Terraform-provider-azurerm: Please add support for azure windows virtual desktops

Azure Windows Virtual Desktop is now GA (https://azure.microsoft.com/en-us/blog/windows-virtual-desktop-is-now-generally-available-worldwide/) and we plan on using it heavily as well so it would be great if this provider supported it. Looks like there will need to be several new resources required from the API docs here: https://docs.microsoft.com/en-us/rest/api/virtual-desktop/

Is there any update on this yet? Looking to rollout a sizeable PoC and would prefer to use Terraform to do this.

any plans to add the Azure virtual desktop resources ?

As v2 of WVD is public preview and is now a first class citizen in Azure and is no longer just a load of powershell scripts it would be good to review this request again and see if it is now possible to be resources you could build out natively in terraform. I have heard there may have been blockers in the past but hopefully they are now resolved.

+1 for looking at this again

+1 please revisit

[WIP to figure out what the resources should be and figure out possible gaps]

The first version of the preview API is finally available in the Go SDK, it seems: https://github.com/Azure/azure-sdk-for-go/tree/master/services/preview/desktopvirtualization/mgmt/2019-01-23-preview/desktopvirtualization.

Based on documentation I'm preparing a first draft of how the resources might look like. The start is relatively simple

Add a host pool

resource "azurerm_virtual_desktop_host_pool" "example" {
  resource_group_name = azurerm_resource_group.example.name
  name                = "hostpool-test" 
  location            = azurerm_resource_group.example.location
  type                = "personal" # or pooled
  assignment_type     = "automatic"
  # max_session_limit = "5" # option for `pooled` type
  # load_balancing_algorithm = "breadth-first" # or depth-first, options for `pooled` type 
}

Add Virtual Machines

After creating the hostpool, I would like to create some virtual machines for that host pool via TerraForm. At this moment the Windows Virtual Desktop doesn't provide an API entrance for that and in the documentation it's done manually or via the UI: https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-powershell#prepare-the-virtual-machines-for-windows-virtual-desktop-agent-installations and https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-azure-marketplace#virtual-machine-details

Creation of a Virtual Machine is simple, but to domain join it with TerraForm seems not that simple

resource "azurerm_virtual_network" "example" {
    name                = "Vnet1"
    address_space       = ["10.0.0.0/16"]
    location            = azurerm_resource_group.example.location
    resource_group_name = azurerm_resource_group.example.name
}

resource "azurerm_subnet" "example" {
    name                 = "Subnet1"
    resource_group_name  = azurerm_resource_group.example.name
    virtual_network_name = azurerm_virtual_network.example.name
    address_prefix       = "10.0.2.0/24"
}

resource "azurerm_public_ip" "example" {
    name                = "PublicIP"
    location            = "northeurope"
    resource_group_name = azurerm_resource_group.example.name
    allocation_method   = "Dynamic"
}

resource "azurerm_network_security_group" "example" {
    name                = "NetworkSecurityGroup"
    location            = azurerm_resource_group.example.location
    resource_group_name = azurerm_resource_group.example.name
}

resource "azurerm_network_interface" "example" {
    name                        = "NIC"
    location                    = "northeurope"
    resource_group_name         = azurerm_resource_group.example.name
    network_security_group_id   = azurerm_network_security_group.example.id

    ip_configuration {
        name                          = "NicConfiguration"
        subnet_id                     = azurerm_subnet.example.id
        private_ip_address_allocation = "Dynamic"
        public_ip_address_id          = azurerm_public_ip.example.id
    }
}

resource "azurerm_windows_virtual_machine" "example" {
  name                = "example-machine"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  size                = "Standard_F2"
  admin_username      = "adminuser"
  admin_password      = "P@$$w0rd1234!"
  network_interface_ids = [
    azurerm_network_interface.example.id,
  ]

  os_disk {
    caching              = "ReadWrite"
    storage_account_type = "Standard_LRS"
  }

  source_image_reference {
    publisher = "MicrosoftWindowsDesktop"
    offer     = "Windows-10"
    sku       = "19h2-evd"
    version   = "latest"
  }
}

