This sets up the rest of the service endpoints on the subnets. It also
adds a variable map specifically to grant IP access to the storage
buckets. This new variable map is necessary since the azure storage ip
rules do not accept /32 CIDR ranges. The rest of the services do support
cidr ranges.
Adds admin_users map and keyvault policy
This adds an admin_users map as well as a new policy in the keyvault
module. When run, this will apply an administrator policy for users in
the admin_users map. With these permissions, the admin users will be
able to manage secrets and keys in keyvault.
169163334 - Initial secrets-tool commit
Adds admin_users map and keyvault policy
This adds an admin_users map as well as a new policy in the keyvault
module. When run, this will apply an administrator policy for users in
the admin_users map. With these permissions, the admin users will be
able to manage secrets and keys in keyvault.
170237669 - Makes the read only policy for keyvault optional and only create the policy if a principal_id is passed
170237669 - Adds new operator keyvault for secrets
This is a new keyvault specifically for storing operator secrets and
things that would not be accessible to applications. The primary use
case for this is for launching things like postgres (root postgres
creds) and other services which would require secrets to be added to the
terraform configuration. This approach avoids adding secrets to
terraform.
An accompanying script will be added to populate the new keyvault.
The Virtual Network Gateway is required for OpenVPN connectivity. The
change to the VPC module also adds a subnet which is exclusively used
for the Gateway.
