[WIP] Puts Arturo's Identity Creation Script into Terraform #12
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Terraform Plan OutputClick to expandTerraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# azurerm_key_vault.equalvote-argocd will be created
+ resource "azurerm_key_vault" "equalvote-argocd" {
+ access_policy = (known after apply)
+ id = (known after apply)
+ location = "westus2"
+ name = "equalvote-argocd"
+ public_network_access_enabled = true
+ resource_group_name = "equalvote"
+ sku_name = "standard"
+ soft_delete_retention_days = 90
+ tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
+ vault_uri = (known after apply)
}
# azurerm_key_vault_access_policy.argocd-policy will be created
+ resource "azurerm_key_vault_access_policy" "argocd-policy" {
+ id = (known after apply)
+ key_permissions = [
+ "Backup",
+ "Create",
+ "Decrypt",
+ "Delete",
+ "Encrypt",
+ "Get",
+ "Import",
+ "List",
+ "Purge",
+ "Recover",
+ "Restore",
+ "Sign",
+ "UnwrapKey",
+ "Update",
+ "Verify",
+ "WrapKey",
+ "Release",
+ "Rotate",
+ "GetRotationPolicy",
+ "SetRotationPolicy",
]
+ key_vault_id = (known after apply)
+ object_id = (known after apply)
+ tenant_id = (known after apply)
}
# azurerm_user_assigned_identity.argocd-identity will be created
+ resource "azurerm_user_assigned_identity" "argocd-identity" {
+ client_id = (known after apply)
+ id = (known after apply)
+ location = "westus2"
+ name = "argocd"
+ principal_id = (known after apply)
+ resource_group_name = "equalvote"
+ tenant_id = (known after apply)
}
# kubernetes_service_account.aks_argocd will be created
+ resource "kubernetes_service_account" "aks_argocd" {
+ automount_service_account_token = true
+ default_secret_name = (known after apply)
+ id = (known after apply)
+ metadata {
+ annotations = (known after apply)
+ generation = (known after apply)
+ labels = {
+ "azure.workload.identity/use" = "true"
}
+ name = "aks-argocd"
+ namespace = "argocd"
+ resource_version = (known after apply)
+ uid = (known after apply)
}
}
Plan: 4 to add, 0 to change, 0 to destroy. |
evanstucker-hates-2fa
requested changes
May 5, 2024
Terraform Plan OutputClick to expandTerraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# azurerm_key_vault.equalvote-argocd will be created
+ resource "azurerm_key_vault" "equalvote-argocd" {
+ access_policy = (known after apply)
+ id = (known after apply)
+ location = "westus2"
+ name = "equalvote-argocd"
+ public_network_access_enabled = true
+ resource_group_name = "equalvote"
+ sku_name = "standard"
+ soft_delete_retention_days = 90
+ tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
+ vault_uri = (known after apply)
}
# azurerm_key_vault_access_policy.argocd-policy will be created
+ resource "azurerm_key_vault_access_policy" "argocd-policy" {
+ id = (known after apply)
+ key_permissions = [
+ "Backup",
+ "Create",
+ "Decrypt",
+ "Delete",
+ "Encrypt",
+ "Get",
+ "Import",
+ "List",
+ "Purge",
+ "Recover",
+ "Restore",
+ "Sign",
+ "UnwrapKey",
+ "Update",
+ "Verify",
+ "WrapKey",
+ "Release",
+ "Rotate",
+ "GetRotationPolicy",
+ "SetRotationPolicy",
]
+ key_vault_id = (known after apply)
+ object_id = (known after apply)
+ tenant_id = (known after apply)
}
# azurerm_user_assigned_identity.argocd-identity will be created
+ resource "azurerm_user_assigned_identity" "argocd-identity" {
+ client_id = (known after apply)
+ id = (known after apply)
+ location = "westus2"
+ name = "argocd"
+ principal_id = (known after apply)
+ resource_group_name = "equalvote"
+ tenant_id = (known after apply)
}
# kubernetes_service_account.aks_argocd will be created
+ resource "kubernetes_service_account" "aks_argocd" {
+ automount_service_account_token = true
+ default_secret_name = (known after apply)
+ id = (known after apply)
+ metadata {
+ annotations = (known after apply)
+ generation = (known after apply)
+ labels = {
+ "azure.workload.identity/use" = "true"
}
+ name = "aks-argocd"
+ namespace = "argocd"
+ resource_version = (known after apply)
+ uid = (known after apply)
}
}
Plan: 4 to add, 0 to change, 0 to destroy. |
