From ccab0f9002ee5924855f7c2d34bd01dc013a7837 Mon Sep 17 00:00:00 2001 From: lanttu1243 Date: Tue, 21 May 2024 18:08:25 +0300 Subject: [PATCH 1/6] Add digitransit subscription key --- modules/web/main.tf | 1 + modules/web/variables.tf | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/modules/web/main.tf b/modules/web/main.tf index 0432f18..5e88718 100644 --- a/modules/web/main.tf +++ b/modules/web/main.tf @@ -66,6 +66,7 @@ resource "azurerm_linux_web_app" "web" { NEXT_REVALIDATION_KEY = random_password.revalidation_key.result PUBLIC_SERVER_URL = "https://${azurerm_linux_web_app.cms.default_hostname}" PUBLIC_LEGACY_URL = var.public_legacy_url + DIGITRANSIT_SUBSCRIPTION_KEY = var.digitransit_subscription_key } } resource "random_password" "payload_secret" { diff --git a/modules/web/variables.tf b/modules/web/variables.tf index c69c329..8769f72 100644 --- a/modules/web/variables.tf +++ b/modules/web/variables.tf @@ -49,3 +49,7 @@ variable "public_ilmo_url" { variable "public_legacy_url" { type = string } + +variable "digitransit_subscription_key" { + type = string +} From 48bac73d76e410819077da80feecea1a1985260d Mon Sep 17 00:00:00 2001 From: lanttu1243 Date: Tue, 21 May 2024 19:49:21 +0300 Subject: [PATCH 2/6] move hsl api key to keyvault --- modules/keyvault/main.tf | 6 ++++++ modules/web/main.tf | 1 - 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/keyvault/main.tf b/modules/keyvault/main.tf index d05741c..a38ee75 100644 --- a/modules/keyvault/main.tf +++ b/modules/keyvault/main.tf @@ -65,6 +65,12 @@ resource "azurerm_key_vault_access_policy" "admin" { } +data "azurerm_key_vault_secret" "digitransit_subscription_key" { + name = "digitransit-subscription-key" + key_vault_id = azurerm_key_vault.keyvault.id + depends_on = [azurerm_key_vault_access_policy.admin, azurerm_key_vault_access_policy.CI] +} + data "azurerm_key_vault_secret" "ilmo_auth_jwt_secret" { name = "ilmo-auth-jwt-secret" key_vault_id = azurerm_key_vault.keyvault.id diff --git a/modules/web/main.tf b/modules/web/main.tf index 5e88718..0432f18 100644 --- a/modules/web/main.tf +++ b/modules/web/main.tf @@ -66,7 +66,6 @@ resource "azurerm_linux_web_app" "web" { NEXT_REVALIDATION_KEY = random_password.revalidation_key.result PUBLIC_SERVER_URL = "https://${azurerm_linux_web_app.cms.default_hostname}" PUBLIC_LEGACY_URL = var.public_legacy_url - DIGITRANSIT_SUBSCRIPTION_KEY = var.digitransit_subscription_key } } resource "random_password" "payload_secret" { From 5e7e02a5d4a5a52f6df40f0dcff558bd03fd02a4 Mon Sep 17 00:00:00 2001 From: lanttu1243 Date: Sat, 1 Jun 2024 23:45:40 +0300 Subject: [PATCH 3/6] Fix terraform error --- modules/web/variables.tf | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/web/variables.tf b/modules/web/variables.tf index 8769f72..a4da9ba 100644 --- a/modules/web/variables.tf +++ b/modules/web/variables.tf @@ -50,6 +50,3 @@ variable "public_legacy_url" { type = string } -variable "digitransit_subscription_key" { - type = string -} From 70c38c840d51b0c2e82ec8f491db0c1260dadd4d Mon Sep 17 00:00:00 2001 From: lanttu1243 Date: Sat, 1 Jun 2024 23:51:35 +0300 Subject: [PATCH 4/6] add key specs to output.tf --- modules/keyvault/output.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/keyvault/output.tf b/modules/keyvault/output.tf index fc82df1..53ac24e 100644 --- a/modules/keyvault/output.tf +++ b/modules/keyvault/output.tf @@ -2,6 +2,11 @@ output "keyvault_id" { value = azurerm_key_vault.keyvault.id } +output "digitransit_subscription_key" { + value = data.azurerm_key_vault_secret.digitransit_subscription_key + sensitive = true +} + output "ilmo_auth_jwt_secret" { value = data.azurerm_key_vault_secret.ilmo_auth_jwt_secret.value sensitive = true From 0f0c087941f02541575c6704e7f1356748f1b0a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kalle=20Ahlstr=C3=B6m?