Skip to content

Commit

Permalink
Merge pull request #2737 from UK-Export-Finance/feat/EMS-2186-ia-c-ke…
Browse files Browse the repository at this point in the history 
…y-vault-cost-alerts

feat(EMS-2186): added key vault
  • Loading branch information
@abhi-markan
abhi-markan authored Jul 17, 2024
2 parents 76daa13 + 41d5d4c commit 5e8e8c8
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 3 deletions.
1 change: 1 addition & 0 deletions .cspell.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,7 @@
"Useds",
"venv",
"VNET",
"vnets",
"XLSX"
],
"dictionaries": [
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/deployment.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,6 @@ jobs:
name: Database 💾
needs: setup
environment: ${{ needs.setup.outputs.environment }}
if: ${{ '1' == vars.DATABASE }}
env:
ENVIRONMENT: ${{ needs.setup.outputs.environment }}
runs-on: [self-hosted, EXIP, deployment]
Expand All @@ -81,12 +80,14 @@ jobs:
az configure --defaults group=rg-${{ env.PRODUCT }}-${{ github.ref_name }}-${{ vars.VERSION }}
- name: Extension ➕
if: ${{ '1' == vars.DATABASE }}
uses: azure/cli@v2
with:
inlineScript: |
az config set extension.use_dynamic_install=yes_without_prompt
- name: Import ⬇
if: ${{ '1' == vars.DATABASE }}
uses: azure/cli@v2
with:
inlineScript: |
Expand Down
31 changes: 29 additions & 2 deletions .github/workflows/infrastructure.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,12 @@ jobs:
--address-prefixes ${{ vars.VNET_SUBNET_PRIVATE_PREFIX }} \
--vnet-name vnet-${{ env.PRODUCT }}-${{ env.TARGET }}-${{ vars.VERSION }}
az network vnet subnet create \
--name snet-keyvault-${{ env.PRODUCT }}-${{ vars.VERSION }} \
--address-prefixes ${{ vars.VNET_SUBNET_KEYVAULT_PREFIX }} \
--vnet-name vnet-${{ env.PRODUCT }}-${{ env.TARGET }}-${{ vars.VERSION }} \
--service-endpoints Microsoft.KeyVault
- name: VNET Peer - AMI 🔀
uses: azure/cli@v2
with:
Expand Down Expand Up @@ -365,6 +371,17 @@ jobs:
inlineScript: |
az extension add --name front-door
- name: Key Vault 🔑
uses: azure/cli@v2
with:
inlineScript: |
az keyvault create \
--name kv-${{ env.PRODUCT }}-${{ env.TARGET }}-${{ vars.VERSION }} \
--default-action Deny \
--public-network-access Disabled \
--network-acls-ips ${{ secrets.WAF_ALLOWED_IP }} \
--network-acls-vnets $(az network vnet subnet list --vnet-name vnet-${{ env.PRODUCT }}-${{ env.TARGET }}-${{ vars.VERSION }} --query '[?contains(name, `keyvault`)].id' -o tsv)
- name: Private endpoint 🔏
uses: azure/cli@v2
with:
Expand All @@ -389,6 +406,16 @@ jobs:
--group-id sites \
--tags ${{ env.TAGS }}
#Key Vault
az network private-endpoint create \
--name private-endpoint-keyvault-${{ env.PRODUCT }}-${{ env.TARGET }}-${{ vars.VERSION }} \
--private-connection-resource-id $(az keyvault show --name kv-${{ env.PRODUCT }}-${{ env.TARGET }}-${{ vars.VERSION }} --query id -o tsv) \
--connection-name private-link-${{ env.PRODUCT }}-${{ env.TARGET }}-${{ vars.VERSION }} \
--subnet snet-private-${{ env.PRODUCT }}-${{ vars.VERSION }} \
--vnet-name vnet-${{ env.PRODUCT }}-${{ env.TARGET }}-${{ vars.VERSION }} \
--group-id vault \
--tags ${{ env.TAGS }}
- name: Private DNS 🌍
uses: azure/cli@v2
with:
Expand Down Expand Up @@ -769,13 +796,13 @@ jobs:
--record-set-name "@" \
--zone ${{ vars.DOMAIN_QUOTE }} \
--value ${{ vars.CA_VERIFICATION }} \
--if-none-match "*"
--if-none-match
az network dns record-set txt add-record \
--record-set-name "@" \
--zone ${{ vars.DOMAIN_INSURANCE }} \
--value ${{ vars.CA_VERIFICATION }} \
--if-none-match "*"
--if-none-match
- name: CAA records
uses: azure/cli@v2
Expand Down

0 comments on commit 5e8e8c8

Please sign in to comment.