resolve comments

Author: myc2h6o

quickstart/201-vm-disk-encryption-extension/main.tf

@@ -39,7 +39,7 @@ resource "azurerm_key_vault_access_policy" "service-principal" {
 resource "azurerm_key_vault_key" "example" {
   name         = "examplekey"
   key_vault_id = azurerm_key_vault.example.id
-  key_type     = "RSA"
+  key_type     = "RSA-HSM"
   key_size     = 2048
 
   key_opts = [
@@ -120,15 +120,13 @@ resource "azurerm_virtual_machine_extension" "example" {
   auto_upgrade_minor_version = false
   virtual_machine_id         = azurerm_linux_virtual_machine.example.id
 
-  settings = <<SETTINGS
-{
-  "EncryptionOperation": "EnableEncryption",
-  "KeyEncryptionAlgorithm": "RSA-OAEP",
-  "KeyVaultURL": "${azurerm_key_vault.example.vault_uri}",
-  "KeyVaultResourceId": "${azurerm_key_vault.example.id}",
-  "KeyEncryptionKeyURL": "${azurerm_key_vault_key.example.id}",
-  "KekVaultResourceId": "${azurerm_key_vault.example.id}",
-  "VolumeType": "All"
-}
-SETTINGS
+  settings = jsonencode({
+    "EncryptionOperation"    = "EnableEncryption"
+    "KeyEncryptionAlgorithm" = "RSA-OAEP"
+    "KeyVaultURL"            = azurerm_key_vault.example.vault_uri
+    "KeyVaultResourceId"     = azurerm_key_vault.example.id
+    "KeyEncryptionKeyURL"    = azurerm_key_vault_key.example.id
+    "KekVaultResourceId"     = azurerm_key_vault.example.id
+    "VolumeType"             = "All"
+  })
 }

…vm-disk-encryption-extension/provider.tf …m-disk-encryption-extension/providers.tfquickstart/201-vm-disk-encryption-extension/provider.tf renamed to quickstart/201-vm-disk-encryption-extension/providers.tf quickstart/201-vm-disk-encryption-extension/provider.tf renamed to quickstart/201-vm-disk-encryption-extension/providers.tf

@@ -19,8 +19,8 @@ This template deploys an Azure virtual machine with disk encryption extension.
 | Name | Description |
 |-|-|
 | `location` | (Required) Azure Region in which to deploy these resources.|
+| `name_prefix` | (Required) Prefix of the resource name.|
 | `vm_public_key` | (Required) Public key of the Virtual Machine.|
-| `name_prefix` | (Optional) Prefix of the resource name. Value defaults to: tftest|
 
 ## Example
 

quickstart/201-vm-disk-encryption-extension/readme.md

@@ -3,13 +3,12 @@ variable "location" {
   description = "Location where resources will be created"
 }
 
-variable "vm_public_key" {
+variable "name_prefix" {
   type        = string
-  description = "Public key of the Virtual Machine"
+  description = "Prefix of the resource name"
 }
 
-variable "name_prefix" {
+variable "vm_public_key" {
   type        = string
-  default     = "tftest"
-  description = "Prefix of the resource name"
+  description = "Public key of the Virtual Machine"
 }

quickstart/201-vm-disk-encryption-extension/variables.tf

@@ -39,7 +39,7 @@ resource "azurerm_key_vault_access_policy" "service-principal" {
 resource "azurerm_key_vault_key" "example" {
   name         = "examplekey"
   key_vault_id = azurerm_key_vault.example.id
-  key_type     = "RSA"
+  key_type     = "RSA-HSM"
   key_size     = 3072
 
   key_opts = [
@@ -114,15 +114,13 @@ resource "azurerm_virtual_machine_scale_set_extension" "example" {
   auto_upgrade_minor_version   = false
   virtual_machine_scale_set_id = azurerm_windows_virtual_machine_scale_set.example.id
 
-  settings = <<SETTINGS
-{
-  "EncryptionOperation": "EnableEncryption",
-  "KeyEncryptionAlgorithm": "RSA-OAEP",
-  "KeyVaultURL": "${azurerm_key_vault.example.vault_uri}",
-  "KeyVaultResourceId": "${azurerm_key_vault.example.id}",
-  "KeyEncryptionKeyURL": "${azurerm_key_vault_key.example.id}",
-  "KekVaultResourceId": "${azurerm_key_vault.example.id}",
-  "VolumeType": "All"
-}
-SETTINGS
+  settings = jsonencode({
+    "EncryptionOperation"    = "EnableEncryption"
+    "KeyEncryptionAlgorithm" = "RSA-OAEP"
+    "KeyVaultURL"            = azurerm_key_vault.example.vault_uri
+    "KeyVaultResourceId"     = azurerm_key_vault.example.id
+    "KeyEncryptionKeyURL"    = azurerm_key_vault_key.example.id
+    "KekVaultResourceId"     = azurerm_key_vault.example.id
+    "VolumeType"             = "All"
+  })
 }

quickstart/201-vmss-disk-encryption-extension/main.tf

@@ -1,20 +1,20 @@
-terraform {
-  required_version = ">=1.0"
-
-  required_providers {
-    azurerm = {
-      source  = "hashicorp/azurerm"
-      version = "~>3.8"
-    }
-  }
-}
-
-provider "azurerm" {
-  features {
-    key_vault {
-      recover_soft_deleted_key_vaults    = false
-      purge_soft_delete_on_destroy       = false
-      purge_soft_deleted_keys_on_destroy = false
-    }
-  }
-}
+terraform {
+  required_version = ">=1.0"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~>3.8"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {
+    key_vault {
+      recover_soft_deleted_key_vaults    = false
+      purge_soft_delete_on_destroy       = false
+      purge_soft_deleted_keys_on_destroy = false
+    }
+  }
+}

…ss-disk-encryption-extension/provider.tf …s-disk-encryption-extension/providers.tfquickstart/201-vmss-disk-encryption-extension/provider.tf renamed to quickstart/201-vmss-disk-encryption-extension/providers.tf quickstart/201-vmss-disk-encryption-extension/provider.tf renamed to quickstart/201-vmss-disk-encryption-extension/providers.tf

@@ -19,7 +19,7 @@ This template deploys an Azure virtual machine scale set with disk encryption ex
 |-|-|
 | `admin_password` | (Required) Admin password of the virtual machine scale set.|
 | `location` | (Required) Azure Region in which to deploy these resources.|
-| `name_prefix` | (Optional) Prefix of the resource name. Value defaults to: tftest|
+| `name_prefix` | (Required) Prefix of the resource name.|
 
 ## Example
 

quickstart/201-vmss-disk-encryption-extension/readme.md

@@ -11,6 +11,5 @@ variable "location" {
 
 variable "name_prefix" {
   type        = string
-  default     = "tftest"
   description = "Prefix of the resource name"
 }