Merge pull request #46 from nginxinc/terraform_doc_improvements

janakimeyyappan · web-flow · commit 877ab328cff1 · 2024-10-09T14:29:38.000-06:00
Terraform code improvements
diff --git a/terraform/certificates/main.tf b/terraform/certificates/main.tf
@@ -25,32 +25,16 @@ module "prerequisites" {
   tags     = var.tags
 }
 
-# This keyvault is NOT firewalled.
-resource "azurerm_key_vault" "example" {
-  name                      = var.name
-  location                  = var.location
-  resource_group_name       = module.prerequisites.resource_group_name
-  enable_rbac_authorization = true
-
-  tenant_id                  = data.azurerm_client_config.current.tenant_id
-  soft_delete_retention_days = 7
-  purge_protection_enabled   = false
-
-  sku_name = "standard"
-
-  tags = var.tags
-}
-
 # This will give the current user admin permissions on the key vault
 resource "azurerm_role_assignment" "current_user" {
-  scope                = azurerm_key_vault.example.id
+  scope                = module.prerequisites.key_vault_id
   role_definition_name = "Key Vault Administrator"
   principal_id         = data.azurerm_client_config.current.object_id
 }
 
 resource "azurerm_key_vault_certificate" "example" {
   name         = var.name
-  key_vault_id = azurerm_key_vault.example.id
+  key_vault_id = module.prerequisites.key_vault_id
 
   certificate_policy {
     issuer_parameters {
@@ -101,7 +85,7 @@ resource "azurerm_key_vault_certificate" "example" {
 }
 
 resource "azurerm_role_assignment" "example" {
-  scope                = azurerm_key_vault.example.id
+  scope                = module.prerequisites.key_vault_id
   role_definition_name = "Key Vault Secrets User"
   principal_id         = module.prerequisites.managed_identity_principal_id
 }
diff --git a/terraform/certificates/variables.tf b/terraform/certificates/variables.tf
@@ -1,6 +1,6 @@
 variable "location" {
   description = "Azure location name for NGINXaaS deployment."
-  default     = "eastus2"
+  default     = "eastus"
 }
 
 variable "name" {
diff --git a/terraform/configurations/variables.tf b/terraform/configurations/variables.tf
@@ -1,6 +1,6 @@
 variable "location" {
   description = "Azure location name for NGINXaaS deployment."
-  default     = "eastus2"
+  default     = "eastus"
 }
 
 variable "name" {
diff --git a/terraform/deployments/create-or-update/variables.tf b/terraform/deployments/create-or-update/variables.tf
@@ -1,6 +1,6 @@
 variable "location" {
   description = "Azure location name for NGINXaaS deployment."
-  default     = "eastus2"
+  default     = "eastus"
 }
 
 variable "name" {
diff --git a/terraform/deployments/read/variables.tf b/terraform/deployments/read/variables.tf
@@ -1,6 +1,6 @@
 variable "location" {
   description = "Azure location name for NGINXaaS deployment."
-  default     = "eastus2"
+  default     = "eastus"
 }
 
 variable "name" {
diff --git a/terraform/deployments/with-autoscale/variables.tf b/terraform/deployments/with-autoscale/variables.tf
@@ -1,6 +1,6 @@
 variable "location" {
   description = "Azure location name for NGINXaaS deployment."
-  default     = "eastus2"
+  default     = "eastus"
 }
 
 variable "name" {
diff --git a/terraform/deployments/with-diagnostic-setting-logging/variables.tf b/terraform/deployments/with-diagnostic-setting-logging/variables.tf
@@ -1,6 +1,6 @@
 variable "location" {
   description = "Azure location name for NGINXaaS deployment."
-  default     = "eastus2"
+  default     = "eastus"
 }
 
 variable "name" {
diff --git a/terraform/prerequisites/main.tf b/terraform/prerequisites/main.tf
@@ -71,3 +71,21 @@ resource "azurerm_user_assigned_identity" "example" {
 
   tags = var.tags
 }
+
+data "azurerm_client_config" "current" {}
+
+# This keyvault is NOT firewalled.
+resource "azurerm_key_vault" "example" {
+  name                      = var.name
+  location                  = var.location
+  resource_group_name       = azurerm_resource_group.example.name
+  enable_rbac_authorization = true
+
+  tenant_id                  = data.azurerm_client_config.current.tenant_id
+  soft_delete_retention_days = 7
+  purge_protection_enabled   = false
+
+  sku_name = "standard"
+
+  tags = var.tags
+}
diff --git a/terraform/prerequisites/outputs.tf b/terraform/prerequisites/outputs.tf
@@ -22,3 +22,8 @@ output "subnet_id" {
   description = "ID of delegated subnet."
   value       = azurerm_subnet.example.id
 }
+
+output "key_vault_id" {
+  description = "ID of Key Vault."
+  value       = azurerm_key_vault.example.id
+}
diff --git a/terraform/prerequisites/variables.tf b/terraform/prerequisites/variables.tf
@@ -1,6 +1,6 @@
 variable "location" {
   description = "Azure location name for NGINXaaS deployment."
-  default     = "eastus2"
+  default     = "eastus"
 }
 
 variable "name" {

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`variable "location" {`
`2`	`2`	`description = "Azure location name for NGINXaaS deployment."`
`3`		`- default = "eastus2"`
	`3`	`+ default = "eastus"`
`4`	`4`	`}`
`5`	`5`
`6`	`6`	`variable "name" {`
Original file line number	Diff line number	Diff line change
`@@ -22,3 +22,8 @@ output "subnet_id" {`
`22`	`22`	`description = "ID of delegated subnet."`
`23`	`23`	`value = azurerm_subnet.example.id`
`24`	`24`	`}`
	`25`	`+`
	`26`	`+output "key_vault_id" {`
	`27`	`+ description = "ID of Key Vault."`
	`28`	`+ value = azurerm_key_vault.example.id`
	`29`	`+}`