From b48f9b0c7940cbff0215cfbc5416bbdb82e2550c Mon Sep 17 00:00:00 2001
From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com>
Date: Sat, 1 Mar 2025 09:24:01 +0000
Subject: [PATCH] feat: many fixes
---
README.md | 26 ++++++++++++++-
examples/access-policies/README.md | 8 ++---
examples/access-policies/main.tf | 4 +--
examples/create-key/README.md | 4 +--
examples/create-key/main.tf | 2 +-
examples/create-secret/README.md | 18 ++++++++---
examples/create-secret/main.tf | 8 +++--
examples/default/README.md | 26 ++++++---------
examples/default/main.tf | 22 ++++---------
examples/diagnostic-settings/README.md | 8 ++---
examples/diagnostic-settings/main.tf | 4 +--
examples/private-endpoint/README.md | 8 ++---
examples/private-endpoint/main.tf | 4 +--
main.tf | 2 ++
modules/key/README.md | 4 +--
modules/key/terraform.tf | 2 +-
modules/secret/README.md | 4 +--
modules/secret/terraform.tf | 2 +-
outputs.tf | 33 ++++++++++++++++++-
terraform.tf | 2 +-
tests/unit/unit.tftest.hcl | 44 --------------------------
21 files changed, 122 insertions(+), 113 deletions(-)
diff --git a/README.md b/README.md
index 1cc080d..5e13d2c 100644
--- a/README.md
+++ b/README.md
@@ -10,7 +10,7 @@ The following requirements are needed by this module:
- [terraform](#requirement\_terraform) (>= 1.9, < 2.0)
-- [azurerm](#requirement\_azurerm) (>= 3.87)
+- [azurerm](#requirement\_azurerm) (>= 3.117, < 5.0)
- [modtm](#requirement\_modtm) (~> 0.3)
@@ -534,10 +534,24 @@ Default: `{}`
The following outputs are exported:
+### [keys](#output\_keys)
+
+Description: A map of key keys to key values. The key value is the entire azurerm\_key\_vault\_key resource.
+
+The key value contains the following attributes:
+- id: The Key Vault Key ID
+- resource\_id: The Azure resource id of the key.
+- resource\_versionless\_id: The versionless Azure resource id of the key.
+- versionless\_id: The Base ID of the Key Vault Key
+
### [keys\_resource\_ids](#output\_keys\_resource\_ids)
Description: A map of key keys to resource ids.
+### [name](#output\_name)
+
+Description: The name of the key vault.
+
### [private\_endpoints](#output\_private\_endpoints)
Description: A map of private endpoints. The map key is the supplied input to var.private\_endpoints. The map value is the entire azurerm\_private\_endpoint resource.
@@ -546,6 +560,16 @@ Description: A map of private endpoints. The map key is the supplied input to va
Description: The Azure resource id of the key vault.
+### [secrets](#output\_secrets)
+
+Description: A map of secret keys to secret values. The secret value is the entire azurerm\_key\_vault\_secret resource.
+
+The secret value contains the following attributes:
+- id: The Key Vault Secret ID
+- resource\_id: The Azure resource id of the secret.
+- resource\_versionless\_id: The versionless Azure resource id of the secret.
+- versionless\_id: The Base ID of the Key Vault Secret
+
### [secrets\_resource\_ids](#output\_secrets\_resource\_ids)
Description: A map of secret keys to resource ids.
diff --git a/examples/access-policies/README.md b/examples/access-policies/README.md
index be301d7..00a5f03 100644
--- a/examples/access-policies/README.md
+++ b/examples/access-policies/README.md
@@ -13,7 +13,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.87"
+ version = ">= 3.117"
}
random = {
source = "hashicorp/random"
@@ -28,7 +28,7 @@ data "azurerm_client_config" "this" {}
# This allows us to randomize the region for the resource group.
module "regions" {
source = "Azure/avm-utl-regions/azurerm"
- version = "0.1.0"
+ version = "0.3.0"
}
# This allows us to randomize the region for the resource group.
@@ -75,7 +75,7 @@ The following requirements are needed by this module:
- [terraform](#requirement\_terraform) (>= 1.9, < 2.0)
-- [azurerm](#requirement\_azurerm) (>= 3.87)
+- [azurerm](#requirement\_azurerm) (>= 3.117)
- [random](#requirement\_random) (~> 3.5)
@@ -130,7 +130,7 @@ Version: 0.3.0
Source: Azure/avm-utl-regions/azurerm
-Version: 0.1.0
+Version: 0.3.0
## Data Collection
diff --git a/examples/access-policies/main.tf b/examples/access-policies/main.tf
index 418e7e4..9d0665d 100644
--- a/examples/access-policies/main.tf
+++ b/examples/access-policies/main.tf
@@ -7,7 +7,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.87"
+ version = ">= 3.117"
}
random = {
source = "hashicorp/random"
@@ -22,7 +22,7 @@ data "azurerm_client_config" "this" {}
# This allows us to randomize the region for the resource group.
module "regions" {
source = "Azure/avm-utl-regions/azurerm"
- version = "0.1.0"
+ version = "0.3.0"
}
# This allows us to randomize the region for the resource group.
diff --git a/examples/create-key/README.md b/examples/create-key/README.md
index 64a3991..baf3a0a 100644
--- a/examples/create-key/README.md
+++ b/examples/create-key/README.md
@@ -13,7 +13,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.87"
+ version = ">= 3.117"
}
http = {
source = "hashicorp/http"
@@ -107,7 +107,7 @@ The following requirements are needed by this module:
- [terraform](#requirement\_terraform) (>= 1.9, < 2.0)
-- [azurerm](#requirement\_azurerm) (>= 3.87)
+- [azurerm](#requirement\_azurerm) (>= 3.117)
- [http](#requirement\_http) (~> 3.4)
diff --git a/examples/create-key/main.tf b/examples/create-key/main.tf
index a2139f3..fed908b 100644
--- a/examples/create-key/main.tf
+++ b/examples/create-key/main.tf
@@ -7,7 +7,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.87"
+ version = ">= 3.117"
}
http = {
source = "hashicorp/http"
diff --git a/examples/create-secret/README.md b/examples/create-secret/README.md
index 7203319..64fcb67 100644
--- a/examples/create-secret/README.md
+++ b/examples/create-secret/README.md
@@ -13,7 +13,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.87"
+ version = ">= 3.117"
}
http = {
source = "hashicorp/http"
@@ -28,7 +28,7 @@ terraform {
module "regions" {
source = "Azure/avm-utl-regions/azurerm"
- version = "0.1.0"
+ version = "0.3.0"
}
# This allows us to randomize the region for the resource group.
@@ -91,6 +91,10 @@ module "key_vault" {
ip_rules = ["${data.http.ip.response_body}/32"]
}
}
+
+output "secrets" {
+ value = module.key_vault.secrets
+}
```
@@ -100,7 +104,7 @@ The following requirements are needed by this module:
- [terraform](#requirement\_terraform) (>= 1.9, < 2.0)
-- [azurerm](#requirement\_azurerm) (>= 3.87)
+- [azurerm](#requirement\_azurerm) (>= 3.117)
- [http](#requirement\_http) (~> 3.4)
@@ -136,7 +140,11 @@ Default: `true`
## Outputs
-No outputs.
+The following outputs are exported:
+
+### [secrets](#output\_secrets)
+
+Description: n/a
## Modules
@@ -158,7 +166,7 @@ Version: 0.3.0
Source: Azure/avm-utl-regions/azurerm
-Version: 0.1.0
+Version: 0.3.0
## Data Collection
diff --git a/examples/create-secret/main.tf b/examples/create-secret/main.tf
index 0f47432..f3e592b 100644
--- a/examples/create-secret/main.tf
+++ b/examples/create-secret/main.tf
@@ -7,7 +7,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.87"
+ version = ">= 3.117"
}
http = {
source = "hashicorp/http"
@@ -22,7 +22,7 @@ terraform {
module "regions" {
source = "Azure/avm-utl-regions/azurerm"
- version = "0.1.0"
+ version = "0.3.0"
