terraform\deployments\sharedinfra
is the path for the Shared APIM Infrastructure Terraform.
If you need to update web test endpoint, add or modify var.ping_tests
in /environments/env.tfvars:
ping_tests = [
{
pingTestName = "webcheck-name"
pingTestURL = "https://webcheck-url"
pingText = "Status: UP" # optional
}
]
To change action group email, modify var.support_email
in /environments/shared.tfvars
To give access to the Key Vault the client must have an Azure Managed Identity within the CJS Common Tenant. This will be what we use to grant the MI GET access on the Key Vault.
They will then need to provide use with the Name
and Client ID
of the resource.
We can then add these per environment in the Terraform.
- Edit the correct environment
tfvars
in theenvironments
folder. - update or addd the variable
client_kv_mi_access
.
A single entry should look like:
client_kv_mi_access = {
"HMI" = {
name = "hmi-mi-sbox"
value = "7ac06558-a513-4259-b094-fef5d4de526b"
}
}
This is directions on how to get Azure DevOps variable in the libraries into the HMI Key Vaults.
- Add the variable to the ADO library with the prefix
tf_secret_
for exampletf_secret_my-secret-name
- Edit the file
pipeline\steps\tf-SharedInfra-variables.yaml
- Add onto the parameter
libarySecrets
another set of name/value objects.
ThesecName
needs to be the Key Vault serect name plus the prefixtf_secret_
.
ThesecValue
needs to be the ADO serect name with the prefixtf_secret_
.
example:
- secName: "tf_secret_key-vault-secret-name"
secValue: "$(tf_secret_ado-variable-name)"