updated boyb codebase

examples/byob/main.tf

@@ -3,13 +3,15 @@ provider "azurerm" {
 }
 
 module "byob" {
-  source              = "../../modules/byob"
-  resource_group_name = { name = "${var.rg_name}", id = "byob" }
-  location            = var.location
-  prefix              = var.prefix
-  deletion_protection = var.deletion_protection
-  create_cmk          = var.create_cmk
-  rg_name             = var.rg_name
+  source                   = "../../modules/byob"
+  resource_group_name      = { name = "${var.rg_name}", id = "byob" }
+  location                 = var.location
+  prefix                   = var.prefix
+  deletion_protection      = var.deletion_protection
+  create_cmk               = var.enable_encryption
+  rg_name                  = var.rg_name
+  purge_protection_enabled = true
+  tags                     = var.tags
 }
 
 output "blob_container" {

examples/byob/terraform.tfvars

@@ -1,4 +1,7 @@
 rg_name     = "rg-name"
 location = "westeurope"
 prefix   = "byob-wandb"
-create_cmk = false
+tags = {
+  "name" = "wandb"
+}
+enable_encryption = true

examples/byob/variables.tf

@@ -17,6 +17,11 @@ variable "deletion_protection" {
   type        = bool
   default     = false
 }
-variable "create_cmk" {
+variable "enable_encryption" {
   type = bool
+}
+
+variable "tags" {
+  type        = map(string)
+  description = "Map of tags for resource"
 }

main.tf

@@ -114,9 +114,6 @@ locals {
   wb_managed_key_id_storage  = contains(keys(local.filtered_vault_key_map), "storage") ? azurerm_key_vault_key.encryption_keys["storage"].id : null
 }
 
-
-
-
 module "storage" {
   count               = (var.blob_container == "" && var.external_bucket == null) ? 1 : 0
   source              = "./modules/storage"

modules/byob/main.tf

@@ -1,16 +1,3 @@
-module "storage" {
-  source              = "../storage"
-  create_queue        = false
-  namespace           = var.prefix
-  resource_group_name = var.resource_group_name.name
-  location            = var.location
-  deletion_protection = var.deletion_protection
-  wb_managed_key_id   = var.create_cmk == true ? azurerm_key_vault_key.Vault_key[0].versionless_id : null
-  identity_ids        = var.create_cmk == true ? module.identity[0].identity.id : null
-  dynamic_create_cmk  = var.create_cmk
-
-}
-
 module "identity" {
   count  = var.create_cmk ? 1 : 0
   source = "../identity"
@@ -27,8 +14,10 @@ module "vault" {
   resource_group = { name = "${var.rg_name}", id = "byob" }
   location       = var.location
 
-  identity_object_id = module.identity[0].identity.principal_id
-  depends_on         = [module.identity]
+  identity_object_id       = module.identity[0].identity.principal_id
+  depends_on               = [module.identity]
+  tags                     = var.tags
+  purge_protection_enabled = var.purge_protection_enabled
 }
 
 resource "azurerm_key_vault_key" "Vault_key" {
@@ -51,3 +40,14 @@ resource "azurerm_key_vault_key" "Vault_key" {
     module.vault
   ]
 }
+module "storage" {
+  source              = "../storage"
+  create_queue        = false
+  namespace           = var.prefix
+  resource_group_name = var.resource_group_name.name
+  location            = var.location
+  deletion_protection = var.deletion_protection
+  wb_managed_key_id   = var.create_cmk == true ? azurerm_key_vault_key.Vault_key[0].versionless_id : null
+  identity_ids        = var.create_cmk == true ? module.identity[0].identity.id : null
+}
+

modules/byob/variables.tf

@@ -27,7 +27,16 @@ variable "rg_name" {
     type        = string
 }
 
-
 variable "create_cmk" {
   type = bool
+}
+
+variable "tags" {
+  type        = map(string)
+  description = "Map of tags for resource"
+}
+
+variable "purge_protection_enabled" {
+  type        = bool
+  description = "Enable or disable purge protection for the Key Vault."
 }