v0.6.0 contains example generation pipelines that can scrape Terraform registry documentation pages and generate managed resource example manifests together with their dependencies. These pipelines also incorporate automatic reference injection. The scraped metadata currently looks like the following for a resource:
azurerm_disk_encryption_set:
subCategory: Compute
description: Manages a Disk Encryption Set.
name: azurerm_disk_encryption_set
title: azurerm_disk_encryption_set
examples:
- name: example
manifest: |-
{
"identity": [
{
"type": "SystemAssigned"
}
],
"key_vault_key_id": "${azurerm_key_vault_key.example.id}",
"location": "${azurerm_resource_group.example.location}",
"name": "des",
"resource_group_name": "${azurerm_resource_group.example.name}"
}
references:
key_vault_key_id: azurerm_key_vault_key.example.id
location: azurerm_resource_group.example.location
resource_group_name: azurerm_resource_group.example.name
dependencies:
azurerm_key_vault.example: |-
{
"enabled_for_disk_encryption": true,
"location": "${azurerm_resource_group.example.location}",
"name": "des-example-keyvault",
"purge_protection_enabled": true,
"resource_group_name": "${azurerm_resource_group.example.name}",
"sku_name": "premium",
"tenant_id": "${data.azurerm_client_config.current.tenant_id}"
}
azurerm_key_vault_access_policy.example-disk: |-
{
"key_permissions": [
"Get",
"WrapKey",
"UnwrapKey"
],
"key_vault_id": "${azurerm_key_vault.example.id}",
"object_id": "${azurerm_disk_encryption_set.example.identity.0.principal_id}",
"tenant_id": "${azurerm_disk_encryption_set.example.identity.0.tenant_id}"
}
azurerm_key_vault_access_policy.example-user: |-
{
"key_permissions": [
"get",
"create",
"delete"
],
"key_vault_id": "${azurerm_key_vault.example.id}",
"object_id": "${data.azurerm_client_config.current.object_id}",
"tenant_id": "${data.azurerm_client_config.current.tenant_id}"
}
azurerm_key_vault_key.example: |-
{
"depends_on": [
"${azurerm_key_vault_access_policy.example-user}"
],
"key_opts": [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey"
],
"key_size": 2048,
"key_type": "RSA",
"key_vault_id": "${azurerm_key_vault.example.id}",
"name": "des-example-key"
}
azurerm_resource_group.example: |-
{
"location": "West Europe",
"name": "example-resources"
}
argumentDocs:
auto_key_rotation_enabled: '- (Optional) Boolean flag to specify whether Azure Disk Encryption Set automatically rotates encryption Key to latest version. Defaults to false.'
create: '- (Defaults to 60 minutes) Used when creating the Disk Encryption Set.'
delete: '- (Defaults to 60 minutes) Used when deleting the Disk Encryption Set.'
encryption_type: '- (Optional) The type of key used to encrypt the data of the disk. Possible values are EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformAndCustomerKeys and ConfidentialVmEncryptedWithCustomerKey. Defaults to EncryptionAtRestWithCustomerKey.'
id: '- The ID of the Disk Encryption Set.'
identity: '- (Required) An identity block as defined below.'
key_vault_key_id: '- (Required) Specifies the URL to a Key Vault Key (either from a Key Vault Key, or the Key URL for the Key Vault Secret).'
location: '- (Required) Specifies the Azure Region where the Disk Encryption Set exists. Changing this forces a new resource to be created.'
name: '- (Required) The name of the Disk Encryption Set. Changing this forces a new resource to be created.'
principal_id: '- The (Client) ID of the Service Principal.'
read: '- (Defaults to 5 minutes) Used when retrieving the Disk Encryption Set.'
resource_group_name: '- (Required) Specifies the name of the Resource Group where the Disk Encryption Set should exist. Changing this forces a new resource to be created.'
tags: '- (Optional) A mapping of tags to assign to the Disk Encryption Set.'
tenant_id: '- The ID of the Tenant the Service Principal is assigned in.'
type: '- (Required) The type of Managed Service Identity that is configured on this Disk Encryption Set. The only possible value is SystemAssigned.'
update: '- (Defaults to 60 minutes) Used when updating the Disk Encryption Set.'
importStatements:
- terraform import azurerm_disk_encryption_set.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Compute/diskEncryptionSets/encryptionSet1The generated example manifests for this resource then looks like the following:
apiVersion: compute.azure.upbound.io/v1beta1
kind: DiskEncryptionSet
metadata:
labels:
testing.upbound.io/example-name: example
name: example
spec:
forProvider:
identity:
- type: SystemAssigned
keyVaultKeyIdSelector:
matchLabels:
testing.upbound.io/example-name: example
location: West Europe
resourceGroupNameSelector:
matchLabels:
testing.upbound.io/example-name: example
---
apiVersion: keyvault.azure.upbound.io/v1beta1
kind: Vault
metadata:
labels:
testing.upbound.io/example-name: example
name: example
spec:
forProvider:
enabledForDiskEncryption: true
location: West Europe
purgeProtectionEnabled: true
resourceGroupNameSelector:
matchLabels:
testing.upbound.io/example-name: example
skuName: premium
tenantId: ${data.azurerm_client_config.current.tenant_id}
---
apiVersion: keyvault.azure.upbound.io/v1beta1
kind: AccessPolicy
metadata:
labels:
testing.upbound.io/example-name: example-disk
name: example-disk
spec:
forProvider:
keyPermissions:
- Get
- WrapKey
- UnwrapKey
keyVaultIdSelector:
matchLabels:
testing.upbound.io/example-name: example
objectId: ${azurerm_disk_encryption_set.example.identity.0.principal_id}
tenantId: ${azurerm_disk_encryption_set.example.identity.0.tenant_id}
---
apiVersion: keyvault.azure.upbound.io/v1beta1
kind: AccessPolicy
metadata:
labels:
testing.upbound.io/example-name: example-user
name: example-user
spec:
forProvider:
keyPermissions:
- get
- create
- delete
keyVaultIdSelector:
matchLabels:
testing.upbound.io/example-name: example
objectId: ${data.azurerm_client_config.current.object_id}
tenantId: ${data.azurerm_client_config.current.tenant_id}
---
apiVersion: keyvault.azure.upbound.io/v1beta1
kind: Key
metadata:
labels:
testing.upbound.io/example-name: example
name: example
spec:
forProvider:
keyOpts:
- decrypt
- encrypt
- sign
- unwrapKey
- verify
- wrapKey
keySize: 2048
keyType: RSA
keyVaultIdSelector:
matchLabels:
testing.upbound.io/example-name: example
---
apiVersion: azure.upbound.io/v1beta1
kind: ResourceGroup
metadata:
labels:
testing.upbound.io/example-name: example
name: example
spec:
forProvider:
location: West Europe
---