feat: add tenant id and replicator service principal to terraform output

Author: Felix Zieger

README.md

@@ -30,7 +30,7 @@ For an overview of the module structure, refer to [generated terraform docs](./T
 
 3. Download the example `main.tf` and an `output.tf` files.
 
-    ```sh
+    ```powershell
     # Downloads main.tf and output.tf files into ~/terraform-azure-meshplatform
     wget https://raw.githubusercontent.com/meshcloud/terraform-azure-meshplatform/main/examples/basic-azure-integration/main.tf -P ~/terraform-azure-meshplatform
     wget https://raw.githubusercontent.com/meshcloud/terraform-azure-meshplatform/main/examples/basic-azure-integration/outputs.tf -P ~/terraform-azure-meshplatform
@@ -40,7 +40,7 @@ For an overview of the module structure, refer to [generated terraform docs](./T
 
 5. Execute the module.
 
-    ```sh
+    ```powershell
     # Changes into ~/terraform-azure-meshplatform and applies terraform
     cd ~/terraform-azure-meshplatform
     terraform init
@@ -66,29 +66,7 @@ For an overview of the module structure, refer to [generated terraform docs](./T
    az login --tenant TENANT_ID
    ```
 
-2. Create a directory and change into it
-
-   ```sh
-   mkdir terraform-azure-meshplatform
-   cd terraform-azure-meshplatform
-   ```
-
-3. Create a `main.tf` and an `output.tf` files in the created directory that references this module
-   > See [Example Usages](#example-usages)
-
-4. Run
-
-    ```sh
-    terraform init
-    terraform apply
-    ```
-
-5. Access terraform output and pass it securely to meshcloud.
-
-    ```sh
-    # The JSON output contains sensitive values that must not be transmitted to meshcloud in plain text.
-    terraform output -json
-    ```
+2. Follow the instructions for Azure Portal
 
 ## Example Usages
 

main.tf

@@ -54,3 +54,5 @@ module "uami_blueprint_user_principal" {
   spp_name_suffix = var.spp_name_suffix
   subscriptions   = var.subscriptions
 }
+
+data "azuread_client_config" "current" {}

modules/meshcloud-replicator-spp/module.tf

@@ -126,3 +126,7 @@ resource "azuread_service_principal_password" "spp_pw" {
   service_principal_id = azuread_service_principal.meshcloud_replicator.id
   end_date             = "2999-01-01T01:02:03Z" # no expiry
 }
+
+data "azuread_application" "blueprint_service_principal" {
+  application_id = "f71766dc-90d9-4b7d-bd9d-4499c4331c3f"
+}

modules/meshcloud-replicator-spp/outputs.tf

@@ -12,3 +12,8 @@ output "service_principal_password" {
   value       = azuread_service_principal_password.spp_pw.value
   sensitive   = true
 }
+
+output "blueprint_service_principal_object_id" {
+  description = "Object ID of the BluePrint Service Principal of this AAD."
+  value       = data.azuread_application.blueprint_service_principal.object_id
+}

outputs.tf

@@ -10,6 +10,11 @@ output "replicator_spp_password" {
   sensitive   = true
 }
 
+output "blueprint_service_principal_object_id" {
+  description = "Object ID of the BluePrint Service Principal in this AAD."
+  value       = length(module.replicator_spp) > 0 ? module.replicator_spp[0].azuread_application.blueprint_service_principal.object_id : null
+}
+
 output "kraken_spp" {
   description = "Kraken Service Principal."
   value       = length(module.kraken_spp) > 0 ? module.kraken_spp[0].service_principal : null
@@ -42,3 +47,8 @@ output "uami_blueprint_user_principal_password" {
   value       = length(module.uami_blueprint_user_principal) > 0 ? module.uami_blueprint_user_principal[0].service_principal_password : null
   sensitive   = true
 }
+
+output "azure_ad_tenant_id" {
+  description = "The Azure AD tenant id."
+  value       = data.azuread_client_config.current.tenant_id
+}