}
# This allows us to randomize the region for the resource group.
@@ -85,3 +85,7 @@ module "key_vault" {
ip_rules = ["${data.http.ip.response_body}/32"]
}
}
+
+output "secrets" {
+ value = module.key_vault.secrets
+}
diff --git a/examples/default/README.md b/examples/default/README.md
index 5978c3d..bf8a9b4 100644
--- a/examples/default/README.md
+++ b/examples/default/README.md
@@ -13,7 +13,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.87"
+ version = ">= 3.117"
}
random = {
source = "hashicorp/random"
@@ -28,7 +28,7 @@ data "azurerm_client_config" "this" {}
# This allows us to randomize the region for the resource group.
module "regions" {
source = "Azure/avm-utl-regions/azurerm"
- version = "0.1.0"
+ version = "0.3.0"
}
# This allows us to randomize the region for the resource group.
@@ -53,19 +53,11 @@ resource "azurerm_resource_group" "this" {
module "keyvault" {
source = "../../"
# source = "Azure/avm-res-keyvault-vault/azurerm"
- name = module.naming.key_vault.name_unique
- enable_telemetry = var.enable_telemetry
- location = azurerm_resource_group.this.location
- resource_group_name = azurerm_resource_group.this.name
- tenant_id = data.azurerm_client_config.this.tenant_id
- legacy_access_policies_enabled = true
- legacy_access_policies = {
- test = {
- object_id = data.azurerm_client_config.this.object_id
- tenant_id = data.azurerm_client_config.this.tenant_id
- secret_permissions = ["Get", "List"]
- }
- }
+ name = module.naming.key_vault.name_unique
+ enable_telemetry = var.enable_telemetry
+ location = azurerm_resource_group.this.location
+ resource_group_name = azurerm_resource_group.this.name
+ tenant_id = data.azurerm_client_config.this.tenant_id
}
```
@@ -76,7 +68,7 @@ The following requirements are needed by this module:
- [terraform](#requirement\_terraform) (>= 1.9, < 2.0)
-- [azurerm](#requirement\_azurerm) (>= 3.87)
+- [azurerm](#requirement\_azurerm) (>= 3.117)
- [random](#requirement\_random) (~> 3.5)
@@ -131,7 +123,7 @@ Version: 0.3.0
Source: Azure/avm-utl-regions/azurerm
-Version: 0.1.0
+Version: 0.3.0
## Data Collection
diff --git a/examples/default/main.tf b/examples/default/main.tf
index 52f11f3..adcc331 100644
--- a/examples/default/main.tf
+++ b/examples/default/main.tf
@@ -7,7 +7,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.87"
+ version = ">= 3.117"
}
random = {
source = "hashicorp/random"
@@ -22,7 +22,7 @@ data "azurerm_client_config" "this" {}
# This allows us to randomize the region for the resource group.
module "regions" {
source = "Azure/avm-utl-regions/azurerm"
- version = "0.1.0"
+ version = "0.3.0"
}
# This allows us to randomize the region for the resource group.
@@ -47,17 +47,9 @@ resource "azurerm_resource_group" "this" {
module "keyvault" {
source = "../../"
# source = "Azure/avm-res-keyvault-vault/azurerm"
- name = module.naming.key_vault.name_unique
- enable_telemetry = var.enable_telemetry
- location = azurerm_resource_group.this.location
- resource_group_name = azurerm_resource_group.this.name
- tenant_id = data.azurerm_client_config.this.tenant_id
- legacy_access_policies_enabled = true
- legacy_access_policies = {
- test = {
- object_id = data.azurerm_client_config.this.object_id
- tenant_id = data.azurerm_client_config.this.tenant_id
- secret_permissions = ["Get", "List"]
- }
- }
+ name = module.naming.key_vault.name_unique
+ enable_telemetry = var.enable_telemetry
+ location = azurerm_resource_group.this.location
+ resource_group_name = azurerm_resource_group.this.name
+ tenant_id = data.azurerm_client_config.this.tenant_id
}
diff --git a/examples/diagnostic-settings/README.md b/examples/diagnostic-settings/README.md
index a1737d3..4ffea76 100644
--- a/examples/diagnostic-settings/README.md
+++ b/examples/diagnostic-settings/README.md
@@ -9,7 +9,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.87"
+ version = ">= 3.117"
}
random = {
source = "hashicorp/random"
@@ -28,7 +28,7 @@ data "azurerm_client_config" "this" {}
# This allows us to randomize the region for the resource group.
module "regions" {
source = "Azure/avm-utl-regions/azurerm"
- version = "0.1.0"
+ version = "0.3.0"
