feat(aad): add owners to application objects #49
This commit is contained in:
Julie Ng
Родитель
ad5c238daa
Коммит
712e2362d9
8
main.tf
8
main.tf
|
|
@ -13,10 +13,9 @@ resource "random_string" "suffix" {
|
|||
}
|
||||
|
||||
locals {
|
||||
suffix = random_string.suffix.result
|
||||
|
||||
# Default to current ARM client
|
||||
superadmins_aad_object_id = var.superadmins_aad_object_id == "" ? data.azurerm_client_config.current.object_id : var.superadmins_aad_object_id
|
||||
suffix = random_string.suffix.result
|
||||
application_owners_ids = length(var.application_owners_ids) == 0 ? [data.azurerm_client_config.current.object_id] : var.application_owners_ids
|
||||
superadmins_aad_object_id = var.superadmins_aad_object_id == "" ? data.azurerm_client_config.current.object_id : var.superadmins_aad_object_id # Default to current ARM client
|
||||
}
|
||||
|
||||
# ---------------
|
||||
|
|
@ -40,6 +39,7 @@ module "service_principals" {
|
|||
for_each = var.environments
|
||||
source = "./modules/service-principal"
|
||||
name = "${each.value.team}-${each.value.env}-${local.suffix}-ci-sp"
|
||||
owners = local.application_owners_ids
|
||||
}
|
||||
|
||||
# ------------------------------
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@
|
|||
|
||||
resource "azuread_application" "app" {
|
||||
display_name = local.name
|
||||
owners = var.owners
|
||||
}
|
||||
|
||||
resource "azuread_application_password" "workspace_sp_secret" {
|
||||
|
|
|
|||
|
|
@ -23,6 +23,15 @@ variable "password_lifetime" {
|
|||
default = "4380h"
|
||||
}
|
||||
|
||||
variable "owners" {
|
||||
type = list(string)
|
||||
description = "A set of object IDs of principals that will be granted ownership of the application (service principal)."
|
||||
validation {
|
||||
condition = length(var.owners) > 0
|
||||
error_message = "Every Application must have an owner. Owners cannot be empty."
|
||||
}
|
||||
}
|
||||
|
||||
# Normalize Values
|
||||
# ----------------
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,12 @@ variable "superadmins_aad_object_id" {
|
|||
default = ""
|
||||
}
|
||||
|
||||
variable "application_owners_ids" {
|
||||
type = list(string)
|
||||
description = "A set of object IDs of principals that will be granted ownership of the application (service principal). Supported object types are users or service principals. It is best practice to specify one or more owners, incl. the principal used to execute Terraform"
|
||||
default = []
|
||||
}
|
||||
|
||||
# AAD Groups
|
||||
variable "groups" {
|
||||
type = map(string)
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче