mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-14 11:57:59 +00:00
51532ca8a1
Migrate azure e2e tests to use the new TFC_* secrets which are provisioned through external-secrets/infrastructure. Also enable the use of `/ok-to-test-managed provider=azure` command to run e2e managed tests that verify integration with AKS and Azure Workload Identity (AZWI). Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
87 lines
1.5 KiB
HCL
87 lines
1.5 KiB
HCL
|
|
resource "azurerm_key_vault" "current" {
|
|
name = var.key_vault_display_name
|
|
location = var.resource_group_location
|
|
resource_group_name = var.resource_group_name
|
|
enabled_for_disk_encryption = true
|
|
tenant_id = var.tenant_id
|
|
soft_delete_retention_days = 7
|
|
purge_protection_enabled = false
|
|
|
|
sku_name = "standard"
|
|
|
|
access_policy {
|
|
tenant_id = var.tenant_id
|
|
object_id = var.client_object_id
|
|
|
|
key_permissions = [
|
|
"Get",
|
|
"List",
|
|
"Create",
|
|
"Delete",
|
|
"Purge",
|
|
"Decrypt",
|
|
"Encrypt",
|
|
]
|
|
|
|
secret_permissions = [
|
|
"Set",
|
|
"Get",
|
|
"Delete",
|
|
"Purge",
|
|
"Recover"
|
|
]
|
|
|
|
storage_permissions = [
|
|
"Set",
|
|
"Get",
|
|
"Delete",
|
|
"Purge",
|
|
"Recover"
|
|
]
|
|
}
|
|
access_policy {
|
|
tenant_id = var.tenant_id
|
|
object_id = var.eso_sp_object_id
|
|
|
|
secret_permissions = [
|
|
"Get",
|
|
"Set",
|
|
"Delete",
|
|
"Purge",
|
|
"Recover",
|
|
]
|
|
|
|
}
|
|
|
|
access_policy {
|
|
tenant_id = var.tenant_id
|
|
object_id = var.eso_e2e_sp_object_id
|
|
|
|
secret_permissions = [
|
|
"Get",
|
|
"Set",
|
|
"Delete",
|
|
"Purge",
|
|
"Recover",
|
|
]
|
|
|
|
key_permissions = [
|
|
"Get",
|
|
"List",
|
|
"Create",
|
|
"Delete",
|
|
"Purge",
|
|
"Decrypt",
|
|
"Encrypt",
|
|
]
|
|
|
|
certificate_permissions = [
|
|
"Get",
|
|
"List",
|
|
"Create",
|
|
"Delete",
|
|
"Purge",
|
|
]
|
|
}
|
|
}
|