Linter

main.tf

@@ -0,0 +1,38 @@
+data "azurerm_client_config" "current" {}
+
+resource "azurerm_resource_group" "this" {
+  name     = var.resource_group.name
+  location = var.location
+  tags = merge(
+    try(var.tags),
+    tomap({
+      "Resource Type" = "Resource Group"
+    })
+  )
+}
+
+module "keyvault_with_cmk" {
+  source = "github.com/schubergphilis/terraform-azure-mcaf-key-vault.git"
+
+  key_vault = {
+    name                            = var.key_vault.name
+    tenant_id                       = data.azurerm_client_config.current.tenant_id
+    resource_group_name             = azurerm_resource_group.this.name
+    location                        = var.location
+    enabled_for_disk_encryption     = true
+    enabled_for_deployment          = false
+    enabled_for_template_deployment = false
+    enable_rbac_authorization       = true
+    purge_protection                = true
+    soft_delete_retention_days      = 30
+    sku                             = "standard"
+    ip_rules                        = length(var.key_vault.ip_rules) == 0 ? null : var.key_vault.ip_rules
+    subnet_ids                      = length(var.key_vault.subnet_ids) == 0 ? null : var.key_vault.subnet_ids
+    network_bypass                  = "AzureServices"
+    cmk_keys_create                 = true
+    cmkrsa_key_name                 = var.key_vault.cmkrsa_key_name
+    cmkec_key_name                  = var.key_vault.cmkec_key_name
+  }
+
+  tags = var.tags
+}

outputs.tf

@@ -0,0 +1,21 @@
+output "key_vault_id" {
+  value = module.keyvault_with_cmk.key_vault_id
+}
+
+output "key_vault_name" {
+  value = module.keyvault_with_cmk.key_vault_name
+}
+
+output "key_vault_uri" {
+  value = module.keyvault_with_cmk.key_vault_uri
+}
+
+output "key_vault_cmkrsa_key_name" {
+  value       = module.keyvault_with_cmk.key_vault_cmkrsa_keyname
+  description = "CMK RSA Key Name"
+}
+
+output "key_vault_cmkrsa_id" {
+  value       = module.keyvault_with_cmk.key_vault_cmkrsa_id
+  description = "CMK RSA Key ID"
+}

terraform.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.7"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 4"
+    }
+  }
+}

variables.tf

@@ -0,0 +1,47 @@
+variable "resource_group" {
+  description = "The name of the resource group in which to create the resources."
+  type = object({
+    name = string
+  })
+  default = {
+    name = null
+  }
+}
+
+variable "key_vault" {
+  type = object({
+    name                            = string
+    enabled_for_disk_encryption     = optional(bool, false)
+    enabled_for_deployment          = optional(bool, false)
+    enabled_for_template_deployment = optional(bool, false)
+    enable_rbac_authorization       = optional(bool, true)
+    purge_protection                = optional(bool, true)
+    soft_delete_retention_days      = optional(number, 30)
+    sku                             = optional(string, "standard")
+    ip_rules                        = optional(list(string), [])
+    subnet_ids                      = optional(list(string), [])
+    network_bypass                  = optional(string, "None")
+    cmk_keys_create                 = optional(bool, true)
+    cmkrsa_key_name                 = optional(string, "cmkrsa")
+    cmkec_key_name                  = optional(string, "cmkec")
+    cmk_rotation_period             = optional(string, "P90D")
+  })
+}
+
+variable "location" {
+  description = "Location of the resources to create"
+  type        = string
+}
+
+variable "tags" {
+  description = "A map of tags to assign to the resource."
+  type        = map(string)
+  default     = {}
+}
+
+variable "zones" {
+  type        = list(string)
+  default     = []
+  description = "A list of availability zones in which the resource should be created."
+}
+