From beeb80f8cabfbdf7f1cba18791e6510cd0889076 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 20 Feb 2024 14:42:17 +0000 Subject: [PATCH] Update Terraform github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars to v0.4.0 (#459) * Update Terraform github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars to v0.4.0 * Switch to using RBAC authorisation for Key Vault --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com> --- terraform/README.md | 3 +-- terraform/key-vault-tfvars-secrets.tf | 23 ++++++++++++----------- terraform/locals.tf | 1 - terraform/variables.tf | 5 ----- 4 files changed, 13 insertions(+), 19 deletions(-) diff --git a/terraform/README.md b/terraform/README.md index 04f836fa3..93f0cafff 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -137,7 +137,7 @@ No providers. | Name | Source | Version | |------|--------|---------| | [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.4.9 | -| [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.3.0 | +| [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.4.0 | | [statuscake-tls-monitor](#module\_statuscake-tls-monitor) | github.com/dfe-digital/terraform-statuscake-tls-monitor | v0.1.2 | ## Resources @@ -177,7 +177,6 @@ No resources. | [existing\_network\_watcher\_resource\_group\_name](#input\_existing\_network\_watcher\_resource\_group\_name) | Existing network watcher resource group. | `string` | n/a | yes | | [image\_name](#input\_image\_name) | Image name | `string` | n/a | yes | | [key\_vault\_access\_ipv4](#input\_key\_vault\_access\_ipv4) | List of IPv4 Addresses that are permitted to access the Key Vault | `list(string)` | n/a | yes | -| [key\_vault\_access\_users](#input\_key\_vault\_access\_users) | List of users that require access to the Key Vault where tfvars are stored. This should be a list of User Principle Names (Found in Active Directory) that need to run terraform | `list(string)` | n/a | yes | | [monitor\_email\_receivers](#input\_monitor\_email\_receivers) | A list of email addresses that should be notified by monitoring alerts | `list(string)` | n/a | yes | | [monitor\_endpoint\_healthcheck](#input\_monitor\_endpoint\_healthcheck) | Specify a route that should be monitored for a 200 OK status | `string` | n/a | yes | | [project\_name](#input\_project\_name) | Project name. Will be used along with `environment` as a prefix for all resources. | `string` | n/a | yes | diff --git a/terraform/key-vault-tfvars-secrets.tf b/terraform/key-vault-tfvars-secrets.tf index 0b8a5a008..dad3faf4a 100644 --- a/terraform/key-vault-tfvars-secrets.tf +++ b/terraform/key-vault-tfvars-secrets.tf @@ -1,14 +1,15 @@ module "azurerm_key_vault" { - source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.3.0" + source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.4.0" - environment = local.environment - project_name = local.project_name - existing_resource_group = module.azure_container_apps_hosting.azurerm_resource_group_default.name - azure_location = local.azure_location - key_vault_access_users = local.key_vault_access_users - key_vault_access_ipv4 = local.key_vault_access_ipv4 - tfvars_filename = local.tfvars_filename - diagnostic_log_analytics_workspace_id = module.azure_container_apps_hosting.azurerm_log_analytics_workspace_container_app.id - diagnostic_eventhub_name = local.enable_event_hub ? module.azure_container_apps_hosting.azurerm_eventhub_container_app.name : "" - tags = local.tags + environment = local.environment + project_name = local.project_name + existing_resource_group = module.azure_container_apps_hosting.azurerm_resource_group_default.name + azure_location = local.azure_location + key_vault_access_use_rbac_authorization = true + key_vault_access_users = [] + key_vault_access_ipv4 = local.key_vault_access_ipv4 + tfvars_filename = local.tfvars_filename + diagnostic_log_analytics_workspace_id = module.azure_container_apps_hosting.azurerm_log_analytics_workspace_container_app.id + diagnostic_eventhub_name = local.enable_event_hub ? module.azure_container_apps_hosting.azurerm_eventhub_container_app.name : "" + tags = local.tags } diff --git a/terraform/locals.tf b/terraform/locals.tf index 2fb6669b7..03dc6ce74 100644 --- a/terraform/locals.tf +++ b/terraform/locals.tf @@ -20,7 +20,6 @@ locals { dns_zone_domain_name = var.dns_zone_domain_name dns_ns_records = var.dns_ns_records dns_txt_records = var.dns_txt_records - key_vault_access_users = toset(var.key_vault_access_users) key_vault_access_ipv4 = var.key_vault_access_ipv4 tfvars_filename = var.tfvars_filename enable_monitoring = var.enable_monitoring diff --git a/terraform/variables.tf b/terraform/variables.tf index 8e13be295..055ca1b04 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -3,11 +3,6 @@ variable "environment" { type = string } -variable "key_vault_access_users" { - description = "List of users that require access to the Key Vault where tfvars are stored. This should be a list of User Principle Names (Found in Active Directory) that need to run terraform" - type = list(string) -} - variable "key_vault_access_ipv4" { description = "List of IPv4 Addresses that are permitted to access the Key Vault" type = list(string)