V0.19.0 merge - merging external contributions into v0.19 for testing.

README.md

@@ -801,6 +801,7 @@ Description: This map of objects is used to create additional `azurerm_virtual_m
     - `secret_url` (Required) - The Secret URL of a Key Vault Certificate. This can be sourced from the `secret_id` field within the `azurerm_key_vault_certificate` Resource.
     - `source_vault_id` (Required) - the Azure resource ID of the key vault holding the secret
   - `tags` (Optional) - A mapping of tags to assign to the extension resource.
+  - `timeouts` (Optional): Timeouts for the extension resource.
 
 Example Inputs:
 
@@ -867,6 +868,13 @@ map(object({
       secret_url      = string
       source_vault_id = string
     }))
+    timeouts = optional(object({
+      create = optional(string)
+      delete = optional(string)
+      update = optional(string)
+      read   = optional(string)
+      })
+    )
   }))
 ```
 
@@ -1367,13 +1375,14 @@ The following arguments are supported:
 
  - `location` (Required): The Azure Region where the Virtual Machine Run Command should exist. Changing this forces a new Virtual Machine Run Command to be created.
  - `name` (Required): Specifies the name of this Virtual Machine Run Command. Changing this forces a new Virtual Machine Run Command to be created.
- - `source` (Required): A source block as defined below. The source of the run command script.
+ - `script_source` (Required): A source block as defined below. The source of the run command script.
  - `error_blob_managed_identity` (Optional): An error\_blob\_managed\_identity block as defined below. User-assigned managed Identity that has access to errorBlobUri storage blob.
  - `error_blob_uri` (Optional): Specifies the Azure storage blob where script error stream will be uploaded.
  - `output_blob_managed_identity` (Optional): An output\_blob\_managed\_identity block as defined below. User-assigned managed Identity that has access to outputBlobUri storage blob.
  - `output_blob_uri` (Optional): Specifies the Azure storage blob where script output stream will be uploaded. It can be basic blob URI with SAS token.
  - `parameter` (Optional): A list of parameter blocks as defined below. The parameters used by the script.
  - `protected_parameter` (Optional): A list of protected\_parameter blocks as defined below. The protected parameters used by the script.
+ - `timeouts` (Optional): Timeouts for each run command.
  - `tags` (Optional): A mapping of tags which should be assigned to the Virtual Machine Run Command.
 
  An error\_blob\_managed\_identity block supports the following arguments:
@@ -1402,9 +1411,10 @@ Type:
 
 ```hcl
 map(object({
-    location = string
-    name     = string
-    source = object({
+    location        = string
+    name            = string
+    deploy_sequence = optional(number, 3)
+    script_source = object({
       command_id = optional(string)
       script     = optional(string)
       script_uri = optional(string)
@@ -1428,6 +1438,14 @@ map(object({
       value = string
     })), [])
 
+    timeouts = optional(object({
+      create = optional(string)
+      delete = optional(string)
+      update = optional(string)
+      read   = optional(string)
+      })
+    )
+
     tags = optional(map(string))
   }))
 ```
@@ -1663,6 +1681,43 @@ object({
 
 Default: `null`
 
+### <a name="input_timeouts"></a> [timeouts](#input\_timeouts)
+
+Description: A map of timeouts to apply to the creation and destruction of resources.  
+If using retry, the maximum elapsed retry time is governed by this value.
+
+The object has attributes for each resource type, with the following optional attributes:
+
+- `create` - (Optional) The timeout for creating the resource.
+- `delete` - (Optional) The timeout for deleting the resource.
+- `update` - (Optional) The timeout for updating the resource.
+- `read` - (Optional) The timeout for reading the resource.
+
+Each time duration is parsed using this function: <https://pkg.go.dev/time#ParseDuration>.
