kv multi-env condition example addition (#23)

* kv multi-env condition example addition * Excluding REPOSITORY_GRYPE from ML
riosengineer · Aug 14, 2024 · 14c3c2e · 14c3c2e
1 parent 16dbe53
commit 14c3c2e
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 3 deletions.
diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
@@ -49,7 +49,7 @@ jobs:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         # ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY
         DISABLE: COPYPASTE,SPELL # Uncomment to disable copy-paste and spell checks
-        DISABLE_LINTERS: YAML_V8R,YAML_YAMLLINT,YAML_PRETTIER,REPOSITORY_CHECKOV,POWERSHELL_POWERSHELL,ACTION_ACTIONLINT,REPOSITORY_GITLEAKS
+        DISABLE_LINTERS: YAML_V8R,YAML_YAMLLINT,YAML_PRETTIER,REPOSITORY_CHECKOV,POWERSHELL_POWERSHELL,ACTION_ACTIONLINT,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE
         REPOSITORY_KICS_DISABLE_ERRORS: true
 
     # Upload MegaLinter artifacts

diff --git a/bicep-examples/conditions/README.md b/bicep-examples/conditions/README.md
@@ -57,6 +57,14 @@ param kvEnv string = 'prod'
 var kvSku = kvEnv == 'prod' ? 'premium' : 'standard'
 ```
 
+In addition, you can use conditions to determine if certain parameters are true or false depending on the enviornment you are deploying to. For example, in the second Key Vault example within `main.bicep`:
+
+```javascript
+enablePurgeProtection: env == 'preprod' || env == 'prod' ? true : false
+```
+
+Will only enable purge protection on a Key Vault if the enviornment is `preprod` or `prod`. Therefore, if you were deploying the Key Vault to `dev` the Key Vault would not have purge protection enabled. This type of conditon can be expanded to other parameters and objects such as Azure App Service slots, etc. 
+
 ## 🚀 Deployment
 
 > [!NOTE]  

diff --git a/bicep-examples/conditions/main.bicep b/bicep-examples/conditions/main.bicep
@@ -10,6 +10,9 @@ param location string = resourceGroup().location
 @description('Azure Key Vault resource names that will be created. Must be globally unique.')
 param kvName string = 'kv-uks-bicepify-prod-001'
 
+@description('Azure Key Vault resource names that will be created. Must be globally unique.')
+param kvName2 string = 'kv-uks-bicepify-prod-002'
+
 @description('Deploy Azure Key Vault true/false.')
 param deployResource bool = false
 
@@ -19,10 +22,10 @@ param deployResource bool = false
   'preprod'
   'dev'
 ])
-param kvEnv string = 'prod'
+param env string = 'prod'
 
 // Environment variable for Key Vault SKU else if
-var kvSku = kvEnv == 'prod' ? 'premium' : 'standard'
+var kvSku = env == 'prod' ? 'premium' : 'standard'
 
 module KeyVault 'br/public:avm/res/key-vault/vault:0.7.0' = if (deployResource) {
   name: '${uniqueString(deployment().name, location)}-${kvName}'
@@ -36,3 +39,17 @@ module KeyVault 'br/public:avm/res/key-vault/vault:0.7.0' = if (deployResource)
 
 // Output Key Vault name
 output kvUri string = KeyVault.outputs.name
+
+// Multi-enviornment condition  param example
+module KeyVault2 'br/public:avm/res/key-vault/vault:0.6.2' = {
+  name: '${uniqueString(deployment().name, location)}-kv'
+  params: {
+    name: kvName
+    location: location
+    enablePurgeProtection: env == 'preprod' || env == 'prod' ? true : false
+    enableSoftDelete: true
+    softDeleteRetentionInDays: 7
+    enableRbacAuthorization: true
+    sku: kvSku
+  }
+}