-
Notifications
You must be signed in to change notification settings - Fork 146
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Key vault + stateful resources #3922
Comments
I believe this is covered here - Lines 67 to 69 in c8e5ed3
If it doesn't work as designed, then might need amending. Also not sure it is a bug, but more of a feature request, that may already exist? |
@marrobi bug removed and added as Feature. @Danny-Cooke-CK please review the above and close as necessary |
I think the key vault purge protection wants adding either as a separate config flag or to the existing one |
Confirmed with @marrobi to add another developer setting |
I've reviewed this and can see that the functionality is already there for key_vault, although in Imperial we have handled it more centrally. in our code we have one variable set which covers every keyvault but in the main code it gets set in every terraform provider in each part of the project like the below so on that basis, im closing this ticket. provider "azurerm" { |
@Danny-Cooke-CK I thought you were trying to disable purge protection, not sure the code in the provider does this... |
oh ok. i've made a mistake in assumption here. |
By default the TRE is deployed with purge protection on the keyvault and stateful resource locks. These make sense in a prod environment but hinder development and redeployment in dev. If a keyvault already existed for example, it will need to be imported into terraform state. having this as a switchable option however, aids development and delivery.
Please see information around this issue:
Tim Allen
26 February 2024 at 16:40
Need to remember to update the the action.yml
Kevin O'Connor
26 February 2024 at 16:14
Edited
terraform apply -var="KV_PURGE_PROTECTION_ENABLED=true" -var="STATEFUL_RESOURCES_LOCKED=true"
etc etc
Kevin O'Connor
26 February 2024 at 16:13
Might need to update the variables.tf file to add these to it for switch work
variable "KV_PURGE_PROTECTION_ENABLED" {
description = "Enables or disables Key Vault purge protection"
type = bool
default = false
}
variable "STATEFUL_RESOURCES_LOCKED" {
description = "Determines if stateful resources should be locked"
type = bool
default = false
}
The text was updated successfully, but these errors were encountered: