Add digitransit subscription key

main.tf

@@ -139,19 +139,20 @@ resource "azurerm_key_vault_secret" "mongo_db_connection_string" {
 }
 
 module "web" {
-  source                     = "./modules/web"
-  resource_group_location    = local.resource_group_location
-  resource_group_name        = module.common.resource_group_name
-  app_service_plan_id        = module.common.tikweb_app_plan_id
-  acme_account_key           = module.common.acme_account_key
-  root_zone_name             = module.dns_prod.root_zone_name
-  dns_resource_group_name    = module.dns_prod.resource_group_name
-  subdomain                  = "@"
-  mongo_connection_string    = module.mongodb.db_connection_string
-  google_oauth_client_id     = module.keyvault.google_oauth_client_id
-  google_oauth_client_secret = module.keyvault.google_oauth_client_secret
-  public_ilmo_url            = "https://${module.ilmo.fqdn}"
-  public_legacy_url          = "https://tietokilta.fi"
+  source                       = "./modules/web"
+  resource_group_location      = local.resource_group_location
+  resource_group_name          = module.common.resource_group_name
+  app_service_plan_id          = module.common.tikweb_app_plan_id
+  acme_account_key             = module.common.acme_account_key
+  root_zone_name               = module.dns_prod.root_zone_name
+  dns_resource_group_name      = module.dns_prod.resource_group_name
+  subdomain                    = "@"
+  mongo_connection_string      = module.mongodb.db_connection_string
+  google_oauth_client_id       = module.keyvault.google_oauth_client_id
+  google_oauth_client_secret   = module.keyvault.google_oauth_client_secret
+  public_ilmo_url              = "https://${module.ilmo.fqdn}"
+  public_legacy_url            = "https://tietokilta.fi"
+  digitransit_subscription_key = module.keyvault.digitransit_subscription_key
 }
 resource "azurerm_key_vault_secret" "cms_password" {
   name         = "cms-password"

modules/keyvault/main.tf

@@ -65,6 +65,12 @@ resource "azurerm_key_vault_access_policy" "admin" {
 
 }
 
+data "azurerm_key_vault_secret" "digitransit_subscription_key" {
+  name         = "digitransit-subscription-key"
+  key_vault_id = azurerm_key_vault.keyvault.id
+  depends_on   = [azurerm_key_vault_access_policy.admin, azurerm_key_vault_access_policy.CI]
+}
+
 data "azurerm_key_vault_secret" "ilmo_auth_jwt_secret" {
   name         = "ilmo-auth-jwt-secret"
   key_vault_id = azurerm_key_vault.keyvault.id

modules/keyvault/output.tf

@@ -2,6 +2,11 @@ output "keyvault_id" {
   value = azurerm_key_vault.keyvault.id
 }
 
+output "digitransit_subscription_key" {
+  value     = data.azurerm_key_vault_secret.digitransit_subscription_key.value
+  sensitive = true
+}
+
 output "ilmo_auth_jwt_secret" {
   value     = data.azurerm_key_vault_secret.ilmo_auth_jwt_secret.value
   sensitive = true

modules/web/main.tf

@@ -59,13 +59,14 @@ resource "azurerm_linux_web_app" "web" {
   }
   https_only = true
   app_settings = {
-    NODE_ENVIRONMENT       = "production"
-    PUBLIC_ILMOMASIINA_URL = var.public_ilmo_url
-    WEBSITES_PORT          = 3000
-    PORT                   = 3000
-    NEXT_REVALIDATION_KEY  = random_password.revalidation_key.result
-    PUBLIC_SERVER_URL      = "https://${azurerm_linux_web_app.cms.default_hostname}"
-    PUBLIC_LEGACY_URL      = var.public_legacy_url
+    NODE_ENVIRONMENT             = "production"
+    PUBLIC_ILMOMASIINA_URL       = var.public_ilmo_url
+    WEBSITES_PORT                = 3000
+    PORT                         = 3000
+    NEXT_REVALIDATION_KEY        = random_password.revalidation_key.result
+    PUBLIC_SERVER_URL            = "https://${azurerm_linux_web_app.cms.default_hostname}"
+    PUBLIC_LEGACY_URL            = var.public_legacy_url
+    DIGITRANSIT_SUBSCRIPTION_KEY = var.digitransit_subscription_key
   }
 }
 resource "random_password" "payload_secret" {

modules/web/variables.tf

@@ -49,3 +49,8 @@ variable "public_ilmo_url" {
 variable "public_legacy_url" {
   type = string
 }
+
+variable "digitransit_subscription_key" {
+  type      = string
+  sensitive = true
+}