Azure · lonegunmanb · Jul 22, 2024 · Jul 18, 2024
diff --git a/quickstart/101-confidential-ledger/README.md b/quickstart/101-confidential-ledger/README.md
@@ -0,0 +1,23 @@
+# Azure Confidential Ledger
+
+This template deploys an Azure Confidential Ledger.
+
+## Terraform resource types
+
+- [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet)
+- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group)
+- [azurerm_client_config](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config)
+- [random_string](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string)
+- [azurerm_confidential_ledger](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/confidential_ledger)
+
+## Variables
+
+| Name | Description | Default value |
+|-|-|-|
+| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg |
+| `resource_group_location` | Location of the resource group. | eastus |
+| `confidential_ledger_name` | Name of the confidential ledger resource. | "" |
+| `confidential_ledger_type` | Type of the confidential ledger. Possible values are: Public and Private. | Public |
+| `confidential_ledger_role_name` | Role name for the confidential ledger. | Administrator |
+
+## Example
diff --git a/quickstart/101-confidential-ledger/main.tf b/quickstart/101-confidential-ledger/main.tf
@@ -0,0 +1,36 @@
+resource "random_pet" "rg_name" {
+  prefix = var.resource_group_name_prefix
+}
+
+resource "azurerm_resource_group" "rg" {
+  location = var.resource_group_location
+  name     = random_pet.rg_name.id
+}
+
+data "azurerm_client_config" "current" {
+}
+
+resource "random_string" "azurerm_confidential_ledger_name" {
+  length  = 13
+  lower   = true
+  numeric = false
+  special = false
+  upper   = false
+}
+
+resource "azurerm_confidential_ledger" "example" {
+  name                = coalesce(var.confidential_ledger_name, "ledger-${random_string.azurerm_confidential_ledger_name.result}")
+  resource_group_name = azurerm_resource_group.rg.name
+  location            = azurerm_resource_group.rg.location
+  ledger_type         = var.confidential_ledger_type
+
+  azuread_based_service_principal {
+    principal_id     = data.azurerm_client_config.current.object_id
+    tenant_id        = data.azurerm_client_config.current.tenant_id
+    ledger_role_name = var.confidential_ledger_role_name
+  }
+
+  tags = {
+    IsExample = "True"
+  }
+}
diff --git a/quickstart/101-confidential-ledger/outputs.tf b/quickstart/101-confidential-ledger/outputs.tf
@@ -0,0 +1,15 @@
+output "resource_group_name" {
+  value = azurerm_resource_group.rg.name
+}
+
+output "confidential_ledger_name" {
+  value = azurerm_confidential_ledger.example.name
+}
+
+output "confidential_ledger_type" {
+  value = azurerm_confidential_ledger.example.ledger_type
+}
+
+output "confidential_ledger_role_name" {
+  value = azurerm_confidential_ledger.example.azuread_based_service_principal[0].ledger_role_name
+}
diff --git a/quickstart/101-confidential-ledger/providers.tf b/quickstart/101-confidential-ledger/providers.tf
@@ -0,0 +1,18 @@
+terraform {
+  required_version = ">=1.0"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~>3.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}
diff --git a/quickstart/101-confidential-ledger/variables.tf b/quickstart/101-confidential-ledger/variables.tf
@@ -0,0 +1,33 @@
+variable "resource_group_name_prefix" {
+  type        = string
+  default     = "rg"
+  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
+}
+
+variable "resource_group_location" {
+  type        = string
+  default     = "eastus"
+  description = "Location of the resource group."
+}
+
+variable "confidential_ledger_name" {
+  type        = string
+  description = "The name of the confidential ledger resource. The value will be randomly generated if blank."
+  default     = ""
+}
+
+variable "confidential_ledger_type" {
+  type        = string
+  default     = "Public"
+  validation {
+    condition     = contains(["Public", "Private"], var.confidential_ledger_type)
+    error_message = "The confidential ledger type value must be one of the following: Public, Private."
+  }
+  description = "Type of the confidential ledger."
+}
+
+variable "confidential_ledger_role_name" {
+  type        = string
+  default     = "Administrator"
+  description = "Role name for the confidential ledger."
+}