Synchronise WAF tfvars with blob storage

DFE-Digital · Mar 19, 2024 · b1e42ad · b1e42ad
1 parent 8808ec6
commit b1e42ad
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -68,8 +68,10 @@ key                  = "terraform.tstate"
 | [azurerm_storage_account.tfvars](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource |
 | [azurerm_storage_account_network_rules.tfvars](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account_network_rules) | resource |
 | [azurerm_storage_blob.tfvars](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_blob) | resource |
+| [azurerm_storage_blob.waftfvars](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_blob) | resource |
 | [azurerm_storage_container.tfvars](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource |
 | [null_resource.tfvars](https://registry.terraform.io/providers/hashicorp/null/3.2.2/docs/resources/resource) | resource |
+| [null_resource.waftfvars](https://registry.terraform.io/providers/hashicorp/null/3.2.2/docs/resources/resource) | resource |
 | [azurerm_container_app.container_apps](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/container_app) | data source |
 | [azurerm_linux_web_app.web_apps](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/linux_web_app) | data source |
 | [azurerm_resource_group.container_apps](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |

diff --git a/tfvars-storage.tf b/tfvars-storage.tf
@@ -27,6 +27,16 @@ resource "azurerm_storage_blob" "tfvars" {
   access_tier            = "Cool"
 }
 
+resource "azurerm_storage_blob" "waftfvars" {
+  name                   = "waf.tfvars"
+  storage_account_name   = azurerm_storage_account.tfvars.name
+  storage_container_name = azurerm_storage_container.tfvars.name
+  type                   = "Block"
+  source                 = "waf.tfvars"
+  content_md5            = filemd5("waf.tfvars")
+  access_tier            = "Cool"
+}
+
 resource "azurerm_storage_account_network_rules" "tfvars" {
   storage_account_id         = azurerm_storage_account.tfvars.id
   default_action             = length(local.tfvars_access_ipv4) > 0 ? "Deny" : "Allow"
@@ -45,3 +55,14 @@ resource "null_resource" "tfvars" {
     tfvar_file_md5 = filemd5(local.tfvars_filename)
   }
 }
+
+resource "null_resource" "waftfvars" {
+  provisioner "local-exec" {
+    interpreter = ["/bin/bash", "-c"]
+    command     = "./scripts/check-tfvars-against-remote.sh -c \"${azurerm_storage_container.tfvars.name}\" -a \"${azurerm_storage_account.tfvars.name}\" -f \"waf.tfvars\""
+  }
+
+  triggers = {
+    tfvar_file_md5 = filemd5(local.tfvars_filename)
+  }
+}