From d53125951de28c9d1190358d2e5fa7b8a5db922b Mon Sep 17 00:00:00 2001 From: Shahid Azim Date: Thu, 19 Feb 2026 15:25:04 +0000 Subject: [PATCH] =?UTF-8?q?feat:=20set=20the=20secret=20and=20certificate?= =?UTF-8?q?=E2=80=91expiry=20alert=20defaults=20to=20null.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- infrastructure/modules/key-vault/alerts.tf | 8 ++-- infrastructure/modules/key-vault/tfdocs.md | 8 ++++ infrastructure/modules/key-vault/variables.tf | 40 ++++++------------- 3 files changed, 24 insertions(+), 32 deletions(-) diff --git a/infrastructure/modules/key-vault/alerts.tf b/infrastructure/modules/key-vault/alerts.tf index 623c2380..00f7523a 100644 --- a/infrastructure/modules/key-vault/alerts.tf +++ b/infrastructure/modules/key-vault/alerts.tf @@ -1,5 +1,5 @@ resource "azurerm_monitor_scheduled_query_rules_alert_v2" "kv_secret_near_expiry" { - count = var.enable_alerting == true ? 1 : 0 + count = var.enable_alerting == true && var.secret_near_expiry_alert != null ? 1 : 0 name = "${azurerm_key_vault.keyvault.name}-secret-near-expiry" resource_group_name = var.resource_group_name_monitoring != null ? var.resource_group_name_monitoring : var.resource_group_name @@ -48,7 +48,7 @@ QUERY } resource "azurerm_monitor_scheduled_query_rules_alert_v2" "kv_secret_expired" { - count = var.enable_alerting == true ? 1 : 0 + count = var.enable_alerting == true && var.secret_expired_alert != null ? 1 : 0 name = "${azurerm_key_vault.keyvault.name}-secret-expired" resource_group_name = var.resource_group_name_monitoring != null ? var.resource_group_name_monitoring : var.resource_group_name @@ -97,7 +97,7 @@ QUERY } resource "azurerm_monitor_scheduled_query_rules_alert_v2" "kv_certificate_near_expiry" { - count = var.enable_alerting == true ? 1 : 0 + count = var.enable_alerting == true && var.certificate_near_expiry_alert != null ? 1 : 0 name = "${azurerm_key_vault.keyvault.name}-certificate-near-expiry" resource_group_name = var.resource_group_name_monitoring != null ? var.resource_group_name_monitoring : var.resource_group_name @@ -146,7 +146,7 @@ QUERY } resource "azurerm_monitor_scheduled_query_rules_alert_v2" "kv_certificate_expired" { - count = var.enable_alerting == true ? 1 : 0 + count = var.enable_alerting == true && var.certificate_expired_alert != null ? 1 : 0 name = "${azurerm_key_vault.keyvault.name}-certificate-expired" resource_group_name = var.resource_group_name_monitoring != null ? var.resource_group_name_monitoring : var.resource_group_name diff --git a/infrastructure/modules/key-vault/tfdocs.md b/infrastructure/modules/key-vault/tfdocs.md index 0bb170a1..39148419 100644 --- a/infrastructure/modules/key-vault/tfdocs.md +++ b/infrastructure/modules/key-vault/tfdocs.md @@ -170,6 +170,8 @@ object({ }) ``` +Default: `null` + ### [secret\_expired\_alert](#input\_secret\_expired\_alert) Description: Configuration for the Key Vault secret expired alert. @@ -184,6 +186,8 @@ object({ }) ``` +Default: `null` + ### [certificate\_near\_expiry\_alert](#input\_certificate\_near\_expiry\_alert) Description: Configuration for the Key Vault certificate near expiry alert. @@ -198,6 +202,8 @@ object({ }) ``` +Default: `null` + ### [secret\_certificate\_alert](#input\_certificate\_expired\_alert) Description: Configuration for the Key Vault certificate expired alert. @@ -212,6 +218,8 @@ object({ }) ``` +Default: `null` + ## Modules The following Modules are called: diff --git a/infrastructure/modules/key-vault/variables.tf b/infrastructure/modules/key-vault/variables.tf index 1e0b30ba..1a3e728a 100644 --- a/infrastructure/modules/key-vault/variables.tf +++ b/infrastructure/modules/key-vault/variables.tf @@ -67,7 +67,7 @@ variable "secret_near_expiry_alert" { validation { condition = contains( ["PT1M", "PT5M", "PT15M", "PT30M", "PT1H", "PT6H", "PT12H", "P1D"], - var.secret_near_expiry_alert.evaluation_frequency + try(var.secret_near_expiry_alert.evaluation_frequency, "P1D") ) error_message = "secret_near_expiry_alert.evaluation_frequency must be one of: PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D" } @@ -75,16 +75,12 @@ variable "secret_near_expiry_alert" { validation { condition = contains( ["PT1M", "PT5M", "PT15M", "PT30M", "PT1H", "PT6H", "PT12H", "P1D"], - var.secret_near_expiry_alert.window_duration + try(var.secret_near_expiry_alert.window_duration, "P1D") ) error_message = "secret_near_expiry_alert.window_duration must be one of: PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D" } - default = { - evaluation_frequency = "P1D" # every 24 hours - window_duration = "P1D" # last 24 hours - threshold = 1 - } + default = null } variable "secret_expired_alert" { @@ -97,7 +93,7 @@ variable "secret_expired_alert" { validation { condition = contains( ["PT1M", "PT5M", "PT15M", "PT30M", "PT1H", "PT6H", "PT12H", "P1D"], - var.secret_expired_alert.evaluation_frequency + try(var.secret_expired_alert.evaluation_frequency, "PT15M") ) error_message = "secret_expired_alert.evaluation_frequency must be one of: PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D" } @@ -105,16 +101,12 @@ variable "secret_expired_alert" { validation { condition = contains( ["PT1M", "PT5M", "PT15M", "PT30M", "PT1H", "PT6H", "PT12H", "P1D"], - var.secret_expired_alert.window_duration + try(var.secret_expired_alert.window_duration, "PT1H") ) error_message = "secret_expired_alert.window_duration must be one of: PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D" } - default = { - evaluation_frequency = "PT15M" # every 15 mins - window_duration = "PT1H" # last 1 hour - threshold = 1 - } + default = null } variable "certificate_near_expiry_alert" { @@ -127,7 +119,7 @@ variable "certificate_near_expiry_alert" { validation { condition = contains( ["PT1M", "PT5M", "PT15M", "PT30M", "PT1H", "PT6H", "PT12H", "P1D"], - var.certificate_near_expiry_alert.evaluation_frequency + try(var.certificate_near_expiry_alert.evaluation_frequency, "P1D") ) error_message = "certificate_near_expiry_alert.evaluation_frequency must be one of: PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D" } @@ -135,16 +127,12 @@ variable "certificate_near_expiry_alert" { validation { condition = contains( ["PT1M", "PT5M", "PT15M", "PT30M", "PT1H", "PT6H", "PT12H", "P1D"], - var.certificate_near_expiry_alert.window_duration + try(var.certificate_near_expiry_alert.window_duration, "P1D") ) error_message = "certificate_near_expiry_alert.window_duration must be one of: PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D" } - default = { - evaluation_frequency = "P1D" # every 24 hours - window_duration = "P1D" # last 24 hours - threshold = 1 - } + default = null } variable "certificate_expired_alert" { @@ -157,7 +145,7 @@ variable "certificate_expired_alert" { validation { condition = contains( ["PT1M", "PT5M", "PT15M", "PT30M", "PT1H", "PT6H", "PT12H", "P1D"], - var.certificate_expired_alert.evaluation_frequency + try(var.certificate_expired_alert.evaluation_frequency, "PT15M") ) error_message = "certificate_expired_alert.evaluation_frequency must be one of: PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D" } @@ -165,16 +153,12 @@ variable "certificate_expired_alert" { validation { condition = contains( ["PT1M", "PT5M", "PT15M", "PT30M", "PT1H", "PT6H", "PT12H", "P1D"], - var.certificate_expired_alert.window_duration + try(var.certificate_expired_alert.window_duration, "PT1H") ) error_message = "certificate_expired_alert.window_duration must be one of: PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D" } - default = { - evaluation_frequency = "PT15M" # every 15 mins - window_duration = "PT1H" # last 1 hour - threshold = 1 - } + default = null } variable "name" {