made ad application optional

bd95a320 · Vivek Ojha · 085e93fe · bd95a320 · bd95a320 · bd95a320
Commit bd95a320 authored Aug 24, 2021 by Vivek Ojha
--- a/infra/modules/providers/azure/ad-application/main.tf
+++ b/infra/modules/providers/azure/ad-application/main.tf
@@ -18,6 +18,7 @@ data "azuread_service_principal" "main" {
 }

 resource "azuread_application" "main" {
+  count  = var.enable_bring_your_own_ad_app ? 0 : 1
  name                       = var.name
  homepage                   = coalesce(var.homepage, local.homepage)
  identifier_uris            = local.identifier_uris
@@ -59,14 +60,14 @@ resource "azuread_application" "main" {
 }

 resource "random_password" "main" {
-  count   = var.password == "" ? 1 : 0
+  count   = !var.enable_bring_your_own_ad_app && var.password == "" ? 1 : 0
  length  = 32
  special = false
 }

 resource "azuread_application_password" "main" {
-  count                 = var.password != null ? 1 : 0
-  application_object_id = azuread_application.main.id
+  count                 = !var.enable_bring_your_own_ad_app && var.password != null ? 1 : 0
+  application_object_id = var.enable_bring_your_own_ad_app ? null  : azuread_application.main[0].object_id

  value             = coalesce(var.password, random_password.main[0].result)
  end_date          = local.end_date

--- a/infra/modules/providers/azure/ad-application/output.tf
+++ b/infra/modules/providers/azure/ad-application/output.tf
@@ -13,23 +13,23 @@
 //  limitations under the License.

 output "name" {
-  value       = azuread_application.main.name
+  value       = var.enable_bring_your_own_ad_app ? null  : azuread_application.main[0].name
  description = "The display name of the application."
 }

 output "id" {
-  value       = azuread_application.main.application_id
+  value       = var.enable_bring_your_own_ad_app ? null  : azuread_application.main[0].application_id
  description = "The ID of the application."
 }

 output "object_id" {
-  value       = azuread_application.main.object_id
+  value       = var.enable_bring_your_own_ad_app ? null  : azuread_application.main[0].object_id
  description = "The object ID of the application."
 }

 output "roles" {
-  value = {
-    for r in azuread_application.main.app_role :
+  value = var.enable_bring_your_own_ad_app ? null  : {
+    for r in azuread_application.main[0].app_role :
    r.display_name => {
      id          = r.id
      name        = r.display_name
@@ -42,7 +42,7 @@ output "roles" {
 }

 output "password" {
-  value       = azuread_application_password.main.0.value
+  value       = var.enable_bring_your_own_ad_app ? null  : azuread_application_password.main.0.value
  sensitive   = true
  description = "The password for the application."
 }
--- a/infra/modules/providers/azure/ad-application/sample/unit_test.go
+++ b/infra/modules/providers/azure/ad-application/sample/unit_test.go
@@ -53,7 +53,7 @@ func TestTemplate(t *testing.T) {
 		PlanAssertions:        nil,
 		ExpectedResourceCount: count,
 		ExpectedResourceAttributeValues: infratests.ResourceDescription{
-			"module.ad-application.azuread_application.main": expectedResult,
+			"module.ad-application.azuread_application.main[0]": expectedResult,
 		},
 	}


--- a/infra/modules/providers/azure/ad-application/variables.tf
+++ b/infra/modules/providers/azure/ad-application/variables.tf
@@ -12,6 +12,12 @@
 //  See the License for the specific language governing permissions and
 //  limitations under the License.

+variable "enable_bring_your_own_ad_app" {
+  description = "Feature flag for BYOA"
+  default     = false
+  type        = bool
+}
+
 variable "name" {
  type        = string
  description = "The display name of the application"

--- a/infra/templates/osdu-r3-mvp/central_resources/main.tf
+++ b/infra/templates/osdu-r3-mvp/central_resources/main.tf
@@ -298,6 +298,7 @@ module "service_principal" {
    appId    = var.principal_appId
    password = var.principal_password
  }
+
 }


@@ -321,6 +322,8 @@ module "ad_application" {
      ]
    }
  ]
+
+  enable_bring_your_own_ad_app = var.enable_bring_your_own_ad_app
 }



--- a/infra/templates/osdu-r3-mvp/central_resources/secrets.tf
+++ b/infra/templates/osdu-r3-mvp/central_resources/secrets.tf
@@ -155,7 +155,7 @@ resource "azurerm_key_vault_secret" "principal_object_id" {
 // Add Application Information to KV
 resource "azurerm_key_vault_secret" "application_id" {
  name         = "aad-client-id"
-  value        = module.ad_application.id
+  value        = var.enable_bring_your_own_ad_app ? null : module.ad_application.id
  key_vault_id = module.keyvault.keyvault_id
 }


--- a/infra/templates/osdu-r3-mvp/central_resources/variables.tf
+++ b/infra/templates/osdu-r3-mvp/central_resources/variables.tf
@@ -40,6 +40,12 @@ variable "feature_flag" {
  }
 }

+variable "enable_bring_your_own_ad_app" {
+  description = "Feature flag for BYOA"
+  default     = false
+  type        = bool
+}
+
 variable "randomization_level" {
  description = "Number of additional random characters to include in resource names to insulate against unexpected resource name collisions."
  type        = number