+
+Type:
+
+```hcl
+object({
+    azurerm_virtual_machine_extension = optional(object({
+      create = optional(string, "30m")
+      delete = optional(string, "30m")
+      update = optional(string, "30m")
+      read   = optional(string, "5m")
+      }), {}
+    )
+    azurerm_virtual_machine_run_command = optional(object({
+      create = optional(string, "30m")
+      delete = optional(string, "30m")
+      update = optional(string, "30m")
+      read   = optional(string, "5m")
+      }), {}
+    )
+  })
+```
+
+Default: `{}`
+
 ### <a name="input_timezone"></a> [timezone](#input\_timezone)
 
 Description: (Optional) Specifies the Time Zone which should be used by the Windows Virtual Machine, [the possible values are defined here](https://jackstromberg.com/2017/01/list-of-time-zones-consumed-by-azure/). Changing this forces a new resource to be created.
@@ -1825,7 +1880,43 @@ Description:     The default attributes exported by the azurerm provider.  These
 
 ## Modules
 
-No modules.
+The following Modules are called:
+
+### <a name="module_extension"></a> [extension](#module\_extension)
+
+Source: ./modules/extension
+
+Version:
+
+### <a name="module_extension_1"></a> [extension\_1](#module\_extension\_1)
+
+Source: ./modules/extension
+
+Version:
+
+### <a name="module_extension_2"></a> [extension\_2](#module\_extension\_2)
+
+Source: ./modules/extension
+
+Version:
+
+### <a name="module_run_command"></a> [run\_command](#module\_run\_command)
+
+Source: ./modules/run-command
+
+Version:
+
+### <a name="module_run_command_1"></a> [run\_command\_1](#module\_run\_command\_1)
+
+Source: ./modules/run-command
+
+Version:
+
+### <a name="module_run_command_2"></a> [run\_command\_2](#module\_run\_command\_2)
+
+Source: ./modules/run-command
+
+Version:
 
 <!-- markdownlint-disable-next-line MD041 -->
 ## Data Collection

examples/windows_w_run_command/README.md

@@ -318,7 +318,7 @@ module "testvm" {
     test_example_simple = {
       location = azurerm_resource_group.this_rg.location
       name     = "example-command"
-      source = {
+      script_source = {
         script = "echo Hello World"
       }
 
@@ -330,7 +330,7 @@ module "testvm" {
       name            = "example-command-storage"
       error_blob_uri  = azurerm_storage_blob.example3.url
       output_blob_uri = azurerm_storage_blob.example2.url
-      source = {
+      script_source = {
         script_uri = azurerm_storage_blob.example1.url
       }
 

examples/windows_w_run_command/main.tf

@@ -299,7 +299,7 @@ module "testvm" {
     test_example_simple = {
       location = azurerm_resource_group.this_rg.location
       name     = "example-command"
-      source = {
+      script_source = {
         script = "echo Hello World"
       }
 
@@ -311,7 +311,7 @@ module "testvm" {
       name            = "example-command-storage"
       error_blob_uri  = azurerm_storage_blob.example3.url
       output_blob_uri = azurerm_storage_blob.example2.url
-      source = {
+      script_source = {
         script_uri = azurerm_storage_blob.example1.url
       }
 

main.extensions.tf

@@ -1,104 +1,105 @@
-resource "azurerm_virtual_machine_extension" "this_extension" {
-  #forcing to use the map key to address terraform limitation around sensitive values in the map (https://developer.hashicorp.com/terraform/language/meta-arguments/for_each#limitations-on-values-used-in-for_each)
-  for_each = toset([for k, v in nonsensitive(var.extensions) : k if v.deploy_sequence >= 5])
+module "extension" {
+  source = "./modules/extension"
+  for_each = toset([for k, v in nonsensitive(var.extensions) : k if v.deploy_sequence >= 3]) #forcing to use the map key to address terraform limitation around sensitive values in the map (https://developer.hashicorp.com/terraform/language/meta-arguments/for_each#limitations-on-values-used-in-for_each)
 
   #using explicit references using the for_each key to get around the secrets issue in the above link
-  name                        = var.extensions[each.key].name
