fix: key vault dns zone resource group

nebuly-ai · Dec 2, 2024 · 82cd9c4 · 82cd9c4
1 parent c8ef129
commit 82cd9c4
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 52 deletions.
diff --git a/README.md b/README.md
@@ -177,7 +177,7 @@ You can find examples of code that uses this Terraform module in the [examples](
 | <a name="input_postgres_server_point_in_time_backup"></a> [postgres\_server\_point\_in\_time\_backup](#input\_postgres\_server\_point\_in\_time\_backup) | The backup settings of the PostgreSQL Server. | <pre>object({<br/>    geo_redundant : optional(bool, true)<br/>    retention_days : optional(number, 30)<br/>  })</pre> | <pre>{<br/>  "geo_redundant": true,<br/>  "retention_days": 30<br/>}</pre> | no |
 | <a name="input_postgres_server_sku"></a> [postgres\_server\_sku](#input\_postgres\_server\_sku) | The SKU of the PostgreSQL Server, including the Tier and the Name. Examples: B\_Standard\_B1ms, GP\_Standard\_D2s\_v3, MO\_Standard\_E4s\_v3 | <pre>object({<br/>    tier : string<br/>    name : string<br/>  })</pre> | <pre>{<br/>  "name": "Standard_D4ds_v5",<br/>  "tier": "GP"<br/>}</pre> | no |
 | <a name="input_postgres_version"></a> [postgres\_version](#input\_postgres\_version) | The PostgreSQL version to use. | `string` | `"16"` | no |
-| <a name="input_private_dns_zones"></a> [private\_dns\_zones](#input\_private\_dns\_zones) | Private DNS zones to use for Private Endpoint connections. If not provided, a new DNS Zone <br/>  is created and linked to the respective subnet. | <pre>object({<br/>    flexible_postgres = optional(string, null)<br/>    key_vault         = optional(string, null)<br/>  })</pre> | `{}` | no |
+| <a name="input_private_dns_zones"></a> [private\_dns\_zones](#input\_private\_dns\_zones) | Private DNS zones to use for Private Endpoint connections. If not provided, a new DNS Zone <br/>  is created and linked to the respective subnet. | <pre>object({<br/>    flexible_postgres = optional(object({<br/>      name : string<br/>      resource_group_name : string<br/>    }), null)<br/>    key_vault = optional(object({<br/>      name : string<br/>      resource_group_name : string<br/>    }), null)<br/>  })</pre> | `{}` | no |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group where to provision the resources. | `string` | n/a | yes |
 | <a name="input_resource_prefix"></a> [resource\_prefix](#input\_resource\_prefix) | The prefix that is used for generating resource names. | `string` | n/a | yes |
 | <a name="input_storage_account_override_name"></a> [storage\_account\_override\_name](#input\_storage\_account\_override\_name) | Override the name of the Storage Account. If not provided, the name is generated based on the resource\_prefix. | `string` | `null` | no |
@@ -195,56 +195,56 @@ You can find examples of code that uses this Terraform module in the [examples](
 ## Resources
 
