feat: update azurem and azuread version, add depends_on to the role assignments

ishabakeh · ishabakeh · commit aa75229d0919 · 2023-11-23T15:32:38.000+01:00
diff --git a/modules/meshcloud-metering-service-principal/module.tf b/modules/meshcloud-metering-service-principal/module.tf
@@ -6,11 +6,11 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "3.3.0"
+      version = ">=3.3.0, <4.0.0"
     }
     azuread = {
       source  = "hashicorp/azuread"
-      version = "2.18.0"
+      version = ">=2.18.0, <3.0.0"
     }
   }
 }
@@ -53,6 +53,7 @@ resource "azurerm_role_assignment" "meshcloud_metering" {
   scope                = var.scope
   role_definition_name = "Cost Management Reader"
   principal_id         = azuread_service_principal.meshcloud_metering.id
+  depends_on           = [azuread_application.meshcloud_metering]
 }
 
 
@@ -78,7 +79,7 @@ resource "azuread_application" "meshcloud_metering" {
 // Create New Enterprise application and associate it with the previously created app
 //---------------------------------------------------------------------------
 resource "azuread_service_principal" "meshcloud_metering" {
-  application_id = azuread_application.meshcloud_metering.application_id
+  client_id = azuread_application.meshcloud_metering.client_id
   feature_tags {
     enterprise = true
   }
diff --git a/modules/meshcloud-metering-service-principal/outputs.tf b/modules/meshcloud-metering-service-principal/outputs.tf
@@ -2,7 +2,7 @@ output "credentials" {
   description = "Service Principal application id and object id"
   value = {
     Enterprise_Application_Object_ID = azuread_service_principal.meshcloud_metering.id
-    Application_Client_ID            = azuread_application.meshcloud_metering.application_id
+    Application_Client_ID            = azuread_application.meshcloud_metering.client_id
     Client_Secret                    = "Execute `terraform output metering_client_secret` to see the password"
   }
 }
diff --git a/modules/meshcloud-replicator-service-principal/module.tf b/modules/meshcloud-replicator-service-principal/module.tf
@@ -6,11 +6,11 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "3.3.0"
+      version = ">=3.3.0, <4.0.0"
     }
     azuread = {
       source  = "hashicorp/azuread"
-      version = "2.18.0"
+      version = ">=2.18.0, <3.0.0"
     }
   }
 }
@@ -148,7 +148,7 @@ resource "time_rotating" "replicator_secret_rotation" {
   rotation_days = 365
 }
 resource "azuread_application_password" "application_pw" {
-  application_object_id = azuread_application.meshcloud_replicator.object_id
+  application_id = azuread_application.meshcloud_replicator.client_id
   rotate_when_changed = {
     rotation = time_rotating.replicator_secret_rotation.id
   }
@@ -158,7 +158,7 @@ resource "azuread_application_password" "application_pw" {
 // Create new Enterprise Application and associate it with the previous application
 //---------------------------------------------------------------------------
 resource "azuread_service_principal" "meshcloud_replicator" {
-  application_id = azuread_application.meshcloud_replicator.application_id
+  client_id = azuread_application.meshcloud_replicator.client_id
   feature_tags {
     enterprise = true
   }
@@ -176,6 +176,7 @@ resource "azurerm_role_assignment" "meshcloud_replicator" {
   scope              = var.scope
   role_definition_id = azurerm_role_definition.meshcloud_replicator.role_definition_resource_id
   principal_id       = azuread_service_principal.meshcloud_replicator.id
+  depends_on = [ azuread_application.meshcloud_replicator ]
 }
 
