Web app identity

DFE-Digital · Jan 23, 2025 · e5a14dd · e5a14dd
1 parent 53c8aee
commit e5a14dd
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 39 deletions.
diff --git a/.github/workflows/deploy-env.yaml b/.github/workflows/deploy-env.yaml
@@ -4,42 +4,42 @@ on:
 
 
 jobs:
-#  terraform_dependencies:
-#    name: 'Provision Terraform Dependencies'
-#    runs-on: ubuntu-latest
-#    permissions:
-#      contents: read
-#      id-token: write
-#    environment:
-#      name: 'Test'
-#    steps:
-#      - name: 'Az CLI login'
-#        uses: azure/login@v2
-#        with:
-#          creds: |
-#            {
-#                "clientId": "${{ secrets.AZURE_CLIENT_ID }}",
-#                "clientSecret": "${{ secrets.AZURE_CLIENT_SECRET }}",
-#                "tenantId": "${{ secrets.AZURE_TENANT_ID }}",
-#                "subscriptionId": "${{ secrets.AZURE_SUBSCRIPTION_ID }}"
-#            }
-#
-#      - name: Create TF State dependencies
-#        uses: azure/cli@v2
-#        with:
-#          azcliversion: latest
-#          inlineScript: |
-#            az group create --name s186${{ vars.ENVIRONMENT_PREFIX }}-cl-tfstate --location westeurope --output none --tags "Environment=${{ vars.CIP_ENVIRONMENT }}" "Product=Design Operations" "Service=Newly onboarded" "Service offering=Design operations"
-#
-#            az storage account create --name s186${{ vars.ENVIRONMENT_PREFIX }}cltfstate --resource-group s186${{ vars.ENVIRONMENT_PREFIX }}-cl-tfstate --location westeurope --sku Standard_LRS
-#
-#            az storage container create --name tfstate --account-name s186${{ vars.ENVIRONMENT_PREFIX }}cltfstate
+  terraform_dependencies:
+    name: 'Provision Terraform Dependencies'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    environment:
+      name: 'Test'
+    steps:
+      - name: 'Az CLI login'
+        uses: azure/login@v2
+        with:
+          creds: |
+            {
+                "clientId": "${{ secrets.AZURE_CLIENT_ID }}",
+                "clientSecret": "${{ secrets.AZURE_CLIENT_SECRET }}",
+                "tenantId": "${{ secrets.AZURE_TENANT_ID }}",
+                "subscriptionId": "${{ secrets.AZURE_SUBSCRIPTION_ID }}"
+            }
+
+      - name: Create TF State dependencies
+        uses: azure/cli@v2
+        with:
+          azcliversion: latest
+          inlineScript: |
+            az group create --name s186${{ vars.ENVIRONMENT_PREFIX }}-cl-tfstate --location westeurope --output none --tags "Environment=${{ vars.CIP_ENVIRONMENT }}" "Product=Design Operations" "Service=Newly onboarded" "Service offering=Design operations"
+
+            az storage account create --name s186${{ vars.ENVIRONMENT_PREFIX }}cltfstate --resource-group s186${{ vars.ENVIRONMENT_PREFIX }}-cl-tfstate --location westeurope --sku Standard_LRS
+
+            az storage container create --name tfstate --account-name s186${{ vars.ENVIRONMENT_PREFIX }}cltfstate
 
 
   deploy_infrastructure:
     name: 'Provision Infrastructure'
     runs-on: ubuntu-latest
-#    needs: [terraform_dependencies]
+    needs: [terraform_dependencies]
     permissions:
       contents: read
       id-token: write

diff --git a/src/infrastructure/terraform/keyvault.tf b/src/infrastructure/terraform/keyvault.tf
@@ -1,6 +1,6 @@
 resource "azurerm_key_vault" "key-vault" {
   location            = local.location
-  name                = "${local.service_prefix}-cl-keyvault"
+  name                = "${local.service_prefix}-keyvault"
   resource_group_name = azurerm_resource_group.core-rg.name
   sku_name            = "standard"
   tenant_id           = data.azurerm_client_config.client.tenant_id
@@ -25,12 +25,5 @@ resource "azurerm_key_vault" "key-vault" {
     bypass         = "AzureServices"
   }
 
-  lifecycle {
-    ignore_changes = [
-      access_policy,
-      network_acls
-    ]
-  }
-
   tags = local.common_tags
 }
diff --git a/src/infrastructure/terraform/web.tf b/src/infrastructure/terraform/web.tf
@@ -10,6 +10,8 @@ resource "azurerm_service_plan" "web-app-service-plan" {
   resource_group_name = azurerm_resource_group.web-rg.name
   os_type             = "Linux"
   sku_name            = "S1"
+
+  tags = local.common_tags
 }
 
 resource "azurerm_linux_web_app" "web-app-service" {
@@ -34,6 +36,8 @@ resource "azurerm_linux_web_app" "web-app-service" {
     "ContentfulOptions__PreviewApiKey"  = "@Microsoft.KeyVault(SecretUri=${azurerm_key_vault_secret.contentful-preview-api-key.id})"
     "ContentfulOptions__SpaceId"        = "@Microsoft.KeyVault(SecretUri=${azurerm_key_vault_secret.contentful-space-id.id})"
   }
+
+  tags = local.common_tags
 }
 
 resource "azurerm_key_vault_secret" "contentful-delivery-api-key" {