feat(azuread-provider): upgrade to v2 #49

main.tf

@@ -27,6 +27,7 @@ resource "azuread_group" "groups" {
   for_each                = var.groups
   display_name            = "demo-${each.value}-${local.suffix}"
   prevent_duplicate_names = true
+  security_enabled        = true
 }
 
 # ------------------
@@ -205,4 +206,4 @@ module "service_connections" {
     module.arm_environments,
     module.service_principals
   ]
-}
+}

modules/service-principal/main.tf

@@ -2,22 +2,12 @@
 # ------------------
 # See https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals
 
-resource "random_password" "secret" {
-  length           = 30
-  special          = true
-  min_numeric      = 5
-  min_special      = 2
-  override_special = "-_%@?"
-}
-
 resource "azuread_application" "app" {
   display_name = local.name
 }
 
 resource "azuread_application_password" "workspace_sp_secret" {
   application_object_id = azuread_application.app.object_id
-  value                 = random_password.secret.result
-  end_date_relative     = var.password_lifetime
 }
 
 resource "azuread_service_principal" "sp" {

modules/service-principal/outputs.tf

@@ -7,11 +7,11 @@ output "aad_app" {
 }
 
 output "display_name" {
-	value = azuread_application.app.display_name
+  value = azuread_application.app.display_name
 }
 
 output "principal_id" {
-	value = azuread_service_principal.sp.id
+  value = azuread_service_principal.sp.id
 }
 
 output "client_id" {
@@ -20,7 +20,7 @@ output "client_id" {
 }
 
 output "client_secret" {
-  value       = random_password.secret.result
-  description = "Client Secret for Service Principal"
+  value       = azuread_application_password.workspace_sp_secret.value
+  description = "Client Secret for Service Principal to be imported into Key Vault"
   sensitive   = true
 }