diff --git a/azuread_roles.tf b/azuread_roles.tf index 77d5ddeecc..53a77f8e66 100644 --- a/azuread_roles.tf +++ b/azuread_roles.tf @@ -3,7 +3,7 @@ module azuread_roles_applications { source = "./modules/azuread/roles" for_each = try(var.azuread_roles.azuread_apps, {}) - object_id = module.azuread_applications[each.key].azuread_service_principal.object_id + object_id = module.azuread_applications[each.key].azuread_service_principal.object_id azuread_roles = each.value.roles } @@ -11,6 +11,6 @@ module azuread_roles_msi { source = "./modules/azuread/roles" for_each = try(var.azuread_roles.managed_identities, {}) - object_id = module.managed_identities[each.key].principal_id + object_id = module.managed_identities[each.key].principal_id azuread_roles = each.value.roles } \ No newline at end of file diff --git a/modules/azuread/applications/keyvault_secrets.tf b/modules/azuread/applications/keyvault_secrets.tf index f057a44e52..d6ff59990f 100755 --- a/modules/azuread/applications/keyvault_secrets.tf +++ b/modules/azuread/applications/keyvault_secrets.tf @@ -15,11 +15,6 @@ # } # -locals { - keyvault_id = try(var.keyvaults[var.settings.keyvault.keyvault_key].id, "") -} - - data "terraform_remote_state" "keyvaults" { for_each = { for key, value in try(var.settings.keyvaults, {}) : key => value @@ -44,7 +39,7 @@ resource "azurerm_key_vault_secret" "client_id" { name = format("%s-client-id", each.value.secret_prefix) value = azuread_application.app.application_id - key_vault_id = try(data.terraform_remote_state.keyvaults[each.key].outputs[each.value.remote_tfstate.output_key][each.value.remote_tfstate.lz_key][each.key].id, local.keyvault_id) + key_vault_id = try(data.terraform_remote_state.keyvaults[each.key].outputs[each.value.remote_tfstate.output_key][each.value.remote_tfstate.lz_key][each.key].id, var.keyvaults[each.key].id) lifecycle { ignore_changes = [ @@ -55,10 +50,10 @@ resource "azurerm_key_vault_secret" "client_id" { } resource "azurerm_key_vault_secret" "client_secret" { - for_each = try(var.settings.keyvaults, {}) + for_each = try(var.settings.keyvaults, {}) name = format("%s-client-secret", each.value.secret_prefix) value = azuread_service_principal_password.app.value - key_vault_id = try(data.terraform_remote_state.keyvaults[each.key].outputs[each.value.remote_tfstate.output_key][each.value.remote_tfstate.lz_key][each.key].id, local.keyvault_id) + key_vault_id = try(data.terraform_remote_state.keyvaults[each.key].outputs[each.value.remote_tfstate.output_key][each.value.remote_tfstate.lz_key][each.key].id, var.keyvaults[each.key].id) expiration_date = timeadd(timestamp(), format("%sh", try(var.settings.password_expire_in_days, 180) * 24)) lifecycle { @@ -69,8 +64,8 @@ resource "azurerm_key_vault_secret" "client_secret" { } resource "azurerm_key_vault_secret" "tenant_id" { - for_each = try(var.settings.keyvaults, {}) + for_each = try(var.settings.keyvaults, {}) name = format("%s-tenant-id", each.value.secret_prefix) value = var.client_config.tenant_id - key_vault_id = try(data.terraform_remote_state.keyvaults[each.key].outputs[each.value.remote_tfstate.output_key][each.value.remote_tfstate.lz_key][each.key].id, local.keyvault_id) + key_vault_id = try(data.terraform_remote_state.keyvaults[each.key].outputs[each.value.remote_tfstate.output_key][each.value.remote_tfstate.lz_key][each.key].id, var.keyvaults[each.key].id) } diff --git a/modules/azuread/applications/output.tf b/modules/azuread/applications/output.tf index 779ba85ec6..14e448b041 100755 --- a/modules/azuread/applications/output.tf +++ b/modules/azuread/applications/output.tf @@ -22,7 +22,7 @@ output azuread_service_principal { sensitive = true } -output keyvault { +output keyvaults { value = { for key, value in try(var.settings.keyvaults, {}) : key => { id = azurerm_key_vault_secret.client_id[key].key_vault_id