resource "azurerm_virtual_machine_extension" "domjoin" {
  name                 = "domjoin"
  location             = azurerm_resource_group.example.location
  resource_group_name  = azurerm_resource_group.example.name
  virtual_machine_name = azurerm_windows_virtual_machine.example.name
  publisher            = "Microsoft.Compute"
  type                 = "JsonADDomainExtension"
  type_handler_version = "1.3"
  settings = <<SETTINGS
    {
      "Name": "example.com",
      "OUPath": "OU=Servers,DC=example,DC=com",
      "User": "example.com\\admin",
      "Restart": "true",
      "Options": "3"
    }
  SETTINGS
  protected_settings = <<PROTECTED_SETTINGS
    {
      "Password": "${var.admin_password}"
    }
  PROTECTED_SETTINGS
  depends_on = ["azurerm_virtual_machine.example"]
}

Connect VMs to Host Pools

One of the things the host pool needs to export is the token, which can be found in HostPool.HostPoolProperties.RegistrationInfo.Token. With this token we can let the virtual machine join the hostpool:

variable "base_url" {
  default     = "https://github.com/aristosvo/RDS-Templates/tree/azure-provider-enablement/wvd-templates"
}

output "token" {
  value = 
}


resource "azurerm_virtual_machine_extension" "additional_session_host_dscextension" {
  name                       = "wvd_dsc"
  location                   = azurerm_resource_group.example.location
  resource_group_name        = azurerm_resource_group.example.name
  virtual_machine_name       = azurerm_windows_virtual_machine.example.name
  publisher                  = "Microsoft.Powershell"
  type                       = "DSC"
  type_handler_version       = "2.73"
  auto_upgrade_minor_version = true
  depends_on                 = ["azurerm_virtual_machine_extension.domainJoin"]

  settings = <<SETTINGS
{
    "modulesURL": "${var.base_url}/DSC/Configuration.zip",
    "configurationFunction": "Configuration.ps1\\RegisterSessionHostBasedOnToken",
     "properties": {
        "Token":"PrivateSettingsRef:token",
        "HostPoolName":"${azurerm_virtual_desktop_host_pool.example.name}"
  }
}

SETTINGS

  protected_settings = <<PROTECTED_SETTINGS
{
  "items":{
    "token":"${azurerm_virtual_desktop_host_pool.example.token}"
  }
}
PROTECTED_SETTINGS
}

The virtual machines should connect to the host pools based on a key, the best solution can be found here. But (as usual) this solution is not perfect, as it's using a service principal with permission for getting the token instead of using a supplied token directly. Implementing a similar solution would mean I need external code to add virtual machines to the host pool. Best solution is probably to extend this code base with an extra PowerShell function which only needs the token as supplied by the hostpool.

Any news as to when Terraform will have support for the Spring 2020 release?

@jparr93 I’d love to implement this, but especially the dependency on the agents on the VMs makes it a bit difficult and unstable/time consuming.

As soon as I’ve some time available I’ll try to move it a bit further!

@aristosvo It would be good! especially when deploying and then wanting to add virtual machine later on! However, did think of a workaround. Deploy it with the 2019 release through Terraform as that works and then migrate to the 2020 release using the new cmdlets when available

Any more news on this? The Spring 2020 preview release is nearing GA now, so it would be good to have this functionality

Hi, any update on this ?
Thank you in advance..
MS

@aristosvo opened a PR against Azure/RDS-Templates but there's been no response there other than assigning labels.

You could perhaps :+1: that issue to give an indication that it has broad support from the community who would also love to have this capability

I have got an initial client added on my branch at the moment.

https://github.com/DanielMabbett/terraform-provider-azurerm/tree/f/wvd

Like @aristosvo said this is a very big piece of work, so after I have done the bare minimum required resources then will do the PR. Can't imagine doing them all without dedicating significant time.

I just wanted to chime in on this. I know the registration token makes adding session hosts challenging. However, the ability to create application groups, host pools, and application groups would be extremely helpful.

Closing as resolved by 8605.

Great stuff on what's been added so far, this is going to make life so much easier.
Are there any plans to enhance the hostpool resource further to customise RDP properties like device redirection etc?

Probably best to add that as a new issue :)

Fair enough, will do!
Thought it might be a bit much to raise an issue before this had even been released 😂

This has been released in version 2.31.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.31.0"
}
# ... other configuration ...

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!