Skip to content

Commit

Permalink
Switch to using RBAC authorisation for Key Vault
Browse files Browse the repository at this point in the history
  • Loading branch information
DrizzlyOwl committed Feb 20, 2024
1 parent 7c832c0 commit da7280d
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 17 deletions.
1 change: 0 additions & 1 deletion terraform/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,6 @@ No resources.
| <a name="input_existing_network_watcher_resource_group_name"></a> [existing\_network\_watcher\_resource\_group\_name](#input\_existing\_network\_watcher\_resource\_group\_name) | Existing network watcher resource group. | `string` | n/a | yes |
| <a name="input_image_name"></a> [image\_name](#input\_image\_name) | Image name | `string` | n/a | yes |
| <a name="input_key_vault_access_ipv4"></a> [key\_vault\_access\_ipv4](#input\_key\_vault\_access\_ipv4) | List of IPv4 Addresses that are permitted to access the Key Vault | `list(string)` | n/a | yes |
| <a name="input_key_vault_access_users"></a> [key\_vault\_access\_users](#input\_key\_vault\_access\_users) | List of users that require access to the Key Vault where tfvars are stored. This should be a list of User Principle Names (Found in Active Directory) that need to run terraform | `list(string)` | n/a | yes |
| <a name="input_monitor_email_receivers"></a> [monitor\_email\_receivers](#input\_monitor\_email\_receivers) | A list of email addresses that should be notified by monitoring alerts | `list(string)` | n/a | yes |
| <a name="input_monitor_endpoint_healthcheck"></a> [monitor\_endpoint\_healthcheck](#input\_monitor\_endpoint\_healthcheck) | Specify a route that should be monitored for a 200 OK status | `string` | n/a | yes |
| <a name="input_project_name"></a> [project\_name](#input\_project\_name) | Project name. Will be used along with `environment` as a prefix for all resources. | `string` | n/a | yes |
Expand Down
20 changes: 10 additions & 10 deletions terraform/key-vault-tfvars-secrets.tf
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
module "azurerm_key_vault" {
source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.4.0"

environment = local.environment
project_name = local.project_name
existing_resource_group = module.azure_container_apps_hosting.azurerm_resource_group_default.name
azure_location = local.azure_location
key_vault_access_users = local.key_vault_access_users
key_vault_access_ipv4 = local.key_vault_access_ipv4
tfvars_filename = local.tfvars_filename
diagnostic_log_analytics_workspace_id = module.azure_container_apps_hosting.azurerm_log_analytics_workspace_container_app.id
diagnostic_eventhub_name = local.enable_event_hub ? module.azure_container_apps_hosting.azurerm_eventhub_container_app.name : ""
tags = local.tags
environment = local.environment
project_name = local.project_name
existing_resource_group = module.azure_container_apps_hosting.azurerm_resource_group_default.name
azure_location = local.azure_location
key_vault_access_use_rbac_authorization = true
key_vault_access_ipv4 = local.key_vault_access_ipv4
tfvars_filename = local.tfvars_filename
diagnostic_log_analytics_workspace_id = module.azure_container_apps_hosting.azurerm_log_analytics_workspace_container_app.id
diagnostic_eventhub_name = local.enable_event_hub ? module.azure_container_apps_hosting.azurerm_eventhub_container_app.name : ""
tags = local.tags
}
1 change: 0 additions & 1 deletion terraform/locals.tf
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@ locals {
cdn_frontdoor_custom_domains = var.cdn_frontdoor_custom_domains
cdn_frontdoor_host_redirects = var.cdn_frontdoor_host_redirects
cdn_frontdoor_health_probe_protocol = var.cdn_frontdoor_health_probe_protocol
key_vault_access_users = toset(var.key_vault_access_users)
key_vault_access_ipv4 = var.key_vault_access_ipv4
tfvars_filename = var.tfvars_filename
enable_monitoring = var.enable_monitoring
Expand Down
5 changes: 0 additions & 5 deletions terraform/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,6 @@ variable "environment" {
type = string
}

variable "key_vault_access_users" {
description = "List of users that require access to the Key Vault where tfvars are stored. This should be a list of User Principle Names (Found in Active Directory) that need to run terraform"
type = list(string)
}

variable "key_vault_access_ipv4" {
description = "List of IPv4 Addresses that are permitted to access the Key Vault"
type = list(string)
Expand Down

0 comments on commit da7280d

Please sign in to comment.