Commit 69faf6c6 authored by Daniel Scholl's avatar Daniel Scholl
Browse files

Merge branch 'eg_key_encrypt_decrypt' into 'master'

Adding a key and secret  to identify the key.

See merge request osdu/platform/deployment-and-operations/infra-azure-provisioning!31
parents bfa87233 808d89b5
// Copyright © Microsoft Corporation // Copyright � Microsoft Corporation
// //
// Licensed under the Apache License, Version 2.0 (the "License"); // Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License. // you may not use this file except in compliance with the License.
......
...@@ -147,7 +147,7 @@ module "keyvault_policy" { ...@@ -147,7 +147,7 @@ module "keyvault_policy" {
azurerm_user_assigned_identity.osduidentity.principal_id, azurerm_user_assigned_identity.osduidentity.principal_id,
module.service_principal.id module.service_principal.id
] ]
key_permissions = ["get"] key_permissions = ["get", "encrypt", "decrypt"]
certificate_permissions = ["get"] certificate_permissions = ["get"]
secret_permissions = ["get"] secret_permissions = ["get"]
} }
......
// Copyright © Microsoft Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
.Synopsis
Terraform Keys Control
.DESCRIPTION
This file holds KV Keys.
*/
locals {
encryption_key_name = format("%s-encryption-key", var.data_partition_name)
}
resource "azurerm_key_vault_key" "encryption_key" {
name = local.encryption_key_name
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
key_type = "RSA"
key_size = 2048
key_opts = [
"decrypt",
"encrypt"
]
}
\ No newline at end of file
...@@ -44,6 +44,7 @@ locals { ...@@ -44,6 +44,7 @@ locals {
eventgrid_domain_key_name = format("%s-key", local.eventgrid_domain_name) eventgrid_domain_key_name = format("%s-key", local.eventgrid_domain_name)
eventgrid_records_topic_name = format("%s-recordstopic", local.eventgrid_domain_name) eventgrid_records_topic_name = format("%s-recordstopic", local.eventgrid_domain_name)
eventgrid_records_topic_endpoint = format("https://%s.%s-1.eventgrid.azure.net/api/events", local.eventgrid_records_topic, var.resource_group_location) eventgrid_records_topic_endpoint = format("https://%s.%s-1.eventgrid.azure.net/api/events", local.eventgrid_records_topic, var.resource_group_location)
encryption_key_identifier_name = format("%s-encryption-key-identifier", var.data_partition_name)
event_grid_resourcegroup_name = format("%s-eventgrid-resourcegroup", var.data_partition_name) event_grid_resourcegroup_name = format("%s-eventgrid-resourcegroup", var.data_partition_name)
elastic_endpoint = format("%s-elastic-endpoint", var.data_partition_name) elastic_endpoint = format("%s-elastic-endpoint", var.data_partition_name)
...@@ -159,6 +160,13 @@ resource "azurerm_key_vault_secret" "eventgrid_resource_group" { ...@@ -159,6 +160,13 @@ resource "azurerm_key_vault_secret" "eventgrid_resource_group" {
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
} }
resource "azurerm_key_vault_secret" "encryption_key_identifier_secret" {
name = local.encryption_key_identifier_name
value = azurerm_key_vault_key.encryption_key.id
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
}
#------------------------------- #-------------------------------
# Elastic # Elastic
#------------------------------- #-------------------------------
...@@ -178,4 +186,4 @@ resource "azurerm_key_vault_secret" "elastic_password" { ...@@ -178,4 +186,4 @@ resource "azurerm_key_vault_secret" "elastic_password" {
name = local.elastic_password name = local.elastic_password
value = var.elasticsearch_password value = var.elasticsearch_password
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
} }
\ No newline at end of file
...@@ -49,7 +49,7 @@ func TestTemplate(t *testing.T) { ...@@ -49,7 +49,7 @@ func TestTemplate(t *testing.T) {
TfOptions: tfOptions, TfOptions: tfOptions,
Workspace: workspace, Workspace: workspace,
PlanAssertions: nil, PlanAssertions: nil,
ExpectedResourceCount: 86, ExpectedResourceCount: 88,
ExpectedResourceAttributeValues: resourceDescription, ExpectedResourceAttributeValues: resourceDescription,
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment