terraform stuff

mrlockstar · mrlockstar · commit db17ca8b5fd7 · 2026-01-15T12:42:16.000Z
diff --git a/infrastructure/terraform/hub/data.tf b/infrastructure/terraform/hub/data.tf
@@ -0,0 +1,39 @@
+data "azurerm_client_config" "current" {}
+
+data "azuread_group" "avd_users" {
+  display_name = var.avd_users_group_name
+}
+
+data "azuread_group" "avd_admins" {
+  display_name = var.avd_admins_group_name
+}
+
+data "azuread_group" "avd_platform_users" {
+  display_name = "DToS-platform-team-Dev"
+}
+
+# This client id is the same for all Azure customers - it is not a secret.
+# https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service_certificate
+data "azuread_service_principal" "MicrosoftAzureAppService" {
+  client_id = "abfa0a7c-a6b6-4736-8310-5855508787cd"
+}
+
+data "azuread_service_principal" "MicrosoftAzureFrontDoorCdn" {
+  client_id = "205478c0-bd83-4e1b-a9d6-db63a3e1e1c8"
+}
+
+# data "azurerm_key_vault_secret" "object-id" {
+#   for_each     = var.regions
+#   name         = "dtos-apim-object-id"
+#   key_vault_id = module.key_vault[each.key].key_vault_id
+
+#   depends_on = [azurerm_key_vault_access_policy.terraform-mi]
+# }
+
+# data "azurerm_key_vault_secret" "secret" {
+#   for_each     = var.regions
+#   name         = "dtos-apim-secret"
+#   key_vault_id = module.key_vault[each.key].key_vault_id
+
+#   depends_on = [azurerm_key_vault_access_policy.terraform-mi]
+# }
diff --git a/infrastructure/terraform/hub/dns_private.tf b/infrastructure/terraform/hub/dns_private.tf
@@ -72,17 +72,17 @@ locals {
   private_dns_zones_map = { for obj in local.private_dns_zones_obj_list : "${obj.region}-${obj.description}" => obj }
 }
 
-# module "private_dns_zones" {
-#   for_each = local.private_dns_zones_map
+module "private_dns_zones" {
+  for_each = local.private_dns_zones_map
 
-#   source = "../../../../dtos-devops-templates/infrastructure/modules/private-dns-zone"
+  source = "../../../../dtos-devops-templates/infrastructure/modules/private-dns-zone"
 
-#   name                = each.value.name
-#   resource_group_name = azurerm_resource_group.private_dns_rg[each.value.region].name
-#   vnet_id             = module.vnets_hub[each.value.region].vnet.id
+  name                = each.value.name
+  resource_group_name = azurerm_resource_group.private_dns_rg[each.value.region].name
+  vnet_id             = data.azurerm_virtual_network.hub[0].id
 
-#   tags = var.tags
-# }
+  tags = var.tags
+}
 
 /*--------------------------------------------------------------------------------------------------
   Private DNS A Records for APIM and Application Gateway
diff --git a/infrastructure/terraform/hub/frontdoor.tf b/infrastructure/terraform/hub/frontdoor.tf
@@ -15,7 +15,7 @@ module "frontdoor_profile" {
   metric_enabled                                    = var.diagnostic_settings.metric_enabled
 
   # Front Door Profile is a global resource, hence the use of primary_region Key Vault
-  certificate_secrets = { for k in each.value.frontdoor_profile.secrets : k => module.acme_certificate[k].key_vault_certificate[local.primary_region].versionless_id }
+  # certificate_secrets = { for k in each.value.frontdoor_profile.secrets : k => module.acme_certificate[k].key_vault_certificate[local.primary_region].versionless_id }
   name                = "${module.config[local.primary_region].names.front-door-profile}-${each.value.short_name}"
   resource_group_name = azurerm_resource_group.rg_project["${each.key}-${local.primary_region}"].name
   sku_name            = each.value.frontdoor_profile.sku_name
diff --git a/infrastructure/terraform/hub/log_analytics_workspace.tf b/infrastructure/terraform/hub/log_analytics_workspace.tf
@@ -17,18 +17,18 @@ module "log_analytics_workspace_hub" {
 }
 
 # Add a data export rule to forward logs to the Event Hub in the Hub subscription
-module "log_analytics_data_export_rule" {
-  for_each = var.features.log_analytics_data_export_rule_enabled ? var.regions : {}
+# module "log_analytics_data_export_rule" {
+#   for_each = var.features.log_analytics_data_export_rule_enabled ? var.regions : {}
 
-  source = "../../../../dtos-devops-templates/infrastructure/modules/log-analytics-data-export-rule"
+#   source = "../../../../dtos-devops-templates/infrastructure/modules/log-analytics-data-export-rule"
 
-  name                    = "${module.config[each.key].names.log-analytics-workspace}-export-rule"
-  resource_group_name     = azurerm_resource_group.rg_base[each.key].name
-  workspace_resource_id   = module.log_analytics_workspace_hub[each.key].id
-  destination_resource_id = module.eventhub_law_export["dtos-hub-${each.key}"].event_hubs["dtos-hub"].id
-  table_names             = var.law.export_table_names
-  enabled                 = var.law.export_enabled
-}
+#   name                    = "${module.config[each.key].names.log-analytics-workspace}-export-rule"
+#   resource_group_name     = azurerm_resource_group.rg_base[each.key].name
+#   workspace_resource_id   = module.log_analytics_workspace_hub[each.key].id
+#   destination_resource_id = module.eventhub_law_export["dtos-hub-${each.key}"].event_hubs["dtos-hub"].id
+#   table_names             = var.law.export_table_names
+#   enabled                 = var.law.export_enabled
+# }
 
 /*--------------------------------------------------------------------------------------------------
   RBAC Assignments
