Merge pull request #2 from schubergphilis/misc--fix-some-naming-incon…

…sistencies misc: fix some naming inconsistencies
schubergphilis · Nov 4, 2024 · 5efba0a · 5efba0a
2 parents b276f2d + 016376b
commit 5efba0a
Show file tree

Hide file tree

Showing 6 changed files with 31 additions and 39 deletions.
diff --git a/README.md b/README.md
@@ -33,16 +33,16 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_key_vault"></a> [key\_vault](#input\_key\_vault) | This object describes the configuration for an Azure Key Vault.<br><br>The following arguments are supported:<br><br>- `name` - (Required) The name of the Key Vault.<br>- `tenant_id` - (Required) The Azure Active Directory tenant ID that should be used for authenticating requests to the Key Vault.<br>- `resource_group_name` - (Optional) The name of the resource group in which to create the Key Vault. If not provided, the resource group of the calling module will be used.<br>- `location` - (Optional) The location of the Key Vault. If not provided, the location of the calling module will be used.<br>- `enabled_for_disk_encryption` - (Optional) Specifies whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.<br>- `enabled_for_deployment` - (Optional) Specifies whether Azure Resource Manager is permitted to retrieve secrets from the vault.<br>- `enabled_for_template_deployment` - (Optional) Specifies whether Azure Resource Manager is permitted to retrieve secrets from the vault.<br>- `enable_rbac_authorization` - (Optional) Specifies whether Azure RBAC is permitted to retrieve secrets from the vault.<br>- `purge_protection` - (Optional) Specifies whether protection against purge is enabled for this Key Vault.<br>- `soft_delete_retention_days` - (Optional) The number of days that items should be retained for once soft deleted.<br>- `sku` - (Optional) The SKU of the Key Vault.<br>- `ip_rules` - (Optional) List of IP addresses that are permitted to access the key vault.<br>- `subnet_id` - (Optional) List of subnet IDs that are permitted to access the key vault.<br>- `network_bypass` - (Optional) Specifies which traffic can bypass the network rules.<br>- `cmkrsa_keyname` - (Optional) The name of the customer managed key with RSA algorithm to create.<br>- `cmkec_keyname` - (Optional) The name of the customer managed key with EC algorithm to create.<br>- `cmk_keys_create` - (Optional) Specifies whether to create custom managed keys.<br><br>Example Inputs:<pre>hcl<br>key_vault = {<br>  name                            = "my-key-vault"<br>  tenant_id                       = "00000000-0000-0000-0000-000000000000"<br>  enabled_for_disk_encryption     = true<br>  enabled_for_deployment          = true<br>  enabled_for_template_deployment = true<br>  enable_rbac_authorization       = true<br>  purge_protection                = true<br>  soft_delete_retention_days      = 30<br>  sku                             = "standard"<br>  cmkrsa_keyname                  = "cmkrsa"<br>  cmkec_keyname                   = "cmkec"<br>  cmk_keys_create                 = true</pre> | <pre>object({<br>    name                            = string<br>    tenant_id                       = string<br>    resource_group_name             = optional(string, null)<br>    location                        = optional(string, null)<br>    enabled_for_disk_encryption     = optional(bool, false)<br>    enabled_for_deployment          = optional(bool, false)<br>    enabled_for_template_deployment = optional(bool, false)<br>    enable_rbac_authorization       = optional(bool, true)<br>    purge_protection                = optional(bool, true)<br>    soft_delete_retention_days      = optional(number, 30)<br>    sku                             = optional(string, "standard")<br>    ip_rules                        = optional(list(string), [])<br>    subnet_id                       = optional(list(string), [])<br>    network_bypass                  = optional(string, "None")<br>    cmkrsa_keyname                  = optional(string, "cmkrsa")<br>    cmkec_keyname                   = optional(string, "cmkec")<br>    cmk_keys_create                 = optional(bool, false)<br>    cmk_rotation_period             = optional(string, "P90D")<br>    tags                            = optional(map(string), {})<br>  })</pre> | n/a | yes |
