Skip to content

v0.6.0

Compare
Choose a tag to compare
@ulucinar ulucinar released this 05 Aug 10:00
· 659 commits to main since this release
d108c39

v0.6.0 contains example generation pipelines that can scrape Terraform registry documentation pages and generate managed resource example manifests together with their dependencies. These pipelines also incorporate automatic reference injection. The scraped metadata currently looks like the following for a resource:

    azurerm_disk_encryption_set:
        subCategory: Compute
        description: Manages a Disk Encryption Set.
        name: azurerm_disk_encryption_set
        title: azurerm_disk_encryption_set
        examples:
            - name: example
              manifest: |-
                {
                  "identity": [
                    {
                      "type": "SystemAssigned"
                    }
                  ],
                  "key_vault_key_id": "${azurerm_key_vault_key.example.id}",
                  "location": "${azurerm_resource_group.example.location}",
                  "name": "des",
                  "resource_group_name": "${azurerm_resource_group.example.name}"
                }
              references:
                key_vault_key_id: azurerm_key_vault_key.example.id
                location: azurerm_resource_group.example.location
                resource_group_name: azurerm_resource_group.example.name
              dependencies:
                azurerm_key_vault.example: |-
                    {
                      "enabled_for_disk_encryption": true,
                      "location": "${azurerm_resource_group.example.location}",
                      "name": "des-example-keyvault",
                      "purge_protection_enabled": true,
                      "resource_group_name": "${azurerm_resource_group.example.name}",
                      "sku_name": "premium",
                      "tenant_id": "${data.azurerm_client_config.current.tenant_id}"
                    }
                azurerm_key_vault_access_policy.example-disk: |-
                    {
                      "key_permissions": [
                        "Get",
                        "WrapKey",
                        "UnwrapKey"
                      ],
                      "key_vault_id": "${azurerm_key_vault.example.id}",
                      "object_id": "${azurerm_disk_encryption_set.example.identity.0.principal_id}",
                      "tenant_id": "${azurerm_disk_encryption_set.example.identity.0.tenant_id}"
                    }
                azurerm_key_vault_access_policy.example-user: |-
                    {
                      "key_permissions": [
                        "get",
                        "create",
                        "delete"
                      ],
                      "key_vault_id": "${azurerm_key_vault.example.id}",
                      "object_id": "${data.azurerm_client_config.current.object_id}",
                      "tenant_id": "${data.azurerm_client_config.current.tenant_id}"
                    }
                azurerm_key_vault_key.example: |-
                    {
                      "depends_on": [
                        "${azurerm_key_vault_access_policy.example-user}"
                      ],
                      "key_opts": [
                        "decrypt",
                        "encrypt",
                        "sign",
                        "unwrapKey",
                        "verify",
                        "wrapKey"
                      ],
                      "key_size": 2048,
                      "key_type": "RSA",
                      "key_vault_id": "${azurerm_key_vault.example.id}",
                      "name": "des-example-key"
                    }
                azurerm_resource_group.example: |-
                    {
                      "location": "West Europe",
                      "name": "example-resources"
                    }
        argumentDocs:
            auto_key_rotation_enabled: '- (Optional) Boolean flag to specify whether Azure Disk Encryption Set automatically rotates encryption Key to latest version. Defaults to false.'
            create: '- (Defaults to 60 minutes) Used when creating the Disk Encryption Set.'
            delete: '- (Defaults to 60 minutes) Used when deleting the Disk Encryption Set.'
            encryption_type: '- (Optional) The type of key used to encrypt the data of the disk. Possible values are EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformAndCustomerKeys and ConfidentialVmEncryptedWithCustomerKey. Defaults to EncryptionAtRestWithCustomerKey.'
            id: '- The ID of the Disk Encryption Set.'
            identity: '- (Required) An identity block as defined below.'
            key_vault_key_id: '- (Required) Specifies the URL to a Key Vault Key (either from a Key Vault Key, or the Key URL for the Key Vault Secret).'
            location: '- (Required) Specifies the Azure Region where the Disk Encryption Set exists. Changing this forces a new resource to be created.'
            name: '- (Required) The name of the Disk Encryption Set. Changing this forces a new resource to be created.'
            principal_id: '- The (Client) ID of the Service Principal.'
            read: '- (Defaults to 5 minutes) Used when retrieving the Disk Encryption Set.'
            resource_group_name: '- (Required) Specifies the name of the Resource Group where the Disk Encryption Set should exist. Changing this forces a new resource to be created.'
            tags: '- (Optional) A mapping of tags to assign to the Disk Encryption Set.'
            tenant_id: '- The ID of the Tenant the Service Principal is assigned in.'
            type: '- (Required) The type of Managed Service Identity that is configured on this Disk Encryption Set. The only possible value is SystemAssigned.'
            update: '- (Defaults to 60 minutes) Used when updating the Disk Encryption Set.'
        importStatements:
            - terraform import azurerm_disk_encryption_set.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Compute/diskEncryptionSets/encryptionSet1

The generated example manifests for this resource then looks like the following:

apiVersion: compute.azure.upbound.io/v1beta1
kind: DiskEncryptionSet
metadata:
  labels:
    testing.upbound.io/example-name: example
  name: example
spec:
  forProvider:
    identity:
    - type: SystemAssigned
    keyVaultKeyIdSelector:
      matchLabels:
        testing.upbound.io/example-name: example
    location: West Europe
    resourceGroupNameSelector:
      matchLabels:
        testing.upbound.io/example-name: example

---

apiVersion: keyvault.azure.upbound.io/v1beta1
kind: Vault
metadata:
  labels:
    testing.upbound.io/example-name: example
  name: example
spec:
  forProvider:
    enabledForDiskEncryption: true
    location: West Europe
    purgeProtectionEnabled: true
    resourceGroupNameSelector:
      matchLabels:
        testing.upbound.io/example-name: example
    skuName: premium
    tenantId: ${data.azurerm_client_config.current.tenant_id}

---

apiVersion: keyvault.azure.upbound.io/v1beta1
kind: AccessPolicy
metadata:
  labels:
    testing.upbound.io/example-name: example-disk
  name: example-disk
spec:
  forProvider:
    keyPermissions:
    - Get
    - WrapKey
    - UnwrapKey
    keyVaultIdSelector:
      matchLabels:
        testing.upbound.io/example-name: example
    objectId: ${azurerm_disk_encryption_set.example.identity.0.principal_id}
    tenantId: ${azurerm_disk_encryption_set.example.identity.0.tenant_id}

---

apiVersion: keyvault.azure.upbound.io/v1beta1
kind: AccessPolicy
metadata:
  labels:
    testing.upbound.io/example-name: example-user
  name: example-user
spec:
  forProvider:
    keyPermissions:
    - get
    - create
    - delete
    keyVaultIdSelector:
      matchLabels:
        testing.upbound.io/example-name: example
    objectId: ${data.azurerm_client_config.current.object_id}
    tenantId: ${data.azurerm_client_config.current.tenant_id}

---

apiVersion: keyvault.azure.upbound.io/v1beta1
kind: Key
metadata:
  labels:
    testing.upbound.io/example-name: example
  name: example
spec:
  forProvider:
    keyOpts:
    - decrypt
    - encrypt
    - sign
    - unwrapKey
    - verify
    - wrapKey
    keySize: 2048
    keyType: RSA
    keyVaultIdSelector:
      matchLabels:
        testing.upbound.io/example-name: example

---

apiVersion: azure.upbound.io/v1beta1
kind: ResourceGroup
metadata:
  labels:
    testing.upbound.io/example-name: example
  name: example
spec:
  forProvider:
    location: West Europe

---