File tree Expand file tree Collapse file tree 8 files changed +39
-2
lines changed Expand file tree Collapse file tree 8 files changed +39
-2
lines changed Original file line number Diff line number Diff line change 29
29
SUBSCRIPTION_ID :
30
30
required : true
31
31
description : " Specifies the client id."
32
+ MY_SAMPLE_SECRET :
33
+ required : true
34
+ description : " Specifies a sample secret."
32
35
33
36
permissions :
34
37
id-token : write
79
82
- name : Terraform Apply
80
83
working-directory : ${{ inputs.working_directory }}
81
84
run : |
82
- terraform apply -var-file vars.${{ inputs.environment }}.tfvars -auto-approve -input=false
85
+ terraform apply -var-file vars.${{ inputs.environment }}.tfvars -var='my_secret=${{ secrets.MY_SAMPLE_SECRET }}' - auto-approve -input=false
Original file line number Diff line number Diff line change 29
29
SUBSCRIPTION_ID :
30
30
required : true
31
31
description : " Specifies the client id."
32
+ MY_SAMPLE_SECRET :
33
+ required : true
34
+ description : " Specifies a sample secret."
32
35
33
36
permissions :
34
37
id-token : write
89
92
id : terraform_plan
90
93
working-directory : ${{ inputs.working_directory }}
91
94
run : |
92
- terraform plan -var-file vars.${{ inputs.environment }}.tfvars -input=false
95
+ terraform plan -var-file vars.${{ inputs.environment }}.tfvars -var='my_secret=${{ secrets.MY_SAMPLE_SECRET }}' - input=false
93
96
94
97
# Add Pull Request Comment
95
98
- name : Add Pull Request Comment
Original file line number Diff line number Diff line change 35
35
CLIENT_ID : ${{ secrets.CLIENT_ID }}
36
36
CLIENT_SECRET : ${{ secrets.CLIENT_SECRET }}
37
37
SUBSCRIPTION_ID : ${{ secrets.SUBSCRIPTION_ID }}
38
+ MY_SAMPLE_SECRET : ${{ secrets.MY_SAMPLE_SECRET }}
38
39
39
40
terraform_apply_dev :
40
41
uses : ./.github/workflows/_terraformApplyTemplate.yml
50
51
CLIENT_ID : ${{ secrets.CLIENT_ID }}
51
52
CLIENT_SECRET : ${{ secrets.CLIENT_SECRET }}
52
53
SUBSCRIPTION_ID : ${{ secrets.SUBSCRIPTION_ID }}
54
+ MY_SAMPLE_SECRET : ${{ secrets.MY_SAMPLE_SECRET }}
Original file line number Diff line number Diff line change @@ -14,6 +14,7 @@ class Settings(BaseSettings):
14
14
APPLICATIONINSIGHTS_CONNECTION_STRING : str = Field (
15
15
default = "" , env = "APPLICATIONINSIGHTS_CONNECTION_STRING"
16
16
)
17
+ MY_SECRET_CONFIG : str = Field (default = "" , env = "MY_SECRET_CONFIG" )
17
18
18
19
19
20
settings = Settings ()
Original file line number Diff line number Diff line change @@ -122,6 +122,10 @@ resource "azapi_resource" "function" {
122
122
{
123
123
name = " AzureWebJobsStorage__accountName"
124
124
value = azurerm_storage_account.storage.name
125
+ },
126
+ {
127
+ name = " MY_SECRET_CONFIG"
128
+ value = " @Microsoft.KeyVault(SecretUri=${ azurerm_key_vault_secret . key_vault_secret_sample . id } )"
125
129
}
126
130
]
127
131
azureStorageAccounts = {}
Original file line number Diff line number Diff line change @@ -22,6 +22,19 @@ resource "azurerm_key_vault" "key_vault" {
22
22
tenant_id = data. azurerm_client_config . current . tenant_id
23
23
}
24
24
25
+ resource "azurerm_key_vault_secret" "key_vault_secret_sample" {
26
+ name = " MySampleSecret"
27
+ key_vault_id = azurerm_key_vault. key_vault . id
28
+
29
+ content_type = " text/plain"
30
+ value = var. my_secret
31
+
32
+ depends_on = [
33
+ azurerm_role_assignment . current_role_assignment_key_vault ,
34
+ azurerm_private_endpoint . key_vault_private_endpoint
35
+ ]
36
+ }
37
+
25
38
data "azurerm_monitor_diagnostic_categories" "diagnostic_categories_key_vault" {
26
39
resource_id = azurerm_key_vault. key_vault . id
27
40
}
Original file line number Diff line number Diff line change @@ -83,6 +83,16 @@ variable "function_health_path" {
83
83
}
84
84
}
85
85
86
+ variable "my_secret" {
87
+ description = " Specifies a random secret value used in teh Logic App."
88
+ type = string
89
+ sensitive = true
90
+ validation {
91
+ condition = length (var. my_secret ) >= 2
92
+ error_message = " Please specify a valid resource ID."
93
+ }
94
+ }
95
+
86
96
variable "private_dns_zone_id_blob" {
87
97
description = " Specifies the resource ID of the private DNS zone for Azure Storage blob endpoints. Not required if DNS A-records get created via Azue Policy."
88
98
type = string
Original file line number Diff line number Diff line change @@ -4,6 +4,7 @@ prefix = "myfunc"
4
4
tags = {}
5
5
function_python_version = " 3.10"
6
6
function_health_path = " /v1/health/heartbeat"
7
+ my_secret = " "
7
8
vnet_id = " /subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/mycrp-prd-function-network-rg/providers/Microsoft.Network/virtualNetworks/mycrp-prd-function-vnet001"
8
9
nsg_id = " /subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/mycrp-prd-function-network-rg/providers/Microsoft.Network/networkSecurityGroups/mycrp-prd-function-nsg001"
9
10
route_table_id = " /subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/mycrp-prd-function-network-rg/providers/Microsoft.Network/routeTables/mycrp-prd-function-rt001"
You can’t perform that action at this time.
0 commit comments