Feature request-Allow dynamic_keyvault_secrets to be assigned to a keyvault that exists in a remote landingzone.

[nusrath432]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Allow dynamic_keyvault_secrets to be assigned to a keyvault the exists in a remote landingzone.

New or Affected Resource(s

dynamic_keyvault_secrets

Potential Configuration file

dynamic_keyvault_secrets = {
  tfazure_shared_svc = {
    lz_key = "tfazure_shared_svc"
    attributes = {
      workspace_id = {
        output_key    = "databricks_workspaces"
        resource_key  = "myworkspace"
        secret_name   = "dbw-workspace-id"
        attribute_key = "workspace_id"
      }
      workspace_url = {
        output_key    = "databricks_workspaces"
        resource_key  = "myworkspace"
        secret_name   = "dbw-workspace-url"
        attribute_key = "workspace_url"
      }      
    }
  }
}

This will change the module logic and existing code will break - alternatively keep the existing module but somehow add lz_key and iterate the values.

References

https://github.com/aztfmod/terraform-azurerm-caf/blob/main/dynamic_secrets.tf#L17
https://github.com/aztfmod/terraform-azurerm-caf/tree/main/modules/security/dynamic_keyvault_secrets

[AditiMaheshwari347]

@nusrath432 Do we have any solution for this ?

[nusrath432]

@AditiMaheshwari347 Currently it is not supported - I gave an idea - to be implemented by the Community.

[AditiMaheshwari347]

@nusrath432 Thanks for the response. But this lz_key is not working for the other resources too. In my case when I am trying to peer the vnet from the other landing zone it is not picking up. Any idea about this ? Though in CAF it states it supports but not working for me ``# The code tries to peer to a vnet created in the same landing zone. If it fails it tries with the data remote state

''

[nusrath432]

@AditiMaheshwari347 If CAF module supports lz_key, then it should work for any resource; however; make sure that it is either in the same level or one level below. CAF can not see more than one level below as per the design.