feat: change metering and replicator outputs so it reflects the panel

Author: ishabakeh

modules/meshcloud-metering-service-principal/module.tf

@@ -92,6 +92,10 @@ resource "azurerm_role_assignment" "meshcloud_metering_cloud_inventory" {
 resource "azuread_application" "meshcloud_metering" {
   display_name = "metering.${var.service_principal_name_suffix}"
 
+  feature_tags {
+    enterprise = true
+  }
+
   web {
     implicit_grant {
       access_token_issuance_enabled = false
@@ -110,13 +114,24 @@ resource "azuread_service_principal" "meshcloud_metering" {
 //---------------------------------------------------------------------------
 // Create a password for the Enterprise application
 //---------------------------------------------------------------------------
-resource "azuread_service_principal_password" "service_principal_pw" {
-  service_principal_id = azuread_service_principal.meshcloud_metering.id
-  end_date             = "2999-01-01T01:02:03Z" # no expiry
+resource "time_rotating" "replicator_secret_rotation" {
+  rotation_days = 365
 }
 
-# facilitate migration from v0.1.0 of the module
-moved {
-  from = azuread_service_principal_password.spp_pw
-  to   = azuread_service_principal_password.service_principal_pw
+resource "azuread_application_password" "service_principal_pw" {
+  application_object_id = azuread_application.meshcloud_metering.object_id
+  rotate_when_changed = {
+    rotation = time_rotating.replicator_secret_rotation.id
+  }
 }
+
+# resource "azuread_service_principal_password" "service_principal_pw" {
+#   service_principal_id = azuread_service_principal.meshcloud_metering.id
+#   end_date             = "2999-01-01T01:02:03Z" # no expiry
+# }
+
+# # facilitate migration from v0.1.0 of the module
+# moved {
+#   from = azuread_application_password.spp_pw
+#   to   = azuread_application_password.service_principal_pw
+# }

modules/meshcloud-metering-service-principal/outputs.tf

@@ -1,14 +1,14 @@
 output "service_principal" {
   description = "Service Principal application id and object id"
   value = {
-    object_id = azuread_service_principal.meshcloud_metering.id
-    app_id    = azuread_service_principal.meshcloud_metering.application_id
-    password  = "Execute `terraform output service_principal_password` to see the password"
+    Enterprise_Application_Object_ID = azuread_service_principal.meshcloud_metering.id
+    Application_Client_ID            = azuread_application.meshcloud_metering.application_id
+    Client_Secret                    = "Execute `terraform output service_principal_password` to see the password"
   }
 }
 
 output "service_principal_password" {
   description = "Password for the Service Principal."
-  value       = azuread_service_principal_password.service_principal_pw.value
+  value       = azuread_application_password.service_principal_pw.value
   sensitive   = true
 }

modules/meshcloud-replicator-service-principal/README.md

@@ -27,7 +27,7 @@ No modules.
 | [azuread_app_role_assignment.meshcloud_replicator-user](https://registry.terraform.io/providers/hashicorp/azuread/2.18.0/docs/resources/app_role_assignment) | resource |
 | [azuread_application.meshcloud_replicator](https://registry.terraform.io/providers/hashicorp/azuread/2.18.0/docs/resources/application) | resource |
 | [azuread_service_principal.meshcloud_replicator](https://registry.terraform.io/providers/hashicorp/azuread/2.18.0/docs/resources/service_principal) | resource |
-| [azuread_service_principal_password.service_principal_pw](https://registry.terraform.io/providers/hashicorp/azuread/2.18.0/docs/resources/service_principal_password) | resource |
+| [azuread_application_password.service_principal_pw](https://registry.terraform.io/providers/hashicorp/azuread/2.18.0/docs/resources/service_principal_password) | resource |
 | [azurerm_role_assignment.meshcloud_replicator](https://registry.terraform.io/providers/hashicorp/azurerm/3.3.0/docs/resources/role_assignment) | resource |
 | [azurerm_role_definition.meshcloud_replicator](https://registry.terraform.io/providers/hashicorp/azurerm/3.3.0/docs/resources/role_definition) | resource |
 | [azuread_application_published_app_ids.well_known](https://registry.terraform.io/providers/hashicorp/azuread/2.18.0/docs/data-sources/application_published_app_ids) | data source |

modules/meshcloud-replicator-service-principal/module.tf

@@ -81,6 +81,9 @@ data "azuread_service_principal" "msgraph" {
 resource "azuread_application" "meshcloud_replicator" {
   display_name = "replicator.${var.service_principal_name_suffix}"
 
+  feature_tags {
+    enterprise = true
+  }
   web {
     implicit_grant {
       access_token_issuance_enabled = false
@@ -132,18 +135,39 @@ resource "azuread_application" "meshcloud_replicator" {
   }
 }
 
+//---------------------------------------------------------------------------
+// Create new client secret and associate it with the previous application
+//---------------------------------------------------------------------------
+resource "time_rotating" "replicator_secret_rotation" {
+  rotation_days = 365
+}
+resource "azuread_application_password" "service_principal_pw" {
+  application_object_id = azuread_application.meshcloud_replicator.object_id
+  rotate_when_changed = {
+    rotation = time_rotating.replicator_secret_rotation.id
+  }
+}
+
 //---------------------------------------------------------------------------
 // Create new Enterprise Application and associate it with the previous application
 //---------------------------------------------------------------------------
 resource "azuread_service_principal" "meshcloud_replicator" {
   application_id = azuread_application.meshcloud_replicator.application_id
   # The following tags are needed to create an Enterprise Application
   # See https://github.com/hashicorp/terraform-provider-azuread/issues/7#issuecomment-529597534
-  tags = [
-    "WindowsAzureActiveDirectoryIntegratedApp",
-  ]
+  # tags = [
+  #   "WindowsAzureActiveDirectoryIntegratedApp",
+  # ]
 }
 
+# //---------------------------------------------------------------------------
+# // Generate new password for the service principal
+# //---------------------------------------------------------------------------
+# resource "azuread_service_principal_password" "service_principal_pw" {
+#   service_principal_id = azuread_service_principal.meshcloud_replicator.id
+#   end_date             = "2999-01-01T01:02:03Z" # no expiry
+# }
+
 //---------------------------------------------------------------------------
 // Assign the created ARM role to the Enterprise application
 //---------------------------------------------------------------------------
@@ -174,14 +198,6 @@ resource "azuread_app_role_assignment" "meshcloud_replicator-user" {
   resource_object_id  = data.azuread_service_principal.msgraph.object_id
 }
 
-//---------------------------------------------------------------------------
-// Generate new password for the service principal
-//---------------------------------------------------------------------------
-resource "azuread_service_principal_password" "service_principal_pw" {
-  service_principal_id = azuread_service_principal.meshcloud_replicator.id
-  end_date             = "2999-01-01T01:02:03Z" # no expiry
-}
-
 
 //---------------------------------------------------------------------------
 // Policy Definition for preventing the Application from assigning other privileges to itself
@@ -229,7 +245,7 @@ resource "azurerm_management_group_policy_assignment" "privilege-escalation-prev
 # }
 
 # facilitate migration from v0.1.0 of the module
-moved {
-  from = azuread_service_principal_password.spp_pw
-  to   = azuread_service_principal_password.service_principal_pw
-}
+# moved {
+#   from = azuread_application_password.spp_pw
+#   to   = azuread_application_password.service_principal_pw
+# }

modules/meshcloud-replicator-service-principal/outputs.tf

@@ -1,15 +1,15 @@
 output "service_principal" {
   description = "Service Principal application id and object id"
   value = {
-    object_id = azuread_service_principal.meshcloud_replicator.id
-    app_id    = azuread_service_principal.meshcloud_replicator.application_id
-    password  = "Execute `terraform output service_principal_password` to see the password"
+    Enterprise_Application_Object_ID = azuread_service_principal.meshcloud_replicator.id
+    Application_Client_ID            = azuread_application.meshcloud_replicator.application_id
+    Client_Secret                    = "Execute `terraform output service_principal_password` to see the password"
   }
 }
 
 output "service_principal_password" {
   description = "Password for the Service Principal."
-  value       = azuread_service_principal_password.service_principal_pw.value
+  value       = azuread_application_password.service_principal_pw.value
   sensitive   = true
 }