adding terraform v0.15 support

Author: kumarvna

.gitignore

@@ -4,6 +4,7 @@
 # .tfstate files
 *.tfstate
 *.tfstate.*
+*.terraform.lock.hcl
 
 # Crash log files
 crash.log

README.md

@@ -9,7 +9,7 @@ This Terraform Module creates a Key Vault also adds required access policies for
 ```hcl
 module "key-vault" {
   source  = "kumarvna/key-vault/azurerm"
-  version = "2.0.0"
+  version = "2.1.0"
 
   # Resource Group and Key Vault pricing tier details
   resource_group_name        = "rg-demo-project-shared-westeurope-001"
@@ -73,7 +73,7 @@ Default action is set to `Allow` when no network rules matched. A `virtual_netwo
 ```hcl
 module "key-vault" {
   source  = "kumarvna/key-vault/azurerm"
-  version = "2.0.0"
+  version = "2.1.0"
 
   # .... omitted
 
@@ -155,7 +155,7 @@ End Date of the Project|Date when this application, workload, or service is plan
 ```hcl
 module "key-vault" {
   source  = "kumarvna/key-vault/azurerm"
-  version = "2.0.0"
+  version = "2.1.0"
 
   # ... omitted
 
@@ -174,15 +174,15 @@ module "key-vault" {
 Name | Version
 -----|--------
 terraform | >= 0.13
-azurerm | ~> 2.27
+azurerm | >= 2.59.0
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-azurerm | 2.27
-random | n/a
-azuread | n/a
+azurerm | >= 2.59.0
+random | >= 3.1.0
+azuread | >= 1.4.0
 
 ## Inputs
 
@@ -195,7 +195,8 @@ Name | Description | Type | Default
 `enabled_for_disk_encryption`|Allow Disk Encryption to retrieve secrets from the vault and unwrap keys|string|`"false"`
 `enabled_for_template_deployment`|Allow Resource Manager to retrieve secrets from the Key Vault|string|`"false"`
 `enable_purge_protection`|Is Purge Protection enabled for this Key Vault?|string|`"false"`
-`enable_soft_delete`|Should Soft Delete be enabled for this Key Vault?|string|`"false"`
+`enable_rbac_authorization`|Specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions|string|`false`
+`soft_delete_retention_days`|The number of days that items should be retained for once soft-deleted. The valid value can be between 7 and 90 days|string|`90`
 `access_policies`|List of access policies for the Key Vault|list|`{}`
 `azure_ad_user_principal_names`|List of user principal names of Azure AD users|list| `[]`
 `azure_ad_group_names`|List of names of Azure AD groups|list|`[]`

examples/complete/README.md

@@ -7,7 +7,7 @@ Terraform Module to create a Key Vault also adds required access policies for AD
 ```hcl
 module "key-vault" {
   source  = "kumarvna/key-vault/azurerm"
-  version = "2.0.0"
+  version = "2.1.0"
 
   # Resource Group and Key Vault pricing tier details
   resource_group_name        = "rg-demo-project-shared-westeurope-001"

examples/complete/main.tf

@@ -1,17 +1,16 @@
 module "key-vault" {
   source  = "kumarvna/key-vault/azurerm"
-  version = "2.0.0"
+  version = "2.1.0"
 
   # Resource Group and Key Vault pricing tier details
-  resource_group_name        = "rg-demo-project-shared-westeurope-001"
+  resource_group_name        = "rg-sap-test-kumars" #"rg-shared-westeurope-01"
   key_vault_name             = "demo-project-shard"
   key_vault_sku_pricing_tier = "premium"
 
   # Once `Purge Protection` has been Enabled it's not possible to Disable it
   # Deleting the Key Vault with `Purge Protection` enabled will schedule the Key Vault to be deleted (currently 90 days)
   # Once `Soft Delete` has been Enabled it's not possible to Disable it.
   enable_purge_protection = false
-  enable_soft_delete      = false
 
   # Adding Key valut logs to Azure monitoring and Log Analytics space
   log_analytics_workspace_id = var.log_analytics_workspace_id
@@ -21,18 +20,19 @@ module "key-vault" {
   # Make sure to use list of user principal names of Azure AD users.
   access_policies = [
     {
-      azure_ad_user_principal_names = ["user1@example.com", "user2@example.com"]
+      azure_ad_user_principal_names = ["harshal.yadwadkar@tietoevry.com", "sandeep.kannan@tietoevry.com"]
       key_permissions               = ["get", "list"]
       secret_permissions            = ["get", "list"]
       certificate_permissions       = ["get", "import", "list"]
       storage_permissions           = ["backup", "get", "list", "recover"]
     },
 
-    # Access policies for AD Groups, enable this feature to provide list of Azure AD groups and set permissions.
+    /*    # Access policies for AD Groups, enable this feature to provide list of Azure AD groups and set permissions.
     {
       azure_ad_group_names = ["ADGroupName1", "ADGroupName2"]
       secret_permissions   = ["get", "list", "set"]
     },
+    */
   ]
 
   # Create a required Secrets as per your need.

main.tf

@@ -79,8 +79,8 @@ locals {
 }
 
 data "azuread_group" "adgrp" {
-  count = length(local.azure_ad_group_names)
-  name  = local.azure_ad_group_names[count.index]
+  count        = length(local.azure_ad_group_names)
+  display_name = local.azure_ad_group_names[count.index]
 }
 
 data "azuread_user" "adusr" {
@@ -103,10 +103,10 @@ resource "azurerm_key_vault" "main" {
   enabled_for_deployment          = var.enabled_for_deployment
   enabled_for_disk_encryption     = var.enabled_for_disk_encryption
   enabled_for_template_deployment = var.enabled_for_template_deployment
-  soft_delete_enabled             = var.enable_soft_delete
+  soft_delete_retention_days      = var.soft_delete_retention_days
+  enable_rbac_authorization       = var.enable_rbac_authorization
   purge_protection_enabled        = var.enable_purge_protection
-
-  tags = merge({ "ResourceName" = lower("kv-${var.key_vault_name}") }, var.tags, )
+  tags                            = merge({ "ResourceName" = lower("kv-${var.key_vault_name}") }, var.tags, )
 
   dynamic "network_acls" {
     for_each = var.network_acls != null ? [true] : []

variables.tf

@@ -28,16 +28,21 @@ variable "enabled_for_template_deployment" {
   default     = true
 }
 
-variable "enable_soft_delete" {
-  description = " Should Soft Delete be enabled for this Key Vault?"
-  default     = true
+variable "enable_rbac_authorization" {
+  description = "Specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions"
+  default     = false
 }
 
 variable "enable_purge_protection" {
   description = "Is Purge Protection enabled for this Key Vault?"
   default     = false
 }
 
+variable "soft_delete_retention_days" {
+  description = "The number of days that items should be retained for once soft-deleted. The valid value can be between 7 and 90 days"
+  default     = 90
+}
+
 variable "access_policies" {
   description = "List of access policies for the Key Vault."
   default     = []

versions.tf

@@ -1,14 +1,16 @@
 terraform {
   required_providers {
     azuread = {
-      source = "hashicorp/azuread"
+      source  = "hashicorp/azuread"
+      version = ">= 1.4.0"
     }
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "~>2.27.0"
+      version = ">= 2.59.0"
     }
     random = {
-      source = "hashicorp/random"
+      source  = "hashicorp/random"
+      version = ">= 3.1.0"
     }
   }
   required_version = ">= 0.13"