skip: update CI 272

epam · Sep 25, 2024 · 28eede7 · 28eede7
1 parent 33603a9
commit 28eede7
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 3 deletions.
diff --git a/auto_policy_testing/green/cosmosdb/cosmosdb.tf b/auto_policy_testing/green/cosmosdb/cosmosdb.tf
@@ -25,7 +25,7 @@ resource "azurerm_cosmosdb_account" "this" {
 
   ip_range_filter = "127.0.0.1"
 
-  key_vault_key_id = data.terraform_remote_state.common.outputs.key_versionless_id
+  key_vault_key_id = azurerm_key_vault_key.this.versionless_id
 
   access_key_metadata_writes_enabled = false
 

diff --git a/auto_policy_testing/green/cosmosdb/key_vault.tf b/auto_policy_testing/green/cosmosdb/key_vault.tf
@@ -4,8 +4,58 @@ data "azuread_service_principal" "cosmosdb" {
   display_name = "Azure Cosmos DB"
 }
 
+resource "azurerm_key_vault" "this" {
+  name                       = "${module.naming.resource_prefix.keyvault}kv${random_integer.this.result}"
+  location                   = data.terraform_remote_state.common.outputs.location
+  resource_group_name        = data.terraform_remote_state.common.outputs.resource_group
+  tenant_id                  = data.azurerm_client_config.current.tenant_id
+  sku_name                   = "standard"
+  soft_delete_retention_days = 7
+  purge_protection_enabled   = true
+
+  access_policy {
+    tenant_id = data.azurerm_client_config.current.tenant_id
+    object_id = data.azurerm_client_config.current.object_id
+
+    key_permissions = [
+      "Get", "Create", "Delete", "List", "Restore", "Recover", "UnwrapKey", "WrapKey", "Purge", "Encrypt", "Decrypt", "Sign", "Verify", "GetRotationPolicy", "SetRotationPolicy"
+    ]
+
+    secret_permissions = [
+      "Get",
+      "List",
+      "Set",
+      "Delete",
+      "Purge",
+    ]
+
+  }
+
+  tags = module.naming.default_tags
+}
+
+resource "azurerm_key_vault_key" "this" {
+  name            = "${module.naming.resource_prefix.keyvaultkey}key${random_integer.this.result}"
+  key_vault_id    = azurerm_key_vault.this.id
+  key_type        = "RSA"
+  key_size        = 2048
+  expiration_date = "2025-01-01T12:00:00Z"
+
+  key_opts = [
+    "decrypt",
+    "encrypt",
+    "sign",
+    "unwrapKey",
+    "verify",
+    "wrapKey",
+  ]
+
+  tags = module.naming.default_tags
+}
+
+
 resource "azurerm_key_vault_access_policy" "cosmosdb" {
-  key_vault_id = data.terraform_remote_state.common.outputs.key_vault_id
+  key_vault_id = azurerm_key_vault.this.id
   tenant_id = data.azurerm_client_config.current.tenant_id
   object_id = data.azuread_service_principal.cosmosdb.id
 

diff --git a/auto_policy_testing/green/cosmosdb/provider.tf b/auto_policy_testing/green/cosmosdb/provider.tf
@@ -14,5 +14,10 @@ terraform {
 }
 
 provider "azurerm" {
-  features {}
+  features {
+    key_vault {
+      purge_soft_delete_on_destroy       = true
+      purge_soft_deleted_keys_on_destroy = true
+    }
+  }
 }