diff --git a/settings/remarks/microsoft.cache/samples/redisenterprise/databases/main.tf b/settings/remarks/microsoft.cache/samples/redisenterprise/databases/main.tf index 2840e5b..26b3f00 100644 --- a/settings/remarks/microsoft.cache/samples/redisenterprise/databases/main.tf +++ b/settings/remarks/microsoft.cache/samples/redisenterprise/databases/main.tf @@ -27,23 +27,32 @@ resource "azapi_resource" "resourceGroup" { } resource "azapi_resource" "redisEnterprise" { - type = "Microsoft.Cache/redisEnterprise@2024-10-01" + type = "Microsoft.Cache/redisEnterprise@2025-04-01" parent_id = azapi_resource.resourceGroup.id name = var.resource_name location = var.location body = { properties = { minimumTlsVersion = "1.2" + encryption = {} + highAvailability = "Enabled" } sku = { - capacity = 4 - name = "Enterprise_E20" + name = "Balanced_B0" } } + + identity { + type = "SystemAssigned" + identity_ids = [] + } + + schema_validation_enabled = false + response_export_values = ["*"] } -resource "azapi_resource" "databas" { - type = "Microsoft.Cache/redisEnterprise/databases@2024-10-01" +resource "azapi_resource" "defaultDatabase" { + type = "Microsoft.Cache/redisEnterprise/databases@2025-04-01" parent_id = azapi_resource.redisEnterprise.id name = "default" body = { diff --git a/settings/remarks/microsoft.cache/samples/redisenterprise/main.tf b/settings/remarks/microsoft.cache/samples/redisenterprise/main.tf index f893a82..9384cc6 100644 --- a/settings/remarks/microsoft.cache/samples/redisenterprise/main.tf +++ b/settings/remarks/microsoft.cache/samples/redisenterprise/main.tf @@ -27,19 +27,26 @@ resource "azapi_resource" "resourceGroup" { } resource "azapi_resource" "redisEnterprise" { - type = "Microsoft.Cache/redisEnterprise@2022-01-01" + type = "Microsoft.Cache/redisEnterprise@2025-04-01" parent_id = azapi_resource.resourceGroup.id name = var.resource_name location = var.location body = { properties = { minimumTlsVersion = "1.2" + encryption = {} + highAvailability = "Enabled" } sku = { - capacity = 2 - name = "Enterprise_E100" + name = "Balanced_B0" } } + + identity { + type = "SystemAssigned" + identity_ids = [] + } + schema_validation_enabled = false response_export_values = ["*"] } diff --git a/settings/remarks/microsoft.cognitiveservices/remarks.json b/settings/remarks/microsoft.cognitiveservices/remarks.json index db7da2c..9f79d9f 100644 --- a/settings/remarks/microsoft.cognitiveservices/remarks.json +++ b/settings/remarks/microsoft.cognitiveservices/remarks.json @@ -4,13 +4,23 @@ { "ResourceType": "Microsoft.CognitiveServices/accounts", "Path": "samples/accounts/main.tf", - "Description": "A basic example of deploying AI Services Account." + "Description": "A basic example of deploying Cognitive Services Account." + }, + { + "ResourceType": "Microsoft.CognitiveServices/accounts/connections", + "Path": "samples/accounts/connections/main.tf", + "Description": "A basic example of deploying Cognitive Services Account Connection." }, { "ResourceType": "Microsoft.CognitiveServices/accounts/deployments", "Path": "samples/accounts/deployments/main.tf", "Description": "A basic example of deploying Cognitive Services Account Deployment." }, + { + "ResourceType": "Microsoft.CognitiveServices/accounts/projects", + "Path": "samples/accounts/projects/main.tf", + "Description": "A basic example of deploying Cognitive Services Account Project." + }, { "ResourceType": "Microsoft.CognitiveServices/accounts/raiBlocklists", "Path": "samples/accounts/raiblocklists/main.tf", diff --git a/settings/remarks/microsoft.cognitiveservices/samples/accounts/connections/main.tf b/settings/remarks/microsoft.cognitiveservices/samples/accounts/connections/main.tf new file mode 100644 index 0000000..5c6e635 --- /dev/null +++ b/settings/remarks/microsoft.cognitiveservices/samples/accounts/connections/main.tf @@ -0,0 +1,342 @@ +terraform { + required_providers { + azapi = { + source = "Azure/azapi" + } + } +} + +provider "azapi" { + skip_provider_registration = false +} + +variable "resource_name" { + type = string + default = "acctest0001" +} + +variable "location" { + type = string + default = "westeurope" +} + +variable "oauth2_client_id" { + type = string + sensitive = true + description = "OAuth2 Client ID for the connection." +} + +variable "oauth2_client_secret" { + type = string + sensitive = true + description = "OAuth2 Client Secret for the connection." +} + +variable "oauth2_tenant_id" { + type = string + sensitive = true + description = "OAuth2 Tenant ID for the connection." +} + +variable "oauth2_developer_token" { + type = string + sensitive = true + description = "OAuth2 Developer Token for the connection." +} + +variable "oauth2_refresh_token" { + type = string + sensitive = true + description = "OAuth2 Refresh Token for the connection." +} + +variable "oauth2_username" { + type = string + sensitive = true + description = "OAuth2 Username for the connection." +} + +variable "oauth2_password" { + type = string + sensitive = true + description = "OAuth2 Password for the connection." +} + +data "azapi_client_config" "current" {} + +resource "azapi_resource" "resourceGroup" { + type = "Microsoft.Resources/resourceGroups@2020-06-01" + name = var.resource_name + location = var.location +} + +resource "azapi_resource" "userAssignedIdentity" { + type = "Microsoft.ManagedIdentity/userAssignedIdentities@2024-11-30" + name = var.resource_name + location = var.location + parent_id = azapi_resource.resourceGroup.id + response_export_values = ["*"] +} + +resource "azapi_resource" "account" { + type = "Microsoft.CognitiveServices/accounts@2025-06-01" + parent_id = azapi_resource.resourceGroup.id + name = var.resource_name + location = var.location + identity { + type = "SystemAssigned, UserAssigned" + identity_ids = [azapi_resource.userAssignedIdentity.id] + } + body = { + kind = "AIServices" + properties = { + allowProjectManagement = true + allowedFqdnList = [ + ] + apiProperties = { + } + disableLocalAuth = false + dynamicThrottlingEnabled = false + publicNetworkAccess = "Enabled" + restrictOutboundNetworkAccess = false + } + sku = { + name = "S0" + tier = "Standard" + } + } + schema_validation_enabled = false + response_export_values = ["*"] +} + +resource "azapi_resource" "account_openai" { + type = "Microsoft.CognitiveServices/accounts@2025-06-01" + parent_id = azapi_resource.resourceGroup.id + name = "${var.resource_name}-openai" + location = var.location + identity { + type = "SystemAssigned" + } + + body = { + kind = "OpenAI" + properties = { + allowProjectManagement = true + allowedFqdnList = [ + ] + apiProperties = { + } + disableLocalAuth = false + dynamicThrottlingEnabled = false + publicNetworkAccess = "Enabled" + restrictOutboundNetworkAccess = false + } + sku = { + name = "S0" + tier = "Standard" + } + } + schema_validation_enabled = false + response_export_values = ["*"] +} + +resource "azapi_resource" "storageAccount" { + type = "Microsoft.Storage/storageAccounts@2021-09-01" + parent_id = azapi_resource.resourceGroup.id + name = var.resource_name + location = var.location + body = { + kind = "StorageV2" + properties = { + accessTier = "Hot" + allowBlobPublicAccess = false + allowCrossTenantReplication = true + allowSharedKeyAccess = false + defaultToOAuthAuthentication = false + encryption = { + keySource = "Microsoft.Storage" + services = { + queue = { + keyType = "Service" + } + table = { + keyType = "Service" + } + } + } + isHnsEnabled = false + isNfsV3Enabled = false + isSftpEnabled = false + minimumTlsVersion = "TLS1_2" + networkAcls = { + bypass = "AzureServices" + defaultAction = "Deny" + resourceAccessRules = [ + { + resourceId = azapi_resource.account.id + tenantId = data.azapi_client_config.current.tenant_id + } + ] + } + publicNetworkAccess = "Enabled" + supportsHttpsTrafficOnly = true + } + sku = { + name = "Standard_LRS" + } + } + schema_validation_enabled = false + response_export_values = ["*"] +} + +resource "azapi_resource" "container" { + type = "Microsoft.Storage/storageAccounts/blobServices/containers@2024-01-01" + parent_id = "${azapi_resource.storageAccount.id}/blobServices/default" + name = var.resource_name + body = { + properties = { + } + } + + schema_validation_enabled = false + response_export_values = ["*"] +} + +# Retrieving keys +resource "azapi_resource_action" "account_keys" { + type = "Microsoft.CognitiveServices/accounts@2025-06-01" + resource_id = azapi_resource.account.id + action = "listKeys" + method = "POST" + + sensitive_response_export_values = ["key1"] +} + +resource "azapi_resource_action" "account_openai_keys" { + type = "Microsoft.CognitiveServices/accounts@2025-06-01" + resource_id = azapi_resource.account_openai.id + action = "listKeys" + method = "POST" + + sensitive_response_export_values = ["key1", "key2"] +} + +## Connections note: +# Credentials will not be returned since it's a sensitive data. if we want credentials, we can use .../{connectionName}/listsecrets +## Resources depend on each other so that they get deleted one after another instead of together. +# This helps escape a transient error that occurs when deleting all the connections together on cleanup. +resource "azapi_resource" "connection_aad" { + type = "Microsoft.CognitiveServices/accounts/connections@2025-06-01" + parent_id = azapi_resource.account.id + name = "${var.resource_name}-aad" + body = { + properties = { + authType = "AAD" + category = "AzureBlob" + target = azapi_resource.storageAccount.output.properties.primaryEndpoints.blob + metadata = { + containerName = azapi_resource.container.name + accountName = azapi_resource.storageAccount.name + } + } + } + schema_validation_enabled = false + ignore_casing = false + ignore_missing_property = false +} + +resource "azapi_resource" "connection_apikey" { + type = "Microsoft.CognitiveServices/accounts/connections@2025-06-01" + parent_id = azapi_resource.account.id + name = "${var.resource_name}-apikey" + body = { + properties = { + authType = "ApiKey" + category = "AzureOpenAI" + target = azapi_resource.account_openai.output.properties.endpoint + metadata = { + ApiType = "Azure" + ResourceId = azapi_resource.account_openai.id + location = var.location + } + } + } + sensitive_body = { + properties = { + credentials = { + key = azapi_resource_action.account_openai_keys.sensitive_output.key1 + } + } + } + schema_validation_enabled = false + ignore_casing = false + ignore_missing_property = false +} + +resource "azapi_resource" "connection_customkeys" { + type = "Microsoft.CognitiveServices/accounts/connections@2025-06-01" + parent_id = azapi_resource.account.id + name = "${var.resource_name}-custom" + body = { + properties = { + authType = "CustomKeys" + category = "CustomKeys" + target = azapi_resource.account_openai.output.properties.endpoint + metadata = { + ApiType = "Azure" + ResourceId = azapi_resource.account_openai.id + location = var.location + } + } + } + sensitive_body = { + properties = { + credentials = { + keys = { + primaryKey = azapi_resource_action.account_openai_keys.sensitive_output.key1 + secondaryKey = azapi_resource_action.account_openai_keys.sensitive_output.key2 + } + } + } + } + schema_validation_enabled = false + ignore_casing = false + ignore_missing_property = false +} + +# This is example is based on having an external resource that uses OAuth2. +resource "azapi_resource" "connection_oauth" { + type = "Microsoft.CognitiveServices/accounts/connections@2025-06-01" + parent_id = azapi_resource.account.id + name = "${var.resource_name}-oauth" + body = { + properties = { + authType = "OAuth2" + category = "AzureBlob" + target = azapi_resource.storageAccount.output.properties.primaryEndpoints.blob + metadata = { + containerName = azapi_resource.container.name + accountName = azapi_resource.storageAccount.name + } + } + } + sensitive_body = { + properties = { + credentials = { + # Not all fields are required. + # Use the fields that are necessary in an actual use of the credentials, you don't need to use all of them, they are just placeholders for validation in this connection. + authUrl = "https://login.microsoftonline.com/${var.oauth2_tenant_id}/oauth2/v2.0/token" + clientId = var.oauth2_client_id + clientSecret = var.oauth2_client_secret + tenantId = var.oauth2_tenant_id + developerToken = var.oauth2_developer_token + refreshToken = var.oauth2_refresh_token + username = var.oauth2_username + password = var.oauth2_password + } + } + } + schema_validation_enabled = false + ignore_casing = false + ignore_missing_property = false +} diff --git a/settings/remarks/microsoft.cognitiveservices/samples/accounts/projects/main.tf b/settings/remarks/microsoft.cognitiveservices/samples/accounts/projects/main.tf new file mode 100644 index 0000000..84f415c --- /dev/null +++ b/settings/remarks/microsoft.cognitiveservices/samples/accounts/projects/main.tf @@ -0,0 +1,77 @@ +terraform { + required_providers { + azapi = { + source = "Azure/azapi" + } + } +} + +provider "azapi" { + skip_provider_registration = false +} + +variable "resource_name" { + type = string + default = "acctest0001" +} + +variable "location" { + type = string + default = "westus2" +} + +resource "azapi_resource" "resourceGroup" { + type = "Microsoft.Resources/resourceGroups@2020-06-01" + name = var.resource_name + location = var.location +} + +resource "azapi_resource" "account" { + type = "Microsoft.CognitiveServices/accounts@2025-06-01" + parent_id = azapi_resource.resourceGroup.id + name = var.resource_name + location = var.location + identity { + type = "SystemAssigned" + } + + body = { + kind = "AIServices" + properties = { + allowProjectManagement = true + customSubDomainName = "cog-${var.resource_name}" + disableLocalAuth = false + dynamicThrottlingEnabled = false + publicNetworkAccess = "Enabled" + restrictOutboundNetworkAccess = false + } + sku = { + name = "S0" + } + } + schema_validation_enabled = false + response_export_values = ["*"] +} + +resource "azapi_resource" "project" { + type = "Microsoft.CognitiveServices/accounts/projects@2025-06-01" + parent_id = azapi_resource.account.id + name = var.resource_name + location = var.location + identity { + type = "SystemAssigned" + } + + body = { + properties = { + displayName = "project-${var.resource_name}" + description = "test project" + } + } + + tags = { + foo = "bar" + } + schema_validation_enabled = false + response_export_values = ["*"] +} diff --git a/settings/remarks/microsoft.compute/samples/virtualmachines/runcommands/main.tf b/settings/remarks/microsoft.compute/samples/virtualmachines/runcommands/main.tf index a0fd7bd..a8abb10 100644 --- a/settings/remarks/microsoft.compute/samples/virtualmachines/runcommands/main.tf +++ b/settings/remarks/microsoft.compute/samples/virtualmachines/runcommands/main.tf @@ -20,6 +20,12 @@ variable "location" { default = "eastus" } +variable "admin_password" { + type = string + sensitive = true + description = "The administrator password for the virtual machine" +} + resource "azapi_resource" "resourceGroup" { type = "Microsoft.Resources/resourceGroups@2020-06-01" name = var.resource_name @@ -127,7 +133,7 @@ resource "azapi_resource" "virtualMachine" { }] } osProfile = { - adminPassword = "Pa-tn93e" + adminPassword = var.admin_password adminUsername = "adminuser" allowExtensionOperations = true computerName = "${var.resource_name}-vm" diff --git a/settings/remarks/microsoft.containerregistry/samples/registries/credentialsets/main.tf b/settings/remarks/microsoft.containerregistry/samples/registries/credentialsets/main.tf index 81b6fd1..5bf83b6 100644 --- a/settings/remarks/microsoft.containerregistry/samples/registries/credentialsets/main.tf +++ b/settings/remarks/microsoft.containerregistry/samples/registries/credentialsets/main.tf @@ -22,6 +22,19 @@ variable "location" { default = "eastus" } +variable "credential_username" { + type = string + sensitive = true + description = "The username for the container registry credential" + default = "testuser" +} + +variable "credential_password" { + type = string + sensitive = true + description = "The password for the container registry credential" +} + resource "azapi_resource" "resourceGroup" { type = "Microsoft.Resources/resourceGroups@2020-06-01" name = var.resource_name @@ -98,7 +111,7 @@ resource "azapi_resource" "usernameSecret" { name = "username" body = { properties = { - value = "testuser" + value = var.credential_username } } } @@ -109,7 +122,7 @@ resource "azapi_resource" "passwordSecret" { name = "password" body = { properties = { - value = "testpassword" + value = var.credential_password } } } diff --git a/settings/remarks/microsoft.dbformysql/samples/flexibleservers/administrators/main.tf b/settings/remarks/microsoft.dbformysql/samples/flexibleservers/administrators/main.tf index a401177..33d29d8 100644 --- a/settings/remarks/microsoft.dbformysql/samples/flexibleservers/administrators/main.tf +++ b/settings/remarks/microsoft.dbformysql/samples/flexibleservers/administrators/main.tf @@ -22,6 +22,12 @@ variable "location" { default = "westus" } +variable "administrator_login_password" { + type = string + sensitive = true + description = "The administrator login password for the MySQL flexible server" +} + resource "azapi_resource" "resourceGroup" { type = "Microsoft.Resources/resourceGroups@2020-06-01" name = var.resource_name @@ -54,7 +60,7 @@ resource "azapi_resource" "flexibleServer" { body = { properties = { administratorLogin = "tfadmin" - administratorLoginPassword = "QAZwsx123!@#" + administratorLoginPassword = var.administrator_login_password backup = { backupRetentionDays = 7 geoRedundantBackup = "Disabled" diff --git a/settings/remarks/microsoft.dbformysql/samples/flexibleservers/configurations/main.tf b/settings/remarks/microsoft.dbformysql/samples/flexibleservers/configurations/main.tf index 5e0773b..bed4d79 100644 --- a/settings/remarks/microsoft.dbformysql/samples/flexibleservers/configurations/main.tf +++ b/settings/remarks/microsoft.dbformysql/samples/flexibleservers/configurations/main.tf @@ -20,6 +20,12 @@ variable "location" { default = "westus" } +variable "administrator_login_password" { + type = string + sensitive = true + description = "The administrator login password for the MySQL flexible server" +} + resource "azapi_resource" "resourceGroup" { type = "Microsoft.Resources/resourceGroups@2020-06-01" name = var.resource_name @@ -34,7 +40,7 @@ resource "azapi_resource" "flexibleServer" { body = { properties = { administratorLogin = "tfadmin" - administratorLoginPassword = "QAZwsx123!@#" + administratorLoginPassword = var.administrator_login_password backup = { backupRetentionDays = 7 geoRedundantBackup = "Disabled" diff --git a/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/virtualendpoints/main.tf b/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/virtualendpoints/main.tf index ee888ad..de6527d 100644 --- a/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/virtualendpoints/main.tf +++ b/settings/remarks/microsoft.dbforpostgresql/samples/flexibleservers/virtualendpoints/main.tf @@ -20,6 +20,12 @@ variable "location" { default = "westus" } +variable "administrator_login_password" { + type = string + sensitive = true + description = "The administrator login password for the PostgreSQL flexible server" +} + resource "azapi_resource" "resourceGroup" { type = "Microsoft.Resources/resourceGroups@2020-06-01" name = var.resource_name @@ -34,7 +40,7 @@ resource "azapi_resource" "flexibleServer" { body = { properties = { administratorLogin = "psqladmin" - administratorLoginPassword = "H@Sh1CoR3!" + administratorLoginPassword = var.administrator_login_password availabilityZone = "1" backup = { geoRedundantBackup = "Disabled" diff --git a/settings/remarks/microsoft.documentdb/remarks.json b/settings/remarks/microsoft.documentdb/remarks.json index 15ea647..197309a 100644 --- a/settings/remarks/microsoft.documentdb/remarks.json +++ b/settings/remarks/microsoft.documentdb/remarks.json @@ -85,6 +85,21 @@ "ResourceType": "Microsoft.DocumentDB/databaseAccounts/tables", "Path": "samples/databaseaccounts/tables/main.tf", "Description": "A basic example of deploying Table within a Cosmos DB