ -1217,13 +1234,14 @@ The following arguments are supported:
- `location` (Required): The Azure Region where the Virtual Machine Run Command should exist. Changing this forces a new Virtual Machine Run Command to be created.
- `name` (Required): Specifies the name of this Virtual Machine Run Command. Changing this forces a new Virtual Machine Run Command to be created.
- - `source` (Required): A source block as defined below. The source of the run command script.
+ - `script_source` (Required): A source block as defined below. The source of the run command script.
- `error_blob_managed_identity` (Optional): An error_blob_managed_identity block as defined below. User-assigned managed Identity that has access to errorBlobUri storage blob.
- `error_blob_uri` (Optional): Specifies the Azure storage blob where script error stream will be uploaded.
- `output_blob_managed_identity` (Optional): An output_blob_managed_identity block as defined below. User-assigned managed Identity that has access to outputBlobUri storage blob.
- `output_blob_uri` (Optional): Specifies the Azure storage blob where script output stream will be uploaded. It can be basic blob URI with SAS token.
- `parameter` (Optional): A list of parameter blocks as defined below. The parameters used by the script.
- `protected_parameter` (Optional): A list of protected_parameter blocks as defined below. The protected parameters used by the script.
+ - `timeouts` (Optional): Timeouts for each run command.
- `tags` (Optional): A mapping of tags which should be assigned to the Virtual Machine Run Command.
An error_blob_managed_identity block supports the following arguments:
@@ -1453,6 +1471,39 @@ termination_notification = {
TERMINATION_NOTIFICATION
}
+variable "timeouts" {
+ type = object({
+ azurerm_virtual_machine_extension = optional(object({
+ create = optional(string, "30m")
+ delete = optional(string, "30m")
+ update = optional(string, "30m")
+ read = optional(string, "5m")
+ }), {}
+ )
+ azurerm_virtual_machine_run_command = optional(object({
+ create = optional(string, "30m")
+ delete = optional(string, "30m")
+ update = optional(string, "30m")
+ read = optional(string, "5m")
+ }), {}
+ )
+ })
+ default = {}
+ description = <.
+DESCRIPTION
+}
+
variable "timezone" {
type = string
default = null