From aa25fb9e5a3994b420a1cb7de0de6a3eb8f0b958 Mon Sep 17 00:00:00 2001
From: Alis Akers <94012653+alismx@users.noreply.github.com>
Date: Fri, 15 Dec 2023 09:45:26 -0800
Subject: [PATCH] Promote SSL Cert (#7091)

* update key vault secret id for ssl certificate

* Replace hardcoded SSL certificate reference with dynamic retrieval from Azure Key Vault

* fix(app_service): use dynamic key vault secret id instead of hardcoded value
---
 ops/prod/app_gateway_url_redirects.tf | 6 +++---
 ops/services/app_gateway/main.tf      | 6 +++---
 ops/services/app_service/main.tf      | 2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/ops/prod/app_gateway_url_redirects.tf b/ops/prod/app_gateway_url_redirects.tf
index 6b49fc876d..2d081f05da 100644
--- a/ops/prod/app_gateway_url_redirects.tf
+++ b/ops/prod/app_gateway_url_redirects.tf
@@ -154,12 +154,12 @@ resource "azurerm_application_gateway" "www_redirect" {
     frontend_ip_configuration_name = local.frontend_config
     frontend_port_name             = local.https_listener
     protocol                       = "Https"
-    ssl_certificate_name           = "new-sr-wildcard"
+    ssl_certificate_name           = data.azurerm_key_vault_certificate.wildcard_simplereport_gov.name
   }
 
   ssl_certificate {
-    name                = "new-sr-wildcard"
-    key_vault_secret_id = "https://simple-report-global.vault.azure.net/secrets/new-sr-wildcard/387cec9bcc254ac7970aa21311b075fc"
+    name                = data.azurerm_key_vault_certificate.wildcard_simplereport_gov.name
+    key_vault_secret_id = data.azurerm_key_vault_certificate.wildcard_simplereport_gov.secret_id
   }
 
   ssl_policy {
diff --git a/ops/services/app_gateway/main.tf b/ops/services/app_gateway/main.tf
index 0ca4e4df90..7aa5f58263 100644
--- a/ops/services/app_gateway/main.tf
+++ b/ops/services/app_gateway/main.tf
@@ -251,12 +251,12 @@ resource "azurerm_application_gateway" "load_balancer" {
     frontend_ip_configuration_name = local.frontend_config
     frontend_port_name             = local.https_listener
     protocol                       = "Https"
-    ssl_certificate_name           = "new-sr-wildcard"
+    ssl_certificate_name           = data.azurerm_key_vault_certificate.wildcard_simplereport_gov.name
   }
 
   ssl_certificate {
-    name                = "new-sr-wildcard"
-    key_vault_secret_id = "https://simple-report-global.vault.azure.net/secrets/new-sr-wildcard/387cec9bcc254ac7970aa21311b075fc"
+    name                = data.azurerm_key_vault_certificate.wildcard_simplereport_gov.name
+    key_vault_secret_id = data.azurerm_key_vault_certificate.wildcard_simplereport_gov.secret_id
   }
 
   ssl_policy {
diff --git a/ops/services/app_service/main.tf b/ops/services/app_service/main.tf
index b53a4b2fd8..88e1d3d4a4 100644
--- a/ops/services/app_service/main.tf
+++ b/ops/services/app_service/main.tf
@@ -200,7 +200,7 @@ resource "azurerm_app_service_certificate" "app" {
   name                = "new-sr-wildcard"
   resource_group_name = var.resource_group_name
   location            = var.resource_group_location
-  key_vault_secret_id = "https://simple-report-global.vault.azure.net/certificates/new-sr-wildcard/387cec9bcc254ac7970aa21311b075fc"
+  key_vault_secret_id = data.azurerm_key_vault_certificate.wildcard_simplereport_gov.secret_id
 }
 
 resource "azurerm_app_service_certificate_binding" "app" {