Skip to content

Commit

Permalink
add kv for cert
Browse files Browse the repository at this point in the history
  • Loading branch information
@SalimKainos
SalimKainos committed Jul 1, 2024
1 parent 997a4e7 commit e883bdc
Show file tree
Hide file tree
Showing 4 changed files with 31 additions and 0 deletions.
12 changes: 12 additions & 0 deletions keyvault.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,3 +47,15 @@ data "azurerm_key_vault_secret" "nessus_agent_key" {
name = contains(["prod", "sbox"], var.env) ? "nessus-agent-key-${var.env}" : "nessus-agent-key-nonprod"
key_vault_id = data.azurerm_key_vault.soc_vault[0].id
}

data "azurerm_key_vault" "rhel_cert_vault" {
provider = azurerm.cnp
name = var.env == "prod" ? "infra-vault-prod" : "infra-vault-nonprod"
resource_group_name = local.cnp_vault_rg
}

data "azurerm_key_vault_secret" "rhel_cert" {
provider = azurerm.cnp
name = var.env == "prod" ? "rhel-cert-prod" : "rhel-cert"
key_vault_id = data.azurerm_key_vault.cnp_vault.id
}
1 change: 1 addition & 0 deletions locals.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ locals {
NESSUS_SERVER = var.nessus_server == null || var.nessus_server == "" ? local.nessus_server : var.nessus_server
NESSUS_KEY = var.nessus_key == null || var.nessus_key == "" ? (length(data.azurerm_key_vault_secret.nessus_agent_key) > 0 ? data.azurerm_key_vault_secret.nessus_agent_key[0].value : "") : var.nessus_key
NESSUS_GROUPS = var.nessus_groups == null || var.nessus_groups == "" ? "Platform-Operation-Bastions" : var.nessus_groups
RHEL_CERT = var.rhel_cert == null || var.rhel_cert == "" ? (length(data.azurerm_key_vault_secret.rhel_cert) > 0 ? data.azurerm_key_vault_secret.rhel_cert.value : "") : var.rhel_cert
}), var.additional_script_path == null ? "" : file("${var.additional_script_path}")))

additional_template_file = var.additional_script_uri != null ? format("%s%s%s", "[ ", "\"${var.additional_script_uri}\"", " ]") : "\"\""
Expand Down
12 changes: 12 additions & 0 deletions scripts/bootstrap_vm.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,18 @@ then
install_nessus "${NESSUS_SERVER}" "${NESSUS_KEY}" "${NESSUS_GROUPS}"
fi

# Create directory /etc/pki/product/.
mkdir -p /etc/pki/product/

# Write the certificate.
echo "${RHEL_CERT}" > /etc/pki/product/204.pem

# Change the permission and ownership of this file.
restorecon -Rv /etc/pki/product
chown root.root /etc/pki/product/204.pem
chmod 644 /etc/pki/product/204.pem
rct cat-cert /etc/pki/product/204.pem

# Check if the OS is RHEL 7
if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"7."* ]]; then
echo "This is Red Hat Enterprise Linux 7."
Expand Down
6 changes: 6 additions & 0 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -316,3 +316,9 @@ variable "soc_vault_name" {
type = string
default = "soc-prod"
}

variable "rhel_cert" {
description = "Redhat linking key - read input from keyvault."
type = string
default = null
}

0 comments on commit e883bdc

Please sign in to comment.