Terraform Plan OutputClick to expandTerraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# azurerm_key_vault.equalvote-argocd will be imported
resource "azurerm_key_vault" "equalvote-argocd" {
access_policy = [
{
application_id = null
certificate_permissions = [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers",
]
key_permissions = [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"Decrypt",
"Encrypt",
"UnwrapKey",
"WrapKey",
"Verify",
"Sign",
"Release",
"Rotate",
"GetRotationPolicy",
"SetRotationPolicy",
]
object_id = "ae6a3fcf-332d-4690-8a04-609e7410da80"
secret_permissions = [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore",
]
storage_permissions = [
"all",
]
tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
},
{
application_id = null
certificate_permissions = []
key_permissions = []
object_id = "16d17ddb-9a55-4db3-bd3c-b057079093f7"
secret_permissions = [
"Get",
]
storage_permissions = []
tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
},
{
application_id = null
certificate_permissions = []
key_permissions = [
"Get",
"List",
"Decrypt",
"Encrypt",
"UnwrapKey",
"WrapKey",
"Verify",
"Sign",
]
object_id = "2c7d3739-7134-4112-ae3d-8e3fd181032d"
secret_permissions = []
storage_permissions = []
tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
},
{
application_id = null
certificate_permissions = []
key_permissions = [
"Get",
"List",
"Encrypt",
"Decrypt",
"UnwrapKey",
"WrapKey",
"Verify",
"Sign",
]
object_id = "b0274edd-38b8-49de-8df7-8b50febab361"
secret_permissions = []
storage_permissions = []
tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
},
]
enable_rbac_authorization = false
enabled_for_deployment = false
enabled_for_disk_encryption = false
enabled_for_template_deployment = false
id = "/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.KeyVault/vaults/equalvote-argocd/"
location = "westus2"
name = "equalvote-argocd"
public_network_access_enabled = true
purge_protection_enabled = false
resource_group_name = "equalvote"
sku_name = "standard"
soft_delete_retention_days = 90
tags = {}
tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
vault_uri = "https://equalvote-argocd.vault.azure.net/"
network_acls {
bypass = "AzureServices"
default_action = "Allow"
ip_rules = []
virtual_network_subnet_ids = []
}
}
# azurerm_key_vault_access_policy.argocd-policy will be created
+ resource "azurerm_key_vault_access_policy" "argocd-policy" {
+ id = (known after apply)
+ key_permissions = [
+ "Backup",
+ "Create",
+ "Decrypt",
+ "Delete",
+ "Encrypt",
+ "Get",
+ "Import",
+ "List",
+ "Purge",
+ "Recover",
+ "Restore",
+ "Sign",
+ "UnwrapKey",
+ "Update",
+ "Verify",
+ "WrapKey",
+ "Release",
+ "Rotate",
+ "GetRotationPolicy",
+ "SetRotationPolicy",
]
+ key_vault_id = "/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.KeyVault/vaults/equalvote-argocd/"
+ object_id = (known after apply)
+ tenant_id = (known after apply)
}
# azurerm_user_assigned_identity.argocd-identity will be created
+ resource "azurerm_user_assigned_identity" "argocd-identity" {
+ client_id = (known after apply)
+ id = (known after apply)
+ location = "westus2"
+ name = "argocd"
+ principal_id = (known after apply)
+ resource_group_name = "equalvote"
+ tenant_id = (known after apply)
}
# kubernetes_service_account.aks_argocd will be created
+ resource "kubernetes_service_account" "aks_argocd" {
+ automount_service_account_token = true
+ default_secret_name = (known after apply)
+ id = (known after apply)
+ metadata {
+ annotations = (known after apply)
+ generation = (known after apply)
+ labels = {
+ "azure.workload.identity/use" = "true"
}
+ name = "aks-argocd"
+ namespace = "argocd"
+ resource_version = (known after apply)
+ uid = (known after apply)
}
}
Plan: 1 to import, 3 to add, 0 to change, 0 to destroy. |
Terraform Plan OutputClick to expandTerraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# azurerm_key_vault.equalvote-argocd will be imported
resource "azurerm_key_vault" "equalvote-argocd" {
access_policy = [
{
application_id = null