-  publisher                   = var.extensions[each.key].publisher
-  type                        = var.extensions[each.key].type
-  type_handler_version        = var.extensions[each.key].type_handler_version
-  virtual_machine_id          = local.virtualmachine_resource_id
-  auto_upgrade_minor_version  = var.extensions[each.key].auto_upgrade_minor_version
-  automatic_upgrade_enabled   = var.extensions[each.key].automatic_upgrade_enabled
-  failure_suppression_enabled = var.extensions[each.key].failure_suppression_enabled
-  protected_settings          = var.extensions[each.key].protected_settings
-  provision_after_extensions  = var.extensions[each.key].provision_after_extensions
-  settings                    = var.extensions[each.key].settings
-  tags                        = var.extensions[each.key].tags != null && var.extensions[each.key].tags != {} ? var.extensions[each.key].tags : local.tags
-
-  dynamic "protected_settings_from_key_vault" {
-    for_each = var.extensions[each.key].protected_settings_from_key_vault != null ? [each.key] : []
-
-    content {
-      secret_url      = var.extensions[each.key].protected_settings_from_key_vault.secret_url
-      source_vault_id = var.extensions[each.key].protected_settings_from_key_vault.source_vault_id
-    }
+  name                              = var.extensions[each.key].name
+  publisher                         = var.extensions[each.key].publisher
+  type                              = var.extensions[each.key].type
+  type_handler_version              = var.extensions[each.key].type_handler_version
+  virtualmachine_resource_id        = local.virtualmachine_resource_id
+  auto_upgrade_minor_version        = var.extensions[each.key].auto_upgrade_minor_version
+  automatic_upgrade_enabled         = var.extensions[each.key].automatic_upgrade_enabled
+  failure_suppression_enabled       = var.extensions[each.key].failure_suppression_enabled
+  protected_settings                = var.extensions[each.key].protected_settings
+  provision_after_extensions        = var.extensions[each.key].provision_after_extensions
+  settings                          = var.extensions[each.key].settings
+  protected_settings_from_key_vault = var.extensions[each.key].protected_settings_from_key_vault
+
+  timeouts = {
+    create = coalesce(try(var.extensions[each.key].timeouts.create, null), var.timeouts.azurerm_virtual_machine_extension.create)
+    delete = coalesce(try(var.extensions[each.key].timeouts.delete, null), var.timeouts.azurerm_virtual_machine_extension.delete)
+    read   = coalesce(try(var.extensions[each.key].timeouts.read, null), var.timeouts.azurerm_virtual_machine_extension.read)
+    update = coalesce(try(var.extensions[each.key].timeouts.update, null), var.timeouts.azurerm_virtual_machine_extension.update)
   }
 
+  tags = var.extensions[each.key].tags != null && var.extensions[each.key].tags != {} ? var.extensions[each.key].tags : local.tags
+
   depends_on = [
     azurerm_virtual_machine_data_disk_attachment.this_linux,
     azurerm_virtual_machine_data_disk_attachment.this_windows,
-    azurerm_virtual_machine_extension.this_extension_1,
-    azurerm_virtual_machine_extension.this_extension_2,
-    azurerm_virtual_machine_extension.this_extension_3,
-    azurerm_virtual_machine_extension.this_extension_4
+    module.extension_1,
+    module.extension_2,     
+    module.extension_3,
+    module.extension_4
   ]
 }
 
-resource "azurerm_virtual_machine_extension" "this_extension_1" {
-  #forcing to use the map key to address terraform limitation around sensitive values in the map (https://developer.hashicorp.com/terraform/language/meta-arguments/for_each#limitations-on-values-used-in-for_each)
-  for_each = toset([for k, v in nonsensitive(var.extensions) : k if v.deploy_sequence == 1])
+module "extension_1" {
+  source = "./modules/extension"
+  for_each = toset([for k, v in nonsensitive(var.extensions) : k if v.deploy_sequence == 1]) #forcing to use the map key to address terraform limitation around sensitive values in the map (https://developer.hashicorp.com/terraform/language/meta-arguments/for_each#limitations-on-values-used-in-for_each)
 