+| <a name="input_key_vault"></a> [key\_vault](#input\_key\_vault) | This object describes the configuration for an Azure Key Vault.<br><br>The following arguments are supported:<br><br>- `name` - (Required) The name of the Key Vault.<br>- `tenant_id` - (Required) The Azure Active Directory tenant ID that should be used for authenticating requests to the Key Vault.<br>- `resource_group_name` - (Required) The name of the resource group in which to create the Key Vault.<br>- `location` - (Optional) The location of the Key Vault. If not provided, the location of the calling module will be used.<br>- `enabled_for_disk_encryption` - (Optional) Specifies whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.<br>- `enabled_for_deployment` - (Optional) Specifies whether Azure Resource Manager is permitted to retrieve secrets from the vault.<br>- `enabled_for_template_deployment` - (Optional) Specifies whether Azure Resource Manager is permitted to retrieve secrets from the vault.<br>- `enable_rbac_authorization` - (Optional) Specifies whether Azure RBAC is permitted to retrieve secrets from the vault.<br>- `purge_protection` - (Optional) Specifies whether protection against purge is enabled for this Key Vault.<br>- `soft_delete_retention_days` - (Optional) The number of days that items should be retained for once soft deleted.<br>- `sku` - (Optional) The SKU of the Key Vault.<br>- `ip_rules` - (Optional) List of IP addresses that are permitted to access the key vault.<br>- `subnet_ids` - (Optional) List of subnet IDs that are permitted to access the key vault.<br>- `network_bypass` - (Optional) Specifies which traffic can bypass the network rules.<br>- `cmk_keys_create` - (Optional) Specifies whether to create custom managed keys.<br>- `cmkrsa_key_name` - (Optional) The name of the customer managed key with RSA algorithm to create.<br>- `cmkec_key_name` - (Optional) The name of the customer managed key with EC algorithm to create.<br><br>Example Inputs:<pre>hcl<br>key_vault = {<br>  name                            = "my-key-vault"<br>  tenant_id                       = "00000000-0000-0000-0000-000000000000"<br>  enabled_for_disk_encryption     = true<br>  enabled_for_deployment          = true<br>  enabled_for_template_deployment = true<br>  enable_rbac_authorization       = true<br>  purge_protection                = true<br>  soft_delete_retention_days      = 30<br>  sku                             = "standard"<br>  cmkrsa_key_name                  = "cmkrsa"<br>  cmkec_key_name                   = "cmkec"<br>  cmk_keys_create                 = true</pre> | <pre>object({<br>    name                            = string<br>    tenant_id                       = string<br>    resource_group_name             = string<br>    location                        = optional(string, null)<br>    enabled_for_disk_encryption     = optional(bool, false)<br>    enabled_for_deployment          = optional(bool, false)<br>    enabled_for_template_deployment = optional(bool, false)<br>    enable_rbac_authorization       = optional(bool, true)<br>    purge_protection                = optional(bool, true)<br>    soft_delete_retention_days      = optional(number, 30)<br>    sku                             = optional(string, "standard")<br>    ip_rules                        = optional(list(string), [])<br>    subnet_ids                      = optional(list(string), [])<br>    network_bypass                  = optional(string, "None")<br>    cmk_keys_create                 = optional(bool, false)<br>    cmkrsa_key_name                 = optional(string, "cmkrsa")<br>    cmkec_key_name                  = optional(string, "cmkec")<br>    cmk_rotation_period             = optional(string, "P90D")<br>    tags                            = optional(map(string), {})<br>  })</pre> | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the resources. | `map(string)` | n/a | yes |
