Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Branch: main
Branches Tags
helm-externa...
/
terraform
/
azure
/
infrastructure
/
main.tf

main.tf 2.2 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. data "azurerm_client_config" "current" {}
    2. 

  2. 

  3. data "azurerm_subscription" "primary" {}
    4. 

  4. 

  5. locals {
    6. 

  6.   resource_group_name = "external-secrets-e2e"
    7. 

  7. }
    8. 

  8. 

  9. resource "azurerm_resource_group" "current" {
    10. 

  10.   name     = local.resource_group_name
    11. 

  11.   location = var.resource_group_location
    12. 

  12. }
    13. 

  13. 

  14. module "test_sp" {
    15. 

  15.   source = "./service-principal"
    16. 

  16. 

  17.   application_display_name = "managed-e2e-suite-external-secrets-operator"
    18. 

  18.   application_owners       = [data.azurerm_client_config.current.object_id]
    19. 

  19.   issuer                   = module.test_aks.cluster_issuer_url
    20. 

  20.   subject                  = "system:serviceaccount:${var.sa_namespace}:${var.sa_name}"
    21. 

  21. 

  22.   depends_on = [
    23. 

  23.     azurerm_resource_group.current
    24. 

  24.   ]
    25. 

  25. }
    26. 

  26. 

  27. module "e2e_sp" {
    28. 

  28.   source = "./service-principal"
    29. 

  29. 

  30.   application_display_name = "managed-e2e-suite-external-secrets-e2e"
    31. 

  31.   application_owners       = [data.azurerm_client_config.current.object_id]
    32. 

  32.   issuer                   = module.test_aks.cluster_issuer_url
    33. 

  33.   subject                  = "system:serviceaccount:default:external-secrets-e2e"
    34. 

  34. }
    35. 

  35. 

  36. module "test_key_vault" {
    37. 

  37.   source = "./key-vault"
    38. 

  38. 

  39.   key_vault_display_name  = var.key_vault_display_name
    40. 

  40.   resource_group_location = var.resource_group_location
    41. 

  41.   resource_group_name     = local.resource_group_name
    42. 

  42.   tenant_id               = data.azurerm_client_config.current.tenant_id
    43. 

  43.   client_object_id        = data.azurerm_client_config.current.object_id
    44. 

  44.   eso_sp_object_id        = module.test_sp.sp_object_id
    45. 

  45.   eso_e2e_sp_object_id    = module.e2e_sp.sp_object_id
    46. 

  46. 

  47.   depends_on = [
    48. 

  48.     azurerm_resource_group.current
    49. 

  49.   ]
    50. 

  50. }
    51. 

  51. 

  52. 

  53. module "test_aks" {
    54. 

  54.   source = "./aks"
    55. 

  55. 

  56.   cluster_name                 = var.cluster_name
    57. 

  57.   resource_group_name          = local.resource_group_name
    58. 

  58.   resource_group_location      = var.resource_group_location
    59. 

  59.   default_node_pool_node_count = var.default_node_pool_node_count
    60. 

  60.   default_node_pool_vm_size    = var.default_node_pool_vm_size
    61. 

  61.   cluster_tags                 = var.cluster_tags
    62. 

  62. 

  63.   depends_on = [
    64. 

  64.     azurerm_resource_group.current
    65. 

  65.   ]
    66. 

  66. }
    67. 

  67. 

  68. resource "azurerm_role_assignment" "current" {
    69. 

  69.   scope                = data.azurerm_subscription.primary.id
    70. 

  70.   role_definition_name = "Owner"
    71. 

  71.   principal_id         = module.test_sp.sp_id
    72. 

  72. 

  73.   depends_on = [
    74. 

  74.     azurerm_resource_group.current
    75. 

  75.   ]
    76. 

  76. }
    77.