   #using explicit references using the for_each key to get around the secrets issue in the above link
-  name                        = var.extensions[each.key].name
-  publisher                   = var.extensions[each.key].publisher
-  type                        = var.extensions[each.key].type
-  type_handler_version        = var.extensions[each.key].type_handler_version
-  virtual_machine_id          = local.virtualmachine_resource_id
-  auto_upgrade_minor_version  = var.extensions[each.key].auto_upgrade_minor_version
-  automatic_upgrade_enabled   = var.extensions[each.key].automatic_upgrade_enabled
-  failure_suppression_enabled = var.extensions[each.key].failure_suppression_enabled
-  protected_settings          = var.extensions[each.key].protected_settings
-  provision_after_extensions  = var.extensions[each.key].provision_after_extensions
-  settings                    = var.extensions[each.key].settings
-  tags                        = var.extensions[each.key].tags != null && var.extensions[each.key].tags != {} ? var.extensions[each.key].tags : local.tags
-
-  dynamic "protected_settings_from_key_vault" {
-    for_each = var.extensions[each.key].protected_settings_from_key_vault != null ? [each.key] : []
-
-    content {
-      secret_url      = var.extensions[each.key].protected_settings_from_key_vault.secret_url
-      source_vault_id = var.extensions[each.key].protected_settings_from_key_vault.source_vault_id
-    }
+  name                              = var.extensions[each.key].name
+  publisher                         = var.extensions[each.key].publisher
+  type                              = var.extensions[each.key].type
+  type_handler_version              = var.extensions[each.key].type_handler_version
+  virtualmachine_resource_id        = local.virtualmachine_resource_id
+  auto_upgrade_minor_version        = var.extensions[each.key].auto_upgrade_minor_version
+  automatic_upgrade_enabled         = var.extensions[each.key].automatic_upgrade_enabled
+  failure_suppression_enabled       = var.extensions[each.key].failure_suppression_enabled
+  protected_settings                = var.extensions[each.key].protected_settings
+  provision_after_extensions        = var.extensions[each.key].provision_after_extensions
+  settings                          = var.extensions[each.key].settings
+  protected_settings_from_key_vault = var.extensions[each.key].protected_settings_from_key_vault
+
+  timeouts = {
+    create = coalesce(try(var.extensions[each.key].timeouts.create, null), var.timeouts.azurerm_virtual_machine_extension.create)
+    delete = coalesce(try(var.extensions[each.key].timeouts.delete, null), var.timeouts.azurerm_virtual_machine_extension.delete)
+    read   = coalesce(try(var.extensions[each.key].timeouts.read, null), var.timeouts.azurerm_virtual_machine_extension.read)
+    update = coalesce(try(var.extensions[each.key].timeouts.update, null), var.timeouts.azurerm_virtual_machine_extension.update)
   }
 
+  tags = var.extensions[each.key].tags != null && var.extensions[each.key].tags != {} ? var.extensions[each.key].tags : local.tags
+
   depends_on = [
     azurerm_virtual_machine_data_disk_attachment.this_linux,
-    azurerm_virtual_machine_data_disk_attachment.this_windows
+    azurerm_virtual_machine_data_disk_attachment.this_windows,
   ]
 }
 
-resource "azurerm_virtual_machine_extension" "this_extension_2" {
-  #forcing to use the map key to address terraform limitation around sensitive values in the map (https://developer.hashicorp.com/terraform/language/meta-arguments/for_each#limitations-on-values-used-in-for_each)
-  for_each = toset([for k, v in nonsensitive(var.extensions) : k if v.deploy_sequence == 2])
+module "extension_2" {
+  source = "./modules/extension"
+  for_each = toset([for k, v in nonsensitive(var.extensions) : k if v.deploy_sequence == 2]) #forcing to use the map key to address terraform limitation around sensitive values in the map (https://developer.hashicorp.com/terraform/language/meta-arguments/for_each#limitations-on-values-used-in-for_each)
 
