Feature/data platform test (#93)

Updated Key Vault and ALDS module
Ensono · Sep 18, 2023 · 6b2ddbf · 6b2ddbf
1 parent 757f437
commit 6b2ddbf
Show file tree

Hide file tree

Showing 2 changed files with 70 additions and 59 deletions.
diff --git a/azurerm/modules/azurerm-adls/main.tf b/azurerm/modules/azurerm-adls/main.tf
@@ -36,40 +36,6 @@ resource "azurerm_storage_account" "storage_account_default" {
   }
 }
 
-resource "azurerm_storage_container" "storage_container_blob" {
-  for_each              = { for i in toset(local.containers_blob) : i.name => i }
-  name                  = each.key
-  storage_account_name  = azurerm_storage_account.storage_account_default[each.value.account].name
-  container_access_type = var.container_access_type
-
-  depends_on = [azurerm_storage_account.storage_account_default, azurerm_role_assignment.storage_role_context, null_resource.sleep]
-}
-
-resource "azurerm_storage_data_lake_gen2_filesystem" "example" {
-  for_each           = { for i in toset(local.containers_adls) : i.name => i }
-  name               = each.key
-  storage_account_id = azurerm_storage_account.storage_account_default[each.value.account].id
-
-  depends_on = [azurerm_storage_account.storage_account_default, azurerm_role_assignment.storage_role_context, null_resource.sleep]
-}
-
-resource "azurerm_role_assignment" "storage_role_context" {
-  for_each             = var.storage_account_details
-  scope                = azurerm_storage_account.storage_account_default[each.key].id
-  role_definition_name = "Storage Blob Data Owner"
-  principal_id         = var.azure_object_id
-}
-
-resource "null_resource" "sleep" {
-  # Add sleep to allow network rules to propergate
-  provisioner "local-exec" {
-    command = <<EOT
-      sleep 30
-    EOT
-  }
-  depends_on = [azurerm_storage_account.storage_account_default]
-}
-
 resource "azurerm_private_endpoint" "pe_dfs" {
   for_each = {
     for account_name, account_details in var.storage_account_details : account_name => account_details
@@ -127,3 +93,38 @@ resource "azurerm_private_endpoint" "pe_blob" {
     ]
   }
 }
+
+resource "null_resource" "sleep" {
+  # Add sleep to allow network rules to propergate
+  provisioner "local-exec" {
+    command = <<EOT
+      sleep 60
+    EOT
+  }
+  depends_on = [azurerm_storage_account.storage_account_default,azurerm_private_endpoint.pe_blob,azurerm_private_endpoint.pe_dfs]
+}
+
+resource "azurerm_storage_container" "storage_container_blob" {
+  for_each              = { for i in toset(local.containers_blob) : i.name => i }
+  name                  = each.key
+  storage_account_name  = azurerm_storage_account.storage_account_default[each.value.account].name
+  container_access_type = var.container_access_type
+
+  depends_on = [azurerm_storage_account.storage_account_default, azurerm_role_assignment.storage_role_context, null_resource.sleep]
+}
+
+resource "azurerm_storage_data_lake_gen2_filesystem" "example" {
+  for_each           = { for i in toset(local.containers_adls) : i.name => i }
+  name               = each.key
+  storage_account_id = azurerm_storage_account.storage_account_default[each.value.account].id
+
+  depends_on = [azurerm_storage_account.storage_account_default, azurerm_role_assignment.storage_role_context, null_resource.sleep]
+}
+
+resource "azurerm_role_assignment" "storage_role_context" {
+  for_each             = var.storage_account_details
+  scope                = azurerm_storage_account.storage_account_default[each.key].id
+  role_definition_name = "Storage Blob Data Owner"
+  principal_id         = var.azure_object_id
+}
+
diff --git a/azurerm/modules/azurerm-kv/main.tf b/azurerm/modules/azurerm-kv/main.tf
@@ -39,6 +39,41 @@ resource "azurerm_key_vault" "example" {
   }
 }
 
+resource "azurerm_private_endpoint" "pe" {
+  count               = var.enable_private_network ? 1 : 0
+  name                = "${azurerm_key_vault.example[0].name}-kv-pe"
+  resource_group_name = var.pe_resource_group_name
+  location            = var.pe_resource_group_location
+  subnet_id           = var.pe_subnet_id
+
+  private_service_connection {
+    name                           = "${azurerm_key_vault.example[0].name}-kv-pe"
+    is_manual_connection           = var.is_manual_connection
+    private_connection_resource_id = azurerm_key_vault.example[0].id
+    subresource_names              = ["vault"]
+  }
+
+  private_dns_zone_group {
+    name                 = azurerm_key_vault.example.0.name
+    private_dns_zone_ids = [var.kv_private_dns_zone_id]
+  }
+
+  lifecycle {
+    ignore_changes = [
+      tags,
+    ]
+  }
+}
+
+resource "null_resource" "sleep" {
+  # Add sleep to allow network rules to propergate
+  provisioner "local-exec" {
+    command = <<EOT
+      sleep 100
+    EOT
+  }
+  depends_on = [azurerm_private_endpoint.pe , azurerm_key_vault_access_policy.contributors_access_policy]
+}
 
 resource "azurerm_key_vault_access_policy" "contributors_access_policy" {
   count = length(var.contributor_object_ids)
@@ -109,28 +144,3 @@ resource "azurerm_key_vault_access_policy" "reader_access_policy" {
   ]
 }
 
-resource "azurerm_private_endpoint" "pe" {
-  count               = var.enable_private_network ? 1 : 0
-  name                = "${azurerm_key_vault.example[0].name}-kv-pe"
-  resource_group_name = var.pe_resource_group_name
-  location            = var.pe_resource_group_location
-  subnet_id           = var.pe_subnet_id
-
-  private_service_connection {
-    name                           = "${azurerm_key_vault.example[0].name}-kv-pe"
-    is_manual_connection           = var.is_manual_connection
-    private_connection_resource_id = azurerm_key_vault.example[0].id
-    subresource_names              = ["vault"]
-  }
-
-  private_dns_zone_group {
-    name                 = azurerm_key_vault.example.0.name
-    private_dns_zone_ids = [var.kv_private_dns_zone_id]
-  }
-
-  lifecycle {
-    ignore_changes = [
-      tags,
-    ]
-  }
-}