 //---------------------------------------------------------------------------
@@ -185,18 +186,21 @@ resource "azuread_app_role_assignment" "meshcloud_replicator-directory" {
   app_role_id         = data.azuread_service_principal.msgraph.app_role_ids["Directory.Read.All"]
   principal_object_id = azuread_service_principal.meshcloud_replicator.object_id
   resource_object_id  = data.azuread_service_principal.msgraph.object_id
+   depends_on = [ azuread_application.meshcloud_replicator ]
 }
 
 resource "azuread_app_role_assignment" "meshcloud_replicator-group" {
   app_role_id         = data.azuread_service_principal.msgraph.app_role_ids["Group.ReadWrite.All"]
   principal_object_id = azuread_service_principal.meshcloud_replicator.object_id
   resource_object_id  = data.azuread_service_principal.msgraph.object_id
+   depends_on = [ azuread_application.meshcloud_replicator ]
 }
 
 resource "azuread_app_role_assignment" "meshcloud_replicator-user" {
   app_role_id         = data.azuread_service_principal.msgraph.app_role_ids["User.Invite.All"]
   principal_object_id = azuread_service_principal.meshcloud_replicator.object_id
   resource_object_id  = data.azuread_service_principal.msgraph.object_id
+   depends_on = [ azuread_application.meshcloud_replicator ]
 }
 
 
diff --git a/modules/meshcloud-replicator-service-principal/outputs.tf b/modules/meshcloud-replicator-service-principal/outputs.tf
@@ -2,7 +2,7 @@ output "credentials" {
   description = "Service Principal application id and object id"
   value = {
     Enterprise_Application_Object_ID = azuread_service_principal.meshcloud_replicator.id
-    Application_Client_ID            = azuread_application.meshcloud_replicator.application_id
+    Application_Client_ID            = azuread_application.meshcloud_replicator.client_id
     Client_Secret                    = "Execute `terraform output replicator_client_secret` to see the password"
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -6,11 +6,11 @@ terraform {`
`6`	`6`	`required_providers {`
`7`	`7`	`azurerm = {`
`8`	`8`	`source = "hashicorp/azurerm"`
`9`		`- version = "3.3.0"`
	`9`	`+ version = ">=3.3.0, <4.0.0"`
`10`	`10`	`}`
`11`	`11`	`azuread = {`
`12`	`12`	`source = "hashicorp/azuread"`
`13`		`- version = "2.18.0"`
	`13`	`+ version = ">=2.18.0, <3.0.0"`
`14`	`14`	`}`
`15`	`15`	`}`
`16`	`16`	`}`
`@@ -53,6 +53,7 @@ resource "azurerm_role_assignment" "meshcloud_metering" {`
`53`	`53`	`scope = var.scope`
`54`	`54`	`role_definition_name = "Cost Management Reader"`
`55`	`55`	`principal_id = azuread_service_principal.meshcloud_metering.id`
	`56`	`+ depends_on = [azuread_application.meshcloud_metering]`
`56`	`57`	`}`
`57`	`58`
`58`	`59`
`@@ -78,7 +79,7 @@ resource "azuread_application" "meshcloud_metering" {`
`78`	`79`	`// Create New Enterprise application and associate it with the previously created app`
`79`	`80`	`//---------------------------------------------------------------------------`
`80`	`81`	`resource "azuread_service_principal" "meshcloud_metering" {`
`81`		`- application_id = azuread_application.meshcloud_metering.application_id`
	`82`	`+ client_id = azuread_application.meshcloud_metering.client_id`
`82`	`83`	`feature_tags {`
`83`	`84`	`enterprise = true`
`84`	`85`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@ output "credentials" {`
`2`	`2`	`description = "Service Principal application id and object id"`
`3`	`3`	`value = {`
`4`	`4`	`Enterprise_Application_Object_ID = azuread_service_principal.meshcloud_metering.id`
`5`		`- Application_Client_ID = azuread_application.meshcloud_metering.application_id`
	`5`	`+ Application_Client_ID = azuread_application.meshcloud_metering.client_id`
`6`	`6`	Client_Secret = "Execute `terraform output metering_client_secret` to see the password"
`7`	`7`	`}`
`8`	`8`	`}`