 
-- resource.azuread_application.main (/terraform-docs/main.tf#284)
-- resource.azuread_group.aks_admins (/terraform-docs/main.tf#608)
-- resource.azuread_group_member.aks_admin_users (/terraform-docs/main.tf#612)
-- resource.azuread_service_principal.main (/terraform-docs/main.tf#290)
-- resource.azuread_service_principal_password.main (/terraform-docs/main.tf#295)
-- resource.azurerm_cognitive_account.main (/terraform-docs/main.tf#502)
-- resource.azurerm_cognitive_deployment.gpt_4o (/terraform-docs/main.tf#522)
-- resource.azurerm_cognitive_deployment.gpt_4o_mini (/terraform-docs/main.tf#539)
-- resource.azurerm_key_vault.main (/terraform-docs/main.tf#217)
-- resource.azurerm_key_vault_secret.azure_openai_api_key (/terraform-docs/main.tf#556)
-- resource.azurerm_key_vault_secret.azuread_application_client_id (/terraform-docs/main.tf#299)
-- resource.azurerm_key_vault_secret.azuread_application_client_secret (/terraform-docs/main.tf#308)
-- resource.azurerm_key_vault_secret.jwt_signing_key (/terraform-docs/main.tf#746)
-- resource.azurerm_key_vault_secret.nebuly_azure_client_id (/terraform-docs/main.tf#321)
-- resource.azurerm_key_vault_secret.nebuly_azure_client_secret (/terraform-docs/main.tf#330)
-- resource.azurerm_key_vault_secret.okta_sso_client_id (/terraform-docs/main.tf#758)
-- resource.azurerm_key_vault_secret.okta_sso_client_secret (/terraform-docs/main.tf#769)
-- resource.azurerm_key_vault_secret.postgres_password (/terraform-docs/main.tf#485)
-- resource.azurerm_key_vault_secret.postgres_user (/terraform-docs/main.tf#476)
-- resource.azurerm_kubernetes_cluster_node_pool.linux_pools (/terraform-docs/main.tf#703)
-- resource.azurerm_management_lock.postgres_server (/terraform-docs/main.tf#419)
-- resource.azurerm_monitor_metric_alert.postgres_server_alerts (/terraform-docs/main.tf#427)
-- resource.azurerm_postgresql_flexible_server.main (/terraform-docs/main.tf#349)
-- resource.azurerm_postgresql_flexible_server_configuration.mandatory_configurations (/terraform-docs/main.tf#400)
-- resource.azurerm_postgresql_flexible_server_configuration.optional_configurations (/terraform-docs/main.tf#393)
-- resource.azurerm_postgresql_flexible_server_database.analytics (/terraform-docs/main.tf#413)
-- resource.azurerm_postgresql_flexible_server_database.auth (/terraform-docs/main.tf#407)
-- resource.azurerm_private_dns_zone.flexible_postgres (/terraform-docs/main.tf#179)
-- resource.azurerm_private_dns_zone.key_vault (/terraform-docs/main.tf#197)
-- resource.azurerm_private_dns_zone_virtual_network_link.flexible_postgres (/terraform-docs/main.tf#185)
-- resource.azurerm_private_dns_zone_virtual_network_link.key_vault (/terraform-docs/main.tf#202)
-- resource.azurerm_private_endpoint.key_vault (/terraform-docs/main.tf#243)
-- resource.azurerm_role_assignment.aks_network_contributor (/terraform-docs/main.tf#698)
-- resource.azurerm_role_assignment.key_vault_secret_officer__current (/terraform-docs/main.tf#274)
-- resource.azurerm_role_assignment.key_vault_secret_user__aks (/terraform-docs/main.tf#266)
-- resource.azurerm_role_assignment.storage_container_models__data_contributor (/terraform-docs/main.tf#594)
-- resource.azurerm_storage_account.main (/terraform-docs/main.tf#570)
-- resource.azurerm_storage_container.models (/terraform-docs/main.tf#590)
-- resource.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#135)
-- resource.azurerm_subnet.flexible_postgres (/terraform-docs/main.tf#157)
-- resource.azurerm_subnet.private_endpints (/terraform-docs/main.tf#149)
-- resource.azurerm_virtual_network.main (/terraform-docs/main.tf#127)
-- resource.random_password.postgres_server_admin_password (/terraform-docs/main.tf#344)
-- resource.time_sleep.wait_aks_creation (/terraform-docs/main.tf#685)
-- resource.tls_private_key.aks (/terraform-docs/main.tf#604)
-- resource.tls_private_key.jwt_signing_key (/terraform-docs/main.tf#742)
+- resource.azuread_application.main (/terraform-docs/main.tf#286)
+- resource.azuread_group.aks_admins (/terraform-docs/main.tf#610)
+- resource.azuread_group_member.aks_admin_users (/terraform-docs/main.tf#614)
+- resource.azuread_service_principal.main (/terraform-docs/main.tf#292)
+- resource.azuread_service_principal_password.main (/terraform-docs/main.tf#297)
+- resource.azurerm_cognitive_account.main (/terraform-docs/main.tf#504)
+- resource.azurerm_cognitive_deployment.gpt_4o (/terraform-docs/main.tf#524)
+- resource.azurerm_cognitive_deployment.gpt_4o_mini (/terraform-docs/main.tf#541)
+- resource.azurerm_key_vault.main (/terraform-docs/main.tf#219)
+- resource.azurerm_key_vault_secret.azure_openai_api_key (/terraform-docs/main.tf#558)
+- resource.azurerm_key_vault_secret.azuread_application_client_id (/terraform-docs/main.tf#301)
+- resource.azurerm_key_vault_secret.azuread_application_client_secret (/terraform-docs/main.tf#310)
+- resource.azurerm_key_vault_secret.jwt_signing_key (/terraform-docs/main.tf#748)
+- resource.azurerm_key_vault_secret.nebuly_azure_client_id (/terraform-docs/main.tf#323)
+- resource.azurerm_key_vault_secret.nebuly_azure_client_secret (/terraform-docs/main.tf#332)
+- resource.azurerm_key_vault_secret.okta_sso_client_id (/terraform-docs/main.tf#760)
+- resource.azurerm_key_vault_secret.okta_sso_client_secret (/terraform-docs/main.tf#771)
+- resource.azurerm_key_vault_secret.postgres_password (/terraform-docs/main.tf#487)
+- resource.azurerm_key_vault_secret.postgres_user (/terraform-docs/main.tf#478)
+- resource.azurerm_kubernetes_cluster_node_pool.linux_pools (/terraform-docs/main.tf#705)
+- resource.azurerm_management_lock.postgres_server (/terraform-docs/main.tf#421)
+- resource.azurerm_monitor_metric_alert.postgres_server_alerts (/terraform-docs/main.tf#429)
+- resource.azurerm_postgresql_flexible_server.main (/terraform-docs/main.tf#351)
+- resource.azurerm_postgresql_flexible_server_configuration.mandatory_configurations (/terraform-docs/main.tf#402)
+- resource.azurerm_postgresql_flexible_server_configuration.optional_configurations (/terraform-docs/main.tf#395)
+- resource.azurerm_postgresql_flexible_server_database.analytics (/terraform-docs/main.tf#415)
+- resource.azurerm_postgresql_flexible_server_database.auth (/terraform-docs/main.tf#409)
+- resource.azurerm_private_dns_zone.flexible_postgres (/terraform-docs/main.tf#181)
+- resource.azurerm_private_dns_zone.key_vault (/terraform-docs/main.tf#199)
+- resource.azurerm_private_dns_zone_virtual_network_link.flexible_postgres (/terraform-docs/main.tf#187)
+- resource.azurerm_private_dns_zone_virtual_network_link.key_vault (/terraform-docs/main.tf#204)
+- resource.azurerm_private_endpoint.key_vault (/terraform-docs/main.tf#245)
+- resource.azurerm_role_assignment.aks_network_contributor (/terraform-docs/main.tf#700)
+- resource.azurerm_role_assignment.key_vault_secret_officer__current (/terraform-docs/main.tf#276)
+- resource.azurerm_role_assignment.key_vault_secret_user__aks (/terraform-docs/main.tf#268)
+- resource.azurerm_role_assignment.storage_container_models__data_contributor (/terraform-docs/main.tf#596)
+- resource.azurerm_storage_account.main (/terraform-docs/main.tf#572)
+- resource.azurerm_storage_container.models (/terraform-docs/main.tf#592)
+- resource.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#137)
+- resource.azurerm_subnet.flexible_postgres (/terraform-docs/main.tf#159)
+- resource.azurerm_subnet.private_endpints (/terraform-docs/main.tf#151)
+- resource.azurerm_virtual_network.main (/terraform-docs/main.tf#129)
+- resource.random_password.postgres_server_admin_password (/terraform-docs/main.tf#346)
+- resource.time_sleep.wait_aks_creation (/terraform-docs/main.tf#687)
+- resource.tls_private_key.aks (/terraform-docs/main.tf#606)
+- resource.tls_private_key.jwt_signing_key (/terraform-docs/main.tf#744)
 - data source.azuread_user.aks_admins (/terraform-docs/main.tf#81)
 - data source.azurerm_client_config.current (/terraform-docs/main.tf#73)
 - data source.azurerm_private_dns_zone.flexible_postgres (/terraform-docs/main.tf#114)
-- data source.azurerm_private_dns_zone.key_vault (/terraform-docs/main.tf#119)
+- data source.azurerm_private_dns_zone.key_vault (/terraform-docs/main.tf#120)
 - data source.azurerm_resource_group.main (/terraform-docs/main.tf#70)
 - data source.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#86)
 - data source.azurerm_subnet.flexible_postgres (/terraform-docs/main.tf#100)

