terraform keyvault fix

Author: DrisDary

samples/aci-blob-storage/python/terraform/deploy.sh

@@ -23,7 +23,7 @@ fi
 
 # =============================================================================
 # Build and push the Docker image before Terraform deployment
-# (Terraform creates the ACI group referencing the image in ACR)
+# (Terraform references the pre-created ACR as a data source)
 # =============================================================================
 
 # Create resource group and ACR first so we can push the image
@@ -94,15 +94,19 @@ echo "Image pushed to ACR successfully."
 # Terraform init, plan, and apply
 # =============================================================================
 
-TF_VARS="-var prefix=$PREFIX -var suffix=$SUFFIX -var location=$LOCATION -var image_name=$IMAGE_NAME -var image_tag=$IMAGE_TAG"
-
 echo "Initializing Terraform..."
 terraform init -upgrade
 
-# Import the resource group and ACR that were pre-created for the image push
-echo "Importing pre-created resources into Terraform state..."
-terraform import $TF_VARS azurerm_resource_group.example "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/${RESOURCE_GROUP_NAME}" 2>/dev/null || true
-terraform import $TF_VARS azurerm_container_registry.example "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/${RESOURCE_GROUP_NAME}/providers/Microsoft.ContainerRegistry/registries/${ACR_NAME}" 2>/dev/null || true
+# Import the resource group that was pre-created for the image push
+echo "Importing pre-created resource group into Terraform state..."
+terraform import \
+	-var "prefix=$PREFIX" \
+	-var "suffix=$SUFFIX" \
+	-var "location=$LOCATION" \
+	-var "image_name=$IMAGE_NAME" \
+	-var "image_tag=$IMAGE_TAG" \
+	azurerm_resource_group.example \
+	"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/${RESOURCE_GROUP_NAME}" 2>/dev/null || true
 
 # Run terraform plan and check for errors
 echo "Planning Terraform deployment..."
@@ -125,7 +129,6 @@ fi
 # Get the output values
 RESOURCE_GROUP_NAME=$(terraform output -raw resource_group_name)
 STORAGE_ACCOUNT_NAME=$(terraform output -raw storage_account_name)
-KEY_VAULT_NAME=$(terraform output -raw key_vault_name)
 ACR_NAME=$(terraform output -raw acr_name)
 ACI_GROUP_NAME=$(terraform output -raw aci_group_name)
 FQDN=$(terraform output -raw fqdn)
@@ -136,7 +139,6 @@ echo "Deployment Complete!"
 echo "============================================================"
 echo "Resource Group:    $RESOURCE_GROUP_NAME"
 echo "Storage Account:   $STORAGE_ACCOUNT_NAME"
-echo "Key Vault:         $KEY_VAULT_NAME"
 echo "ACR:               $ACR_NAME"
 echo "ACI Container:     $ACI_GROUP_NAME"
 echo "FQDN:              $FQDN"

samples/aci-blob-storage/python/terraform/main.tf

@@ -2,7 +2,6 @@
 locals {
   resource_group_name  = "${var.prefix}-aci-rg"
   storage_account_name = "${var.prefix}acistorage${var.suffix}"
-  key_vault_name       = "${var.prefix}acikv${var.suffix}"
   acr_name             = "${var.prefix}aciacr${var.suffix}"
   aci_group_name       = "${var.prefix}-aci-planner-${var.suffix}"
 }
@@ -38,48 +37,10 @@ resource "azurerm_storage_container" "example" {
   container_access_type = "private"
 }
 
-# Create Key Vault
-resource "azurerm_key_vault" "example" {
-  name                       = local.key_vault_name
-  resource_group_name        = azurerm_resource_group.example.name
-  location                   = azurerm_resource_group.example.location
-  tenant_id                  = data.azurerm_client_config.current.tenant_id
-  sku_name                   = "standard"
-  enable_rbac_authorization  = true
-  purge_protection_enabled   = false
-  soft_delete_retention_days = 7
-  tags                       = var.tags
-
-  lifecycle {
-    ignore_changes = [
-      tags
-    ]
-  }
-}
-
-data "azurerm_client_config" "current" {}
-
-# Store the storage connection string in Key Vault
-resource "azurerm_key_vault_secret" "storage_conn" {
-  name         = "storage-conn"
-  value        = "DefaultEndpointsProtocol=http;AccountName=${azurerm_storage_account.example.name};AccountKey=${azurerm_storage_account.example.primary_access_key};BlobEndpoint=${azurerm_storage_account.example.primary_blob_endpoint}"
-  key_vault_id = azurerm_key_vault.example.id
-}
-
-# Create Container Registry
-resource "azurerm_container_registry" "example" {
+# Reference the pre-created ACR (created by deploy.sh before terraform apply)
+data "azurerm_container_registry" "example" {
   name                = local.acr_name
   resource_group_name = azurerm_resource_group.example.name
-  location            = azurerm_resource_group.example.location
-  sku                 = var.acr_sku
-  admin_enabled       = true
-  tags                = var.tags
-
-  lifecycle {
-    ignore_changes = [
-      tags
-    ]
-  }
 }
 
 # Create Container Instance
@@ -93,14 +54,14 @@ resource "azurerm_container_group" "example" {
   tags                = var.tags
 
   image_registry_credential {
-    server   = azurerm_container_registry.example.login_server
-    username = azurerm_container_registry.example.admin_username
-    password = azurerm_container_registry.example.admin_password
+    server   = data.azurerm_container_registry.example.login_server
+    username = data.azurerm_container_registry.example.admin_username
+    password = data.azurerm_container_registry.example.admin_password
   }
 
   container {
     name   = local.aci_group_name
-    image  = "${azurerm_container_registry.example.login_server}/${var.image_name}:${var.image_tag}"
+    image  = "${data.azurerm_container_registry.example.login_server}/${var.image_name}:${var.image_tag}"
     cpu    = var.cpu_cores
     memory = var.memory_in_gb
 
@@ -115,7 +76,7 @@ resource "azurerm_container_group" "example" {
     }
 
     secure_environment_variables = {
-      AZURE_STORAGE_CONNECTION_STRING = azurerm_key_vault_secret.storage_conn.value
+      AZURE_STORAGE_CONNECTION_STRING = "DefaultEndpointsProtocol=http;AccountName=${azurerm_storage_account.example.name};AccountKey=${azurerm_storage_account.example.primary_access_key};BlobEndpoint=${azurerm_storage_account.example.primary_blob_endpoint}"
     }
   }
 

samples/aci-blob-storage/python/terraform/outputs.tf

@@ -6,16 +6,12 @@ output "storage_account_name" {
   value = azurerm_storage_account.example.name
 }
 
-output "key_vault_name" {
-  value = azurerm_key_vault.example.name
-}
-
 output "acr_name" {
-  value = azurerm_container_registry.example.name
+  value = data.azurerm_container_registry.example.name
 }
 
 output "acr_login_server" {
-  value = azurerm_container_registry.example.login_server
+  value = data.azurerm_container_registry.example.login_server
 }
 
 output "aci_group_name" {

samples/aci-blob-storage/python/terraform/variables.tf

@@ -66,17 +66,6 @@ variable "blob_container_name" {
   }
 }
 
-variable "acr_sku" {
-  description = "(Optional) Specifies the SKU for the container registry."
-  type        = string
-  default     = "Basic"
-
-  validation {
-    condition     = contains(["Basic", "Standard", "Premium"], var.acr_sku)
-    error_message = "The acr_sku must be one of: Basic, Standard, Premium."
-  }
-}
-
 variable "image_name" {
   description = "(Optional) Specifies the name of the container image."
   type        = string