Feature request-Allow dynamic_keyvault_secrets to be assigned to a keyvault that exists in a remote landingzone.

nusrath432 commented 2 years ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Allow dynamic_keyvault_secrets to be assigned to a keyvault the exists in a remote landingzone.

New or Affected Resource(s

dynamic_keyvault_secrets

Potential Configuration file

dynamic_keyvault_secrets = {
  tfazure_shared_svc = {
    lz_key = "tfazure_shared_svc"
    attributes = {
      workspace_id = {
        output_key    = "databricks_workspaces"
        resource_key  = "myworkspace"
        secret_name   = "dbw-workspace-id"
        attribute_key = "workspace_id"
      }
      workspace_url = {
        output_key    = "databricks_workspaces"
        resource_key  = "myworkspace"
        secret_name   = "dbw-workspace-url"
        attribute_key = "workspace_url"
      }      
    }
  }
}

This will change the module logic and existing code will break - alternatively keep the existing module but somehow add lz_key and iterate the values.

References

https://github.com/aztfmod/terraform-azurerm-caf/blob/main/dynamic_secrets.tf#L17
https://github.com/aztfmod/terraform-azurerm-caf/tree/main/modules/security/dynamic_keyvault_secrets

AditiMaheshwari347 commented 1 year ago

@nusrath432 Do we have any solution for this ?

nusrath432 commented 1 year ago

@AditiMaheshwari347 Currently it is not supported - I gave an idea - to be implemented by the Community.

AditiMaheshwari347 commented 1 year ago

@nusrath432 Thanks for the response. But this lz_key is not working for the other resources too. In my case when I am trying to peer the vnet from the other landing zone it is not picking up. Any idea about this ? Though in CAF it states it supports but not working for me ``# The code tries to peer to a vnet created in the same landing zone. If it fails it tries with the data remote state

''

nusrath432 commented 1 year ago

@AditiMaheshwari347 If CAF module supports lz_key, then it should work for any resource; however; make sure that it is either in the same level or one level below. CAF can not see more than one level below as per the design.

aztfmod / terraform-azurerm-caf