Skip to content
This repository has been archived by the owner on Dec 3, 2024. It is now read-only.

Deploy a Key Vault to hold tfvars in #24

Merged
merged 1 commit into from
Apr 8, 2024
Merged

Deploy a Key Vault to hold tfvars in #24

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions terraform/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
| <a name="module_azure_container_apps_hosting"></a> [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.5.2 |
| <a name="module_azurerm_key_vault"></a> [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.4.1 |
| <a name="module_statuscake-tls-monitor"></a> [statuscake-tls-monitor](#module\_statuscake-tls-monitor) | github.com/dfe-digital/terraform-statuscake-tls-monitor | v0.1.3 |

## Resources
Expand Down Expand Up @@ -177,6 +178,7 @@ No resources.
| <a name="input_existing_network_watcher_resource_group_name"></a> [existing\_network\_watcher\_resource\_group\_name](#input\_existing\_network\_watcher\_resource\_group\_name) | Existing network watcher resource group. | `string` | n/a | yes |
| <a name="input_image_name"></a> [image\_name](#input\_image\_name) | Image name | `string` | n/a | yes |
| <a name="input_image_tag"></a> [image\_tag](#input\_image\_tag) | Default image tag for the primary container | `string` | `"web-latest"` | no |
| <a name="input_key_vault_access_ipv4"></a> [key\_vault\_access\_ipv4](#input\_key\_vault\_access\_ipv4) | List of IPv4 Addresses that are permitted to access the Key Vault | `list(string)` | n/a | yes |
| <a name="input_monitor_email_receivers"></a> [monitor\_email\_receivers](#input\_monitor\_email\_receivers) | A list of email addresses that should be notified by monitoring alerts | `list(string)` | n/a | yes |
| <a name="input_monitor_endpoint_healthcheck"></a> [monitor\_endpoint\_healthcheck](#input\_monitor\_endpoint\_healthcheck) | Specify a route that should be monitored for a 200 OK status | `string` | n/a | yes |
| <a name="input_project_name"></a> [project\_name](#input\_project\_name) | Project name. Will be used along with `environment` as a prefix for all resources. | `string` | n/a | yes |
Expand All @@ -189,6 +191,7 @@ No resources.
| <a name="input_statuscake_contact_group_name"></a> [statuscake\_contact\_group\_name](#input\_statuscake\_contact\_group\_name) | Name of the contact group in StatusCake | `string` | `""` | no |
| <a name="input_statuscake_monitored_resource_addresses"></a> [statuscake\_monitored\_resource\_addresses](#input\_statuscake\_monitored\_resource\_addresses) | The URLs to perform TLS checks on | `list(string)` | `[]` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | Tags to be applied to all resources | `map(string)` | n/a | yes |
| <a name="input_tfvars_filename"></a> [tfvars\_filename](#input\_tfvars\_filename) | tfvars filename. This ensures that tfvars are kept up to date in Key Vault. | `string` | n/a | yes |
| <a name="input_virtual_network_address_space"></a> [virtual\_network\_address\_space](#input\_virtual\_network\_address\_space) | Virtual network address space CIDR | `string` | n/a | yes |

## Outputs
Expand Down
28 changes: 14 additions & 14 deletions terraform/key-vault-tfvars-secrets.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
# module "azurerm_key_vault" {
# source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.4.1"
module "azurerm_key_vault" {
source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.4.1"

