Merge pull request #1253 from robgil-dds/169163334-keyvault

169163334 - Enables KeyVault server in dev TF env
2019-12-16 09:23:18 -05:00 · 2019-12-16 09:23:18 -05:00 · 1eef40a1cf
commit 1eef40a1cf
parent 93f758b574 3b05f9b830
4 changed files with 40 additions and 33 deletions
--- a/terraform/modules/keyvault/main.tf
+++ b/terraform/modules/keyvault/main.tf
@ -5,14 +5,6 @@ resource "azurerm_resource_group" "keyvault" {
  location = var.region
 }

-resource "random_id" "server" {
-  keepers = {
-    ami_id = 1
-  }
-
-  byte_length = 8
-}
-
 resource "azurerm_key_vault" "keyvault" {
  name                = "${var.name}-${var.environment}-keyvault"
  location            = azurerm_resource_group.keyvault.location
@ -21,24 +13,28 @@ resource "azurerm_key_vault" "keyvault" {

  sku_name = "premium"

-  access_policy {
-    tenant_id = data.azurerm_client_config.current.tenant_id
-    object_id = data.azurerm_client_config.current.service_principal_object_id
-
-    key_permissions = [
-      "create",
-      "get",
-    ]
-
-    secret_permissions = [
-      "set",
-      "get",
-      "delete",
-    ]
-  }
-
  tags = {
    environment = var.environment
    owner       = var.owner
  }
 }
+
+resource "azurerm_key_vault_access_policy" "keyvault" {
+  key_vault_id = azurerm_key_vault.keyvault.id
+
+  tenant_id = "b5ab0e1e-09f8-4258-afb7-fb17654bc5b3"
+  object_id = "2ca63d41-d058-4e06-aef6-eb517a53b631"
+
+  key_permissions = [
+    "get",
+    "list",
+    "create",
+  ]
+
+  secret_permissions = [
+    "get",
+    "list",
+    "set",
+  ]
+}
+
--- a/terraform/modules/keyvault/variables.tf
+++ b/terraform/modules/keyvault/variables.tf
@ -17,3 +17,8 @@ variable "owner" {
  type        = string
  description = "Owner of this environment"
 }
+
+variable "tenant_id" {
+  type        = string
+  description = "The Tenant ID"
+}
--- a/terraform/providers/dev/keyvault.tf
+++ b/terraform/providers/dev/keyvault.tf
@ -1,7 +1,8 @@
-#module "keyvault" {
-#  source      = "../../modules/keyvault"
-#  name        = var.name
-#  region      = var.region
-#  owner       = var.owner
-#  environment = var.environment
-#}
+module "keyvault" {
+  source      = "../../modules/keyvault"
+  name        = var.name
+  region      = var.region
+  owner       = var.owner
+  environment = var.environment
+  tenant_id   = var.tenant_id
+}
--- a/terraform/providers/dev/variables.tf
+++ b/terraform/providers/dev/variables.tf
@ -54,3 +54,8 @@ variable "k8s_dns_prefix" {
  type    = string
  default = "atat"
 }
+
+variable "tenant_id" {
+  type    = string
+  default = "b5ab0e1e-09f8-4258-afb7-fb17654bc5b3"
+}