Skip to content

Commit 17a9051

Browse files
committed
feat: change metering and replicator outputs so it reflects the panel
1 parent c59a38b commit 17a9051

File tree

5 files changed

+62
-31
lines changed

5 files changed

+62
-31
lines changed

modules/meshcloud-metering-service-principal/module.tf

Lines changed: 22 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -92,6 +92,10 @@ resource "azurerm_role_assignment" "meshcloud_metering_cloud_inventory" {
9292
resource "azuread_application" "meshcloud_metering" {
9393
display_name = "metering.${var.service_principal_name_suffix}"
9494

95+
feature_tags {
96+
enterprise = true
97+
}
98+
9599
web {
96100
implicit_grant {
97101
access_token_issuance_enabled = false
@@ -110,13 +114,24 @@ resource "azuread_service_principal" "meshcloud_metering" {
110114
//---------------------------------------------------------------------------
111115
// Create a password for the Enterprise application
112116
//---------------------------------------------------------------------------
113-
resource "azuread_service_principal_password" "service_principal_pw" {
114-
service_principal_id = azuread_service_principal.meshcloud_metering.id
115-
end_date = "2999-01-01T01:02:03Z" # no expiry
117+
resource "time_rotating" "replicator_secret_rotation" {
118+
rotation_days = 365
116119
}
117120

118-
# facilitate migration from v0.1.0 of the module
119-
moved {
120-
from = azuread_service_principal_password.spp_pw
121-
to = azuread_service_principal_password.service_principal_pw
121+
resource "azuread_application_password" "service_principal_pw" {
122+
application_object_id = azuread_application.meshcloud_metering.object_id
123+
rotate_when_changed = {
124+
rotation = time_rotating.replicator_secret_rotation.id
125+
}
122126
}
127+
128+
# resource "azuread_service_principal_password" "service_principal_pw" {
129+
# service_principal_id = azuread_service_principal.meshcloud_metering.id
130+
# end_date = "2999-01-01T01:02:03Z" # no expiry
131+
# }
132+
133+
# # facilitate migration from v0.1.0 of the module
134+
# moved {
135+
# from = azuread_application_password.spp_pw
136+
# to = azuread_application_password.service_principal_pw
137+
# }
Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,14 @@
11
output "service_principal" {
22
description = "Service Principal application id and object id"
33
value = {
4-
object_id = azuread_service_principal.meshcloud_metering.id
5-
app_id = azuread_service_principal.meshcloud_metering.application_id
6-
password = "Execute `terraform output service_principal_password` to see the password"
4+
Enterprise_Application_Object_ID = azuread_service_principal.meshcloud_metering.id
5+
Application_Client_ID = azuread_application.meshcloud_metering.application_id
6+
Client_Secret = "Execute `terraform output service_principal_password` to see the password"
77
}
88
}
99

1010
output "service_principal_password" {
1111
description = "Password for the Service Principal."
12-
value = azuread_service_principal_password.service_principal_pw.value
12+
value = azuread_application_password.service_principal_pw.value
1313
sensitive = true
1414
}

modules/meshcloud-replicator-service-principal/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ No modules.
2727
| [azuread_app_role_assignment.meshcloud_replicator-user](https://registry.terraform.io/providers/hashicorp/azuread/2.18.0/docs/resources/app_role_assignment) | resource |
2828
| [azuread_application.meshcloud_replicator](https://registry.terraform.io/providers/hashicorp/azuread/2.18.0/docs/resources/application) | resource |
2929
| [azuread_service_principal.meshcloud_replicator](https://registry.terraform.io/providers/hashicorp/azuread/2.18.0/docs/resources/service_principal) | resource |
30-
| [azuread_service_principal_password.service_principal_pw](https://registry.terraform.io/providers/hashicorp/azuread/2.18.0/docs/resources/service_principal_password) | resource |
30+
| [azuread_application_password.service_principal_pw](https://registry.terraform.io/providers/hashicorp/azuread/2.18.0/docs/resources/service_principal_password) | resource |
3131
| [azurerm_role_assignment.meshcloud_replicator](https://registry.terraform.io/providers/hashicorp/azurerm/3.3.0/docs/resources/role_assignment) | resource |
3232
| [azurerm_role_definition.meshcloud_replicator](https://registry.terraform.io/providers/hashicorp/azurerm/3.3.0/docs/resources/role_definition) | resource |
3333
| [azuread_application_published_app_ids.well_known](https://registry.terraform.io/providers/hashicorp/azuread/2.18.0/docs/data-sources/application_published_app_ids) | data source |

modules/meshcloud-replicator-service-principal/module.tf

Lines changed: 31 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,9 @@ data "azuread_service_principal" "msgraph" {
8181
resource "azuread_application" "meshcloud_replicator" {
8282
display_name = "replicator.${var.service_principal_name_suffix}"
8383

