Revert "Remove purge function for azurerm 2.42"

This reverts commit 136e509.
aztfmod · Jan 14, 2021 · 86783ed · 86783ed
1 parent 7bf3d67
commit 86783ed
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 36 deletions.
diff --git a/modules/security/dynamic_keyvault_secrets/README.md b/modules/security/dynamic_keyvault_secrets/README.md
@@ -19,7 +19,9 @@ No requirements.
 
 ## Providers
 
-No provider.
+| Name | Version |
+|------|---------|
+| external | n/a |
 
 ## Inputs
 

diff --git a/modules/security/dynamic_keyvault_secrets/keyvault.tf b/modules/security/dynamic_keyvault_secrets/keyvault.tf
@@ -1,5 +1,6 @@
-module "secret" {
-  source = "./secret"
+module secret {
+  source     = "./secret"
+  depends_on = [data.external.purge_secret]
   for_each = {
     for key, value in var.settings : key => value
     if try(value.value, null) == null
@@ -10,8 +11,9 @@ module "secret" {
   keyvault_id = var.keyvault.id
 }
 
-module "secret_value" {
-  source = "./secret"
+module secret_value {
+  source     = "./secret"
+  depends_on = [data.external.purge_secret]
   for_each = {
     for key, value in var.settings : key => value
     if try(value.value, null) != null && try(value.value, null) != ""
@@ -22,8 +24,9 @@ module "secret_value" {
   keyvault_id = var.keyvault.id
 }
 
-module "secret_immutable" {
-  source = "./secret_immutable"
+module secret_immutable {
+  source     = "./secret_immutable"
+  depends_on = [data.external.purge_secret]
   for_each = {
     for key, value in var.settings : key => value
     if try(value.value, null) == ""

diff --git a/modules/security/dynamic_keyvault_secrets/secret_purge.tf b/modules/security/dynamic_keyvault_secrets/secret_purge.tf
@@ -2,33 +2,31 @@
 # Workaround until
 #
 
-# Commenting for azurerm 2.42 as secrets purge part of the provider.
+data external deleted_secrets {
+  for_each = var.settings
 
-# data external deleted_secrets {
-#   for_each = var.settings
+  program = [
+    "bash",
+    "-c",
+    format(
+      "az keyvault secret list-deleted --vault-name '%s' --query \"[?name=='%s'].{recoveryId: recoveryId}\" -o json | jq -rce '.[0] // {}'",
+      var.keyvault.name,
+      each.value.secret_name
+    )
+  ]
+}
 
-#   program = [
-#     "bash",
-#     "-c",
-#     format(
-#       "az keyvault secret list-deleted --vault-name '%s' --query \"[?name=='%s'].{recoveryId: recoveryId}\" -o json | jq -rce '.[0] // {}'",
-#       var.keyvault.name,
-#       each.value.secret_name
-#     )
-#   ]
-# }
+locals {
+  deleted_secrets = data.external.deleted_secrets
+}
 
-# locals {
-#   deleted_secrets = data.external.deleted_secrets
-# }
+data external purge_secret {
+  depends_on = [data.external.deleted_secrets]
+  for_each   = var.settings
 
-# data external purge_secret {
-#   depends_on = [data.external.deleted_secrets]
-#   for_each   = var.settings
-
-#   program = [
-#     "bash",
-#     "-c",
-#     try(format("az keyvault secret purge --id %s -o json | jq -rce '. // {}'", local.deleted_secrets[each.key].result.recovery), "jq -nr '{}'")
-#   ]
-# }
+  program = [
+    "bash",
+    "-c",
+    try(format("az keyvault secret purge --id %s -o json | jq -rce '. // {}'", local.deleted_secrets[each.key].result.recovery), "jq -nr '{}'")
+  ]
+}
diff --git a/modules/security/dynamic_keyvault_secrets/variables.tf b/modules/security/dynamic_keyvault_secrets/variables.tf
@@ -1,5 +1,5 @@
-variable "settings" {}
-variable "keyvault" {}
-variable "objects" {
+variable settings {}
+variable keyvault {}
+variable objects {
   default = {}
 }