victorious-exabyte-70545
01/05/2023, 8:51 PMuser_assigned_identity = azure.authorization.UserAssignedIdentity(
f"{stack_name}-identity",
name=f"{stack_name}-identity",
location=resource_group.location,
resource_group_name=resource_group.name,
tags=tags)
azure.compute.Extension(
"KeyVaultExtension",
name="KeyVaultExtension",
virtual_machine_id=vm.id,
publisher="Microsoft.Azure.KeyVault",
type="KeyVaultForLinux",
type_handler_version="2.0",
settings=json.dumps(
{
"secretsManagementSettings": {
"pollingIntervalInS": "30",
"certificateStoreName": "MY",
"linkOnRenewal": False,
"certificateStoreLocation": "/var/lib/waagent/Microsoft.Azure.KeyVault",
"observedCertificates": [
f"{kv_uri}/secrets/certificate",
f"{kv_uri}/secrets/certificate"
]
},
"authenticationSettings": {
"msiEndpoint": "<http://169.254.169.254/metadata/identity>",
"msiClientId": user_assigned_identity.client_id
}
}
),
opts=ResourceOptions(
depends_on=[vm]
)
)