feat: polish modules

- Description for variables
- Module parity. It would be possible to disable modules (default enabled).

Author: malhussan

README.md

@@ -2,3 +2,50 @@
 
 Terraform module to integrate Azure as a meshPlatform into meshStack instance.
 
+With this module, service principals used by meshStack are created with the required permissions.
+
+# Usage
+```hcl
+module "meshplatform" {
+  source = "git@github.com:meshcloud/terraform-azure-meshplatform.git"
+
+  spp_name_suffix = "unique-name"
+  mgmt_group_name = "management-group-name"
+}
+```
+This will create kraken, replicator and idplookup service principals.
+
+If UAMI blueprint user principal is required, you also need to pass a list of subscriptions this user will be assigned to.
+
+example:
+```hcl
+module "meshplatform" {
+  source = "git@github.com:meshcloud/terraform-azure-meshplatform.git"
+
+  spp_name_suffix = "unique-name"
+  mgmt_group_name = "management-group-name"
+
+  subscriptions = [
+    "abcdefgh-abcd-efgh-abcd-abcdefgh1234"
+  , "abcdefgh-abcd-efgh-abcd-abcdefgh5678"
+  , ...
+  ]
+}
+```
+
+By default, kraken, replicator, and idplookup service principals are enabled and will be created. To disable a service principal, set its according flag to `false`. 
+
+e.g.:
+
+```hcl
+module "meshplatform" {
+  source = "git@github.com:meshcloud/terraform-azure-meshplatform.git"
+
+  spp_name_suffix = "unique-name"
+  mgmt_group_name = "management-group-name"
+
+  replicator_enabled = false
+  kraken_enabled     = false
+  idplookup_enabled  = false
+}
+```

main.tf

@@ -14,10 +14,11 @@ provider "azurerm" {
 }
 
 data "azurerm_management_group" "root" {
-  name = var.mgmt_group_id
+  name = var.mgmt_group_name
 }
 
 module "replicator_spp" {
+  count  = var.replicator_enabled ? 1 : 0
   source = "./modules/meshcloud-replicator-spp/"
 
   spp_name_suffix = var.spp_name_suffix
@@ -28,15 +29,25 @@ module "replicator_spp" {
 }
 
 module "kraken_spp" {
+  count  = var.kraken_enabled ? 1 : 0
   source = "./modules/meshcloud-kraken-spp/"
 
   spp_name_suffix = var.spp_name_suffix
   scope           = data.azurerm_management_group.root.id
 }
 
 module "idp_lookup_spp" {
+  count  = var.idplookup_enabled ? 1 : 0
   source = "./modules/meshcloud-idp-lookup-spp/"
 
   spp_name_suffix = var.spp_name_suffix
   scope           = data.azurerm_management_group.root.id
 }
+
+module "uami_blueprint_user_principal" {
+  count  = length(var.subscriptions)
+  source = "./modules/uami-blueprint-user-principal/"
+
+  spp_name_suffix = var.spp_name_suffix
+  subscriptions   = var.subscriptions
+}

modules/meshcloud-idp-lookup-spp/README.md

@@ -1 +1 @@
-This modules creates an Azure Service Principal (Azure SPP) that is used by meshStack for User lookups in AAD IDP.
+This module creates an Azure Service Principal (Azure SPP) that is used by meshStack for User lookups in AAD IDP.

modules/meshcloud-kraken-spp/README.md

@@ -1 +1 @@
-This modules creates an Azure Service Principal (Azure SPP) that is used by meshStack to import metering data from Azure.
+This module creates an Azure Service Principal (Azure SPP) that is used by meshStack to import metering data from Azure.

modules/meshcloud-replicator-spp/README.md

@@ -1 +1 @@
-This modules creates an Azure Service Principal (Azure SPP) that is used by meshStack for replication.
+This module creates an Azure Service Principal (Azure SPP) that is used by meshStack for replication.

