koszewscy/azure-image-chooser
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added KeyVault.

Browse Source
This commit is contained in:
Sławek Koszewski
2025-08-15 14:05:42 +02:00
parent ce14fafbf3
commit 88d0f9058e
1 changed files with 34 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
main.tf
View File

@@ -17,6 +17,12 @@ provider "azurerm" {
subscription_id = var.subscription_id subscription_id = var.subscription_id
} }
data "azurerm_client_config" "current" {}
locals {
kv_secret_name = "azure-client-secret"
}
resource "azurerm_resource_group" "rg" { resource "azurerm_resource_group" "rg" {
name = "rg-${var.project_name}" name = "rg-${var.project_name}"
location = "Poland Central" location = "Poland Central"
@@ -30,18 +36,31 @@ resource "azurerm_log_analytics_workspace" "logaws" {
retention_in_days = 30 retention_in_days = 30
} }
resource "azurerm_key_vault" "kv" {
name = "${var.project_name}-kv"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
sku_name = "standard"
tenant_id = data.azurerm_client_config.current.tenant_id
}
resource "azurerm_role_assignment" "app_assignment" {
scope = azurerm_key_vault.kv.id
principal_id = azurerm_user_assigned_identity.uai.principal_id
role_definition_name = "Key Vault Secrets User"
}
resource "azurerm_key_vault_secret" "azure_client_secret" {
key_vault_id = azurerm_key_vault.kv.id
name = local.kv_secret_name
value = var.azure_client_secret
}
resource "azurerm_container_app_environment" "env" { resource "azurerm_container_app_environment" "env" {
name = "${var.project_name}-env" name = "${var.project_name}-env"
resource_group_name = azurerm_resource_group.rg.name resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location location = azurerm_resource_group.rg.location
log_analytics_workspace_id = azurerm_log_analytics_workspace.logaws.id log_analytics_workspace_id = azurerm_log_analytics_workspace.logaws.id
workload_profile {
maximum_count = 1
minimum_count = 1
name = "Consumption"
workload_profile_type = "Consumption"
}
} }
resource "azurerm_container_app" "app" { resource "azurerm_container_app" "app" {
@@ -50,6 +69,12 @@ resource "azurerm_container_app" "app" {
resource_group_name = azurerm_resource_group.rg.name resource_group_name = azurerm_resource_group.rg.name
revision_mode = "Single" revision_mode = "Single"
secret {
name = local.kv_secret_name
key_vault_secret_id = azurerm_key_vault_secret.azure_client_secret.id
identity = azurerm_user_assigned_identity.uai.id
}
template { template {
container { container {
name = "azure-image-chooser" name = "azure-image-chooser"
@@ -69,7 +94,7 @@ resource "azurerm_container_app" "app" {
env { env {
name = "AZURE_CLIENT_SECRET" name = "AZURE_CLIENT_SECRET"
value = var.azure_client_secret secret_name = "azure_client_secret"
} }
env { env {