feat: e2e test for firewalled kv

2025-06-28 04:09:11 +00:00 · 2023-11-22 02:18:20 +01:00 · 2023-11-22 02:18:20 +01:00 · cde1d2207c
commit cde1d2207c
parent c885abd540
2 changed files with 65 additions and 12 deletions
--- a/bicep/modules/kv.bicep
+++ b/bicep/modules/kv.bicep
@ -53,7 +53,43 @@ resource keyVault 'Microsoft.KeyVault/vaults@2023-02-01' = {
 }

 /*
-  Diagnostic Settings for Key Vault
+  Key Vault
+*/
+
+resource keyVaultWithFirewall 'Microsoft.KeyVault/vaults@2023-02-01' = {
+  name: replace(toLower(format(nameFormat, 'KVT', 2)), '-', '')
+  location: location
+  tags: tags
+  properties: {
+    sku: {
+      family: 'A'
+      name: 'standard'
+    }
+    tenantId: tenant().tenantId
+    enableSoftDelete: true
+    enablePurgeProtection: true
+    accessPolicies: accessPolicies
+    networkAcls: {
+      defaultAction: 'Deny'
+      ipRules: []
+    }
+  }
+  resource testSecret 'secrets' = {
+    name: 'testSecret'
+    properties: {
+      value: 'testSecretValue'
+    }
+  }
+  resource filterTestSecret 'secrets' = {
+    name: 'filterTestSecret'
+    properties: {
+      value: 'filterTestSecretValue'
+    }
+  }
+}
+
+/*
+  Diagnostic Settings for Key Vaults
 */

 resource keyVaultDiagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
@ -69,3 +105,17 @@ resource keyVaultDiagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-
    ]
  }
 }
+
+resource keyVaultWithFirewallDiagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
+  name: 'keyVaultLogging'
+  scope: keyVaultWithFirewall
+  properties: {
+    workspaceId: _logAnalyticsWorkspace.id
+    logs: [
+      {
+        category: 'AuditEvent'
+        enabled: true
+      }
+    ]
+  }
+}