Tips-Of-Mine/terraform-azure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

reorganize, add scaffold folder

Browse Source 
update readmes

clean up tf provider

add readme and initial templates

add initial pass at readmes

more readme updates

update various quickstarts

finish cleaning up 101s

more updates

lots fo template updates

add remaining

more updates
This commit is contained in:
Joey Lorich
2019-10-15 13:03:36 -06:00
committed by Joey Lorich
parent fa82feccc7
commit 415e3caa97
89 changed files with 7503 additions and 1140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

168
quickstart/301-service-fabric/keyvault.tf Normal file
View File

@ -0,0 +1,168 @@
resource "azurerm_key_vault" "cluster" {
name = "${var.dns_prefix}-${substr(var.name,0,12)}-${var.environment_short}-kv"
location = "${azurerm_resource_group.default.location}"
resource_group_name = "${azurerm_resource_group.default.name}"
tenant_id = "${data.azurerm_client_config.current.tenant_id}"
enabled_for_deployment = true
enabled_for_disk_encryption = true
enabled_for_template_deployment = true
sku_name = "standard"
access_policy {
tenant_id = "${data.azurerm_subscription.current.tenant_id}"
object_id = "${var.client_object_id}"
certificate_permissions = [
"create",
"delete",
"deleteissuers",
"get",
"getissuers",
"import",
"list",
"listissuers",
"managecontacts",
"manageissuers",
"setissuers",
"update",
]
key_permissions = [
"backup",
"create",
"decrypt",
"delete",
"encrypt",
"get",
"import",
"list",
"purge",
"recover",
"restore",
"sign",
"unwrapKey",
"update",
"verify",
"wrapKey",
]
secret_permissions = [
"backup",
"delete",
"get",
"list",
"purge",
"recover",
"restore",
"set",
]
}
}
resource "azurerm_key_vault_certificate" "cluster" {
name = "service-fabric-cluster"
key_vault_id = "${azurerm_key_vault.cluster.id}"
certificate_policy {
issuer_parameters {
name = "Self"
}
key_properties {
exportable = true
key_size = 2048
key_type = "RSA"
reuse_key = true
}
lifetime_action {
action {
action_type = "AutoRenew"
}
trigger {
days_before_expiry = 30
}
}
secret_properties {
content_type = "application/x-pkcs12"
}
x509_certificate_properties {
# Server Authentication = 1.3.6.1.5.5.7.3.1
# Client Authentication = 1.3.6.1.5.5.7.3.2
extended_key_usage = ["1.3.6.1.5.5.7.3.1"]
key_usage = [
"cRLSign",
"dataEncipherment",
"digitalSignature",
"keyAgreement",
"keyCertSign",
"keyEncipherment",
]
subject_alternative_names {
dns_names = ["sfdemosandbox.denvermtc.net"]
}
subject = "CN=mtcdenver"
validity_in_months = 12
}
}
}
resource "azurerm_key_vault_certificate" "client" {
name = "service-fabric-client"
key_vault_id = "${azurerm_key_vault.cluster.id}"
certificate_policy {
issuer_parameters {
name = "Self"
}
key_properties {
exportable = true
key_size = 2048
key_type = "RSA"
reuse_key = true
}
lifetime_action {
action {
action_type = "AutoRenew"
}
trigger {
days_before_expiry = 30
}
}
secret_properties {
content_type = "application/x-pkcs12"
}
x509_certificate_properties {
# Server Authentication = 1.3.6.1.5.5.7.3.1
# Client Authentication = 1.3.6.1.5.5.7.3.2
extended_key_usage = ["1.3.6.1.5.5.7.3.1"]
key_usage = [
"cRLSign",
"dataEncipherment",
"digitalSignature",
"keyAgreement",
"keyCertSign",
"keyEncipherment",
]
subject_alternative_names {
dns_names = ["sfdemosandbox.denvermtc.net"]
}
subject = "CN=mtcdenver"
validity_in_months = 12
}
}
}