modules/meshcloud-replicator-spp/variables.tf

@@ -10,10 +10,12 @@ variable "scope" {
 
 variable "additional_required_resource_accesses" {
   type        = list(object({ resource_app_id = string, resource_accesses = list(object({ id = string, type = string })) }))
+  default     = []
   description = "Additional AAD-Level Resource Accesses the customer needs"
 }
 
 variable "additional_permissions" {
   type        = list(string)
+  default     = []
   description = "Additional Subscription-Level Permissions that the SPP needs"
-}
+}

modules/uami-blueprint-user-principal/README.md

@@ -1 +1 @@
-This modules creates an Azure Service Principal (Azure SPP) that is used by meshStack for UAMI blueprint assignment.
+This module creates an Azure Service Principal (Azure SPP) that is used by meshStack for UAMI blueprint assignment.

modules/uami-blueprint-user-principal/outputs.tf

@@ -2,6 +2,13 @@ output "service_principal" {
   value = {
     object_id = azuread_service_principal.uami_blueprint_principal.id
     app_id    = azuread_service_principal.uami_blueprint_principal.application_id
-    password  = random_password.spp_pw.result
+    password  = "Execute `terraform output replicator_spp_password` to see the password"
   }
 }
+
+output "service_principal_password" {
+  value = {
+    password = random_password.spp_pw.result
+  }
+  sensitive = true
+}

modules/uami-blueprint-user-principal/variables.tf

@@ -4,5 +4,6 @@ variable "spp_name_suffix" {
 }
 
 variable "subscriptions" {
-  type = list(any)
+  type        = list(any)
+  description = "The scope to which UAMI blueprint service principal role assignment is applied."
 }

outputs.tf

@@ -1,45 +1,60 @@
 
 output "replicator_spp" {
-  description = "Password for the Service Principal."
+  description = "Replicator Service Principal."
   value = {
-    output = module.replicator_spp.service_principal
+    output = length(module.replicator_spp) > 0 ? module.replicator_spp[0].service_principal : null
   }
 }
 
 output "replicator_spp_password" {
-  description = "Password for the Service Principal."
+  description = "Password for Replicator Service Principal."
   value = {
-    password = module.replicator_spp.service_principal_password
+    password = length(module.replicator_spp) > 0 ? module.replicator_spp[0].service_principal_password : null
   }
   sensitive = true
 }
 
 output "kraken_spp" {
-  description = "Password for the Service Principal."
+  description = "Kraken Service Principal."
   value = {
-    output = module.kraken_spp.service_principal
+    output = length(module.kraken_spp) > 0 ? module.kraken_spp[0].service_principal : null
   }
 }
 
 output "kraken_spp_password" {
-  description = "Password for the Service Principal."
+  description = "Password for Kraken Service Principal."
   value = {
-    password = module.kraken_spp.service_principal_password
+    password = length(module.kraken_spp) > 0 ? module.kraken_spp[0].service_principal_password : null
   }
   sensitive = true
 }
 
 output "idp_lookup_spp" {
-  description = "Password for the Service Principal."
+  description = "IDP Lookup Service Principal."
   value = {
-    output = module.idp_lookup_spp.service_principal
+    output = length(module.idp_lookup_spp) > 0 ? module.idp_lookup_spp[0].service_principal : null
   }
 }
 
 output "idp_lookup_spp_password" {
-  description = "Password for the Service Principal."
+  description = "Password for IDP Lookup Service Principal."
   value = {
-    password = module.idp_lookup_spp.service_principal_password
+    password = length(module.idp_lookup_spp) > 0 ? module.idp_lookup_spp[0].service_principal_password : null
   }
   sensitive = true
-}
+}
+
+output "uami_blueprint_user_principal" {
+  description = "UAMI Blueprint Assignment Service Principal."
+  value = {
+    output = length(module.uami_blueprint_user_principal) > 0 ? module.uami_blueprint_user_principal[0].service_principal : null
+  }
+}
+
+output "uami_blueprint_user_principal_password" {
+  description = "Password for UAMI Blueprint Assignment Service Principal."
+  value = {
+    password = length(module.uami_blueprint_user_principal) > 0 ? module.uami_blueprint_user_principal[0].service_principal_password : null
+  }
+  sensitive = true
+}