terraform-provider-azurerm icon indicating copy to clipboard operation
terraform-provider-azurerm copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

`azurerm_container_app` add support for key vault secret references as `secret`

Open x-delfino opened this issue 2 years ago • 9 comments
trafficstars

Adding support for key vault references for container apps. Resolving https://github.com/hashicorp/terraform-provider-azurerm/issues/23668 and https://github.com/hashicorp/terraform-provider-azurerm/issues/21739. Introduces the following properties for secret blocks for azurerm_container_app resources:

  • identity
  • key_vault_url

Have included tests & docs and have run make pr-check - all tests are passing successfully.

I had to split out the Dapr secrets as they don't look to actually support these additional properties. I know that the API reference for Dapr components includes them, but the API doesn't actually support them as far as I can tell. Trying to use these values against the API results in: Secret with name 'secretName' cannot have have a null value. And including value just adds a normal secret.

I believe Dapr component key vault secret references are actually handled as follows:

  • Configure key vault secret store component as detailed here.
  • Reference these in the secretsRef metadata properties for another component as detailed here.

I can take a look at raising a separate PR for adding secret reference support for the Dapr components. Apologies this took a while, I got a bit thrown off by the Dapr bits and never got round into reading up on it properly - but I'm fairly confident in my conclusion

x-delfino avatar Nov 19 '23 21:11 x-delfino

thanks for taking a look at this so quickly @magodo - will make the requested changes this evening

x-delfino avatar Nov 20 '23 10:11 x-delfino

I need to update the docs for the dapr secrets still

x-delfino avatar Nov 23 '23 00:11 x-delfino

@x-delfino Will you continue in this PR with the suggested changes?

davidkarlsen avatar Dec 17 '23 10:12 davidkarlsen

@x-delfino Will you continue in this PR with the suggested changes?

apologies, i've been away. I'll have time to work on this over the next couple of days

x-delfino avatar Dec 17 '23 21:12 x-delfino

Any more changes needed or is this ready for review and merge?

davidkarlsen avatar Jan 14 '24 14:01 davidkarlsen

@x-delfino: Do you know when you have time to continue this PR? Thanks in advance for your reply and work on this.

eddy-vera avatar Jan 18 '24 08:01 eddy-vera

unfortunately a few other commitments have taken priority and I'm not going to have time to give this attention for a couple of weeks realistically. If anyone has a bit more capacity to look at this in the meantime - feel free, otherwise I'll work on it when I have some time

x-delfino avatar Jan 22 '24 19:01 x-delfino

@x-delfino Any idea when you would have time to pick this up? Or are there others capable of doing this?

eddy-vera avatar Feb 27 '24 11:02 eddy-vera

@x-delfino Any idea when you would have time to pick this up? Or are there others capable of doing this?

Look at #24773

GurliGebis avatar Feb 27 '24 11:02 GurliGebis

Thanks for all your effort on this @x-delfino!

Since you're unable to continue this in the near future and another PR has been opened building on the work done here, I'm going to close this so that the work and review effort can be consolidated in one PR.

For everyone interested in this feature please subscribe to #24773 for updates. Thanks!

stephybun avatar Mar 05 '24 13:03 stephybun

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Apr 19 '24 02:04 github-actions[bot]