From beeb80f8cabfbdf7f1cba18791e6510cd0889076 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 20 Feb 2024 14:42:17 +0000
Subject: [PATCH] Update Terraform
github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars to v0.4.0 (#459)
* Update Terraform github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars to v0.4.0
* Switch to using RBAC authorisation for Key Vault
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
---
terraform/README.md | 3 +--
terraform/key-vault-tfvars-secrets.tf | 23 ++++++++++++-----------
terraform/locals.tf | 1 -
terraform/variables.tf | 5 -----
4 files changed, 13 insertions(+), 19 deletions(-)
diff --git a/terraform/README.md b/terraform/README.md
index 04f836fa3..93f0cafff 100644
--- a/terraform/README.md
+++ b/terraform/README.md
@@ -137,7 +137,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
| [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.4.9 |
-| [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.3.0 |
+| [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.4.0 |
| [statuscake-tls-monitor](#module\_statuscake-tls-monitor) | github.com/dfe-digital/terraform-statuscake-tls-monitor | v0.1.2 |
## Resources
@@ -177,7 +177,6 @@ No resources.
| [existing\_network\_watcher\_resource\_group\_name](#input\_existing\_network\_watcher\_resource\_group\_name) | Existing network watcher resource group. | `string` | n/a | yes |
| [image\_name](#input\_image\_name) | Image name | `string` | n/a | yes |
| [key\_vault\_access\_ipv4](#input\_key\_vault\_access\_ipv4) | List of IPv4 Addresses that are permitted to access the Key Vault | `list(string)` | n/a | yes |
-| [key\_vault\_access\_users](#input\_key\_vault\_access\_users) | List of users that require access to the Key Vault where tfvars are stored. This should be a list of User Principle Names (Found in Active Directory) that need to run terraform | `list(string)` | n/a | yes |
| [monitor\_email\_receivers](#input\_monitor\_email\_receivers) | A list of email addresses that should be notified by monitoring alerts | `list(string)` | n/a | yes |
| [monitor\_endpoint\_healthcheck](#input\_monitor\_endpoint\_healthcheck) | Specify a route that should be monitored for a 200 OK status | `string` | n/a | yes |
| [project\_name](#input\_project\_name) | Project name. Will be used along with `environment` as a prefix for all resources. | `string` | n/a | yes |
diff --git a/terraform/key-vault-tfvars-secrets.tf b/terraform/key-vault-tfvars-secrets.tf
index 0b8a5a008..dad3faf4a 100644
--- a/terraform/key-vault-tfvars-secrets.tf
+++ b/terraform/key-vault-tfvars-secrets.tf
@@ -1,14 +1,15 @@
module "azurerm_key_vault" {
- source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.3.0"
+ source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.4.0"
- environment = local.environment
- project_name = local.project_name
- existing_resource_group = module.azure_container_apps_hosting.azurerm_resource_group_default.name
- azure_location = local.azure_location
- key_vault_access_users = local.key_vault_access_users
- key_vault_access_ipv4 = local.key_vault_access_ipv4
- tfvars_filename = local.tfvars_filename
- diagnostic_log_analytics_workspace_id = module.azure_container_apps_hosting.azurerm_log_analytics_workspace_container_app.id
- diagnostic_eventhub_name = local.enable_event_hub ? module.azure_container_apps_hosting.azurerm_eventhub_container_app.name : ""
- tags = local.tags
+ environment = local.environment
+ project_name = local.project_name
+ existing_resource_group = module.azure_container_apps_hosting.azurerm_resource_group_default.name
+ azure_location = local.azure_location
+ key_vault_access_use_rbac_authorization = true
+ key_vault_access_users = []
+ key_vault_access_ipv4 = local.key_vault_access_ipv4
+ tfvars_filename = local.tfvars_filename
+ diagnostic_log_analytics_workspace_id = module.azure_container_apps_hosting.azurerm_log_analytics_workspace_container_app.id
+ diagnostic_eventhub_name = local.enable_event_hub ? module.azure_container_apps_hosting.azurerm_eventhub_container_app.name : ""
+ tags = local.tags
}
diff --git a/terraform/locals.tf b/terraform/locals.tf
index 2fb6669b7..03dc6ce74 100644
--- a/terraform/locals.tf
+++ b/terraform/locals.tf
@@ -20,7 +20,6 @@ locals {
dns_zone_domain_name = var.dns_zone_domain_name
dns_ns_records = var.dns_ns_records
dns_txt_records = var.dns_txt_records
- key_vault_access_users = toset(var.key_vault_access_users)
key_vault_access_ipv4 = var.key_vault_access_ipv4
tfvars_filename = var.tfvars_filename
enable_monitoring = var.enable_monitoring
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 8e13be295..055ca1b04 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -3,11 +3,6 @@ variable "environment" {
type = string
}
-variable "key_vault_access_users" {
- description = "List of users that require access to the Key Vault where tfvars are stored. This should be a list of User Principle Names (Found in Active Directory) that need to run terraform"
- type = list(string)
-}
-
variable "key_vault_access_ipv4" {
description = "List of IPv4 Addresses that are permitted to access the Key Vault"
type = list(string)