Merge branch 'eg_key_encrypt_decrypt' into 'master'

Adding a key and secret  to identify the key.

See merge request !31

infra/modules/providers/azure/ad-application/output.tf

-//  Copyright © Microsoft Corporation
+//  Copyright � Microsoft Corporation
 //
 //  Licensed under the Apache License, Version 2.0 (the "License");
 //  you may not use this file except in compliance with the License.

infra/templates/osdu-r3-mvp/central_resources/main.tf

@@ -147,7 +147,7 @@ module "keyvault_policy" {
     azurerm_user_assigned_identity.osduidentity.principal_id,
     module.service_principal.id
   ]
-  key_permissions         = ["get"]
+  key_permissions         = ["get", "encrypt", "decrypt"]
   certificate_permissions = ["get"]
   secret_permissions      = ["get"]
 }

infra/templates/osdu-r3-mvp/data_partition/keys.tf

+//  Copyright © Microsoft Corporation
+//
+//  Licensed under the Apache License, Version 2.0 (the "License");
+//  you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//  Unless required by applicable law or agreed to in writing, software
+//  distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//  See the License for the specific language governing permissions and
+//  limitations under the License.
+
+
+/*
+.Synopsis
+   Terraform Keys Control
+.DESCRIPTION
+   This file holds KV Keys.
+*/
+locals {
+  encryption_key_name = format("%s-encryption-key", var.data_partition_name)
+}
+
+resource "azurerm_key_vault_key" "encryption_key" {
+  name         = local.encryption_key_name
+  key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
+  key_type     = "RSA"
+  key_size     = 2048
+
+  key_opts = [
+    "decrypt",
+    "encrypt"
+  ]
+}
\ No newline at end of file

infra/templates/osdu-r3-mvp/data_partition/secrets.tf

@@ -44,6 +44,7 @@ locals {
   eventgrid_domain_key_name        = format("%s-key", local.eventgrid_domain_name)
   eventgrid_records_topic_name     = format("%s-recordstopic", local.eventgrid_domain_name)
   eventgrid_records_topic_endpoint = format("https://%s.%s-1.eventgrid.azure.net/api/events", local.eventgrid_records_topic, var.resource_group_location)
+  encryption_key_identifier_name   = format("%s-encryption-key-identifier", var.data_partition_name)
   event_grid_resourcegroup_name    = format("%s-eventgrid-resourcegroup", var.data_partition_name)
 
   elastic_endpoint = format("%s-elastic-endpoint", var.data_partition_name)
@@ -159,6 +160,13 @@ resource "azurerm_key_vault_secret" "eventgrid_resource_group" {
   key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
 }
 
+resource "azurerm_key_vault_secret" "encryption_key_identifier_secret" {
+  name         = local.encryption_key_identifier_name
+  value        = azurerm_key_vault_key.encryption_key.id
+  key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
+}
+
+
 #-------------------------------
 # Elastic
 #-------------------------------
@@ -178,4 +186,4 @@ resource "azurerm_key_vault_secret" "elastic_password" {
   name         = local.elastic_password
   value        = var.elasticsearch_password
   key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
-}
\ No newline at end of file
+}

infra/templates/osdu-r3-mvp/data_partition/tests/unit/unit_test.go

@@ -49,7 +49,7 @@ func TestTemplate(t *testing.T) {
 		TfOptions:                       tfOptions,
 		Workspace:                       workspace,
 		PlanAssertions:                  nil,
-		ExpectedResourceCount:           86,
+		ExpectedResourceCount:           88,
 		ExpectedResourceAttributeValues: resourceDescription,
 	}