From e6b0a598e54735086cada905c5bc2530fc8f74e3 Mon Sep 17 00:00:00 2001 From: Dennis van der Meulen Date: Mon, 4 Nov 2024 10:18:08 +0100 Subject: [PATCH] Linter --- main.tf | 38 ++++++++++++++++++++++++++++++++++++++ outputs.tf | 21 +++++++++++++++++++++ terraform.tf | 10 ++++++++++ variables.tf | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 116 insertions(+) create mode 100644 main.tf create mode 100644 outputs.tf create mode 100644 terraform.tf create mode 100644 variables.tf diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..e415618 --- /dev/null +++ b/main.tf @@ -0,0 +1,38 @@ +data "azurerm_client_config" "current" {} + +resource "azurerm_resource_group" "this" { + name = var.resource_group.name + location = var.location + tags = merge( + try(var.tags), + tomap({ + "Resource Type" = "Resource Group" + }) + ) +} + +module "keyvault_with_cmk" { + source = "github.com/schubergphilis/terraform-azure-mcaf-key-vault.git" + + key_vault = { + name = var.key_vault.name + tenant_id = data.azurerm_client_config.current.tenant_id + resource_group_name = azurerm_resource_group.this.name + location = var.location + enabled_for_disk_encryption = true + enabled_for_deployment = false + enabled_for_template_deployment = false + enable_rbac_authorization = true + purge_protection = true + soft_delete_retention_days = 30 + sku = "standard" + ip_rules = length(var.key_vault.ip_rules) == 0 ? null : var.key_vault.ip_rules + subnet_ids = length(var.key_vault.subnet_ids) == 0 ? null : var.key_vault.subnet_ids + network_bypass = "AzureServices" + cmk_keys_create = true + cmkrsa_key_name = var.key_vault.cmkrsa_key_name + cmkec_key_name = var.key_vault.cmkec_key_name + } + + tags = var.tags +} diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..f8a34e5 --- /dev/null +++ b/outputs.tf @@ -0,0 +1,21 @@ +output "key_vault_id" { + value = module.keyvault_with_cmk.key_vault_id +} + +output "key_vault_name" { + value = module.keyvault_with_cmk.key_vault_name +} + +output "key_vault_uri" { + value = module.keyvault_with_cmk.key_vault_uri +} + +output "key_vault_cmkrsa_key_name" { + value = module.keyvault_with_cmk.key_vault_cmkrsa_keyname + description = "CMK RSA Key Name" +} + +output "key_vault_cmkrsa_id" { + value = module.keyvault_with_cmk.key_vault_cmkrsa_id + description = "CMK RSA Key ID" +} diff --git a/terraform.tf b/terraform.tf new file mode 100644 index 0000000..ca9101b --- /dev/null +++ b/terraform.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.7" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">= 4" + } + } +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..fa4bac3 --- /dev/null +++ b/variables.tf @@ -0,0 +1,47 @@ +variable "resource_group" { + description = "The name of the resource group in which to create the resources." + type = object({ + name = string + }) + default = { + name = null + } +} + +variable "key_vault" { + type = object({ + name = string + enabled_for_disk_encryption = optional(bool, false) + enabled_for_deployment = optional(bool, false) + enabled_for_template_deployment = optional(bool, false) + enable_rbac_authorization = optional(bool, true) + purge_protection = optional(bool, true) + soft_delete_retention_days = optional(number, 30) + sku = optional(string, "standard") + ip_rules = optional(list(string), []) + subnet_ids = optional(list(string), []) + network_bypass = optional(string, "None") + cmk_keys_create = optional(bool, true) + cmkrsa_key_name = optional(string, "cmkrsa") + cmkec_key_name = optional(string, "cmkec") + cmk_rotation_period = optional(string, "P90D") + }) +} + +variable "location" { + description = "Location of the resources to create" + type = string +} + +variable "tags" { + description = "A map of tags to assign to the resource." + type = map(string) + default = {} +} + +variable "zones" { + type = list(string) + default = [] + description = "A list of availability zones in which the resource should be created." +} +