-  #using explicit references using the for_each key to get around the secrets issue in the above link
-  name                        = var.extensions[each.key].name
-  publisher                   = var.extensions[each.key].publisher
-  type                        = var.extensions[each.key].type
-  type_handler_version        = var.extensions[each.key].type_handler_version
-  virtual_machine_id          = local.virtualmachine_resource_id
-  auto_upgrade_minor_version  = var.extensions[each.key].auto_upgrade_minor_version
-  automatic_upgrade_enabled   = var.extensions[each.key].automatic_upgrade_enabled
-  failure_suppression_enabled = var.extensions[each.key].failure_suppression_enabled
-  protected_settings          = var.extensions[each.key].protected_settings
-  provision_after_extensions  = var.extensions[each.key].provision_after_extensions
-  settings                    = var.extensions[each.key].settings
-  tags                        = var.extensions[each.key].tags != null && var.extensions[each.key].tags != {} ? var.extensions[each.key].tags : local.tags
 
-  dynamic "protected_settings_from_key_vault" {
-    for_each = var.extensions[each.key].protected_settings_from_key_vault != null ? [each.key] : []
-
-    content {
-      secret_url      = var.extensions[each.key].protected_settings_from_key_vault.secret_url
-      source_vault_id = var.extensions[each.key].protected_settings_from_key_vault.source_vault_id
-    }
+  #using explicit references using the for_each key to get around the secrets issue in the above link
+  name                              = var.extensions[each.key].name
+  publisher                         = var.extensions[each.key].publisher
+  type                              = var.extensions[each.key].type
+  type_handler_version              = var.extensions[each.key].type_handler_version
+  virtualmachine_resource_id        = local.virtualmachine_resource_id
+  auto_upgrade_minor_version        = var.extensions[each.key].auto_upgrade_minor_version
+  automatic_upgrade_enabled         = var.extensions[each.key].automatic_upgrade_enabled
+  failure_suppression_enabled       = var.extensions[each.key].failure_suppression_enabled
+  protected_settings                = var.extensions[each.key].protected_settings
+  provision_after_extensions        = var.extensions[each.key].provision_after_extensions
+  settings                          = var.extensions[each.key].settings
+  protected_settings_from_key_vault = var.extensions[each.key].protected_settings_from_key_vault
+
+  timeouts = {
+    create = coalesce(try(var.extensions[each.key].timeouts.create, null), var.timeouts.azurerm_virtual_machine_extension.create)
+    delete = coalesce(try(var.extensions[each.key].timeouts.delete, null), var.timeouts.azurerm_virtual_machine_extension.delete)
+    read   = coalesce(try(var.extensions[each.key].timeouts.read, null), var.timeouts.azurerm_virtual_machine_extension.read)
+    update = coalesce(try(var.extensions[each.key].timeouts.update, null), var.timeouts.azurerm_virtual_machine_extension.update)
   }
 
+  tags = var.extensions[each.key].tags != null && var.extensions[each.key].tags != {} ? var.extensions[each.key].tags : local.tags
+
   depends_on = [
     azurerm_virtual_machine_data_disk_attachment.this_linux,
     azurerm_virtual_machine_data_disk_attachment.this_windows,
-    azurerm_virtual_machine_extension.this_extension_1
+    module.extension_1
   ]
 }
 

main.linux_vm.tf

@@ -181,6 +181,11 @@ resource "azurerm_management_lock" "this_linux_virtualmachine" {
     azurerm_linux_virtual_machine.this,
     azurerm_monitor_diagnostic_setting.this_nic_diags,
     azurerm_monitor_diagnostic_setting.this_vm_diags,
-    azurerm_virtual_machine_extension.this_extension
+    module.extension,
+    module.extension_1,
+    module.extension_2,
+    module.run_command,
+    module.run_command_1,
+    module.run_command_2
   ]
 }