generated from Azure/terraform-azurerm-avm-template
-
Notifications
You must be signed in to change notification settings - Fork 5
/
main.privatecloud.tf
88 lines (80 loc) · 3.73 KB
/
main.privatecloud.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
#defaulting to azAPI for private cloud provisioning due to issues with feature lag on AzureRM for AVS
#and need to avoid breaking changes
#pre-creating the body as a local to allow for handling issues with the API not accepting null values.
locals {
availability_map = merge(local.primary_zone_map, local.secondary_zone_map, local.base_properties_availability) #build the availability map
base_body = {
sku = {
name = lower(var.sku_name)
}
}
base_properties = {
managementCluster = {
clusterSize = var.management_cluster_size
}
networkBlock = var.avs_network_cidr
nsxtPassword = local.nsxt_password
vcenterPassword = local.vcenter_password
internet = var.internet_enabled ? "Enabled" : "Disabled"
}
base_properties_availability = {
strategy = var.enable_stretch_cluster ? "DualZone" : "SingleZone"
}
full_body = merge(local.base_body, { properties = local.properties_map }) #merge the properties map into the body map
managed_identities = {
system_assigned_user_assigned = (var.managed_identities.system_assigned || length(var.managed_identities.user_assigned_resource_ids) > 0) ? {
this = {
type = var.managed_identities.system_assigned && length(var.managed_identities.user_assigned_resource_ids) > 0 ? "SystemAssigned, UserAssigned" : length(var.managed_identities.user_assigned_resource_ids) > 0 ? "UserAssigned" : "SystemAssigned"
user_assigned_resource_ids = var.managed_identities.user_assigned_resource_ids
}
} : {}
system_assigned = var.managed_identities.system_assigned ? {
this = {
type = "SystemAssigned"
}
} : {}
user_assigned = length(var.managed_identities.user_assigned_resource_ids) > 0 ? {
this = {
type = "UserAssigned"
user_assigned_resource_ids = var.managed_identities.user_assigned_resource_ids
}
} : {}
}
primary_zone_map = jsondecode(var.primary_zone != null ? jsonencode({ zone = var.primary_zone }) : jsonencode({}))
properties_map = merge(local.base_properties, { availability = local.availability_map }, local.properties_map_enb) #build the properties map
#merge the extended network Blocks value into the properties if it exists
properties_map_enb = jsondecode((length(var.extended_network_blocks) == 0) ? jsonencode({}) : jsonencode({ extendedNetworkBlocks = var.extended_network_blocks }))
secondary_zone_map = jsondecode(var.secondary_zone != null ? jsonencode({ secondaryZone = var.secondary_zone }) : jsonencode({}))
}
#build a base private cloud resource then modify it as needed.
resource "azapi_resource" "this_private_cloud" {
type = "Microsoft.AVS/privateClouds@2023-09-01"
body = local.full_body
location = var.location
name = var.name
parent_id = var.resource_group_resource_id
response_export_values = ["*"]
schema_validation_enabled = false
tags = var.tags
dynamic "identity" {
for_each = local.managed_identities.system_assigned
content {
type = identity.value.type
}
}
#TODO: Test to see if a lifecycle block is needed when the NSXT or VCenter passwords change
timeouts {
create = "15h"
delete = "4h"
}
lifecycle {
ignore_changes = [body.properties.nsxtPassword, body.properties.vcenterPassword]
}
}
#use a data resource to get the identity details to avoid terraform import issues
data "azapi_resource" "this_private_cloud" {
type = "Microsoft.AVS/privateClouds@2023-09-01"
resource_id = azapi_resource.this_private_cloud.id
response_export_values = ["*"]
depends_on = [azapi_resource.this_private_cloud]
}