Merge pull request #207 from aztfmod/patch-vm-remote-keys-admin

Patch - VM Windows - Get username and password from keyvault key in remote subscription
aztfmod · Dec 18, 2020 · 710e5ea · 710e5ea
2 parents 9e30cb3 + d9c7a45
commit 710e5ea
Showing 1 changed file with 26 additions and 9 deletions.
diff --git a/modules/compute/virtual_machine/vm_windows.tf b/modules/compute/virtual_machine/vm_windows.tf
@@ -189,18 +189,35 @@ resource "azurerm_key_vault_secret" "admin_password" {
 #
 
 locals {
-  admin_username = try(data.azurerm_key_vault_secret.windows_admin_username_key.0.value, null)
-  admin_password = try(data.azurerm_key_vault_secret.windows_admin_password_key.0.value, null)
+  admin_username = try(data.external.windows_admin_username.0.result.value, null)
+  admin_password = try(data.external.windows_admin_password.0.result.value, null)
 }
 
-data "azurerm_key_vault_secret" "windows_admin_username_key" {
+#
+# Use data external to retrieve value from different subscription
+#
+# With for_each it is not possible to change the provider's subscription at runtime so using the following pattern. 
+#
+data external windows_admin_username {
   count        = try(var.settings.virtual_machine_settings["windows"].admin_username_key, null) == null ? 0 : 1
-  name         = var.settings.virtual_machine_settings["windows"].admin_username_key
-  key_vault_id = local.keyvault.id
+  program = [
+    "bash", "-c", 
+    format(
+      "az keyvault secret show --name '%s' --vault-name '%s' --query '{value: value }' -o json", 
+      var.settings.virtual_machine_settings["windows"].admin_username_key, 
+      local.keyvault.name
+    )
+  ]
 }
 
-data "azurerm_key_vault_secret" "windows_admin_password_key" {
+data external windows_admin_password {
   count        = try(var.settings.virtual_machine_settings["windows"].admin_password_key, null) == null ? 0 : 1
-  name         = var.settings.virtual_machine_settings["windows"].admin_password_key
-  key_vault_id = local.keyvault.id
-}
+  program = [
+    "bash", "-c", 
+    format(
+      "az keyvault secret show -n '%s' --vault-name '%s' --query '{value: value }' -o json", 
+      var.settings.virtual_machine_settings["windows"].admin_password_key, 
+      local.keyvault.name
+    )
+  ]
+}