Skip to content

Commit 03011d7

Browse files
lorenzocorallolorenzocorallo
committed
fix: update kv access policy with new CI service principals
1 parent 5c184fd commit 03011d7

File tree

1 file changed

+50
-18
lines changed

1 file changed

+50
-18
lines changed

keyvault/keyvault.tf

Lines changed: 50 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -16,24 +16,25 @@ resource "azurerm_key_vault" "keyvalue" {
1616
ip_rules = var.allowed_ips
1717
}
1818

19-
access_policy = [{
20-
tenant_id = var.tenant_id
21-
object_id = "6b6a6388-c024-450b-80b4-9dcfa474c9f0"
19+
access_policy = [
20+
{
21+
tenant_id = var.tenant_id
22+
object_id = "6b6a6388-c024-450b-80b4-9dcfa474c9f0"
2223

23-
key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete",
24-
"Recover", "Backup", "Restore"
25-
]
24+
key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete",
25+
"Recover", "Backup", "Restore"
26+
]
2627

27-
secret_permissions = ["Get", "List", "Set", "Delete", "Recover", "Backup",
28-
"Restore"
29-
]
28+
secret_permissions = ["Get", "List", "Set", "Delete", "Recover", "Backup",
29+
"Restore"
30+
]
3031

31-
certificate_permissions = ["Get", "List", "Update", "Create", "Import",
32-
"Delete", "Recover", "Backup", "Restore", "ManageContacts", "ManageIssuers",
33-
"GetIssuers", "ListIssuers", "SetIssuers", "DeleteIssuers", "Purge"
34-
]
35-
storage_permissions = [],
36-
application_id = ""
32+
certificate_permissions = ["Get", "List", "Update", "Create", "Import",
33+
"Delete", "Recover", "Backup", "Restore", "ManageContacts", "ManageIssuers",
34+
"GetIssuers", "ListIssuers", "SetIssuers", "DeleteIssuers", "Purge"
35+
]
36+
storage_permissions = [],
37+
application_id = null
3738
},
3839
{
3940
key_permissions = [
@@ -45,9 +46,40 @@ resource "azurerm_key_vault" "keyvalue" {
4546
"Get",
4647
"List",
4748
]
48-
application_id = "",
49+
application_id = null,
4950
storage_permissions = [],
5051
tenant_id = var.tenant_id,
5152
certificate_permissions = []
52-
}]
53-
}
53+
},
54+
{
55+
certificate_permissions = []
56+
key_permissions = [
57+
"Get",
58+
"List",
59+
]
60+
object_id = "81dd9fd1-ea71-420a-9f8a-8cbb74f479a6"
61+
secret_permissions = [
62+
"Get",
63+
"List",
64+
]
65+
application_id = null,
66+
storage_permissions = []
67+
tenant_id = var.tenant_id
68+
},
69+
{
70+
certificate_permissions = []
71+
key_permissions = [
72+
"Get",
73+
"List",
74+
]
75+
object_id = "f220ce5b-e174-413d-b6f8-04e214b85d76"
76+
secret_permissions = [
77+
"Get",
78+
"List",
79+
]
80+
application_id = null,
81+
storage_permissions = []
82+
tenant_id = var.tenant_id
83+
},
84+
]
85+
}

0 commit comments

Comments
 (0)