From 5887147549127e7b8d073479f192d950faf7150b Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Thu, 20 Jun 2024 16:32:10 +0100
Subject: [PATCH] Switch to using a Service Principal for Terraform deployments
---
terraform/README.md | 6 +++++-
terraform/backend.tf | 4 +++-
terraform/providers.tf | 5 +++++
terraform/variables.tf | 21 +++++++++++++++++++++
4 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/terraform/README.md b/terraform/README.md
index 9404dc8..ff1407f 100644
--- a/terraform/README.md
+++ b/terraform/README.md
@@ -133,7 +133,7 @@ If everything looks good, answer `yes` and wait for the new infrastructure to be
| Name | Version |
|------|---------|
-| [azurerm](#provider\_azurerm) | 3.105.0 |
+| [azurerm](#provider\_azurerm) | 3.106.1 |
## Modules
@@ -160,7 +160,11 @@ If everything looks good, answer `yes` and wait for the new infrastructure to be
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
+| [azure\_client\_id](#input\_azure\_client\_id) | Service Principal Client ID | `string` | n/a | yes |
+| [azure\_client\_secret](#input\_azure\_client\_secret) | Service Principal Client Secret | `string` | n/a | yes |
| [azure\_location](#input\_azure\_location) | Azure location in which to launch resources. | `string` | n/a | yes |
+| [azure\_subscription\_id](#input\_azure\_subscription\_id) | Service Principal Subscription ID | `string` | n/a | yes |
+| [azure\_tenant\_id](#input\_azure\_tenant\_id) | Service Principal Tenant ID | `string` | n/a | yes |
| [cdn\_frontdoor\_custom\_domains](#input\_cdn\_frontdoor\_custom\_domains) | Azure CDN Front Door custom domains. If they are within the DNS zone (optionally created), the Validation TXT records and ALIAS/CNAME records will be created | `list(string)` | n/a | yes |
| [cdn\_frontdoor\_enable\_rate\_limiting](#input\_cdn\_frontdoor\_enable\_rate\_limiting) | Enable CDN Front Door Rate Limiting. This will create a WAF policy, and CDN security policy. For pricing reasons, there will only be one WAF policy created. | `bool` | n/a | yes |
| [cdn\_frontdoor\_forwarding\_protocol](#input\_cdn\_frontdoor\_forwarding\_protocol) | Azure CDN Front Door forwarding protocol | `string` | `"HttpOnly"` | no |
diff --git a/terraform/backend.tf b/terraform/backend.tf
index 6602f20..40e5c43 100644
--- a/terraform/backend.tf
+++ b/terraform/backend.tf
@@ -1,3 +1,5 @@
terraform {
- backend "azurerm" {}
+ backend "azurerm" {
+ use_azuread_auth = true
+ }
}
diff --git a/terraform/providers.tf b/terraform/providers.tf
index 874095c..1f88c3e 100644
--- a/terraform/providers.tf
+++ b/terraform/providers.tf
@@ -1,6 +1,11 @@
provider "azurerm" {
features {}
skip_provider_registration = true
+ storage_use_azuread = true
+ client_id = var.azure_client_id
+ client_secret = var.azure_client_secret
+ tenant_id = var.azure_tenant_id
+ subscription_id = var.azure_subscription_id
}
provider "azapi" {
diff --git a/terraform/variables.tf b/terraform/variables.tf
index de6238a..ad38889 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -1,3 +1,24 @@
+variable "azure_client_id" {
+ description = "Service Principal Client ID"
+ type = string
+}
+
+variable "azure_client_secret" {
+ description = "Service Principal Client Secret"
+ type = string
+ sensitive = true
+}
+
+variable "azure_tenant_id" {
+ description = "Service Principal Tenant ID"
+ type = string
+}
+
+variable "azure_subscription_id" {
+ description = "Service Principal Subscription ID"
+ type = string
+}
+
variable "environment" {
description = "Environment name. Will be used along with `project_name` as a prefix for all resources."
type = string