An action to set the Terraform Envrionment variables to access Azure

githubofkrishnadhas · githubofkrishnadhas · commit db3ce33e14c2 · 2025-07-06T14:59:15.000+05:30
diff --git a/.gitignore b/.gitignore
@@ -105,7 +105,7 @@ ipython_config.py
 #   This is especially recommended for binary packages to ensure reproducibility, and is more
 #   commonly ignored for libraries.
 #   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
-#poetry.lock
+poetry.lock
 #poetry.toml
 
 # pdm
@@ -173,7 +173,7 @@ cython_debug/
 #  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
-#.idea/
+.idea/
 
 # Abstra
 # Abstra is an AI-powered process automation framework.
diff --git a/action.yaml b/action.yaml
@@ -0,0 +1,39 @@
+
+name: 'Terraform Azure Authentication Action '
+description: 'An action to set the Terraform Envrionment variables to access Azure'
+author: 'githubofkrishnadhas'
+# reference https://haya14busa.github.io/github-action-brandings/
+branding:
+  icon: 'cloud-lightning'
+  color: 'green'
+
+runs:
+  using: 'composite'
+  steps:
+
+  - name: Checkout
+    uses: actions/checkout@v4
+    with:
+      repository: 'devwithkrishna/terraform-azure-authentication-action'
+
+  - name: list files
+    shell: bash
+    run: |
+      echo "Listing files in the current directory:"
+      ls -la
+
+  - name: Install Python
+    uses: actions/setup-python@v5
+    with:
+      python-version: '3.11'
+
+  - name: package installations
+    shell: bash
+    run: |
+      pip install poetry
+      poetry install -v --no-root --no-interaction
+
+  - name: Run Python program
+    shell: bash
+    run: |
+      poetry run python3 fetch_kv_secret.py
diff --git a/config.toml b/config.toml
@@ -0,0 +1,7 @@
+[keyvault]
+name = "ARCHITECTS-KEYVAULT"
+
+[secrets]
+ARM_TENANT_ID="ARM-TENANT-ID"
+ARM_CLIENT_ID="withtf-id"
+ARM_CLIENT_SECRET="withtf-password"
diff --git a/fetch_kv_secret.py b/fetch_kv_secret.py
@@ -0,0 +1,69 @@
+import os
+import logging
+import toml
+from azure.identity import DefaultAzureCredential
+from azure.keyvault.secrets import SecretClient
+from dotenv import load_dotenv
+from setup_logging import setup_logging
+
+
+def fetch_kv_secret():
+    """
+    Fetches secrets from an Azure Key Vault and sets them as environment variables.
+
+    This function reads the Key Vault name and secret names from a `config.toml` file,
+    retrieves the secrets from the Key Vault using Azure SDK, and stores them in the
+    environment variables for further use.
+
+    Raises:
+        KeyError: If the `config.toml` file does not contain the required keys.
+        azure.core.exceptions.HttpResponseError: If there is an issue with the Azure Key Vault request.
+    """
+    # Initialize a logger for logging information and errors
+    logger = logging.getLogger(__name__)
+
+    # Authenticate using the default Azure credential chain
+    credential = DefaultAzureCredential()
+
+    # Load configuration from the `config.toml` file
+    config = toml.load("config.toml")
+
+    # Retrieve the Key Vault name from the configuration
+    keyvault = keyvault_name = config["keyvault"]["name"]
+
+    # Construct the Key Vault URL
+    vault_url = f"https://{keyvault_name}.vault.azure.net/"
+
+    # Retrieve the secret names from the configuration
+    secret_names = config["secrets"]
+
+    # Create a SecretClient to interact with the Azure Key Vault
+    client = SecretClient(vault_url=vault_url, credential=credential)
+
+    # Dictionary to store the retrieved secrets
+    secrets = {}
+
+    # Iterate over the secret names and fetch their values from the Key Vault
+    for key, secret in secret_names.items():
+        secret_name = secret
+        # Retrieve the secret value from the Key Vault
+        get_secret = client.get_secret(secret_name)
+        # Store the secret value in the dictionary
+        secrets[key] = get_secret.value
+        # Set the secret value as an environment variable
+        os.environ[key] = get_secret.value
+
+
+def main():
+	"""
+	Main function to fetch a secret from Azure Key Vault.
+	"""
+	load_dotenv()
+	setup_logging()
+	logger = logging.getLogger(__name__)
+	logger.info("Starting to fetch secrets from Azure Key Vault")
+	fetch_kv_secret()
+	logger.info("Finished fetching secrets from Azure Key Vault")
+
+if __name__ == "__main__":
+	main()
diff --git a/logging-conf.yaml b/logging-conf.yaml
@@ -0,0 +1,41 @@
+version: 1
+formatters:
+    simple:
+        format: '%(asctime)s - %(msecs)03d - %(name)s - %(levelname)s - %(message)s'
+        datefmt: '%Y-%m-%dT%H:%M:%S'
+    ts_format:
+        format: '%(asctime)s - %(msecs)03d+00:00 - %(name)s - %(levelname)s [%(name)s] [%(process)d] %(message)s'
+        datefmt: '%Y-%m-%dT%H:%M:%S'
+handlers:
+  console:
+    class: logging.StreamHandler
+    formatter: simple
+    level: INFO
+    stream: ext://sys.stdout
+  logfile:
+    class: logging.FileHandler
+    formatter: simple
+    level: INFO
+    filename: env-setup.log
+    mode: w
+
+loggers:
+  __main__:
+    level: DEBUG
+    handlers: [console, logfile]
+    propagate: no
+  azure:
+    level: WARNING
+    handlers: [console, logfile]
+    propagate: no
+  azure.core.pipeline.policies.http_logging_policy:
+    level: WARNING
+    handlers: [ console, logfile ]
+    propagate: no
+  azure.identity._credentials.chained:
+    level: WARNING
+    handlers: [ console, logfile ]
+    propagate: no
+root:
+  level: DEBUG
+  handlers: [console, logfile]
diff --git a/pyproject.toml b/pyproject.toml
@@ -0,0 +1,18 @@
+[tool.poetry]
+name = "terraform-azure-authentication-action"
+version = "0.1.0"
+description = "An action to set the Terraform Envrionment variables to access Azure"
+authors = ["githubofkrishnadhas <krishnadhasnk1997@gmail.com>"]
+readme = "README.md"
+
+[tool.poetry.dependencies]
+python = "^3.11"
+python-dotenv = "^1.0.0"
+azure-identity = "^1.12.0"
+azure-keyvault-secrets = "^4.7.0"
+toml = "^0.10.2"
+pyyaml = "^6.0.1"
+
+[build-system]
+requires = ["poetry-core"]
+build-backend = "poetry.core.masonry.api"
diff --git a/setup_logging.py b/setup_logging.py
@@ -0,0 +1,30 @@
+import logging
+import logging.config
+import os
+import yaml
+from dotenv import load_dotenv
+
+
+def setup_logging(default_path='logging-conf.yaml', default_level: int=logging.INFO,
+				  env_key='LOGGING_CONFIG'):
+	"""
+	Setup logging configuration
+	:param default_path: path to the logging configuration file
+	:param default_level: default logging level
+	:param env_key: environment variable key for the logging configuration file path
+	:param log_in_utc: whether to log in UTC
+	"""
+	load_dotenv()
+	path = default_path
+	value = os.getenv(env_key, None)
+	if value:
+		path = value
+
+	if os.path.exists(path):
+		with open(path, 'r') as f:
+			config = yaml.safe_load(f.read())
+		logging.config.dictConfig(config)
+	else:
+		logging.basicConfig(level=default_level)
+
+	return None