}
# This allows us to randomize the region for the resource group.
@@ -80,7 +80,7 @@ The following requirements are needed by this module:
- [terraform](#requirement\_terraform) (>= 1.9, < 2.0)
-- [azurerm](#requirement\_azurerm) (>= 3.87)
+- [azurerm](#requirement\_azurerm) (>= 3.117)
- [random](#requirement\_random) (~> 3.5)
@@ -136,7 +136,7 @@ Version: 0.3.0
Source: Azure/avm-utl-regions/azurerm
-Version: 0.1.0
+Version: 0.3.0
## Data Collection
diff --git a/examples/diagnostic-settings/main.tf b/examples/diagnostic-settings/main.tf
index d8bbac8..d9d8228 100644
--- a/examples/diagnostic-settings/main.tf
+++ b/examples/diagnostic-settings/main.tf
@@ -3,7 +3,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.87"
+ version = ">= 3.117"
}
random = {
source = "hashicorp/random"
@@ -22,7 +22,7 @@ data "azurerm_client_config" "this" {}
# This allows us to randomize the region for the resource group.
module "regions" {
source = "Azure/avm-utl-regions/azurerm"
- version = "0.1.0"
+ version = "0.3.0"
}
# This allows us to randomize the region for the resource group.
diff --git a/examples/private-endpoint/README.md b/examples/private-endpoint/README.md
index 8412fb6..15ec262 100644
--- a/examples/private-endpoint/README.md
+++ b/examples/private-endpoint/README.md
@@ -10,7 +10,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.87"
+ version = ">= 3.117"
}
random = {
source = "hashicorp/random"
@@ -29,7 +29,7 @@ data "azurerm_client_config" "this" {}
# This allows us to randomize the region for the resource group.
module "regions" {
source = "Azure/avm-utl-regions/azurerm"
- version = "0.1.0"
+ version = "0.3.0"
}
# This allows us to randomize the region for the resource group.
@@ -110,7 +110,7 @@ The following requirements are needed by this module:
- [terraform](#requirement\_terraform) (>= 1.9, < 2.0)
-- [azurerm](#requirement\_azurerm) (>= 3.87)
+- [azurerm](#requirement\_azurerm) (>= 3.117)
- [random](#requirement\_random) (~> 3.5)
@@ -168,7 +168,7 @@ Version: 0.3.0
Source: Azure/avm-utl-regions/azurerm
-Version: 0.1.0
+Version: 0.3.0
## Data Collection
diff --git a/examples/private-endpoint/main.tf b/examples/private-endpoint/main.tf
index 16a8cdf..6fd8ed4 100644
--- a/examples/private-endpoint/main.tf
+++ b/examples/private-endpoint/main.tf
@@ -3,7 +3,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.87"
+ version = ">= 3.117"
}
random = {
source = "hashicorp/random"
@@ -22,7 +22,7 @@ data "azurerm_client_config" "this" {}
# This allows us to randomize the region for the resource group.
module "regions" {
source = "Azure/avm-utl-regions/azurerm"
- version = "0.1.0"
+ version = "0.3.0"