= Date: Sat, 15 Jun 2024 12:17:56 +0300 Subject: [PATCH 5/6] web: add digitransit subscription key to next web app env --- main.tf | 27 ++++++++++++++------------- modules/web/main.tf | 15 ++++++++------- modules/web/variables.tf | 4 ++++ 3 files changed, 26 insertions(+), 20 deletions(-) diff --git a/main.tf b/main.tf index 016217c..11aab8f 100644 --- a/main.tf +++ b/main.tf @@ -139,19 +139,20 @@ resource "azurerm_key_vault_secret" "mongo_db_connection_string" { } module "web" { - source = "./modules/web" - resource_group_location = local.resource_group_location - resource_group_name = module.common.resource_group_name - app_service_plan_id = module.common.tikweb_app_plan_id - acme_account_key = module.common.acme_account_key - root_zone_name = module.dns_prod.root_zone_name - dns_resource_group_name = module.dns_prod.resource_group_name - subdomain = "@" - mongo_connection_string = module.mongodb.db_connection_string - google_oauth_client_id = module.keyvault.google_oauth_client_id - google_oauth_client_secret = module.keyvault.google_oauth_client_secret - public_ilmo_url = "https://${module.ilmo.fqdn}" - public_legacy_url = "https://tietokilta.fi" + source = "./modules/web" + resource_group_location = local.resource_group_location + resource_group_name = module.common.resource_group_name + app_service_plan_id = module.common.tikweb_app_plan_id + acme_account_key = module.common.acme_account_key + root_zone_name = module.dns_prod.root_zone_name + dns_resource_group_name = module.dns_prod.resource_group_name + subdomain = "@" + mongo_connection_string = module.mongodb.db_connection_string + google_oauth_client_id = module.keyvault.google_oauth_client_id + google_oauth_client_secret = module.keyvault.google_oauth_client_secret + public_ilmo_url = "https://${module.ilmo.fqdn}" + public_legacy_url = "https://tietokilta.fi" + digitransit_subscription_key = module.keyvault.digitransit_subscription_key } resource "azurerm_key_vault_secret" "cms_password" { name = "cms-password" diff --git a/modules/web/main.tf b/modules/web/main.tf index 0432f18..2b6e03c 100644 --- a/modules/web/main.tf +++ b/modules/web/main.tf @@ -59,13 +59,14 @@ resource "azurerm_linux_web_app" "web" { } https_only = true app_settings = { - NODE_ENVIRONMENT = "production" - PUBLIC_ILMOMASIINA_URL = var.public_ilmo_url - WEBSITES_PORT = 3000 - PORT = 3000 - NEXT_REVALIDATION_KEY = random_password.revalidation_key.result - PUBLIC_SERVER_URL = "https://${azurerm_linux_web_app.cms.default_hostname}" - PUBLIC_LEGACY_URL = var.public_legacy_url + NODE_ENVIRONMENT = "production" + PUBLIC_ILMOMASIINA_URL = var.public_ilmo_url + WEBSITES_PORT = 3000 + PORT = 3000 + NEXT_REVALIDATION_KEY = random_password.revalidation_key.result + PUBLIC_SERVER_URL = "https://${azurerm_linux_web_app.cms.default_hostname}" + PUBLIC_LEGACY_URL = var.public_legacy_url + DIGITRANSIT_SUBSCRIPTION_KEY = var.digitransit_subscription_key } } resource "random_password" "payload_secret" { diff --git a/modules/web/variables.tf b/modules/web/variables.tf index a4da9ba..3116ee8 100644 --- a/modules/web/variables.tf +++ b/modules/web/variables.tf @@ -50,3 +50,7 @@ variable "public_legacy_url" { type = string } +variable "digitransit_subscription_key" { + type = string + sensitive = true +} From a71f641e4a11579e6dc099f5e0e2a488baa28023 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kalle=20Ahlstr=C3=B6m?= Date: Sat, 15 Jun 2024 12:21:55 +0300 Subject: [PATCH 6/6] fix: fix digitransit_subscription_key keyvault output --- modules/keyvault/output.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/keyvault/output.tf b/modules/keyvault/output.tf index 53ac24e..8425fc3 100644 --- a/modules/keyvault/output.tf +++ b/modules/keyvault/output.tf @@ -3,7 +3,7 @@ output "keyvault_id" { } output "digitransit_subscription_key" { - value = data.azurerm_key_vault_secret.digitransit_subscription_key + value = data.azurerm_key_vault_secret.digitransit_subscription_key.value sensitive = true }