From 81fb3a59815db5ef0e3ad1e9756580aecb4a6f4b Mon Sep 17 00:00:00 2001
From: Andreas Isnes Nilsen <andreas.isnes@gmail.com>
Date: Sat, 11 Jan 2025 01:50:23 +0100
Subject: [PATCH] chores: write CA cert to storage  (#226)

* remove identity for firewall policy

* add maintainers as vars

* add CA cert to storage
---
 infra/deploy/hub/vpn.tf | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/infra/deploy/hub/vpn.tf b/infra/deploy/hub/vpn.tf
index b129a386..733ecad1 100644
--- a/infra/deploy/hub/vpn.tf
+++ b/infra/deploy/hub/vpn.tf
@@ -51,7 +51,7 @@ resource "azurerm_public_ip" "vpn" {
 }
 
 resource "azurerm_virtual_network_gateway" "vpn" {
-  name                = "vpn${local.suffix}"
+  name                = "vpngw${local.suffix}"
   location            = azurerm_resource_group.hub.location
   resource_group_name = azurerm_resource_group.hub.name
 
@@ -160,8 +160,7 @@ resource "tls_self_signed_cert" "root" {
   allowed_uses          = []
 
   subject {
-    common_name         = "Altinn"
-    organizational_unit = "Authorization"
+    common_name = "VPN CA"
   }
 }
 
@@ -202,6 +201,16 @@ resource "pkcs12_from_pem" "client_certs" {
   for_each = toset(var.client_certs)
 }
 
+resource "azurerm_storage_blob" "ca_pem_cert" {
+  name                   = "CaCert.pem"
+  storage_container_name = azurerm_storage_container.certs.name
+  storage_account_name   = azurerm_storage_account.storage.name
+
+  access_tier    = "Cool"
+  type           = "Block"
+  source_content = tls_self_signed_cert.root.cert_pem
+}
+
 resource "azurerm_storage_blob" "client_pem_cert" {
   name                   = "${each.value}/${each.value}Cert.pem"
   storage_container_name = azurerm_storage_container.certs.name