-| <a name="input_key_vault_key"></a> [key\_vault\_key](#input\_key\_vault\_key) | This map describes the configuration for Azure Key Vault keys.<br><br>- `key_vault_id` - (Required) The ID of the Key Vault.<br>- `key_type` - (Required) The type of the key.<br>- `key_size` - (Required) The size of the key.<br>- `key_opts` - (Required) The key operations that are permitted.<br><br>Example Inputs:<pre>hcl<br>  key_vault_key = {<br>    key_name = {<br>      type = "RSA"<br>      size = 4096<br>      opts = ["encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey"]<br>    }<br>    key_ec = {<br>      type = "EC"<br>      curve = "P-256"<br>      opts = ["sign", "verify"]<br>    }<br>  }</pre> | <pre>map(object({<br>    name            = optional(string, null)<br>    curve           = optional(string, null)<br>    size            = optional(number, null)<br>    type            = optional(string, null)<br>    opts            = optional(list(string), null)<br>    expiration_date = optional(string, null)<br>    not_before_date = optional(string, null)<br>    rotation_policy = optional(object({<br>      automatic = optional(object({<br>        time_after_creation = optional(string, null)<br>        time_before_expiry  = optional(string, null)<br>      }), null)<br>      expire_after         = optional(string, null)<br>      notify_before_expiry = optional(string, null)<br>    }), null)<br>    tags = optional(map(string), {})<br>  }))</pre> | `null` | no |
+| <a name="input_key_vault_key"></a> [key\_vault\_key](#input\_key\_vault\_key) | This map describes the configuration for Azure Key Vault keys.<br><br>- `key_vault_id` - (Required) The ID of the Key Vault.<br>- `key_type` - (Required) The type of the key.<br>- `key_size` - (Required) The size of the key.<br>- `key_opts` - (Required) The key operations that are permitted.<br><br>Example Inputs:<pre>hcl<br>  key_vault_key = {<br>    key_rsa = {<br>      type = "RSA"<br>      size = 4096<br>      opts = ["encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey"]<br>    }<br>    key_ec = {<br>      type = "EC"<br>      curve = "P-256"<br>      opts = ["sign", "verify"]<br>    }<br>  }</pre> | <pre>map(object({<br>    name            = optional(string, null)<br>    curve           = optional(string, null)<br>    size            = optional(number, null)<br>    type            = optional(string, null)<br>    opts            = optional(list(string), null)<br>    expiration_date = optional(string, null)<br>    not_before_date = optional(string, null)<br>    rotation_policy = optional(object({<br>      automatic = optional(object({<br>        time_after_creation = optional(string, null)<br>        time_before_expiry  = optional(string, null)<br>      }), null)<br>      expire_after         = optional(string, null)<br>      notify_before_expiry = optional(string, null)<br>    }), null)<br>    tags = optional(map(string), {})<br>  }))</pre> | `null` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
 | <a name="output_key_vault_cmkrsa_id"></a> [key\_vault\_cmkrsa\_id](#output\_key\_vault\_cmkrsa\_id) | CMK RSA Key ID |
-| <a name="output_key_vault_cmkrsa_keyname"></a> [key\_vault\_cmkrsa\_keyname](#output\_key\_vault\_cmkrsa\_keyname) | CMK RSA Key Name |
+| <a name="output_key_vault_cmkrsa_key_name"></a> [key\_vault\_cmkrsa\_key\_name](#output\_key\_vault\_cmkrsa\_key\_name) | CMK RSA Key Name |
 | <a name="output_key_vault_id"></a> [key\_vault\_id](#output\_key\_vault\_id) | n/a |
 | <a name="output_key_vault_name"></a> [key\_vault\_name](#output\_key\_vault\_name) | n/a |
 | <a name="output_key_vault_uri"></a> [key\_vault\_uri](#output\_key\_vault\_uri) | n/a |

