Commit 20fde455 authored by Komal Makkar's avatar Komal Makkar
Browse files

broke dp sr dependency

parent 03920a5b
// Copyright © Microsoft Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
.Synopsis
Terraform Keys Control
.DESCRIPTION
This file holds KV Secrets.
*/
locals {
encryption_key_name = format("%s-encryption-key", var.data_partition_name)
}
resource "azurerm_key_vault_key" "encryption_key" {
name = local.encryption_key_name
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
key_type = "RSA"
key_size = 2048
key_opts = [
"decrypt",
"encrypt"
]
}
\ No newline at end of file
......@@ -278,17 +278,16 @@ module "event_grid" {
resource_tags = var.resource_tags
}
// Add Access Control to Principal
resource "azurerm_role_assignment" "eventgrid_access" {
count = length(local.rbac_principals)
// Add EventGrid EventSubscription Contributor access to Principal
resource "azurerm_role_assignment" "event_grid_topics_role" {
count = length(local.rbac_principals)
role_definition_name = "Contributor"
role_definition_name = "EventGrid EventSubscription Contributor"
principal_id = local.rbac_principals[count.index]
scope = module.event_grid.id
scope = module.event_grid.topics.topic.id
}
#-------------------------------
# Locks
#-------------------------------
......
......@@ -55,9 +55,4 @@ output "cosmosdb_account_name" {
output "cosmosdb_properties" {
description = "Properties of the deployed CosmosDB account."
value = module.cosmosdb_account.properties
}
output "eg_topics" {
description = "Event Grid Topics list"
value = module.event_grid.topics
}
}
\ No newline at end of file
......@@ -46,7 +46,6 @@ locals {
eventgrid_records_topic_endpoint = format("https://%s.%s-1.eventgrid.azure.net/api/events", local.eventgrid_records_topic, var.resource_group_location)
event_grid_resourcegroup_name = format("%s-eventgrid-resourcegroup", var.data_partition_name)
encryption_key_identifier_name = format("%s-encryption-key-identifier", var.data_partition_name)
encryption_key_name = format("%s-encryption-key", var.data_partition_name)
elastic_endpoint = format("%s-elastic-endpoint", var.data_partition_name)
elastic_username = format("%s-elastic-username", var.data_partition_name)
......@@ -161,18 +160,6 @@ resource "azurerm_key_vault_secret" "eventgrid_resource_group" {
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
}
resource "azurerm_key_vault_key" "encryption_key" {
name = local.encryption_key_name
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
key_type = "RSA"
key_size = 2048
key_opts = [
"decrypt",
"encrypt"
]
}
resource "azurerm_key_vault_secret" "encryption_key_identifier_secret" {
name = local.encryption_key_identifier_name
value = azurerm_key_vault_key.encryption_key.id
......
......@@ -343,16 +343,6 @@ data "azurerm_resource_group" "aks_node_resource_group" {
name = module.aks.node_resource_group
}
data "terraform_remote_state" "data_resources" {
backend = "azurerm"
config = {
storage_account_name = var.remote_state_account
container_name = var.remote_state_container
key = format("terraform.tfstateenv:%s", var.data_resources_workspace_name)
}
}
// Give AKS Access rights to Operate the Node Resource Group
resource "azurerm_role_assignment" "all_mi_operator" {
principal_id = module.aks.kubelet_object_id
......@@ -473,12 +463,4 @@ resource "azurerm_role_assignment" "redis_cache" {
role_definition_name = local.role
principal_id = local.rbac_principals[count.index]
scope = module.redis_cache.id
}
// Add Contributor Role Access
resource "azurerm_role_assignment" "event_grid_topics_role" {
count = length(local.rbac_principals)
role_definition_name = "Contributor"
principal_id = local.rbac_principals[count.index]
scope = data.terraform_remote_state.data_resources.outputs.eg_topics.topic.id
}
\ No newline at end of file
......@@ -244,9 +244,4 @@ variable "gitops_path" {
type = string
description = "(Optional) The path for flux to watch"
default = "providers/azure/hld-registry"
}
variable "data_resources_workspace_name" {
description = "(Required) The workspace name for the data_resources terraform environment / template to reference for this template."
type = string
}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment