feat: add conditional expressions to allow some global properties and…

… updated documentation

examples/complete/README.md

@@ -0,0 +1,84 @@
+This example highlights the complete usage.
+
+## Usage
+
+```hcl
+module "kv" {
+  source  = "cloudnationhq/kv/azure"
+  version = "~> 0.1"
+
+  naming = local.naming
+
+  vault = {
+    name          = module.naming.key_vault.name_unique
+    location      = module.rg.groups.demo.location
+    resourcegroup = module.rg.groups.demo.name
+
+    certs   = local.certs
+    keys    = local.keys
+    secrets = local.secrets
+
+    issuers = {
+      DigiCert = {
+        org_id     = "12345"
+        account_id = "12345"
+        password   = "12345"
+      }
+    }
+  }
+}
+```
+
+The module uses the below locals for configuration:
+
+```hcl
+locals {
+  secrets = {
+    random_string = {
+      secret1 = {
+        length  = 24
+        special = false
+      }
+    }
+    tls_keys = {
+      tls1 = {
+        algorithm = "RSA"
+        rsa_bits  = 2048
+      }
+    }
+  }
+
+  keys = {
+    key1 = {
+      key_type = "RSA"
+      key_size = 2048
+      key_opts = [
+        "decrypt", "encrypt", "sign",
+        "unwrapKey", "verify", "wrapKey"
+      ]
+      rotation_policy = {
+        expire_after         = "P90D"
+        notify_before_expiry = "P30D"
+        automatic = {
+          time_after_creation = "P83D"
+          time_before_expiry  = "P30D"
+        }
+      }
+    }
+  }
+
+  certs = {
+    cert1 = {
+      issuer             = "Self"
+      subject            = "CN=app1.demo.org"
+      validity_in_months = 12
+      exportable         = true
+      key_usage = [
+        "cRLSign", "dataEncipherment",
+        "digitalSignature", "keyAgreement",
+        "keyCertSign", "keyEncipherment"
+      ]
+    }
+  }
+}
+```

examples/complete/locals.tf

@@ -6,3 +6,53 @@ locals {
 
   naming_types = ["key_vault_key", "key_vault_secret", "key_vault_certificate"]
 }
+
+locals {
+  secrets = {
+    random_string = {
+      secret1 = {
+        length  = 24
+        special = false
+      }
+    }
+    tls_keys = {
+      tls1 = {
+        algorithm = "RSA"
+        rsa_bits  = 2048
+      }
+    }
+  }
+
+  keys = {
+    key1 = {
+      key_type = "RSA"
+      key_size = 2048
+      key_opts = [
+        "decrypt", "encrypt", "sign",
+        "unwrapKey", "verify", "wrapKey"
+      ]
+      rotation_policy = {
+        expire_after         = "P90D"
+        notify_before_expiry = "P30D"
+        automatic = {
+          time_after_creation = "P83D"
+          time_before_expiry  = "P30D"
+        }
+      }
+    }
+  }
+
+  certs = {
+    cert1 = {
+      issuer             = "Self"
+      subject            = "CN=app1.demo.org"
+      validity_in_months = 12
+      exportable         = true
+      key_usage = [
+        "cRLSign", "dataEncipherment",
+        "digitalSignature", "keyAgreement",
+        "keyCertSign", "keyEncipherment"
+      ]
+    }
+  }
+}

examples/complete/main.tf

@@ -18,8 +18,9 @@ module "rg" {
 }
 
 module "kv" {
-  source  = "cloudnationhq/kv/azure"
-  version = "~> 0.1"
+  #source  = "cloudnationhq/kv/azure"
+  #version = "~> 0.1"
+  source = "../../"
 
   naming = local.naming
 
@@ -28,39 +29,9 @@ module "kv" {
     location      = module.rg.groups.demo.location
     resourcegroup = module.rg.groups.demo.name
 
-    keys = {
-      key1 = {
-        key_type = "RSA"
-        key_size = 2048
-        key_opts = [
-          "decrypt", "encrypt", "sign",
-          "unwrapKey", "verify", "wrapKey"
-        ]
-        rotation_policy = {
-          expire_after         = "P90D"
-          notify_before_expiry = "P30D"
-          automatic = {
-            time_after_creation = "P83D"
-            time_before_expiry  = "P30D"
-          }
-        }
-      }
-    }
-
-    secrets = {
-      random_string = {
-        secret1 = {
-          length  = 24
-          special = false
-        }
-      }
-      tls_keys = {
-        tls1 = {
-          algorithm = "RSA"
-          rsa_bits  = 2048
-        }
-      }
-    }
+    certs   = local.certs
+    keys    = local.keys
+    secrets = local.secrets
 
     issuers = {
       DigiCert = {
@@ -69,19 +40,5 @@ module "kv" {
         password   = "12345"
       }
     }
-
-    certs = {
-      cert1 = {
-        issuer             = "Self"
-        subject            = "CN=app1.demo.org"
-        validity_in_months = 12
-        exportable         = true
-        key_usage = [
-          "cRLSign", "dataEncipherment",
-          "digitalSignature", "keyAgreement",
-          "keyCertSign", "keyEncipherment"
-        ]
-      }
-    }
   }
 }

locals.tf

@@ -27,7 +27,7 @@ locals {
       expiration_date = try(k.expiration_date, null)
       key_vault_id    = azurerm_key_vault.keyvault.id
       rotation_policy = try(k.rotation_policy, null)
-      tags            = try(k.tags, null)
+      tags            = try(k.tags, var.tags, null)
     }
   ])
 }
@@ -45,7 +45,7 @@ locals {
       min_special     = try(secret.min_special, 4)
       min_numeric     = try(secret.min_numeric, 5)
       key_vault_id    = azurerm_key_vault.keyvault.id
-      tags            = try(secret.tags, null)
+      tags            = try(secret.tags, var.tags, null)
       content_type    = try(secret.content_type, null)
       expiration_date = try(secret.expiration_date, null)
       not_before_date = try(secret.not_before_date, null)
@@ -61,7 +61,7 @@ locals {
       name            = try(tls.name, join("-", [var.naming.key_vault_secret, tls_key]))
       rsa_bits        = try(tls.rsa_bits, 2048)
       key_vault_id    = azurerm_key_vault.keyvault.id
-      tags            = try(tls.tags, null)
+      tags            = try(tls.tags, var.tags, null)
       content_type    = try(tls.content_type, null)
       expiration_date = try(tls.expiration_date, null)
       not_before_date = try(tls.not_before_date, null)
@@ -85,7 +85,7 @@ locals {
       subject            = cert.subject
       validity_in_months = cert.validity_in_months
       key_vault_id       = azurerm_key_vault.keyvault.id
-      tags               = try(cert.tags, null)
+      tags               = try(cert.tags, var.tags, null)
     }
   ])
 }

main.tf

@@ -4,11 +4,11 @@ data "azurerm_subscription" "current" {}
 # keyvault
 resource "azurerm_key_vault" "keyvault" {
   name                            = var.vault.name
-  resource_group_name             = var.vault.resourcegroup
-  location                        = var.vault.location
+  resource_group_name             = coalesce(lookup(var.vault, "resourcegroup", null), var.resourcegroup)
+  location                        = coalesce(lookup(var.vault, "location", null), var.location)
   tenant_id                       = data.azurerm_client_config.current.tenant_id
   sku_name                        = try(var.vault.sku, "standard")
-  tags                            = try(var.vault.tags, null)
+  tags                            = try(var.vault.tags, var.tags, null)
   enabled_for_deployment          = try(var.vault.enabled_for_deployment, true)
   enabled_for_disk_encryption     = try(var.vault.enabled_for_disk_encryption, true)
   enabled_for_template_deployment = try(var.vault.enabled_for_template_deployment, true)
@@ -57,7 +57,7 @@ resource "azurerm_key_vault_certificate_issuer" "issuer" {
   key_vault_id  = each.value.key_vault_id
   provider_name = each.value.provider_name
   account_id    = each.value.account_id
-  password      = each.value.password //pat certificate authority
+  password      = each.value.password #pat certificate authority
 
   depends_on = [
     azurerm_role_assignment.admins

variables.tf

@@ -8,3 +8,21 @@ variable "naming" {
   type        = map(string)
   default     = {}
 }
+
+variable "location" {
+  description = "default azure region to be used."
+  type        = string
+  default     = null
+}
+
+variable "resourcegroup" {
+  description = "default resource group to be used."
+  type        = string
+  default     = null
+}
+
+variable "tags" {
+  description = "tags to be added to the resources"
+  type        = map(string)
+  default     = {}
+}