From 7a4c74f1e36f8c242b4f0b936429c7a0e170575f Mon Sep 17 00:00:00 2001 From: RobertGHippo Date: Fri, 26 Jul 2024 11:41:33 +0100 Subject: [PATCH 1/2] Added storage account connection string secret. --- terraform/main.tf | 1 + terraform/modules/azure-storage/storage.tf | 7 +++++++ terraform/modules/azure-storage/variables.tf | 7 ++++++- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/terraform/main.tf b/terraform/main.tf index 9be48fb9..a46ee603 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -58,6 +58,7 @@ module "storage" { location = var.azure_region resource_group = azurerm_resource_group.rg.name + kv_id = module.network.kv_id tags = local.common_tags } diff --git a/terraform/modules/azure-storage/storage.tf b/terraform/modules/azure-storage/storage.tf index f451ef1e..897e3000 100644 --- a/terraform/modules/azure-storage/storage.tf +++ b/terraform/modules/azure-storage/storage.tf @@ -60,3 +60,10 @@ resource "azurerm_storage_container" "data_protection" { #checkov:skip=CKV2_AZURE_21:Logging not required } + +resource "azurerm_key_vault_secret" "storage_connection_string" { + name = "Storage--ConnectionString" + value = azurerm_storage_account.sa.primary_connection_string + key_vault_id = var.kv_id +} + diff --git a/terraform/modules/azure-storage/variables.tf b/terraform/modules/azure-storage/variables.tf index 8ad2db75..dca8b2b1 100644 --- a/terraform/modules/azure-storage/variables.tf +++ b/terraform/modules/azure-storage/variables.tf @@ -8,7 +8,12 @@ variable "resource_group" { type = string } +variable "kv_id" { + description = "The ID of the Key Vault" + type = string +} + variable "tags" { description = "Resource tags" type = map(string) -} \ No newline at end of file +} From f22585a55e8316f95fd2a1caa526c80688c34ff9 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 26 Jul 2024 10:44:19 +0000 Subject: [PATCH 2/2] terraform-docs: automated action --- terraform/modules/azure-storage/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/terraform/modules/azure-storage/README.md b/terraform/modules/azure-storage/README.md index e1e6af4e..46a15edd 100644 --- a/terraform/modules/azure-storage/README.md +++ b/terraform/modules/azure-storage/README.md @@ -22,6 +22,7 @@ No modules. | Name | Type | |------|------| +| [azurerm_key_vault_secret.storage_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | | [azurerm_storage_account.sa](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource | | [azurerm_storage_container.data_protection](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource | | [random_string.resource_code](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | @@ -30,6 +31,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [kv\_id](#input\_kv\_id) | The ID of the Key Vault | `string` | n/a | yes | | [location](#input\_location) | Name of the Azure region to deploy resources | `string` | n/a | yes | | [resource\_group](#input\_resource\_group) | Name of the Azure Resource Group to deploy resources | `string` | n/a | yes | | [tags](#input\_tags) | Resource tags | `map(string)` | n/a | yes |