Fix issue with acees policy and add secrets

miekki · Mar 1, 2024 · c9c6301 · c9c6301
1 parent f51d1bc
commit c9c6301
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 4 deletions.
diff --git a/...orkflows/module-keyvault-accesspolicy.yml → ...rkflows/module-keyvault-access-policy.yml b/...orkflows/module-keyvault-accesspolicy.yml → ...rkflows/module-keyvault-access-policy.yml
@@ -22,5 +22,5 @@ jobs:
       module_name: keyvault
       module_file_path: modules/security/keyvault-access-policy/main.bicep
       module_metadata_file_path: modules/security/keyvault-access-policy/metadata.json
-      module_parameters: keyVaultName=test-keyvault tags={'env':'dev'} location=uksouth objectId=1
+      module_parameters: keyVaultName=test-keyvault objectId=1
     secrets: inherit
diff --git a/.github/workflows/module-keyvault-secrets.yml b/.github/workflows/module-keyvault-secrets.yml
@@ -0,0 +1,26 @@
+name: module-keyvault-secrets
+concurrency:
+  group: ${{ github.workflow }}
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - "modules/security/keyvault-secrets/**"
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  call-shared-workflow:
+    name: Run
+    uses: ./.github/workflows/template-module.yml
+    with:
+      module_name: keyvault
+      module_file_path: modules/security/keyvault-secrets/main.bicep
+      module_metadata_file_path: modules/security/keyvault-secrets/metadata.json
+      module_parameters: keyVaultName=test-keyvault tags={'env':'dev'} location=uksouth secretName=my-secret-name secretValue=my-secret-value
+    secrets: inherit
diff --git a/modules/security/keyvault-access-policy/main.bicep b/modules/security/keyvault-access-policy/main.bicep
@@ -5,9 +5,6 @@ metadata owner = 'MM'
 @description('Required. Name of Key Vault.')
 param keyVaultName string
 
-@description('Required. Name of Key Vault Access Policy.')
-param policyName string = 'add'
-
 @description('Required. Object Id of a user, service principal or security group')
 param objectId string
 
@@ -23,6 +20,9 @@ param keyPermissions array = []
 @description('Optional. Specify the permissions to certificates. Valid values are: all, backup, create, delete, deleteissuers, get, getissuers, import, list, listissuers, managecontacts, manageissuers, purge, recover, restore, setissuers, update')
 param certificatPermissions array = []
 
+@description('Oprional. Name of Key Vault Access Policy.')
+param policyName string = 'add'
+
 resource keyvault 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
   name: keyVaultName
 }