Merge pull request #1253 from robgil-dds/169163334-keyvault

169163334 - Enables KeyVault server in dev TF env

terraform/modules/keyvault/main.tf

@@ -5,14 +5,6 @@ resource "azurerm_resource_group" "keyvault" {
   location = var.region
 }
 
-resource "random_id" "server" {
-  keepers = {
-    ami_id = 1
-  }
-
-  byte_length = 8
-}
-
 resource "azurerm_key_vault" "keyvault" {
   name                = "${var.name}-${var.environment}-keyvault"
   location            = azurerm_resource_group.keyvault.location
@@ -21,24 +13,28 @@ resource "azurerm_key_vault" "keyvault" {
 
   sku_name = "premium"
 
-  access_policy {
-    tenant_id = data.azurerm_client_config.current.tenant_id
-    object_id = data.azurerm_client_config.current.service_principal_object_id
-
-    key_permissions = [
-      "create",
-      "get",
-    ]
-
-    secret_permissions = [
-      "set",
-      "get",
-      "delete",
-    ]
-  }
-
   tags = {
     environment = var.environment
     owner       = var.owner
   }
-}
+}
+
+resource "azurerm_key_vault_access_policy" "keyvault" {
+  key_vault_id = azurerm_key_vault.keyvault.id
+
+  tenant_id = "b5ab0e1e-09f8-4258-afb7-fb17654bc5b3"
+  object_id = "2ca63d41-d058-4e06-aef6-eb517a53b631"
+
+  key_permissions = [
+    "get",
+    "list",
+    "create",
+  ]
+
+  secret_permissions = [
+    "get",
+    "list",
+    "set",
+  ]
+}
+

terraform/modules/keyvault/variables.tf

@@ -14,6 +14,11 @@ variable "environment" {
 }
 
 variable "owner" {
-  type = string
+  type        = string
   description = "Owner of this environment"
 }
+
+variable "tenant_id" {
+  type        = string
+  description = "The Tenant ID"
+}