diff --git a/main.tf b/main.tf index d3d6e8b..111067e 100644 --- a/main.tf +++ b/main.tf @@ -8,11 +8,11 @@ resource "azurerm_key_vault" "kv" { resource_group_name = var.resource_group_name sku_name = var.sku_name - tenant_id = var.tenant_id + tenant_id = var.tenant_id - purge_protection_enabled = var.purge_protection_enabled - soft_delete_enabled = var.soft_delete_enabled - soft_delete_retention_days = var.soft_delete_retention_days + purge_protection_enabled = var.purge_protection_enabled + soft_delete_enabled = var.soft_delete_enabled + soft_delete_retention_days = var.soft_delete_retention_days enabled_for_deployment = var.enabled_for_deployment enabled_for_disk_encryption = var.enabled_for_disk_encryption @@ -23,9 +23,9 @@ resource "azurerm_key_vault" "kv" { for_each = var.access_policy content { - tenant_id = var.tenant_id - object_id = network_acls.value.object_id - application_id = network_acls.value.application_id + tenant_id = var.tenant_id + object_id = network_acls.value.object_id + application_id = network_acls.value.application_id certificate_permissions = network_acls.value.certificate_permissions key_permissions = network_acls.value.key_permissions @@ -38,10 +38,10 @@ resource "azurerm_key_vault" "kv" { for_each = var.network_acls content { - bypass = network_acls.value.bypass - default_action = network_acls.value.default_action - ip_rules = network_acls.value.ip_rules - virtual_network_subnet_ids = network_acls.value.virtual_network_subnet_ids + bypass = network_acls.value.bypass + default_action = network_acls.value.default_action + ip_rules = network_acls.value.ip_rules + virtual_network_subnet_ids = network_acls.value.virtual_network_subnet_ids } } @@ -55,5 +55,5 @@ resource "azurerm_key_vault" "kv" { } } - tags = var.tags + tags = var.tags } diff --git a/variables.tf b/variables.tf index 7ef3982..82b741b 100644 --- a/variables.tf +++ b/variables.tf @@ -1,31 +1,31 @@ variable "name" { - type = string - description = "(Required) Specifies the name of the Key Vault. Changing this forces a new resource to be created." + type = string + description = "(Required) Specifies the name of the Key Vault. Changing this forces a new resource to be created." } variable "location" { - type = string - description = "(Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created." + type = string + description = "(Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created." } variable "resource_group_name" { - type = string - description = "(Required) The name of the resource group in which to create the Key Vault. Changing this forces a new resource to be created." + type = string + description = "(Required) The name of the resource group in which to create the Key Vault. Changing this forces a new resource to be created." } variable "sku_name" { - type = string - description = "(Required) The Name of the SKU used for this Key Vault. Possible values are standard and premium. Defaults to `standard`" - default = "standard" + type = string + description = "(Required) The Name of the SKU used for this Key Vault. Possible values are standard and premium. Defaults to `standard`" + default = "standard" } variable "tenant_id" { - type = string - description = "(Required) The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault." + type = string + description = "(Required) The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault." } variable "access_policy" { - type = list(object({ + type = list(object({ object_id = string application_id = string certificate_permissions = list(string) @@ -33,75 +33,75 @@ variable "access_policy" { secret_permissions = list(string) storage_permissions = list(string) })) - description = "(Optional) A list of up to 16 objects describing access policies." - default = [] + description = "(Optional) A list of up to 16 objects describing access policies." + default = [] } variable "enabled_for_deployment" { - type = bool - description = "(Optional) Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. Defaults to false." - default = false + type = bool + description = "(Optional) Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. Defaults to false." + default = false } variable "enabled_for_disk_encryption" { - type = bool - description = "(Optional) Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. Defaults to false." - default = false + type = bool + description = "(Optional) Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. Defaults to false." + default = false } variable "enabled_for_template_deployment" { - type = bool - description = "(Optional) Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. Defaults to false." - default = false + type = bool + description = "(Optional) Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. Defaults to false." + default = false } variable "enable_rbac_authorization" { - type = bool - description = "(Optional) Boolean flag to specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions. Defaults to false." - default = false + type = bool + description = "(Optional) Boolean flag to specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions. Defaults to false." + default = false } variable "network_acls" { - type = list(object({ - bypass = string - default_action = string - ip_rules = string - virtual_network_subnet_ids = string + type = list(object({ + bypass = string + default_action = string + ip_rules = string + virtual_network_subnet_ids = string })) - description = "(Optional) A network_acls block." - default = [] + description = "(Optional) A network_acls block." + default = [] } variable "purge_protection_enabled" { - type = bool - description = "(Optional) Is Purge Protection enabled for this Key Vault? Defaults to false." - default = false + type = bool + description = "(Optional) Is Purge Protection enabled for this Key Vault? Defaults to false." + default = false } variable "soft_delete_enabled" { - type = bool - description = "(Optional) Should Soft Delete be enabled for this Key Vault? Defaults to false." - default = false + type = bool + description = "(Optional) Should Soft Delete be enabled for this Key Vault? Defaults to false." + default = false } variable "soft_delete_retention_days" { - type = number - description = "(Optional) The number of days that items should be retained for once soft-deleted. Defaults to 7." - default = 7 + type = number + description = "(Optional) The number of days that items should be retained for once soft-deleted. Defaults to 7." + default = 7 } variable "contact" { - type = list(object({ - email = string - name = string - phone = string + type = list(object({ + email = string + name = string + phone = string })) - description = "(Optional) One or more contact block." - default = [] + description = "(Optional) One or more contact block." + default = [] } variable "tags" { - type = map(string) - description = "(Optional) A mapping of tags to assign to the resource." - default = {} + type = map(string) + description = "(Optional) A mapping of tags to assign to the resource." + default = {} }