diff --git a/terraform/README.md b/terraform/README.md index 6a61175..ac61df2 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -137,6 +137,7 @@ No providers. | Name | Source | Version | |------|--------|---------| | [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.5.2 | +| [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.4.1 | | [statuscake-tls-monitor](#module\_statuscake-tls-monitor) | github.com/dfe-digital/terraform-statuscake-tls-monitor | v0.1.3 | ## Resources @@ -177,6 +178,7 @@ No resources. | [existing\_network\_watcher\_resource\_group\_name](#input\_existing\_network\_watcher\_resource\_group\_name) | Existing network watcher resource group. | `string` | n/a | yes | | [image\_name](#input\_image\_name) | Image name | `string` | n/a | yes | | [image\_tag](#input\_image\_tag) | Default image tag for the primary container | `string` | `"web-latest"` | no | +| [key\_vault\_access\_ipv4](#input\_key\_vault\_access\_ipv4) | List of IPv4 Addresses that are permitted to access the Key Vault | `list(string)` | n/a | yes | | [monitor\_email\_receivers](#input\_monitor\_email\_receivers) | A list of email addresses that should be notified by monitoring alerts | `list(string)` | n/a | yes | | [monitor\_endpoint\_healthcheck](#input\_monitor\_endpoint\_healthcheck) | Specify a route that should be monitored for a 200 OK status | `string` | n/a | yes | | [project\_name](#input\_project\_name) | Project name. Will be used along with `environment` as a prefix for all resources. | `string` | n/a | yes | @@ -189,6 +191,7 @@ No resources. | [statuscake\_contact\_group\_name](#input\_statuscake\_contact\_group\_name) | Name of the contact group in StatusCake | `string` | `""` | no | | [statuscake\_monitored\_resource\_addresses](#input\_statuscake\_monitored\_resource\_addresses) | The URLs to perform TLS checks on | `list(string)` | `[]` | no | | [tags](#input\_tags) | Tags to be applied to all resources | `map(string)` | n/a | yes | +| [tfvars\_filename](#input\_tfvars\_filename) | tfvars filename. This ensures that tfvars are kept up to date in Key Vault. | `string` | n/a | yes | | [virtual\_network\_address\_space](#input\_virtual\_network\_address\_space) | Virtual network address space CIDR | `string` | n/a | yes | ## Outputs diff --git a/terraform/key-vault-tfvars-secrets.tf b/terraform/key-vault-tfvars-secrets.tf index 019415f..275886b 100644 --- a/terraform/key-vault-tfvars-secrets.tf +++ b/terraform/key-vault-tfvars-secrets.tf @@ -1,15 +1,15 @@ -# module "azurerm_key_vault" { -# source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.4.1" +module "azurerm_key_vault" { + source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.4.1" -# environment = local.environment -# project_name = local.project_name -# existing_resource_group = module.azure_container_apps_hosting.azurerm_resource_group_default.name -# azure_location = local.azure_location -# key_vault_access_use_rbac_authorization = true -# key_vault_access_users = [] -# key_vault_access_ipv4 = local.key_vault_access_ipv4 -# tfvars_filename = local.tfvars_filename -# diagnostic_log_analytics_workspace_id = module.azure_container_apps_hosting.azurerm_log_analytics_workspace_container_app.id -# diagnostic_eventhub_name = "" -# tags = local.tags -# } + environment = local.environment + project_name = local.project_name + existing_resource_group = module.azure_container_apps_hosting.azurerm_resource_group_default.name + azure_location = local.azure_location + key_vault_access_use_rbac_authorization = true + key_vault_access_users = [] + key_vault_access_ipv4 = local.key_vault_access_ipv4 + tfvars_filename = local.tfvars_filename + diagnostic_log_analytics_workspace_id = module.azure_container_apps_hosting.azurerm_log_analytics_workspace_container_app.id + diagnostic_eventhub_name = "" + tags = local.tags +} diff --git a/terraform/locals.tf b/terraform/locals.tf index 697d959..95438f5 100644 --- a/terraform/locals.tf +++ b/terraform/locals.tf @@ -1,34 +1,34 @@ locals { - environment = var.environment - project_name = var.project_name - azure_location = var.azure_location - tags = var.tags - virtual_network_address_space = var.virtual_network_address_space - enable_container_registry = var.enable_container_registry - registry_admin_enabled = var.registry_admin_enabled - registry_use_managed_identity = var.registry_use_managed_identity - registry_managed_identity_assign_role = var.registry_managed_identity_assign_role - image_name = var.image_name - image_tag = var.image_tag - container_command = var.container_command - container_secret_environment_variables = var.container_secret_environment_variables - container_scale_http_concurrency = var.container_scale_http_concurrency - container_health_probe_protocol = var.container_health_probe_protocol - enable_dns_zone = var.enable_dns_zone - dns_zone_domain_name = var.dns_zone_domain_name - dns_ns_records = var.dns_ns_records - dns_txt_records = var.dns_txt_records - enable_cdn_frontdoor = var.enable_cdn_frontdoor - container_apps_allow_ips_inbound = var.container_apps_allow_ips_inbound - cdn_frontdoor_enable_rate_limiting = var.cdn_frontdoor_enable_rate_limiting - cdn_frontdoor_host_add_response_headers = var.cdn_frontdoor_host_add_response_headers - cdn_frontdoor_custom_domains = var.cdn_frontdoor_custom_domains - cdn_frontdoor_origin_fqdn_override = var.cdn_frontdoor_origin_fqdn_override - cdn_frontdoor_origin_host_header_override = var.cdn_frontdoor_origin_host_header_override - cdn_frontdoor_forwarding_protocol = var.cdn_frontdoor_forwarding_protocol - enable_cdn_frontdoor_health_probe = var.enable_cdn_frontdoor_health_probe - # key_vault_access_ipv4 = var.key_vault_access_ipv4 - # tfvars_filename = var.tfvars_filename + environment = var.environment + project_name = var.project_name + azure_location = var.azure_location + tags = var.tags + virtual_network_address_space = var.virtual_network_address_space + enable_container_registry = var.enable_container_registry + registry_admin_enabled = var.registry_admin_enabled + registry_use_managed_identity = var.registry_use_managed_identity + registry_managed_identity_assign_role = var.registry_managed_identity_assign_role + image_name = var.image_name + image_tag = var.image_tag + container_command = var.container_command + container_secret_environment_variables = var.container_secret_environment_variables + container_scale_http_concurrency = var.container_scale_http_concurrency + container_health_probe_protocol = var.container_health_probe_protocol + enable_dns_zone = var.enable_dns_zone + dns_zone_domain_name = var.dns_zone_domain_name + dns_ns_records = var.dns_ns_records + dns_txt_records = var.dns_txt_records + enable_cdn_frontdoor = var.enable_cdn_frontdoor + container_apps_allow_ips_inbound = var.container_apps_allow_ips_inbound + cdn_frontdoor_enable_rate_limiting = var.cdn_frontdoor_enable_rate_limiting + cdn_frontdoor_host_add_response_headers = var.cdn_frontdoor_host_add_response_headers + cdn_frontdoor_custom_domains = var.cdn_frontdoor_custom_domains + cdn_frontdoor_origin_fqdn_override = var.cdn_frontdoor_origin_fqdn_override + enable_cdn_frontdoor_health_probe = var.enable_cdn_frontdoor_health_probe + cdn_frontdoor_origin_host_header_override = var.cdn_frontdoor_origin_host_header_override + cdn_frontdoor_forwarding_protocol = var.cdn_frontdoor_forwarding_protocol + key_vault_access_ipv4 = var.key_vault_access_ipv4 + tfvars_filename = var.tfvars_filename enable_monitoring = var.enable_monitoring monitor_email_receivers = var.monitor_email_receivers enable_container_health_probe = var.enable_container_health_probe diff --git a/terraform/variables.tf b/terraform/variables.tf index 0aab4da..45a7037 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -3,15 +3,15 @@ variable "environment" { type = string } -# variable "key_vault_access_ipv4" { -# description = "List of IPv4 Addresses that are permitted to access the Key Vault" -# type = list(string) -# } - -# variable "tfvars_filename" { -# description = "tfvars filename. This ensures that tfvars are kept up to date in Key Vault." -# type = string -# } +variable "key_vault_access_ipv4" { + description = "List of IPv4 Addresses that are permitted to access the Key Vault" + type = list(string) +} + +variable "tfvars_filename" { + description = "tfvars filename. This ensures that tfvars are kept up to date in Key Vault." + type = string +} variable "project_name" { description = "Project name. Will be used along with `environment` as a prefix for all resources."