diff --git a/examples/basic/main.tf b/examples/basic/main.tf
@@ -2,17 +2,13 @@ terraform {
   required_version = ">= 1.7"
 }
 
-module "azure_core" {
+module "key_vault" {
   source = "../.."
 
-  resource_group = {
-    name     = "my-resource-group"
-    location = "East US"
-  }
-
   key_vault = {
     name                            = "my-key-vault"
     tenant_id                       = "your-tenant-id"
+    resource_group_name             = "resource-group-name"
     enabled_for_disk_encryption     = true
     enabled_for_deployment          = false
     enabled_for_template_deployment = false
@@ -21,10 +17,10 @@ module "azure_core" {
     soft_delete_retention_days      = 30
     sku                             = "standard"
     ip_rules                        = []
-    subnet_id                       = []
+    subnet_ids                      = []
     network_bypass                  = "AzureServices"
-    cmkrsa_keyname                  = "cmkrsa"
-    cmkec_keyname                   = "cmkec"
+    cmkrsa_key_name                 = "cmkrsa"
+    cmkec_key_name                  = "cmkec"
     cmk_keys_create                 = true
   }
 

diff --git a/main.tf b/main.tf
@@ -14,9 +14,9 @@ resource "azurerm_key_vault" "this" {
   soft_delete_retention_days      = var.key_vault.soft_delete_retention_days
 
   network_acls {
-    default_action             = length(var.key_vault.ip_rules) == 0 && length(var.key_vault.subnet_id) == 0 ? "Allow" : "Deny"
+    default_action             = length(var.key_vault.ip_rules) == 0 && length(var.key_vault.subnet_ids) == 0 ? "Allow" : "Deny"
     ip_rules                   = var.key_vault.ip_rules
-    virtual_network_subnet_ids = var.key_vault.subnet_id
+    virtual_network_subnet_ids = var.key_vault.subnet_ids
     bypass                     = var.key_vault.network_bypass
   }
 
@@ -38,7 +38,7 @@ resource "azurerm_role_assignment" "this" {
 resource "azurerm_key_vault_key" "cmkrsa" {
   count = var.key_vault.cmk_keys_create ? 1 : 0
 
-  name         = var.key_vault.cmkrsa_keyname
+  name         = var.key_vault.cmkrsa_key_name
   key_vault_id = azurerm_key_vault.this.id
   key_type     = "RSA"
   key_size     = 4096

diff --git a/outputs.tf b/outputs.tf
@@ -10,7 +10,7 @@ output "key_vault_uri" {
   value = azurerm_key_vault.this.vault_uri
 }
 
-output "key_vault_cmkrsa_keyname" {
+output "key_vault_cmkrsa_key_name" {
   value       = one(azurerm_key_vault_key.cmkrsa[*].name)
   description = "CMK RSA Key Name"
 }

diff --git a/tests/basic.tftest.hcl b/tests/basic.tftest.hcl
@@ -1,12 +1,8 @@
 run "basic" {
   variables {
-    resource_group = {
-      name     = "my-resource-group"
-      location = "East US"
-    }
-
     key_vault = {
       name                            = "kv001"
+      resource_group_name             = "kvrg"
       tenant_id                       = "your-tenant-id"
       enabled_for_disk_encryption     = false
       enabled_for_deployment          = false
@@ -16,10 +12,10 @@ run "basic" {
       soft_delete_retention_days      = 30
       sku                             = "standard"
       ip_rules                        = []
-      subnet_id                       = []
+      subnet_ids                      = []
       network_bypass                  = "None"
-      cmkrsa_keyname                  = "cmkrsa"
-      cmkec_keyname                   = "cmkec"
+      cmkrsa_key_name                 = "cmkrsa"
+      cmkec_key_name                  = "cmkec"
       cmk_keys_create                 = true
     }
 
@@ -40,8 +36,8 @@ run "basic" {
   }
 
   assert {
-    condition     = output.cmk_ec_keyname == "cmkec"
-    error_message = "Unexpected output.cmk_ec_keyname value"
+    condition     = output.cmk_ec_key_name == "cmkec"
+    error_message = "Unexpected output.cmk_ec_key_name value"
   }
 
