Commit bd95a320 authored by Vivek Ojha's avatar Vivek Ojha
Browse files

made ad application optional

parent 085e93fe
Pipeline #60421 failed with stages
in 25 seconds
......@@ -18,6 +18,7 @@ data "azuread_service_principal" "main" {
}
resource "azuread_application" "main" {
count = var.enable_bring_your_own_ad_app ? 0 : 1
name = var.name
homepage = coalesce(var.homepage, local.homepage)
identifier_uris = local.identifier_uris
......@@ -59,14 +60,14 @@ resource "azuread_application" "main" {
}
resource "random_password" "main" {
count = var.password == "" ? 1 : 0
count = !var.enable_bring_your_own_ad_app && var.password == "" ? 1 : 0
length = 32
special = false
}
resource "azuread_application_password" "main" {
count = var.password != null ? 1 : 0
application_object_id = azuread_application.main.id
count = !var.enable_bring_your_own_ad_app && var.password != null ? 1 : 0
application_object_id = var.enable_bring_your_own_ad_app ? null : azuread_application.main[0].object_id
value = coalesce(var.password, random_password.main[0].result)
end_date = local.end_date
......
......@@ -13,23 +13,23 @@
// limitations under the License.
output "name" {
value = azuread_application.main.name
value = var.enable_bring_your_own_ad_app ? null : azuread_application.main[0].name
description = "The display name of the application."
}
output "id" {
value = azuread_application.main.application_id
value = var.enable_bring_your_own_ad_app ? null : azuread_application.main[0].application_id
description = "The ID of the application."
}
output "object_id" {
value = azuread_application.main.object_id
value = var.enable_bring_your_own_ad_app ? null : azuread_application.main[0].object_id
description = "The object ID of the application."
}
output "roles" {
value = {
for r in azuread_application.main.app_role :
value = var.enable_bring_your_own_ad_app ? null : {
for r in azuread_application.main[0].app_role :
r.display_name => {
id = r.id
name = r.display_name
......@@ -42,7 +42,7 @@ output "roles" {
}
output "password" {
value = azuread_application_password.main.0.value
value = var.enable_bring_your_own_ad_app ? null : azuread_application_password.main.0.value
sensitive = true
description = "The password for the application."
}
......@@ -53,7 +53,7 @@ func TestTemplate(t *testing.T) {
PlanAssertions: nil,
ExpectedResourceCount: count,
ExpectedResourceAttributeValues: infratests.ResourceDescription{
"module.ad-application.azuread_application.main": expectedResult,
"module.ad-application.azuread_application.main[0]": expectedResult,
},
}
......
......@@ -12,6 +12,12 @@
// See the License for the specific language governing permissions and
// limitations under the License.
variable "enable_bring_your_own_ad_app" {
description = "Feature flag for BYOA"
default = false
type = bool
}
variable "name" {
type = string
description = "The display name of the application"
......
......@@ -298,6 +298,7 @@ module "service_principal" {
appId = var.principal_appId
password = var.principal_password
}
}
......@@ -321,6 +322,8 @@ module "ad_application" {
]
}
]
enable_bring_your_own_ad_app = var.enable_bring_your_own_ad_app
}
......
......@@ -155,7 +155,7 @@ resource "azurerm_key_vault_secret" "principal_object_id" {
// Add Application Information to KV
resource "azurerm_key_vault_secret" "application_id" {
name = "aad-client-id"
value = module.ad_application.id
value = var.enable_bring_your_own_ad_app ? null : module.ad_application.id
key_vault_id = module.keyvault.keyvault_id
}
......
......@@ -40,6 +40,12 @@ variable "feature_flag" {
}
}
variable "enable_bring_your_own_ad_app" {
description = "Feature flag for BYOA"
default = false
type = bool
}
variable "randomization_level" {
description = "Number of additional random characters to include in resource names to insulate against unexpected resource name collisions."
type = number
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment