Azure · lonegunmanb · Feb 23, 2024 · Feb 23, 2024 · Feb 23, 2024
diff --git a/README.md b/README.md
diff --git a/examples/multiple_node_pools/main.tf b/examples/multiple_node_pools/main.tf
@@ -46,11 +46,12 @@ locals {
 module "aks" {
   source = "../.."
 
-  prefix              = "prefix-${random_id.prefix.hex}"
-  resource_group_name = local.resource_group.name
-  os_disk_size_gb     = 60
-  sku_tier            = "Standard"
-  rbac_aad            = false
-  vnet_subnet_id      = azurerm_subnet.test.id
-  node_pools          = local.nodes
+  prefix                          = "prefix-${random_id.prefix.hex}"
+  resource_group_name             = local.resource_group.name
+  log_analytics_workspace_enabled = false
+  os_disk_size_gb                 = 60
+  sku_tier                        = "Standard"
+  rbac_aad                        = false
+  vnet_subnet_id                  = azurerm_subnet.test.id
+  node_pools                      = local.nodes
 }
diff --git a/examples/named_cluster/main.tf b/examples/named_cluster/main.tf
@@ -62,15 +62,14 @@ resource "azurerm_log_analytics_solution" "main" {
 module "aks_cluster_name" {
   source = "../.."
 
-  prefix                               = "prefix"
-  resource_group_name                  = local.resource_group.name
-  admin_username                       = null
-  azure_policy_enabled                 = true
-  cluster_log_analytics_workspace_name = "test-cluster"
-  cluster_name                         = "test-cluster"
-  disk_encryption_set_id               = azurerm_disk_encryption_set.des.id
-  identity_ids                         = [azurerm_user_assigned_identity.test.id]
-  identity_type                        = "UserAssigned"
+  prefix                 = "prefix"
+  resource_group_name    = local.resource_group.name
+  admin_username         = null
+  azure_policy_enabled   = true
+  cluster_name           = "test-cluster"
+  disk_encryption_set_id = azurerm_disk_encryption_set.des.id
+  identity_ids           = [azurerm_user_assigned_identity.test.id]
+  identity_type          = "UserAssigned"
   log_analytics_solution = {
     id = azurerm_log_analytics_solution.main.id
   }

diff --git a/examples/startup/main.tf b/examples/startup/main.tf
@@ -74,9 +74,11 @@ module "aks" {
     name        = "${random_id.prefix.hex}-agw"
     subnet_cidr = "10.52.1.0/24"
   }
-  local_account_disabled               = true
-  log_analytics_workspace_enabled      = true
-  cluster_log_analytics_workspace_name = random_id.name.hex
+  local_account_disabled          = true
+  log_analytics_workspace_enabled = true
+  new_log_analytics_workspace = {
+    name = random_id.name.hex
+  }
   maintenance_window = {
     allowed = [
       {

diff --git a/examples/uai_and_assign_role_on_subnet/main.tf b/examples/uai_and_assign_role_on_subnet/main.tf
@@ -28,13 +28,14 @@ resource "azurerm_user_assigned_identity" "main" {
 module "aks" {
   source = "../../"
 
-  cluster_name        = var.kubernetes_cluster_name
-  prefix              = var.kubernetes_cluster_name
-  resource_group_name = azurerm_resource_group.rg.name
-  identity_ids        = [azurerm_user_assigned_identity.main.id]
-  identity_type       = "UserAssigned"
-  vnet_subnet_id      = azurerm_subnet.subnet.id
-  rbac_aad            = false
+  cluster_name                    = var.kubernetes_cluster_name
+  prefix                          = var.kubernetes_cluster_name
+  resource_group_name             = azurerm_resource_group.rg.name
+  identity_ids                    = [azurerm_user_assigned_identity.main.id]
+  identity_type                   = "UserAssigned"
+  log_analytics_workspace_enabled = false
+  vnet_subnet_id                  = azurerm_subnet.subnet.id
+  rbac_aad                        = false
   network_contributor_role_assigned_subnet_ids = {
     vnet_subnet = azurerm_subnet.subnet.id
   }

diff --git a/examples/with_acr/main.tf b/examples/with_acr/main.tf
@@ -60,10 +60,11 @@ module "aks" {
   attached_acr_id_map = {
     example = azurerm_container_registry.example.id
   }
-  network_plugin  = "azure"
-  network_policy  = "azure"
-  os_disk_size_gb = 60
-  sku_tier        = "Standard"
-  rbac_aad        = false
-  vnet_subnet_id  = azurerm_subnet.test.id
+  log_analytics_workspace_enabled = false
+  network_plugin                  = "azure"
+  network_policy                  = "azure"
+  os_disk_size_gb                 = 60
+  sku_tier                        = "Standard"
+  rbac_aad                        = false
+  vnet_subnet_id                  = azurerm_subnet.test.id
 }
diff --git a/log_analytics.tf b/log_analytics.tf
@@ -1,12 +1,21 @@
 resource "azurerm_log_analytics_workspace" "main" {
   count = local.create_analytics_workspace ? 1 : 0
 
-  location            = coalesce(var.location, data.azurerm_resource_group.main.location)
-  name                = coalesce(var.cluster_log_analytics_workspace_name, trim("${var.prefix}-workspace", "-"))
-  resource_group_name = coalesce(var.log_analytics_workspace_resource_group_name, var.resource_group_name)
-  retention_in_days   = var.log_retention_in_days
-  sku                 = var.log_analytics_workspace_sku
-  tags = merge(var.tags, (/*<box>*/ (var.tracing_tags_enabled ? { for k, v in /*</box>*/ {
+  location                                = coalesce(var.new_log_analytics_workspace.location, var.location, data.azurerm_resource_group.main.location)
+  name                                    = coalesce(var.new_log_analytics_workspace.name, trim("${var.prefix}-workspace", "-"))
+  resource_group_name                     = coalesce(var.new_log_analytics_workspace.resource_group_name, var.resource_group_name)
+  allow_resource_only_permissions         = var.new_log_analytics_workspace.allow_resource_only_permissions
+  cmk_for_query_forced                    = var.new_log_analytics_workspace.cmk_for_query_forced
+  daily_quota_gb                          = var.new_log_analytics_workspace.daily_quota_gb
+  data_collection_rule_id                 = var.new_log_analytics_workspace.data_collection_rule_id
+  immediate_data_purge_on_30_days_enabled = var.new_log_analytics_workspace.immediate_data_purge_on_30_days_enabled
+  internet_ingestion_enabled              = var.new_log_analytics_workspace.internet_ingestion_enabled
+  internet_query_enabled                  = var.new_log_analytics_workspace.internet_query_enabled
+  local_authentication_disabled           = var.new_log_analytics_workspace.local_authentication_disabled
+  reservation_capacity_in_gb_per_day      = var.new_log_analytics_workspace.reservation_capacity_in_gb_per_day
+  retention_in_days                       = var.new_log_analytics_workspace.retention_in_days
+  sku                                     = var.new_log_analytics_workspace.sku
+  tags = merge(var.tags, var.new_log_analytics_workspace.tags, (/*<box>*/ (var.tracing_tags_enabled ? { for k, v in /*</box>*/ {
     avm_git_commit           = "0ae8a663f1dc1dc474b14c10d9c94c77a3d1e234"
     avm_git_file             = "main.tf"
     avm_git_last_modified_at = "2023-06-05 02:21:33"
@@ -19,9 +28,13 @@ resource "azurerm_log_analytics_workspace" "main" {
 
   lifecycle {
     precondition {
-      condition     = can(coalesce(var.cluster_log_analytics_workspace_name, var.prefix))
+      condition     = can(coalesce(var.new_log_analytics_workspace.name, var.prefix))
       error_message = "You must set one of `var.cluster_log_analytics_workspace_name` and `var.prefix` to create `azurerm_log_analytics_workspace.main`."
     }
+    precondition {
+      condition     = var.log_analytics_workspace == null
+      error_message = "You can set only one of `var.log_analytics_workspace` and `var.new_log_analytics_workspace`, not both."
+    }
   }
 }
 

diff --git a/variables.tf b/variables.tf
@@ -389,12 +389,6 @@ variable "client_secret" {
   nullable    = false
 }
 
-variable "cluster_log_analytics_workspace_name" {
-  type        = string
-  default     = null
-  description = "(Optional) The name of the Analytics workspace"
-}
-
 variable "cluster_name" {
   type        = string
   default     = null
@@ -687,24 +681,6 @@ variable "log_analytics_workspace_enabled" {
   nullable    = false
 }
 
