Skip to content

Commit c01a6f4

Browse files
marvinbussmarvinbuss
committed
Add role assignment for key vault
1 parent 73a86cc commit c01a6f4

File tree

2 files changed

+21
-4
lines changed

2 files changed

+21
-4
lines changed

code/infra/roleassignments.tf

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,11 @@
1-
resource "azurerm_role_assignment" "role_assignment_storage_function" {
1+
resource "azurerm_role_assignment" "function_role_assignment_storage" {
22
scope = azurerm_storage_account.storage.id
33
role_definition_name = "Storage Blob Data Owner"
44
principal_id = azapi_resource.function.identity[0].principal_id
55
}
6+
7+
resource "azurerm_role_assignment" "function_role_assignment_key_vault" {
8+
scope = azurerm_key_vault.key_vault.id
9+
role_definition_name = "Key Vault Secrets User"
10+
principal_id = azapi_resource.function.identity[0].principal_id
11+
}

code/infra/variables.tf

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ variable "tags" {
3333
}
3434

3535
variable "vnet_id" {
36-
description = "Specifies the resource ID of the Vnet used for the Data Landing Zone"
36+
description = "Specifies the resource ID of the Vnet used for the Azure Function."
3737
type = string
3838
sensitive = false
3939
validation {
@@ -43,7 +43,7 @@ variable "vnet_id" {
4343
}
4444

4545
variable "nsg_id" {
46-
description = "Specifies the resource ID of the default network security group for the Data Landing Zone"
46+
description = "Specifies the resource ID of the default network security group for the Azure Function."
4747
type = string
4848
sensitive = false
4949
validation {
@@ -53,7 +53,7 @@ variable "nsg_id" {
5353
}
5454

5555
variable "route_table_id" {
56-
description = "Specifies the resource ID of the default route table for the Data Landing Zone"
56+
description = "Specifies the resource ID of the default route table for the Azure Function."
5757
type = string
5858
sensitive = false
5959
validation {
@@ -62,6 +62,17 @@ variable "route_table_id" {
6262
}
6363
}
6464

65+
variable "python_version" {
66+
description = "Specifies the python version of the Azure Function."
67+
type = string
68+
sensitive = false
69+
default = "3.10"
70+
validation {
71+
condition = contains(["3.9", "3.10"], var.python_version)
72+
error_message = "Please specify a valid Python version."
73+
}
74+
}
75+
6576
variable "private_dns_zone_id_blob" {
6677
description = "Specifies the resource ID of the private DNS zone for Azure Storage blob endpoints. Not required if DNS A-records get created via Azue Policy."
6778
type = string

0 commit comments

Comments
 (0)