415e3caa97
update readmes clean up tf provider add readme and initial templates add initial pass at readmes more readme updates update various quickstarts finish cleaning up 101s more updates lots fo template updates add remaining more updates
169 lines
3.7 KiB
HCL
169 lines
3.7 KiB
HCL
resource "azurerm_key_vault" "cluster" {
|
|
name = "${var.dns_prefix}-${substr(var.name,0,12)}-${var.environment_short}-kv"
|
|
location = "${azurerm_resource_group.default.location}"
|
|
resource_group_name = "${azurerm_resource_group.default.name}"
|
|
tenant_id = "${data.azurerm_client_config.current.tenant_id}"
|
|
enabled_for_deployment = true
|
|
enabled_for_disk_encryption = true
|
|
enabled_for_template_deployment = true
|
|
sku_name = "standard"
|
|
|
|
access_policy {
|
|
tenant_id = "${data.azurerm_subscription.current.tenant_id}"
|
|
object_id = "${var.client_object_id}"
|
|
|
|
certificate_permissions = [
|
|
"create",
|
|
"delete",
|
|
"deleteissuers",
|
|
"get",
|
|
"getissuers",
|
|
"import",
|
|
"list",
|
|
"listissuers",
|
|
"managecontacts",
|
|
"manageissuers",
|
|
"setissuers",
|
|
"update",
|
|
]
|
|
|
|
key_permissions = [
|
|
"backup",
|
|
"create",
|
|
"decrypt",
|
|
"delete",
|
|
"encrypt",
|
|
"get",
|
|
"import",
|
|
"list",
|
|
"purge",
|
|
"recover",
|
|
"restore",
|
|
"sign",
|
|
"unwrapKey",
|
|
"update",
|
|
"verify",
|
|
"wrapKey",
|
|
]
|
|
|
|
secret_permissions = [
|
|
"backup",
|
|
"delete",
|
|
"get",
|
|
"list",
|
|
"purge",
|
|
"recover",
|
|
"restore",
|
|
"set",
|
|
]
|
|
}
|
|
}
|
|
|
|
resource "azurerm_key_vault_certificate" "cluster" {
|
|
name = "service-fabric-cluster"
|
|
key_vault_id = "${azurerm_key_vault.cluster.id}"
|
|
|
|
certificate_policy {
|
|
issuer_parameters {
|
|
name = "Self"
|
|
}
|
|
|
|
key_properties {
|
|
exportable = true
|
|
key_size = 2048
|
|
key_type = "RSA"
|
|
reuse_key = true
|
|
}
|
|
|
|
lifetime_action {
|
|
action {
|
|
action_type = "AutoRenew"
|
|
}
|
|
|
|
trigger {
|
|
days_before_expiry = 30
|
|
}
|
|
}
|
|
|
|
secret_properties {
|
|
content_type = "application/x-pkcs12"
|
|
}
|
|
|
|
x509_certificate_properties {
|
|
# Server Authentication = 1.3.6.1.5.5.7.3.1
|
|
# Client Authentication = 1.3.6.1.5.5.7.3.2
|
|
extended_key_usage = ["1.3.6.1.5.5.7.3.1"]
|
|
|
|
key_usage = [
|
|
"cRLSign",
|
|
"dataEncipherment",
|
|
"digitalSignature",
|
|
"keyAgreement",
|
|
"keyCertSign",
|
|
"keyEncipherment",
|
|
]
|
|
|
|
subject_alternative_names {
|
|
dns_names = ["sfdemosandbox.denvermtc.net"]
|
|
}
|
|
|
|
subject = "CN=mtcdenver"
|
|
validity_in_months = 12
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "azurerm_key_vault_certificate" "client" {
|
|
name = "service-fabric-client"
|
|
key_vault_id = "${azurerm_key_vault.cluster.id}"
|
|
|
|
certificate_policy {
|
|
issuer_parameters {
|
|
name = "Self"
|
|
}
|
|
|
|
key_properties {
|
|
exportable = true
|
|
key_size = 2048
|
|
key_type = "RSA"
|
|
reuse_key = true
|
|
}
|
|
|
|
lifetime_action {
|
|
action {
|
|
action_type = "AutoRenew"
|
|
}
|
|
|
|
trigger {
|
|
days_before_expiry = 30
|
|
}
|
|
}
|
|
|
|
secret_properties {
|
|
content_type = "application/x-pkcs12"
|
|
}
|
|
|
|
x509_certificate_properties {
|
|
# Server Authentication = 1.3.6.1.5.5.7.3.1
|
|
# Client Authentication = 1.3.6.1.5.5.7.3.2
|
|
extended_key_usage = ["1.3.6.1.5.5.7.3.1"]
|
|
|
|
key_usage = [
|
|
"cRLSign",
|
|
"dataEncipherment",
|
|
"digitalSignature",
|
|
"keyAgreement",
|
|
"keyCertSign",
|
|
"keyEncipherment",
|
|
]
|
|
|
|
subject_alternative_names {
|
|
dns_names = ["sfdemosandbox.denvermtc.net"]
|
|
}
|
|
|
|
subject = "CN=mtcdenver"
|
|
validity_in_months = 12
|
|
}
|
|
}
|
|
}
|