 }
diff --git a/variables.tf b/variables.tf
@@ -2,7 +2,7 @@ variable "key_vault" {
   type = object({
     name                            = string
     tenant_id                       = string
-    resource_group_name             = optional(string, null)
+    resource_group_name             = string
     location                        = optional(string, null)
     enabled_for_disk_encryption     = optional(bool, false)
     enabled_for_deployment          = optional(bool, false)
@@ -12,23 +12,23 @@ variable "key_vault" {
     soft_delete_retention_days      = optional(number, 30)
     sku                             = optional(string, "standard")
     ip_rules                        = optional(list(string), [])
-    subnet_id                       = optional(list(string), [])
+    subnet_ids                      = optional(list(string), [])
     network_bypass                  = optional(string, "None")
-    cmkrsa_keyname                  = optional(string, "cmkrsa")
-    cmkec_keyname                   = optional(string, "cmkec")
     cmk_keys_create                 = optional(bool, false)
+    cmkrsa_key_name                 = optional(string, "cmkrsa")
+    cmkec_key_name                  = optional(string, "cmkec")
     cmk_rotation_period             = optional(string, "P90D")
     tags                            = optional(map(string), {})
   })
   nullable    = false
-  description = <<STORAGE_ACCOUNT_DETAILS
+  description = <<KEY_VAULT_DESCRIPTION
 This object describes the configuration for an Azure Key Vault.
 
 The following arguments are supported:
 
 - `name` - (Required) The name of the Key Vault.
 - `tenant_id` - (Required) The Azure Active Directory tenant ID that should be used for authenticating requests to the Key Vault.
-- `resource_group_name` - (Optional) The name of the resource group in which to create the Key Vault. If not provided, the resource group of the calling module will be used.
+- `resource_group_name` - (Required) The name of the resource group in which to create the Key Vault.
 - `location` - (Optional) The location of the Key Vault. If not provided, the location of the calling module will be used.
 - `enabled_for_disk_encryption` - (Optional) Specifies whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
 - `enabled_for_deployment` - (Optional) Specifies whether Azure Resource Manager is permitted to retrieve secrets from the vault.
@@ -38,11 +38,11 @@ The following arguments are supported:
 - `soft_delete_retention_days` - (Optional) The number of days that items should be retained for once soft deleted.
 - `sku` - (Optional) The SKU of the Key Vault.
 - `ip_rules` - (Optional) List of IP addresses that are permitted to access the key vault.
-- `subnet_id` - (Optional) List of subnet IDs that are permitted to access the key vault.
+- `subnet_ids` - (Optional) List of subnet IDs that are permitted to access the key vault.
 - `network_bypass` - (Optional) Specifies which traffic can bypass the network rules.
-- `cmkrsa_keyname` - (Optional) The name of the customer managed key with RSA algorithm to create.
-- `cmkec_keyname` - (Optional) The name of the customer managed key with EC algorithm to create.
 - `cmk_keys_create` - (Optional) Specifies whether to create custom managed keys.
+- `cmkrsa_key_name` - (Optional) The name of the customer managed key with RSA algorithm to create.
+- `cmkec_key_name` - (Optional) The name of the customer managed key with EC algorithm to create.
 
 Example Inputs:
 
@@ -57,12 +57,12 @@ key_vault = {
   purge_protection                = true
   soft_delete_retention_days      = 30
   sku                             = "standard"
-  cmkrsa_keyname                  = "cmkrsa"
-  cmkec_keyname                   = "cmkec"
+  cmkrsa_key_name                  = "cmkrsa"
+  cmkec_key_name                   = "cmkec"
   cmk_keys_create                 = true
 
 ```
-STORAGE_ACCOUNT_DETAILS
+KEY_VAULT_DESCRIPTION
 }
 
 variable "key_vault_key" {
@@ -97,7 +97,7 @@ Example Inputs:
 
 ```hcl
   key_vault_key = {
-    key_name = {
+    key_rsa = {
       type = "RSA"
       size = 4096
       opts = ["encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey"]