From 323c50d153c8d5d9caca840db2402ad4aaeb614a Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Thu, 20 Jun 2024 16:38:38 +0100
Subject: [PATCH] Switch to using a Service Principal for Terraform deployments
---
terraform/README.md | 4 ++++
terraform/backend.tf | 6 ++++--
terraform/providers.tf | 5 +++++
terraform/variables.tf | 21 +++++++++++++++++++++
4 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/terraform/README.md b/terraform/README.md
index 2cd85acc0..4d43fc3d7 100644
--- a/terraform/README.md
+++ b/terraform/README.md
@@ -149,7 +149,11 @@ No resources.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
+| [azure\_client\_id](#input\_azure\_client\_id) | Service Principal Client ID | `string` | n/a | yes |
+| [azure\_client\_secret](#input\_azure\_client\_secret) | Service Principal Client Secret | `string` | n/a | yes |
| [azure\_location](#input\_azure\_location) | Azure location in which to launch resources. | `string` | n/a | yes |
+| [azure\_subscription\_id](#input\_azure\_subscription\_id) | Service Principal Subscription ID | `string` | n/a | yes |
+| [azure\_tenant\_id](#input\_azure\_tenant\_id) | Service Principal Tenant ID | `string` | n/a | yes |
| [cdn\_frontdoor\_custom\_domains](#input\_cdn\_frontdoor\_custom\_domains) | Azure CDN Front Door custom domains. If they are within the DNS zone (optionally created), the Validation TXT records and ALIAS/CNAME records will be created | `list(string)` | n/a | yes |
| [cdn\_frontdoor\_enable\_rate\_limiting](#input\_cdn\_frontdoor\_enable\_rate\_limiting) | Enable CDN Front Door Rate Limiting. This will create a WAF policy, and CDN security policy. For pricing reasons, there will only be one WAF policy created. | `bool` | n/a | yes |
| [cdn\_frontdoor\_forwarding\_protocol](#input\_cdn\_frontdoor\_forwarding\_protocol) | Azure CDN Front Door forwarding protocol | `string` | `"HttpsOnly"` | no |
diff --git a/terraform/backend.tf b/terraform/backend.tf
index 3bd95444b..40e5c4331 100644
--- a/terraform/backend.tf
+++ b/terraform/backend.tf
@@ -1,3 +1,5 @@
terraform {
- backend "azurerm" {}
-}
\ No newline at end of file
+ backend "azurerm" {
+ use_azuread_auth = true
+ }
+}
diff --git a/terraform/providers.tf b/terraform/providers.tf
index 874095c71..1f88c3e54 100644
--- a/terraform/providers.tf
+++ b/terraform/providers.tf
@@ -1,6 +1,11 @@
provider "azurerm" {
features {}
skip_provider_registration = true
+ storage_use_azuread = true
+ client_id = var.azure_client_id
+ client_secret = var.azure_client_secret
+ tenant_id = var.azure_tenant_id
+ subscription_id = var.azure_subscription_id
}
provider "azapi" {
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 2fc43c92b..ad65a7b9b 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -1,3 +1,24 @@
+variable "azure_client_id" {
+ description = "Service Principal Client ID"
+ type = string
+}
+
+variable "azure_client_secret" {
+ description = "Service Principal Client Secret"
+ type = string
+ sensitive = true
+}
+
+variable "azure_tenant_id" {
+ description = "Service Principal Tenant ID"
+ type = string
+}
+
+variable "azure_subscription_id" {
+ description = "Service Principal Subscription ID"
+ type = string
+}
+
variable "environment" {
description = "Environment name. Will be used along with `project_name` as a prefix for all resources."
type = string