feat: add GitHub workflow for Terraform key rotation in different env…

…ironments

.github/workflows/terraformKeyRotation.yml

@@ -0,0 +1,58 @@
+name: Ad-hoc Terraform Plan
+run-name: Terraform plan ${{ inputs.env }} by @${{ github.actor }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      env:
+        description: 'The environment to update'
+        required: true
+        type: choice
+        options:
+          - dev
+          - dev2
+          - dev3
+          - dev4
+          - dev5
+          - dev6
+          - dev7
+          - pentest
+          - test
+          - demo
+          - training
+          - stg
+          - prod
+
+env:
+  ARM_CLIENT_ID: ${{ secrets.TERRAFORM_ARM_CLIENT_ID }}
+  ARM_CLIENT_SECRET: ${{ secrets.TERRAFORM_ARM_CLIENT_SECRET }}
+  ARM_SUBSCRIPTION_ID: ${{ secrets.TERRAFORM_ARM_SUBSCRIPTION_ID }}
+  ARM_TENANT_ID: ${{ secrets.TERRAFORM_ARM_TENANT_ID }}
+  OKTA_API_TOKEN: ${{ secrets.OKTA_API_TOKEN_NONPROD }}
+
+jobs:
+  terraform_plan:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix: 
+        env: ${{ inputs.env }}
+    defaults:
+      run:
+        working-directory: ./ops
+    steps:
+      - uses: actions/checkout@v4
+      - uses: azure/login@v1
+        with:
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+      - name: Use prod Okta token if required
+        if: ${{ matrix.env == 'prod' || matrix.env == 'stg' || matrix.env == 'training' }}
+        run: |
+          echo "OKTA_API_TOKEN=${{ secrets.OKTA_API_TOKEN }}" >> "$GITHUB_ENV"
+      - uses: hashicorp/[email protected]
+        with:
+          terraform_version: 1.3.3
+      - name: Terraform Init
+        run: make init-${{ matrix.env }}
+      - name: Terraform plan
+        run: terraform -chdir=${{ matrix.env }}/persistent plan -lock-timeout=30m -replace="random_password.administrator_password" -target="random_password.administrator_password"