Skip to content
This repository has been archived by the owner on Nov 1, 2024. It is now read-only.

Commit

Permalink
Merge pull request #1 from nfrappart/variable-renameing-Nate
Browse files Browse the repository at this point in the history 
Variable renaming nate
  • Loading branch information
@nfrappart
nfrappart authored Jun 30, 2021
2 parents 5e75c3c + 78b2bea commit 488b60e
Show file tree
Hide file tree
Showing 3 changed files with 51 additions and 53 deletions.
50 changes: 11 additions & 39 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,33 +2,30 @@
# Module to create Keyvault Resource #
#######################################

#Get current session informations
data "azurerm_client_config" "TerraClientConfig" {}

#KeyVault Creation

resource "azurerm_key_vault" "TerraKeyVault" {
name = var.KeyVaultName
location = var.KeyVaultLocation
resource_group_name = var.KeyVaultRgName
sku_name = var.KeyVaultSkuName
tenant_id = var.KeyVaultTenantID
soft_delete_enabled = true
soft_delete_retention_days = 7
purge_protection_enabled = true
name = var.Name
location = var.Location
resource_group_name = var.RgName
sku_name = var.SkuName
tenant_id = var.TenantID
soft_delete_retention_days = var.SoftDeleteRetention
purge_protection_enabled = var.purgeProtectionEnabled

########################
#Others Keyvault param

enabled_for_deployment = var.KeyVaultEnabledforDeployment
enabled_for_disk_encryption = var.KeyVaultEnabledforDiskEncrypt
enabled_for_template_deployment = var.KeyVaultEnabledforTempDeploy
enabled_for_deployment = var.EnabledForDeployment
enabled_for_disk_encryption = var.EnabledForDiskEncrypt
enabled_for_template_deployment = var.EnabledForTempDeploy

########################
#Tags
tags = {
Environment = var.EnvironmentTag
Usage = var.UsageTag
EnvironmentUsage = var.EnvironmentUsageTag
Owner = var.OwnerTag
ProvisioningDate = timestamp()
ProvisioningMode = var.ProvisioningModeTag
Expand All @@ -40,28 +37,3 @@ resource "azurerm_key_vault" "TerraKeyVault" {
]
}
}

# add access to keyvault for terraform Service Principal
resource "azurerm_key_vault_access_policy" "TerraKeyVaultPolicyForTFSP" {
key_vault_id = azurerm_key_vault.TerraKeyVault.id
tenant_id = data.azurerm_client_config.TerraClientConfig.tenant_id
object_id = data.azurerm_client_config.TerraClientConfig.object_id

key_permissions = [
"backup", "create", "decrypt", "delete", "encrypt", "get", "import", "list", "purge", "recover", "restore", "sign", "unwrapKey", "update", "verify", "wrapKey"
]

secret_permissions = [
"backup", "delete", "get", "list", "purge", "recover", "restore", "set"
]

certificate_permissions = [
"create",
"delete",
"get",
"getissuers",
"list",
"listissuers",
"update",
]
}
16 changes: 16 additions & 0 deletions output.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,16 @@
#Module Output


#error with RgKeyVault not set
#output "RgKeyVaultName" {
# value = azurerm_resource_group.RgKeyVault.name
#}

#error with RgKeyVault not set
#output "RgKeyVaultId" {
# value = azurerm_resource_group.RgKeyVault.id
#}

output "Id" {
value = azurerm_key_vault.TerraKeyVault.id
}
Expand All @@ -12,6 +23,11 @@ output "URI" {
value = azurerm_key_vault.TerraKeyVault.vault_uri
}

#error with sku value not set
#output "SKU" {
# value = azurerm_key_vault.TerraKeyVault.sku
#}

output "KeyVault_enabled_for_disk_encryption" {
value = azurerm_key_vault.TerraKeyVault.enabled_for_disk_encryption
}
Expand Down
38 changes: 24 additions & 14 deletions variables.tf
View file
Original file line number Diff line number Diff line change
@@ -1,59 +1,69 @@
#Variable declaration for Module

variable "KeyVaultName" {
variable "Name" {
type = string
description = "The name of the subscription"
}

variable "KeyVaultLocation" {
variable "Location" {
type = string
default = "westeurope"
default = "francecentral"
}

variable "KeyVaultRgName" {
variable "RgName" {
type = string
description = "The name of the Resource group in which the Vault lives"
}

variable "KeyVaultSkuName" {
variable "SkuName" {
type = string
default = "standard"
}

variable "KeyVaultTenantID" {
variable "TenantID" {
type = string
description = "The tenant Id of the vault"
}

variable "KeyVaultEnabledforDeployment" {
variable "SoftDeleteRetention" {
default = 7
}

variable "purgeProtectionEnabled" {
default = false
}

variable "EnabledForDeployment" {
type = string
default = "true"
}

variable "KeyVaultEnabledforDiskEncrypt" {
variable "EnabledForDiskEncrypt" {
type = string
default = "true"
}

variable "KeyVaultEnabledforTempDeploy" {
variable "EnabledForTempDeploy" {
type = string
default = "true"
}


# Variable to define the Tag

variable "EnvironmentTag" {
type = string
default = "Test"
default = "Poc"
}
variable "UsageTag" {
type = string
default = "PoC usage only"

variable "EnvironmentUsageTag" {
type = string
default = "Poc usage only"
}

variable "OwnerTag" {
type = string
default = "Nate"
default = "DSI Covage"
}

variable "ProvisioningModeTag" {
Expand Down

0 comments on commit 488b60e

Please sign in to comment.