certificate_permissions = [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers",
]
key_permissions = [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"Decrypt",
"Encrypt",
"UnwrapKey",
"WrapKey",
"Verify",
"Sign",
"Release",
"Rotate",
"GetRotationPolicy",
"SetRotationPolicy",
]
object_id = "ae6a3fcf-332d-4690-8a04-609e7410da80"
secret_permissions = [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore",
]
storage_permissions = [
"all",
]
tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
},
{
application_id = null
certificate_permissions = []
key_permissions = []
object_id = "16d17ddb-9a55-4db3-bd3c-b057079093f7"
secret_permissions = [
"Get",
]
storage_permissions = []
tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
},
{
application_id = null
certificate_permissions = []
key_permissions = [
"Get",
"List",
"Decrypt",
"Encrypt",
"UnwrapKey",
"WrapKey",
"Verify",
"Sign",
]
object_id = "2c7d3739-7134-4112-ae3d-8e3fd181032d"
secret_permissions = []
storage_permissions = []
tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
},
{
application_id = null
certificate_permissions = []
key_permissions = [
"Get",
"List",
"Encrypt",
"Decrypt",
"UnwrapKey",
"WrapKey",
"Verify",
"Sign",
]
object_id = "b0274edd-38b8-49de-8df7-8b50febab361"
secret_permissions = []
storage_permissions = []
tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
},
{
application_id = null
certificate_permissions = []
key_permissions = [
"Get",
"List",
"Update",
"Create",
"Import",
]
object_id = "41f2c14c-70b5-4aea-9360-d09128e28e37"
secret_permissions = []
storage_permissions = []
tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
},
]
enable_rbac_authorization = false
enabled_for_deployment = false
enabled_for_disk_encryption = false
enabled_for_template_deployment = false
id = "/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.KeyVault/vaults/equalvote-argocd/"
location = "westus2"
name = "equalvote-argocd"
public_network_access_enabled = true
purge_protection_enabled = false
resource_group_name = "equalvote"
sku_name = "standard"
soft_delete_retention_days = 90
tags = {}
tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
vault_uri = "https://equalvote-argocd.vault.azure.net/"
network_acls {
bypass = "AzureServices"
default_action = "Allow"
ip_rules = []
virtual_network_subnet_ids = []
}
}
# azurerm_key_vault_access_policy.argocd-policy will be created
+ resource "azurerm_key_vault_access_policy" "argocd-policy" {
+ id = (known after apply)
+ key_permissions = [
+ "Backup",
+ "Create",
+ "Decrypt",
+ "Delete",
+ "Encrypt",
+ "Get",
+ "Import",
+ "List",
+ "Purge",
+ "Recover",
+ "Restore",
+ "Sign",
+ "UnwrapKey",
+ "Update",
+ "Verify",
+ "WrapKey",
+ "Release",
+ "Rotate",
+ "GetRotationPolicy",
+ "SetRotationPolicy",
]
+ key_vault_id = "/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.KeyVault/vaults/equalvote-argocd/"
+ object_id = "2c7d3739-7134-4112-ae3d-8e3fd181032d"
+ tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
}
# azurerm_user_assigned_identity.argocd-identity will be imported
resource "azurerm_user_assigned_identity" "argocd-identity" {
client_id = "2941dfa2-9dbd-4e67-ae23-4c5ada763f1c"
id = "/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.ManagedIdentity/userAssignedIdentities/argocd"
location = "westus2"
name = "argocd"
principal_id = "2c7d3739-7134-4112-ae3d-8e3fd181032d"
resource_group_name = "equalvote"
tags = {}
tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
}
# kubernetes_service_account.aks-argocd will be created
+ resource "kubernetes_service_account" "aks-argocd" {
+ automount_service_account_token = true
+ default_secret_name = (known after apply)
+ id = (known after apply)
+ metadata {
+ annotations = {
+ "azure.workload.identity/client-id" = "2941dfa2-9dbd-4e67-ae23-4c5ada763f1c"
+ "azure.workload.identity/tenant-id" = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
}
+ generation = (known after apply)
+ labels = {
+ "azure.workload.identity/use" = "true"
}
+ name = "aks-argocd"
+ namespace = "argocd"
+ resource_version = (known after apply)
+ uid = (known after apply)
}
}
