Added secrets in vault secrets and configuration to retrieve them in …

…terraform

azure/terraform-azure/infra-secrets.tf

@@ -0,0 +1,45 @@
+resource "hcp_service_principal" "infra_reader" {
+  name = "infra-reader"
+}
+
+resource "hcp_vault_secrets_app_iam_binding" "infra_reader" {
+  resource_name = data.hcp_vault_secrets_app.infra.app_name
+  principal_id  = hcp_service_principal.infra_reader.resource_id
+  role          = "roles/secrets.app-secret-reader"
+}
+
+data "hcp_vault_secrets_secret" "azure_client_id" {
+  app_name    = data.hcp_vault_secrets_app.infra.app_name
+  secret_name = "client_id"
+}
+
+data "hcp_vault_secrets_secret" "azure_client_password" {
+  app_name    = data.hcp_vault_secrets_app.infra.app_name
+  secret_name = "client_password"
+}
+
+data "hcp_vault_secrets_secret" "subscription_id" {
+  app_name    = data.hcp_vault_secrets_app.infra.app_name
+  secret_name = "subscription_id"
+}
+
+data "hcp_vault_secrets_secret" "tenant_id" {
+  app_name    = data.hcp_vault_secrets_app.infra.app_name
+  secret_name = "tenant_id"
+}
+
+data "hcp_vault_secrets_secret" "docker_username" {
+  app_name    = data.hcp_vault_secrets_app.infra.app_name
+  secret_name = "docker_username"
+}
+
+data "hcp_vault_secrets_secret" "docker_password" {
+  app_name    = data.hcp_vault_secrets_app.infra.app_name
+  secret_name = "docker_password"
+}
+
+data "hcp_vault_secrets_secret" "terraform_token" {
+  app_name    = data.hcp_vault_secrets_app.infra.app_name
+  secret_name = "terraform_token"
+}
+

azure/terraform-azure/main.tf

@@ -6,13 +6,29 @@ terraform {
       name = "Azure"
     }
   }
+  required_providers {
+    hcp = {
+      source  = "hashicorp/hcp"
+      version = "0.90.0"
+    }
+  }
+}
+
+provider "hcp" {
+  client_id     = var.HCP_CLIENT_ID
+  client_secret = var.HCP_CLIENT_SECRET
+  project_id    = "f8647d4c-9bf3-44d0-8c84-18a5ab9ee572"
+}
+
+data "hcp_vault_secrets_app" "infra" {
+  app_name = "infra-secrets"
 }
 
 provider "azurerm" {
-  subscription_id = var.ARM_SUBSCRIPTION_ID
-  client_id       = var.ARM_CLIENT_ID
-  client_secret   = var.ARM_CLIENT_SECRET
-  tenant_id       = var.ARM_TENANT_ID
+  subscription_id = data.hcp_vault_secrets_secret.subscription_id.secret_value
+  client_id       = data.hcp_vault_secrets_secret.azure_client_id.secret_value
+  client_secret   = data.hcp_vault_secrets_secret.azure_client_password.secret_value
+  tenant_id       = data.hcp_vault_secrets_secret.tenant_id.secret_value
 
   features {}
 }
@@ -108,8 +124,8 @@ module "aks" {
   source                            = "Azure/aks/azurerm"
   version                           = "7.4.0"
   resource_group_name               = azurerm_resource_group.geekzone.name
-  client_id                         = var.ARM_CLIENT_ID
-  client_secret                     = var.ARM_CLIENT_SECRET
+  client_id                         = data.hcp_vault_secrets_secret.azure_client_id.secret_value
+  client_secret                     = data.hcp_vault_secrets_secret.azure_client_password.secret_value
   kubernetes_version                = var.kubernetes_version
   orchestrator_version              = var.orchestrator_version
   prefix                            = "prefix"

azure/terraform-azure/variables.tf

@@ -2,22 +2,16 @@ variable "cluster_name" {
   default = "GeekZoneCluster"
 }
 
-variable "ARM_CLIENT_ID" {
-}
-
-variable "ARM_CLIENT_SECRET" {
-}
-
-variable "ARM_TENANT_ID" {
+variable "administrator_login" {
 }
 
-variable "ARM_SUBSCRIPTION_ID" {
+variable "administrator_login_password" {
 }
 
-variable "administrator_login" {
+variable "HCP_CLIENT_ID" {
 }
 
-variable "administrator_login_password" {
+variable "HCP_CLIENT_SECRET" {
 }
 
 variable "location" {