84+
feature_tags {
85+
enterprise = true
86+
}
8487
web {
8588
implicit_grant {
8689
access_token_issuance_enabled = false
@@ -132,18 +135,39 @@ resource "azuread_application" "meshcloud_replicator" {
132135
}
133136
}
134137

138+
//---------------------------------------------------------------------------
139+
// Create new client secret and associate it with the previous application
140+
//---------------------------------------------------------------------------
141+
resource "time_rotating" "replicator_secret_rotation" {
142+
rotation_days = 365
143+
}
144+
resource "azuread_application_password" "service_principal_pw" {
145+
application_object_id = azuread_application.meshcloud_replicator.object_id
146+
rotate_when_changed = {
147+
rotation = time_rotating.replicator_secret_rotation.id
148+
}
149+
}
150+
135151
//---------------------------------------------------------------------------
136152
// Create new Enterprise Application and associate it with the previous application
137153
//---------------------------------------------------------------------------
138154
resource "azuread_service_principal" "meshcloud_replicator" {
139155
application_id = azuread_application.meshcloud_replicator.application_id
140156
# The following tags are needed to create an Enterprise Application
141157
# See https://github.com/hashicorp/terraform-provider-azuread/issues/7#issuecomment-529597534
142-
tags = [
143-
"WindowsAzureActiveDirectoryIntegratedApp",
144-
]
158+
# tags = [
159+
# "WindowsAzureActiveDirectoryIntegratedApp",
160+
# ]
145161
}
146162

163+
# //---------------------------------------------------------------------------
164+
# // Generate new password for the service principal
165+
# //---------------------------------------------------------------------------
166+
# resource "azuread_service_principal_password" "service_principal_pw" {
167+
# service_principal_id = azuread_service_principal.meshcloud_replicator.id
168+
# end_date = "2999-01-01T01:02:03Z" # no expiry
169+
# }
170+
147171
//---------------------------------------------------------------------------
148172
// Assign the created ARM role to the Enterprise application
149173
//---------------------------------------------------------------------------
@@ -174,14 +198,6 @@ resource "azuread_app_role_assignment" "meshcloud_replicator-user" {
174198
resource_object_id = data.azuread_service_principal.msgraph.object_id
175199
}
176200

177-
//---------------------------------------------------------------------------
178-
// Generate new password for the service principal
179-
//---------------------------------------------------------------------------
180-
resource "azuread_service_principal_password" "service_principal_pw" {
181-
service_principal_id = azuread_service_principal.meshcloud_replicator.id
182-
end_date = "2999-01-01T01:02:03Z" # no expiry
183-
}
184-
185201

186202
//---------------------------------------------------------------------------
187203
// Policy Definition for preventing the Application from assigning other privileges to itself
@@ -229,7 +245,7 @@ resource "azurerm_management_group_policy_assignment" "privilege-escalation-prev
229245
# }
230246

231247
# facilitate migration from v0.1.0 of the module
232-
moved {
233-
from = azuread_service_principal_password.spp_pw
234-
to = azuread_service_principal_password.service_principal_pw
235-
}
248+
# moved {
249+
# from = azuread_application_password.spp_pw
250+
# to = azuread_application_password.service_principal_pw
251+
# }

modules/meshcloud-replicator-service-principal/outputs.tf

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,15 @@
11
output "service_principal" {
22
description = "Service Principal application id and object id"
33
value = {
4-
object_id = azuread_service_principal.meshcloud_replicator.id
5-
app_id = azuread_service_principal.meshcloud_replicator.application_id
6-
password = "Execute `terraform output service_principal_password` to see the password"
4+
Enterprise_Application_Object_ID = azuread_service_principal.meshcloud_replicator.id
5+
Application_Client_ID = azuread_application.meshcloud_replicator.application_id
6+
Client_Secret = "Execute `terraform output service_principal_password` to see the password"
77
}
88
}
99

1010
output "service_principal_password" {
1111
description = "Password for the Service Principal."
12-
value = azuread_service_principal_password.service_principal_pw.value
12+
value = azuread_application_password.service_principal_pw.value
1313
sensitive = true
1414
}
1515

0 commit comments

Comments
 (0)