Plan: 2 to import, 2 to add, 0 to change, 0 to destroy. |
added 7 commits
May 7, 2024 19:52
I added that resource on the imports in too! |
Terraform Plan OutputClick to expandTerraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# azurerm_federated_identity_credential.kubernetes-federated-credential will be created
+ resource "azurerm_federated_identity_credential" "kubernetes-federated-credential" {
+ audience = [
+ "api://AzureADTokenExchange",
]
+ id = (known after apply)
+ issuer = "https://westus2.oic.prod-aks.azure.com/fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9/4d25248d-ede0-4cc1-b615-d7f1052a0850/"
+ name = "kubernetes-federated-credential"
+ parent_id = "/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.ManagedIdentity/userAssignedIdentities/argocd"
+ resource_group_name = "equalvote"
+ subject = "system:serviceaccount:argocd:aks-argocd"
}
# azurerm_key_vault.equalvote-argocd will be imported
resource "azurerm_key_vault" "equalvote-argocd" {
access_policy = [
{
application_id = null
certificate_permissions = [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers",
]
key_permissions = [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"Decrypt",
"Encrypt",
"UnwrapKey",
"WrapKey",
"Verify",
"Sign",
"Release",
"Rotate",
"GetRotationPolicy",
"SetRotationPolicy",
]
object_id = "ae6a3fcf-332d-4690-8a04-609e7410da80"
secret_permissions = [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore",
]
storage_permissions = [
"all",
]
tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
},
{
application_id = null
certificate_permissions = []
key_permissions = []
object_id = "16d17ddb-9a55-4db3-bd3c-b057079093f7"
secret_permissions = [
"Get",
]
storage_permissions = []
tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
},
{
application_id = null
certificate_permissions = []
key_permissions = [
"Get",
"List",
"Decrypt",
"Encrypt",
"UnwrapKey",
"WrapKey",
"Verify",
"Sign",
]
object_id = "2c7d3739-7134-4112-ae3d-8e3fd181032d"
secret_permissions = []
storage_permissions = []
tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
},
{
application_id = null
certificate_permissions = []
key_permissions = [
"Get",
"List",
"Encrypt",
"Decrypt",
"UnwrapKey",
"WrapKey",
"Verify",
"Sign",
]
object_id = "b0274edd-38b8-49de-8df7-8b50febab361"
secret_permissions = []
storage_permissions = []
tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
},
{
application_id = null
certificate_permissions = []
key_permissions = [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"Rotate",
"GetRotationPolicy",
"SetRotationPolicy",
]
object_id = "41f2c14c-70b5-4aea-9360-d09128e28e37"
secret_permissions = []
storage_permissions = []
tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
},
{
application_id = null
certificate_permissions = []
key_permissions = [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"GetRotationPolicy",
"SetRotationPolicy",
"Rotate",
"Decrypt",
"Encrypt",
"Purge",
]
object_id = "e4536f07-8f5a-4501-be90-6a3d2a09b0f3"
secret_permissions = [
"Set",
]
storage_permissions = []
tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
},
]
enable_rbac_authorization = false
enabled_for_deployment = false
enabled_for_disk_encryption = false
enabled_for_template_deployment = false
id = "/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.KeyVault/vaults/equalvote-argocd"
location = "westus2"
name = "equalvote-argocd"
public_network_access_enabled = true
purge_protection_enabled = false
resource_group_name = "equalvote"
sku_name = "standard"
soft_delete_retention_days = 90
tags = {}
tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
vault_uri = "https://equalvote-argocd.vault.azure.net/"
network_acls {
bypass = "AzureServices"
default_action = "Allow"
ip_rules = []
virtual_network_subnet_ids = []
}
}
# azurerm_key_vault_access_policy.argocd-policy will be created
+ resource "azurerm_key_vault_access_policy" "argocd-policy" {
+ id = (known after apply)
+ key_permissions = [
+ "Backup",
+ "Create",
+ "Decrypt",
+ "Delete",
+ "Encrypt",
+ "Get",
+ "Import",
+ "List",
+ "Purge",