-variable "log_analytics_workspace_resource_group_name" {
-  type        = string
-  default     = null
-  description = "(Optional) Resource group name to create azurerm_log_analytics_solution."
-}
-
-variable "log_analytics_workspace_sku" {
-  type        = string
-  default     = "PerGB2018"
-  description = "The SKU (pricing level) of the Log Analytics workspace. For new subscriptions the SKU should be set to PerGB2018"
-}
-
-variable "log_retention_in_days" {
-  type        = number
-  default     = 30
-  description = "The retention period for the logs in days"
-}
-
 variable "maintenance_window" {
   type = object({
     allowed = optional(list(object({
@@ -869,6 +845,53 @@ variable "network_policy" {
   description = " (Optional) Sets up network policy to be used with Azure CNI. Network policy allows us to control the traffic flow between pods. Currently supported values are calico and azure. Changing this forces a new resource to be created."
 }
 
+variable "new_log_analytics_workspace" {
+  type = object({
+    allow_resource_only_permissions         = optional(bool)
+    cmk_for_query_forced                    = optional(bool)
+    daily_quota_gb                          = optional(number)
+    data_collection_rule_id                 = optional(string)
+    immediate_data_purge_on_30_days_enabled = optional(bool)
+    internet_ingestion_enabled              = optional(bool)
+    internet_query_enabled                  = optional(bool)
+    local_authentication_disabled           = optional(bool)
+    location                                = optional(string)
+    name                                    = optional(string)
+    reservation_capacity_in_gb_per_day      = optional(number)
+    resource_group_name                     = optional(string)
+    retention_in_days                       = optional(number)
+    sku                                     = optional(string)
+    tags                                    = optional(map(string))
+    identity = optional(object({
+      identity_ids = optional(set(string))
+      type         = string
+    }))
+  })
+  default     = null
+  description = <<-DESCRIPTION
+ - `allow_resource_only_permissions` - (Optional) Specifies if the log Analytics Workspace allow users accessing to data associated with resources they have permission to view, without permission to workspace. Defaults to `true`.
+ - `cmk_for_query_forced` - (Optional) Is Customer Managed Storage mandatory for query management?
+ - `daily_quota_gb` - (Optional) The workspace daily quota for ingestion in GB. Defaults to -1 (unlimited) if omitted.
+ - `data_collection_rule_id` - (Optional) The ID of the Data Collection Rule to use for this workspace.
+ - `immediate_data_purge_on_30_days_enabled` - (Optional) Whether to remove the data in the Log Analytics Workspace immediately after 30 days.
+ - `internet_ingestion_enabled` - (Optional) Should the Log Analytics Workspace support ingestion over the Public Internet? Defaults to `true`.
+ - `internet_query_enabled` - (Optional) Should the Log Analytics Workspace support querying over the Public Internet? Defaults to `true`.
+ - `local_authentication_disabled` - (Optional) Specifies if the log Analytics workspace should enforce authentication using Azure AD. Defaults to `false`.
+ - `location` - (Optional) Specifies the supported Azure location where the resource exists. Will use `var.location` if omitted. Changing this forces a new resource to be created.
+ - `name` - (Optional) Specifies the name of the Log Analytics Workspace. Workspace name should include 4-63 letters, digits or '-'. The '-' shouldn't be the first or the last symbol. Will use `trim("$${var.prefix}-workspace", "-"))` as name if omitted. Changing this forces a new resource to be created.
+ - `reservation_capacity_in_gb_per_day` - (Optional) The capacity reservation level in GB for this workspace. Possible values are `100`, `200`, `300`, `400`, `500`, `1000`, `2000` and `5000`.
+ - `resource_group_name` - (Optional) The name of the resource group in which the Log Analytics workspace is created. Will use `var.resource_group_name` if omitted. Changing this forces a new resource to be created.
+ - `retention_in_days` - (Optional) The workspace data retention in days. Possible values are either 7 (Free Tier only) or range between 30 and 730.
+ - `sku` - (Optional) Specifies the SKU of the Log Analytics Workspace. Possible values are `Free`, `PerNode`, `Premium`, `Standard`, `Standalone`, `Unlimited`, `CapacityReservation`, and `PerGB2018` (new SKU as of `2018-04-03`). Defaults to `PerGB2018`.
+ - `tags` - (Optional) A mapping of tags to assign to the resource.
+
+ ---
+ `identity` block supports the following:
+ - `identity_ids` - (Optional) Specifies a list of user managed identity ids to be assigned. Required if `type` is `UserAssigned`.
+ - `type` - (Required) Specifies the identity type of the Log Analytics Workspace. Possible values are `SystemAssigned` (where Azure will generate a Service Principal for you) and `UserAssigned` where you can specify the Service Principal IDs in the `identity_ids` field.
+DESCRIPTION
+}
+
 variable "node_os_channel_upgrade" {
   type        = string
   default     = null