Account." + }, + { + "ResourceType": "Microsoft.DocumentDB/mongoClusters", + "Path": "samples/mongoclusters/main.tf", + "Description": "A basic example of deploying Azure Cosmos DB for MongoDB (vCore)." + }, + { + "ResourceType": "Microsoft.DocumentDB/mongoClusters/firewallRules", + "Path": "samples/mongoclusters/firewallrules/main.tf", + "Description": "A basic example of deploying Azure Cosmos DB for MongoDB (vCore) Firewall Rule." + }, + { + "ResourceType": "Microsoft.DocumentDB/mongoClusters/users", + "Path": "samples/mongoclusters/users/main.tf", + "Description": "A basic example of deploying Azure Cosmos DB for MongoDB (vCore) User." } ] } diff --git a/settings/remarks/microsoft.documentdb/samples/databaseaccounts/mongodbuserdefinitions/main.tf b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/mongodbuserdefinitions/main.tf index d8bf2ff..00dfe55 100644 --- a/settings/remarks/microsoft.documentdb/samples/databaseaccounts/mongodbuserdefinitions/main.tf +++ b/settings/remarks/microsoft.documentdb/samples/databaseaccounts/mongodbuserdefinitions/main.tf @@ -20,6 +20,12 @@ variable "location" { default = "westus" } +variable "mongodb_user_password" { + type = string + description = "The password for the MongoDB user" + sensitive = true +} + resource "azapi_resource" "resourceGroup" { type = "Microsoft.Resources/resourceGroups@2020-06-01" name = var.resource_name @@ -92,7 +98,7 @@ resource "azapi_resource" "mongodbUserDefinition" { properties = { databaseName = azapi_resource.mongodbDatabas.name mechanisms = "SCRAM-SHA-256" - password = "${var.resource_name}-pwd" + password = var.mongodb_user_password userName = "myUserName" } } diff --git a/settings/remarks/microsoft.documentdb/samples/mongoclusters/firewallrules/main.tf b/settings/remarks/microsoft.documentdb/samples/mongoclusters/firewallrules/main.tf new file mode 100644 index 0000000..aa01078 --- /dev/null +++ b/settings/remarks/microsoft.documentdb/samples/mongoclusters/firewallrules/main.tf @@ -0,0 +1,79 @@ +terraform { + required_providers { + azapi = { + source = "Azure/azapi" + } + } +} + +provider "azapi" { + skip_provider_registration = false +} + +variable "resource_name" { + type = string + default = "acctest0001" +} + +variable "location" { + type = string + default = "westus3" +} + +resource "azapi_resource" "resourceGroup" { + type = "Microsoft.Resources/resourceGroups@2020-06-01" + name = var.resource_name + location = var.location +} + +data "azapi_client_config" "current" {} + +resource "azapi_resource" "mongoCluster" { + type = "Microsoft.DocumentDB/mongoClusters@2025-09-01" + parent_id = azapi_resource.resourceGroup.id + name = var.resource_name + location = var.location + body = { + properties = { + authConfig = { + allowedModes = ["MicrosoftEntraID"] + } + compute = { + tier = "M40" + } + highAvailability = { + targetMode = "Disabled" + } + previewFeatures = [ + "ShardRebalancer" + ] + publicNetworkAccess = "Enabled" + serverVersion = "5.0" + sharding = { + shardCount = 1 + } + storage = { + sizeGb = 32 + } + } + } + tags = { + Environment = "Test" + } + schema_validation_enabled = false + response_export_values = ["*"] +} + +resource "azapi_resource" "firewallRule" { + type = "Microsoft.DocumentDB/mongoClusters/firewallRules@2025-09-01" + parent_id = azapi_resource.mongoCluster.id + name = var.resource_name + body = { + properties = { + endIpAddress = "0.0.0.0" + startIpAddress = "0.0.0.0" + } + } + schema_validation_enabled = false + response_export_values = ["*"] +} diff --git a/settings/remarks/microsoft.documentdb/samples/mongoclusters/main.tf b/settings/remarks/microsoft.documentdb/samples/mongoclusters/main.tf new file mode 100644 index 0000000..41f120d --- /dev/null +++ b/settings/remarks/microsoft.documentdb/samples/mongoclusters/main.tf @@ -0,0 +1,408 @@ +terraform { + required_providers { + azapi = { + source = "Azure/azapi" + } + time = { + source = "hashicorp/time" + } + } +} + +provider "azapi" { + skip_provider_registration = false +} + +variable "resource_name" { + type = string + default = "acctest0001" +} + +variable "location" { + type = string + default = "westus3" +} + +variable "replica_location" { + type = string + default = "centralus" +} + +variable "mongo_admin_username" { + type = string + default = "mongoAdmin" +} + +variable "mongo_admin_password" { + type = string + description = "The administrator password for the MongoDB cluster" + sensitive = true +} + +variable "mongo_restore_admin_password" { + type = string + description = "The administrator password for the restored MongoDB cluster" + sensitive = true +} + +resource "azapi_resource" "resourceGroup" { + type = "Microsoft.Resources/resourceGroups@2020-06-01" + name = var.resource_name + location = var.location +} + +resource "azapi_resource" "userAssignedIdentity" { + type = "Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31" + parent_id = azapi_resource.resourceGroup.id + name = var.resource_name + location = var.location + schema_validation_enabled = false + response_export_values = ["*"] +} + +data "azapi_client_config" "current" {} + +resource "azapi_resource" "vault" { + type = "Microsoft.KeyVault/vaults@2023-02-01" + parent_id = azapi_resource.resourceGroup.id + name = "${var.resource_name}-kv" + location = var.location + body = { + properties = { + createMode = "default" + enablePurgeProtection = true + enableSoftDelete = true + enableRbacAuthorization = true + enabledForDeployment = true + enabledForDiskEncryption = true + enabledForTemplateDeployment = true + publicNetworkAccess = "Enabled" + accessPolicies = [] + sku = { + family = "A" + name = "standard" + } + tenantId = data.azapi_client_config.current.tenant_id + } + } +} + +data "azapi_resource_list" "kvCertificatesOfficerRoleDefinition" { + type = "Microsoft.Authorization/roleDefinitions@2022-04-01" + parent_id = azapi_resource.vault.id + response_export_values = { + definition_id = "value[?properties.roleName == 'Key Vault Crypto Officer'].id | [0]" + } +} + +resource "azapi_resource" "kvRoleAssignmentTf" { + type = "Microsoft.Authorization/roleAssignments@2022-04-01" + parent_id = azapi_resource.vault.id + name = uuid() + body = { + properties = { + principalId = data.azapi_client_config.current.object_id + roleDefinitionId = data.azapi_resource_list.kvCertificatesOfficerRoleDefinition.output.definition_id + } + } + lifecycle { + ignore_changes = [name] + } +} + +data "azapi_resource_list" "kvCertificatesUserRoleDefinition" { + type = "Microsoft.Authorization/roleDefinitions@2022-04-01" + parent_id = azapi_resource.vault.id + response_export_values = { + definition_id = "value[?properties.roleName == 'Key Vault Crypto Service Encryption User'].id | [0]" + } +} + +resource "azapi_resource" "kvRoleAssignmentIdentity" { + type = "Microsoft.Authorization/roleAssignments@2022-04-01" + parent_id = azapi_resource.vault.id + name = uuid() + body = { + properties = { + principalId = azapi_resource.userAssignedIdentity.output.properties.principalId + roleDefinitionId = data.azapi_resource_list.kvCertificatesUserRoleDefinition.output.definition_id + } + } + lifecycle { + ignore_changes = [name] + } +} + +data "azapi_resource_id" "key" { + type = "Microsoft.KeyVault/vaults/keys@2023-02-01" + parent_id = azapi_resource.vault.id + name = var.resource_name +} + +resource "azapi_resource_action" "key" { + type = "Microsoft.KeyVault/vaults/keys@2023-02-01" + resource_id = data.azapi_resource_id.key.id + method = "PUT" + body = { + properties = { + keySize = 2048 + kty = "RSA" + keyOps = ["encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey"] + } + } + response_export_values = ["*"] + depends_on = [ + azapi_resource.kvRoleAssignmentTf, + azapi_resource.kvRoleAssignmentIdentity, + ] +} + +# replica key vault + +resource "azapi_resource" "vault_replica" { + type = "Microsoft.KeyVault/vaults@2023-02-01" + parent_id = azapi_resource.resourceGroup.id + name = "${var.resource_name}-kv-replica" + location = var.replica_location + body = { + properties = { + createMode = "default" + enablePurgeProtection = true + enableSoftDelete = true + enableRbacAuthorization = true + enabledForDeployment = true + enabledForDiskEncryption = true + enabledForTemplateDeployment = true + publicNetworkAccess = "Enabled" + accessPolicies = [] + sku = { + family = "A" + name = "standard" + } + tenantId = data.azapi_client_config.current.tenant_id + } + } +} + +data "azapi_resource_list" "kvCertificatesOfficerRoleDefinition_replica" { + type = "Microsoft.Authorization/roleDefinitions@2022-04-01" + parent_id = azapi_resource.vault_replica.id + response_export_values = { + definition_id = "value[?properties.roleName == 'Key Vault Crypto Officer'].id | [0]" + } +} + +resource "azapi_resource" "kvRoleAssignmentTf_replica" { + type = "Microsoft.Authorization/roleAssignments@2022-04-01" + parent_id = azapi_resource.vault_replica.id + name = uuid() + body = { + properties = { + principalId = data.azapi_client_config.current.object_id + roleDefinitionId = data.azapi_resource_list.kvCertificatesOfficerRoleDefinition.output.definition_id + } + } + lifecycle { + ignore_changes = [name] + } +} + +data "azapi_resource_list" "kvCertificatesUserRoleDefinition_replica" { + type = "Microsoft.Authorization/roleDefinitions@2022-04-01" + parent_id = azapi_resource.vault_replica.id + response_export_values = { + definition_id = "value[?properties.roleName == 'Key Vault Crypto Service Encryption User'].id | [0]" + } +} + +resource "azapi_resource" "kvRoleAssignmentIdentity_replica" { + type = "Microsoft.Authorization/roleAssignments@2022-04-01" + parent_id = azapi_resource.vault_replica.id + name = uuid() + body = { + properties = { + principalId = azapi_resource.userAssignedIdentity.output.properties.principalId + roleDefinitionId = data.azapi_resource_list.kvCertificatesUserRoleDefinition.output.definition_id + } + } + lifecycle { + ignore_changes = [name] + } +} + +data "azapi_resource_id" "key_replica" { + type = "Microsoft.KeyVault/vaults/keys@2023-02-01" + parent_id = azapi_resource.vault_replica.id + name = var.resource_name +} + +resource "azapi_resource_action" "key_replica" { + type = "Microsoft.KeyVault/vaults/keys@2023-02-01" + resource_id = data.azapi_resource_id.key_replica.id + method = "PUT" + body = { + properties = { + keySize = 2048 + kty = "RSA" + keyOps = ["encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey"] + } + } + response_export_values = ["*"] + depends_on = [ + azapi_resource.kvRoleAssignmentTf_replica, + azapi_resource.kvRoleAssignmentIdentity_replica, + ] +} + +resource "azapi_resource" "mongoCluster" { + type = "Microsoft.DocumentDB/mongoClusters@2025-09-01" + parent_id = azapi_resource.resourceGroup.id + name = var.resource_name + location = var.location + identity { + type = "UserAssigned" + identity_ids = [azapi_resource.userAssignedIdentity.id] + } + body = { + properties = { + administrator = { + userName = var.mongo_admin_username + } + authConfig = { + allowedModes = ["MicrosoftEntraID", "NativeAuth"] + } + compute = { + tier = "M30" + } + encryption = { + customerManagedKeyEncryption = { + keyEncryptionKeyIdentity = { + identityType = "UserAssignedIdentity" + userAssignedIdentityResourceId = azapi_resource.userAssignedIdentity.id + } + keyEncryptionKeyUrl = azapi_resource_action.key.output.properties.keyUri + } + } + highAvailability = { + targetMode = "Disabled" + } + previewFeatures = [ + "ShardRebalancer" + ] + publicNetworkAccess = "Enabled" + serverVersion = "5.0" + sharding = { + shardCount = 1 + } + storage = { + sizeGb = 32 + } + } + } + sensitive_body = { + properties = { + administrator = { + password = var.mongo_admin_password + } + } + } + tags = { + Environment = "Test" + } + schema_validation_enabled = false + response_export_values = ["*"] +} + +# Wait for the MongoDB cluster to have backup capability available +resource "time_sleep" "wait_for_backup_ready" { + depends_on = [azapi_resource.mongoCluster] + + # Wait 5 minutes for backup to be available - MongoDB clusters typically need time to enable backup + create_duration = "300s" +} + +# Data source to get the updated cluster info with backup details +data "azapi_resource" "mongoCluster_backup_check" { + type = "Microsoft.DocumentDB/mongoClusters@2025-09-01" + resource_id = azapi_resource.mongoCluster.id + + response_export_values = ["properties.backup.earliestRestoreTime"] + depends_on = [time_sleep.wait_for_backup_ready] +} + +resource "azapi_resource" "mongoCluster_PointInTimeRestore" { + type = "Microsoft.DocumentDB/mongoClusters@2025-09-01" + parent_id = azapi_resource.resourceGroup.id + name = "${var.resource_name}-restore" + location = var.location + identity { + type = "UserAssigned" + identity_ids = [azapi_resource.userAssignedIdentity.id] + } + body = { + properties = { + createMode = "PointInTimeRestore" + administrator = { + userName = var.mongo_admin_username + } + encryption = { + customerManagedKeyEncryption = { + keyEncryptionKeyIdentity = { + identityType = "UserAssignedIdentity" + userAssignedIdentityResourceId = azapi_resource.userAssignedIdentity.id + } + keyEncryptionKeyUrl = azapi_resource_action.key.output.properties.keyUri + } + } + restoreParameters = { + pointInTimeUTC = data.azapi_resource.mongoCluster_backup_check.output.properties.backup.earliestRestoreTime + sourceResourceId = azapi_resource.mongoCluster.id + } + } + } + sensitive_body = { + properties = { + administrator = { + password = var.mongo_restore_admin_password + } + } + } + schema_validation_enabled = false + ignore_casing = false + ignore_missing_property = false + + depends_on = [ + data.azapi_resource.mongoCluster_backup_check + ] +} + +resource "azapi_resource" "mongoCluster_GeoReplica" { + type = "Microsoft.DocumentDB/mongoClusters@2025-09-01" + parent_id = azapi_resource.resourceGroup.id + name = "${var.resource_name}-repl" + location = var.replica_location + identity { + type = "UserAssigned" + identity_ids = [azapi_resource.userAssignedIdentity.id] + } + body = { + properties = { + createMode = "GeoReplica" + encryption = { + customerManagedKeyEncryption = { + keyEncryptionKeyIdentity = { + identityType = "UserAssignedIdentity" + userAssignedIdentityResourceId = azapi_resource.userAssignedIdentity.id + } + keyEncryptionKeyUrl = azapi_resource_action.key_replica.output.properties.keyUri + } + } + replicaParameters = { + sourceLocation = var.location # Source location matches the primary cluster + sourceResourceId = azapi_resource.mongoCluster.id + } + } + } + schema_validation_enabled = false + response_export_values = ["*"] +} diff --git a/settings/remarks/microsoft.documentdb/samples/mongoclusters/users/main.tf b/settings/remarks/microsoft.documentdb/samples/mongoclusters/users/main.tf new file mode 100644 index 0000000..349583d --- /dev/null +++ b/settings/remarks/microsoft.documentdb/samples/mongoclusters/users/main.tf @@ -0,0 +1,94 @@ +terraform { + required_providers { + azapi = { + source = "Azure/azapi" + } + } +} + +provider "azapi" { + skip_provider_registration = false +} + +variable "resource_name" { + type = string + default = "acctest0001" +} + +variable "location" { + type = string + default = "westus3" +} + +resource "azapi_resource" "resourceGroup" { + type = "Microsoft.Resources/resourceGroups@2020-06-01" + name = var.resource_name + location = var.location +} + +resource "azapi_resource" "userAssignedIdentity" { + type = "Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31" + parent_id = azapi_resource.resourceGroup.id + name = var.resource_name + location = var.location + schema_validation_enabled = false + response_export_values = ["*"] +} + +data "azapi_client_config" "current" {} + +resource "azapi_resource" "mongoClusterSSDv2" { + type = "Microsoft.DocumentDB/mongoClusters@2025-09-01" + parent_id = azapi_resource.resourceGroup.id + name = "${var.resource_name}-ssdv2" + location = var.location + body = { + properties = { + authConfig = { + allowedModes = ["MicrosoftEntraID"] + } + compute = { + tier = "M30" + } + highAvailability = { + targetMode = "Disabled" + } + serverVersion = "6.0" + publicNetworkAccess = "Disabled" + sharding = { + shardCount = 1 + } + storage = { + sizeGb = 64 + type = "PremiumSSDv2" + } + } + } + schema_validation_enabled = false + response_export_values = ["*"] +} + +resource "azapi_resource" "mongoUser_EntraServicePrincipal" { + type = "Microsoft.DocumentDB/mongoClusters/users@2025-09-01" + name = azapi_resource.userAssignedIdentity.output.properties.principalId + parent_id = azapi_resource.mongoClusterSSDv2.id + + body = { + properties = { + roles = [ + { + role = "root" + db = "admin" + } + ] + identityProvider = { + type = "MicrosoftEntraID" + properties = { + principalType = "ServicePrincipal" + } + } + } + } + schema_validation_enabled = false + response_export_values = ["*"] +} diff --git a/settings/remarks/microsoft.network/samples/networkwatchers/packetcaptures/main.tf b/settings/remarks/microsoft.network/samples/networkwatchers/packetcaptures/main.tf index 3d2df42..bf4a256 100644 --- a/settings/remarks/microsoft.network/samples/networkwatchers/packetcaptures/main.tf +++ b/settings/remarks/microsoft.network/samples/networkwatchers/packetcaptures/main.tf @@ -20,6 +20,12 @@ variable "location" { default = "westus" } +variable "admin_password" { + type = string + sensitive = true + description = "The administrator password for the virtual machine" +} + resource "azapi_resource" "resourceGroup" { type = "Microsoft.Resources/resourceGroups@2020-06-01" name = var.resource_name @@ -111,7 +117,7 @@ resource "azapi_resource" "virtualMachine" { }] } osProfile = { - adminPassword = "Password1234!" + adminPassword = var.admin_password adminUsername = "testadmin" computerName = "${var.resource_name}-vm" linuxConfiguration = { diff --git a/settings/remarks/microsoft.recoveryservices/samples/vaults/backupfabrics/protectioncontainers/protecteditems/main.tf b/settings/remarks/microsoft.recoveryservices/samples/vaults/backupfabrics/protectioncontainers/protecteditems/main.tf index 31656d7..a0114fe 100644 --- a/settings/remarks/microsoft.recoveryservices/samples/vaults/backupfabrics/protectioncontainers/protecteditems/main.tf +++ b/settings/remarks/microsoft.recoveryservices/samples/vaults/backupfabrics/protectioncontainers/protecteditems/main.tf @@ -20,6 +20,12 @@ variable "location" { default = "westus" } +variable "admin_password" { + type = string + sensitive = true + description = "The administrator password for the virtual machine" +} + locals { sa_base = substr(lower(join("", split("-", var.resource_name))), 0, 24) sa_name = local.sa_base @@ -271,7 +277,7 @@ resource "azapi_resource" "virtualMachine" { }] } osProfile = { - adminPassword = "Password123!@#" + adminPassword = var.admin_password adminUsername = "vmadmin" computerName = local.comp_name linuxConfiguration = { diff --git a/settings/remarks/microsoft.security/samples/assessments/main.tf b/settings/remarks/microsoft.security/samples/assessments/main.tf index 6bf7503..1f73a98 100644 --- a/settings/remarks/microsoft.security/samples/assessments/main.tf +++ b/settings/remarks/microsoft.security/samples/assessments/main.tf @@ -22,6 +22,12 @@ variable "location" { default = "westus" } +variable "admin_password" { + type = string + sensitive = true + description = "The administrator password for the virtual machine scale set" +} + resource "azapi_resource" "resourceGroup" { type = "Microsoft.Resources/resourceGroups@2020-06-01" name = var.resource_name @@ -143,7 +149,7 @@ resource "azapi_resource" "virtualMachineScaleSet" { }] } osProfile = { - adminPassword = "P@ssword1234!" + adminPassword = var.admin_password adminUsername = "adminuser" allowExtensionOperations = true computerNamePrefix = "${var.resource_name}-vmss" diff --git a/settings/remarks/microsoft.sql/samples/servers/databases/extendedauditingsettings/main.tf b/settings/remarks/microsoft.sql/samples/servers/databases/extendedauditingsettings/main.tf index f39bd8c..2ad0f48 100644 --- a/settings/remarks/microsoft.sql/samples/servers/databases/extendedauditingsettings/main.tf +++ b/settings/remarks/microsoft.sql/samples/servers/databases/extendedauditingsettings/main.tf @@ -22,6 +22,12 @@ variable "location" { default = "westus" } +variable "administrator_login_password" { + type = string + sensitive = true + description = "The administrator login password for the SQL server" +} + resource "azapi_resource" "resourceGroup" { type = "Microsoft.Resources/resourceGroups@2020-06-01" name = var.resource_name @@ -36,7 +42,7 @@ resource "azapi_resource" "server" { body = { properties = { administratorLogin = "missadministrator" - administratorLoginPassword = "AdminPassword123!" + administratorLoginPassword = var.administrator_login_password minimalTlsVersion = "1.2" publicNetworkAccess = "Enabled" restrictOutboundNetworkAccess = "Disabled" diff --git a/settings/remarks/microsoft.sql/samples/servers/encryptionprotector/main.tf b/settings/remarks/microsoft.sql/samples/servers/encryptionprotector/main.tf index 77ad4e8..3d9b9f0 100644 --- a/settings/remarks/microsoft.sql/samples/servers/encryptionprotector/main.tf +++ b/settings/remarks/microsoft.sql/samples/servers/encryptionprotector/main.tf @@ -20,6 +20,12 @@ variable "location" { default = "westus" } +variable "administrator_login_password" { + type = string + sensitive = true + description = "The administrator login password for the SQL server" +} + resource "azapi_resource" "resourceGroup" { type = "Microsoft.Resources/resourceGroups@2020-06-01" name = var.resource_name @@ -38,7 +44,7 @@ resource "azapi_resource" "server" { body = { properties = { administratorLogin = "mradministrator" - administratorLoginPassword = "thisIsDog11" + administratorLoginPassword = var.administrator_login_password minimalTlsVersion = "1.2" publicNetworkAccess = "Enabled" restrictOutboundNetworkAccess = "Disabled" diff --git a/settings/remarks/microsoft.sql/samples/servers/extendedauditingsettings/main.tf b/settings/remarks/microsoft.sql/samples/servers/extendedauditingsettings/main.tf index db80c77..9494407 100644 --- a/settings/remarks/microsoft.sql/samples/servers/extendedauditingsettings/main.tf +++ b/settings/remarks/microsoft.sql/samples/servers/extendedauditingsettings/main.tf @@ -20,6 +20,12 @@ variable "location" { default = "westus" } +variable "administrator_login_password" { + type = string + sensitive = true + description = "The administrator login password for the SQL server" +} + resource "azapi_resource" "resourceGroup" { type = "Microsoft.Resources/resourceGroups@2020-06-01" name = var.resource_name @@ -34,7 +40,7 @@ resource "azapi_resource" "server" { body = { properties = { administratorLogin = "missadministrator" - administratorLoginPassword = "AdminPassword123!" + administratorLoginPassword = var.administrator_login_password minimalTlsVersion = "1.2" publicNetworkAccess = "Enabled" restrictOutboundNetworkAccess = "Disabled" diff --git a/settings/remarks/microsoft.sql/samples/servers/failovergroups/main.tf b/settings/remarks/microsoft.sql/samples/servers/failovergroups/main.tf index ada090f..90a2754 100644 --- a/settings/remarks/microsoft.sql/samples/servers/failovergroups/main.tf +++ b/settings/remarks/microsoft.sql/samples/servers/failovergroups/main.tf @@ -27,6 +27,12 @@ variable "secondary_location" { default = "eastus" } +variable "administrator_login_password" { + type = string + sensitive = true + description = "The administrator login password for the SQL server" +} + resource "azapi_resource" "resourceGroup" { type = "Microsoft.Resources/resourceGroups@2020-06-01" name = var.resource_name @@ -41,7 +47,7 @@ resource "azapi_resource" "server" { body = { properties = { administratorLogin = "mradministrator" - administratorLoginPassword = "thisIsDog11" + administratorLoginPassword = var.administrator_login_password minimalTlsVersion = "1.2" publicNetworkAccess = "Enabled" restrictOutboundNetworkAccess = "Disabled" @@ -58,7 +64,7 @@ resource "azapi_resource" "server_1" { body = { properties = { administratorLogin = "mradministrator" - administratorLoginPassword = "thisIsDog11" + administratorLoginPassword = var.administrator_login_password minimalTlsVersion = "1.2" publicNetworkAccess = "Enabled" restrictOutboundNetworkAccess = "Disabled" diff --git a/settings/remarks/microsoft.sql/samples/servers/jobagents/jobs/main.tf b/settings/remarks/microsoft.sql/samples/servers/jobagents/jobs/main.tf index 09723f1..870f7f8 100644 --- a/settings/remarks/microsoft.sql/samples/servers/jobagents/jobs/main.tf +++ b/settings/remarks/microsoft.sql/samples/servers/jobagents/jobs/main.tf @@ -22,6 +22,12 @@ variable "location" { default = "westus" } +variable "administrator_login_password" { + type = string + sensitive = true + description = "The administrator login password for the SQL server" +} + resource "azapi_resource" "resourceGroup" { type = "Microsoft.Resources/resourceGroups@2020-06-01" name = var.resource_name @@ -36,7 +42,7 @@ resource "azapi_resource" "server" { body = { properties = { administratorLogin = "4dm1n157r470r" - administratorLoginPassword = "4-v3ry-53cr37-p455w0rd" + administratorLoginPassword = var.administrator_login_password minimalTlsVersion = "1.2" publicNetworkAccess = "Enabled" restrictOutboundNetworkAccess = "Disabled" diff --git a/settings/remarks/microsoft.sql/samples/servers/jobagents/jobs/steps/main.tf b/settings/remarks/microsoft.sql/samples/servers/jobagents/jobs/steps/main.tf index 0177eb9..09b7fa7 100644 --- a/settings/remarks/microsoft.sql/samples/servers/jobagents/jobs/steps/main.tf +++ b/settings/remarks/microsoft.sql/samples/servers/jobagents/jobs/steps/main.tf @@ -20,6 +20,18 @@ variable "location" { default = "westus" } +variable "administrator_login_password" { + type = string + sensitive = true + description = "The administrator login password for the SQL server" +} + +variable "job_credential_password" { + type = string + sensitive = true + description = "The password for the SQL job credential" +} + data "azapi_client_config" "current" {} locals { @@ -40,7 +52,7 @@ resource "azapi_resource" "server" { body = { properties = { administratorLogin = "4dm1n157r470r" - administratorLoginPassword = "4-v3ry-53cr37-p455w0rd" + administratorLoginPassword = var.administrator_login_password minimalTlsVersion = "1.2" publicNetworkAccess = "Enabled" restrictOutboundNetworkAccess = "Disabled" @@ -98,7 +110,7 @@ resource "azapi_resource" "credential" { name = "${var.resource_name}-job-credential" body = { properties = { - password = "testpassword" + password = var.job_credential_password username = "testusername" } } diff --git a/settings/remarks/microsoft.sql/samples/servers/jobagents/targetgroups/main.tf b/settings/remarks/microsoft.sql/samples/servers/jobagents/targetgroups/main.tf index 5c585a6..224818d 100644 --- a/settings/remarks/microsoft.sql/samples/servers/jobagents/targetgroups/main.tf +++ b/settings/remarks/microsoft.sql/samples/servers/jobagents/targetgroups/main.tf @@ -22,6 +22,18 @@ variable "location" { default = "centralus" } +variable "administrator_login_password" { + type = string + sensitive = true + description = "The administrator login password for the SQL server" +} + +variable "job_credential_password" { + type = string + sensitive = true + description = "The password for the SQL job credential" +} + resource "azapi_resource" "resourceGroup" { type = "Microsoft.Resources/resourceGroups@2020-06-01" name = var.resource_name @@ -36,7 +48,7 @@ resource "azapi_resource" "server" { body = { properties = { administratorLogin = "4dm1n157r470r" - administratorLoginPassword = "4-v3ry-53cr37-p455w0rd" + administratorLoginPassword = var.administrator_login_password minimalTlsVersion = "1.2" publicNetworkAccess = "Enabled" restrictOutboundNetworkAccess = "Disabled" @@ -95,7 +107,7 @@ resource "azapi_resource" "credential" { name = "${var.resource_name}-job-credential" body = { properties = { - password = "testpassword" + password = var.job_credential_password username = "testusername" } } diff --git a/settings/remarks/microsoft.sql/samples/servers/vulnerabilityassessments/main.tf b/settings/remarks/microsoft.sql/samples/servers/vulnerabilityassessments/main.tf index f76d2ce..5e9ff74 100644 --- a/settings/remarks/microsoft.sql/samples/servers/vulnerabilityassessments/main.tf +++ b/settings/remarks/microsoft.sql/samples/servers/vulnerabilityassessments/main.tf @@ -20,6 +20,12 @@ variable "location" { default = "centralus" } +variable "administrator_login_password" { + type = string + sensitive = true + description = "The administrator login password for the SQL server" +} + resource "azapi_resource" "resourceGroup" { type = "Microsoft.Resources/resourceGroups@2020-06-01" name = var.resource_name @@ -34,7 +40,7 @@ resource "azapi_resource" "server" { body = { properties = { administratorLogin = "mradministrator" - administratorLoginPassword = "thisIsDog11" + administratorLoginPassword = var.administrator_login_password minimalTlsVersion = "1.2" publicNetworkAccess = "Enabled" restrictOutboundNetworkAccess = "Disabled" diff --git a/settings/remarks/microsoft.storage/samples/storageaccounts/withprivateendpoint/main.tf b/settings/remarks/microsoft.storage/samples/storageaccounts/withprivateendpoint/main.tf index 0c36472..fbdd6fb 100644 --- a/settings/remarks/microsoft.storage/samples/storageaccounts/withprivateendpoint/main.tf +++ b/settings/remarks/microsoft.storage/samples/storageaccounts/withprivateendpoint/main.tf @@ -45,9 +45,9 @@ variable "vm_admin_username" { } variable "vm_admin_password" { - type = string - default = "P@$$w0rd1234!" - sensitive = true + type = string + description = "The administrator password for the virtual machine" + sensitive = true } resource "azurerm_resource_group" "example" { diff --git a/settings/remarks/microsoft.synapse/samples/workspaces/sqlpools/extendedauditingsettings/main.tf b/settings/remarks/microsoft.synapse/samples/workspaces/sqlpools/extendedauditingsettings/main.tf index 959da84..1a0a35b 100644 --- a/settings/remarks/microsoft.synapse/samples/workspaces/sqlpools/extendedauditingsettings/main.tf +++ b/settings/remarks/microsoft.synapse/samples/workspaces/sqlpools/extendedauditingsettings/main.tf @@ -20,6 +20,12 @@ variable "location" { default = "westus" } +variable "sql_administrator_login_password" { + type = string + sensitive = true + description = "The SQL administrator login password for the Synapse workspace" +} + resource "azapi_resource" "resourceGroup" { type = "Microsoft.Resources/resourceGroups@2020-06-01" name = var.resource_name @@ -147,7 +153,7 @@ resource "azapi_resource" "workspace" { managedVirtualNetwork = "" publicNetworkAccess = "Enabled" sqlAdministratorLogin = "sqladminuser" - sqlAdministratorLoginPassword = "H@Sh1CoR3!" + sqlAdministratorLoginPassword = var.sql_administrator_login_password workspaceRepositoryConfiguration = {} } } diff --git a/settings/remarks/microsoft.synapse/samples/workspaces/sqlpools/securityalertpolicies/main.tf b/settings/remarks/microsoft.synapse/samples/workspaces/sqlpools/securityalertpolicies/main.tf index a49b2e8..1a7d8d3 100644 --- a/settings/remarks/microsoft.synapse/samples/workspaces/sqlpools/securityalertpolicies/main.tf +++ b/settings/remarks/microsoft.synapse/samples/workspaces/sqlpools/securityalertpolicies/main.tf @@ -20,6 +20,12 @@ variable "location" { default = "westus" } +variable "sql_administrator_login_password" { + type = string + sensitive = true + description = "The SQL administrator login password for the Synapse workspace" +} + resource "azapi_resource" "resourceGroup" { type = "Microsoft.Resources/resourceGroups@2020-06-01" name = var.resource_name @@ -103,7 +109,7 @@ resource "azapi_resource" "workspace" { managedVirtualNetwork = "" publicNetworkAccess = "Enabled" sqlAdministratorLogin = "sqladminuser" - sqlAdministratorLoginPassword = "H@Sh1CoR3!" + sqlAdministratorLoginPassword = var.sql_administrator_login_password workspaceRepositoryConfiguration = {} } } diff --git a/settings/remarks/microsoft.synapse/samples/workspaces/vulnerabilityassessments/main.tf b/settings/remarks/microsoft.synapse/samples/workspaces/vulnerabilityassessments/main.tf index 118f957..c565501 100644 --- a/settings/remarks/microsoft.synapse/samples/workspaces/vulnerabilityassessments/main.tf +++ b/settings/remarks/microsoft.synapse/samples/workspaces/vulnerabilityassessments/main.tf @@ -20,6 +20,12 @@ variable "location" { default = "westus" } +variable "sql_administrator_login_password" { + type = string + sensitive = true + description = "The SQL administrator login password for the Synapse workspace" +} + resource "azapi_resource" "resourceGroup" { type = "Microsoft.Resources/resourceGroups@2020-06-01" name = var.resource_name @@ -149,7 +155,7 @@ resource "azapi_resource" "workspace" { managedVirtualNetwork = "" publicNetworkAccess = "Enabled" sqlAdministratorLogin = "sqladminuser" - sqlAdministratorLoginPassword = "H@Sh1CoR3!" + sqlAdministratorLoginPassword = var.sql_administrator_login_password workspaceRepositoryConfiguration = {} } } diff --git a/settings/remarks/qumulo.storage/samples/filesystems/main.tf b/settings/remarks/qumulo.storage/samples/filesystems/main.tf index 0d03144..d049cf5 100644 --- a/settings/remarks/qumulo.storage/samples/filesystems/main.tf +++ b/settings/remarks/qumulo.storage/samples/filesystems/main.tf @@ -21,9 +21,9 @@ variable "location" { } variable "qumulo_password" { - type = string - default = ")^X#ZX#JRyIY}t9" - sensitive = true + type = string + description = "The administrative password for the Qumulo file system" + sensitive = true } resource "azapi_resource" "resourceGroup" {