Add secure_boot_enabled and vtpm_enabled options #1825

olandese · 2023-10-12T14:06:54Z

Description

Add secure_boot_enabled and vtpm_enabled options in Windows and Linux VMs

Does this introduce a breaking change

YES
NO

Testing

Create a VM with the options enabled like:

global_settings = {
  default_region = "region1"
  regions = {
    region1 = "westeurope"
  }
}

resource_groups = {
  vm_region1 = {
    name = "example-virtual-machine-olandese"
  }
}

virtual_machines = {

  domain_controller_1_vm = {

    resource_group = {
      key = "vm_region1"
    }

    provision_vm_agent                   = true
    boot_diagnostics_storage_account_key = ""
    os_type                              = "windows"

    keyvault_key = "example_vm_rg1"

    networking_interfaces = {
      nic0 = {
        # Value of the keys from networking.tfvars
        vnet_key                = "vnet_region1"
        subnet_key              = "example"
        name                    = "0"
        enable_ip_forwarding    = false
        internal_dns_name_label = "nic0"
      }
    }

    data_disks = {
      vm-wl-addc-datadisk = {
        name                 = "data01-vm-wl-addc-p1"
        storage_account_type = "Premium_LRS"
        create_option        = "Empty"
        disk_size_gb         = "32"
        lun                  = 0
        caching              = "ReadWrite"
        # Choose the zone in which this first vm resides
        zone = 2
      }
    }

    virtual_machine_settings = {
      windows = {
        name                            = "wl-addc-p1"
        size                            = "Standard_B2ms"
        admin_username                  = "adminuser"
        disable_password_authentication = true
        zone                            = 2

        patch_mode          = "AutomaticByPlatform"
        hotpatching_enabled = false

        # MUST BE TRUE!
        encryption_at_host_enabled = false

        # Value of the nic keys to attach the VM. The first one in the list is the default nic
        network_interface_keys = ["nic0"]

        identity = {
          type = "SystemAssigned"
        }

        os_disk = {
          name                 = "os-vm-wl-addc-p1"
          disk_size_gb         = "64"
          caching              = "ReadWrite"
          storage_account_type = "Premium_LRS"
          zone                 = 2
        }

        source_image_reference = {
          publisher = "MicrosoftWindowsServer"
          offer     = "WindowsServer"
          sku       = "2022-datacenter-azure-edition-hotpatch-smalldisk"
          version   = "latest"
        }

        secure_boot_enabled = true
        vtpm_enabled = true
      }
    }
  }
}

arnaudlh

LGTM

add secure_boot_enabled and vtpm_enabled options

4845926

arnaudlh approved these changes Oct 17, 2023

View reviewed changes

arnaudlh assigned olandese Oct 17, 2023

arnaudlh added enhancement New feature or request virtual machines labels Oct 17, 2023

arnaudlh added this to the 5.7.6 milestone Oct 17, 2023

arnaudlh merged commit 5bb7887 into aztfmod:main Oct 17, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add secure_boot_enabled and vtpm_enabled options #1825

Add secure_boot_enabled and vtpm_enabled options #1825

olandese commented Oct 12, 2023

arnaudlh left a comment

Add secure_boot_enabled and vtpm_enabled options #1825

Add secure_boot_enabled and vtpm_enabled options #1825

Conversation

olandese commented Oct 12, 2023

Description

Does this introduce a breaking change

Testing

arnaudlh left a comment

Choose a reason for hiding this comment