FEAT: Added KeyVaultSecret Datasource #516
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tanmay-hc
force-pushed
the
keyvault-datasource
branch
from
3ae5b90 to
6a80f58
Compare
tanmay-hc
force-pushed
the
keyvault-datasource
branch
from
906d6f8 to
0e18857
Compare
tanmay-hc
force-pushed
the
keyvault-datasource
branch
from
d9d3324 to
2b415f7
Compare
|
|
||
| client_id = var.client_id | ||
| client_secret = var.client_secret | ||
| tenant_id = var.tenant_id |
There was a problem hiding this comment.
I had to add subscription_id here after the changes to use the existing authorizer
Comment on lines
+18
to
+20
| "github.com/Azure/azure-sdk-for-go/sdk/azcore" | ||
| "github.com/Azure/azure-sdk-for-go/sdk/azidentity" | ||
| "github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets" |
There was a problem hiding this comment.
Do we still need to use the azure-sdk-for-go here? I assume you just haven't updated this acceptance test since migrating to the new strategy for solving this
| @@ -52,6 +52,25 @@ resource "azurerm_shared_image" "linux-sig" { | |||
| } | |||
| } | |||
|
|
|||
| resource "azurerm_key_vault" "vault" { | |||
| name = "packer-acctest-vault" | |||
There was a problem hiding this comment.
Right now if two developers are working on the plugin, or if CI is running when a developer is working, this can cause conflict, you should use the resource prefix for resources that have unique name across subscription, which I think key vaults are at least subscription wide for unique names, since we ran into that error before
Suggested change
| name = "packer-acctest-vault" | |
| name = "${var.resource_prefix}-pkr-test-vault" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces a new Key Vault data source for the Azure Packer plugin, enabling users to retrieve secrets from Azure Key Vault.
vault_name[required]secret_name[required]versionNOTE: Unlike the rest of the plugin, which uses the Hashicorp's
go-azure-sdk, this change uses Azure's own sdk. This is done since the Hashicorp's azure sdk does not provide a support for fetching the value of the secret and only uses the ARM APIs, which only provides us with the properties of the secret and not the value.Closes #71