Tips-Of-Mine/terraform-azure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

101-attestation-provider patch (#145)

Browse Source 
* try to fix 101-attestation-provider

---------

Co-authored-by: zjhe <hezijie@microsoft.com>
This commit is contained in:
lonegunmanb 2023-02-10 15:17:25 +08:00 committed by GitHub
parent cdd05cd894
commit 62fe33ce64
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 36 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
quickstart/101-attestation-provider/main.tf
View File

@ -7,9 +7,37 @@ resource "azurerm_resource_group" "rg" {
name = random_pet.rg_name.id name = random_pet.rg_name.id
} }
locals {
create_signing_cert = try(!fileexists(var.cert_path), true)
}
resource "tls_private_key" "signing_cert" {
count = local.create_signing_cert ? 1 : 0
algorithm = "RSA"
rsa_bits = 4096
}
resource "tls_self_signed_cert" "attestation" {
count = local.create_signing_cert ? 1 : 0
private_key_pem = tls_private_key.signing_cert[0].private_key_pem
validity_period_hours = 12
allowed_uses = [
"cert_signing",
]
}
resource "random_string" "attestation_suffix" {
length = 8
numeric = false
special = false
upper = false
}
resource "azurerm_attestation_provider" "corp_attestation" { resource "azurerm_attestation_provider" "corp_attestation" {
location = azurerm_resource_group.rg.location location = azurerm_resource_group.rg.location
name = var.attestation_provider_name name = "${var.attestation_provider_name}${random_string.attestation_suffix.result}"
resource_group_name = azurerm_resource_group.rg.name resource_group_name = azurerm_resource_group.rg.name
policy_signing_certificate_data = file(var.policy_file) policy_signing_certificate_data = try(tls_self_signed_cert.attestation[0].cert_pem, file(var.cert_path))
} }

4
quickstart/101-attestation-provider/providers.tf
View File

@ -10,6 +10,10 @@ terraform {
source = "hashicorp/random" source = "hashicorp/random"
version = "~>3.0" version = "~>3.0"
} }
tls = {
source = "hashicorp/tls"
version = "4.0.4"
}
} }
} }

4
quickstart/101-attestation-provider/variables.tf
View File

@ -1,8 +1,8 @@
variable "attestation_provider_name" { variable "attestation_provider_name" {
default = "attestationprovider007" default = "attestation"
} }
variable "policy_file" { variable "cert_path" {
default = "~/.certs/cert.pem" default = "~/.certs/cert.pem"
} }