Merge pull request #1253 from robgil-dds/169163334-keyvault

169163334 - Enables KeyVault server in dev TF env
2019-12-16 09:23:18 -05:00 · 2019-12-16 09:23:18 -05:00 · 1eef40a1cf
commit 1eef40a1cf
parent 93f758b574 3b05f9b830
4 changed files with 40 additions and 33 deletions
--- a/terraform/modules/keyvault/main.tf
+++ b/terraform/modules/keyvault/main.tf
@ -5,14 +5,6 @@ resource "azurerm_resource_group" "keyvault" {
  location = var.region
 }
 resource "random_id" "server" {
  keepers = {
    ami_id = 1
  }
  byte_length = 8
 }
 resource "azurerm_key_vault" "keyvault" {
  name                = "${var.name}-${var.environment}-keyvault"
  location            = azurerm_resource_group.keyvault.location
@ -21,24 +13,28 @@ resource "azurerm_key_vault" "keyvault" {
  sku_name = "premium"
  access_policy {
    tenant_id = data.azurerm_client_config.current.tenant_id
    object_id = data.azurerm_client_config.current.service_principal_object_id
    key_permissions = [
      "create",
      "get",
    ]
    secret_permissions = [
      "set",
      "get",
      "delete",
    ]
  }
  tags = {
    environment = var.environment
    owner       = var.owner
  }
 }
 resource "azurerm_key_vault_access_policy" "keyvault" {
  key_vault_id = azurerm_key_vault.keyvault.id
  tenant_id = "b5ab0e1e-09f8-4258-afb7-fb17654bc5b3"
  object_id = "2ca63d41-d058-4e06-aef6-eb517a53b631"
  key_permissions = [
    "get",
    "list",
    "create",
  ]
  secret_permissions = [
    "get",
    "list",
    "set",
  ]
 }
--- a/terraform/modules/keyvault/variables.tf
+++ b/terraform/modules/keyvault/variables.tf
@ -17,3 +17,8 @@ variable "owner" {
  type        = string
  description = "Owner of this environment"
 }
 variable "tenant_id" {
  type        = string
  description = "The Tenant ID"
 }
--- a/terraform/providers/dev/keyvault.tf
+++ b/terraform/providers/dev/keyvault.tf
@ -1,7 +1,8 @@
-#module "keyvault" {
+module "keyvault" {
-#  source      = "../../modules/keyvault"
+  source      = "../../modules/keyvault"
-#  name        = var.name
+  name        = var.name
-#  region      = var.region
+  region      = var.region
-#  owner       = var.owner
+  owner       = var.owner
-#  environment = var.environment
+  environment = var.environment
-#}
+  tenant_id   = var.tenant_id
 }
--- a/terraform/providers/dev/variables.tf
+++ b/terraform/providers/dev/variables.tf
@ -54,3 +54,8 @@ variable "k8s_dns_prefix" {
  type    = string
  default = "atat"
 }
 variable "tenant_id" {
  type    = string
  default = "b5ab0e1e-09f8-4258-afb7-fb17654bc5b3"
 }