Update keyvault

arnaudlh · arnaudlh · commit 4801dacbdd23 · 2023-03-08T08:03:07.000Z
diff --git a/keyvault.tf b/keyvault.tf
@@ -6,13 +6,13 @@ module "keyvaults" {
   global_settings    = local.global_settings
   client_config      = local.client_config
   settings           = each.value
-  resource_groups    = local.combined_objects_resource_groups
   diagnostics        = local.combined_diagnostics
   vnets              = local.combined_objects_networking
   azuread_groups     = local.combined_objects_azuread_groups
   managed_identities = local.combined_objects_managed_identities
-  base_tags          = try(local.global_settings.inherit_tags, false) ? try(local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].tags, {}) : {}
   private_dns        = local.combined_objects_private_dns
+  resource_group     = local.combined_objects_resource_groups[try(each.value.resource_group.lz_key, local.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)]
+  base_tags          = local.global_settings.inherit_tags
 }
 
 #
diff --git a/modules/security/keyvault/keyvault.tf b/modules/security/keyvault/keyvault.tf
@@ -1,6 +1,6 @@
 locals {
   # Need to update the storage tags if the environment tag is updated with the rover command line
-  tags = try(var.settings.tags, null) == null ? null : try(var.settings.tags.environment, null) == null ? var.settings.tags : merge(lookup(var.settings, "tags", {}), { "environment" : var.global_settings.environment })
+  caf_tags = try(var.settings.tags, null) == null ? null : try(var.settings.tags.environment, null) == null ? var.settings.tags : merge(lookup(var.settings, "tags", {}), { "environment" : var.global_settings.environment })
 }
 
 # naming convention
@@ -17,11 +17,11 @@ resource "azurecaf_name" "keyvault" {
 resource "azurerm_key_vault" "keyvault" {
 
   name                            = azurecaf_name.keyvault.result
-  location                        = lookup(var.settings, "region", null) == null ? local.resource_group.location : var.global_settings.regions[var.settings.region]
-  resource_group_name             = local.resource_group.name
+  location                        = local.location
+  resource_group_name             = local.resource_group_name
   tenant_id                       = var.client_config.tenant_id
   sku_name                        = try(var.settings.sku_name, "standard")
-  tags                            = try(merge(var.base_tags, local.tags), {})
+  tags                            = merge(local.tags, local.caf_tags, try(var.settings.tags, null))
   enabled_for_deployment          = try(var.settings.enabled_for_deployment, false)
   enabled_for_disk_encryption     = try(var.settings.enabled_for_disk_encryption, false)
   enabled_for_template_deployment = try(var.settings.enabled_for_template_deployment, false)
diff --git a/modules/security/keyvault/main.tf b/modules/security/keyvault/main.tf
@@ -4,14 +4,18 @@ terraform {
       source = "aztfmod/azurecaf"
     }
   }
-
 }
 
 locals {
-  resource_group = coalesce(
-    try(var.resource_groups[var.client_config.landingzone_key][var.settings.resource_group_key], null),
-    try(var.resource_groups[var.settings.lz_key][var.settings.resource_group_key], null),
-    try(var.resource_groups[var.client_config.landingzone_key][var.settings.resource_group.key], null),
-    try(var.resource_groups[var.settings.resource_group.lz_key][var.settings.resource_group.key], null)
+  tags = var.base_tags ? merge(
+    var.global_settings.tags,
+    try(var.resource_group.tags, null),
+    try(var.settings.tags, null)
+    ) : merge(
+    try(var.settings.tags,
+    null)
   )
+
+  location            = var.resource_group.location
+  resource_group_name = var.resource_group.name
 }
diff --git a/modules/security/keyvault/private_endpoints.tf b/modules/security/keyvault/private_endpoints.tf
@@ -10,8 +10,8 @@ module "private_endpoint" {
 
   resource_id         = azurerm_key_vault.keyvault.id
   name                = each.value.name
-  location            = var.resource_groups[try(each.value.resource_group.lz_key, var.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].location
-  resource_group_name = var.resource_groups[try(each.value.resource_group.lz_key, var.client_config.landingzone_key)][try(each.value.resource_group.key, each.value.resource_group_key)].name
+  location            = local.location
+  resource_group_name = local.resource_group_name
   subnet_id           = can(each.value.subnet_id) ? each.value.subnet_id : var.vnets[try(each.value.lz_key, var.client_config.landingzone_key)][each.value.vnet_key].subnets[each.value.subnet_key].id
   settings            = each.value
   global_settings     = var.global_settings
diff --git a/modules/security/keyvault/variables.tf b/modules/security/keyvault/variables.tf
@@ -4,7 +4,6 @@ variable "global_settings" {
 variable "client_config" {
   description = "Client configuration object (see module README.md)."
 }
-variable "resource_groups" {}
 variable "settings" {}
 variable "vnets" {
   default = {}
@@ -19,10 +18,13 @@ variable "managed_identities" {
 variable "diagnostics" {
   default = {}
 }
-variable "base_tags" {
-  description = "Base tags for the resource to be inherited from the resource group."
-  type        = map(any)
-}
 variable "private_dns" {
   default = {}
+}
+variable "resource_group" {
+  description = "Resource group object"
+}
+variable "base_tags" {
+  description = "Base tags for the resource to be inherited from the resource group."
+  type        = bool
 }

Original file line number	Diff line number	Diff line change
`@@ -4,14 +4,18 @@ terraform {`
`4`	`4`	`source = "aztfmod/azurecaf"`
`5`	`5`	`}`
`6`	`6`	`}`
`7`		`-`
`8`	`7`	`}`
`9`	`8`
`10`	`9`	`locals {`
`11`		`- resource_group = coalesce(`
`12`		`- try(var.resource_groups[var.client_config.landingzone_key][var.settings.resource_group_key], null),`
`13`		`- try(var.resource_groups[var.settings.lz_key][var.settings.resource_group_key], null),`
`14`		`- try(var.resource_groups[var.client_config.landingzone_key][var.settings.resource_group.key], null),`
`15`		`- try(var.resource_groups[var.settings.resource_group.lz_key][var.settings.resource_group.key], null)`
	`10`	`+ tags = var.base_tags ? merge(`
	`11`	`+ var.global_settings.tags,`
	`12`	`+ try(var.resource_group.tags, null),`
	`13`	`+ try(var.settings.tags, null)`
	`14`	`+ ) : merge(`
	`15`	`+ try(var.settings.tags,`
	`16`	`+ null)`
`16`	`17`	`)`
	`18`	`+`
	`19`	`+ location = var.resource_group.location`
	`20`	`+ resource_group_name = var.resource_group.name`
`17`	`21`	`}`