# environment = local.environment
# project_name = local.project_name
# existing_resource_group = module.azure_container_apps_hosting.azurerm_resource_group_default.name
# azure_location = local.azure_location
# key_vault_access_use_rbac_authorization = true
# key_vault_access_users = []
# key_vault_access_ipv4 = local.key_vault_access_ipv4
# tfvars_filename = local.tfvars_filename
# diagnostic_log_analytics_workspace_id = module.azure_container_apps_hosting.azurerm_log_analytics_workspace_container_app.id
# diagnostic_eventhub_name = ""
# tags = local.tags
# }
environment = local.environment
project_name = local.project_name
existing_resource_group = module.azure_container_apps_hosting.azurerm_resource_group_default.name
azure_location = local.azure_location
key_vault_access_use_rbac_authorization = true
key_vault_access_users = []
key_vault_access_ipv4 = local.key_vault_access_ipv4
tfvars_filename = local.tfvars_filename
diagnostic_log_analytics_workspace_id = module.azure_container_apps_hosting.azurerm_log_analytics_workspace_container_app.id
diagnostic_eventhub_name = ""
tags = local.tags
}
60 changes: 30 additions & 30 deletions terraform/locals.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,34 +1,34 @@
locals {
environment = var.environment
project_name = var.project_name
azure_location = var.azure_location
tags = var.tags
virtual_network_address_space = var.virtual_network_address_space
enable_container_registry = var.enable_container_registry
registry_admin_enabled = var.registry_admin_enabled
registry_use_managed_identity = var.registry_use_managed_identity
registry_managed_identity_assign_role = var.registry_managed_identity_assign_role
image_name = var.image_name
image_tag = var.image_tag
container_command = var.container_command
container_secret_environment_variables = var.container_secret_environment_variables
container_scale_http_concurrency = var.container_scale_http_concurrency
container_health_probe_protocol = var.container_health_probe_protocol
enable_dns_zone = var.enable_dns_zone
dns_zone_domain_name = var.dns_zone_domain_name
dns_ns_records = var.dns_ns_records
dns_txt_records = var.dns_txt_records
enable_cdn_frontdoor = var.enable_cdn_frontdoor
container_apps_allow_ips_inbound = var.container_apps_allow_ips_inbound
cdn_frontdoor_enable_rate_limiting = var.cdn_frontdoor_enable_rate_limiting
cdn_frontdoor_host_add_response_headers = var.cdn_frontdoor_host_add_response_headers
cdn_frontdoor_custom_domains = var.cdn_frontdoor_custom_domains
cdn_frontdoor_origin_fqdn_override = var.cdn_frontdoor_origin_fqdn_override
cdn_frontdoor_origin_host_header_override = var.cdn_frontdoor_origin_host_header_override
cdn_frontdoor_forwarding_protocol = var.cdn_frontdoor_forwarding_protocol
enable_cdn_frontdoor_health_probe = var.enable_cdn_frontdoor_health_probe
# key_vault_access_ipv4 = var.key_vault_access_ipv4
# tfvars_filename = var.tfvars_filename
environment = var.environment
project_name = var.project_name
azure_location = var.azure_location
tags = var.tags
virtual_network_address_space = var.virtual_network_address_space
enable_container_registry = var.enable_container_registry
registry_admin_enabled = var.registry_admin_enabled
registry_use_managed_identity = var.registry_use_managed_identity
registry_managed_identity_assign_role = var.registry_managed_identity_assign_role
image_name = var.image_name
image_tag = var.image_tag
container_command = var.container_command
container_secret_environment_variables = var.container_secret_environment_variables
container_scale_http_concurrency = var.container_scale_http_concurrency
container_health_probe_protocol = var.container_health_probe_protocol
enable_dns_zone = var.enable_dns_zone
dns_zone_domain_name = var.dns_zone_domain_name
dns_ns_records = var.dns_ns_records
dns_txt_records = var.dns_txt_records
enable_cdn_frontdoor = var.enable_cdn_frontdoor
container_apps_allow_ips_inbound = var.container_apps_allow_ips_inbound
cdn_frontdoor_enable_rate_limiting = var.cdn_frontdoor_enable_rate_limiting
cdn_frontdoor_host_add_response_headers = var.cdn_frontdoor_host_add_response_headers
cdn_frontdoor_custom_domains = var.cdn_frontdoor_custom_domains
cdn_frontdoor_origin_fqdn_override = var.cdn_frontdoor_origin_fqdn_override
enable_cdn_frontdoor_health_probe = var.enable_cdn_frontdoor_health_probe
cdn_frontdoor_origin_host_header_override = var.cdn_frontdoor_origin_host_header_override
cdn_frontdoor_forwarding_protocol = var.cdn_frontdoor_forwarding_protocol
key_vault_access_ipv4 = var.key_vault_access_ipv4
tfvars_filename = var.tfvars_filename
enable_monitoring = var.enable_monitoring
monitor_email_receivers = var.monitor_email_receivers
enable_container_health_probe = var.enable_container_health_probe
Expand Down
18 changes: 9 additions & 9 deletions terraform/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,15 @@ variable "environment" {
type = string
}

# variable "key_vault_access_ipv4" {
# description = "List of IPv4 Addresses that are permitted to access the Key Vault"
# type = list(string)
# }

# variable "tfvars_filename" {
# description = "tfvars filename. This ensures that tfvars are kept up to date in Key Vault."
# type = string
# }
variable "key_vault_access_ipv4" {
description = "List of IPv4 Addresses that are permitted to access the Key Vault"
type = list(string)
}

variable "tfvars_filename" {
description = "tfvars filename. This ensures that tfvars are kept up to date in Key Vault."
type = string
}

variable "project_name" {
description = "Project name. Will be used along with `environment` as a prefix for all resources."
Expand Down