Skip to content

Commit f8ed07f

Browse files
vit-corpvit-corp
committed
skip: update CI 219
1 parent 4db5dda commit f8ed07f

File tree

3 files changed

+51
-6
lines changed

3 files changed

+51
-6
lines changed

auto_policy_testing/green/postgresql/key_vault.tf

Lines changed: 35 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,42 @@
11
data "azurerm_client_config" "current" {}
22

3-
resource "azurerm_key_vault_access_policy" "server" {
4-
key_vault_id = data.terraform_remote_state.common.outputs.key_vault_id
5-
tenant_id = azurerm_postgresql_server.cmk.identity[0].tenant_id
3+
resource "azurerm_key_vault" "this" {
4+
name = "${module.naming.resource_prefix.keyvault}postgres${random_integer.this.result}"
5+
location = azurerm_resource_group.this.location
6+
resource_group_name = azurerm_resource_group.this.name
7+
tenant_id = data.azurerm_client_config.current.tenant_id
8+
sku_name = "premium"
9+
10+
purge_protection_enabled = true
11+
}
12+
13+
resource "azurerm_key_vault_access_policy" "postgresql" {
14+
key_vault_id = azurerm_key_vault.this.id
15+
tenant_id = data.azurerm_client_config.current.tenant_id
616
object_id = azurerm_postgresql_server.cmk.identity[0].principal_id
717

818
key_permissions = ["Get", "UnwrapKey", "WrapKey"]
919
secret_permissions = ["Get"]
20+
}
21+
22+
resource "azurerm_key_vault_access_policy" "client" {
23+
key_vault_id = azurerm_key_vault.this.id
24+
tenant_id = data.azurerm_client_config.current.tenant_id
25+
object_id = data.azurerm_client_config.current.object_id
26+
27+
key_permissions = ["Get", "Create", "Delete", "List", "Restore", "Recover", "UnwrapKey", "WrapKey", "Purge", "Encrypt", "Decrypt", "Sign", "Verify", "GetRotationPolicy", "SetRotationPolicy"]
28+
secret_permissions = ["Get"]
29+
}
30+
31+
resource "azurerm_key_vault_key" "this" {
32+
name = "${module.naming.resource_prefix.keyvault-key}-${random_integer.this.result}"
33+
key_vault_id = azurerm_key_vault.this.id
34+
key_type = "RSA"
35+
key_size = 2048
36+
key_opts = ["decrypt", "encrypt", "sign", "unwrapKey", "verify", "wrapKey"]
37+
38+
depends_on = [
39+
azurerm_key_vault_access_policy.client,
40+
azurerm_key_vault_access_policy.postgresql
41+
]
1042
}

auto_policy_testing/green/postgresql/postgresql_server_cmk.tf

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,15 @@
1+
resource "azurerm_resource_group" "this" {
2+
name = "postgrescmk-rg-green"
3+
location = data.terraform_remote_state.common.outputs.location
4+
5+
tags = module.naming.default_tags
6+
}
7+
8+
19
resource "azurerm_postgresql_server" "cmk" {
210
name = "${module.naming.resource_prefix.postgresql-server}-cmk"
3-
location = data.terraform_remote_state.common.outputs.location
4-
resource_group_name = data.terraform_remote_state.common.outputs.resource_group
11+
location = azurerm_resource_group.this.location
12+
resource_group_name = azurerm_resource_group.this.name
513

614
sku_name = "GP_Gen5_2"
715
version = "11"

auto_policy_testing/green/postgresql/provider.tf

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,5 +14,10 @@ terraform {
1414
}
1515

1616
provider "azurerm" {
17-
features {}
17+
features {
18+
key_vault {
19+
purge_soft_delete_on_destroy = true
20+
purge_soft_deleted_keys_on_destroy = false
21+
}
22+
}
1823
}

0 commit comments

Comments
 (0)