+ "Recover",
+ "Restore",
+ "Sign",
+ "UnwrapKey",
+ "Update",
+ "Verify",
+ "WrapKey",
+ "Release",
+ "Rotate",
+ "GetRotationPolicy",
+ "SetRotationPolicy",
]
+ key_vault_id = "/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.KeyVault/vaults/equalvote-argocd"
+ object_id = "2c7d3739-7134-4112-ae3d-8e3fd181032d"
+ tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
}
# azurerm_key_vault_key.sops-key will be imported
resource "azurerm_key_vault_key" "sops-key" {
curve = null
e = "AQAB"
id = "https://equalvote-argocd.vault.azure.net/keys/sops-key/9d7a971e677f4d8a9f2f7adaf349f7ff"
key_opts = [
"encrypt",
"decrypt",
]
key_size = 2048
key_type = "RSA"
key_vault_id = "/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.KeyVault/vaults/equalvote-argocd"
n = "tmMxMyW8dhSgvlMCbHZb83CAa6dwo4jBtMnq4vKo3lcv4NRcAFBGHj1UUi_mjonh--iwl1X2K3gk1jOcPCSznNECnTz4NsYA6S8gFlDMGgL9PIzfLaxgPQqmyLQA-fVh9WXOq8L8t8dbqHfiTb2tx_6Pp8lnpusEbzBi0znw52dTfqd1pTZ0rBxarbbQyyBAO8UJpui4nwNs-CSm5UAARTu_ON4Bi1G1jpZsh6uCP30hiQbW8OhCAdYdUJVFwtRw1kw5vQpZgGw9pC0mSgSd4NYXHvVFIFw0eRW6dEZzyBlUncc_hx1PXLRCDIZVxEeeEQnCzYkRnhQdfmZ_MoUGcQ"
name = "sops-key"
public_key_openssh = <<-EOT
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2YzEzJbx2FKC+UwJsdlvzcIBrp3CjiMG0yeri8qjeVy/g1FwAUEYePVRSL+aOieH76LCXVfYreCTWM5w8JLOc0QKdPPg2xgDpLyAWUMwaAv08jN8trGA9CqbItAD59WH1Zc6rwvy3x1uod+JNva3H/o+nyWem6wRvMGLTOfDnZ1N+p3WlNnSsHFqtttDLIEA7xQmm6LifA2z4JKblQABFO7843gGLUbWOlmyHq4I/fSGJBtbw6EIB1h1QlUXC1HDWTDm9ClmAbD2kLSZKBJ3g1hce9UUgXDR5Fbp0RnPIGVSdxz+HHU9ctEIMhlXER54RCcLNiRGeFB1+Zn8yhQZx
EOT
public_key_pem = <<-EOT
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmMxMyW8dhSgvlMCbHZb
83CAa6dwo4jBtMnq4vKo3lcv4NRcAFBGHj1UUi/mjonh++iwl1X2K3gk1jOcPCSz
nNECnTz4NsYA6S8gFlDMGgL9PIzfLaxgPQqmyLQA+fVh9WXOq8L8t8dbqHfiTb2t
x/6Pp8lnpusEbzBi0znw52dTfqd1pTZ0rBxarbbQyyBAO8UJpui4nwNs+CSm5UAA
RTu/ON4Bi1G1jpZsh6uCP30hiQbW8OhCAdYdUJVFwtRw1kw5vQpZgGw9pC0mSgSd
4NYXHvVFIFw0eRW6dEZzyBlUncc/hx1PXLRCDIZVxEeeEQnCzYkRnhQdfmZ/MoUG
cQIDAQAB
-----END PUBLIC KEY-----
EOT
resource_id = "/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.KeyVault/vaults/equalvote-argocd/keys/sops-key/versions/9d7a971e677f4d8a9f2f7adaf349f7ff"
resource_versionless_id = "/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.KeyVault/vaults/equalvote-argocd/keys/sops-key"
tags = {}
version = "9d7a971e677f4d8a9f2f7adaf349f7ff"
versionless_id = "https://equalvote-argocd.vault.azure.net/keys/sops-key"
x = null
y = null
}
# azurerm_user_assigned_identity.argocd-identity will be imported
resource "azurerm_user_assigned_identity" "argocd-identity" {
client_id = "2941dfa2-9dbd-4e67-ae23-4c5ada763f1c"
id = "/subscriptions/86f3145a-48cc-4255-8757-dd3104d15e57/resourceGroups/equalvote/providers/Microsoft.ManagedIdentity/userAssignedIdentities/argocd"
location = "westus2"
name = "argocd"
principal_id = "2c7d3739-7134-4112-ae3d-8e3fd181032d"
resource_group_name = "equalvote"
tags = {}
tenant_id = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
}
# kubernetes_service_account.aks-argocd will be created
+ resource "kubernetes_service_account" "aks-argocd" {
+ automount_service_account_token = true
+ default_secret_name = (known after apply)
+ id = (known after apply)
+ metadata {
+ annotations = {
+ "azure.workload.identity/client-id" = "2941dfa2-9dbd-4e67-ae23-4c5ada763f1c"
+ "azure.workload.identity/tenant-id" = "fb5b09d0-6c7c-4bf2-adf7-6fb61f902de9"
}
+ generation = (known after apply)
+ labels = {
+ "azure.workload.identity/use" = "true"
}
+ name = "aks-argocd"
+ namespace = "argocd"
+ resource_version = (known after apply)
+ uid = (known after apply)
}
}
Plan: 3 to import, 3 to add, 0 to change, 0 to destroy. |
arterro
approved these changes
May 22, 2024
evanstucker-hates-2fa
approved these changes
May 22, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR puts Arturo's script into Terraform.
It sets up the following resources in Terraform:
equalvote-argocdkeyvaultThings that still need to be done:
I left a ton of more comments in line that give more insight. So hit me up on Signal if you have any questions!