}
# This allows us to randomize the region for the resource group.
diff --git a/main.tf b/main.tf
index 586e999..6638fef 100644
--- a/main.tf
+++ b/main.tf
@@ -110,4 +110,6 @@ resource "time_sleep" "wait_for_rbac_before_contact_operations" {
triggers = {
contacts = jsonencode(var.contacts)
}
+
+ depends_on = [azurerm_role_assignment.this]
}
diff --git a/modules/key/README.md b/modules/key/README.md
index b1a29eb..0b9c504 100644
--- a/modules/key/README.md
+++ b/modules/key/README.md
@@ -51,13 +51,13 @@ The following requirements are needed by this module:
- [terraform](#requirement\_terraform) (>= 1.9, < 2.0)
-- [azurerm](#requirement\_azurerm) (>= 3.87)
+- [azurerm](#requirement\_azurerm) (>= 3.117, < 5.0)
## Providers
The following providers are used by this module:
-- [azurerm](#provider\_azurerm) (>= 3.87)
+- [azurerm](#provider\_azurerm) (>= 3.117, < 5.0)
## Resources
diff --git a/modules/key/terraform.tf b/modules/key/terraform.tf
index 86d8ed0..9112716 100644
--- a/modules/key/terraform.tf
+++ b/modules/key/terraform.tf
@@ -3,7 +3,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.87"
+ version = ">= 3.117, < 5.0"
}
}
}
diff --git a/modules/secret/README.md b/modules/secret/README.md
index b7297b5..3137d63 100644
--- a/modules/secret/README.md
+++ b/modules/secret/README.md
@@ -36,13 +36,13 @@ The following requirements are needed by this module:
- [terraform](#requirement\_terraform) (>= 1.9, < 2.0)
-- [azurerm](#requirement\_azurerm) (>= 3.87)
+- [azurerm](#requirement\_azurerm) (>= 3.117, < 5.0)
## Providers
The following providers are used by this module:
-- [azurerm](#provider\_azurerm) (>= 3.87)
+- [azurerm](#provider\_azurerm) (>= 3.117, < 5.0)
## Resources
diff --git a/modules/secret/terraform.tf b/modules/secret/terraform.tf
index 86d8ed0..9112716 100644
--- a/modules/secret/terraform.tf
+++ b/modules/secret/terraform.tf
@@ -3,7 +3,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.87"
+ version = ">= 3.117, < 5.0"
}
}
}
diff --git a/outputs.tf b/outputs.tf
index 49cec46..b22c6dc 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,3 +1,16 @@
+output "keys" {
+ description = < {
@@ -9,9 +22,14 @@ output "keys_resource_ids" {
}
}
+output "name" {
+ description = "The name of the key vault."
+ value = azurerm_key_vault.this.name
+}
+
output "private_endpoints" {
description = "A map of private endpoints. The map key is the supplied input to var.private_endpoints. The map value is the entire azurerm_private_endpoint resource."
- value = azurerm_private_endpoint.this
+ value = var.private_endpoints_manage_dns_zone_group ? azurerm_private_endpoint.this : azurerm_private_endpoint.this_unmanaged_dns_zone_groups
}
output "resource_id" {
@@ -19,6 +37,19 @@ output "resource_id" {
value = azurerm_key_vault.this.id
}
+output "secrets" {
+ description = < {
diff --git a/terraform.tf b/terraform.tf
index e3b1c09..89958f6 100644
--- a/terraform.tf
+++ b/terraform.tf
@@ -3,7 +3,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = ">= 3.87"
+ version = ">= 3.117, < 5.0"
}
modtm = {
source = "azure/modtm"
diff --git a/tests/unit/unit.tftest.hcl b/tests/unit/unit.tftest.hcl
index 87c0db6..8a23154 100644
--- a/tests/unit/unit.tftest.hcl
+++ b/tests/unit/unit.tftest.hcl
@@ -58,47 +58,3 @@ run "name_regex_must_end_with_letter_or_number" {
expect_failures = [var.name]
}
-
-run "certificates_error_if_both_policy_and_certificate_are_set" {
- command = plan
-
- variables {
- certificates = {
- mycert = {
- name = "test"
- policy = {
- issuer_parameters = {
- name = "Self"
- }
- key_properties = {
- exportable = false
- key_type = "RSA"
- reuse_key = false
- }
- secret_properties = {
- content_type = "application/x-pkcs12"
- }
- }
- certificate = {
- contents = "test"
- }
- }
- }
- }
-
- expect_failures = [var.certificates]
-}
-
-run "certificates_error_if_neither_policy_nor_certificate_are_set" {
- command = plan
-
- variables {
- certificates = {
- mycert = {
- name = "test"
- }
- }
- }
-
- expect_failures = [var.certificates]
-}