fix: secure outputs and update reg keyvault (#58)

liatrio · Oct 17, 2022 · a488e9e · a488e9e
1 parent a455da1
commit a488e9e
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 13 deletions.
diff --git a/app/hack/index.js b/app/hack/index.js
diff --git a/app/runner-controller/logger.js b/app/runner-controller/logger.js
@@ -5,7 +5,7 @@ let _logger;
 export const getLogger = () => {
     if (!_logger) {
         _logger = pino({
-            level: process.env.LOG_LEVEL || "debug",
+            level: process.env.LOG_LEVEL || "info",
             transport: process.env.NODE_ENV === "production"
                 ? undefined
                 : { target: "pino-pretty",

diff --git a/modules/function-app/outputs.tf b/modules/function-app/outputs.tf
@@ -1,3 +1,4 @@
 output "function_webhook_url" {
-  value = nonsensitive("https://${azurerm_linux_function_app.gh_webhook_event_handler_app.default_hostname}/api/eventHandler?clientId=default&code=${data.azurerm_function_app_host_keys.default.default_function_key}")
+  sensitive = true
+  value     = "https://${azurerm_linux_function_app.gh_webhook_event_handler_app.default_hostname}/api/eventHandler?clientId=default&code=${data.azurerm_function_app_host_keys.default.default_function_key}"
 }
diff --git a/modules/web-app/main.tf b/modules/web-app/main.tf
@@ -14,7 +14,7 @@ resource "azurerm_linux_web_app" "gh_webhook_runner_controller_app" {
 
   site_config {
     application_stack {
-      docker_image     = var.runner_controller_image_name
+      docker_image     = "${var.docker_registry_url}/${var.runner_controller_image_name}"
       docker_image_tag = var.runner_controller_image_tag
     }
 
@@ -25,7 +25,9 @@ resource "azurerm_linux_web_app" "gh_webhook_runner_controller_app" {
 
   app_settings = {
     AZURE_APP_CONFIGURATION_ENDPOINT = var.azure_app_configuration_endpoint
-    DOCKER_REGISTRY_SERVER_URL       = var.docker_registry_url
+    DOCKER_ENABLE_CI                 = "true"
+    #DOCKER_REGISTRY_SERVER_URL       = "https://${var.docker_registry_url}"
+
   }
 
   logs {
@@ -148,6 +150,7 @@ resource "azurerm_key_vault_access_policy" "app_registration_key_vault_access_po
 
   secret_permissions = [
     "Get",
-    "Set"
+    "Set",
+    "Delete",
   ]
 }
diff --git a/outputs.tf b/outputs.tf
@@ -3,5 +3,6 @@ output "custom_data_script" {
 }
 
 output "function_webhook_url" {
-  value = module.github_webhook_event_handler_function_app.function_webhook_url
+  sensitive = true
+  value     = module.github_webhook_event_handler_function_app.function_webhook_url
 }