diff --git a/main.tf b/main.tf
@@ -114,12 +114,14 @@ data "azurerm_subnet" "flexible_postgres" {
 data "azurerm_private_dns_zone" "flexible_postgres" {
   count = var.private_dns_zones.flexible_postgres != null ? 1 : 0
 
-  name = var.private_dns_zones.flexible_postgres
+  name                = var.private_dns_zones.flexible_postgres.name
+  resource_group_name = var.private_dns_zones.key_vault.resource_group_name
 }
 data "azurerm_private_dns_zone" "key_vault" {
   count = var.private_dns_zones.key_vault != null ? 1 : 0
 
-  name = var.private_dns_zones.key_vault
+  name                = var.private_dns_zones.key_vault.name
+  resource_group_name = var.private_dns_zones.key_vault.resource_group_name
 }
 
 

diff --git a/variables.tf b/variables.tf
@@ -312,8 +312,14 @@ variable "private_dns_zones" {
   is created and linked to the respective subnet.
   EOT
   type = object({
-    flexible_postgres = optional(string, null)
-    key_vault         = optional(string, null)
+    flexible_postgres = optional(object({
+      name : string
+      resource_group_name : string
+    }), null)
+    key_vault = optional(object({
+      name : string
+      resource_group_name : string
+    }), null)
   })
   default = {}
 }