/
secrets.tf
189 lines (151 loc) · 7.05 KB
/
secrets.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
// Copyright © Microsoft Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
.Synopsis
Terraform Secrets Control
.DESCRIPTION
This file holds KV Secrets.
*/
#-------------------------------
# Private Variables
#-------------------------------
locals {
partition_id = format("%s-id", var.data_partition_name)
storage_account_name = format("%s-storage", var.data_partition_name)
storage_key_name = format("%s-key", local.storage_account_name)
sdms_storage_account_name = format("%s-sdms-storage", var.data_partition_name)
sdms_storage_key_name = format("%s-key", local.sdms_storage_account_name)
cosmos_connection = format("%s-cosmos-connection", var.data_partition_name)
cosmos_endpoint = format("%s-cosmos-endpoint", var.data_partition_name)
cosmos_primary_key = format("%s-cosmos-primary-key", var.data_partition_name)
sb_namespace_name = format("%s-sb-namespace", var.data_partition_name)
sb_connection = format("%s-sb-connection", var.data_partition_name)
eventgrid_domain_name = format("%s-eventgrid", var.data_partition_name)
eventgrid_domain_key_name = format("%s-key", local.eventgrid_domain_name)
eventgrid_records_topic_name = format("%s-recordstopic", local.eventgrid_domain_name)
eventgrid_records_topic_endpoint = format("https://%s.%s-1.eventgrid.azure.net/api/events", local.eventgrid_records_topic, var.resource_group_location)
encryption_key_identifier_name = format("%s-encryption-key-identifier", var.data_partition_name)
event_grid_resourcegroup_name = format("%s-eventgrid-resourcegroup", var.data_partition_name)
elastic_endpoint = format("%s-elastic-endpoint", var.data_partition_name)
elastic_username = format("%s-elastic-username", var.data_partition_name)
elastic_password = format("%s-elastic-password", var.data_partition_name)
}
#-------------------------------
# Partition
#-------------------------------
resource "azurerm_key_vault_secret" "partition_id" {
name = local.partition_id
value = var.data_partition_name
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
}
#-------------------------------
# Storage
#-------------------------------
resource "azurerm_key_vault_secret" "storage_name" {
name = local.storage_account_name
value = module.storage_account.name
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
}
resource "azurerm_key_vault_secret" "storage_key" {
name = local.storage_key_name
value = module.storage_account.primary_access_key
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
}
resource "azurerm_key_vault_secret" "sdms_storage_name" {
name = local.sdms_storage_account_name
value = module.sdms_storage_account.name
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
}
resource "azurerm_key_vault_secret" "sdms_storage_key" {
name = local.sdms_storage_key_name
value = module.sdms_storage_account.primary_access_key
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
}
#-------------------------------
# CosmosDB
#-------------------------------
resource "azurerm_key_vault_secret" "cosmos_connection" {
name = local.cosmos_connection
value = module.cosmosdb_account.properties.cosmosdb.connection_strings[0]
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
}
resource "azurerm_key_vault_secret" "cosmos_endpoint" {
name = local.cosmos_endpoint
value = module.cosmosdb_account.properties.cosmosdb.endpoint
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
}
resource "azurerm_key_vault_secret" "cosmos_key" {
name = local.cosmos_primary_key
value = module.cosmosdb_account.properties.cosmosdb.primary_master_key
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
}
#-------------------------------
# Azure Service Bus
#-------------------------------
resource "azurerm_key_vault_secret" "sb_namespace" {
name = local.sb_namespace_name
value = module.service_bus.name
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
}
resource "azurerm_key_vault_secret" "sb_connection" {
name = local.sb_connection
value = module.service_bus.default_connection_string
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
}
#-------------------------------
# Azure Event Grid
#-------------------------------
resource "azurerm_key_vault_secret" "eventgrid_name" {
name = local.eventgrid_domain_name
value = module.event_grid.name
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
}
resource "azurerm_key_vault_secret" "eventgrid_key" {
name = local.eventgrid_domain_key_name
value = module.event_grid.primary_access_key
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
}
resource "azurerm_key_vault_secret" "recordstopic_name" {
name = local.eventgrid_records_topic_name
value = local.eventgrid_records_topic_endpoint
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
}
resource "azurerm_key_vault_secret" "eventgrid_resource_group" {
name = local.event_grid_resourcegroup_name
value = azurerm_resource_group.main.name
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
}
resource "azurerm_key_vault_secret" "encryption_key_identifier_secret" {
name = local.encryption_key_identifier_name
value = azurerm_key_vault_key.encryption_key.id
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
}
#-------------------------------
# Elastic
#-------------------------------
resource "azurerm_key_vault_secret" "elastic_endpoint" {
name = local.elastic_endpoint
value = var.elasticsearch_endpoint
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
}
resource "azurerm_key_vault_secret" "elastic_username" {
name = local.elastic_username
value = var.elasticsearch_username
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
}
resource "azurerm_key_vault_secret" "elastic_password" {
name = local.elastic_password
value = var.elasticsearch_password
key_vault_id = data.terraform_remote_state.central_resources.outputs.keyvault_id
}